{"id":"https://openalex.org/W4387871062","doi":"https://doi.org/10.1109/icc45041.2023.10278636","title":"Devils in the Clouds: An Evolutionary Study of Telnet Bot Loaders","display_name":"Devils in the Clouds: An Evolutionary Study of Telnet Bot Loaders","publication_year":2023,"publication_date":"2023-05-28","ids":{"openalex":"https://openalex.org/W4387871062","doi":"https://doi.org/10.1109/icc45041.2023.10278636"},"language":"en","primary_location":{"id":"doi:10.1109/icc45041.2023.10278636","is_oa":false,"landing_page_url":"http://dx.doi.org/10.1109/icc45041.2023.10278636","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ICC 2023 - IEEE International Conference on Communications","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5113986332","display_name":"Yuhui Zhu","orcid":null},"institutions":[{"id":"https://openalex.org/I34949971","display_name":"University of Jinan","ror":"https://ror.org/02mjz6f26","country_code":"CN","type":"education","lineage":["https://openalex.org/I34949971"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Yuhui Zhu","raw_affiliation_strings":["University of Jinan,Shandong Provincial Key Laboratory of Network Based Intelligent Computing,China","Shandong Provincial Key Laboratory of Network Based Intelligent Computing, University of Jinan, China","School of Information Science and Engineering, University of Jinan, China"],"affiliations":[{"raw_affiliation_string":"University of Jinan,Shandong Provincial Key Laboratory of Network Based Intelligent Computing,China","institution_ids":["https://openalex.org/I34949971"]},{"raw_affiliation_string":"Shandong Provincial Key Laboratory of Network Based Intelligent Computing, University of Jinan, China","institution_ids":["https://openalex.org/I34949971"]},{"raw_affiliation_string":"School of Information Science and Engineering, University of Jinan, China","institution_ids":["https://openalex.org/I34949971"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5044246017","display_name":"Zhenxiang Chen","orcid":"https://orcid.org/0000-0001-9730-768X"},"institutions":[{"id":"https://openalex.org/I34949971","display_name":"University of Jinan","ror":"https://ror.org/02mjz6f26","country_code":"CN","type":"education","lineage":["https://openalex.org/I34949971"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Zhenxiang Chen","raw_affiliation_strings":["University of Jinan,Shandong Provincial Key Laboratory of Network Based Intelligent Computing,China","School of Information Science and Engineering, University of Jinan, China","Shandong Provincial Key Laboratory of Network Based Intelligent Computing, University of Jinan, China"],"affiliations":[{"raw_affiliation_string":"University of Jinan,Shandong Provincial Key Laboratory of Network Based Intelligent Computing,China","institution_ids":["https://openalex.org/I34949971"]},{"raw_affiliation_string":"School of Information Science and Engineering, University of Jinan, China","institution_ids":["https://openalex.org/I34949971"]},{"raw_affiliation_string":"Shandong Provincial Key Laboratory of Network Based Intelligent Computing, University of Jinan, China","institution_ids":["https://openalex.org/I34949971"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5084076598","display_name":"Qiben Yan","orcid":"https://orcid.org/0000-0003-0551-2163"},"institutions":[{"id":"https://openalex.org/I87216513","display_name":"Michigan State University","ror":"https://ror.org/05hs6h993","country_code":"US","type":"education","lineage":["https://openalex.org/I87216513"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Qiben Yan","raw_affiliation_strings":["Michigan State University,Department of Computer Science and Engineering,USA","Department of Computer Science and Engineering, Michigan State University, USA"],"affiliations":[{"raw_affiliation_string":"Michigan State University,Department of Computer Science and Engineering,USA","institution_ids":["https://openalex.org/I87216513"]},{"raw_affiliation_string":"Department of Computer Science and Engineering, Michigan State University, USA","institution_ids":["https://openalex.org/I87216513"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100406235","display_name":"Shanshan Wang","orcid":"https://orcid.org/0000-0001-9530-6958"},"institutions":[{"id":"https://openalex.org/I34949971","display_name":"University of Jinan","ror":"https://ror.org/02mjz6f26","country_code":"CN","type":"education","lineage":["https://openalex.org/I34949971"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Shanshan Wang","raw_affiliation_strings":["University of Jinan,Shandong Provincial Key Laboratory of Network Based Intelligent Computing,China","School of Information Science and Engineering, University of Jinan, China","Shandong Provincial Key Laboratory of Network Based Intelligent Computing, University of Jinan, China"],"affiliations":[{"raw_affiliation_string":"University of Jinan,Shandong Provincial Key Laboratory of Network Based Intelligent Computing,China","institution_ids":["https://openalex.org/I34949971"]},{"raw_affiliation_string":"School of Information Science and Engineering, University of Jinan, China","institution_ids":["https://openalex.org/I34949971"]},{"raw_affiliation_string":"Shandong Provincial Key Laboratory of Network Based Intelligent Computing, University of Jinan, China","institution_ids":["https://openalex.org/I34949971"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5004767362","display_name":"Alberto Giaretta","orcid":"https://orcid.org/0000-0001-9293-7711"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Alberto Giaretta","raw_affiliation_strings":["&#x00D6;rebro University,AASS MPI Lab,Sweden"],"affiliations":[{"raw_affiliation_string":"&#x00D6;rebro University,AASS MPI Lab,Sweden","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5064798255","display_name":"Enlong Li","orcid":null},"institutions":[{"id":"https://openalex.org/I34949971","display_name":"University of Jinan","ror":"https://ror.org/02mjz6f26","country_code":"CN","type":"education","lineage":["https://openalex.org/I34949971"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Enlong Li","raw_affiliation_strings":["University of Jinan,Shandong Provincial Key Laboratory of Network Based Intelligent Computing,China","School of Information Science and Engineering, University of Jinan, China","Shandong Provincial Key Laboratory of Network Based Intelligent Computing, University of Jinan, China"],"affiliations":[{"raw_affiliation_string":"University of Jinan,Shandong Provincial Key Laboratory of Network Based Intelligent Computing,China","institution_ids":["https://openalex.org/I34949971"]},{"raw_affiliation_string":"School of Information Science and Engineering, University of Jinan, China","institution_ids":["https://openalex.org/I34949971"]},{"raw_affiliation_string":"Shandong Provincial Key Laboratory of Network Based Intelligent Computing, University of Jinan, China","institution_ids":["https://openalex.org/I34949971"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5001075168","display_name":"Lizhi Peng","orcid":"https://orcid.org/0000-0002-6009-522X"},"institutions":[{"id":"https://openalex.org/I34949971","display_name":"University of Jinan","ror":"https://ror.org/02mjz6f26","country_code":"CN","type":"education","lineage":["https://openalex.org/I34949971"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Lizhi Peng","raw_affiliation_strings":["University of Jinan,Shandong Provincial Key Laboratory of Network Based Intelligent Computing,China","Shandong Provincial Key Laboratory of Network Based Intelligent Computing, University of Jinan, China","School of Information Science and Engineering, University of Jinan, China"],"affiliations":[{"raw_affiliation_string":"University of Jinan,Shandong Provincial Key Laboratory of Network Based Intelligent Computing,China","institution_ids":["https://openalex.org/I34949971"]},{"raw_affiliation_string":"Shandong Provincial Key Laboratory of Network Based Intelligent Computing, University of Jinan, China","institution_ids":["https://openalex.org/I34949971"]},{"raw_affiliation_string":"School of Information Science and Engineering, University of Jinan, China","institution_ids":["https://openalex.org/I34949971"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5046268649","display_name":"Chuan Zhao","orcid":"https://orcid.org/0000-0001-7007-5946"},"institutions":[{"id":"https://openalex.org/I34949971","display_name":"University of Jinan","ror":"https://ror.org/02mjz6f26","country_code":"CN","type":"education","lineage":["https://openalex.org/I34949971"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Chuan Zhao","raw_affiliation_strings":["University of Jinan,Shandong Provincial Key Laboratory of Network Based Intelligent Computing,China","School of Information Science and Engineering, University of Jinan, China","Shandong Provincial Key Laboratory of Network Based Intelligent Computing, University of Jinan, China"],"affiliations":[{"raw_affiliation_string":"University of Jinan,Shandong Provincial Key Laboratory of Network Based Intelligent Computing,China","institution_ids":["https://openalex.org/I34949971"]},{"raw_affiliation_string":"School of Information Science and Engineering, University of Jinan, China","institution_ids":["https://openalex.org/I34949971"]},{"raw_affiliation_string":"Shandong Provincial Key Laboratory of Network Based Intelligent Computing, University of Jinan, China","institution_ids":["https://openalex.org/I34949971"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5063847107","display_name":"Mauro Conti","orcid":"https://orcid.org/0000-0002-3612-1934"},"institutions":[{"id":"https://openalex.org/I138689650","display_name":"University of Padua","ror":"https://ror.org/00240q980","country_code":"IT","type":"education","lineage":["https://openalex.org/I138689650"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Mauro Conti","raw_affiliation_strings":["University of Padua,Department of Mathematics,Italy","Department of Mathematics, University of Padua, Italy"],"affiliations":[{"raw_affiliation_string":"University of Padua,Department of Mathematics,Italy","institution_ids":["https://openalex.org/I138689650"]},{"raw_affiliation_string":"Department of Mathematics, University of Padua, Italy","institution_ids":["https://openalex.org/I138689650"]}]}],"institutions":[],"countries_distinct_count":3,"institutions_distinct_count":9,"corresponding_author_ids":["https://openalex.org/A5113986332"],"corresponding_institution_ids":["https://openalex.org/I34949971"],"apc_list":null,"apc_paid":null,"fwci":0.2033,"has_fulltext":false,"cited_by_count":1,"citation_normalized_percentile":{"value":0.46110033,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":94},"biblio":{"volume":null,"issue":null,"first_page":"2338","last_page":"2344"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9934999942779541,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9934999942779541,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12162","display_name":"Cellular Automata and Applications","score":0.9848999977111816,"subfield":{"id":"https://openalex.org/subfields/1703","display_name":"Computational Theory and Mathematics"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12391","display_name":"Artificial Immune Systems Applications","score":0.9840999841690063,"subfield":{"id":"https://openalex.org/subfields/2204","display_name":"Biomedical Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/telnet","display_name":"Telnet","score":0.9340604543685913},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.49841976165771484},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.24986976385116577},{"id":"https://openalex.org/keywords/file-transfer-protocol","display_name":"File Transfer Protocol","score":0.10191148519515991},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.06613922119140625}],"concepts":[{"id":"https://openalex.org/C2776538122","wikidata":"https://www.wikidata.org/wiki/Q160470","display_name":"Telnet","level":4,"score":0.9340604543685913},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.49841976165771484},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.24986976385116577},{"id":"https://openalex.org/C169485995","wikidata":"https://www.wikidata.org/wiki/Q42283","display_name":"File Transfer Protocol","level":3,"score":0.10191148519515991},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.06613922119140625}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/icc45041.2023.10278636","is_oa":false,"landing_page_url":"http://dx.doi.org/10.1109/icc45041.2023.10278636","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ICC 2023 - IEEE International Conference on Communications","raw_type":"proceedings-article"},{"id":"pmh:oai:www.research.unipd.it:11577/3506525","is_oa":false,"landing_page_url":"https://hdl.handle.net/11577/3506525","pdf_url":null,"source":{"id":"https://openalex.org/S4377196283","display_name":"Research Padua  Archive (University of Padua)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I138689650","host_organization_name":"University of Padua","host_organization_lineage":["https://openalex.org/I138689650"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"info:eu-repo/semantics/conferenceObject"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/17","display_name":"Partnerships for the goals","score":0.4000000059604645}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":20,"referenced_works":["https://openalex.org/W1669806660","https://openalex.org/W2016381774","https://openalex.org/W2087064593","https://openalex.org/W2121972959","https://openalex.org/W2947969447","https://openalex.org/W2951384144","https://openalex.org/W2998420555","https://openalex.org/W3011282767","https://openalex.org/W3045898733","https://openalex.org/W3113371616","https://openalex.org/W3134731862","https://openalex.org/W3157039573","https://openalex.org/W3158305201","https://openalex.org/W3159521830","https://openalex.org/W3187445342","https://openalex.org/W4226354596","https://openalex.org/W6637397297","https://openalex.org/W6767208688","https://openalex.org/W6794840795","https://openalex.org/W6795040997"],"related_works":["https://openalex.org/W2748952813","https://openalex.org/W3130325379","https://openalex.org/W2305179110","https://openalex.org/W1862934612","https://openalex.org/W4206308447","https://openalex.org/W2474732902","https://openalex.org/W1646536569","https://openalex.org/W2969718820","https://openalex.org/W92995614","https://openalex.org/W2292051392"],"abstract_inverted_index":{"One":[0],"of":[1,14,95,132],"the":[2,12,36,58,67,93,101,109,118,129,145,149,157,162],"innovations":[3],"brought":[4],"by":[5],"Mirai":[6,133],"and":[7,21,32,61,87,112,120,136,148,168],"its":[8],"derived":[9],"malware":[10],"is":[11,134],"adoption":[13],"self-contained":[15],"loaders":[16,38,59,111,159],"for":[17,49,56],"infecting":[18],"IoT":[19],"devices":[20],"recruiting":[22],"them":[23],"in":[24,35,73,76],"botnets.":[25],"Functionally":[26],"decoupled":[27],"from":[28,100],"other":[29],"botnet":[30],"components":[31],"not":[33],"embedded":[34],"payload,":[37],"cannot":[39],"be":[40],"analysed":[41],"using":[42],"conventional":[43],"approaches":[44,53],"that":[45,128],"rely":[46],"on":[47,144,156],"honeypots":[48],"capturing":[50],"samples.":[51],"Different":[52],"are":[54],"necessary":[55],"studying":[57],"evolution":[60],"defining":[62],"a":[63,81,122],"genealogy.":[64],"To":[65],"address":[66],"insufficient":[68],"knowledge":[69],"about":[70],"loaders'":[71],"lineage":[72],"existing":[74],"studies,":[75],"this":[77],"paper,":[78],"we":[79,107],"propose":[80],"semantic-aware":[82],"method":[83],"to":[84,116,165],"measure,":[85],"categorize,":[86],"compare":[88],"different":[89],"loader":[90],"servers,":[91],"with":[92,140],"goal":[94],"highlighting":[96],"their":[97],"evolution,":[98],"independent":[99],"payload":[102],"evolution.":[103],"Leveraging":[104],"behavior-based":[105],"metrics,":[106],"cluster":[108],"discovered":[110],"define":[113],"eight":[114],"families":[115],"determine":[117],"genealogy":[119],"draw":[121],"homology":[123],"map.":[124],"Our":[125],"study":[126],"shows":[127],"source":[130],"code":[131],"evolving":[135],"spawning":[137],"new":[138,141],"botnets":[139],"capabilities,":[142],"both":[143],"client":[146],"side":[147],"server":[150],"side.":[151],"In":[152],"turn,":[153],"shedding":[154],"light":[155],"infection":[158],"can":[160],"help":[161],"cybersecurity":[163],"community":[164],"improve":[166],"detection":[167],"prevention":[169],"tools.":[170]},"counts_by_year":[{"year":2024,"cited_by_count":1}],"updated_date":"2025-12-25T23:11:45.687758","created_date":"2025-10-10T00:00:00"}