{"id":"https://openalex.org/W2130365590","doi":"https://doi.org/10.1145/1966913.1966938","title":"WebPatrol","display_name":"WebPatrol","publication_year":2011,"publication_date":"2011-03-22","ids":{"openalex":"https://openalex.org/W2130365590","doi":"https://doi.org/10.1145/1966913.1966938","mag":"2130365590"},"language":"en","primary_location":{"id":"doi:10.1145/1966913.1966938","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1966913.1966938","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5025656093","display_name":"Kevin Zhijie Chen","orcid":null},"institutions":[{"id":"https://openalex.org/I95457486","display_name":"University of California, Berkeley","ror":"https://ror.org/01an7q238","country_code":"US","type":"education","lineage":["https://openalex.org/I95457486"]},{"id":"https://openalex.org/I20231570","display_name":"Peking University","ror":"https://ror.org/02v51f717","country_code":"CN","type":"education","lineage":["https://openalex.org/I20231570"]}],"countries":["CN","US"],"is_corresponding":true,"raw_author_name":"Kevin Zhijie Chen","raw_affiliation_strings":["Peking University and UC Berkeley"],"affiliations":[{"raw_affiliation_string":"Peking University and UC Berkeley","institution_ids":["https://openalex.org/I20231570","https://openalex.org/I95457486"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5058852421","display_name":"Guofei Gu","orcid":"https://orcid.org/0000-0003-0630-741X"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Guofei Gu","raw_affiliation_strings":["Texas A&amp;M University"],"affiliations":[{"raw_affiliation_string":"Texas A&amp;M University","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5112309175","display_name":"Jianwei Zhuge","orcid":null},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Jianwei Zhuge","raw_affiliation_strings":["Tsinghua University"],"affiliations":[{"raw_affiliation_string":"Tsinghua University","institution_ids":["https://openalex.org/I99065089"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5051000370","display_name":"Jose Nazario","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Jose Nazario","raw_affiliation_strings":["Arbor Networks","Arbor Networks,"],"affiliations":[{"raw_affiliation_string":"Arbor Networks","institution_ids":[]},{"raw_affiliation_string":"Arbor Networks,","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5102438645","display_name":"Xinhui Han","orcid":null},"institutions":[{"id":"https://openalex.org/I20231570","display_name":"Peking University","ror":"https://ror.org/02v51f717","country_code":"CN","type":"education","lineage":["https://openalex.org/I20231570"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Xinhui Han","raw_affiliation_strings":["Peking University"],"affiliations":[{"raw_affiliation_string":"Peking University","institution_ids":["https://openalex.org/I20231570"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5025656093"],"corresponding_institution_ids":["https://openalex.org/I20231570","https://openalex.org/I95457486"],"apc_list":null,"apc_paid":null,"fwci":7.3516,"has_fulltext":false,"cited_by_count":32,"citation_normalized_percentile":{"value":0.97411272,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"186","last_page":"195"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8126568794250488},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.7976844310760498},{"id":"https://openalex.org/keywords/honeypot","display_name":"Honeypot","score":0.6855738162994385},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.6247548460960388},{"id":"https://openalex.org/keywords/web-server","display_name":"Web server","score":0.5014090538024902},{"id":"https://openalex.org/keywords/malware-analysis","display_name":"Malware analysis","score":0.47554680705070496},{"id":"https://openalex.org/keywords/web-application","display_name":"Web application","score":0.44374847412109375},{"id":"https://openalex.org/keywords/population","display_name":"Population","score":0.43952345848083496},{"id":"https://openalex.org/keywords/web-service","display_name":"Web service","score":0.4276224374771118},{"id":"https://openalex.org/keywords/web-navigation","display_name":"Web navigation","score":0.42476892471313477},{"id":"https://openalex.org/keywords/web-api","display_name":"Web API","score":0.41614097356796265},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.34742945432662964},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.28691771626472473}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8126568794250488},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.7976844310760498},{"id":"https://openalex.org/C191267431","wikidata":"https://www.wikidata.org/wiki/Q911932","display_name":"Honeypot","level":2,"score":0.6855738162994385},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.6247548460960388},{"id":"https://openalex.org/C11392498","wikidata":"https://www.wikidata.org/wiki/Q11288","display_name":"Web server","level":3,"score":0.5014090538024902},{"id":"https://openalex.org/C2779395397","wikidata":"https://www.wikidata.org/wiki/Q15731404","display_name":"Malware analysis","level":3,"score":0.47554680705070496},{"id":"https://openalex.org/C118643609","wikidata":"https://www.wikidata.org/wiki/Q189210","display_name":"Web application","level":2,"score":0.44374847412109375},{"id":"https://openalex.org/C2908647359","wikidata":"https://www.wikidata.org/wiki/Q2625603","display_name":"Population","level":2,"score":0.43952345848083496},{"id":"https://openalex.org/C35578498","wikidata":"https://www.wikidata.org/wiki/Q193424","display_name":"Web service","level":2,"score":0.4276224374771118},{"id":"https://openalex.org/C61096286","wikidata":"https://www.wikidata.org/wiki/Q7978592","display_name":"Web navigation","level":3,"score":0.42476892471313477},{"id":"https://openalex.org/C127613066","wikidata":"https://www.wikidata.org/wiki/Q557770","display_name":"Web API","level":4,"score":0.41614097356796265},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.34742945432662964},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.28691771626472473},{"id":"https://openalex.org/C149923435","wikidata":"https://www.wikidata.org/wiki/Q37732","display_name":"Demography","level":1,"score":0.0},{"id":"https://openalex.org/C144024400","wikidata":"https://www.wikidata.org/wiki/Q21201","display_name":"Sociology","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/1966913.1966938","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1966913.1966938","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"},{"id":"https://openalex.org/F4320336024","display_name":"Specialized Research Fund for the Doctoral Program of Higher Education of China","ror":null}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":16,"referenced_works":["https://openalex.org/W40177048","https://openalex.org/W1491237615","https://openalex.org/W1522996108","https://openalex.org/W1539919337","https://openalex.org/W1575663745","https://openalex.org/W1769672943","https://openalex.org/W1873122431","https://openalex.org/W1970867218","https://openalex.org/W2014742088","https://openalex.org/W2059844671","https://openalex.org/W2095610745","https://openalex.org/W2914797477","https://openalex.org/W2914982603","https://openalex.org/W4285719527","https://openalex.org/W6601628813","https://openalex.org/W6674628898"],"related_works":["https://openalex.org/W1468438670","https://openalex.org/W3199575202","https://openalex.org/W3082873802","https://openalex.org/W43013318","https://openalex.org/W4361214649","https://openalex.org/W2564597057","https://openalex.org/W4387028430","https://openalex.org/W1987163834","https://openalex.org/W4385695492","https://openalex.org/W4383466499"],"abstract_inverted_index":{"Traditional":[0],"remote-server-exploiting":[1],"malware":[2,36,50,115,205],"is":[3,60,104],"quickly":[4],"evolving":[5],"and":[6,23,43,52,66,70,88,191,215],"adapting":[7],"to":[8,62,82,111,122],"the":[9,16,25,40,84,96,128,132,148,160,201],"new":[10,64],"web-centric":[11],"computing":[12],"paradigm.":[13],"By":[14],"leveraging":[15],"large":[17,212],"population":[18],"of":[19,39,94,203],"(insecure)":[20],"web":[21,90,119,163,222],"sites":[22],"exploiting":[24],"vulnerabilities":[26],"at":[27,99],"client-side":[28],"modern":[29],"(complex)":[30],"browsers":[31],"(and":[32],"their":[33],"extensions),":[34],"web-based":[35,72,79,114,204],"becomes":[37],"one":[38],"most":[41],"severe":[42],"common":[44],"infection":[45,91,120,150,181],"vectors":[46],"nowadays.":[47],"While":[48],"traditional":[49],"collection":[51],"analysis":[53,202],"are":[54,165],"mainly":[55],"focusing":[56],"on":[57,127,153,200],"binaries,":[58],"it":[59],"important":[61],"develop":[63],"techniques":[65],"tools":[67],"for":[68,134],"collecting":[69],"analyzing":[71],"malware,":[73],"which":[74,218],"should":[75],"include":[76],"a":[77,105,211],"complete":[78,118,180],"malicious":[80,162],"logic":[81],"reflect":[83],"dynamic,":[85],"distributed,":[86],"multi-step,":[87],"multi-path":[89],"trails,":[92],"instead":[93],"just":[95],"binaries":[97],"executed":[98],"end":[100,140],"hosts.":[101],"This":[102],"paper":[103],"first":[106],"attempt":[107],"in":[108],"this":[109],"direction":[110],"automatically":[112],"collect":[113],"scenarios":[116,206],"(including":[117],"trails)":[121],"enable":[123],"fine-grained":[124],"analysis.":[125],"Based":[126],"collections,":[129],"we":[130,207],"provide":[131,196],"capability":[133],"offline":[135],"\"live\"":[136],"replay,":[137],"i.e.,":[138],"an":[139,143],"user":[141],"(e.g.,":[142],"analyst)":[144],"can":[145,176],"faithfully":[146],"experience":[147],"original":[149,161],"trail":[151],"based":[152],"her":[154],"current":[155],"client":[156],"environment,":[157],"even":[158],"when":[159],"pages":[164],"not":[166],"available":[167],"or":[168],"already":[169],"cleaned.":[170],"Our":[171],"evaluation":[172],"shows":[173],"that":[174],"WebPatrol":[175],"collect/cover":[177],"much":[178],"more":[179],"trails":[182],"than":[183],"state-of-the-art":[184],"honeypot":[185],"systems":[186],"such":[187],"as":[188],"PHoneyC":[189],"[11]":[190],"Capture-HPC":[192],"[1].":[193],"We":[194],"also":[195],"several":[197],"case":[198],"studies":[199],"have":[208],"collected":[209],"from":[210],"national":[213],"education":[214],"research":[216],"network,":[217],"contains":[219],"around":[220],"35,000":[221],"sites.":[223]},"counts_by_year":[{"year":2020,"cited_by_count":1},{"year":2018,"cited_by_count":1},{"year":2017,"cited_by_count":1},{"year":2016,"cited_by_count":5},{"year":2015,"cited_by_count":3},{"year":2014,"cited_by_count":9},{"year":2013,"cited_by_count":7},{"year":2012,"cited_by_count":4}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2016-06-24T00:00:00"}