{"id":"https://openalex.org/W2092756033","doi":"https://doi.org/10.1145/1978672.1978682","title":"Sandnet","display_name":"Sandnet","publication_year":2011,"publication_date":"2011-04-10","ids":{"openalex":"https://openalex.org/W2092756033","doi":"https://doi.org/10.1145/1978672.1978682","mag":"2092756033"},"language":"en","primary_location":{"id":"doi:10.1145/1978672.1978682","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1978672.1978682","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the First Workshop on Building Analysis Datasets and Gathering Experience Returns for Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5033589837","display_name":"Christian Rossow","orcid":"https://orcid.org/0000-0003-2470-8444"},"institutions":[{"id":"https://openalex.org/I865915315","display_name":"Vrije Universiteit Amsterdam","ror":"https://ror.org/008xxew50","country_code":"NL","type":"education","lineage":["https://openalex.org/I865915315"]},{"id":"https://openalex.org/I4210122778","display_name":"University of Applied Sciences for Public Administration and Management","ror":"https://ror.org/02qbcmz19","country_code":"DE","type":"education","lineage":["https://openalex.org/I4210122778"]}],"countries":["DE","NL"],"is_corresponding":true,"raw_author_name":"Christian Rossow","raw_affiliation_strings":["University of Applied Sciences Gelsenkirchen, Germany and VU University Amsterdam, The Netherlands","University of Applied Sciences Gelsenkirchen, Germany and VU University Amsterdam, The Netherlands#TAB#"],"affiliations":[{"raw_affiliation_string":"University of Applied Sciences Gelsenkirchen, Germany and VU University Amsterdam, The Netherlands","institution_ids":["https://openalex.org/I4210122778"]},{"raw_affiliation_string":"University of Applied Sciences Gelsenkirchen, Germany and VU University Amsterdam, The Netherlands#TAB#","institution_ids":["https://openalex.org/I865915315"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5066046654","display_name":"Christian Dietrich","orcid":"https://orcid.org/0000-0001-9258-0513"},"institutions":[{"id":"https://openalex.org/I4210122778","display_name":"University of Applied Sciences for Public Administration and Management","ror":"https://ror.org/02qbcmz19","country_code":"DE","type":"education","lineage":["https://openalex.org/I4210122778"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Christian J. Dietrich","raw_affiliation_strings":["University of Applied Sciences Gelsenkirchen, Germany and University of Erlangen, Germany"],"affiliations":[{"raw_affiliation_string":"University of Applied Sciences Gelsenkirchen, Germany and University of Erlangen, Germany","institution_ids":["https://openalex.org/I4210122778"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5029566823","display_name":"Herbert Bos","orcid":"https://orcid.org/0000-0001-6179-1510"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Herbert Bos","raw_affiliation_strings":["VU University Amsterdam, The Netherlands","VU University, Amsterdam, The Netherlands"],"affiliations":[{"raw_affiliation_string":"VU University Amsterdam, The Netherlands","institution_ids":[]},{"raw_affiliation_string":"VU University, Amsterdam, The Netherlands","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5036908366","display_name":"Lorenzo Cavallaro","orcid":"https://orcid.org/0000-0002-3878-2680"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Lorenzo Cavallaro","raw_affiliation_strings":["VU University Amsterdam, The Netherlands","VU University, Amsterdam, The Netherlands"],"affiliations":[{"raw_affiliation_string":"VU University Amsterdam, The Netherlands","institution_ids":[]},{"raw_affiliation_string":"VU University, Amsterdam, The Netherlands","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5027678871","display_name":"Maarten van Steen","orcid":"https://orcid.org/0000-0002-5113-2746"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Maarten van Steen","raw_affiliation_strings":["VU University Amsterdam, The Netherlands","VU University, Amsterdam, The Netherlands"],"affiliations":[{"raw_affiliation_string":"VU University Amsterdam, The Netherlands","institution_ids":[]},{"raw_affiliation_string":"VU University, Amsterdam, The Netherlands","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5035871932","display_name":"Felix Freiling","orcid":"https://orcid.org/0000-0002-8279-8401"},"institutions":[{"id":"https://openalex.org/I181369854","display_name":"Friedrich-Alexander-Universit\u00e4t Erlangen-N\u00fcrnberg","ror":"https://ror.org/00f7hpc57","country_code":"DE","type":"education","lineage":["https://openalex.org/I181369854"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Felix C. Freiling","raw_affiliation_strings":["University of Erlangen, Germany","University of Erlangen, Germany#TAB#"],"affiliations":[{"raw_affiliation_string":"University of Erlangen, Germany","institution_ids":["https://openalex.org/I181369854"]},{"raw_affiliation_string":"University of Erlangen, Germany#TAB#","institution_ids":["https://openalex.org/I181369854"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5066084830","display_name":"Norbert Pohlmann","orcid":"https://orcid.org/0009-0007-6221-7327"},"institutions":[{"id":"https://openalex.org/I4210122778","display_name":"University of Applied Sciences for Public Administration and Management","ror":"https://ror.org/02qbcmz19","country_code":"DE","type":"education","lineage":["https://openalex.org/I4210122778"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Norbert Pohlmann","raw_affiliation_strings":["University of Applied Sciences Gelsenkirchen, Germany"],"affiliations":[{"raw_affiliation_string":"University of Applied Sciences Gelsenkirchen, Germany","institution_ids":["https://openalex.org/I4210122778"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":7,"corresponding_author_ids":["https://openalex.org/A5033589837"],"corresponding_institution_ids":["https://openalex.org/I4210122778","https://openalex.org/I865915315"],"apc_list":null,"apc_paid":null,"fwci":10.2848,"has_fulltext":false,"cited_by_count":72,"citation_normalized_percentile":{"value":0.98862745,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"78","last_page":"88"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9975000023841858,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.9689514636993408},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8120615482330322},{"id":"https://openalex.org/keywords/malware-analysis","display_name":"Malware analysis","score":0.7808282375335693},{"id":"https://openalex.org/keywords/focus","display_name":"Focus (optics)","score":0.5626632571220398},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4880179464817047},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.4629771113395691},{"id":"https://openalex.org/keywords/network-security","display_name":"Network security","score":0.4239368140697479},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.3667186498641968},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.32165244221687317},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.13226953148841858}],"concepts":[{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.9689514636993408},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8120615482330322},{"id":"https://openalex.org/C2779395397","wikidata":"https://www.wikidata.org/wiki/Q15731404","display_name":"Malware analysis","level":3,"score":0.7808282375335693},{"id":"https://openalex.org/C192209626","wikidata":"https://www.wikidata.org/wiki/Q190909","display_name":"Focus (optics)","level":2,"score":0.5626632571220398},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4880179464817047},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.4629771113395691},{"id":"https://openalex.org/C182590292","wikidata":"https://www.wikidata.org/wiki/Q989632","display_name":"Network security","level":2,"score":0.4239368140697479},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.3667186498641968},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.32165244221687317},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.13226953148841858},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0},{"id":"https://openalex.org/C120665830","wikidata":"https://www.wikidata.org/wiki/Q14620","display_name":"Optics","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/1978672.1978682","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1978672.1978682","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the First Workshop on Building Analysis Datasets and Gathering Experience Returns for Security","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":14,"referenced_works":["https://openalex.org/W47988595","https://openalex.org/W80155331","https://openalex.org/W1503224444","https://openalex.org/W1827212170","https://openalex.org/W1851403712","https://openalex.org/W1873122431","https://openalex.org/W1910686388","https://openalex.org/W2065339563","https://openalex.org/W2100307718","https://openalex.org/W2111038628","https://openalex.org/W2153156723","https://openalex.org/W6629915129","https://openalex.org/W6639864006","https://openalex.org/W6666744930"],"related_works":["https://openalex.org/W2469507153","https://openalex.org/W2008790809","https://openalex.org/W2768892939","https://openalex.org/W3164408430","https://openalex.org/W4285507391","https://openalex.org/W2397240470","https://openalex.org/W2602767565","https://openalex.org/W170652726","https://openalex.org/W2883822334","https://openalex.org/W2134874482"],"abstract_inverted_index":{"Dynamic":[0],"analysis":[1,28,64,80,96],"of":[2,12,23,40,50,65,97,118],"malware":[3,24,41,52,69,106],"is":[4],"widely":[5],"used":[6],"to":[7,30,112],"obtain":[8],"a":[9,31,47],"better":[10],"understanding":[11],"unknown":[13],"software.":[14],"While":[15],"existing":[16,86],"systems":[17,87],"mainly":[18],"focus":[19],"on":[20,36,90],"host-level":[21],"activities":[22],"and":[25,109,114],"limit":[26],"the":[27,37,57,63,98,116],"period":[29],"few":[32],"minutes,":[33],"we":[34,60],"concentrate":[35],"network":[38,53,73,91],"behavior":[39,54,74],"over":[42],"longer":[43],"periods.":[44],"We":[45],"provide":[46],"comprehensive":[48],"overview":[49],"typical":[51],"by":[55,88],"discussing":[56],"results":[58],"that":[59,84,101],"obtained":[61],"during":[62],"more":[66],"than":[67],"100,000":[68],"samples.":[70],"The":[71],"resulting":[72],"was":[75],"dissected":[76],"in":[77],"our":[78],"new":[79],"environment":[81],"called":[82],"Sandnet":[83],"complements":[85],"focusing":[89],"traffic":[92],"analysis.":[93],"Our":[94],"in-depth":[95],"two":[99],"protocols":[100],"are":[102],"most":[103],"popular":[104],"among":[105],"authors,":[107],"DNS":[108],"HTTP,":[110],"helps":[111],"understand":[113],"characterize":[115],"usage":[117],"these":[119],"prevalent":[120],"protocols.":[121]},"counts_by_year":[{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":2},{"year":2023,"cited_by_count":1},{"year":2022,"cited_by_count":2},{"year":2021,"cited_by_count":2},{"year":2020,"cited_by_count":1},{"year":2019,"cited_by_count":6},{"year":2018,"cited_by_count":6},{"year":2017,"cited_by_count":6},{"year":2016,"cited_by_count":2},{"year":2015,"cited_by_count":9},{"year":2014,"cited_by_count":10},{"year":2013,"cited_by_count":13},{"year":2012,"cited_by_count":6}],"updated_date":"2026-03-10T16:38:18.471706","created_date":"2016-06-24T00:00:00"}