{"id":"https://openalex.org/W3081118847","doi":"https://doi.org/10.1145/3407023.3409177","title":"Disposable botnets","display_name":"Disposable botnets","publication_year":2020,"publication_date":"2020-08-25","ids":{"openalex":"https://openalex.org/W3081118847","doi":"https://doi.org/10.1145/3407023.3409177","mag":"3081118847"},"language":"en","primary_location":{"id":"doi:10.1145/3407023.3409177","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3407023.3409177","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 15th International Conference on Availability, Reliability and Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5082125949","display_name":"Rui Tanabe","orcid":"https://orcid.org/0000-0002-0246-5720"},"institutions":[{"id":"https://openalex.org/I180203408","display_name":"Yokohama National University","ror":"https://ror.org/03zyp6p76","country_code":"JP","type":"education","lineage":["https://openalex.org/I180203408"]}],"countries":["JP"],"is_corresponding":true,"raw_author_name":"Rui Tanabe","raw_affiliation_strings":["Yokohama National University"],"affiliations":[{"raw_affiliation_string":"Yokohama National University","institution_ids":["https://openalex.org/I180203408"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5005764634","display_name":"Tatsuya Tamai","orcid":null},"institutions":[{"id":"https://openalex.org/I180203408","display_name":"Yokohama National University","ror":"https://ror.org/03zyp6p76","country_code":"JP","type":"education","lineage":["https://openalex.org/I180203408"]}],"countries":["JP"],"is_corresponding":false,"raw_author_name":"Tatsuya Tamai","raw_affiliation_strings":["Yokohama National University"],"affiliations":[{"raw_affiliation_string":"Yokohama National University","institution_ids":["https://openalex.org/I180203408"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5113597090","display_name":"Akira Fujita","orcid":null},"institutions":[{"id":"https://openalex.org/I90023481","display_name":"National Institute of Information and Communications Technology","ror":"https://ror.org/016bgq349","country_code":"JP","type":"facility","lineage":["https://openalex.org/I90023481"]}],"countries":["JP"],"is_corresponding":false,"raw_author_name":"Akira Fujita","raw_affiliation_strings":["National Institute of Information and Communications technology"],"affiliations":[{"raw_affiliation_string":"National Institute of Information and Communications technology","institution_ids":["https://openalex.org/I90023481"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5085568759","display_name":"Ryoichi Isawa","orcid":null},"institutions":[{"id":"https://openalex.org/I90023481","display_name":"National Institute of Information and Communications Technology","ror":"https://ror.org/016bgq349","country_code":"JP","type":"facility","lineage":["https://openalex.org/I90023481"]}],"countries":["JP"],"is_corresponding":false,"raw_author_name":"Ryoichi Isawa","raw_affiliation_strings":["National Institute of Information and Communications technology"],"affiliations":[{"raw_affiliation_string":"National Institute of Information and Communications technology","institution_ids":["https://openalex.org/I90023481"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5028367744","display_name":"Katsunari Yoshioka","orcid":"https://orcid.org/0000-0003-0964-8631"},"institutions":[{"id":"https://openalex.org/I180203408","display_name":"Yokohama National University","ror":"https://ror.org/03zyp6p76","country_code":"JP","type":"education","lineage":["https://openalex.org/I180203408"]}],"countries":["JP"],"is_corresponding":false,"raw_author_name":"Katsunari Yoshioka","raw_affiliation_strings":["Yokohama National University"],"affiliations":[{"raw_affiliation_string":"Yokohama National University","institution_ids":["https://openalex.org/I180203408"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5108109302","display_name":"Tsutomu Matsumoto","orcid":null},"institutions":[{"id":"https://openalex.org/I180203408","display_name":"Yokohama National University","ror":"https://ror.org/03zyp6p76","country_code":"JP","type":"education","lineage":["https://openalex.org/I180203408"]}],"countries":["JP"],"is_corresponding":false,"raw_author_name":"Tsutomu Matsumoto","raw_affiliation_strings":["Yokohama National University"],"affiliations":[{"raw_affiliation_string":"Yokohama National University","institution_ids":["https://openalex.org/I180203408"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5048211807","display_name":"Carlos Ga\u00f1\u00e1n","orcid":"https://orcid.org/0000-0002-4699-3007"},"institutions":[{"id":"https://openalex.org/I98358874","display_name":"Delft University of Technology","ror":"https://ror.org/02e2c7k09","country_code":"NL","type":"education","lineage":["https://openalex.org/I98358874"]}],"countries":["NL"],"is_corresponding":false,"raw_author_name":"Carlos Ga\u00f1\u00e1n","raw_affiliation_strings":["Delft University of Technology"],"affiliations":[{"raw_affiliation_string":"Delft University of Technology","institution_ids":["https://openalex.org/I98358874"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5012946294","display_name":"Michel van Eeten","orcid":"https://orcid.org/0000-0002-0338-2812"},"institutions":[{"id":"https://openalex.org/I98358874","display_name":"Delft University of Technology","ror":"https://ror.org/02e2c7k09","country_code":"NL","type":"education","lineage":["https://openalex.org/I98358874"]}],"countries":["NL"],"is_corresponding":false,"raw_author_name":"Michel van Eeten","raw_affiliation_strings":["Delft University of Technology"],"affiliations":[{"raw_affiliation_string":"Delft University of Technology","institution_ids":["https://openalex.org/I98358874"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":8,"corresponding_author_ids":["https://openalex.org/A5082125949"],"corresponding_institution_ids":["https://openalex.org/I180203408"],"apc_list":null,"apc_paid":null,"fwci":2.1585,"has_fulltext":false,"cited_by_count":18,"citation_normalized_percentile":{"value":0.88391688,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"10"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11478","display_name":"Caching and Content Delivery","score":0.9987000226974487,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/botnet","display_name":"Botnet","score":0.9931199550628662},{"id":"https://openalex.org/keywords/honeypot","display_name":"Honeypot","score":0.8001153469085693},{"id":"https://openalex.org/keywords/server","display_name":"Server","score":0.7992688417434692},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.6770887970924377},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6648399829864502},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6196796298027039},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.43599510192871094},{"id":"https://openalex.org/keywords/internet-of-things","display_name":"Internet of Things","score":0.4244022071361542},{"id":"https://openalex.org/keywords/host","display_name":"Host (biology)","score":0.4228728115558624},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.4025779068470001},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.22850331664085388}],"concepts":[{"id":"https://openalex.org/C22735295","wikidata":"https://www.wikidata.org/wiki/Q317671","display_name":"Botnet","level":3,"score":0.9931199550628662},{"id":"https://openalex.org/C191267431","wikidata":"https://www.wikidata.org/wiki/Q911932","display_name":"Honeypot","level":2,"score":0.8001153469085693},{"id":"https://openalex.org/C93996380","wikidata":"https://www.wikidata.org/wiki/Q44127","display_name":"Server","level":2,"score":0.7992688417434692},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.6770887970924377},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6648399829864502},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6196796298027039},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.43599510192871094},{"id":"https://openalex.org/C81860439","wikidata":"https://www.wikidata.org/wiki/Q251212","display_name":"Internet of Things","level":2,"score":0.4244022071361542},{"id":"https://openalex.org/C126831891","wikidata":"https://www.wikidata.org/wiki/Q221673","display_name":"Host (biology)","level":2,"score":0.4228728115558624},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.4025779068470001},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.22850331664085388},{"id":"https://openalex.org/C18903297","wikidata":"https://www.wikidata.org/wiki/Q7150","display_name":"Ecology","level":1,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3407023.3409177","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3407023.3409177","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 15th International Conference on Availability, Reliability and Security","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Industry, innovation and infrastructure","id":"https://metadata.un.org/sdg/9","score":0.6399999856948853}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":8,"referenced_works":["https://openalex.org/W1669806660","https://openalex.org/W2065323196","https://openalex.org/W2760063353","https://openalex.org/W2848278845","https://openalex.org/W2890859663","https://openalex.org/W2923481942","https://openalex.org/W2947969447","https://openalex.org/W2989148126"],"related_works":["https://openalex.org/W2789663798","https://openalex.org/W2375896275","https://openalex.org/W2166943775","https://openalex.org/W1903420481","https://openalex.org/W2158007046","https://openalex.org/W2929621094","https://openalex.org/W1996006176","https://openalex.org/W1522996108","https://openalex.org/W4285325964","https://openalex.org/W2164525836"],"abstract_inverted_index":{"Large":[0],"botnets":[1,61,216,222],"made":[2],"up":[3],"of":[4,56,59,66,74,106,137,142,231,278],"Internet-of-Things":[5],"(IoT)":[6],"devices":[7],"have":[8,170],"been":[9],"a":[10,52,158,171,188],"steady":[11],"presence":[12],"in":[13],"the":[14,26,57,72,122,135,140,143,150,153,181,185,210,229,273],"threat":[15],"landscape":[16],"since":[17],"2016.":[18],"Earlier":[19],"research":[20],"has":[21,40],"found":[22],"preliminary":[23],"evidence":[24],"that":[25,102,105,214,235,258,268],"IoT":[27,60,80,110,221],"binaries":[28,128,154],"and":[29,71,86,98,202,242,252],"C&C":[30,88,151,166,190,243],"infrastructure":[31,58],"were":[32],"only":[33,125,157,198,250],"seen":[34,254],"for":[35,130,180],"very":[36,238],"brief":[37],"periods.":[38],"It":[39],"not":[41,113],"explained":[42],"how":[43,261],"attackers":[44,182,262],"maintain":[45],"control":[46],"over":[47],"their":[48],"botnets.":[49,109],"We":[50,77,90,266],"present":[51],"more":[53],"comprehensive":[54],"analysis":[55,176],"based":[62],"on":[63,92],"23":[64],"months":[65],"data":[67],"gathered":[68],"via":[69,209],"honeypots":[70],"monitoring":[73],"botnet":[75,111,144],"infrastructure.":[76],"collected":[78],"59,884":[79],"malware":[81],"samples,":[82],"35,494":[83],"download":[84],"servers,":[85],"2,747":[87],"servers.":[89],"focuse":[91],"three":[93,133],"dominant":[94],"families:":[95],"Bashlite,":[96],"Mirai,":[97],"Tsunami.":[99],"The":[100,165,256],"picture":[101],"emerges":[103],"is":[104,145,260],"highly":[107],"disposable":[108,233],"are":[112,126,196,217,237,248],"so":[114],"much":[115],"maintained":[116],"as":[117],"reconstituted":[118],"from":[119],"scratch":[120],"all":[121],"time.":[123],"Not":[124],"most":[127],"distributed":[129],"less":[131,224],"than":[132,226],"days,":[134],"connection":[136],"bots":[138,186,195],"to":[139,183,187,205,240],"rest":[141],"also":[146,169],"short-lived.":[147],"To":[148],"reach":[149],"server,":[152],"typically":[155],"contain":[156],"single":[159],"hard-coded":[160],"IP":[161,246,274],"address":[162,275],"or":[163],"domain.":[164],"servers":[167],"themselves":[168],"short":[172],"lifespan.":[173],"Long-term":[174],"dynamic":[175],"finds":[177],"no":[178],"mechanism":[179],"migrate":[184],"new":[189],"server.":[191],"In":[192],"other":[193],"words,":[194],"used":[197,249],"immediately":[199],"after":[200],"capture":[201],"then":[203],"abandoned---perhaps":[204],"be":[206,271],"recaptured":[207],"again":[208],"aggressive":[211],"scanning":[212],"practices":[213,277],"these":[215,264],"known":[218],"for.":[219],"While":[220],"appear":[223],"advanced":[225],"Windows-based":[227],"botnets,":[228],"advantage":[230],"being":[232],"means":[234],"they":[236,269],"resistant":[239],"blacklisting":[241],"takedown.":[244],"Most":[245],"addresses":[247],"once":[251],"never":[253],"again.":[255],"question":[257],"arises":[259],"source":[263],"addresses.":[265],"speculate":[267],"might":[270],"abusing":[272],"allocation":[276],"cloud":[279],"providers.":[280]},"counts_by_year":[{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":2},{"year":2022,"cited_by_count":5},{"year":2021,"cited_by_count":8},{"year":2020,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2020-09-01T00:00:00"}