{"id":"https://openalex.org/W4307020417","doi":"https://doi.org/10.1145/3517745.3561463","title":"MalNet","display_name":"MalNet","publication_year":2022,"publication_date":"2022-10-21","ids":{"openalex":"https://openalex.org/W4307020417","doi":"https://doi.org/10.1145/3517745.3561463"},"language":"en","primary_location":{"id":"doi:10.1145/3517745.3561463","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3517745.3561463","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3517745.3561463","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 22nd ACM Internet Measurement Conference","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3517745.3561463","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5035781581","display_name":"Ali Davanian","orcid":"https://orcid.org/0000-0002-1171-5357"},"institutions":[{"id":"https://openalex.org/I103635307","display_name":"University of California, Riverside","ror":"https://ror.org/03nawhv43","country_code":"US","type":"education","lineage":["https://openalex.org/I103635307"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Ali Davanian","raw_affiliation_strings":["University of California Riverside"],"affiliations":[{"raw_affiliation_string":"University of California Riverside","institution_ids":["https://openalex.org/I103635307"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5018876909","display_name":"Michalis Faloutsos","orcid":"https://orcid.org/0000-0002-3882-9987"},"institutions":[{"id":"https://openalex.org/I103635307","display_name":"University of California, Riverside","ror":"https://ror.org/03nawhv43","country_code":"US","type":"education","lineage":["https://openalex.org/I103635307"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Michalis Faloutsos","raw_affiliation_strings":["University of California Riverside"],"affiliations":[{"raw_affiliation_string":"University of California Riverside","institution_ids":["https://openalex.org/I103635307"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5035781581"],"corresponding_institution_ids":["https://openalex.org/I103635307"],"apc_list":null,"apc_paid":null,"fwci":0.4462,"has_fulltext":true,"cited_by_count":3,"citation_normalized_percentile":{"value":0.58958368,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":96},"biblio":{"volume":null,"issue":null,"first_page":"472","last_page":"487"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9950000047683716,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.8923394680023193},{"id":"https://openalex.org/keywords/server","display_name":"Server","score":0.8723524808883667},{"id":"https://openalex.org/keywords/botnet","display_name":"Botnet","score":0.8452469110488892},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.8373441696166992},{"id":"https://openalex.org/keywords/denial-of-service-attack","display_name":"Denial-of-service attack","score":0.8174878358840942},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7628717422485352},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6574076414108276},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.4406076967716217},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.39621374011039734},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.24691036343574524},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.16114547848701477}],"concepts":[{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.8923394680023193},{"id":"https://openalex.org/C93996380","wikidata":"https://www.wikidata.org/wiki/Q44127","display_name":"Server","level":2,"score":0.8723524808883667},{"id":"https://openalex.org/C22735295","wikidata":"https://www.wikidata.org/wiki/Q317671","display_name":"Botnet","level":3,"score":0.8452469110488892},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.8373441696166992},{"id":"https://openalex.org/C38822068","wikidata":"https://www.wikidata.org/wiki/Q131406","display_name":"Denial-of-service attack","level":3,"score":0.8174878358840942},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7628717422485352},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6574076414108276},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.4406076967716217},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.39621374011039734},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.24691036343574524},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.16114547848701477}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3517745.3561463","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3517745.3561463","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3517745.3561463","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 22nd ACM Internet Measurement Conference","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3517745.3561463","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3517745.3561463","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3517745.3561463","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 22nd ACM Internet Measurement Conference","raw_type":"proceedings-article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions","score":0.6100000143051147}],"awards":[],"funders":[],"has_content":{"pdf":true,"grobid_xml":false},"content_urls":{"pdf":"https://content.openalex.org/works/W4307020417.pdf"},"referenced_works_count":22,"referenced_works":["https://openalex.org/W1975745448","https://openalex.org/W2054897983","https://openalex.org/W2075986968","https://openalex.org/W2507466050","https://openalex.org/W2576376563","https://openalex.org/W2584658892","https://openalex.org/W2762279010","https://openalex.org/W2794801050","https://openalex.org/W2890859663","https://openalex.org/W2912095101","https://openalex.org/W2947969447","https://openalex.org/W2973936959","https://openalex.org/W3008949272","https://openalex.org/W3045898733","https://openalex.org/W3081118847","https://openalex.org/W3109112485","https://openalex.org/W3111533025","https://openalex.org/W3113371616","https://openalex.org/W3211825719","https://openalex.org/W4281386688","https://openalex.org/W4299301436","https://openalex.org/W6743493502"],"related_works":["https://openalex.org/W2929621094","https://openalex.org/W1996006176","https://openalex.org/W4285325964","https://openalex.org/W2038807247","https://openalex.org/W1979706594","https://openalex.org/W2097156747","https://openalex.org/W1966145327","https://openalex.org/W2559738661","https://openalex.org/W2147314218","https://openalex.org/W1485337887"],"abstract_inverted_index":{"Where":[0],"are":[1,18,66,138],"the":[2,45,75,93,100,108,132,152,181,192,216],"IoT":[3,10,153,235],"C2":[4,80,104],"servers":[5,134],"located?":[6],"What":[7,15],"vulnerabilities":[8,159,170],"does":[9,112],"malware":[11,42,154],"try":[12],"to":[13,31,68,115,166],"exploit?":[14],"DDoS":[16,87,196],"attacks":[17,197,208],"launched":[19],"in":[20,160],"practice?":[21],"In":[22,125],"this":[23],"work,":[24],"we":[25,36,65,98,127,136,149,190],"conduct":[26],"a":[27,110,116,122,221],"large":[28],"scale":[29],"study":[30,91],"answer":[32],"these":[33],"questions.":[34],"Specifically,":[35],"collect":[37],"and":[38,55,60,70,84,229,233],"dynamically":[39],"analyze":[40],"1447":[41],"binaries":[43,164],"on":[44,146,156],"day":[46],"that":[47,129,135,151,198,225],"they":[48],"become":[49],"publicly":[50],"known":[51,140],"between":[52],"March":[53,56],"2021":[54],"2022":[57],"from":[58],"VirusTotal":[59],"MalwareBazaar.":[61],"By":[62],"doing":[63],"this,":[64],"able":[67],"observe":[69,191],"profile":[71],"their":[72],"behavior":[73,102],"at":[74],"network":[76],"level":[77],"including:":[78],"(a)":[79],"communication,":[81],"(b)":[82],"proliferation,":[83],"(c)":[85],"issued":[86],"attacks.":[88],"Our":[89,163],"comprehensive":[90],"provides":[92],"following":[94],"key":[95],"observations.":[96],"First,":[97],"quantify":[99],"elusive":[101],"of":[103,107,131,173,194,202,207,219],"servers:":[105],"91%":[106],"time":[109],"server":[111],"not":[113,139],"respond":[114],"second":[117],"probe":[118],"four":[119],"hours":[120],"after":[121],"successful":[123],"probe.":[124],"addition,":[126],"find":[128,137,150],"15%":[130],"live":[133],"by":[141],"threat":[142],"intelligence":[143],"feeds":[144],"available":[145],"VirusTotal.":[147],"Second,":[148],"relies":[155],"fairly":[157],"old":[158],"its":[161],"proliferation.":[162],"attempt":[165],"exploit":[167],"12":[168],"different":[169],"with":[171,204],"9":[172],"them":[174],"more":[175],"than":[176],"4":[177],"years":[178],"old,":[179],"while":[180],"most":[182],"recent":[183],"one":[184],"was":[185],"5":[186],"months":[187],"old.":[188],"Third,":[189],"launch":[193],"42":[195],"span":[199],"8":[200],"types":[201,206],"attacks,":[203],"two":[205],"targeting":[209],"gaming":[210],"servers.":[211],"The":[212],"promising":[213],"results":[214],"indicate":[215],"significant":[217],"value":[218],"using":[220],"dynamic":[222],"analysis":[223],"approach":[224],"includes":[226],"active":[227],"measurements":[228],"probing":[230],"towards":[231],"detecting":[232],"containing":[234],"botnets.":[236]},"counts_by_year":[{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":2}],"updated_date":"2026-01-16T23:16:36.188383","created_date":"2022-10-22T00:00:00"}