{"id":"https://openalex.org/W4311165740","doi":"https://doi.org/10.1145/3564625.3564646","title":"View from Above: Exploring the Malware Ecosystem from the Upper DNS Hierarchy","display_name":"View from Above: Exploring the Malware Ecosystem from the Upper DNS Hierarchy","publication_year":2022,"publication_date":"2022-12-03","ids":{"openalex":"https://openalex.org/W4311165740","doi":"https://doi.org/10.1145/3564625.3564646"},"language":"en","primary_location":{"id":"doi:10.1145/3564625.3564646","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3564625.3564646","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3564625.3564646","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 38th Annual Computer Security Applications Conference","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3564625.3564646","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5050993271","display_name":"Aaron Faulkenberry","orcid":null},"institutions":[{"id":"https://openalex.org/I130701444","display_name":"Georgia Institute of Technology","ror":"https://ror.org/01zkghx44","country_code":"US","type":"education","lineage":["https://openalex.org/I130701444"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Aaron Faulkenberry","raw_affiliation_strings":["Georgia Institute of Technology, USA"],"affiliations":[{"raw_affiliation_string":"Georgia Institute of Technology, USA","institution_ids":["https://openalex.org/I130701444"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5018746218","display_name":"Athanasios Avgetidis","orcid":null},"institutions":[{"id":"https://openalex.org/I130701444","display_name":"Georgia Institute of Technology","ror":"https://ror.org/01zkghx44","country_code":"US","type":"education","lineage":["https://openalex.org/I130701444"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Athanasios Avgetidis","raw_affiliation_strings":["Georgia Institute of Technology, United States of America"],"affiliations":[{"raw_affiliation_string":"Georgia Institute of Technology, United States of America","institution_ids":["https://openalex.org/I130701444"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5087894470","display_name":"Zane Ma","orcid":"https://orcid.org/0000-0003-4501-066X"},"institutions":[{"id":"https://openalex.org/I130701444","display_name":"Georgia Institute of Technology","ror":"https://ror.org/01zkghx44","country_code":"US","type":"education","lineage":["https://openalex.org/I130701444"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Zane Ma","raw_affiliation_strings":["Georgia Institute of Technology, USA"],"affiliations":[{"raw_affiliation_string":"Georgia Institute of Technology, USA","institution_ids":["https://openalex.org/I130701444"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5088269951","display_name":"Omar Alrawi","orcid":"https://orcid.org/0000-0002-4374-737X"},"institutions":[{"id":"https://openalex.org/I130701444","display_name":"Georgia Institute of Technology","ror":"https://ror.org/01zkghx44","country_code":"US","type":"education","lineage":["https://openalex.org/I130701444"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Omar Alrawi","raw_affiliation_strings":["Georgia Institute of Technology, United States of America"],"affiliations":[{"raw_affiliation_string":"Georgia Institute of Technology, United States of America","institution_ids":["https://openalex.org/I130701444"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5000942801","display_name":"Charles Lever","orcid":"https://orcid.org/0000-0002-6148-8981"},"institutions":[{"id":"https://openalex.org/I236478094","display_name":"Promundo","ror":"https://ror.org/03mwbkd48","country_code":"US","type":"nonprofit","lineage":["https://openalex.org/I236478094"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Charles Lever","raw_affiliation_strings":["Devo, USA"],"affiliations":[{"raw_affiliation_string":"Devo, USA","institution_ids":["https://openalex.org/I236478094"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5031597177","display_name":"Panagiotis Kintis","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Panagiotis Kintis","raw_affiliation_strings":["Voreas Laboratories Inc, USA"],"affiliations":[{"raw_affiliation_string":"Voreas Laboratories Inc, USA","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5069862528","display_name":"Fabian Monrose","orcid":"https://orcid.org/0000-0002-9805-2217"},"institutions":[{"id":"https://openalex.org/I130701444","display_name":"Georgia Institute of Technology","ror":"https://ror.org/01zkghx44","country_code":"US","type":"education","lineage":["https://openalex.org/I130701444"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Fabian Monrose","raw_affiliation_strings":["Georgia Institute of Technology, USA"],"affiliations":[{"raw_affiliation_string":"Georgia Institute of Technology, USA","institution_ids":["https://openalex.org/I130701444"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5023057383","display_name":"Angelos D. Keromytis","orcid":"https://orcid.org/0000-0003-3815-5932"},"institutions":[{"id":"https://openalex.org/I130701444","display_name":"Georgia Institute of Technology","ror":"https://ror.org/01zkghx44","country_code":"US","type":"education","lineage":["https://openalex.org/I130701444"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Angelos D. Keromytis","raw_affiliation_strings":["Georgia Institute of Technology, USA"],"affiliations":[{"raw_affiliation_string":"Georgia Institute of Technology, USA","institution_ids":["https://openalex.org/I130701444"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5067105657","display_name":"Manos Antonakakis","orcid":"https://orcid.org/0000-0003-1578-8307"},"institutions":[{"id":"https://openalex.org/I130701444","display_name":"Georgia Institute of Technology","ror":"https://ror.org/01zkghx44","country_code":"US","type":"education","lineage":["https://openalex.org/I130701444"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Manos Antonakakis","raw_affiliation_strings":["Georgia Institute of Technology, United States of America"],"affiliations":[{"raw_affiliation_string":"Georgia Institute of Technology, United States of America","institution_ids":["https://openalex.org/I130701444"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":9,"corresponding_author_ids":["https://openalex.org/A5050993271"],"corresponding_institution_ids":["https://openalex.org/I130701444"],"apc_list":null,"apc_paid":null,"fwci":0.8921,"has_fulltext":true,"cited_by_count":6,"citation_normalized_percentile":{"value":0.72979756,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":97},"biblio":{"volume":null,"issue":null,"first_page":"240","last_page":"250"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.9100300073623657},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6660020351409912},{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.5329291224479675},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.5328137874603271},{"id":"https://openalex.org/keywords/data-science","display_name":"Data science","score":0.50506192445755},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.46557945013046265},{"id":"https://openalex.org/keywords/malware-analysis","display_name":"Malware analysis","score":0.44292426109313965},{"id":"https://openalex.org/keywords/geography","display_name":"Geography","score":0.1419927477836609}],"concepts":[{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.9100300073623657},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6660020351409912},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.5329291224479675},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.5328137874603271},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.50506192445755},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.46557945013046265},{"id":"https://openalex.org/C2779395397","wikidata":"https://www.wikidata.org/wiki/Q15731404","display_name":"Malware analysis","level":3,"score":0.44292426109313965},{"id":"https://openalex.org/C205649164","wikidata":"https://www.wikidata.org/wiki/Q1071","display_name":"Geography","level":0,"score":0.1419927477836609},{"id":"https://openalex.org/C166957645","wikidata":"https://www.wikidata.org/wiki/Q23498","display_name":"Archaeology","level":1,"score":0.0},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3564625.3564646","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3564625.3564646","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3564625.3564646","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 38th Annual Computer Security Applications Conference","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3564625.3564646","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3564625.3564646","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3564625.3564646","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 38th Annual Computer Security Applications Conference","raw_type":"proceedings-article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/15","score":0.5199999809265137,"display_name":"Life in Land"}],"awards":[],"funders":[],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4311165740.pdf","grobid_xml":"https://content.openalex.org/works/W4311165740.grobid-xml"},"referenced_works_count":25,"referenced_works":["https://openalex.org/W4861383","https://openalex.org/W94487276","https://openalex.org/W1509959393","https://openalex.org/W1587106557","https://openalex.org/W1990497396","https://openalex.org/W2054143615","https://openalex.org/W2091614396","https://openalex.org/W2100307718","https://openalex.org/W2155440239","https://openalex.org/W2334842536","https://openalex.org/W2518248186","https://openalex.org/W2599194031","https://openalex.org/W2603454751","https://openalex.org/W2614419969","https://openalex.org/W2946898425","https://openalex.org/W2947608454","https://openalex.org/W2980904829","https://openalex.org/W3094370721","https://openalex.org/W3111533025","https://openalex.org/W3138595089","https://openalex.org/W3159521830","https://openalex.org/W3209722324","https://openalex.org/W4205883304","https://openalex.org/W4213362721","https://openalex.org/W6743493502"],"related_works":["https://openalex.org/W2469507153","https://openalex.org/W2008790809","https://openalex.org/W2768892939","https://openalex.org/W4285507391","https://openalex.org/W3164408430","https://openalex.org/W2397240470","https://openalex.org/W2602767565","https://openalex.org/W170652726","https://openalex.org/W2883822334","https://openalex.org/W2134874482"],"abstract_inverted_index":{"This":[0,68],"work":[1,83],"explores":[2],"authoritative":[3],"DNS":[4],"(AuthDNS)":[5],"as":[6,60,62,201],"a":[7,36,149,156,181,202],"new":[8,90],"measurement":[9,204],"perspective":[10,205],"for":[11],"studying":[12],"the":[13,17,77,172],"large-scale":[14],"epidemiology":[15],"of":[16,64,70,76,120,132,145,158,175,183,207],"malware":[18,41,78,85,93,101,134,176,210],"ecosystem\u2014when":[19],"and":[20,24,28,52,87,96,155,191,195],"where":[21],"infections":[22],"occur,":[23],"what":[25],"infrastructure":[26,46,86],"spreads":[27],"controls":[29],"malware.":[30],"Utilizing":[31],"an":[32,73],"AuthDNS":[33,170,200],"dataset":[34],"from":[35],"top":[37],"registrar,":[38],"we":[39,115,178,198],"observe":[40],"heterogeneity":[42],"(202":[43],"families),":[44],"global":[45,209],"(399,830":[47],"IPs":[48],"in":[49,106],"151":[50],"countries)":[51],"infection":[53,94,138],"(40,937":[54],"querying":[55],"Autonomous":[56],"Systems":[57],"(ASes))":[58],"visibility,":[59],"well":[61],"breadth":[63],"temporal":[65],"coverage":[66],"(2017\u20132021).":[67],"combination":[69],"factors":[71],"enables":[72],"extensive":[74],"analysis":[75,131,139],"ecosystem":[79],"that":[80,100,137],"reinforces":[81],"prior":[82,113],"on":[84,92,187],"also":[88],"contributes":[89],"perspectives":[91],"distribution":[95],"lifecycle.":[97],"We":[98],"find":[99],"families":[102,135],"re-use":[103],"infrastructure,":[104],"especially":[105],"cloud":[107],"hosting":[108],"countries,":[109],"but":[110],"contrary":[111],"to":[112],"work,":[114],"do":[116],"not":[117],"detect":[118],"targeting":[119],"clients":[121],"by":[122],"countries":[123],"or":[124,166],"industry":[125],"sector.":[126],"Furthermore,":[127],"our":[128],"4-year":[129],"lifecycle":[130],"diverse":[133],"shows":[136],"is":[140],"temporally":[141],"sensitive:":[142],"over":[143],"90%":[144],"ASes":[146,160],"first":[147],"query":[148,162],"malicious":[150],"domain":[151,164],"after":[152,163],"public":[153],"detection,":[154],"median":[157],"38.6%":[159],"only":[161],"expiration":[165],"takedown.":[167],"To":[168],"fit":[169],"into":[171],"broader":[173],"context":[174],"research,":[177],"conclude":[179],"with":[180],"comparison":[182],"experimental":[184],"vantage":[185],"points":[186],"four":[188],"qualitative":[189],"aspects":[190],"discuss":[192],"their":[193],"advantages":[194],"limitations.":[196],"Ultimately,":[197],"establish":[199],"unique":[203],"capable":[206],"measuring":[208],"infections.":[211]},"counts_by_year":[{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":3},{"year":2023,"cited_by_count":1}],"updated_date":"2026-03-27T05:58:40.876381","created_date":"2025-10-10T00:00:00"}