{"id":"https://openalex.org/W4400120404","doi":"https://doi.org/10.1145/3634737.3644992","title":"C2Miner: Tricking IoT Malware into Revealing Live Command &amp; Control Servers","display_name":"C2Miner: Tricking IoT Malware into Revealing Live Command &amp; Control Servers","publication_year":2024,"publication_date":"2024-06-28","ids":{"openalex":"https://openalex.org/W4400120404","doi":"https://doi.org/10.1145/3634737.3644992"},"language":"en","primary_location":{"id":"doi:10.1145/3634737.3644992","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3634737.3644992","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 19th ACM Asia Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.1145/3634737.3644992","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5035781581","display_name":"Ali Davanian","orcid":"https://orcid.org/0000-0002-1171-5357"},"institutions":[{"id":"https://openalex.org/I103635307","display_name":"University of California, Riverside","ror":"https://ror.org/03nawhv43","country_code":"US","type":"education","lineage":["https://openalex.org/I103635307"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Ali Davanian","raw_affiliation_strings":["University of California Riverside, Irvine, USA"],"raw_orcid":"https://orcid.org/0000-0002-1171-5357","affiliations":[{"raw_affiliation_string":"University of California Riverside, Irvine, USA","institution_ids":["https://openalex.org/I103635307"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5018876909","display_name":"Michalis Faloutsos","orcid":"https://orcid.org/0000-0002-3882-9987"},"institutions":[{"id":"https://openalex.org/I103635307","display_name":"University of California, Riverside","ror":"https://ror.org/03nawhv43","country_code":"US","type":"education","lineage":["https://openalex.org/I103635307"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Michail Faloutsos","raw_affiliation_strings":["University of California Riverside, Riverside, USA"],"raw_orcid":"https://orcid.org/0000-0002-3882-9987","affiliations":[{"raw_affiliation_string":"University of California Riverside, Riverside, USA","institution_ids":["https://openalex.org/I103635307"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5009694552","display_name":"Martina Lindorfer","orcid":"https://orcid.org/0000-0001-7001-4481"},"institutions":[{"id":"https://openalex.org/I145847075","display_name":"TU Wien","ror":"https://ror.org/04d836q62","country_code":"AT","type":"education","lineage":["https://openalex.org/I145847075"]}],"countries":["AT"],"is_corresponding":false,"raw_author_name":"Martina Lindorfer","raw_affiliation_strings":["TU Wien, Vienna, Austria"],"raw_orcid":"https://orcid.org/0000-0001-7001-4481","affiliations":[{"raw_affiliation_string":"TU Wien, Vienna, Austria","institution_ids":["https://openalex.org/I145847075"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":2,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":1.4077,"has_fulltext":false,"cited_by_count":5,"citation_normalized_percentile":{"value":0.80998782,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":97},"biblio":{"volume":null,"issue":null,"first_page":"112","last_page":"127"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9961000084877014,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/server","display_name":"Server","score":0.7414998412132263},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6950197219848633},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.6292340755462646},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5980570316314697},{"id":"https://openalex.org/keywords/internet-of-things","display_name":"Internet of Things","score":0.562667727470398},{"id":"https://openalex.org/keywords/command-and-control","display_name":"Command and control","score":0.5049009919166565},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.449482798576355},{"id":"https://openalex.org/keywords/access-control","display_name":"Access control","score":0.4163759648799896},{"id":"https://openalex.org/keywords/telecommunications","display_name":"Telecommunications","score":0.08358880877494812}],"concepts":[{"id":"https://openalex.org/C93996380","wikidata":"https://www.wikidata.org/wiki/Q44127","display_name":"Server","level":2,"score":0.7414998412132263},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6950197219848633},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.6292340755462646},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5980570316314697},{"id":"https://openalex.org/C81860439","wikidata":"https://www.wikidata.org/wiki/Q251212","display_name":"Internet of Things","level":2,"score":0.562667727470398},{"id":"https://openalex.org/C506615639","wikidata":"https://www.wikidata.org/wiki/Q21662260","display_name":"Command and control","level":2,"score":0.5049009919166565},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.449482798576355},{"id":"https://openalex.org/C527821871","wikidata":"https://www.wikidata.org/wiki/Q228502","display_name":"Access control","level":2,"score":0.4163759648799896},{"id":"https://openalex.org/C76155785","wikidata":"https://www.wikidata.org/wiki/Q418","display_name":"Telecommunications","level":1,"score":0.08358880877494812}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3634737.3644992","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3634737.3644992","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 19th ACM Asia Conference on Computer and Communications Security","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3634737.3644992","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3634737.3644992","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 19th ACM Asia Conference on Computer and Communications Security","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G1314422911","display_name":null,"funder_award_id":"10.47379/ICT19056","funder_id":"https://openalex.org/F4320321003","funder_display_name":"Vienna Science and Technology Fund"}],"funders":[{"id":"https://openalex.org/F4320321003","display_name":"Vienna Science and Technology Fund","ror":"https://ror.org/01f9mc681"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":13,"referenced_works":["https://openalex.org/W1975745448","https://openalex.org/W2054897983","https://openalex.org/W2794801050","https://openalex.org/W2890859663","https://openalex.org/W2947969447","https://openalex.org/W3045898733","https://openalex.org/W3081118847","https://openalex.org/W3109112485","https://openalex.org/W3111533025","https://openalex.org/W3113371616","https://openalex.org/W3211825719","https://openalex.org/W4254935592","https://openalex.org/W4285620320"],"related_works":["https://openalex.org/W2097492617","https://openalex.org/W2753240997","https://openalex.org/W1764168690","https://openalex.org/W2537959205","https://openalex.org/W2740895074","https://openalex.org/W2772446090","https://openalex.org/W4284893819","https://openalex.org/W2249809453","https://openalex.org/W3152891574","https://openalex.org/W2783300127"],"abstract_inverted_index":{"How":[0],"can":[1],"we":[2],"identify":[3],"live":[4,64],"Command":[5],"&":[6],"Control":[7],"(C2)":[8],"servers":[9,38],"for":[10],"a":[11,23,52,104,109,115],"given":[12],"IoT":[13,57,72],"malware":[14,58,73,99],"binary?":[15],"An":[16],"effective":[17],"solution":[18],"to":[19,55,78,86,114],"this":[20],"problem":[21],"constitutes":[22],"significant":[24],"capability":[25],"towards":[26],"detecting":[27],"and":[28,41,45,75,100],"containing":[29],"botnets.":[30],"This":[31],"task":[32],"is":[33,107],"not":[34],"trivial":[35],"because":[36],"C2":[37,65,110],"are":[39],"short-lived,":[40],"they":[42],"use":[43],"sophisticated":[44],"proprietary":[46],"communication":[47],"protocols.":[48],"We":[49,82],"propose":[50],"C2Miner,":[51],"novel":[53,84],"approach":[54,68],"trick":[56],"binaries":[59,74],"into":[60],"revealing":[61],"their":[62],"currently":[63],"servers.":[66,81],"Our":[67],"weaponizes":[69],"old":[70],"disposable":[71],"uses":[76],"them":[77],"probe":[79],"active":[80],"provide":[83],"solutions":[85],"overcome":[87],"the":[88,93,98],"following":[89],"challenges:":[90],"(a)":[91],"disambiguating":[92],"C2-bound":[94],"traffic":[95],"generated":[96],"by":[97],"(b)":[101],"determining":[102],"if":[103],"target":[105],"IP:port":[106],"indeed":[108],"server":[111],"as":[112],"opposed":[113],"benign":[116],"server.":[117]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":3},{"year":2024,"cited_by_count":1}],"updated_date":"2025-12-19T19:40:27.379048","created_date":"2025-10-10T00:00:00"}
