{"id":"https://openalex.org/W2034505280","doi":"https://doi.org/10.1145/2714576.2714579","title":"An Empirical Analysis of ZeuS C&amp;C Lifetime","display_name":"An Empirical Analysis of ZeuS C&amp;C Lifetime","publication_year":2015,"publication_date":"2015-04-03","ids":{"openalex":"https://openalex.org/W2034505280","doi":"https://doi.org/10.1145/2714576.2714579","mag":"2034505280"},"language":"en","primary_location":{"id":"doi:10.1145/2714576.2714579","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2714576.2714579","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5048211807","display_name":"Carlos Ga\u00f1\u00e1n","orcid":"https://orcid.org/0000-0002-4699-3007"},"institutions":[{"id":"https://openalex.org/I98358874","display_name":"Delft University of Technology","ror":"https://ror.org/02e2c7k09","country_code":"NL","type":"education","lineage":["https://openalex.org/I98358874"]}],"countries":["NL"],"is_corresponding":true,"raw_author_name":"Carlos Ga\u00f1\u00e1n","raw_affiliation_strings":["Delft University of Technology, Delft, Netherlands","Delft University of Technology, Delft, Netherlands;"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Delft University of Technology, Delft, Netherlands","institution_ids":["https://openalex.org/I98358874"]},{"raw_affiliation_string":"Delft University of Technology, Delft, Netherlands;","institution_ids":["https://openalex.org/I98358874"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5005365576","display_name":"Or\u00e7un \u00c7etin","orcid":"https://orcid.org/0000-0001-9670-0295"},"institutions":[{"id":"https://openalex.org/I98358874","display_name":"Delft University of Technology","ror":"https://ror.org/02e2c7k09","country_code":"NL","type":"education","lineage":["https://openalex.org/I98358874"]}],"countries":["NL"],"is_corresponding":false,"raw_author_name":"Orcun Cetin","raw_affiliation_strings":["Delft University of Technology, Delft, Netherlands","Delft University of Technology, Delft, Netherlands;"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Delft University of Technology, Delft, Netherlands","institution_ids":["https://openalex.org/I98358874"]},{"raw_affiliation_string":"Delft University of Technology, Delft, Netherlands;","institution_ids":["https://openalex.org/I98358874"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5012946294","display_name":"Michel van Eeten","orcid":"https://orcid.org/0000-0002-0338-2812"},"institutions":[{"id":"https://openalex.org/I98358874","display_name":"Delft University of Technology","ror":"https://ror.org/02e2c7k09","country_code":"NL","type":"education","lineage":["https://openalex.org/I98358874"]}],"countries":["NL"],"is_corresponding":false,"raw_author_name":"Michel van Eeten","raw_affiliation_strings":["Delft University of Technology, Delft, Netherlands","Delft University of Technology, Delft, Netherlands;"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Delft University of Technology, Delft, Netherlands","institution_ids":["https://openalex.org/I98358874"]},{"raw_affiliation_string":"Delft University of Technology, Delft, Netherlands;","institution_ids":["https://openalex.org/I98358874"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5048211807"],"corresponding_institution_ids":["https://openalex.org/I98358874"],"apc_list":null,"apc_paid":null,"fwci":3.1558,"has_fulltext":false,"cited_by_count":19,"citation_normalized_percentile":{"value":0.92389209,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"97","last_page":"108"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9991999864578247,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9987000226974487,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/botnet","display_name":"Botnet","score":0.8438236713409424},{"id":"https://openalex.org/keywords/zeus","display_name":"ZEUS (particle detector)","score":0.8389772176742554},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.665401816368103},{"id":"https://openalex.org/keywords/popularity","display_name":"Popularity","score":0.6096280813217163},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.573818564414978},{"id":"https://openalex.org/keywords/lasso","display_name":"Lasso (programming language)","score":0.5684735774993896},{"id":"https://openalex.org/keywords/command-and-control","display_name":"Command and control","score":0.5349971055984497},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.49884986877441406},{"id":"https://openalex.org/keywords/ransomware","display_name":"Ransomware","score":0.4766981303691864},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.35415270924568176},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.11001810431480408},{"id":"https://openalex.org/keywords/telecommunications","display_name":"Telecommunications","score":0.1068049967288971},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.10128068923950195},{"id":"https://openalex.org/keywords/physics","display_name":"Physics","score":0.07760792970657349},{"id":"https://openalex.org/keywords/law","display_name":"Law","score":0.06818413734436035}],"concepts":[{"id":"https://openalex.org/C22735295","wikidata":"https://www.wikidata.org/wiki/Q317671","display_name":"Botnet","level":3,"score":0.8438236713409424},{"id":"https://openalex.org/C2776444479","wikidata":"https://www.wikidata.org/wiki/Q8063038","display_name":"ZEUS (particle detector)","level":5,"score":0.8389772176742554},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.665401816368103},{"id":"https://openalex.org/C2780586970","wikidata":"https://www.wikidata.org/wiki/Q1357284","display_name":"Popularity","level":2,"score":0.6096280813217163},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.573818564414978},{"id":"https://openalex.org/C37616216","wikidata":"https://www.wikidata.org/wiki/Q3218363","display_name":"Lasso (programming language)","level":2,"score":0.5684735774993896},{"id":"https://openalex.org/C506615639","wikidata":"https://www.wikidata.org/wiki/Q21662260","display_name":"Command and control","level":2,"score":0.5349971055984497},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.49884986877441406},{"id":"https://openalex.org/C2777667771","wikidata":"https://www.wikidata.org/wiki/Q926331","display_name":"Ransomware","level":3,"score":0.4766981303691864},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.35415270924568176},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.11001810431480408},{"id":"https://openalex.org/C76155785","wikidata":"https://www.wikidata.org/wiki/Q418","display_name":"Telecommunications","level":1,"score":0.1068049967288971},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.10128068923950195},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.07760792970657349},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.06818413734436035},{"id":"https://openalex.org/C142199849","wikidata":"https://www.wikidata.org/wiki/Q3027672","display_name":"Inelastic scattering","level":3,"score":0.0},{"id":"https://openalex.org/C120665830","wikidata":"https://www.wikidata.org/wiki/Q14620","display_name":"Optics","level":1,"score":0.0},{"id":"https://openalex.org/C191486275","wikidata":"https://www.wikidata.org/wiki/Q210028","display_name":"Scattering","level":2,"score":0.0},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0},{"id":"https://openalex.org/C89473665","wikidata":"https://www.wikidata.org/wiki/Q2748917","display_name":"Deep inelastic scattering","level":4,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/2714576.2714579","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2714576.2714579","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/9","score":0.6200000047683716,"display_name":"Industry, innovation and infrastructure"}],"awards":[],"funders":[{"id":"https://openalex.org/F4320321012","display_name":"Technische Universiteit Delft","ror":"https://ror.org/02e2c7k09"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":39,"referenced_works":["https://openalex.org/W123401891","https://openalex.org/W403078489","https://openalex.org/W1512326166","https://openalex.org/W1521603100","https://openalex.org/W1561983441","https://openalex.org/W1580788756","https://openalex.org/W1587106557","https://openalex.org/W1608412409","https://openalex.org/W1966714873","https://openalex.org/W1976866799","https://openalex.org/W1977415353","https://openalex.org/W1979300931","https://openalex.org/W1987851356","https://openalex.org/W1990647126","https://openalex.org/W1992713826","https://openalex.org/W2018358859","https://openalex.org/W2020390305","https://openalex.org/W2025248113","https://openalex.org/W2030064403","https://openalex.org/W2035427063","https://openalex.org/W2050513182","https://openalex.org/W2070352186","https://openalex.org/W2077488147","https://openalex.org/W2082718474","https://openalex.org/W2102262986","https://openalex.org/W2116227232","https://openalex.org/W2119207053","https://openalex.org/W2135046866","https://openalex.org/W2145006587","https://openalex.org/W2154096079","https://openalex.org/W2171770082","https://openalex.org/W2187668060","https://openalex.org/W2259135729","https://openalex.org/W2271295020","https://openalex.org/W2401054255","https://openalex.org/W2567441317","https://openalex.org/W3147894994","https://openalex.org/W4255673994","https://openalex.org/W4293241248"],"related_works":["https://openalex.org/W86804927","https://openalex.org/W2898126008","https://openalex.org/W1583098994","https://openalex.org/W2386447999","https://openalex.org/W2130216882","https://openalex.org/W2091214382","https://openalex.org/W2376288852","https://openalex.org/W2100671106","https://openalex.org/W2061455058","https://openalex.org/W2364035342"],"abstract_inverted_index":{"Botnets":[0],"continue":[1],"to":[2,7,21,73,92,170],"pose":[3],"a":[4,106,121],"significant":[5],"threat":[6],"network-based":[8],"applications":[9],"and":[10,25,53,56,67,130,145],"communications":[11],"over":[12],"the":[13,29,58,61,68,98,102,114,118,133,150,157],"Internet.":[14],"A":[15],"key":[16],"mitigation":[17,35,83],"strategy":[18],"has":[19,37],"been":[20,39],"take":[22],"down":[23],"command":[24,52],"control":[26],"infrastructure":[27],"of":[28,33,50,64,82,101,120,147,166],"botnets.":[30],"The":[31],"efficiency":[32],"those":[34,175],"methods":[36],"not":[38],"extensively":[40],"studied.":[41],"In":[42],"this":[43,138],"paper":[44],"we":[45,77,112],"investigate":[46],"several":[47],"observable":[48],"characteristics":[49],"botnet":[51],"controls":[54],"(C&C)":[55],"estimate":[57],"variability":[59],"in":[60,97,163,177],"survival":[62,95],"rate":[63],"these":[65],"C&Cs":[66,162],"factors":[69,115,135,152],"that":[70,79,116,136,143,153,174],"are":[71,132,149,168],"related":[72],"such":[74],"variability.":[75,139],"Furthermore,":[76],"show":[78,142],"different":[80,86],"type":[81,129,146],"efforts":[84],"have":[85],"impact.":[87],"Kaplan-Meier":[88],"analysis":[89],"is":[90],"performed":[91],"evaluate":[93],"C&C":[94,158],"ratios":[96],"particular":[99],"case":[100],"ZeuS":[103,161],"botnet.":[104],"Using":[105],"lasso":[107],"penalized":[108],"Cox":[109],"regression":[110],"model,":[111],"identify":[113],"influence":[117],"lifetime":[119],"C&C.":[122],"Location,":[123],"malware":[124],"family":[125],"type,":[126],"registrar,":[127],"hosting":[128,148],"popularity":[131],"fundamental":[134],"explain":[137],"Our":[140],"results":[141],"location":[144],"two":[151],"affect":[154],"more":[155],"significantly":[156],"lifetime.":[159],"Thus,":[160],"certain":[164],"regions":[165],"Asia":[167],"prone":[169],"stay":[171],"online":[172],"longer":[173],"located":[176],"Europe.":[178]},"counts_by_year":[{"year":2023,"cited_by_count":2},{"year":2022,"cited_by_count":1},{"year":2021,"cited_by_count":1},{"year":2020,"cited_by_count":3},{"year":2019,"cited_by_count":3},{"year":2018,"cited_by_count":2},{"year":2017,"cited_by_count":4},{"year":2016,"cited_by_count":3}],"updated_date":"2026-06-06T09:05:17.133730","created_date":"2025-10-10T00:00:00"}