{"id":"https://openalex.org/W2006942880","doi":"https://doi.org/10.3390/fi4040971","title":"The Cousins of Stuxnet: Duqu, Flame, and Gauss","display_name":"The Cousins of Stuxnet: Duqu, Flame, and Gauss","publication_year":2012,"publication_date":"2012-11-06","ids":{"openalex":"https://openalex.org/W2006942880","doi":"https://doi.org/10.3390/fi4040971","mag":"2006942880"},"language":"en","primary_location":{"id":"doi:10.3390/fi4040971","is_oa":true,"landing_page_url":"https://doi.org/10.3390/fi4040971","pdf_url":"https://www.mdpi.com/1999-5903/4/4/971/pdf?version=1352216475","source":{"id":"https://openalex.org/S34838331","display_name":"Future Internet","issn_l":"1999-5903","issn":["1999-5903"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Future Internet","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://www.mdpi.com/1999-5903/4/4/971/pdf?version=1352216475","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5023097146","display_name":"Boldizs\u00e1r Bencs\u00e1th","orcid":null},"institutions":[{"id":"https://openalex.org/I29770179","display_name":"Budapest University of Technology and Economics","ror":"https://ror.org/02w42ss30","country_code":"HU","type":"education","lineage":["https://openalex.org/I29770179"]}],"countries":["HU"],"is_corresponding":false,"raw_author_name":"Boldizs\u00e1r Bencs\u00e1th","raw_affiliation_strings":["Laboratory of Cryptography and System Security (CrySyS Lab), Department of Telecommunications, Budapest University of Technology and Economics, Magyar tu\u00f3sok krt 2, 1521 Budapest, Hungary"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Laboratory of Cryptography and System Security (CrySyS Lab), Department of Telecommunications, Budapest University of Technology and Economics, Magyar tu\u00f3sok krt 2, 1521 Budapest, Hungary","institution_ids":["https://openalex.org/I29770179"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5035164492","display_name":"G\u00e1bor P\u00e9k","orcid":null},"institutions":[{"id":"https://openalex.org/I29770179","display_name":"Budapest University of Technology and Economics","ror":"https://ror.org/02w42ss30","country_code":"HU","type":"education","lineage":["https://openalex.org/I29770179"]}],"countries":["HU"],"is_corresponding":false,"raw_author_name":"G\u00e1bor P\u00e9k","raw_affiliation_strings":["Laboratory of Cryptography and System Security (CrySyS Lab), Department of Telecommunications, Budapest University of Technology and Economics, Magyar tu\u00f3sok krt 2, 1521 Budapest, Hungary"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Laboratory of Cryptography and System Security (CrySyS Lab), Department of Telecommunications, Budapest University of Technology and Economics, Magyar tu\u00f3sok krt 2, 1521 Budapest, Hungary","institution_ids":["https://openalex.org/I29770179"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5063012203","display_name":"Levente Butty\u00e1n","orcid":"https://orcid.org/0000-0003-4233-2559"},"institutions":[{"id":"https://openalex.org/I29770179","display_name":"Budapest University of Technology and Economics","ror":"https://ror.org/02w42ss30","country_code":"HU","type":"education","lineage":["https://openalex.org/I29770179"]}],"countries":["HU"],"is_corresponding":true,"raw_author_name":"Levente Butty\u00e1n","raw_affiliation_strings":["Information Systems Research Group, Budapest University of Technology andEconomics, Magyar tud\u00f3sok krt 2, 1117 Budapest, Hungary","Laboratory of Cryptography and System Security (CrySyS Lab), Department of Telecommunications, Budapest University of Technology and Economics, Magyar tu\u00f3sok krt 2, 1521 Budapest, Hungary"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Information Systems Research Group, Budapest University of Technology andEconomics, Magyar tud\u00f3sok krt 2, 1117 Budapest, Hungary","institution_ids":["https://openalex.org/I29770179"]},{"raw_affiliation_string":"Laboratory of Cryptography and System Security (CrySyS Lab), Department of Telecommunications, Budapest University of Technology and Economics, Magyar tu\u00f3sok krt 2, 1521 Budapest, Hungary","institution_ids":["https://openalex.org/I29770179"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5072612254","display_name":"M\u00e1rk F\u00e9legyh\u00e1zi","orcid":null},"institutions":[{"id":"https://openalex.org/I29770179","display_name":"Budapest University of Technology and Economics","ror":"https://ror.org/02w42ss30","country_code":"HU","type":"education","lineage":["https://openalex.org/I29770179"]}],"countries":["HU"],"is_corresponding":false,"raw_author_name":"M\u00e1rk F\u00e9legyh\u00e1zi","raw_affiliation_strings":["Laboratory of Cryptography and System Security (CrySyS Lab), Department of Telecommunications, Budapest University of Technology and Economics, Magyar tu\u00f3sok krt 2, 1521 Budapest, Hungary"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Laboratory of Cryptography and System Security (CrySyS Lab), Department of Telecommunications, Budapest University of Technology and Economics, Magyar tu\u00f3sok krt 2, 1521 Budapest, Hungary","institution_ids":["https://openalex.org/I29770179"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5063012203"],"corresponding_institution_ids":["https://openalex.org/I29770179"],"apc_list":{"value":1400,"currency":"CHF","value_usd":1515},"apc_paid":{"value":1400,"currency":"CHF","value_usd":1515},"fwci":7.1799,"has_fulltext":false,"cited_by_count":190,"citation_normalized_percentile":{"value":0.98279243,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":96,"max":100},"biblio":{"volume":"4","issue":"4","first_page":"971","last_page":"1003"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10951","display_name":"Cryptographic Implementations and Security","score":0.9986000061035156,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.8741708993911743},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8106951713562012},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6788841485977173},{"id":"https://openalex.org/keywords/cryptovirology","display_name":"Cryptovirology","score":0.5615320205688477},{"id":"https://openalex.org/keywords/malware-analysis","display_name":"Malware analysis","score":0.49255141615867615},{"id":"https://openalex.org/keywords/encryption","display_name":"Encryption","score":0.43251392245292664}],"concepts":[{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.8741708993911743},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8106951713562012},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6788841485977173},{"id":"https://openalex.org/C84525096","wikidata":"https://www.wikidata.org/wiki/Q3506050","display_name":"Cryptovirology","level":3,"score":0.5615320205688477},{"id":"https://openalex.org/C2779395397","wikidata":"https://www.wikidata.org/wiki/Q15731404","display_name":"Malware analysis","level":3,"score":0.49255141615867615},{"id":"https://openalex.org/C148730421","wikidata":"https://www.wikidata.org/wiki/Q141090","display_name":"Encryption","level":2,"score":0.43251392245292664}],"mesh":[],"locations_count":4,"locations":[{"id":"doi:10.3390/fi4040971","is_oa":true,"landing_page_url":"https://doi.org/10.3390/fi4040971","pdf_url":"https://www.mdpi.com/1999-5903/4/4/971/pdf?version=1352216475","source":{"id":"https://openalex.org/S34838331","display_name":"Future Internet","issn_l":"1999-5903","issn":["1999-5903"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Future Internet","raw_type":"journal-article"},{"id":"pmh:oai:RePEc:gam:jftint:v:4:y:2012:i:4:p:971-1003:d:21217","is_oa":false,"landing_page_url":"https://www.mdpi.com/1999-5903/4/4/971/","pdf_url":null,"source":{"id":"https://openalex.org/S4306401271","display_name":"RePEc: Research Papers in Economics","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I77793887","host_organization_name":"Federal Reserve Bank of St. Louis","host_organization_lineage":["https://openalex.org/I77793887"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},{"id":"pmh:oai:doaj.org/article:3fcdf6fb9c7041dd937555a49976b0a8","is_oa":true,"landing_page_url":"https://doaj.org/article/3fcdf6fb9c7041dd937555a49976b0a8","pdf_url":null,"source":{"id":"https://openalex.org/S4306401280","display_name":"DOAJ (DOAJ: Directory of Open Access Journals)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by-sa","license_id":"https://openalex.org/licenses/cc-by-sa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Future Internet, Vol 4, Iss 4, Pp 971-1003 (2012)","raw_type":"article"},{"id":"pmh:oai:mdpi.com:/1999-5903/4/4/971/","is_oa":true,"landing_page_url":"https://dx.doi.org/10.3390/fi4040971","pdf_url":null,"source":{"id":"https://openalex.org/S4306400947","display_name":"MDPI (MDPI AG)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I4210097602","host_organization_name":"Multidisciplinary Digital Publishing Institute (Switzerland)","host_organization_lineage":["https://openalex.org/I4210097602"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Future Internet; Volume 4; Issue 4; Pages: 971-1003","raw_type":"Text"}],"best_oa_location":{"id":"doi:10.3390/fi4040971","is_oa":true,"landing_page_url":"https://doi.org/10.3390/fi4040971","pdf_url":"https://www.mdpi.com/1999-5903/4/4/971/pdf?version=1352216475","source":{"id":"https://openalex.org/S34838331","display_name":"Future Internet","issn_l":"1999-5903","issn":["1999-5903"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Future Internet","raw_type":"journal-article"},"sustainable_development_goals":[{"display_name":"Industry, innovation and infrastructure","id":"https://metadata.un.org/sdg/9","score":0.6600000262260437}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":9,"referenced_works":["https://openalex.org/W30743733","https://openalex.org/W59369888","https://openalex.org/W1552100577","https://openalex.org/W1573594453","https://openalex.org/W1903377156","https://openalex.org/W2110434538","https://openalex.org/W2152313002","https://openalex.org/W2410792873","https://openalex.org/W7024673479"],"related_works":["https://openalex.org/W2469507153","https://openalex.org/W2008790809","https://openalex.org/W2160963033","https://openalex.org/W3022706011","https://openalex.org/W2909615516","https://openalex.org/W2768892939","https://openalex.org/W2249256574","https://openalex.org/W2397240470","https://openalex.org/W4210907385","https://openalex.org/W2065339563"],"abstract_inverted_index":{"Stuxnet":[0,22],"was":[1,23],"the":[2,20,63,67,73,77,88,91,113,120,124,150,189,223,238],"first":[3,45],"targeted":[4,26],"malware":[5,31,53],"that":[6,35,101,132,140],"received":[7],"worldwide":[8],"attention":[9],"forcausing":[10],"physical":[11],"damage":[12],"in":[13,62,99,212],"an":[14,51],"industrial":[15],"infrastructure":[16],"seemingly":[17],"isolated":[18],"from":[19,66,227],"onlineworld.":[21],"a":[24,80,110,168,213],"powerful":[25],"cyber-attack,":[27],"and":[28,199,235,243],"soon":[29],"other":[30,244],"samples":[32],"were":[33],"discovered":[34],"belong":[36],"to":[37,76,107,158,178,181],"this":[38,41,160,163],"family.":[39],"In":[40],"paper,":[42],"we":[43,166,172,220],"will":[44],"present":[46,119],"our":[47,60],"analysis":[48,89],"of":[49,70,79,90,123,134,191,194,240],"Duqu,":[50],"information-collecting":[52],"sharing":[54],"striking":[55],"similarities":[56],"with":[57,87],"Stuxnet.":[58],"Wedescribe":[59],"contributions":[61],"investigation":[64],"ranging":[65],"original":[68],"detection":[69],"Duquvia":[71],"finding":[72],"dropper":[74],"file":[75],"design":[78],"Duqu":[81],"detector":[82,170],"toolkit.":[83],"We":[84,117,230],"then":[85],"continue":[86],"Flame":[92,96],"advanced":[93,104],"information-gathering":[94],"malware.":[95],"is":[97,131,137],"unique":[98,129],"thesense":[100],"it":[102,141],"used":[103],"cryptographic":[105],"techniques":[106],"masquerade":[108],"as":[109],"legitimate":[111],"proxyfor":[112],"Windows":[114],"Update":[115],"service.":[116],"also":[118],"newest":[121],"member":[122],"family,":[125],"called":[126],"Gauss,":[127],"whose":[128],"feature":[130],"one":[133],"its":[135,146,183],"modules":[136],"encrypted":[138],"such":[139],"can":[142,225],"onlybe":[143],"decrypted":[144],"on":[145,232,237],"target":[147],"system;":[148],"hence,":[149],"research":[151],"community":[152,224],"has":[153],"not":[154],"yet":[155],"been":[156,204],"able":[157,180],"analyze":[159],"module.":[161],"For":[162],"particular":[164],"malware,":[165,195],"designed":[167],"Gauss":[169],"serviceand":[171],"are":[173],"currently":[174],"collecting":[175],"intelligence":[176],"information":[177],"be":[179],"break":[182],"very":[184],"specialencryption":[185],"mechanism.":[186],"Besides":[187],"explaining":[188],"operation":[190],"these":[192,228,241],"pieces":[193],"wealso":[196],"examine":[197],"if":[198],"how":[200],"they":[201],"could":[202],"have":[203],"detected":[205],"by":[206],"vigilant":[207],"system":[208],"administrators":[209],"manually":[210],"or":[211],"semi-automated":[214],"manner":[215],"using":[216],"available":[217],"tools.":[218],"Finally,":[219],"discuss":[221],"lessonsthat":[222],"learn":[226],"incidents.":[229],"focus":[231],"technical":[233],"issues,":[234],"avoidspeculations":[236],"origin":[239],"threats":[242],"geopolitical":[245],"questions.":[246]},"counts_by_year":[{"year":2026,"cited_by_count":2},{"year":2025,"cited_by_count":3},{"year":2024,"cited_by_count":10},{"year":2023,"cited_by_count":15},{"year":2022,"cited_by_count":26},{"year":2021,"cited_by_count":13},{"year":2020,"cited_by_count":21},{"year":2019,"cited_by_count":12},{"year":2018,"cited_by_count":22},{"year":2017,"cited_by_count":21},{"year":2016,"cited_by_count":16},{"year":2015,"cited_by_count":14},{"year":2014,"cited_by_count":10},{"year":2013,"cited_by_count":5}],"updated_date":"2026-05-23T08:51:43.019350","created_date":"2025-10-10T00:00:00"}