Malware Beaconing Detection by Mining Large-scale DNS Logs for Targeted Attack Identification
 “Targeted Attacks - Definition - Trend Micro USA.” http://www.
 “New anti-APT tools are no silver bullets: An independent test of APT
attack detection appliances | MRG Effitas Blog.” https://blog.mrg-effitas.
com/. Access date: 2015-05-24.
 “Compromise assessment,” tech. rep., Mandiant, https://dl.mandiant.
com/EE/assets/DS CompromiseAssessments 140207.pdf. accessed:
 “APT INFECTION DISCOVERY USING DNS
DATA (info:lanl-repo/lareport/LA-UR-13-23109).” http://permalink.
2013. Access date: 2015-05-24.
 N. Villeneuve and J. Bennett, “Detecting apt activity with network traffic
analysis,” Trend Micro Incorporated, 2012.
 “contagio: Mandiant APT1 samples categorized by
malware families.” http://contagiodump.blogspot.no/2013/03/
mandiant-apt1-samples-categorized-by.html. Access date: 2015-05-24.
 “Command and Control in Fifth DomianCOMMAND FIVE PTY LTD
- Engineering Innovation | Research.” https://www.commandfive.com/
research.html, 2011. Access date: 2015-05-19.
 Y. Low, J. Gonzalez, A. Kyrola, D. Bickson, C. Guestrin, and J. M.
Hellerstein, “Graphlab: A new framework for parallel machine learning,”
CoRR, vol. abs/1006.4990, 2010.
 X. Huang, “Understanding beacon for identifying targeted attack by
mining large-scale log data,” Master’s thesis, Gjøvik University College,
 A. Oprea, Z. Li, T.-F. Yen, S. Chin, and S. Alrwais, “Detection of
early-stage enterprise infection by mining large-scale log data,” arXiv
preprint arXiv:1411.5005, 2014.
 “NTP, Network Time Protocol.” http://support.ntp.org/bin/view/Main/
WebHome. Access date: 2015-05-19.
 “How to use RSS feeds | Digital Trends.” http://www.digitaltrends.com/
computing/how-to-use-rss/. Access date: 2015-05-19.
 L. van Duijn, “Research project-report beacon detection in pcap files,”
 G. Gu, J. Zhang, and W. Lee, “Botsniffer: Detecting botnet command
and control channels in network traffic,” 2008.
 “The role of dns in botnet command & control,” tech. rep.,
 A. P. T. S. C. Strike. http://www.advancedpentest.com/. accessed:
 “Stealthy peer-to-peer c&c over smb pipes.” http://blog.cobaltstrike.com/
2013/12/06/stealthy-peer-to-peer-cc-over-smb-pipes/, December 2013.
 Google, “Dns basics.” https://support.google.com/a/answer/48090?hl=
en. accessed: 12.12.2015.
 G. Farnham and A. Atlasis, “Sans: Detecting dns
detecting-dns-tunneling-34152, February 2013. accessed: 08.12.2015.
 C. F. P. Ltd, “Command and control in the fifth domain.” https:
//www.commandfive.com/papers/C5 APT C2InTheFifthDomain.pdf,
February 2012. accesed: 11.09.2015.
 K. Chitharanjan, “Periodicity detection algorithms in time series
databases-a survey,” International Journal of Computer Science &
Engineering Technology, 2013.
 B. Wang, Z. Li, D. Li, F. Liu, and H. Chen, “Modeling connections
behavior for web-based bots detection,” in e-Business and Information
System Security (EBISS), 2010 2nd International Conference on, pp. 1–4,
 Y. Qiao, Y.-x. Yang, J. He, C. Tang, and Y.-z. Zeng, “Detecting p2p
bots by mining the regional periodicity,” Journal of Zhejiang University
SCIENCE C, vol. 14, no. 9, pp. 682–700, 2013.
 H. V. D. Parunak, A. Nickels, and R. Frederiksen, “An agent-based
framework for dynamical understanding of dns events,” 2014.
 F. Rasheed and R. Alhajj, “Stnr: A suffix tree based noise resilient
algorithm for periodicity detection in time series databases,” Applied
Intelligence, vol. 32, no. 3, pp. 267–278, 2010.
 M. G. Elfeky, W. G. Aref, and A. K. Elmagarmid, “Warp: time warping
for periodicity detection,” in Data Mining, Fifth IEEE International
Conference on, pp. 8–pp, IEEE, 2005.
 M. G. Elfeky, W. G. Aref, and A. K. Elmagarmid, “Periodicity detection
in time series databases,” Knowledge and Data Engineering, IEEE
Transactions on, vol. 17, no. 7, pp. 875–887, 2005.
 C. Berberidis, W. G. Aref, M. Atallah, I. Vlahavas, A. K. Elmagarmid,
et al., “Multiple and partial periodicity mining in time series databases,”
in ECAI, vol. 2, pp. 370–374, 2002.
 Y. Low, J. E. Gonzalez, A. Kyrola, D. Bickson, C. E. Guestrin,
and J. Hellerstein, “Graphlab: A new framework for parallel machine
learning,” arXiv preprint arXiv:1408.2041, 2014.