C. Aggarwal, A. Hinneburg, and D. Keim, On the Surprising Behavior of Distance Metrics in High Dimensional Space, pp.420-434, 2001.
DOI : 10.1007/3-540-44503-X_27

. Anubis, Analyzing Unknown Binaries Available online at http://anubis.iseclab. org, p.174

A. Networks, Estonian DDoS Attacks? A summary to date Available online at http://asert.arbornetworks.com estonian-ddos-attacks-a-summary-to-date, p.171, 2007.

J. G. Auguston and J. Minker, An analysis of some graph theoretical clustering techniques, p.180, 1970.

P. Baecher, M. Koetter, T. Holz, M. Dornseif, and F. C. Freiling, The Nepenthes Platform: An Efficient Approach to Collect Malware, Proceedings of 9th International Symposium on Recent Advances in Intrusion Detection (RAID'06), pp.165-184, 2006.
DOI : 10.1007/11856214_9

M. Bailey, E. Cooke, F. Jahanian, J. Nazario, and D. Watson, The Internet Motion Sensor: A distributed blackhole monitoring system, 12th Annual Network and Distributed System Security Symposium (NDSS), p.174, 1925.

D. Barbará, J. Couto, S. Jajodia, L. Popyack, and N. Wu, ADAM, ACM SIGMOD Record, vol.30, issue.4, pp.15-24, 2001.
DOI : 10.1145/604264.604268

D. Barbará and S. Jajodia, Applications of Data Mining in Computer Security , volume 6 of Advances in Information Security, chapter Data Mining For Intrusion Detection -A Critical Review, p.175, 2002.

P. Barford and V. Yegneswaran, An Inside Look at Botnets Advances in Information Security, pp.27-174, 2006.

D. Barroso, Botnets -The Silent Threat, European Network and Information Security Agency (ENISA), p.171, 2007.

T. Bass, Intrusion detection systems and multisensor data fusion, Communications of the ACM, vol.43, issue.4, pp.99-105, 2000.
DOI : 10.1145/332051.332079

M. Basseville, Distance measures for signal processing and pattern recognition. Signal Process, pp.349-369, 1989.
URL : https://hal.archives-ouvertes.fr/inria-00075657

M. Basseville and I. V. Nikiforov, Detection of Abrupt Changes:Theory and Application, p.104, 1993.
URL : https://hal.archives-ouvertes.fr/hal-00008518

A. Belenky and N. Ansari, On deterministic packet marking, Computer Networks, vol.51, issue.10, pp.2677-2700, 2007.
DOI : 10.1016/j.comnet.2006.11.020

G. Beliakov, Shape preserving splines in constructing WOWA operators:, Fuzzy Sets and Systems, vol.121, issue.3, pp.389-396549, 2000.
DOI : 10.1016/S0165-0114(01)00018-5

G. Beliakov, A. Pradera, and T. Calvo, Aggregation Functions: A Guide for Practitioners, pp.96-176, 2007.

R. Bellman, Dynamic Programming, p.179, 1957.

A. Bhattacharyya, On a measure of divergence between two statistical populations defined by their probability distributions, Bull. Calcutta Math. Soc, vol.35, issue.44, pp.99-109, 1943.

F. Boutin and M. Hascoët, Cluster validity indices for graph partitioning, Proceedings. Eighth International Conference on Information Visualisation, 2004. IV 2004., p.59, 1957.
DOI : 10.1109/IV.2004.1320171

URL : https://hal.archives-ouvertes.fr/lirmm-00108948

S. T. Brugger, Data Mining Methods for Network Intrusion Detection In dissertation proposal, submitted to ACM Computer Surveys (under revision, p.175, 2009.

H. Burch and B. Cheswick, Tracing anonymous packets to their approximate source, LISA'00: Proceedings of the 14th USENIX conference on System administration, pp.319-328, 2000.

. Capture-hpc, Available online at http

M. Carbonell, M. Mas, and G. Mayor, On a class of monotonic extended OWA operators, Proceedings of 6th International Fuzzy Systems Conference, pp.1695-1700, 1997.
DOI : 10.1109/FUZZY.1997.619795

C. Polska, Home page of " ARAKIS " . Available online at http://www.arakis. pl, p.174

V. Chatzigiannakis, G. Androulidakis, K. Pelechrinis, S. Papavassiliou, and V. Maglaris, Data fusion algorithms for network anomaly detection: classification and evaluation, International Conference on Networking and Services (ICNS '07), p.32, 2007.
DOI : 10.1109/ICNS.2007.49

H. Chen, W. Chung, Y. Qin, M. Chau, J. J. Xu et al., Crime data mining: an overview and case studies, Proceedings of the 2003 annual national conference on Digital government research, pp.1-5, 2003.

Z. Chen, L. Gao, and K. Kwiat, Modeling the spread of active worms, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428), p.105, 2003.
DOI : 10.1109/INFCOM.2003.1209211

Z. Chen, C. Ji, and P. Barford, Spatial-Temporal Characteristics of Internet Malicious Sources, IEEE INFOCOM 2008, The 27th Conference on Computer Communications, p.191, 2008.
DOI : 10.1109/INFOCOM.2008.299

G. Choquet, Theory of capacities Annales de l'Institut Fourier, pp.131-295, 1953.

M. P. Collins, T. J. Shimeall, S. Faber, J. Janies, R. Weaver et al., Using uncleanliness to predict future botnet addresses, Proceedings of the 7th ACM SIGCOMM conference on Internet measurement , IMC '07, pp.93-104, 2007.
DOI : 10.1145/1298306.1298319

E. Cooke, F. Jahanian, and D. Mcpherson, The Zombie Roundup: Understanding, Detecting, and Disrupting botnets, Proceedings of the Steps to Reducing Unwanted Traffic on the Internet (SRUTI 2005 Workshop), p.174, 2005.

S. Corporation, Deepsight early warning services, p.27

M. Cova, C. Leita, O. Thonnard, A. D. Keromytis, and M. Dacier, Gone rogue: An analysis of rogue security software campaigns (invited paper), Proceedings of the 5th European Conference on Computer Network Defense (EC2ND), pp.138-158, 2009.

. Crime-research, Cyberwar: Russia vs estonia Available online at http://www. crime-research.org/articles/Cyberwar-Russia-vs-Estonia, p.171, 2007.

. Cyber-ta, Cyber-threat analytics (cyber-ta), sri international, p.29

M. Dacier, C. Leita, O. Thonnard, V. Pham, and E. Kirda, Assessing cybercrime through the eyes of the WOMBAT Cyber Situational Awareness : Issues and Research, International Series on Advances in Information Security, 2009.

M. Dacier, V. Pham, and O. Thonnard, The WOMBAT Attack Attribution Method: Some Results, 5th International Conference on Information Systems Security, p.191, 2009.
DOI : 10.1007/978-3-642-10772-6_3

. Darkreading, Botnets behind georgian attacks offer clues Available online at http://www.darkreading.com/security/app-security/showArticle.jhtml? articleID=211201216, p.171, 2008.

D. L. Davies and D. W. Bouldin, A cluster separation measure. Pattern Analysis and Machine Intelligence, IEEE Transactions, issue.12, pp.224-227, 1979.

T. A. Davis, Direct Methods for Sparse Linear Systems (Fundamentals of Algorithms 2), Society for Industrial and Applied Mathematics, p.70, 2006.

H. Debar and A. Wespi, Aggregation and Correlation of Intrusion-Detection Alerts, RAID '00: Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection, pp.85-103, 2001.
DOI : 10.1007/3-540-45474-8_6

. Dshield, Dshield distributed intrusion detection system Available online at http: //www.dshield.org, p.174

K. Defrawy, M. Gjoka, and A. Markopoulou, Bottorrent: misusing bittorrent to launch ddos attacks, SRUTI'07: Proceedings of the 3rd USENIX workshop on Steps to reducing unwanted traffic on the internet, pp.1-6, 2007.

. Emergingthreats, Available online at http://www.emergingthreats.net, p.174

. Ertoz, . Eilertson, . Lazarevic, . Tan, . Kumar et al., MINDS -Minnesota Intrusion Detection System, Next Generation Data Mining, p.175, 2004.

B. S. Everitt, S. Landau, and M. Leese, Cluster Analysis: Fourth Edition, pp.40-54, 2001.

A. Fei, G. Pei, R. Liu, and L. Zhang, Measurements on delay and hop-count of the Internet, IEEE GLOBECOM'98 -Internet Mini-Conference, p.132, 1998.

J. Figueira, S. Greco, and M. E. Ehrgott, Multiple Criteria Decision Analysis:State of the Art Surveys, International Series in Operations Research & Management Science, vol.78, issue.32, p.176, 2005.

D. Filev and R. R. Yager, On the issue of obtaining OWA operator weights, Fuzzy Sets and Systems, vol.94, issue.2, pp.157-169, 1998.
DOI : 10.1016/S0165-0114(96)00254-0

J. Fodor and M. Roubens, Fuzzy Preference Modelling and Multicriteria Decision Support, p.80, 1994.
DOI : 10.1007/978-94-017-1648-2

J. Franklin, A. Perrig, V. Paxson, and S. Savage, An inquiry into the nature and causes of the wealth of internet miscreants, CCS '07: Proceedings of the 14th ACM conference on Computer and communications security, pp.375-388, 2007.

B. Fuglede and F. Topsoe, Jensen-Shannon divergence and Hilbert space embedding, International Symposium onInformation Theory, 2004. ISIT 2004. Proceedings., p.31, 1944.
DOI : 10.1109/ISIT.2004.1365067

R. Fullér and P. Majlender, An analytic approach for obtaining maximal entropy owa operator weights. Fuzzy Sets and Systems, pp.53-57, 2001.

R. Fullér and P. Majlender, On obtaining minimal variability owa operator weights. Fuzzy Sets and Systems, pp.203-215, 2003.

M. Grabisch, The application of fuzzy integrals in multicriteria decision making, European Journal of Operational Research, vol.89, issue.3, pp.445-456, 1996.
DOI : 10.1016/0377-2217(95)00176-X

M. Grabisch, Alternative Representations of Discrete Fuzzy Measures for Decision Making, International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems, vol.05, issue.05, pp.587-607, 1997.
DOI : 10.1142/S0218488597000440

M. Grabisch, k-order additive discrete fuzzy measures and their representation. Fuzzy Sets Syst, pp.167-189, 1997.
DOI : 10.1016/s0165-0114(97)00168-1

M. Grabisch, The interaction and möbius representations of fuzzy measures on finites spaces, k-additive measures: a survey. Fuzzy Measures and Integrals, Theory and Applications, vol.124, issue.1, pp.70-93, 2000.

M. Grabisch and C. Labreuche, A decade of application of the choquet and sugeno integrals in multi-criteria decision aid, Annals of Operations Research, vol.32, p.176, 2009.
URL : https://hal.archives-ouvertes.fr/halshs-00496558

M. Grabisch, T. Murofushi, M. Sugeno, and J. Kacprzyk, Fuzzy Measures and Integrals . Theory and Applications, pp.88-176, 2000.
URL : https://hal.archives-ouvertes.fr/halshs-00268985

G. Gu, R. Perdisci, J. Zhang, and W. Lee, BotMiner: Clustering Analysis of Network Traffic for Protocol-and Structure-Independent botnet detection, Proceedings of the 17th USENIX Security Symposium, p.174, 2008.

G. Gu, P. Porras, V. Yegneswaran, M. Fong, and W. Lee, Bothunter: Detecting malware infection through ids-driven dialog correlation, Proceedings of the 16th USENIX Security Symposium, p.174, 2007.

J. D. Guyton and M. F. Schwartz, Locating nearby copies of replicated Internet servers, ACM SIGCOMM Computer Communication Review, vol.25, issue.4, pp.288-298, 1995.
DOI : 10.1145/217391.217463

M. Halkidi, Y. Batistakis, and M. Vazirgiannis, On clustering validation techniques, Journal of Intelligent Information Systems, vol.17, issue.2/3, pp.107-145, 2001.
DOI : 10.1023/A:1012801612483

G. Hinton and S. Roweis, Stochastic neighbor embedding, Advances in Neural Information Processing Systems 15, pp.833-840, 2003.

J. Hopfield and D. Tank, Neural computations of decisions in optimization problems, pp.141-152, 1985.

A. Jain and R. Dubes, Algorithms for Clustering Data. Prentice-Hall advanced reference series, p.177, 1988.

A. K. Jain, M. N. Murty, and P. J. Flynn, Data clustering: a review, ACM Computing Surveys, vol.31, issue.3, pp.264-323, 1999.
DOI : 10.1145/331499.331504

M. Jakobsson and Z. Ramzan, Crimeware: Understanding New Attacks and Defenses, p.171, 2008.

X. Jiang and D. Xu, Collapsar: A VM-Based Architecture for Network Attack Detention Center, Proceedings of the 13 th USENIX Security Symposium, p.174, 1924.

W. P. Jones and G. W. Furnas, Pictures of relevance: A geometric analysis of similarity measures, Journal of the American Society for Information Science, vol.38, issue.6, pp.420-442, 1987.
DOI : 10.1002/(SICI)1097-4571(198711)38:6<420::AID-ASI3>3.0.CO;2-S

K. Julisch and M. Dacier, Mining intrusion detection alarms for actionable knowledge, Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining , KDD '02, p.175, 2002.
DOI : 10.1145/775047.775101

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.13.1694

L. Kaufman and P. J. Rousseeuw, Finding Groups in Data: An Introduction to Cluster Analysis, p.58, 1990.
DOI : 10.1002/9780470316801

B. Krebs, Massive profits fueling rogue antivirus market, Washington Post, vol.16, issue.172, p.194, 2009.

S. Kullback and R. A. Leibler, On Information and Sufficiency, The Annals of Mathematical Statistics, vol.22, issue.1, pp.79-86, 1951.
DOI : 10.1214/aoms/1177729694

W. Lee and D. , Botnet Detection: Countering the Largest Security Threat, volume 36 of Advances in Information Security, p.191, 2008.
DOI : 10.1007/978-0-387-68768-1

W. Lee, S. Stolfo, and K. Mok, A data mining framework for building intrusion detection models, Proceedings of the 1999 IEEE Symposium on Security and Privacy, pp.120-132, 1999.

W. Lee and S. J. Stolfo, Combining knowledge discovery and knowledge engineering to build IDSs, RAID '99: Proceedings of the 3th International Symposium on Recent Advances in Intrusion Detection, p.175, 1999.

C. Leita, SGNET : automated protocol learning for the observation of malicious threats, p.109, 2008.

C. Leita and M. Dacier, SGNET: A Worldwide Deployable Framework to Support the Analysis of Malware Threat Models, 2008 Seventh European Dependable Computing Conference, p.202, 2008.
DOI : 10.1109/EDCC-7.2008.15

C. Leita, K. Mermoud, and M. Dacier, ScriptGen: an automated script generation tool for honeyd, 21st Annual Computer Security Applications Conference (ACSAC'05), p.174, 1924.
DOI : 10.1109/CSAC.2005.49

C. Leita, V. H. Pham, O. Thonnard, E. R. Silva, F. Pouget et al., The Leurre.com Project: Collecting Internet Threats Information Using a Worldwide Distributed Honeynet, 2008 WOMBAT Workshop on Information Security Threats Data Collection and Sharing, pp.99-186, 1924.
DOI : 10.1109/WISTDCS.2008.8

. Leurré and . Project, Home page of, Leurré.com Honeypot Project, vol.24, issue.174, p.186, 2009.

J. Lin, Divergence measures based on the shannon entropy Information Theory, IEEE Transactions on, vol.37, issue.44, pp.145-151, 1991.
DOI : 10.1109/18.61115

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.127.9167

J. Mao and A. Jain, A self-organizing network for hyperellipsoidal clustering (hec) Neural Networks, IEEE Transactions on, vol.7, issue.1, pp.16-29, 1943.

J. Marichal and M. Roubens, ENTROPY OF DISCRETE FUZZY MEASURES, International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems, vol.08, issue.06, pp.625-640, 2000.
DOI : 10.1142/S0218488500000460

W. L. Martinez and A. R. Martinez, Exploratory Data Analysis with MATLAB, p.54, 2004.
DOI : 10.1201/9780203483374

C. Mccue, Data Mining and Predictive Analysis: Intelligence Gathering and Crime Analysis, Butterworth-Heinemann, pp.31-175, 2007.

J. Mena, Investigative Data Mining for Security and Criminal Detection

M. Messagelabs and . Intelligence, Available online at http://www.messagelabs.com/intelligence, Annual Security Report, vol.15, p.171, 2009.

. Microsoft, . Tcp, and . Ip, NetBT configuration parameters for Windows XP, 0131.

. Microsoft, . Tcp, and . Ip, NetBT configuration parameters for Windows 2000 or Windows NT, p.131, 2007.

P. V. Mieghem, Measurements of the hopcount in Internet, Poster session of PAM'01, p.132, 2001.

P. Miranda, M. Grabisch, and P. Gil, p-SYMMETRIC FUZZY MEASURES, International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems, vol.10, issue.supp01, pp.105-123, 2002.
DOI : 10.1142/S0218488502001867

URL : https://hal.archives-ouvertes.fr/hal-00273960

R. Mojena, Hierarchical grouping methods and stopping rules: an evaluation, The Computer Journal, vol.20, issue.4, pp.359-363, 1977.
DOI : 10.1093/comjnl/20.4.359

D. Moore, V. Paxson, S. Savage, C. Shannon, S. Staniford et al., Inside the slammer worm, IEEE Security & Privacy Magazine, vol.1, issue.4, pp.33-39, 1926.
DOI : 10.1109/MSECP.2003.1219056

D. Moore, C. Shannon, D. J. Brown, G. M. Voelker, and S. Savage, Inferring Internet denial-of-service activity, ACM Transactions on Computer Systems, vol.24, issue.2, pp.115-139, 2006.
DOI : 10.1145/1132026.1132027

D. Moore and C. Shannon, Code-Red, Proceedings of the second ACM SIGCOMM Workshop on Internet measurment , IMW '02, pp.273-284, 2002.
DOI : 10.1145/637201.637244

T. Murofushi and S. Soneda, Techniques for reading fuzzy measures (iii): Interaction index, Proceedings of the 9th Fuzzy Systems Symposium, pp.693-696, 1993.

. Mwcollect, The Mwcollect Alliance Available online at http://alliance. mwcollect.org, p.174

N. Naoumov and K. Ross, Exploiting P2P systems for DDoS attacks, Proceedings of the 1st international conference on Scalable information systems , InfoScale '06, pp.47-134, 2006.
DOI : 10.1145/1146847.1146894

Y. Narukawa and V. Torra, Fuzzy Measure and Probability Distributions: Distorted Probabilities, IEEE Transactions on Fuzzy Systems, vol.13, issue.5, pp.617-629, 2005.
DOI : 10.1109/TFUZZ.2005.856563

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.183.2292

J. Nazario, Phoneyc: A virtual client honeypot, Proc. of Large-scale Exploits and Emerging Threats (LEET'09), p.24, 2009.

. Noah, Home page of, Network of Affined Honeypots, p.174

. Norman, Home page of " Norman Sandbox, p.174

N. Provos, A virtual honeypot framework, Proceedings of the 13th USENIX Security Symposium, p.174, 2004.

. Pandalabs, The Business of Rogueware Analysis of a new style of online fraud PandaLabs Reports, p.194, 2009.

. Pandalabs, Profitability of rogue antimalware PandaLabs Bulletins, available online at http://www.pandasecurity.com/homeusers/security-info, p.194, 2009.

R. Pang, V. Yegneswaran, P. Barford, V. Paxson, and L. Peterson, Characteristics of internet background radiation, Proceedings of the 4th ACM SIGCOMM conference on Internet measurement , IMC '04, p.191, 2004.
DOI : 10.1145/1028788.1028794

M. Pavan, A New Graph-Theoretic Approach to Clustering, with Applications to Computer Vision, p.50, 2004.

M. Pavan and M. Pelillo, A new graph-theoretic approach to clustering and segmentation, 2003 IEEE Computer Society Conference on Computer Vision and Pattern Recognition, 2003. Proceedings., pp.48-49, 2003.
DOI : 10.1109/CVPR.2003.1211348

V. Pham, Honeypot traces forensics by means of attack event identification, p.187, 2009.

V. Pham, M. Dacier, G. U. Keller, and T. E. Najjary, The quest for multiheaded worms, DIMVA 2008, 5th Conference on Detection of Intrusions and Malware & Vulnerability Assessment, 2008.

G. Portokalidis, A. Slowinska, and H. Bos, Argos: an Emulator for Fingerprinting Zero-Day Attacks, Proc.of the 1st ACM SIGOPS EUROSYS, p.174, 2006.

F. Pouget, Distributed System of Honeypots Sensors: Discrimination and Correlative Analysis of Attack Processes, pp.25-47, 2006.

F. Pouget, M. Dacier, and H. Debar, Honeypot-based forensics, Proceedings of AusCERT Asia Pacific Information Technology Security Conference, p.186, 2004.

F. Pouget, M. Dacier, and V. H. Pham, Leurre.com: on the advantages of deploying a large scale distributed honeypot platform, ECCE'05, E-Crime and Computer Conference, pp.29-30, 2005.

N. Provos, A virtual honeypot framework, Proceedings of the 12th USENIX Security Symposium, pp.1-14, 0100.

V. V. Raghavan and C. T. Yu, A comparison of the stability characteristics of some graph theoretic clustering methods. Pattern Analysis and Machine Intelligence, IEEE Transactions, vol.47, issue.34, pp.393-402, 1981.

M. A. Rajab, J. Zarfoss, F. Monrose, and A. Terzis, A multifaceted approach to understanding the botnet phenomenon, Proceedings of the 6th ACM SIGCOMM on Internet measurement , IMC '06, pp.41-52, 2006.
DOI : 10.1145/1177080.1177086

V. Reding, Enhanced information security in software and services. What role for government, security providers and users? (speech) European Information Security Awareness Day, p.171, 2007.

J. Riordan, D. Zamboni, and Y. Duponchel, Building and deploying Billy Goat, a worm-detection system, Proceedings of the 18th Annual FIRST Conference, p.174, 2006.

J. Rocaspana, Shelia: A client honeypot for client-side attack detection, p.24, 2009.

G. Rota, On the foundations of combinatorial theory I. Theory of Möbius functions, Zeitschrift für Wahrscheinlichkeitstheorie und Verwandte GebieteMR 30#4688), pp.340-368, 1964.

P. Rousseeuw, Silhouettes: A graphical aid to the interpretation and validation of cluster analysis, Journal of Computational and Applied Mathematics, vol.20, issue.1, pp.53-65, 1987.
DOI : 10.1016/0377-0427(87)90125-7

Y. Rubner, C. Tomasi, and L. J. Guibas, A metric for distributions with applications to image databases, Sixth International Conference on Computer Vision (IEEE Cat. No.98CH36271), pp.59-103, 1998.
DOI : 10.1109/ICCV.1998.710701

L. Rüschendorf, The Wasserstein distance and approximation theorems. Probability Theory and Related Fields, pp.117-129, 1985.

J. M. Salido and S. Murakami, Extending yager's orness concept for the owa aggregators to other mean operators. Fuzzy Sets and Systems, pp.515-542, 2003.

S. Savage, D. Wetherall, A. Karlin, and T. Anderson, Practical network support for ip traceback, Proceedings of the 2000 ACM SIGCOMM Conference, pp.295-306, 2000.

C. Schiller and J. Binkley, Botnets: The Killer Web Applications, p.191, 2007.

B. Schneier, Organized cybercrime Available online at http://www.schneier.com/ blog/archives, p.171, 2006.

J. P. Scott, Social Network Analysis: A Handbook, p.31, 2000.
DOI : 10.4135/9781446294413

C. Seifert, I. Welch, and P. Komisarczuk, HoneyC -The low-interaction client honeypot, p.24, 2006.

G. Shafer, A mathematical theory of evidence, p.33, 1976.

C. Shannon and D. Moore, The spread of the Witty worm, IEEE Security & Privacy, vol.2, issue.4, pp.46-50, 2004.
DOI : 10.1109/MSP.2004.59

L. Shapley, A value for n-person games, Contributions to the Theory of Games, pp.307-317, 1953.

R. N. Shepard, Multidimensional Scaling, Tree-Fitting, and Clustering, Science, vol.210, issue.4468, pp.390-398, 1980.
DOI : 10.1126/science.210.4468.390

J. Shi and J. Malik, Normalized cuts and image segmentation, IEEE Transactions on Pattern Analysis and Machine Intelligence, vol.22, issue.47, pp.888-905, 2000.

A. C. Snoeren, C. Partridge, L. A. Sanchez, C. E. Jones, F. Tchakountio et al., Single-packet IP traceback, IEEE/ACM Transactions on Networking, vol.10, issue.6, pp.721-734, 2002.
DOI : 10.1109/TNET.2002.804827

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.12.9066

D. X. Song and A. Perrig, Advanced and authenticated marking schemes for IP traceback, Proceedings IEEE Infocomm 2001, p.22, 2001.

L. Spitzner, Honeypots: Tracking Hackers, p.99, 2002.

S. Staniford, D. Moore, V. Paxson, and N. Weaver, The top speed of flash worms, Proceedings of the 2004 ACM workshop on Rapid malcode , WORM '04, pp.33-42, 2004.
DOI : 10.1145/1029618.1029624

J. Stewart, Top Spam Botnets Exposed Malware Research, SecureWorks, published online at http://www.secureworks.com/research, p.171, 2008.

B. Stone-gross, C. Kruegel, K. C. Almeroth, A. Moser, and E. Kirda, FIRE: FInding Rogue nEtworks, 2009 Annual Computer Security Applications Conference, pp.231-240, 2009.
DOI : 10.1109/ACSAC.2009.29

M. Sugeno, Theory of fuzzy integrals and its applications Tokyo Institute of Technology, pp.185-174, 1974.

. W. Symantec and . W. Rahack, Available at http://www.symantec.com/security_ response/writeup.jsp?, pp.2007-011509

P. Tan, M. Steinbach, and V. Kumar, Introduction to Data Mining Technology Research News. Internet stays small world. Available online at http://www.trnmag.com/Stories, pp.43-131, 2001.

C. The-team, Home page of The Team Cymru darknet " project. Available online at http://www.cymru.com/Darknet, p.174

O. Thonnard and M. Dacier, A framework for attack patterns' discovery in honeynet data, Digital Investigation, vol.5, pp.128-139, 2008.
DOI : 10.1016/j.diin.2008.05.012

O. Thonnard and M. Dacier, Actionable Knowledge Discovery for Threats Intelligence Support Using a Multi-dimensional Data Mining Methodology, 2008 IEEE International Conference on Data Mining Workshops, 2008.
DOI : 10.1109/ICDMW.2008.78

O. Thonnard, W. Mees, and M. Dacier, Addressing the attack attribution problem using knowledge discovery and multi-criteria fuzzy decision-making, Proceedings of the ACM SIGKDD Workshop on CyberSecurity and Intelligence Informatics, CSI-KDD '09, p.191, 2009.
DOI : 10.1145/1599272.1599277

O. Thonnard, W. Mees, and M. Dacier, Behavioral Analysis of Zombie Armies The Virtual Battlefield: Perspectives on Cyber Warfare, volume 3 of Cryptology and Information Security Series, pp.191-210, 2009.

R. Tibshirani, G. Walther, and T. Hastie, Estimating the number of clusters in a data set via the gap statistic, Journal of the Royal Statistical Society: Series B (Statistical Methodology), vol.63, issue.2, pp.411-423, 2001.
DOI : 10.1111/1467-9868.00293

V. Torra, Weighted OWA operators for synthesis of information, Proceedings of IEEE 5th International Fuzzy Systems, pp.966-971, 1996.
DOI : 10.1109/FUZZY.1996.552309

V. Torra, The weighted OWA operator, International Journal of Intelligent Systems, vol.12, issue.2, pp.153-166, 1997.
DOI : 10.1002/(SICI)1098-111X(199702)12:2<153::AID-INT3>3.0.CO;2-P

V. Torra, The WOWA operator and the interpolation function W*: Chen and Otto's interpolation method revisited, Fuzzy Sets and Systems, vol.113, issue.3, pp.389-396, 2000.
DOI : 10.1016/S0165-0114(98)00040-2

V. Torra and Y. Narukawa, Modeling Decisions: Information Fusion and Aggregation Operators, p.176, 2007.

J. Tukey, Exploratory Data Analysis, p.39, 1977.

L. Van-der-maaten and G. Hinton, Visualizing data using t-sne, Journal of Machine Learning Research, vol.9, issue.152, pp.2579-2605, 1951.

N. Vanderavero, X. Brouckaert, O. Bonaventure, and B. Charlier, The HoneyTank: a scalable approach to collect malicious internet traffic, Proceedings of the International Infrastructure Survivability Workshop, p.174, 1924.
DOI : 10.1504/IJCIS.2008.016100

. Virustotal, Available online at http://www.virustotal.com, p.174

M. Vrable, J. Ma, J. Chen, D. Moore, E. Vandekieft et al., Scalability, Fidelity and Containment in the Potemkin Virtual Honeyfarm, Proceedings of the ACM Symposium on Operating System Principles (SOSP), p.174, 2005.

X. Wang, X. Wang, D. S. Reeves, D. S. Reeves, S. F. Wu et al., Sleepy Watermark Tracing: An Active Network-Based Intrusion Response Framework, Proc. of the 16th International Information Security Conference, pp.369-384, 2001.
DOI : 10.1007/0-306-46998-7_26

URL : http://arqos.csc.ncsu.edu/papers/2001-03-watermark-ifipsec.pdf

Y. Wang, D. Beck, X. Jiang, R. Roussev, C. Verbowski et al., Automated web patrol with strider honeymonkeys: Finding web sites that exploit browser vulnerabilities, Proc. Network and Distributed System Security (NDSS), 1924.

Z. Wang and G. Klir, Fuzzy Measure Theory, p.33, 1992.
DOI : 10.1007/978-1-4757-5303-5

S. Wasserman and K. Faust, Social Network Analysis: Methods and Applications, p.31, 1994.
DOI : 10.1017/CBO9780511815478

T. Werner and . Honeytrap, Available online at http://honeytrap.carnivore.it, p.174

C. J. Westphal-]-k and . Wheaton, Data Mining for Intelligence, Fraud & Criminal Detection: Advanced Analytics & Information Sharing Technologies Top 5 intelligence analysis methods, pp.176-176, 2008.
DOI : 10.1201/9781420067248

D. Wheeler and G. Larsen, Techniques for Cyber Attack Attribution. Institute for Defense Analyses, p.22, 2003.

W. Project, Worldwide Observatory of Malicious Behaviors and Attack Threats. deliverable D03 (D2.2) Analysis of the state-of-the-art. Available online at http://www, 1923.

W. Project, Worldwide Observatory of Malicious Behaviors and Attack Threats. deliverable D07 (D3.2) Design and prototypes of new sensors, p.194, 2008.

W. Project, Worldwide Observatory of Malicious Behaviors and Attack Threats. deliverable D13 (D3.3) Sensor deployment, p.194, 2009.

Z. Wu and R. Leahy, An optimal graph theoretic approach to data clustering: theory and its application to image segmentation, IEEE Transactions on Pattern Analysis and Machine Intelligence, vol.15, issue.11, pp.1101-1113, 1993.
DOI : 10.1109/34.244673

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.214.8532

Z. Xu, An overview of methods for determining OWA weights, International Journal of Intelligent Systems, vol.34, issue.8, pp.843-865, 2005.
DOI : 10.1002/int.20097

R. Yager, On ordered weighted averaging aggregation operators in multicriteria decisionmaking, IEEE Transactions on Systems, Man, and Cybernetics, vol.18, issue.1, pp.183-190, 1988.
DOI : 10.1109/21.87068

R. Yager, Connectices and quantifiers in fuzzy sets. Fuzzy Sets and Systems, pp.39-75, 1991.

R. Yager, Quantifier guided aggregation using owa operators, Intelligent Systems, vol.11, pp.49-73, 1991.
DOI : 10.1002/(sici)1098-111x(199601)11:1<49::aid-int3>3.3.co;2-l

V. Yegneswaran, P. Barford, and U. Johannes, Internet intrusions: global characteristics and prevalence, SIGMETRICS, pp.138-147, 2003.

V. Yegneswaran, P. Barford, and V. Paxson, Using honeynets for internet situational awareness, Fourth ACM Sigcomm Workshop on Hot Topics in Networking (Hotnets IV), pp.28-175, 2005.

K. P. Yoon and C. Hwang, Multiple Attribute Decision Making: An Introduction, Quantitative Applications in the Social Sciences, vol.32, p.176, 1995.
DOI : 10.4135/9781412985161

Y. C. Li, A. Goyal, and V. Paxson, Automating analysis of large-scale botnet probing events, Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, ASIACCS '09, 1928.
DOI : 10.1145/1533057.1533063

C. T. Zahn, Graph-Theoretical Methods for Detecting and Describing Gestalt Clusters, IEEE Transactions on Computers, vol.20, issue.1, pp.68-86, 1971.
DOI : 10.1109/T-C.1971.223083

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.331.6859