{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,19]],"date-time":"2026-05-19T15:06:23Z","timestamp":1779203183869,"version":"3.51.4"},"publisher-location":"Cham","reference-count":43,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030589509","type":"print"},{"value":"9783030589516","type":"electronic"}],"license":[{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020]]},"DOI":"10.1007\/978-3-030-58951-6_5","type":"book-chapter","created":{"date-parts":[[2020,9,11]],"date-time":"2020-09-11T09:07:40Z","timestamp":1599815260000},"page":"88-109","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":26,"title":["DANTE: A Framework for Mining and Monitoring Darknet Traffic"],"prefix":"10.1007","author":[{"given":"Dvir","family":"Cohen","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yisroel","family":"Mirsky","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Manuel","family":"Kamp","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Tobias","family":"Martin","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yuval","family":"Elovici","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Rami","family":"Puzis","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Asaf","family":"Shabtai","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2020,9,12]]},"reference":[{"key":"5_CR1","doi-asserted-by":"crossref","unstructured":"Bailey, M., Cooke, E., Jahanian, F., Myrick, A., Sinha, S.: Practical darknet measurement. In: 2006 40th Annual Conference on Information Sciences and Systems, pp. 1496\u20131501. IEEE (2006)","DOI":"10.1109\/CISS.2006.286376"},{"key":"5_CR2","unstructured":"Bailey, M., Cooke, E., Jahanian, F., Nazario, J., Watson, D., et al.: The Internet motion sensor-a distributed blackhole monitoring system. In: NDSS (2005)"},{"key":"5_CR3","doi-asserted-by":"crossref","unstructured":"Ban, T., Eto, M., Guo, S., Inoue, D., Nakao, K., Huang, R.: A study on association rule mining of darknet big data. In: 2015 International Joint Conference on Neural Networks (IJCNN), pp. 1\u20137, July 2015","DOI":"10.1109\/IJCNN.2015.7280818"},{"key":"5_CR4","doi-asserted-by":"crossref","unstructured":"Ban, T., Pang, S., Eto, M., Inoue, D., Nakao, K., Huang, R.: Towards early detection of novel attack patterns through the lens of a large-scale darknet, pp. 341\u2013349, July 2016","DOI":"10.1109\/UIC-ATC-ScalCom-CBDCom-IoP-SmartWorld.2016.0068"},{"key":"5_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"442","DOI":"10.1007\/978-3-319-70139-4_45","volume-title":"Neural Information Processing","author":"T Ban","year":"2017","unstructured":"Ban, T., Zhu, L., Shimamura, J., Pang, S., Inoue, D., Nakao, K.: Detection of botnet activities through the lens of a large-scale darknet. In: Liu, D., Xie, S., Li, Y., Zhao, D., El-Alfy, E.-S.M. (eds.) ICONIP 2017. LNCS, vol. 10638, pp. 442\u2013451. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-70139-4_45"},{"key":"5_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"620","DOI":"10.1007\/978-3-642-34500-5_73","volume-title":"Neural Information Processing","author":"T Ban","year":"2012","unstructured":"Ban, T., Zhu, L., Shimamura, J., Pang, S., Inoue, D., Nakao, K.: Behavior analysis of long-term cyber attacks in the darknet. In: Huang, T., Zeng, Z., Li, C., Leung, C.S. (eds.) ICONIP 2012. LNCS, vol. 7667, pp. 620\u2013628. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-34500-5_73"},{"key":"5_CR7","unstructured":"Bartos, K., Sofka, M., Franc, V.: Optimized invariant representation of network traffic for detecting unseen malware variants (2016)"},{"key":"5_CR8","doi-asserted-by":"crossref","unstructured":"Bou-Harb, E., Debbabi, M., Assi, C.: A time series approach for inferring orchestrated probing campaigns by analyzing darknet traffic. In: 2015 10th International Conference on Availability, Reliability and Security, pp. 180\u2013185. IEEE, August 2015","DOI":"10.1109\/ARES.2015.9"},{"issue":"10","key":"5_CR9","first-page":"63","volume":"4","author":"ML Bringer","year":"2012","unstructured":"Bringer, M.L., Chelmecki, C.A., Fujinoki, H.: A survey: recent advances and future trends in honeypot research. Int. J. Comput. Netw. Inf. Secur. 4(10), 63 (2012)","journal-title":"Int. J. Comput. Netw. Inf. Secur."},{"key":"5_CR10","doi-asserted-by":"crossref","unstructured":"Cao, F., Estert, M., Qian, W., Zhou, A.: Density-based clustering over an evolving data stream with noise. In: Proceedings of the 2006 SIAM International Conference on Data Mining, pp. 328\u2013339. SIAM (2006)","DOI":"10.1137\/1.9781611972764.29"},{"issue":"3","key":"5_CR11","doi-asserted-by":"publisher","first-page":"277","DOI":"10.1007\/s12599-019-00576-5","volume":"61","author":"M Carnein","year":"2019","unstructured":"Carnein, M., Trautmann, H.: Optimizing data stream representation: an extensive survey on stream clustering algorithms. Bus. Inf. Syst. Eng. 61(3), 277\u2013297 (2019)","journal-title":"Bus. Inf. Syst. Eng."},{"key":"5_CR12","doi-asserted-by":"publisher","first-page":"772","DOI":"10.1016\/j.comcom.2012.01.016","volume":"35","author":"P Casas","year":"2012","unstructured":"Casas, P., Mazel, J., Owezarski, P.: Unsupervised network intrusion detection systems: detecting the unknown without knowledge. Comput. Commun. 35, 772\u2013783 (2012)","journal-title":"Comput. Commun."},{"issue":"10","key":"5_CR13","first-page":"n\/a","volume":"7","author":"SS Choi","year":"2013","unstructured":"Choi, S.S., Song, J., Kim, S., Kim, S.: A model of analyzing cyber threats trend and tracing potential attackers based on darknet traffic. Secur. Commun. Netw. 7(10), n\/a (2013)","journal-title":"Secur. Commun. Netw."},{"key":"5_CR14","doi-asserted-by":"publisher","first-page":"2042","DOI":"10.1016\/j.asoc.2010.07.002","volume":"11","author":"E Corchado","year":"2010","unstructured":"Corchado, E., Herrero, \u00c1.: Neural visualization of network traffic data for intrusion detection. Appl. Soft Comput. J. 11, 2042\u20132056 (2010)","journal-title":"Appl. Soft Comput. J."},{"key":"5_CR15","doi-asserted-by":"crossref","unstructured":"Coudriau, M., Lahmadi, A., Fran\u00e7ois, J.: Topological analysis and visualisation of network monitoring data: darknet case study. In: 2016 IEEE International Workshop on Information Forensics and Security (WIFS), pp. 1\u20136 (2016)","DOI":"10.1109\/WIFS.2016.7823920"},{"key":"5_CR16","unstructured":"Durumeric, Z., Bailey, M., Halderman, J.A.: An Internet-wide view of Internet-wide scanning. In: Proceedings of the 23rd USENIX Conference on Security Symposium, SEC 2014, pp. 65\u201378. USENIX Association (2014)"},{"key":"5_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"135","DOI":"10.1007\/BFb0100982","volume-title":"Advances in Database Technology \u2014 EDBT\u201998","author":"M Ester","year":"1998","unstructured":"Ester, M., Wittmann, R.: Incremental generalization for mining in a data warehousing environment. In: Schek, H.-J., Alonso, G., Saltor, F., Ramos, I. (eds.) EDBT 1998. LNCS, vol. 1377, pp. 135\u2013149. Springer, Heidelberg (1998). https:\/\/doi.org\/10.1007\/BFb0100982"},{"key":"5_CR18","unstructured":"Ester, M., Kriegel, H.P., Sander, J., Xu, X., et al.: A density-based algorithm for discovering clusters in large spatial databases with noise. In: KDD, vol. 96, pp. 226\u2013231 (1996)"},{"key":"5_CR19","doi-asserted-by":"publisher","first-page":"59","DOI":"10.1016\/j.comcom.2015.01.016","volume":"62","author":"C Fachkha","year":"2015","unstructured":"Fachkha, C., Bou-Harb, E., Debbabi, M.: Inferring distributed reflection denial of service attacks from darknet. Comput. Commun. 62, 59\u201371 (2015)","journal-title":"Comput. Commun."},{"issue":"2","key":"5_CR20","doi-asserted-by":"publisher","first-page":"235","DOI":"10.1007\/s10462-015-9444-8","volume":"45","author":"ER Faria","year":"2015","unstructured":"Faria, E.R., Gon\u00e7alves, I.J.C.R., de Carvalho, A.C.P.L.F., Gama, J.: Novelty detection in data streams. Artif. Intell. Rev. 45(2), 235\u2013269 (2015). https:\/\/doi.org\/10.1007\/s10462-015-9444-8","journal-title":"Artif. Intell. Rev."},{"key":"5_CR21","unstructured":"Guha, S., Mishra, N., Motwani, R., O\u2019Callaghan, L.: Clustering data streams. In: Proceedings of 41st Annual Symposium on Foundations of Computer Science, 2000, pp. 359\u2013366. IEEE (2000)"},{"key":"5_CR22","doi-asserted-by":"crossref","unstructured":"Harrop, W., Armitage, G.: Defining and evaluating Greynets (sparse darknets). In: The IEEE Conference on Local Computer Networks 30th Anniversary (LCN 2005), vol. l, pp. 344\u2013350. IEEE (2005)","DOI":"10.1109\/LCN.2005.46"},{"key":"5_CR23","doi-asserted-by":"crossref","unstructured":"Heo, H., Shin, S.: Who is knocking on the Telnet port: a large-scale empirical study of network scanning. In: Proceedings of the 2018 on Asia Conference on Computer and Communications Security, pp. 625\u2013636. ACM (2018)","DOI":"10.1145\/3196494.3196537"},{"key":"5_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"579","DOI":"10.1007\/978-3-642-02490-0_71","volume-title":"Advances in Neuro-Information Processing","author":"D Inoue","year":"2009","unstructured":"Inoue, D., et al.: An incident analysis system NICTER and its analysis engines based on data mining techniques. In: K\u00f6ppen, M., Kasabov, N., Coghill, G. (eds.) ICONIP 2008. LNCS, vol. 5506, pp. 579\u2013586. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-642-02490-0_71"},{"key":"5_CR25","doi-asserted-by":"crossref","unstructured":"Kao, C.N., Chang, Y.C., Huang, N.F., Liao, I.J., Liu, R.T., Hung, H.W., et al.: A predictive zero-day network defense using long-term port-scan recording. In: 2015 IEEE Conference on Communications and Network Security (CNS), pp. 695\u2013696. IEEE (2015)","DOI":"10.1109\/CNS.2015.7346890"},{"key":"5_CR26","doi-asserted-by":"crossref","unstructured":"Lagraa, S., Francois, J., Lahmadi, A., Miner, M., Hammerschmidt, C., State, R.: BotGM: unsupervised graph mining to detect botnets in traffic flows. In: 2017 1st Cyber Security in Networking Conference (CSNet), pp. 1\u20138. IEEE, October 2017","DOI":"10.1109\/CSNET.2017.8241990"},{"key":"5_CR27","doi-asserted-by":"crossref","unstructured":"Liu, J., Fukuda, K.: Towards a taxonomy of darknet traffic. In: 2014 International Wireless Communications and Mobile Computing Conference (IWCMC), pp. 37\u201343. IEEE, August 2014","DOI":"10.1109\/IWCMC.2014.6906329"},{"issue":"Nov","key":"5_CR28","first-page":"2579","volume":"9","author":"LVD Maaten","year":"2008","unstructured":"Maaten, L.V.D., Hinton, G.: Visualizing data using t-SNE. J. Mach. Learn. Res. 9(Nov), 2579\u20132605 (2008)","journal-title":"J. Mach. Learn. Res."},{"key":"5_CR29","doi-asserted-by":"crossref","unstructured":"Mairh, A., Barik, D., Verma, K., Jena, D.: Honeypot in network security: a survey. In: Proceedings of the 2011 International Conference on Communication, Computing and Security, pp. 600\u2013605. ACM (2011)","DOI":"10.1145\/1947940.1948065"},{"key":"5_CR30","unstructured":"Mikolov, T., Chen, K., Corrado, G., Dean, J.: Efficient estimation of word representations in vector space. arXiv preprint arXiv:1301.3781 (2013)"},{"key":"5_CR31","unstructured":"Nichols, S.: FBI warns of SIM-swap scams, IBM finds holes in visitor software, 13-year-old girl charged over Javascript prank (2019). https:\/\/www.theregister.co.uk\/2019\/03\/09\/security_roundup_080319"},{"key":"5_CR32","doi-asserted-by":"crossref","unstructured":"Owezarski, P.: A Near Real-Time Algorithm for Autonomous Identification and Characterization of Honeypot Attacks. Technical report (2015). https:\/\/hal.archives-ouvertes.fr\/hal-01112926","DOI":"10.1145\/2714576.2714580"},{"issue":"3","key":"5_CR33","first-page":"522","volume":"24","author":"YMP Pa","year":"2016","unstructured":"Pa, Y.M.P., Suzuki, S., Yoshioka, K., Matsumoto, T., Kasama, T., Rossow, C.: IoTPOT: a novel honeypot for revealing current IoT threats. J. Inf. Process. 24(3), 522\u2013533 (2016)","journal-title":"J. Inf. Process."},{"key":"5_CR34","doi-asserted-by":"publisher","first-page":"5335","DOI":"10.1007\/s11277-016-3744-4","volume":"96","author":"S Pang","year":"2017","unstructured":"Pang, S., et al.: Malicious events grouping via behavior based darknet traffic flow analysis. Wirel. Pers. Commun. 96, 5335\u20135353 (2017)","journal-title":"Wirel. Pers. Commun."},{"key":"5_CR35","doi-asserted-by":"publisher","first-page":"53","DOI":"10.1007\/978-3-319-66505-4_3","volume-title":"Network Security Metrics","author":"A Singhal","year":"2017","unstructured":"Singhal, A., Ou, X.: Security risk analysis of enterprise networks using probabilistic attack graphs. Network Security Metrics, pp. 53\u201373. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-66505-4_3"},{"key":"5_CR36","doi-asserted-by":"publisher","first-page":"S128","DOI":"10.1016\/j.diin.2008.05.012","volume":"5","author":"O Thonnard","year":"2008","unstructured":"Thonnard, O., Dacier, M.: A framework for attack patterns\u2019 discovery in honeynet data. Digit. Invest. 5, S128\u2013S139 (2008)","journal-title":"Digit. Invest."},{"key":"5_CR37","unstructured":"Ullrich, J.: Port 7547 soap remote code execution attack against DSL modems (2016). https:\/\/isc.sans.edu\/diary\/Port+7547+SOAP+Remote+Code+Execution+Attack+Against+DSL+Modems\/21759"},{"key":"5_CR38","doi-asserted-by":"crossref","unstructured":"Van Horenbeeck, M.: The sans Internet storm center. In: 2008 WOMBAT Workshop on Information Security Threats Data Collection and Sharing, pp. 17\u201323. IEEE (2008)","DOI":"10.1109\/WISTDCS.2008.16"},{"key":"5_CR39","doi-asserted-by":"crossref","unstructured":"Wagner, C., Dulaunoy, A., Wagener, G., Iklody, A.: MISP: the design and implementation of a collaborative threat intelligence sharing platform. In: Proceedings of the 2016 ACM on Workshop on Information Sharing and Collaborative Security, pp. 49\u201356. ACM (2016)","DOI":"10.1145\/2994539.2994542"},{"key":"5_CR40","unstructured":"Wieting, J., Bansal, M., Gimpel, K., Livescu, K.: Towards universal paraphrastic sentence embeddings. arXiv preprint arXiv:1511.08198 (2015)"},{"key":"5_CR41","doi-asserted-by":"crossref","unstructured":"Wustrow, E., Karir, M., Bailey, M., Jahanian, F., Huston, G.: Internet background radiation revisited. In: Proceedings of the 10th ACM SIGCOMM Conference on Internet Measurement, New York (2010)","DOI":"10.1145\/1879141.1879149"},{"key":"5_CR42","doi-asserted-by":"crossref","unstructured":"Zhang, J., Tong, Y., Qin, T.: Traffic features extraction and clustering analysis for abnormal behavior detection. In: Proceedings of the 2016 International Conference on Intelligent Information Processing - ICIIP 2016, New York (2016)","DOI":"10.1145\/3028842.3028867"},{"key":"5_CR43","doi-asserted-by":"crossref","unstructured":"\u0160krjanc, I., Ozawa, S., Dov\u017ean, D., Tao, B., Nakazato, J., Shimamura, J.: Evolving cauchy possibilistic clustering and its application to large-scale cyberattack monitoring. In: 2017 IEEE Symposium Series on Computational Intelligence (SSCI), pp. 1\u20137, November 2017","DOI":"10.1109\/SSCI.2017.8285203"}],"container-title":["Lecture Notes in Computer Science","Computer Security \u2013 ESORICS 2020"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-58951-6_5","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,9,10]],"date-time":"2025-09-10T22:03:39Z","timestamp":1757541819000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-58951-6_5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020]]},"ISBN":["9783030589509","9783030589516"],"references-count":43,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-58951-6_5","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020]]},"assertion":[{"value":"12 September 2020","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ESORICS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"European Symposium on Research in Computer Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Guildford","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"United Kingdom","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2020","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"14 September 2020","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"18 September 2020","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"25","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"esorics2020","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/esorics2020.sccs.surrey.ac.uk\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"366","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"72","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"20% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3,16","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"9,1","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"The conference was held virtually due to the COVID-10 pandemic.","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}