{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,25]],"date-time":"2026-02-25T19:00:25Z","timestamp":1772046025062,"version":"3.50.1"},"publisher-location":"Cham","reference-count":42,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030657444","type":"print"},{"value":"9783030657451","type":"electronic"}],"license":[{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020]]},"DOI":"10.1007\/978-3-030-65745-1_3","type":"book-chapter","created":{"date-parts":[[2020,12,18]],"date-time":"2020-12-18T08:03:25Z","timestamp":1608278605000},"page":"42-62","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":18,"title":["EnCoD: Distinguishing Compressed and Encrypted File Fragments"],"prefix":"10.1007","author":[{"given":"Fabio","family":"De Gaspari","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Dorjan","family":"Hitaj","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Giulio","family":"Pagnotta","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Lorenzo","family":"De Carli","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Luigi V.","family":"Mancini","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2020,12,19]]},"reference":[{"key":"3_CR1","unstructured":"Pycriptodome library. https:\/\/pycryptodome.readthedocs.io\/en\/latest\/src\/introduction.html"},{"key":"3_CR2","unstructured":"DOCX Transitional (Office Open XML), January 2017. https:\/\/www.loc.gov\/preservation\/digital\/formats\/fdd\/fdd000397.shtml"},{"key":"3_CR3","unstructured":"Atlanta spent \\$2.6m to recover from a \\$52,000 ransomware scare (2018). https:\/\/www.wired.com\/story\/atlanta-spent-26m-recover-from-ransomware-scare\/"},{"key":"3_CR4","doi-asserted-by":"crossref","unstructured":"Wannacry cyber attack cost the NHS \u00a392m as 19,000 appointments cancelled (2018). https:\/\/www.telegraph.co.uk\/technology\/2018\/10\/11\/wannacry-cyber-attack-cost-nhs-92m-19000-appointments-cancelled\/","DOI":"10.1016\/S1361-3723(18)30102-7"},{"key":"3_CR5","unstructured":"Evolvingai: Deep neural networks are easily fooled: High confidence predictions for unrecognizable images, December 2019. http:\/\/www.evolvingai.org\/fooling"},{"key":"3_CR6","unstructured":"FMA: A dataset for music analysis, December 2019. https:\/\/github.com\/mdeff\/fma"},{"key":"3_CR7","unstructured":"Open images dataset v5, December 2019. https:\/\/www.figure-eight.com\/dataset\/open-images-annotated-with-bounding-boxes\/"},{"key":"3_CR8","unstructured":"Wikipedia: database download, December 2019. https:\/\/dumps.wikimedia.org\/enwiki\/"},{"key":"3_CR9","unstructured":"arXiv.org e-Print archive, February 2020. https:\/\/arxiv.org\/"},{"key":"3_CR10","unstructured":"Ransomware attacks grow, crippling cities and businesses (2020). https:\/\/www.nytimes.com\/2020\/02\/09\/technology\/ransomware-attacks.html"},{"issue":"1","key":"3_CR11","first-page":"6","volume":"3","author":"N Ameeno","year":"2019","unstructured":"Ameeno, N., Sherry, K., Gagneja, K.: Using machine learning to detect the file compression or encryption. Amity J. Comput. Sci. 3(1), 6 (2019)","journal-title":"Amity J. Comput. Sci."},{"issue":"11","key":"3_CR12","doi-asserted-by":"publisher","first-page":"2916","DOI":"10.1109\/TIFS.2019.2911156","volume":"14","author":"F Casino","year":"2019","unstructured":"Casino, F., Choo, K.K.R., Patsakis, C.: HEDGE: efficient traffic classification of encrypted and compressed packets. IEEE Trans. Inf. Forensics Secur. 14(11), 2916\u20132926 (2019)","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"3_CR13","unstructured":"Chollet, F., et al.: Keras (2015). https:\/\/keras.io"},{"issue":"1\u20132","key":"3_CR14","doi-asserted-by":"publisher","first-page":"603","DOI":"10.1007\/s11042-019-08088-w","volume":"79","author":"P Choudhury","year":"2020","unstructured":"Choudhury, P., Kumar, K.R.P., Nandi, S., Athithan, G.: An empirical approach towards characterization of encrypted and unencrypted VoIP traffic. Multimedia Tools Appl. 79(1\u20132), 603\u2013631 (2020)","journal-title":"Multimedia Tools Appl."},{"key":"3_CR15","unstructured":"Computer Security Division, I.T.L.: NIST SP 800-22: Documentation and Software, May 2016. https:\/\/csrc.nist.gov\/projects\/random-bit-generation\/documentation-and-software"},{"key":"3_CR16","doi-asserted-by":"publisher","first-page":"S3","DOI":"10.1016\/j.diin.2010.05.002","volume":"7","author":"G Conti","year":"2010","unstructured":"Conti, G., et al.: Automated mapping of large binary objects using primitive fragment type classification. Digital Invest. 7, S3\u2013S12 (2010)","journal-title":"Digital Invest."},{"key":"3_CR17","doi-asserted-by":"crossref","unstructured":"Continella, A., et al.: Shieldfs: a self-healing, ransomware-aware filesystem. In: ACSAC (2016)","DOI":"10.1145\/2991079.2991110"},{"key":"3_CR18","doi-asserted-by":"crossref","unstructured":"De Carli, L., Torres, R., Modelo-Howard, G., Tongaonkar, A., Jha, S.: Botnet protocol inference in the presence of encrypted traffic. In: INFOCOM (2017)","DOI":"10.1109\/INFOCOM.2017.8057064"},{"key":"3_CR19","doi-asserted-by":"crossref","unstructured":"De Gaspari, F., Hitaj, D., Pagnotta, G., De Carli, L., Mancini, L.V.: The naked sun: malicious cooperation between benign-looking processes. In: 18th International Conference on Applied Cryptography and Network Security. ACNS (2020)","DOI":"10.1007\/978-3-030-57878-7_13"},{"key":"3_CR20","doi-asserted-by":"crossref","unstructured":"Dorfinger, P., Panholzer, G., John, W.: Entropy estimation for real-time encrypted traffic identification. In: Traffic Monitoring and Analysis (2011)","DOI":"10.1007\/978-3-642-20305-3_14"},{"key":"3_CR21","unstructured":"Fielding, R., et al.: RFC 2616, hypertext transfer protocol - HTTP\/1.1 (1999). http:\/\/www.rfc.net\/rfc2616.html"},{"key":"3_CR22","unstructured":"Glorot, X., Bengio, Y.: Understanding the difficulty of training deep feedforward neural networks. In: AISTATS (2010)"},{"key":"3_CR23","unstructured":"Hahn, D., Apthorpe, N., Feamster, N.: Detecting compressed cleartext traffic from consumer internet of things devices (2018)"},{"key":"3_CR24","unstructured":"Hahn, D., Apthorpe, N., Feamster, N.: Detecting Compressed Cleartext Traffic from Consumer Internet of Things Devices. arXiv:1805.02722 [cs], May 2018. http:\/\/arxiv.org\/abs\/1805.02722"},{"key":"3_CR25","doi-asserted-by":"crossref","unstructured":"Kharraz, A., Kirda, E.: Redemption: real-time protection against ransomware at end-hosts. In: RAID (2017)","DOI":"10.1007\/978-3-319-66332-6_5"},{"key":"3_CR26","doi-asserted-by":"crossref","unstructured":"Kirda, E.: Unveil: a large-scale, automated approach to detecting ransomware (keynote). In: SANER (2017)","DOI":"10.1109\/SANER.2017.7884603"},{"key":"3_CR27","unstructured":"Klambauer, G., Unterthiner, T., Mayr, A., Hochreiter, S.: Self-normalizing neural networks. CoRR abs\/1706.02515 (2017). http:\/\/arxiv.org\/abs\/1706.02515"},{"key":"3_CR28","doi-asserted-by":"crossref","unstructured":"LeCun, Y., Bottou, L., Orr, G.B., M\u00fcller, K.R.: Efficient backprop. In: Neural Networks: Tricks of the Trade (1998)","DOI":"10.1007\/3-540-49430-8_2"},{"key":"3_CR29","unstructured":"Lee, H., Ge, R., Ma, T., Risteski, A., Arora, S.: On the ability of neural nets to express distributions. In: Kale, S., Shamir, O. (eds.) Proceedings of the 30th Conference on Learning Theory, COLT 2017, Amsterdam, The Netherlands, 7\u201310 July 2017. Proceedings of Machine Learning Research, vol. 65, pp. 1271\u20131296. PMLR (2017). http:\/\/proceedings.mlr.press\/v65\/lee17a.html"},{"key":"3_CR30","unstructured":"Malhotra, P.: Detection of encrypted streams for egress monitoring. Master of Science, Iowa State University, Ames (2007). https:\/\/lib.dr.iastate.edu\/rtd\/14632\/"},{"key":"3_CR31","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"282","DOI":"10.1007\/978-3-319-29814-6_23","volume-title":"Information and Communications Security","author":"MSI Mamun","year":"2016","unstructured":"Mamun, M.S.I., Ghorbani, A.A., Stakhanova, N.: An entropy based encrypted traffic classifier. In: Qing, S., Okamoto, E., Kim, K., Liu, D. (eds.) ICICS 2015. LNCS, vol. 9543, pp. 282\u2013294. Springer, Cham (2016). https:\/\/doi.org\/10.1007\/978-3-319-29814-6_23"},{"key":"3_CR32","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"532","DOI":"10.1007\/978-3-319-48965-0_32","volume-title":"Cryptology and Network Security","author":"F Mbol","year":"2016","unstructured":"Mbol, F., Robert, J.-M., Sadighian, A.: An efficient approach to detect TorrentLocker ransomware in computer systems. In: Foresti, S., Persiano, G. (eds.) CANS 2016. LNCS, vol. 10052, pp. 532\u2013541. Springer, Cham (2016). https:\/\/doi.org\/10.1007\/978-3-319-48965-0_32"},{"key":"3_CR33","doi-asserted-by":"crossref","unstructured":"Mehnaz, S., Mudgerikar, A., Bertino, E.: Rwguard: a real-time detection system against cryptographic ransomware. In: Research in Attacks, Intrusions, and Defenses. RAID 2018 (2018)","DOI":"10.1007\/978-3-030-00470-5_6"},{"key":"3_CR34","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"192","DOI":"10.1007\/978-3-319-70290-2_12","volume-title":"Secure IT Systems","author":"A Palisse","year":"2017","unstructured":"Palisse, A., Durand, A., Le Bouder, H., Le\u00a0Guernic, C., Lanet, J.-L.: Data aware defense (DaD): towards a generic and practical ransomware countermeasure. In: Lipmaa, H., Mitrokotsa, A., Matulevi\u010dius, R. (eds.) NordSec 2017. LNCS, vol. 10674, pp. 192\u2013208. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-70290-2_12"},{"issue":"4","key":"3_CR35","first-page":"14","volume":"1","author":"B Park","year":"2008","unstructured":"Park, B., Savoldi, A., Gubian, P., Park, J., Lee, S.H., Lee, S.: Data extraction from damage compressed file for computer forensic purposes. Int. J. Hybrid Inf. Technol. 1(4), 14 (2008)","journal-title":"Int. J. Hybrid Inf. Technol."},{"key":"3_CR36","unstructured":"Rukhin, A., et al.: A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications. Special Publication 800-22r1a, NIST, April 2010"},{"key":"3_CR37","doi-asserted-by":"crossref","unstructured":"Trottier, L., Giguere, P., Chaib-draa, B.: Parametric exponential linear unit for deep convolutional neural networks. In: 2017 16th IEEE International Conference on Machine Learning and Applications (ICMLA) (2017)","DOI":"10.1109\/ICMLA.2017.00038"},{"key":"3_CR38","doi-asserted-by":"crossref","unstructured":"Wallace, G.K.: The jpeg still picture compression standard. IEEE Trans. Consum. Electron. 38(1), xviii\u2013xxxiv (1992)","DOI":"10.1109\/30.125072"},{"key":"3_CR39","unstructured":"Walls, R.J., Learned-Miller, E., Levine, B.N.: Forensic triage for mobile phones with DEC0DE. In: USENIX Security Symposium (2011)"},{"key":"3_CR40","unstructured":"Wang, R., Shoshitaishvili, Y., Kruegel, C., Vigna, G.: Steal this movie - automatically bypassing DRM protection in streaming media services. In: USENIX (2013)"},{"key":"3_CR41","doi-asserted-by":"crossref","unstructured":"Wang, Y., Zhang, Z., Guo, L., Li, S.: Using entropy to classify traffic more deeply. In: 2011 IEEE Sixth International Conference on Networking, Architecture, and Storage, pp. 45\u201352, July 2011","DOI":"10.1109\/NAS.2011.18"},{"key":"3_CR42","doi-asserted-by":"crossref","unstructured":"Zhang, H., Papadopoulos, C., Massey, D.: Detecting encrypted botnet traffic. In: 2013 Proceedings IEEE INFOCOM, pp. 3453\u20131358, April 2013","DOI":"10.1109\/INFCOM.2013.6567180"}],"container-title":["Lecture Notes in Computer Science","Network and System Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-65745-1_3","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,12,18]],"date-time":"2020-12-18T08:39:53Z","timestamp":1608280793000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-65745-1_3"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020]]},"ISBN":["9783030657444","9783030657451"],"references-count":42,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-65745-1_3","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020]]},"assertion":[{"value":"19 December 2020","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"NSS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Network and System Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Melbourne, VIC","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Australia","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2020","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"25 November 2020","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"27 November 2020","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"14","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"nss2020","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/nsclab.org\/nss2020\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Easychair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"60","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"17","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"9","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"28% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"4,2","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"2,75","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Due to the Corona pandemic the event was held virtually.","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}