{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,25]],"date-time":"2025-03-25T14:12:32Z","timestamp":1742911952883,"version":"3.40.3"},"publisher-location":"Cham","reference-count":43,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030725815"},{"type":"electronic","value":"9783030725822"}],"license":[{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021]]},"DOI":"10.1007\/978-3-030-72582-2_31","type":"book-chapter","created":{"date-parts":[[2021,3,29]],"date-time":"2021-03-29T12:02:43Z","timestamp":1617019363000},"page":"531-546","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["Characterizing the Security of Endogenous and Exogenous Desktop Application Network Flows"],"prefix":"10.1007","author":[{"given":"Matthew R.","family":"McNiece","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ruidan","family":"Li","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Bradley","family":"Reaves","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2021,3,30]]},"reference":[{"unstructured":"https:\/\/transparencyreport.google.com\/https\/overview","key":"31_CR1"},{"unstructured":"https:\/\/spark.apache.org\/","key":"31_CR2"},{"unstructured":"https:\/\/www.cisco.com\/c\/en\/us\/td\/docs\/security\/vpn_client\/anyconnect\/anyconnect47\/administration\/guide\/b_AnyConnect_Administrator_Guide_4-7\/nvm.html","key":"31_CR3"},{"unstructured":"https:\/\/osquery.io\/","key":"31_CR4"},{"unstructured":"https:\/\/parquet.apache.org\/","key":"31_CR5"},{"unstructured":"https:\/\/snort.org\/downloads\/ip-block-list","key":"31_CR6"},{"unstructured":"https:\/\/umbrella.cisco.com\/blog\/cisco-umbrella-1-million","key":"31_CR7"},{"unstructured":"https:\/\/docs.umbrella.com\/investigate-api\/docs\/security-information-for-a-domain-1","key":"31_CR8"},{"unstructured":"https:\/\/github.com\/osquery\/osquery\/blob\/master\/packs\/incident-response.conf#L211","key":"31_CR9"},{"unstructured":"https:\/\/tools.ietf.org\/html\/rfc1918","key":"31_CR10"},{"unstructured":"https:\/\/github.com\/georg-un\/kneebow","key":"31_CR11"},{"unstructured":"https:\/\/blog.jacopo.io\/en\/post\/apple-ocsp\/","key":"31_CR12"},{"unstructured":"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2019-13450","key":"31_CR13"},{"unstructured":"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2019-13449","key":"31_CR14"},{"unstructured":"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2019-15006","key":"31_CR15"},{"doi-asserted-by":"crossref","unstructured":"Anderson, B., McGrew, D.: Identifying encrypted malware traffic with contextual flow data. In: Proceedings of the 2016 ACM Workshop on Artificial Intelligence and Security, AISec 2016, pp. 35\u201346. ACM, New York (2016)","key":"31_CR16","DOI":"10.1145\/2996758.2996768"},{"doi-asserted-by":"crossref","unstructured":"Anderson, B., McGrew, D.: TLS beyond the browser: combining end host and network data to understand application behavior. In: Proceedings of the Internet Measurement Conference, IMC 2019, pp. 379\u2013392. Association for Computing Machinery, New York (2019)","key":"31_CR17","DOI":"10.1145\/3355369.3355601"},{"unstructured":"Bellissimo, A., Burgess, J., Fu, K.: Secure Software Updates: Disappointments and New Challenges. HotSec, pp. 37\u201343 (2006)","key":"31_CR18"},{"doi-asserted-by":"crossref","unstructured":"Chen, Y., Antonakakis, M., Perdisci, R., Nadji, Y., Dagon, D., Lee, W.: DNS Noise: Measuring the pervasiveness of disposable domains in modern DNS traffic. In: Proceedings - 44th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks, DSN 2014, pp. 598\u2013609 (2014)","key":"31_CR19","DOI":"10.1109\/DSN.2014.61"},{"unstructured":"Cisco Systems Inc: Cisco Security Analytics White Paper (2018). https:\/\/www.cisco.com\/c\/dam\/en\/us\/products\/collateral\/security\/stealthwatch\/white-paper-c11-740605.pdf","key":"31_CR20"},{"unstructured":"Cisco Systems Inc: Cisco Encrypted Traffic Analytics - White Paper (2019). https:\/\/www.cisco.com\/c\/dam\/en\/us\/solutions\/collateral\/enterprise-networks\/enterprise-network-security\/nb-09-encrytd-traf-anlytcs-wp-cte-en.pdf","key":"31_CR21"},{"doi-asserted-by":"crossref","unstructured":"Denning, D.E.: An intrusion-detection model. In: 1986 IEEE Symposium on Security and Privacy, pp. 118\u2013118 (1986)","key":"31_CR22","DOI":"10.1109\/SP.1986.10010"},{"unstructured":"Dormann, W.: The Consequences of Insecure Software Updates (2017). https:\/\/insights.sei.cmu.edu\/cert\/2017\/06\/the-consequences-of-insecure-software-updates.html","key":"31_CR23"},{"doi-asserted-by":"crossref","unstructured":"Durumeric, Z., et al.: The Security Impact of HTTPS Interception (2017)","key":"31_CR24","DOI":"10.14722\/ndss.2017.23456"},{"unstructured":"Durumeric, Z., Wustrow, E., Halderman, J.A.: ZMap: fast internet-wide scanning and its security applications. In: 22nd USENIX Security Symposium (USENIX Security 2013), pp. 605\u2013620. USENIX Association, Washington, D.C., August 2013","key":"31_CR25"},{"unstructured":"Forrest, S., Hofmeyr, S., Somayaji, A., Longstaff, T.: A sense of self for Unix processes, pp. 120\u2013128. Institute of Electrical and Electronics Engineers (IEEE), December 2002","key":"31_CR26"},{"doi-asserted-by":"crossref","unstructured":"Frolov, S., Wustrow, E.: The use of TLS in censorship circumvention. In: Proceedings of The Network and Distributed System Security Symposium (2019)","key":"31_CR27","DOI":"10.14722\/ndss.2019.23511"},{"doi-asserted-by":"crossref","unstructured":"Georgiev, M., Iyengar, S., Jana, S., Anubhai, R., Boneh, D., Shmatikov, V.: The most dangerous code in the world: validating SSL certificates in non-browser software. In: ACM Conference on Computer and Communications Security, pp. 38\u201349 (2012)","key":"31_CR28","DOI":"10.1145\/2382196.2382204"},{"doi-asserted-by":"crossref","unstructured":"Hofstede, R., Barto\u0161, V., Sperotto, A., Pras, A.: Towards real-time intrusion detection for NetFlow and IPFIX. In: 2013 9th International Conference on Network and Service Management, pp. 227\u2013234 (2013)","key":"31_CR29","DOI":"10.1109\/CNSM.2013.6727841"},{"doi-asserted-by":"crossref","unstructured":"Houmansadr, A., Brubaker, C., Shmatikov, V.: The parrot is dead: observing unobservable network communications. In: Proceedings - IEEE Symposium on Security and Privacy, pp. 65\u201379 (2013)","key":"31_CR30","DOI":"10.1109\/SP.2013.14"},{"unstructured":"Kleopa, C., Judge, C.: Snort - OpenAppID (2015) https:\/\/www.snort.org\/documents\/openappid-detection-webinar","key":"31_CR31"},{"key":"31_CR32","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"188","DOI":"10.1007\/978-3-319-45719-2_9","volume-title":"Research in Attacks, Intrusions, and Defenses","author":"A Kountouras","year":"2016","unstructured":"Kountouras, A., et al.: Enabling network security through active DNS datasets. In: Monrose, F., Dacier, M., Blanc, G., Garcia-Alfaro, J. (eds.) RAID 2016. LNCS, vol. 9854, pp. 188\u2013208. Springer, Cham (2016). https:\/\/doi.org\/10.1007\/978-3-319-45719-2_9"},{"unstructured":"Leonhard, W.: Microsoft is distributing security patches through insecure HTTP links | Computerworld (2018). https:\/\/www.computerworld.com\/article\/3256304\/microsoft-is-distributing-security-patches-through-insecure-http-links.html","key":"31_CR33"},{"unstructured":"Lyon, G.F.: Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning. Insecure, USA (2009)","key":"31_CR34"},{"doi-asserted-by":"crossref","unstructured":"Nemec, M., Klinec, D., Svenda, P., Sekan, P., Matyas, V.: Measuring popularity of cryptographic libraries in internet-wide scans, pp. 162\u2013175 (2017)","key":"31_CR35","DOI":"10.1145\/3134600.3134612"},{"unstructured":"Roesch, M.: Snort - lightweight intrusion detection for networks. In: Proceedings of the 13th USENIX Conference on System Administration, LISA 1999, pp. 229\u2013238. USENIX Association, USA (1999)","key":"31_CR36"},{"doi-asserted-by":"crossref","unstructured":"Shamsi, Z., Cline, D.B.H., Loguinov, D.: Faulds: a non-parametric iterative classifier for internet-wide OS fingerprinting. In: ACM Conference on Computer and Communications Security, pp. 971\u2013982 (2017)","key":"31_CR37","DOI":"10.1145\/3133956.3133963"},{"issue":"4","key":"31_CR38","doi-asserted-by":"publisher","first-page":"2196","DOI":"10.1109\/TNET.2015.2447492","volume":"24","author":"Z Shamsi","year":"2016","unstructured":"Shamsi, Z., Nandwani, A., Leonard, D., Loguinov, D.: Hershel: single-Packet OS Fingerprinting. IEEE\/ACM Trans. Netw. 24(4), 2196\u20132209 (2016)","journal-title":"IEEE\/ACM Trans. Netw."},{"doi-asserted-by":"crossref","unstructured":"Springall, D., Durumeric, Z., Halderman, J.A.: Measuring the Security Harm of TLS Crypto Shortcuts, pp. 33\u201347 (2016)","key":"31_CR39","DOI":"10.1145\/2987443.2987480"},{"doi-asserted-by":"crossref","unstructured":"Wagner, D., Soto, P.: Mimicry attacks on host-based intrusion detection systems. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, CCS 2002, pp. 255\u2013264. Association for Computing Machinery, New York (2002)","key":"31_CR40","DOI":"10.1145\/586110.586145"},{"issue":"1","key":"31_CR41","doi-asserted-by":"publisher","first-page":"229","DOI":"10.1016\/S0031-3203(02)00026-2","volume":"36","author":"DY Yeung","year":"2003","unstructured":"Yeung, D.Y., Ding, Y.: Host-based intrusion detection using dynamic and static behavioral models. Pattern Recogn. 36(1), 229\u2013243 (2003)","journal-title":"Pattern Recogn."},{"unstructured":"Zalewski, M.: P0F V3: Passive Fingerprinter (2012). http:\/\/lcamtuf.coredump.cx\/p0f3\/README","key":"31_CR42"},{"doi-asserted-by":"crossref","unstructured":"Zhenqi, W., Xinyu, W.: NetFlow based intrusion detection system. In: Proceedings - 2008 International Conference on MultiMedia and Information Technology, MMIT 2008, pp. 825\u2013828 (2008)","key":"31_CR43","DOI":"10.1109\/MMIT.2008.213"}],"container-title":["Lecture Notes in Computer Science","Passive and Active Measurement"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-72582-2_31","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,5,4]],"date-time":"2021-05-04T19:45:43Z","timestamp":1620157543000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-72582-2_31"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021]]},"ISBN":["9783030725815","9783030725822"],"references-count":43,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-72582-2_31","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2021]]},"assertion":[{"value":"30 March 2021","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"PAM","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Passive and Active Network Measurement","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Cottbus","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Germany","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2021","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"29 March 2021","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"31 March 2021","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"22","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"pam2021","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.pam2021.b-tu.de\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"HotCrp","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"75","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"33","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"44% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"4.9","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"No","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}