{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,23]],"date-time":"2025-12-23T10:43:01Z","timestamp":1766486581108,"version":"3.40.3"},"publisher-location":"Cham","reference-count":43,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030725815"},{"type":"electronic","value":"9783030725822"}],"license":[{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021]]},"DOI":"10.1007\/978-3-030-72582-2_4","type":"book-chapter","created":{"date-parts":[[2021,3,29]],"date-time":"2021-03-29T12:02:43Z","timestamp":1617019363000},"page":"57-75","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":5,"title":["Clairvoyance: Inferring Blocklist Use on the Internet"],"prefix":"10.1007","author":[{"given":"Vector Guo","family":"Li","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Gautam","family":"Akiwate","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Kirill","family":"Levchenko","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Geoffrey M.","family":"Voelker","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Stefan","family":"Savage","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2021,3,30]]},"reference":[{"key":"4_CR1","unstructured":"Afroz, S., Tschantz, M.C., Sajid, S., Qazi, S.A., Javed, M., Paxson, V.: Exploring Server-side Blocking of Regions. Tech. rep, ICSI (2018)"},{"issue":"11","key":"4_CR2","doi-asserted-by":"publisher","first-page":"40","DOI":"10.1145\/2390756.2405036","volume":"10","author":"D Anderson","year":"2012","unstructured":"Anderson, D.: Splinternet behind the great firewall of China. Queue 10(11), 40\u201349 (2012)","journal-title":"Queue"},{"key":"4_CR3","unstructured":"antirez: new TCP scan method. https:\/\/seclists.org\/bugtraq\/1998\/Dec\/79"},{"key":"4_CR4","unstructured":"Aryan, S., Aryan, H., Halderman, J.A.: Internet censorship in iran: a first look. In: Proceedings of the 3rd USENIX Workshop on Free and Open Communications on the Internet (FOCI) (2013)"},{"key":"4_CR5","doi-asserted-by":"crossref","unstructured":"Bellovin, S.M.: A Technique for Counting NATted Hosts. In: Proceedings of the 2nd Internet Measurement Conference (IMC), pp. 267\u2013272 (2002)","DOI":"10.1145\/637201.637243"},{"key":"4_CR6","unstructured":"Bhutani, A., Wadhwani, P.: Threat Intelligence Market Size By Component, By Format Type, By Deployment Type, By Application, Industry Analysis Report, Regional Outlook, Growth Potential, Competitive Market Share and Forecast, 2019\u20132025 (2019)"},{"key":"4_CR7","unstructured":"Bouwman, X., Griffioen, H., Egbers, J., Doerr, C., Klievink, B., van Eeten, M.: A Different cup of TI? the added value of commercial threat intelligence. In: Proceedings of the 29th USENIX Security Symposium (USENIX Security), pp. 433\u2013450, August 2020"},{"key":"4_CR8","unstructured":"CAIDA: Inferred AS to Organization Mapping Dataset. https:\/\/www.caida.org\/data\/as_organizations.xml"},{"key":"4_CR9","unstructured":"Censys - Public Internet Search Engine. https:\/\/censys.io\/"},{"key":"4_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"20","DOI":"10.1007\/11957454_2","volume-title":"Privacy Enhancing Technologies","author":"Richard Clayton","year":"2006","unstructured":"Clayton, Richard., Murdoch, Steven J., Watson, Robert N.M.: Ignoring the great firewall of China. In: Danezis, George, Golle, Philippe (eds.) PET 2006. LNCS, vol. 4258, pp. 20\u201335. Springer, Heidelberg (2006). https:\/\/doi.org\/10.1007\/11957454_2"},{"key":"4_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"109","DOI":"10.1007\/978-3-319-04918-2_11","volume-title":"Passive and Active Measurement","author":"Roya Ensafi","year":"2014","unstructured":"Ensafi, Roya., Knockel, Jeffrey., Alexander, Geoffrey, Crandall, Jedidiah R.: Detecting intentional packet drops on the internet via TCP\/IP side channels. In: Faloutsos, Michalis, Kuzmanovic, Aleksandar (eds.) PAM 2014. LNCS, vol. 8362, pp. 109\u2013118. Springer, Cham (2014). https:\/\/doi.org\/10.1007\/978-3-319-04918-2_11"},{"key":"4_CR12","unstructured":"FireHOL IP Lists - All Cybercrime IP Feeds. http:\/\/iplists.firehol.org\/"},{"key":"4_CR13","doi-asserted-by":"crossref","unstructured":"Hao, S., Kantchelian, A., Miller, B., Paxson, V., Feamster, N.: PREDATOR: proactive recognition and elimination of domain abuse at time-of-registration. In: Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS), pp. 1568\u20131579. ACM (2016)","DOI":"10.1145\/2976749.2978317"},{"key":"4_CR14","doi-asserted-by":"crossref","unstructured":"Hao, S., Thomas, M., Paxson, V., Feamster, N., Kreibich, C., Grier, C., Hollenbeck, S.: Understanding the Domain Registration Behavior of Spammers. In: Proceedings of the ACM Internet Measurement Conference (IMC), pp. 63\u201376. ACM (2013)","DOI":"10.1145\/2504730.2504753"},{"key":"4_CR15","unstructured":"IP2Location: IP Address to Identify Geolocation. https:\/\/www.ip2location.com\/"},{"key":"4_CR16","unstructured":"IPdeny IP country blocks. https:\/\/www.ipdeny.com\/"},{"key":"4_CR17","unstructured":"IPIP.net: The Best IP Geolocation Database. https:\/\/en.ipip.net\/"},{"key":"4_CR18","doi-asserted-by":"crossref","unstructured":"Khattak, S., et al.: Do you see what i see? differential treatment of anonymous users. In: Proceedings of the Network and Distributed System Security Symposium (NDSS) (2016)","DOI":"10.14722\/ndss.2016.23342"},{"key":"4_CR19","unstructured":"Klein, A., Pinkas, B.: From IP ID to device ID and KASLR bypass. In: Proceedings of the 28th USENIX Security Symposium (USENIX Security), pp. 1063\u20131080 (2019)"},{"key":"4_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-319-11379-1_1","volume-title":"Research in Attacks, Intrusions and Defenses","author":"Marc K\u00fchrer","year":"2014","unstructured":"K\u00fchrer, Marc., Rossow, Christian, Holz, Thorsten: Paint it black: evaluating the effectiveness of malware blacklists. In: Stavrou, Angelos, Bos, Herbert, Portokalidis, Georgios (eds.) RAID 2014. LNCS, vol. 8688, pp. 1\u201321. Springer, Cham (2014). https:\/\/doi.org\/10.1007\/978-3-319-11379-1_1"},{"key":"4_CR21","unstructured":"Lemon, J.: Resisting SYN Flood DoS attacks with a SYN Cache. In: Proceedings of the BSD Conference (BSDCon), pp. 89\u201397. USENIX Association, USA (2002)"},{"key":"4_CR22","unstructured":"Li, G.: An Empirical Analysis on Threat Intelligence: Data Characteristics and Real-World Uses. Ph.D. thesis, UC San Diego (2020)"},{"key":"4_CR23","unstructured":"Li, V.G., Dunn, M., Pearce, P., McCoy, D., Voelker, G.M., Savage, S.: Reading the Tea leaves: a comparative analysis of threat intelligence. In: Proceedings of the 28th USENIX Security Symposium (USENIX Security), pp. 851\u2013867, August 2019"},{"key":"4_CR24","unstructured":"MaxMind: IP Geolocation and Online Fraud Prevention. https:\/\/www.maxmind.com\/"},{"key":"4_CR25","doi-asserted-by":"publisher","first-page":"218","DOI":"10.1145\/3278532.3278552","volume":"2018","author":"A McDonald","year":"2018","unstructured":"McDonald, A., et al.: 403 forbidden: a global view of CDN Geoblocking. Proc. Internet Measurement Conf. 2018, 218\u2013230 (2018)","journal-title":"Proc. Internet Measurement Conf."},{"key":"4_CR26","unstructured":"NetAcuity. https:\/\/seclists.org\/bugtraq\/1998\/Dec\/790"},{"key":"4_CR27","unstructured":"OpenNet Initiative: Survey of Government Internet Filtering Practices Indicates Increasing Internet Censorship, May 2007"},{"key":"4_CR28","doi-asserted-by":"crossref","unstructured":"Park, J.C., Crandall, J.R.: Empirical study of a national-scale distributed intrusion detection system: backbone-level filtering of HTML responses in China. In: IEEE 30th International Conference on Distributed Computing Systems (ICDCS), pp. 315\u2013326. IEEE (2010)","DOI":"10.1109\/ICDCS.2010.46"},{"key":"4_CR29","doi-asserted-by":"crossref","unstructured":"Pearce, P., Ensafi, R., Li, F., Feamster, N., Paxson, V.: Augur: internet-wide detection of connectivity disruptions. In: Proceedings of the IEEE Symposium on Security and Privacy (SP), pp. 427\u2013443. IEEE (2017)","DOI":"10.1109\/SP.2017.55"},{"key":"4_CR30","doi-asserted-by":"crossref","unstructured":"Pitsillidis, A., Kanich, C., Voelker, G.M., Levchenko, K., Savage, S.: Taster\u2019s choice: a comparative analysis of spam feeds. In: Proceedings of the ACM Internet Measurement Conference (IMC), pp. 427\u2013440. Boston, MA, November 2012 (2012)","DOI":"10.1145\/2398776.2398821"},{"key":"4_CR31","unstructured":"Ponemon Institute LLC: Third Annual Study on Changing Cyber Threat Intelligence: There Has to Be a Better Way (January 2018)"},{"key":"4_CR32","doi-asserted-by":"crossref","unstructured":"Postel, J.: RFC0791: Internet Protocol (1981)","DOI":"10.17487\/rfc0791"},{"key":"4_CR33","unstructured":"Ramachandran, A., Feamster, N., Dagon, D.: Revealing Botnet Membership Using DNSBL Counter-Intelligence. SRUTI 6 (2006)"},{"key":"4_CR34","unstructured":"Shackleford, D.: Cyber Threat Intelligence Uses, Successes and Failures: The SANS 2017 CTI Survey. Technical Report, SANS (2017)"},{"key":"4_CR35","unstructured":"Sheng, S., Wardman, B., Warner, G., Cranor, L.F., Hong, J., Zhang, C.: An empirical analysis of phishing blacklists. In: Proceedings of the Conference on Email and Anti-Spam (CEAS) (2009)"},{"key":"4_CR36","unstructured":"Singh, R., et al.: Characterizing the nature and dynamics of tor exit blocking. In: Proceedings of the 26th USENIX Security Symposium (USENIX Security), pp. 325\u2013341 (2017)"},{"key":"4_CR37","doi-asserted-by":"crossref","unstructured":"Sinha, S., Bailey, M., Jahanian, F.: Shades of grey: on the effectiveness of reputation-based \u201cblacklists\u201d. In: Proceedings of the 3rd International Conference on Malicious and Unwanted Software (MALWARE), pp. 57\u201364. IEEE (2008)","DOI":"10.1109\/MALWARE.2008.4690858"},{"issue":"4","key":"4_CR38","doi-asserted-by":"publisher","first-page":"133","DOI":"10.1145\/964725.633039","volume":"32","author":"N Spring","year":"2002","unstructured":"Spring, N., Mahajan, R., Wetherall, D.: Measuring ISP topologies with Rocketfuel. ACM SIGCOMM Comput. Commun. Rev. (CCR) 32(4), 133\u2013145 (2002)","journal-title":"ACM SIGCOMM Comput. Commun. Rev. (CCR)"},{"key":"4_CR39","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"143","DOI":"10.1007\/978-3-319-45719-2_7","volume-title":"Research in Attacks, Intrusions, and Defenses","author":"Kurt Thomas","year":"2016","unstructured":"Thomas, Kurt., Amira, Rony., Ben-Yoash, Adi., Folger, Ori., Hardon, Amir., Berger, Ari., Bursztein, Elie, Bailey, Michael: The abuse sharing economy: understanding the limits of threat exchanges. In: Monrose, Fabian, Dacier, Marc, Blanc, Gregory, Garcia-Alfaro, Joaquin (eds.) RAID 2016. LNCS, vol. 9854, pp. 143\u2013164. Springer, Cham (2016). https:\/\/doi.org\/10.1007\/978-3-319-45719-2_7"},{"key":"4_CR40","doi-asserted-by":"publisher","first-page":"212","DOI":"10.1016\/j.cose.2017.09.001","volume":"72","author":"W Tounsi","year":"2018","unstructured":"Tounsi, W., Rais, H.: A survey on technical threat intelligence in the age of sophisticated cyber attacks. Comput. Secur. 72, 212\u2013233 (2018)","journal-title":"Comput. Secur."},{"key":"4_CR41","unstructured":"University of Oregon Route Views Project. http:\/\/www.routeviews.org\/routeviews\/"},{"key":"4_CR42","unstructured":"Best National University Rankings. https:\/\/www.usnews.com\/best-colleges\/rankings\/national-universities, January 2020"},{"issue":"2","key":"4_CR43","doi-asserted-by":"publisher","first-page":"70","DOI":"10.1109\/MIC.2003.1189191","volume":"7","author":"J Zittrain","year":"2003","unstructured":"Zittrain, J., Edelman, B.: Internet filtering in China. IEEE Internet Computing 7(2), 70\u201377 (2003)","journal-title":"IEEE Internet Computing"}],"container-title":["Lecture Notes in Computer Science","Passive and Active Measurement"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-72582-2_4","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,5,4]],"date-time":"2021-05-04T19:36:43Z","timestamp":1620157003000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-72582-2_4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021]]},"ISBN":["9783030725815","9783030725822"],"references-count":43,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-72582-2_4","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2021]]},"assertion":[{"value":"30 March 2021","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"PAM","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Passive and Active Network Measurement","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Cottbus","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Germany","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2021","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"29 March 2021","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"31 March 2021","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"22","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"pam2021","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.pam2021.b-tu.de\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"HotCrp","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"75","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"33","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"44% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"4.9","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"No","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}