{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,1]],"date-time":"2026-02-01T04:45:37Z","timestamp":1769921137766,"version":"3.49.0"},"publisher-location":"Cham","reference-count":37,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783031976223","type":"print"},{"value":"9783031976230","type":"electronic"}],"license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-3-031-97623-0_13","type":"book-chapter","created":{"date-parts":[[2025,7,10]],"date-time":"2025-07-10T09:26:43Z","timestamp":1752139603000},"page":"216-236","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Overlapping Data in\u00a0Network Protocols: Bridging OS and\u00a0NIDS Reassembly Gap"],"prefix":"10.1007","author":[{"given":"Lucas","family":"Aubard","sequence":"first","affiliation":[]},{"given":"Johan","family":"Mazel","sequence":"additional","affiliation":[]},{"given":"Gilles","family":"Guette","sequence":"additional","affiliation":[]},{"given":"Pierre","family":"Chifflier","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,7,10]]},"reference":[{"key":"13_CR1","unstructured":"Meek pluggable transport. https:\/\/support.torproject.org\/glossary\/meek\/"},{"key":"13_CR2","unstructured":"Nmap. https:\/\/nmap.org\/"},{"key":"13_CR3","unstructured":"Snort IP reassembly policies. https:\/\/snort.org\/faq\/readme-frag3"},{"key":"13_CR4","unstructured":"Snort TCP reassembly policies. https:\/\/snort.org\/faq\/readme-stream5"},{"key":"13_CR5","unstructured":"Suricata. https:\/\/suricata.io\/"},{"key":"13_CR6","unstructured":"Suricata reassembly policies. https:\/\/docs.suricata.io\/en\/suricata-7.0.4\/configuration\/suricata-yaml.html#host-os-policy"},{"key":"13_CR7","doi-asserted-by":"publisher","unstructured":"Internet Protocol. RFC 791 (1981). https:\/\/doi.org\/10.17487\/RFC0791. https:\/\/www.rfc-editor.org\/info\/rfc791","DOI":"10.17487\/RFC0791"},{"key":"13_CR8","doi-asserted-by":"crossref","unstructured":"Allen, J.F.: Maintaining knowledge about temporal intervals. CACM (1983)","DOI":"10.1145\/182.358434"},{"key":"13_CR9","unstructured":"Atlasis, A.: Attacking ipv6 implementation using fragmentation. Black Hat (2012)"},{"key":"13_CR10","doi-asserted-by":"crossref","unstructured":"Bock, K., Hughey, G., Qiang, X., Levin, D.: Geneva: evolving censorship evasion strategies. In: ACM CCS (2019)","DOI":"10.1145\/3319535.3363189"},{"key":"13_CR11","doi-asserted-by":"crossref","unstructured":"Bock, K., Naval, G., Reese, K., Levin, D.: Even censors have a backup: Examining china\u2019s double https censorship middleboxes. In: ACM SIGCOMM (2021)","DOI":"10.1145\/3473604.3474559"},{"key":"13_CR12","doi-asserted-by":"crossref","unstructured":"Deering, S., Hinden, R.: RFC 8200: internet protocol, version 6 (ipv6) specification (2017)","DOI":"10.17487\/RFC8200"},{"key":"13_CR13","doi-asserted-by":"crossref","unstructured":"Di\u00a0Paolo, E., Bassetti, E., Spognardi, A.: A new model for testing ipv6 fragment handling. In: ESORICS (2023)","DOI":"10.1007\/978-3-031-51476-0_14"},{"key":"13_CR14","doi-asserted-by":"publisher","unstructured":"Eddy, W.: Transmission Control Protocol (TCP). RFC 9293 (2022). https:\/\/doi.org\/10.17487\/RFC9293. https:\/\/www.rfc-editor.org\/info\/rfc9293","DOI":"10.17487\/RFC9293"},{"key":"13_CR15","doi-asserted-by":"crossref","unstructured":"Feng, X., et al.: PMTUD is not panacea: revisiting IP fragmentation attacks against TCP. In: NDSS (2022)","DOI":"10.14722\/ndss.2022.24381"},{"key":"13_CR16","doi-asserted-by":"crossref","unstructured":"Floyd, S., Mahdavi, J., Mathis, M., Podolsky, M.: RFC2883: an extension to the selective acknowledgement (SACK) option for TCP (2000)","DOI":"10.17487\/rfc2883"},{"key":"13_CR17","doi-asserted-by":"crossref","unstructured":"Holland, J., Schmitt, P., Feamster, N., Mittal, P.: New directions in automated traffic analysis. In: ACM CCS (2021)","DOI":"10.1145\/3460120.3484758"},{"key":"13_CR18","doi-asserted-by":"crossref","unstructured":"John, W., Olovsson, T.: Detection of malicious traffic on back-bone links via packet header analysis. CWIS (2008)","DOI":"10.1108\/10650740810921484"},{"key":"13_CR19","unstructured":"Khattak, S., Javed, M., Anderson, P.D., Paxson, V.: Towards illuminating a censorship monitor\u2019s model to facilitate evasion. In: FOCI (2013)"},{"key":"13_CR20","unstructured":"Li, F., Razaghpanah, A., Kakhki, A.M., Niaki, A.A., Choffnes, D., Gill, P., Mislove, A.: lib$$\\bullet $$ erate,(n) a library for exposing (traffic-classification) rules and avoiding them efficiently. In: ACM IMC (2017)"},{"key":"13_CR21","doi-asserted-by":"crossref","unstructured":"Lin, B., Zhang, L., Guo, Y., Zhang, H., Fang, Y.: Research on security protection evasion mechanism based on ipv6 fragment headers. In: IEEE LCN (2024)","DOI":"10.1109\/LCN60385.2024.10639756"},{"key":"13_CR22","unstructured":"NIST: CVE-2024-32867"},{"key":"13_CR23","unstructured":"Nobori, D., Shinjo, Y.: VPN gate: a volunteer-organized public VPN relay system with blocking resistance for bypassing government censorship firewalls. In: NSDI (2014)"},{"key":"13_CR24","unstructured":"Novak, J.: Target-based fragmentation reassembly (2005)"},{"key":"13_CR25","unstructured":"Novak, J., Sturges, S.: Target-based TCP stream reassembly (2007)"},{"key":"13_CR26","unstructured":"Paxson, V.: Bro: a system for detecting network intruders in real-time. Elsevier Computer networks"},{"key":"13_CR27","unstructured":"Ptacek, T., Newsham, T.: Insertion, evasion, and denial of service: eluding network intrusion detection. Technical report, Secure Networks, Inc. (1998)"},{"key":"13_CR28","unstructured":"Roesch, M., et\u00a0al.: Snort: lightweight intrusion detection for networks (1999)"},{"key":"13_CR29","doi-asserted-by":"crossref","unstructured":"Shamsi, Z., Loguinov, D.: Unsupervised clustering under temporal feature volatility in network stack fingerprinting. In: ACM SIGMETRICS (2016)","DOI":"10.1145\/2896377.2901449"},{"key":"13_CR30","unstructured":"Shankar, U., Paxson, V.: Active mapping: resisting NIDS evasion without altering traffic. In: SP (2003)"},{"key":"13_CR31","doi-asserted-by":"crossref","unstructured":"Touch, J.: RFC 6864: updated specification of the ipv4 id field (2013)","DOI":"10.17487\/rfc6864"},{"key":"13_CR32","doi-asserted-by":"crossref","unstructured":"Wang, Z., Cao, Y., Qian, Z., Song, C., Krishnamurthy, S.: Your state is not mine: a closer look at evading stateful internet censorship. In: ACM IMC (2017)","DOI":"10.1145\/3131365.3131374"},{"key":"13_CR33","doi-asserted-by":"crossref","unstructured":"Wang, Z., Zhu, S.: SymTCP: eluding stateful deep packet inspection with automated discrepancy discovery. In: NDSS (2020)","DOI":"10.14722\/ndss.2020.24083"},{"key":"13_CR34","doi-asserted-by":"crossref","unstructured":"Wang, Z., et al.: Themis: ambiguity-aware network intrusion detection based on symbolic model comparison. In: MTD (2021)","DOI":"10.1145\/3474370.3485669"},{"key":"13_CR35","unstructured":"Zalewski, M.: p0f (2014). https:\/\/lcamtuf.coredump.cx\/p0f3\/"},{"key":"13_CR36","doi-asserted-by":"crossref","unstructured":"Zhang, Z., Yuan, B., Yang, K., Zou, D., Jin, H.: Statediver: testing deep packet inspection systems with state-discrepancy guidance. In: ACSAC (2022)","DOI":"10.1145\/3564625.3564650"},{"key":"13_CR37","unstructured":"Zou, Y.H., Bai, J.J., Zhou, J., Tan, J., Qin, C., Hu, S.M.: $$\\{$$TCP-Fuzz$$\\}$$: detecting memory and semantic bugs in $$\\{$$TCP$$\\}$$ stacks with fuzzing. In: ATC (2021)"}],"container-title":["Lecture Notes in Computer Science","Detection of Intrusions and Malware, and Vulnerability Assessment"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-97623-0_13","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,10]],"date-time":"2025-07-10T09:26:48Z","timestamp":1752139608000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-97623-0_13"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"ISBN":["9783031976223","9783031976230"],"references-count":37,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-97623-0_13","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025]]},"assertion":[{"value":"10 July 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"DIMVA","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Graz","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Austria","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"9 July 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"11 July 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"22","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"dimva2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/dimva.org\/dimva2025\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}