{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,25]],"date-time":"2025-03-25T22:40:22Z","timestamp":1742942422115,"version":"3.40.3"},"publisher-location":"Cham","reference-count":27,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319288642"},{"type":"electronic","value":"9783319288659"}],"license":[{"start":{"date-parts":[[2015,1,1]],"date-time":"2015-01-01T00:00:00Z","timestamp":1420070400000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2015]]},"DOI":"10.1007\/978-3-319-28865-9_25","type":"book-chapter","created":{"date-parts":[[2016,1,23]],"date-time":"2016-01-23T03:40:02Z","timestamp":1453520402000},"page":"459-476","source":"Crossref","is-referenced-by-count":4,"title":["A Markov Random Field Approach to Automated Protocol Signature Inference"],"prefix":"10.1007","author":[{"given":"Yongzheng","family":"Zhang","sequence":"first","affiliation":[]},{"given":"Tao","family":"Xu","sequence":"additional","affiliation":[]},{"given":"Yipeng","family":"Wang","sequence":"additional","affiliation":[]},{"given":"Jianliang","family":"Sun","sequence":"additional","affiliation":[]},{"given":"Xiaoyu","family":"Zhang","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"25_CR1","unstructured":"Cui, W., Kannan, J., Wang, H.J.: Discoverer: automatic protocol reverse engineering from network traces. In: Proceedings of the 16th USENIX Security Symposium, pp. 1\u201314 (2007)"},{"key":"25_CR2","doi-asserted-by":"crossref","unstructured":"Haffner, P., Sen, S., Spatscheck, O., Wang, D.: ACAS: automated construction of application signatures. In: Proceedings of the 2005 ACM SIGCOMM Workshop on Mining Network Data, pp. 197\u2013202 (2005)","DOI":"10.1145\/1080173.1080183"},{"key":"25_CR3","doi-asserted-by":"crossref","unstructured":"Wang, Y., et al.: A semantics aware approach to automated reverse engineering unknown protocols. In: Proceedings of the 20th IEEE International Conference on Network Protocol (ICNP), pp. 1\u201310 (2012)","DOI":"10.1109\/ICNP.2012.6459963"},{"key":"25_CR4","unstructured":"Slonim, N., Tishby, N.: Agglomerative information bottleneck. In: Proceedings of the 12th Neural Information Processing Systems (NIPS), pp. 617\u2013623 (1999)"},{"key":"25_CR5","unstructured":"Perdisci, R., Lee, W., Feamster, N.: Behavioral clustering of HTTP-based malware and signature generation using malicious network traces. In: Proceedings of the 7th USENIX Conference on Networked Systems Design and Implementation, pp. 391\u2013404 (2010)"},{"key":"25_CR6","doi-asserted-by":"crossref","unstructured":"Slonim, N., Friedman, N., Tishby, N.: Unsupervised document classification using sequential information maximization. In: Proceedings of the 24th International ACM SIGIR Conference on Research and Development in Information Retrieval, pp. 129\u2013136 (2002)","DOI":"10.1145\/564400.564401"},{"key":"25_CR7","doi-asserted-by":"publisher","first-page":"5228","DOI":"10.1073\/pnas.0307752101","volume":"101","author":"TL Griffiths","year":"2004","unstructured":"Griffiths, T.L., Steyvers, M.: Finding scientific topics. Proceedings of the National Academy of Sciences of the United States of America 101, 5228\u20135235 (2004)","journal-title":"Proceedings of the National Academy of Sciences of the United States of America"},{"key":"25_CR8","doi-asserted-by":"crossref","unstructured":"Finamore, A., Mellia, M., Meo, M., Rossi, D.: Kiss: Stochastic packet inspection classifier for udp traffic. IEEE\/ACM Transactions on Networking, 1505\u20131515 (2010)","DOI":"10.1109\/TNET.2010.2044046"},{"key":"25_CR9","doi-asserted-by":"crossref","unstructured":"Wang, Y., et al.: Biprominer: automatic mining of binary protocol features (PDCAT). In: Proceedings of the 12th IEEE International Conference on Parallel and Distributed Computing, Applications and Technologies, pp. 179\u2013184 (2011)","DOI":"10.1109\/PDCAT.2011.25"},{"key":"25_CR10","doi-asserted-by":"crossref","unstructured":"Caballero, J., Yin, H., Liang, Z., Song, D.: Polyglot: automatic extraction of protocol message format using dynamic binary analysis. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 317\u2013329 (2007)","DOI":"10.1145\/1315245.1315286"},{"key":"25_CR11","doi-asserted-by":"crossref","unstructured":"Lim, J., Reps, T., Liblit, B.: Extracting output formats from executables. In: Proceedings of the 13th Working Conference on Reverse Engineering, pp. 167\u2013178 (2006)","DOI":"10.1109\/WCRE.2006.29"},{"key":"25_CR12","doi-asserted-by":"crossref","unstructured":"Cui, W., Peinado, M., Chen, K., Wang, H.J., Irun-Briz, L.: Tupni: automatic reverse engineering of input formats. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 391\u2013402 (2008)","DOI":"10.1145\/1455770.1455820"},{"key":"25_CR13","doi-asserted-by":"crossref","unstructured":"Kannan, J., Jung, J., Paxson, V., Koksal, C.E.: Semi-automated discovery of applicattion session signatures. In: Proceedings of the 6th ACM SIGCOMM Conference on Internet Measurement (IMC), pp. 119\u2013132 (2006)","DOI":"10.1145\/1177080.1177096"},{"key":"25_CR14","doi-asserted-by":"crossref","unstructured":"Ma, J., Levchenko, K., Kreibich, C., Savage, S., Voelker, G.M.: Unexpected means of protocol inference. In: Proceedings of the 6th ACM SIGCOMM Internet Measurement Conference, pp. 313\u2013326 (2006)","DOI":"10.1145\/1177080.1177123"},{"key":"25_CR15","unstructured":"Holger, D., Anja, F., Michael, M., Vern, P., Robin, S.: Dynamic application-layer protocol analysis for network intrusion detection. In: Proceedings of the 15th Conference on USENIX Security Symposium, pp. 257\u2013272 (2006)"},{"issue":"1","key":"25_CR16","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1109\/TNET.2015.2492602","volume":"24","author":"X Yun","year":"2015","unstructured":"Yun, X., Wang, Y., Zhang, Y., Zhou, Y.: A Semantics-Aware Approach to the Automated Network Protocol Identification. IEEE\/ACM Transactions on Networking 24(1), 1\u201313 (2015)","journal-title":"IEEE\/ACM Transactions on Networking"},{"issue":"5","key":"25_CR17","doi-asserted-by":"publisher","first-page":"573","DOI":"10.1016\/j.jcss.2012.11.004","volume":"79","author":"J Zhang","year":"2013","unstructured":"Zhang, J., Xiang, Y., Zhou, W., Wang, Y.: Unsupervised traffic classification using flow statistical properties and IP packet payload. Journal of Computer and System Sciences 79(5), 573\u2013585 (2013)","journal-title":"Journal of Computer and System Sciences"},{"key":"25_CR18","doi-asserted-by":"crossref","unstructured":"Xie, G., Iliofotou, M., Keralapura, R., Faloutsos, M., Nucci, A.: Subflow: towards practical flow-level traffic classification. In: Proceedings of the 31th Annual International Conference on Computer Communications, pp. 2541\u20132545 (2012)","DOI":"10.1109\/INFCOM.2012.6195649"},{"key":"25_CR19","doi-asserted-by":"crossref","unstructured":"Cho, C.Y., Babic, D., Shin, R., Song, D.: Inference and analysis of formal models of botnet command and control protocols. In: Proceedings of the 17th ACM Conference on Computer and Communication Security, pp. 426\u2013439 (2010)","DOI":"10.1145\/1866307.1866355"},{"key":"25_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-642-21554-4_1","volume-title":"Applied Cryptography and Network Security","author":"Y Wang","year":"2011","unstructured":"Wang, Y., Zhang, Z., Yao, D.D., Qu, B., Guo, L.: Inferring protocol state machine from network traces: a probabilistic approach. In: Lopez, J., Tsudik, G. (eds.) ACNS 2011. LNCS, vol. 6715, pp. 1\u201318. Springer, Heidelberg (2011)"},{"key":"25_CR21","doi-asserted-by":"crossref","unstructured":"Zhang, Z., Zhang, Z., Lee, P.P.C., Liu, Y., Xie, G.: ProWord: an unsupervised approach to protocol feature word extraction. In: Proceedings of the 33th Annual International Conference on Computer Communications, pp. 1393\u20131401 (2014)","DOI":"10.1109\/INFOCOM.2014.6848073"},{"key":"25_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"50","DOI":"10.1007\/978-3-642-19896-0_5","volume-title":"Privacy and Security Issues in Data Mining and Machine Learning","author":"T Krueger","year":"2010","unstructured":"Krueger, T., Kr\u00e4mer, N., Rieck, K.: ASAP: automatic semantics-aware analysis of network payloads. In: Dimitrakakis, C., Gkoulalas-Divanis, A., Mitrokotsa, A., Verykios, V.S., Saygin, Y. (eds.) PSDML 2010. LNCS, vol. 6549, pp. 50\u201363. Springer, Heidelberg (2010)"},{"key":"25_CR23","doi-asserted-by":"crossref","unstructured":"Fang, H., Tao, T., Zhai, C.: A formal study of information retrieval heuristics. In: Proceedings of ACM SIGIR, pp. 49\u201356 (2004)","DOI":"10.1145\/1008992.1009004"},{"key":"25_CR24","doi-asserted-by":"crossref","unstructured":"Azzopardi, L., Girolami, M., van Risjbergen, K.: Investigating the relationship between language model perplexity and ir precision-recall measures. In: Proceedings of the 26th Annual International ACM SIGIR Conference on Research and Development in Informaion Retrieval, pp. 369\u2013370 (2003)","DOI":"10.1145\/860435.860505"},{"key":"25_CR25","doi-asserted-by":"crossref","unstructured":"Wang, Y., et al.: Using entropy to classify traffic more deeply. In: Proceedings of the 6th International Conference on Networking, Architecture and Storage (NAS), pp. 45\u201352 (2011)","DOI":"10.1109\/NAS.2011.18"},{"issue":"10","key":"25_CR26","doi-asserted-by":"publisher","first-page":"1894","DOI":"10.1109\/JSAC.2014.2358857","volume":"32","author":"Z Zhang","year":"2014","unstructured":"Zhang, Z., Zhang, Z., Lee, P.P.C., Liu, Y., Xie, G.: Toward Unsupervised Protocol Feature Word Extraction. IEEE Journal on Selected Areas in Communications 32(10), 1894\u20131906 (2014)","journal-title":"IEEE Journal on Selected Areas in Communications"},{"key":"25_CR27","doi-asserted-by":"crossref","unstructured":"Wang, Y., Yun, X., Zhang, Y.: Rethinking robust and accurate application protocol identification: a nonparametric approach. In: Proceedings of the 23rd IEEE International Conference on Network Protocol (ICNP), pp. 1\u201311 (2015)","DOI":"10.1109\/ICNP.2015.43"}],"container-title":["Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering","Security and Privacy in Communication Networks"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-28865-9_25","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,6,1]],"date-time":"2019-06-01T07:29:16Z","timestamp":1559374156000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-28865-9_25"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015]]},"ISBN":["9783319288642","9783319288659"],"references-count":27,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-28865-9_25","relation":{},"ISSN":["1867-8211","1867-822X"],"issn-type":[{"type":"print","value":"1867-8211"},{"type":"electronic","value":"1867-822X"}],"subject":[],"published":{"date-parts":[[2015]]}}}