{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,2]],"date-time":"2026-05-02T14:58:39Z","timestamp":1777733919911,"version":"3.51.4"},"publisher-location":"Cham","reference-count":31,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783319990729","type":"print"},{"value":"9783319990736","type":"electronic"}],"license":[{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018]]},"DOI":"10.1007\/978-3-319-99073-6_17","type":"book-chapter","created":{"date-parts":[[2018,8,10]],"date-time":"2018-08-10T18:09:38Z","timestamp":1533924578000},"page":"346-362","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":29,"title":["Automatic Detection of Various Malicious Traffic Using Side Channel Features on TCP Packets"],"prefix":"10.1007","author":[{"given":"George","family":"Stergiopoulos","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Alexander","family":"Talavari","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Evangelos","family":"Bitsikas","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Dimitris","family":"Gritzalis","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2018,8,8]]},"reference":[{"key":"17_CR1","unstructured":"Biondi, P.: Scapy (2011)"},{"key":"17_CR2","unstructured":"McKinney, W.: PyData development team. Pandas: Powerful Python Data Analy. Toolkit 1625 (2015)"},{"key":"17_CR3","first-page":"2825","volume":"12","author":"F Pedregosa","year":"2011","unstructured":"Pedregosa, F., et al.: Scikit-learn: machine learning in Python. J. Mach. Learn. Res. 12, 2825\u20132830 (2011). http:\/\/scikit-learn.org\/","journal-title":"J. Mach. Learn. Res."},{"key":"17_CR4","unstructured":"MariaDB database server. https:\/\/mariadb.com\/ Accessed 1 Jan 2018"},{"key":"17_CR5","unstructured":"First.org, Hands-on Network Forensics - Training PCAP dataset from FIRST 2015. www.first.org\/_assets\/conf2015\/networkforensics_virtualbox.zip"},{"key":"17_CR6","unstructured":"Milicenso, Ponmocup Malware dataset (Update 2012-10-07, http:\/\/security-research.dyndns.org\/pub\/botnet\/ponmocup\/analysis_2012-10-05\/analysis.txt Accessed 1 Jan 2018)"},{"key":"17_CR7","unstructured":"CTU-13 dataset, CTU University, Czech Republic, 2011, https:\/\/mcfp.felk.cvut.cz\/publicDa-tasets\/CTU-Malware-Capture-Botnet-1\/"},{"key":"17_CR8","doi-asserted-by":"crossref","unstructured":"Livadas, C., Walsh, B., Lapsley, D., Strayer, T.: Using machine learning techniques to identify botnet traffic. In: Proceedings of the IEEE LCN Workshop on Network Security (2006)","DOI":"10.1109\/LCN.2006.322210"},{"key":"17_CR9","unstructured":"Cooke, E., Jahanian, F., McPherson, D.: The zombie roundup: understanding, detecting, and disrupting botnets. In: Proceedings of the Workshop on Steps to Reducing Unwanted Traffic on the Internet (2005)"},{"key":"17_CR10","unstructured":"Binkley, J., Singh, S.: An algorithm for anomaly-based Botnet detection. In: Proceedings of the Workshop on Steps to Reducing Unwanted Traffic on the Internet (2006)"},{"key":"17_CR11","unstructured":"Gu, G., Porras, P., Yegneswaran, V., Fong, M.W., Lee, W.: BotHunter: detecting malware. Infection through IDS-Driven Dialog Correlation. In: Proceedings of the USENIX Security Symposium (2007)"},{"key":"17_CR12","volume-title":"Classification and regression trees (cart) theory and applications","author":"R Timofeev","year":"2004","unstructured":"Timofeev, R.: Classification and regression trees (cart) theory and applications. Humboldt University, Berlin (2004)"},{"key":"17_CR13","unstructured":"St\u0159as\u00e1k, F.: Detection of HTTPS malware Traffic (Detekce Malware v HTTPS komunikaci). BSC thesis. \u010cesk\u00e9 vysok\u00e9 u\u010den\u00ed technick\u00e9 v Praze. Vypo\u010detn\u00ed a informa\u010dn\u00ed centrum (2017)"},{"key":"17_CR14","doi-asserted-by":"crossref","unstructured":"Taylor, C., Alves-Foss, J.: NATE - network analysis of anomalous traffic events, a low-cost approach. In: Proceedings of the New Security Paradigms Workshop (2001)","DOI":"10.1145\/508171.508186"},{"key":"17_CR15","doi-asserted-by":"crossref","unstructured":"Lakhina, A., Papagiannaki, K., Crovella, M.: Structural analysis of network traffic flows. In: Proceedings of ACM SIGMETRICS\/Performance (2004)","DOI":"10.1145\/1005686.1005697"},{"key":"17_CR16","unstructured":"Terrell, J., et al.: Multivariate SVD analyses for network anomaly detection. In: (Poster) Proceeding of ACM SIGCOMM (2005)"},{"key":"17_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"207","DOI":"10.1007\/978-3-540-70542-0_11","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"T-F Yen","year":"2008","unstructured":"Yen, T.-F., Reiter, M.K.: Traffic aggregation for malware detection. In: Zamboni, D. (ed.) DIMVA 2008. LNCS, vol. 5137, pp. 207\u2013227. Springer, Heidelberg (2008). https:\/\/doi.org\/10.1007\/978-3-540-70542-0_11"},{"key":"17_CR18","doi-asserted-by":"crossref","unstructured":"Kohout, J., Pevny, T.: Automatic discovery of web servers hosting similar applications. In: Proceedings of the IFIP\/IEEE International Symposium on Integrated Network Management, IEEE, pp. 1310\u20131315 (2015)","DOI":"10.1109\/INM.2015.7140487"},{"key":"17_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"131","DOI":"10.1007\/978-3-319-31863-9_10","volume-title":"Intelligence and Security Informatics","author":"J Loko\u010d","year":"2016","unstructured":"Loko\u010d, J., Kohout, J., \u010cech, P., Skopal, T., Pevn\u00fd, T.: k-NN classification of Malware in HTTPS traffic using the metric space approach. In: Chau, M., Wang, G.A., Chen, H. (eds.) PAISI 2016. LNCS, vol. 9650, pp. 131\u2013145. Springer, Cham (2016). https:\/\/doi.org\/10.1007\/978-3-319-31863-9_10"},{"issue":"1","key":"17_CR20","doi-asserted-by":"publisher","first-page":"5","DOI":"10.1145\/1198255.1198257","volume":"37","author":"M Crotti","year":"2007","unstructured":"Crotti, M., et al.: Traffic classification through simple statistical fingerprinting. ACM SIG-COMM Comput. Commun. Rev. 37(1), 5\u201316 (2007)","journal-title":"ACM SIG-COMM Comput. Commun. Rev."},{"key":"17_CR21","unstructured":"Prasse, P., et al.: Malware Detection by HTTPS Traffic Analysis (2017)"},{"issue":"4","key":"17_CR22","doi-asserted-by":"publisher","first-page":"7-1","DOI":"10.1147\/JRD.2016.2560558","volume":"60","author":"S Chari","year":"2016","unstructured":"Chari, S., et al.: A platform and analytics for usage and entitlement analytics. IBM J. Res. Dev. 60(4), 7-1 (2016)","journal-title":"IBM J. Res. Dev."},{"key":"17_CR23","unstructured":"Combs, G.: \u201cWireshark.\u201d (2007). http:\/\/www.wireshark.org\/lastmodified Accessed 12 Feb"},{"key":"17_CR24","unstructured":"Roesch, M.: Snort: lightweight intrusion detection for networks. In: Lisa, Vol. 99, no. 1 (1999)"},{"key":"17_CR25","doi-asserted-by":"crossref","unstructured":"Liu, J., et al.: Effective and real-time in-app activity analysis in encrypted internet traffic streams. In: Proceedings of the 23rd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. ACM (2017)","DOI":"10.1145\/3097983.3098049"},{"key":"17_CR26","doi-asserted-by":"crossref","unstructured":"Chen, S., et al.: Side-channel leaks in web applications: a reality today, a challenge tomorrow. In: IEEE Symposium on 2010 Security and Privacy, IEEE (2010)","DOI":"10.1109\/SP.2010.20"},{"key":"17_CR27","unstructured":"Encrypted Traffic Analytics, Cisco public, White paper (2017). www.cisco.com\/c\/dam\/en\/us\/solutions\/collateral\/enterprise-networks\/enterprise-network-security\/nb-09-encrytd-traf-anlytcs-wp-cte-en.pdf Accessed Mar 2018"},{"key":"17_CR28","unstructured":"Bro, I.: (2008). http:\/\/www.bro-ids.org"},{"key":"17_CR29","unstructured":"Beale, J., Baker, A., Esler, J.: Snort: IDS and IPS toolkit. Syngress (2007)"},{"key":"17_CR30","unstructured":"Suricata, I.D.S.: open-source IDS. IPS\/NSM engine (2014). (http:\/\/suricata-ids.org\/)"},{"key":"17_CR31","doi-asserted-by":"crossref","unstructured":"Sommer, R., Paxson, V.: Outside the closed world: on using machine learning for network intrusion detection. In: IEEE Symposium on 2010 Security and Privacy (SP), IEEE (2010)","DOI":"10.1109\/SP.2010.25"}],"container-title":["Lecture Notes in Computer Science","Computer Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-99073-6_17","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,8,12]],"date-time":"2023-08-12T00:03:46Z","timestamp":1691798626000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-319-99073-6_17"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018]]},"ISBN":["9783319990729","9783319990736"],"references-count":31,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-99073-6_17","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018]]},"assertion":[{"value":"8 August 2018","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ESORICS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"European Symposium on Research in Computer Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Barcelona","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Spain","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2018","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"3 September 2018","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"9 September 2018","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"23","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"esorics2018","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/esorics2018.upc.edu\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}