{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,5]],"date-time":"2024-09-05T22:27:39Z","timestamp":1725575259680},"publisher-location":"Berlin, Heidelberg","reference-count":40,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642181771"},{"type":"electronic","value":"9783642181788"}],"license":[{"start":{"date-parts":[[2011,1,1]],"date-time":"2011-01-01T00:00:00Z","timestamp":1293840000000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2011]]},"DOI":"10.1007\/978-3-642-18178-8_19","type":"book-chapter","created":{"date-parts":[[2011,1,15]],"date-time":"2011-01-15T11:09:47Z","timestamp":1295089787000},"page":"210-225","source":"Crossref","is-referenced-by-count":0,"title":["Summary-Invisible Networking: Techniques and Defenses"],"prefix":"10.1007","author":[{"given":"Lei","family":"Wei","sequence":"first","affiliation":[]},{"given":"Michael K.","family":"Reiter","sequence":"additional","affiliation":[]},{"given":"Ketan","family":"Mayer-Patel","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"19_CR1","unstructured":"Ahsan, K., Kundur, D.: Practical data hiding in TCP\/IP. In: Workshop on Multimedia and Security at ACM Multimedia 2002 (December 2002)"},{"key":"19_CR2","unstructured":"Borup, L.: Peer-to-peer botnets: A case study on Waledac. Master\u2019s thesis, Technical University of Denmark (2009)"},{"key":"19_CR3","doi-asserted-by":"crossref","unstructured":"Cabuk, S., Brodley, C.E., Shields, C.: IP covert timing channels: Design and detection. In: CCS, pp. 178\u2013187 (2004)","DOI":"10.1145\/1030083.1030108"},{"key":"19_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/11863908_1","volume-title":"Computer Security \u2013 ESORICS 2006","author":"M.P. Collins","year":"2006","unstructured":"Collins, M.P., Reiter, M.K.: Finding peer-to-peer file-sharing using coarse network behaviors. In: Gollmann, D., Meier, J., Sabelfeld, A. (eds.) ESORICS 2006. LNCS, vol.\u00a04189, pp. 1\u201317. Springer, Heidelberg (2006)"},{"key":"19_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"276","DOI":"10.1007\/978-3-540-74320-0_15","volume-title":"Recent Advances in Intrusion Detection","author":"M.P. Collins","year":"2007","unstructured":"Collins, M.P., Reiter, M.K.: Hit-list worm detection and bot identification in large networks using protocol graphs. In: Kruegel, C., Lippmann, R., Clark, A. (eds.) RAID 2007. LNCS, vol.\u00a04637, pp. 276\u2013295. Springer, Heidelberg (2007)"},{"key":"19_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"251","DOI":"10.1007\/978-3-540-87403-4_14","volume-title":"Recent Advances in Intrusion Detection","author":"M.P. Collins","year":"2008","unstructured":"Collins, M.P., Reiter, M.K.: On the limits of payload-oblivious network attack detection. In: Lippmann, R., Kirda, E., Trachtenberg, A. (eds.) RAID 2008. LNCS, vol.\u00a05230, pp. 251\u2013270. Springer, Heidelberg (2008)"},{"key":"19_CR7","doi-asserted-by":"crossref","unstructured":"Demmer, M., Fall, K.: DTLSR: Delay tolerant routing for developing regions. In: Workshop on Networked Systems for Developing Regions, pp. 1\u20136 (2007)","DOI":"10.1145\/1326571.1326579"},{"key":"19_CR8","doi-asserted-by":"crossref","unstructured":"Erramilli, V., Crovella, M.: Forwarding in opportunistic networks under resource constraints. In: ACM MobiCom Workshop on Challenged Networks (September 2008)","DOI":"10.1145\/1409985.1409994"},{"key":"19_CR9","doi-asserted-by":"crossref","unstructured":"Fall, K.: A delay-tolerant network architecture for challenged internets. In: SIGCOMM, pp. 27\u201334 (2003)","DOI":"10.1145\/863955.863960"},{"key":"19_CR10","doi-asserted-by":"publisher","first-page":"399","DOI":"10.4153\/CJM-1956-045-5","volume":"8","author":"L.R. Ford Jr.","year":"1956","unstructured":"Ford Jr., L.R., Fulkerson, D.R.: Maximal flow through a network. Canadian J. Mathematics\u00a08, 399\u2013404 (1956)","journal-title":"Canadian J. Mathematics"},{"key":"19_CR11","doi-asserted-by":"crossref","unstructured":"Gao, Y., Zhao, Y., Schweller, R., Venkataraman, S., Chen, Y., Song, D., Kao, M.-Y.: Detecting stealthy attacks using online histograms. In: 15th IEEE Intern. Workshop on Quality of Service (June 2007)","DOI":"10.1109\/IWQOS.2007.376561"},{"key":"19_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"194","DOI":"10.1007\/3-540-36467-6_15","volume-title":"Privacy Enhancing Technologies","author":"J. Giffin","year":"2003","unstructured":"Giffin, J., Greenstadt, R., Litwack, P., Tibbetts, R.: Covert messaging through TCP timestamps. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol.\u00a02482, pp. 194\u2013208. Springer, Heidelberg (2003)"},{"key":"19_CR13","unstructured":"Gu, G., Perdisci, R., Zhang, J., Lee, W.: BotMiner: Clustering analysis of network traffic for protocol and structure independent botnet detection. In: USENIX Security (2008)"},{"key":"19_CR14","unstructured":"Gu, G., Porras, P., Yegneswaran, V., Fong, M., Lee, W.: BotHunter: Detecting malware infection through ids-driven dialog correlation. In: USENIX Security (August 2007)"},{"key":"19_CR15","unstructured":"Gu, G., Zhang, J., Lee, W.: BotSniffer: Detecting botnet command and control channels in network traffic. In: NDSS (February 2008)"},{"key":"19_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"23","DOI":"10.1007\/3-540-61996-8_29","volume-title":"Information Hiding","author":"T.G. Handel","year":"1996","unstructured":"Handel, T.G., Sandford II, M.T.: Hiding data in the OSI network model. In: Anderson, R. (ed.) IH 1996. LNCS, vol.\u00a01174, pp. 23\u201338. Springer, Heidelberg (1996)"},{"key":"19_CR17","doi-asserted-by":"crossref","unstructured":"Hern\u00e1ndez-Campos, F., Nobel, A.B., Smith, F.D., Jeffay, K.: Understanding patterns of TCP connection usage with statistical clustering. In: MASCOTS, pp. 35\u201344 (September 2005)","DOI":"10.1109\/MASCOTS.2005.75"},{"key":"19_CR18","doi-asserted-by":"crossref","unstructured":"Jain, S., Fall, K., Patra, R.: Routing in a delay tolerant network. In: SIGCOMM, pp. 145\u2013158 (2004)","DOI":"10.1145\/1015467.1015484"},{"key":"19_CR19","doi-asserted-by":"crossref","unstructured":"Jung, J., Paxson, V., Berger, A.W., Balakrishnan, H.: Fast portscan detection using sequential hypothesis testing. In: IEEE Symp. Security and Privacy (May 2004)","DOI":"10.1109\/SECPRI.2004.1301325"},{"key":"19_CR20","doi-asserted-by":"crossref","unstructured":"Karagiannis, T., Papagiannaki, K., Faloutsos, M.: BLINC: Multilevel traffic classification in the dark. In: SIGCOMM (August 2005)","DOI":"10.1145\/1080091.1080119"},{"key":"19_CR21","doi-asserted-by":"crossref","unstructured":"Karamcheti, V., Geiger, D., Kedem, Z., Muthukrishnan, S.: Detecting malicious network traffic using inverse distributions of packet contents. In: Workshop on Mining Network Data, pp. 165\u2013170 (2005)","DOI":"10.1145\/1080173.1080176"},{"key":"19_CR22","unstructured":"Kim, H.A., Karp, B.: Autograph: Toward automatic distributed worm signature generation. In: USENIX Security (August 2004)"},{"key":"19_CR23","doi-asserted-by":"crossref","unstructured":"Kruegel, C., Toth, T., Kirda, E.: Service specific anomaly detection for network intrusion detection. In: Symp. Applied Computing (March 2002)","DOI":"10.1145\/508791.508835"},{"key":"19_CR24","doi-asserted-by":"crossref","unstructured":"Lakhina, A., Crovella, M., Diot, C.: Mining anomalies using traffic feature distributions. In: SIGCOMM, pp. 217\u2013228 (2005)","DOI":"10.1145\/1080091.1080118"},{"key":"19_CR25","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"147","DOI":"10.1007\/11767831_10","volume-title":"Privacy Enhancing Technologies","author":"N.B. Lucena","year":"2006","unstructured":"Lucena, N.B., Lewandowski, G., Chapin, S.J.: Covert channels in IPv6. In: Danezis, G., Martin, D. (eds.) PET 2005. LNCS, vol.\u00a03856, pp. 147\u2013166. Springer, Heidelberg (2006)"},{"key":"19_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"247","DOI":"10.1007\/11558859_19","volume-title":"Information Hiding","author":"S.J. Murdoch","year":"2005","unstructured":"Murdoch, S.J., Lewis, S.: Embedding covert channels into TCP\/IP. In: Barni, M., Herrera-Joancomart\u00ed, J., Katzenbeisser, S., P\u00e9rez-Gonz\u00e1lez, F. (eds.) IH 2005. LNCS, vol.\u00a03727, pp. 247\u2013261. Springer, Heidelberg (2005)"},{"key":"19_CR27","doi-asserted-by":"crossref","unstructured":"Newsome, J., Karp, B., Song, D.: Polygraph: Automatically generating signatures for polymorphic worms. In: IEEE Symp. Security and Privacy (May 2005)","DOI":"10.1109\/SP.2005.15"},{"key":"19_CR28","doi-asserted-by":"crossref","unstructured":"Rowland, C.H.: Covert channels in the TCP\/IP protocol suite. First Monday\u00a02(5) (1997)","DOI":"10.5210\/fm.v2i5.528"},{"key":"19_CR29","unstructured":"Singh, S., Estan, C., Varghese, G., Savage, S.: Automated worm fingerprinting. In: OSDI (December 2004)"},{"key":"19_CR30","unstructured":"Staniford-Chen, S., Cheung, S., Crawford, R., Dilger, M., Frank, J., Hoagl, J., Levitt, K., Wee, C., Yip, R., Zerkle, D.: GrIDS \u2013 a graph based intrusion detection system for large networks. In: 19th National Information Systems Security Conf., pp. 361\u2013370 (1996)"},{"key":"19_CR31","doi-asserted-by":"crossref","unstructured":"Stover, S., Dittrich, D., Hernandez, J., Dietrich, S.: Analysis of the Storm and Nugache trojans: P2P is here. USENIX;login\u00a032(6) (2007)","DOI":"10.1016\/S0262-4079(07)61440-7"},{"key":"19_CR32","doi-asserted-by":"crossref","unstructured":"Terrell, J., Jeffay, K., Smith, F.D., Gogan, J., Keller, J.: Exposing server performance to network managers through passive network measurements. In: IEEE Internet Network Management Workshop, pp. 1\u20136 (October 2008)","DOI":"10.1109\/INETMW.2008.4660331"},{"key":"19_CR33","unstructured":"Vadhat, A., Becker, D.: Epidemic routing for partially connected ad hoc networks. Technical Report CS-200006, Department of Computer Science, Duke University (2000)"},{"key":"19_CR34","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"227","DOI":"10.1007\/11663812_12","volume-title":"Recent Advances in Intrusion Detection","author":"K. Wang","year":"2006","unstructured":"Wang, K., Cretu, G., Stolfo, S.J.: Anomalous payload-based worm detection and signature generation. In: Valdes, A., Zamboni, D. (eds.) RAID 2005. LNCS, vol.\u00a03858, pp. 227\u2013246. Springer, Heidelberg (2006)"},{"key":"19_CR35","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"226","DOI":"10.1007\/11856214_12","volume-title":"Recent Advances in Intrusion Detection","author":"K. Wang","year":"2006","unstructured":"Wang, K., Parekh, J.J., Stolfo, S.J.: Anagram: A content anomaly detector resistant to mimicry attack. In: Zamboni, D., Kr\u00fcgel, C. (eds.) RAID 2006. LNCS, vol.\u00a04219, pp. 226\u2013248. Springer, Heidelberg (2006)"},{"key":"19_CR36","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"203","DOI":"10.1007\/978-3-540-30143-1_11","volume-title":"Recent Advances in Intrusion Detection","author":"K. Wang","year":"2004","unstructured":"Wang, K., Stolfo, S.J.: Anomalous payload-based network intrusion detection. In: Jonsson, E., Valdes, A., Almgren, M. (eds.) RAID 2004. LNCS, vol.\u00a03224, pp. 203\u2013222. Springer, Heidelberg (2004)"},{"key":"19_CR37","unstructured":"Wei, L., Reiter, M.K., Mayer-Patel, K.: Summary-invisible networking: Techniques and defenses. Technical Report TR09-019, Department of Computer Science, University of North Carolina at Chapel Hill (2009)"},{"key":"19_CR38","unstructured":"Xie, Y., Sekar, V., Maltz, D., Reiter, M.K., Zhang, H.: Worm origin identification using random moonwalks. In: 2005 IEEE Symp. Security and Privacy, pp. 242\u2013256 (May 2005)"},{"key":"19_CR39","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"207","DOI":"10.1007\/978-3-540-70542-0_11","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"T.-F. Yen","year":"2008","unstructured":"Yen, T.-F., Reiter, M.K.: Traffic aggregation for malware detection. In: Zamboni, D. (ed.) DIMVA 2008. LNCS, vol.\u00a05137, pp. 207\u2013227. Springer, Heidelberg (2008)"},{"key":"19_CR40","doi-asserted-by":"crossref","unstructured":"Yen, T.-F., Reiter, M.K.: Are your hosts trading or plotting? Telling P2P file-sharing and bots apart. In: ICDCS (2010)","DOI":"10.1109\/ICDCS.2010.76"}],"container-title":["Lecture Notes in Computer Science","Information Security"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-18178-8_19","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,6,7]],"date-time":"2019-06-07T18:11:43Z","timestamp":1559931103000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-18178-8_19"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2011]]},"ISBN":["9783642181771","9783642181788"],"references-count":40,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-18178-8_19","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2011]]}}}