{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T23:10:02Z","timestamp":1750374602867,"version":"3.41.0"},"publisher-location":"Singapore","reference-count":20,"publisher":"Springer Singapore","isbn-type":[{"type":"print","value":"9789811054204"},{"type":"electronic","value":"9789811054211"}],"license":[{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2017]]},"DOI":"10.1007\/978-981-10-5421-1_13","type":"book-chapter","created":{"date-parts":[[2017,6,22]],"date-time":"2017-06-22T12:30:04Z","timestamp":1498134604000},"page":"157-168","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":3,"title":["UnitecDEAMP: Flow Feature Profiling for Malicious Events Identification in Darknet Space"],"prefix":"10.1007","author":[{"given":"Ruibin","family":"Zhang","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Chi","family":"Yang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Shaoning","family":"Pang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Hossein","family":"Sarrafzadeh","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2017,6,23]]},"reference":[{"key":"13_CR1","doi-asserted-by":"crossref","unstructured":"Agarwal, R., Joshi, M.V.: PNrule: a new framework for learning classifier models in data mining (a case-study in network intrusion detection). In: SIAM (2000)","DOI":"10.1137\/1.9781611972719.29"},{"key":"13_CR2","doi-asserted-by":"crossref","unstructured":"Alsaleh, M., Barrera, D., van Oorschot, P.C.: Improving security visualization with exposure map filtering. In: Computer Security Applications Conference, ACSAC 2008, Annual, pp. 205\u2013214. IEEE (2008)","DOI":"10.1109\/ACSAC.2008.16"},{"key":"13_CR3","doi-asserted-by":"crossref","unstructured":"Alsaleh, M., van Oorschot, P.C.: Network scan detection with LQS: a lightweight, quick and stateful algorithm. In: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, pp. 102\u2013113. ACM (2011)","DOI":"10.1145\/1966913.1966928"},{"issue":"8","key":"13_CR4","doi-asserted-by":"publisher","first-page":"1481","DOI":"10.1109\/49.464717","volume":"13","author":"KC Claffy","year":"1995","unstructured":"Claffy, K.C., Braun, H.W., Polyzos, G.C.: A parameterizable methodology for internet traffic flow profiling. IEEE J. Sel. Areas Commun. 13(8), 1481\u20131494 (1995)","journal-title":"IEEE J. Sel. Areas Commun."},{"key":"13_CR5","first-page":"6","volume":"5","author":"E Cooke","year":"2005","unstructured":"Cooke, E., Jahanian, F., McPherson, D.: The zombie roundup: Understanding, detecting, and disrupting botnets. SRUTI 5, 6 (2005)","journal-title":"SRUTI"},{"key":"13_CR6","unstructured":"Francois, J., Festor, O., et al.: Tracking global wide configuration errors. In: IEEE\/IST Workshop on Monitoring, Attack Detection and Mitigation (2006)"},{"issue":"3","key":"13_CR7","doi-asserted-by":"publisher","first-page":"47","DOI":"10.1016\/j.entcs.2006.03.011","volume":"151","author":"U Harder","year":"2006","unstructured":"Harder, U., Johnson, M.W., Bradley, J.T., Knottenbelt, W.J.: Observing internet worm and virus attacks with a small network telescope. Electron. Notes Theor. Comput. Sci. 151(3), 47\u201359 (2006)","journal-title":"Electron. Notes Theor. Comput. Sci."},{"key":"13_CR8","unstructured":"Irwin, B.: A baseline study of potentially malicious activity across five network telescopes. In: 5th International Conference on Cyber Conflict (CyCon), 2013, pp. 1\u201317. IEEE (2013)"},{"key":"13_CR9","unstructured":"Kim, M., Kong, H., Hong, S., Chung, S., Hong, J.: A flow-based method for abnormal network traffic detection. In: IEEE\/IFIP Network Operations and Management Symposium (IEEE Cat. No.04CH37507), vol. 1 (2004)"},{"key":"13_CR10","unstructured":"Kumar, A., Paxson, V., Weaver, N.: Exploiting underlying structure for detailed reconstruction of an internet-scale event. In: Proceedings of the 5th ACM SIGCOMM Conference on Internet Measurement - IMC 2005, p. 1 (2005). http:\/\/portal.acm.org\/citation.cfm?doid=1330107.1330150"},{"key":"13_CR11","doi-asserted-by":"crossref","unstructured":"Lakhina, A., Crovella, M., Diot, C.: Mining anomalies using traffic feature distributions. In: ACM SIGCOMM Computer Communication Review, vol. 35, pp. 217\u2013228. ACM (2005)","DOI":"10.1145\/1090191.1080118"},{"key":"13_CR12","unstructured":"Moore, D.: Network telescopes: observing small or distant security events. In: Proceedings of the 11th USENIX Security Symposium, pp. 167\u2013174 (2002)"},{"key":"13_CR13","doi-asserted-by":"publisher","first-page":"115","DOI":"10.1145\/1132026.1132027","volume":"24","author":"D Moore","year":"2006","unstructured":"Moore, D., Shannon, C., Brown, D.J., Voelker, G.M., Savage, S.: Inferring Internet denial-of-service activity. ACM Trans. Comput. Syst. 24, 115\u2013139 (2006)","journal-title":"ACM Trans. Comput. Syst."},{"key":"13_CR14","unstructured":"Moore, D., Shannon, C., Voelker, G.M., Savage, S.: Network telescopes: Technical report. Department of Computer Science and Engineering, University of California, San Diego (2004)"},{"key":"13_CR15","doi-asserted-by":"crossref","unstructured":"Pang, R., Yegneswaran, V., Barford, P., Paxson, V., Peterson, L.: Characteristics of internet background radiation. In: Proceedings of the 4th ACM SIGCOMM Conference on Internet Measurement, pp. 27\u201340. ACM (2004)","DOI":"10.1145\/1028788.1028794"},{"key":"13_CR16","doi-asserted-by":"crossref","unstructured":"Panjwani, S., Tan, S., Jarrin, K.M., Cukier, M.: An experimental evaluation to determine if port scans are precursors to an attack. In: Proceedings of the International Conference on Dependable Systems and Networks, pp. 602\u2013611 (2005)","DOI":"10.1109\/DSN.2005.18"},{"issue":"5","key":"13_CR17","doi-asserted-by":"publisher","first-page":"271","DOI":"10.1002\/nem.748","volume":"20","author":"O Salem","year":"2010","unstructured":"Salem, O., Vaton, S., Gravey, A.: A scalable, efficient and informative approach for anomaly-based intrusion detection systems: theory and practice. Int. J. Network Manage. 20(5), 271\u2013293 (2010)","journal-title":"Int. J. Network Manage."},{"key":"13_CR18","doi-asserted-by":"crossref","unstructured":"Shannon, C., Moore, D.: The spread of the Witty worm (2004)","DOI":"10.1109\/MSP.2004.59"},{"key":"13_CR19","doi-asserted-by":"crossref","unstructured":"Staniford, S., Moore, D., Paxson, V., Weaver, N.: The top speed of flash worms. In: Proceedings of the 2004 ACM Workshop on Rapid Malcode, pp. 33\u201342. ACM (2004)","DOI":"10.1145\/1029618.1029624"},{"key":"13_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"251","DOI":"10.1007\/978-3-319-26555-1_29","volume-title":"Neural Information Processing","author":"R Zhang","year":"2015","unstructured":"Zhang, R., Zhu, L., Li, X., Pang, S., Sarrafzadeh, A., Komosny, D.: Behavior based darknet traffic decomposition for malicious events identification. In: Arik, S., Huang, T., Lai, W.K., Liu, Q. (eds.) ICONIP 2015. LNCS, vol. 9491, pp. 251\u2013260. Springer, Cham (2015). doi: 10.1007\/978-3-319-26555-1_29"}],"container-title":["Communications in Computer and Information Science","Applications and Techniques in Information Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-981-10-5421-1_13","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T22:50:50Z","timestamp":1750373450000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-981-10-5421-1_13"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017]]},"ISBN":["9789811054204","9789811054211"],"references-count":20,"URL":"https:\/\/doi.org\/10.1007\/978-981-10-5421-1_13","relation":{},"ISSN":["1865-0929","1865-0937"],"issn-type":[{"type":"print","value":"1865-0929"},{"type":"electronic","value":"1865-0937"}],"subject":[],"published":{"date-parts":[[2017]]},"assertion":[{"value":"23 June 2017","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ATIS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Applications and Techniques in Information Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Auckland","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"New Zealand","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2017","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"6 July 2017","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"7 July 2017","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"atis2017","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/atis.massey.ac.nz\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}