{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,2,21]],"date-time":"2025-02-21T11:29:10Z","timestamp":1740137350971,"version":"3.37.3"},"reference-count":28,"publisher":"Springer Science and Business Media LLC","issue":"2","license":[{"start":{"date-parts":[[2021,6,11]],"date-time":"2021-06-11T00:00:00Z","timestamp":1623369600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2021,6,11]],"date-time":"2021-06-11T00:00:00Z","timestamp":1623369600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"funder":[{"name":"Institute of Information & Communications Technology Planning & Evaluation"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Int. J. Inf. Secur."],"published-print":{"date-parts":[[2022,4]]},"DOI":"10.1007\/s10207-021-00555-6","type":"journal-article","created":{"date-parts":[[2021,6,11]],"date-time":"2021-06-11T21:02:15Z","timestamp":1623445335000},"page":"311-322","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["An SSH predictive model using machine learning with web proxy session logs"],"prefix":"10.1007","volume":"21","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-2729-9113","authenticated-orcid":false,"given":"Junwon","family":"Lee","sequence":"first","affiliation":[]},{"given":"Heejo","family":"Lee","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2021,6,11]]},"reference":[{"key":"555_CR1","unstructured":"Art. 25 GDPR\u2014Data protection by design and by default. https:\/\/gdpr-info.eu\/art-25-gdpr\/"},{"key":"555_CR2","doi-asserted-by":"crossref","unstructured":"Alshammari, R., Zincir-Heywood, A.N.: A flow based approach for SSH traffic detection. In: 2007 IEEE International Conference on Systems, Man and Cybernetics, IEEE, pp. 296\u2013301 (2007)","DOI":"10.1109\/ICSMC.2007.4414006"},{"key":"555_CR3","doi-asserted-by":"crossref","unstructured":"Alshammari, R., Zincir-Heywood, A.N.: Machine learning based encrypted traffic classification: Identifying SSH and skype. In: 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications, IEEE, pp. 1\u20138 (2009)","DOI":"10.1109\/CISDA.2009.5356534"},{"issue":"6","key":"555_CR4","doi-asserted-by":"publisher","first-page":"1326","DOI":"10.1016\/j.comnet.2010.12.002","volume":"55","author":"R Alshammari","year":"2011","unstructured":"Alshammari, R., Zincir-Heywood, A.N.: Can encrypted traffic be identified without port numbers, ip addresses and payload inspection? Comput. Netw. 55(6), 1326\u20131350 (2011)","journal-title":"Comput. Netw."},{"issue":"2","key":"555_CR5","doi-asserted-by":"publisher","first-page":"108","DOI":"10.1080\/23742917.2017.1321891","volume":"1","author":"S Bagui","year":"2017","unstructured":"Bagui, S., Fang, X., Kalaimannan, E., Bagui, S.C., Sheehan, J.: Comparison of machine-learning algorithms for classification of VPN network traffic flow using time-related features. J. Cyber Secur. Technol. 1(2), 108\u2013126 (2017)","journal-title":"J. Cyber Secur. Technol."},{"issue":"1","key":"555_CR6","doi-asserted-by":"publisher","first-page":"16","DOI":"10.1186\/s13174-018-0087-2","volume":"9","author":"R Boutaba","year":"2018","unstructured":"Boutaba, R., Salahuddin, M.A., Limam, N., Ayoubi, S., Shahriar, N., Estrada-Solano, F., Caicedo, O.M.: A comprehensive survey on machine learning for networking: evolution, applications and research opportunities. J. Internet Serv. Appl. 9(1), 16 (2018)","journal-title":"J. Internet Serv. Appl."},{"key":"555_CR7","unstructured":"Brid, R.S.: Decision trees\u2014a simple way to visualize a decision (2018). https:\/\/medium.com\/greyatom\/decision-trees-a-simple-way-to-visualize-a-decision-dc506a403aeb"},{"key":"555_CR8","doi-asserted-by":"crossref","unstructured":"Bujlow, T., Riaz, T., Pedersen, J.M.: A method for classification of network traffic based on c5. 0 machine learning algorithm. In: 2012 International Conference on Computing, Networking and Communications (ICNC), IEEE, pp. 237\u2013241 (2012)","DOI":"10.1109\/ICCNC.2012.6167418"},{"key":"555_CR9","doi-asserted-by":"crossref","unstructured":"Cai, T., Zou, F.: Detecting http botnet with clustering network traffic. In: 2012 8th International Conference on Wireless Communications, Networking and Mobile Computing, IEEE, pp. 1\u20137 (2012)","DOI":"10.1109\/WiCOM.2012.6478491"},{"key":"555_CR10","doi-asserted-by":"crossref","unstructured":"Chammem, M., Hamdi, M., Kim, T.H.: Extending advanced evasion techniques using combinatorial search. In: 2014 7th International Conference on Security Technology, IEEE, pp. 41\u201346 (2014)","DOI":"10.1109\/SecTech.2014.18"},{"key":"555_CR11","unstructured":"Dharmapurikar, S., Krishnamurthy, P., Sproull, T., Lockwood, J.: Deep packet inspection using parallel bloom filters. In: Proceedings of the 11th Symposium on High Performance Interconnects, 2003, IEEE, pp. 44\u201351 (2003)"},{"key":"555_CR12","unstructured":"Ferrara, P., Spoto, F.: Static analysis for GDPR compliance. In: ITASEC (2018)"},{"key":"555_CR13","unstructured":"Flow2session. https:\/\/github.com\/junimirang\/Flow2Session"},{"issue":"4","key":"555_CR14","doi-asserted-by":"publisher","first-page":"23","DOI":"10.1109\/MC.2008.138","volume":"41","author":"PC Lin","year":"2008","unstructured":"Lin, P.C., Lin, Y.D., Lai, Y.C., Lee, T.H.: Using string matching for deep packet inspection. Computer 41(4), 23\u201328 (2008)","journal-title":"Computer"},{"key":"555_CR15","doi-asserted-by":"crossref","unstructured":"Lotfollahi, M., Jafari Siavoshani, M., Shirali Hossein Zade, R., Mohammdsadegh, S.: Deep packet: a novel approach for encrypted traffic classification using deep learning. Soft. Comput. 24, 1999\u20132012 (2020)","DOI":"10.1007\/s00500-019-04030-2"},{"key":"555_CR16","volume-title":"Applied Security Visualization","author":"R Marty","year":"2009","unstructured":"Marty, R.: Applied Security Visualization. Addison-Wesley, Upper Saddle River (2009)"},{"key":"555_CR17","doi-asserted-by":"publisher","DOI":"10.1007\/s10207-020-00508-5","author":"SN Mighan","year":"2020","unstructured":"Mighan, S.N., Kahani, M.: A novel scalable intrusion detection system based on deep learning. Int. J. Inf. Secur. (2020). https:\/\/doi.org\/10.1007\/s10207-020-00508-5","journal-title":"Int. J. Inf. Secur."},{"key":"555_CR18","doi-asserted-by":"crossref","unstructured":"Neupane, K., Haddad, R., Chen, L.: Next generation firewall for network security: a survey. In: SoutheastCon 2018, IEEE, pp. 1\u20136 (2018)","DOI":"10.1109\/SECON.2018.8478973"},{"key":"555_CR19","unstructured":"Shah, A., Banakar, V., Shastri, S., Wasserman, M., Chidambaram, V.: Analyzing the impact of $$\\{$$GDPR$$\\}$$ on storage systems. In: 11th $$\\{$$USENIX$$\\}$$ Workshop on Hot Topics in Storage and File Systems (HotStorage 19) (2019)"},{"key":"555_CR20","doi-asserted-by":"crossref","unstructured":"Shen, M., Zhang, J., Chen, S., Liu, Y., Zhu, L.: Machine learning classification on traffic of secondary encryption. In: 2019 IEEE Global Communications Conference (GLOBECOM), IEEE, pp. 1\u20136 (2019)","DOI":"10.1109\/GLOBECOM38437.2019.9013272"},{"key":"555_CR21","doi-asserted-by":"crossref","unstructured":"Vinayakumar, R., Soman, KP., Poornachandran, Prabaharan.: Secure shell (ssh) traffic analysis with flow based features using shallow and deep networks. In: 2017 International Conference on Advances in Computing, Communications and Informatics (ICACCI), IEEE, pp. 2026\u20132032 (2017)","DOI":"10.1109\/ICACCI.2017.8126143"},{"key":"555_CR22","doi-asserted-by":"crossref","unstructured":"Wagener, G., Dulaunoy, A., Engel, T.: Towards an estimation of the accuracy of TCP reassembly in network forensics. In: 2008 Second International Conference on Future Generation Communication and Networking, IEEE, vol.\u00a02, pp. 273\u2013278 (2008)","DOI":"10.1109\/FGCN.2008.118"},{"issue":"1\u20133","key":"555_CR23","doi-asserted-by":"publisher","first-page":"37","DOI":"10.1016\/0169-7439(87)80084-9","volume":"2","author":"S Wold","year":"1987","unstructured":"Wold, S., Esbensen, K., Geladi, P.: Principal component analysis. Chemom. Intell. Lab. Syst. 2(1\u20133), 37\u201352 (1987)","journal-title":"Chemom. Intell. Lab. Syst."},{"key":"555_CR24","doi-asserted-by":"crossref","unstructured":"Wullink, M., Moura, G.C., M\u00fcller, M., Hesselman, C.: Entrada: a high-performance network traffic data streaming warehouse. In: NOMS 2016-2016 IEEE\/IFIP Network Operations and Management Symposium, IEEE, pp. 913\u2013918 (2016)","DOI":"10.1109\/NOMS.2016.7502925"},{"issue":"1","key":"555_CR25","first-page":"16","volume":"4","author":"D Xhemali","year":"2009","unstructured":"Xhemali, D., Hinde, J.C., Stone, G.R.: Na\u00efve bayes vs. decision trees vs. neural networks in the classification of training web pages. Int. J. Comput. Sci. Issues 4(1), 16\u201323 (2009)","journal-title":"Int. J. Comput. Sci. Issues"},{"key":"555_CR26","doi-asserted-by":"crossref","unstructured":"Yamansavascilar, B., Guvensan, M.A., Yavuz, A.G., Karsligil, M.E.: Application identification via network traffic classification. In: 2017 International Conference on Computing, Networking and Communications (ICNC), IEEE, pp. 843\u2013848 (2017)","DOI":"10.1109\/ICCNC.2017.7876241"},{"key":"555_CR27","doi-asserted-by":"crossref","unstructured":"Yang, W., Cheng, Z., Cui, B.: Recombining TCP sessions based on finite state machine to detect cyber attackers. In: Proceedings of the 3rd International Conference on Cryptography, Security and Privacy, pp. 138\u2013142 (2019)","DOI":"10.1145\/3309074.3309084"},{"key":"555_CR28","doi-asserted-by":"crossref","unstructured":"Yoon, S.H., Park, J.W., Park, J.S., Oh, Y.S., Kim, M.S.: Internet application traffic classification using fixed ip-port. In: Asia-Pacific Network Operations and Management Symposium, Springer, pp. 21\u201330 (2009)","DOI":"10.1007\/978-3-642-04492-2_3"}],"container-title":["International Journal of Information Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-021-00555-6.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10207-021-00555-6\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-021-00555-6.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,3,21]],"date-time":"2022-03-21T08:07:05Z","timestamp":1647850025000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10207-021-00555-6"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,6,11]]},"references-count":28,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2022,4]]}},"alternative-id":["555"],"URL":"https:\/\/doi.org\/10.1007\/s10207-021-00555-6","relation":{},"ISSN":["1615-5262","1615-5270"],"issn-type":[{"type":"print","value":"1615-5262"},{"type":"electronic","value":"1615-5270"}],"subject":[],"published":{"date-parts":[[2021,6,11]]},"assertion":[{"value":"11 June 2021","order":1,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare that they have no conflict of interest.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}},{"value":"This article does not contain any studies with human participants or animals performed by any of the authors.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Ethical approval"}},{"value":"Informed consent was obtained from all individual participants included in the study.","order":4,"name":"Ethics","group":{"name":"EthicsHeading","label":"Informed consent"}}]}}