{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,10]],"date-time":"2026-03-10T10:26:15Z","timestamp":1773138375741,"version":"3.50.1"},"reference-count":22,"publisher":"Springer Science and Business Media LLC","issue":"4","license":[{"start":{"date-parts":[[2016,10,13]],"date-time":"2016-10-13T00:00:00Z","timestamp":1476316800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Wireless Pers Commun"],"published-print":{"date-parts":[[2017,10]]},"DOI":"10.1007\/s11277-016-3744-4","type":"journal-article","created":{"date-parts":[[2016,10,13]],"date-time":"2016-10-13T15:29:27Z","timestamp":1476372567000},"page":"5335-5353","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":10,"title":["Malicious Events Grouping via Behavior Based Darknet Traffic Flow Analysis"],"prefix":"10.1007","volume":"96","author":[{"given":"Shaoning","family":"Pang","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Dan","family":"Komosny","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Lei","family":"Zhu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ruibin","family":"Zhang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Abdolhossein","family":"Sarrafzadeh","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Tao","family":"Ban","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Daisuke","family":"Inoue","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2016,10,13]]},"reference":[{"key":"3744_CR1","doi-asserted-by":"crossref","first-page":"115","DOI":"10.1145\/1132026.1132027","volume":"24","author":"D Moore","year":"2006","unstructured":"Moore, D., Shannon, C., Brown, D. J., Voelker, G. M., & Savage, S. (2006). Inferring Internet denial-of-service activity. ACM Transactions on Computer Systems, 24, 115\u2013139.","journal-title":"ACM Transactions on Computer Systems"},{"key":"3744_CR2","doi-asserted-by":"crossref","unstructured":"Panjwani, S., Tan, S., Jarrin, K. M. & Cukier, M.(2005). An experimental evaluation to determine if port scans are precursors to an attack. In Proceedings of the international conference on dependable systems and networks, pp. 602\u2013611.","DOI":"10.1109\/DSN.2005.18"},{"key":"3744_CR3","unstructured":"Cooke, E., Jahanian, F., & McPherson, D. (2005). The zombie roundup: Understanding, detecting, and disrupting botnets. Networks, 7, 39\u201344. \n                        http:\/\/www.usenix.org\/events\/sruti05\/tech\/full_papers\/cooke\/cooke_html\n                        \n                    ."},{"key":"3744_CR4","unstructured":"Kumar, A., Paxson, V., & Weaver, N. (2005). Exploiting underlying structure for detailed reconstruction of an internet-scale event. In Proceedings of the 5th ACM SIGCOMM conference on Internet measurement\u2014IMC \u201905, p. 1. \n                        http:\/\/portal.acm.org\/citation.cfmdoid=1330107.1330150\n                        \n                    ."},{"issue":"1","key":"3744_CR5","first-page":"177","volume":"6","author":"M Voznak","year":"2012","unstructured":"Voznak, M., & Safarik, J. (2012). DoS attacks targeting SIP server and improvements of robustness. International Journal of Mathematics and Computers in Simulation, 6(1), 177\u2013184.","journal-title":"International Journal of Mathematics and Computers in Simulation"},{"issue":"3","key":"3744_CR6","doi-asserted-by":"crossref","first-page":"47","DOI":"10.1016\/j.entcs.2006.03.011","volume":"151","author":"U Harder","year":"2006","unstructured":"Harder, U., Johnson, M. W., Bradley, J. T., & Knottenbelt, W. J. (2006). Observing internet worm and virus attacks with a small network telescope. Electronic Notes in Theoretical Computer Science, 151(3), 47\u201359.","journal-title":"Electronic Notes in Theoretical Computer Science"},{"key":"3744_CR7","doi-asserted-by":"crossref","unstructured":"Staniford, S., Moore, D., Paxson, V., & Weaver, N.(2004). The top speed of flash worms. In WORM\u201904\u2014Proceedings of the 2004 ACM Workshop on Rapid Malcode, pp. 33\u201342. \n                        http:\/\/www.scopus.com\/inward\/record.url?eid=2-s2.0-14944380936&partnerID=40&md5=369ee882120c4d95a23f5abd1774e32c\n                        \n                    .","DOI":"10.1145\/1029618.1029624"},{"key":"3744_CR8","unstructured":"Francois, J., Festor O., et al. (2006). Tracking global wide configuration errors. In IEEE\/IST Workshop on Monitoring, Attack Detection and Mitigation."},{"key":"3744_CR9","doi-asserted-by":"crossref","unstructured":"Limthong, K., Kensuke, F., & Watanapongse, P. (2008). Wavelet-based unwanted traffic time series analysis. In Proceedings of the 2008 international conference on computer and electrical engineering, ICCEE 2008, pp. 445\u2013449.","DOI":"10.1109\/ICCEE.2008.106"},{"key":"3744_CR10","doi-asserted-by":"crossref","unstructured":"Ahmed, E., Clark, A., & Mohay, G. (2009). Effective change detection in large repositories of unsolicited traffic. In Fourth international conference on Internet monitoring and protection. ICIMP\u201909 (pp. 1\u20136). IEEE.","DOI":"10.1109\/ICIMP.2009.8"},{"key":"3744_CR11","doi-asserted-by":"crossref","unstructured":"Jung, J., Paxson, V., Berger, A. W., & Balakrishnan, H., (2004) Fast portscan detection using sequential hypothesis testing. In 2004 IEEE symposium on security and privacy. 2004. Proceedings (pp. 211\u2013225). IEEE.","DOI":"10.1109\/SECPRI.2004.1301325"},{"issue":"57","key":"3744_CR12","doi-asserted-by":"crossref","first-page":"2782","DOI":"10.1109\/TIM.2008.926046","volume":"12","author":"G Giorgi","year":"2008","unstructured":"Giorgi, G., & Narduzzi, C. (2008). Detection of anomalous behaviors in networks from traffic measurements. IEEE Transactions on Instrumentation and Measurement, 12(57), 2782\u20132791.","journal-title":"IEEE Transactions on Instrumentation and Measurement"},{"key":"3744_CR13","doi-asserted-by":"crossref","unstructured":"Kanda, Y., Fukuda, K., & Sugawara, T. (2010). A flow analysis for mining traffic anomalies. In 2010 IEEE international conference on communications (ICC) (pp. 1\u20135). IEEE.","DOI":"10.1109\/ICC.2010.5502463"},{"key":"3744_CR14","unstructured":"Kim, M.-S., Kong, H.-J., Hong, S.-C., Chung, S.-H., & Hong, J. (2004). A flow-based method for abnormal network traffic detection. In 2004 IEEE\/IFIP network operations and management symposium (IEEE Cat. No. 04CH37507), Vol. 1."},{"key":"3744_CR15","unstructured":"Moore, D. (2002). Network Telescopes: Observing small or distant security events. In 11th USENIX Security Symposium, Invited talk. \n                        http:\/\/www.caida.org\/outreach\/presentations\/2002\/usenix_sec\/usenix_sec_2002_files\/v3_document.htm\n                        \n                    ."},{"key":"3744_CR16","unstructured":"Moore, D., Shannon, C., Voelker, G. M., & Savage, S. (2004). Network telescopes: Technical report. Department of Computer Science and Engineering: University of California, San Diego."},{"key":"3744_CR17","doi-asserted-by":"crossref","unstructured":"Safarik, J., & Tomala, K. (2013). Automatic analysis of attack data from distributed honeypot network. In Proceedings of SPIE\u2014The International Society for Optical Engineering, Vol. 8755, art., no. 875512.","DOI":"10.1117\/12.2015514"},{"key":"3744_CR18","unstructured":"Irwin, B. (2013). A baseline study of potentially malicious activity across five network telescopes. In 2013 5th international conference on Cyber Conflict (CyCon). \n                        http:\/\/ieeexplore.ieee.org\/xpls\/abs_all.jsp?arnumber=6568378\n                        \n                    ."},{"key":"3744_CR19","unstructured":"Sutton, M. (2013). Monitoring darknet access to identify malicious activity. US Patent 8,413,238. \n                        http:\/\/www.google.com\/patents\/US8413238\n                        \n                    ."},{"key":"3744_CR20","doi-asserted-by":"crossref","unstructured":"Pang, R., Barford, P., Yegneswaran, V., Paxson, V., & Peterson, L. (2004). Characteristics of internet background radiation. In Proceedings of the 2004 ACM SIGCOMM Internet Measurement Conference, IMC 2004, pp. 27\u201340. \n                        http:\/\/www.scopus.com\/inward\/record.url?eid=2-s2.0-14944369649&partnerID=40&md5=8ea4c6eadf61c46e52561b896fe2eba9\n                        \n                    .","DOI":"10.1145\/1028788.1028794"},{"issue":"4","key":"3744_CR21","doi-asserted-by":"crossref","first-page":"46","DOI":"10.1109\/MSP.2004.59","volume":"2","author":"C Shannon","year":"2004","unstructured":"Shannon, C., & Moore, D. (2004). The spread of the Witty worm. IEEE Security & Privacy, 2(4), 46\u201350.","journal-title":"IEEE Security & Privacy"},{"key":"3744_CR22","unstructured":"Arkin, O. (1999). Network scanning techniques. Publicom Communications Solutions."}],"container-title":["Wireless Personal Communications"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s11277-016-3744-4\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s11277-016-3744-4.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s11277-016-3744-4.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2017,9,25]],"date-time":"2017-09-25T17:51:11Z","timestamp":1506361871000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s11277-016-3744-4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016,10,13]]},"references-count":22,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2017,10]]}},"alternative-id":["3744"],"URL":"https:\/\/doi.org\/10.1007\/s11277-016-3744-4","relation":{},"ISSN":["0929-6212","1572-834X"],"issn-type":[{"value":"0929-6212","type":"print"},{"value":"1572-834X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2016,10,13]]}}}