{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,23]],"date-time":"2025-12-23T05:01:50Z","timestamp":1766466110871},"reference-count":40,"publisher":"Elsevier BV","issue":"6","license":[{"start":{"date-parts":[[2000,12,1]],"date-time":"2000-12-01T00:00:00Z","timestamp":975628800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/tdm\/userlicense\/1.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Computer Networks"],"published-print":{"date-parts":[[2000,12]]},"DOI":"10.1016\/s1389-1286(00)00158-4","type":"journal-article","created":{"date-parts":[[2003,4,7]],"date-time":"2003-04-07T17:19:33Z","timestamp":1049735973000},"page":"873-880","source":"Crossref","is-referenced-by-count":4,"title":["Practical network security: experiences with ntop"],"prefix":"10.1016","volume":"34","author":[{"given":"Luca","family":"Deri","sequence":"first","affiliation":[]},{"given":"Stefano","family":"Suin","sequence":"additional","affiliation":[]}],"member":"78","reference":[{"key":"10.1016\/S1389-1286(00)00158-4_BIB1","unstructured":"V. Jacobson C. Leres, S. McCanne, tcpdump, Lawrence Berkeley National Labs, ftp:\/\/ftp.ee.lbl.gov\/, 1989"},{"key":"10.1016\/S1389-1286(00)00158-4_BIB2","unstructured":"N. Brownlee, NeTraMet v.4.2 Users\u2019 Guide, http:\/\/www.auckland.an.nz\/net\/Accounting\/, 1998"},{"key":"10.1016\/S1389-1286(00)00158-4_BIB3","unstructured":"M. Ranum et al., Implementing a generalized tool for network monitoring, in: Proceedings of the LISA'97, USENIX 11th System Administration Conference, 1997"},{"key":"10.1016\/S1389-1286(00)00158-4_BIB4","series-title":"Firewalls and Internet Security: Repelling the Wiley Hacker","author":"Cheswick","year":"1994"},{"key":"10.1016\/S1389-1286(00)00158-4_BIB5","article-title":"Web-based management: welcome to the revolution","author":"Jander","year":"1996","journal-title":"Data Commun."},{"key":"10.1016\/S1389-1286(00)00158-4_BIB6","unstructured":"M. Schultze et al., Homebrew network monitoring a prelude to network management, Curtin University of Technology, 1993"},{"key":"10.1016\/S1389-1286(00)00158-4_BIB7","unstructured":"W. LeFebvre, top: a top-CPU usage display, http:\/\/www.groupsys.com\/topinfo\/, 1993"},{"key":"10.1016\/S1389-1286(00)00158-4_BIB8","doi-asserted-by":"crossref","unstructured":"E. Raymond, The Cathedral and the Bazaar, O\u2019Reilly & Associates, Sebastopol, CA, 1999","DOI":"10.5210\/fm.v3i2.578"},{"key":"10.1016\/S1389-1286(00)00158-4_BIB9","doi-asserted-by":"crossref","unstructured":"L. Deri, Surfin' network management applications across the web, in: Proceedings of the Second International IEEE Workshop on System and Network Management, 1996","DOI":"10.1109\/IWSM.1996.534159"},{"key":"10.1016\/S1389-1286(00)00158-4_BIB10","unstructured":"L. Deri, Droplets: breaking monolithic applications apart, IBM Research Report RZ 2799, 1995"},{"key":"10.1016\/S1389-1286(00)00158-4_BIB11","unstructured":"S. McCanne, C. Leres, V. Jacobson, libpcap, Lawrence Berkeley National Labs, ftp:\/\/ftp.ee.lbl.gov\/, 1994"},{"key":"10.1016\/S1389-1286(00)00158-4_BIB12","unstructured":"Microsoft Corporation, NDIS Packet Driver 3.0, 1996"},{"key":"10.1016\/S1389-1286(00)00158-4_BIB13","unstructured":"Free Software Foundation, GNU gdbm, http:\/\/www.gnu.org\/software\/gdbm\/, 1999"},{"key":"10.1016\/S1389-1286(00)00158-4_BIB14","unstructured":"Fyodor, Remote OS detection via TCP\/IP stack fingerprinting, http:\/\/www.insecure.org\/nmap\/nmap-fingerprinting-article.txt, 1998"},{"key":"10.1016\/S1389-1286(00)00158-4_BIB15","unstructured":"E. Apostols, Network Promiscuous Ethernet Detector (Neped), http:\/\/apostols.org\/projectz\/neped\/, 1998"},{"key":"10.1016\/S1389-1286(00)00158-4_BIB16","unstructured":"S. McCanne, V. Jacobson, The BSD packer filter: a new architecture for user-level packet capture, in: Proceedings of 1993 Winter USENIX Conference, 1993"},{"key":"10.1016\/S1389-1286(00)00158-4_BIB17","unstructured":"Fyodor, The art and detection of port scanning, Sys. Admin. Mag. (November 1998)"},{"key":"10.1016\/S1389-1286(00)00158-4_BIB18","doi-asserted-by":"crossref","unstructured":"J. Postel, Internet Control Message Protocol (ICMP), RFC 792 (1981)","DOI":"10.17487\/rfc0792"},{"key":"10.1016\/S1389-1286(00)00158-4_BIB19","doi-asserted-by":"crossref","unstructured":"Computer Emergency Response Team, TCP SYN flooding and IP spoofing attacks, CMU Report CA-96:21, 1996","DOI":"10.1016\/S1353-4858(96)90059-8"},{"issue":"3","key":"10.1016\/S1389-1286(00)00158-4_BIB20","doi-asserted-by":"crossref","DOI":"10.1109\/65.283931","article-title":"Network intrusion detection","volume":"8","author":"Mukherjee","year":"1994","journal-title":"IEEE Network"},{"key":"10.1016\/S1389-1286(00)00158-4_BIB21","unstructured":"DidDog, BO2K Tutorial, http:\/\/www.bo2k.com\/, L0pht Industries, 1998"},{"key":"10.1016\/S1389-1286(00)00158-4_BIB22","doi-asserted-by":"crossref","unstructured":"C. Schuba et al., Analysis of a denial of service attack on TCP, COAST Laboratory, Purdue University, 1998","DOI":"10.1109\/SECPRI.1997.601338"},{"key":"10.1016\/S1389-1286(00)00158-4_BIB23","unstructured":"TCP\/IP security: TCP SYN flooding, Phrack Magazine, 7 (48) (1996)"},{"key":"10.1016\/S1389-1286(00)00158-4_BIB24","unstructured":"C. Chambers et al., TCP\/IP security, http:\/\/www.cis.ohio-state.edu\/\u223cdolske\/gradwork\/cis694q\/, Department of Computer and Information Science, Ohio State University, 1997"},{"issue":"4","key":"10.1016\/S1389-1286(00)00158-4_BIB25","doi-asserted-by":"crossref","DOI":"10.1109\/65.598458","article-title":"Network security via reverse engineering of TCP code: Vulnerability analysis and proposed solutions","volume":"1","author":"Guha","year":"1997","journal-title":"IEEE Network"},{"key":"10.1016\/S1389-1286(00)00158-4_BIB26","unstructured":"WAP Forum, WAP White Paper, http:\/\/www.wapforum.com\/what\/whitepapers.htm, June 1999"},{"key":"10.1016\/S1389-1286(00)00158-4_BIB27","unstructured":"J. Wielemaker, SWI-Prolog 3.2.9 Reference Manual, http:\/\/www.swi.psy.uva.nl\/projects\/SWI-Prolog\/, University of Amsterdam, 1999"},{"key":"10.1016\/S1389-1286(00)00158-4_BIB28","unstructured":"D. Leake, Case-based Reasoning: Experiences, Lessons, and Future Directions, AAAI Press\/MIT Press, Cambridge, MA, 1996"},{"key":"10.1016\/S1389-1286(00)00158-4_BIB29","doi-asserted-by":"crossref","unstructured":"D. Plummer, An Ethernet Address Resolution Protocol (ARP), RFC 826, 1982","DOI":"10.17487\/rfc0826"},{"key":"10.1016\/S1389-1286(00)00158-4_BIB30","doi-asserted-by":"crossref","unstructured":"S. Waldbusser, Remote Monitoring Management Information Base (RMON), RFC 1271, 1991","DOI":"10.17487\/rfc1271"},{"key":"10.1016\/S1389-1286(00)00158-4_BIB31","doi-asserted-by":"crossref","unstructured":"J. Case et al., Simple Network Management Protocol (SNMP), RFC 1157, 1990","DOI":"10.1109\/LCN.1990.128659"},{"issue":"3","key":"10.1016\/S1389-1286(00)00158-4_BIB32","doi-asserted-by":"crossref","DOI":"10.1145\/174194.174199","article-title":"Packets found on an internet","volume":"23","author":"Bellovin","year":"1993","journal-title":"Comput. Commun. Rev."},{"key":"10.1016\/S1389-1286(00)00158-4_BIB33","unstructured":"D. Comer, Internetworking with TCP\/IP, vol. 1, 3rd ed., Prentice-Hall, Englewood Cliffs, NJ, 1995"},{"key":"10.1016\/S1389-1286(00)00158-4_BIB34","doi-asserted-by":"crossref","unstructured":"C. Huegen, The latest in denial of service attacks: smurfing, http:\/\/www.quadrunner.com\/\u223cchuegen\/smurf.txt, December 1998","DOI":"10.1016\/S1353-4858(98)90152-0"},{"key":"10.1016\/S1389-1286(00)00158-4_BIB35","doi-asserted-by":"crossref","unstructured":"L. Deri, S. Suin, ntop: beyond ping and traceroute, in: Proceedings of DSOM \u201999, Zurich, Switzerland, October 1999","DOI":"10.1007\/3-540-48100-1_21"},{"key":"10.1016\/S1389-1286(00)00158-4_BIB36","doi-asserted-by":"crossref","unstructured":"P. Ferguson, D. Senie, Network Ingress Filtering: Defeating Denial of Service Attacks, Which Employ IP Source Address Spoofing, RFC 2267, January 1998","DOI":"10.17487\/rfc2267"},{"issue":"2","key":"10.1016\/S1389-1286(00)00158-4_BIB37","doi-asserted-by":"crossref","DOI":"10.1145\/378444.378449","article-title":"Security problems in the TCP\/IP protocol suite","volume":"19","author":"Bellovin","year":"1990","journal-title":"Comput. Commun. Rev."},{"issue":"3","key":"10.1016\/S1389-1286(00)00158-4_BIB38","doi-asserted-by":"crossref","DOI":"10.1109\/32.372146","article-title":"State transition analysis: a rule-based intrusion detection system","volume":"21","author":"Ilgun","year":"1995","journal-title":"IEEE Trans. Software Eng."},{"key":"10.1016\/S1389-1286(00)00158-4_BIB39","unstructured":"R. Morris, A weakness in the 4.2 BSD UNIX TCP\/IP software, Technical report, AT&T Bell Labs, February 1985"},{"key":"10.1016\/S1389-1286(00)00158-4_BIB40","doi-asserted-by":"crossref","unstructured":"B. Mukherjee et al., Network intrusion detection, IEEE Network (May\/June 1994)","DOI":"10.1109\/65.283931"}],"container-title":["Computer Networks"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S1389128600001584?httpAccept=text\/xml","content-type":"text\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S1389128600001584?httpAccept=text\/plain","content-type":"text\/plain","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2021,5,9]],"date-time":"2021-05-09T05:05:55Z","timestamp":1620536755000},"score":1,"resource":{"primary":{"URL":"https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/S1389128600001584"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2000,12]]},"references-count":40,"journal-issue":{"issue":"6","published-print":{"date-parts":[[2000,12]]}},"alternative-id":["S1389128600001584"],"URL":"https:\/\/doi.org\/10.1016\/s1389-1286(00)00158-4","relation":{},"ISSN":["1389-1286"],"issn-type":[{"value":"1389-1286","type":"print"}],"subject":[],"published":{"date-parts":[[2000,12]]}}}