{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,5]],"date-time":"2026-03-05T14:31:06Z","timestamp":1772721066992,"version":"3.50.1"},"reference-count":41,"publisher":"IEEE","license":[{"start":{"date-parts":[[2021,12,5]],"date-time":"2021-12-05T00:00:00Z","timestamp":1638662400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2021,12,5]],"date-time":"2021-12-05T00:00:00Z","timestamp":1638662400000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2021,12,5]],"date-time":"2021-12-05T00:00:00Z","timestamp":1638662400000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021,12,5]]},"DOI":"10.1109\/ssci50451.2021.9659955","type":"proceedings-article","created":{"date-parts":[[2022,1,24]],"date-time":"2022-01-24T16:09:51Z","timestamp":1643040591000},"page":"01-08","source":"Crossref","is-referenced-by-count":7,"title":["Near-real-time Anomaly Detection in Encrypted Traffic using Machine Learning Techniques"],"prefix":"10.1109","author":[{"given":"Daniele","family":"Ucci","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Filippo","family":"Sobrero","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Federica","family":"Bisio","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Matteo","family":"Zorzino","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"key":"ref39","article-title":"MITRE","year":"2021","journal-title":"Astaroth"},{"key":"ref38","article-title":"Abuse.ch","year":"2021","journal-title":"Ja3 fingerprints"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1093\/jxb\/10.2.290"},{"key":"ref32","article-title":"plotjenks': R function for plotting univariate classification using jenks","author":"alberti","year":"2017","journal-title":"natural break method"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-24359-3"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1162\/089976603321891855"},{"key":"ref37","article-title":"FireEye","year":"2019","journal-title":"Stages of a malware infection"},{"key":"ref36","article-title":"Nearly a quarter of malware now communicates using tls","year":"2020","journal-title":"SOPHOS"},{"key":"ref35","article-title":"CrowdStrike","year":"2021","journal-title":"Crowdstrike global threat report 2021"},{"key":"ref34","article-title":"ENISA","year":"2020","journal-title":"Enisa threat landscape 2020 botnet"},{"key":"ref10","article-title":"Technical aspects of cyber kill chain","author":"yadav","year":"2016","journal-title":"ArXiv Preprint"},{"key":"ref40","author":"saeli","year":"2020","journal-title":"DNS Covert Channel Detection via Behavioral Analysis a Machine Learning Approach"},{"key":"ref11","article-title":"VMware","year":"2021","journal-title":"Vmware nsx network detection and response"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2009.12"},{"key":"ref13","first-page":"129","article-title":"Disclo-sure: detecting botnet command and control servers through large-scale netflow analysis","author":"bilge","year":"0","journal-title":"Proceedings of the 28th Annual Computer Security Applications Conference"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1145\/3097983.3098163"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1145\/2996758.2996768"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1109\/INFOCOM.2019.8737507"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1007\/s11416-017-0306-6"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2019.01.064"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2018.01.007"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1017\/CBO9780511809071"},{"key":"ref4","author":"shah","year":"2020","journal-title":"Keeping up with the performance demands of encrypted web traffic"},{"key":"ref27","article-title":"Internet Engineering Task Force","year":"2018","journal-title":"Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS) Versions 1 2 and Earlier"},{"key":"ref3","author":"decipher","year":"2019","journal-title":"Encryption privacy in the internet trends report"},{"key":"ref6","article-title":"Cisco","year":"2019","journal-title":"Cisco encrypted traffic analytics"},{"key":"ref29","author":"neuhaus","year":"2011","journal-title":"Gibberish-detector"},{"key":"ref5","article-title":"Google","year":"2021","journal-title":"Google Transparency Report HTTPS encryption on the web"},{"key":"ref8","article-title":"Cyber security review","author":"korolov","year":"2012","journal-title":"Treasury & Risk"},{"key":"ref7","article-title":"ENISA","year":"2020","journal-title":"Enisa threat landscape - malware"},{"key":"ref2","first-page":"1323","article-title":"Measuring https adoption on the web","author":"felt","year":"0","journal-title":"Proceedings of the 26th USENIX Conference on Security Symposium"},{"key":"ref9","author":"taylor","year":"2014","journal-title":"Digital Crime and Digital Terrorism"},{"key":"ref1","author":"skipper","year":"2020","journal-title":"The relevance of network security in an encrypted world"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2017.2692682"},{"key":"ref22","year":"2021","journal-title":"X 509 Public Key and Attribute Certificate Frameworks"},{"key":"ref21","author":"kaufman","year":"2002","journal-title":"Network Security Private Communication in a Public World"},{"key":"ref24","author":"jenks","year":"1967","journal-title":"The Data Model Concept in Statistical Mapping"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1109\/CCST.2017.8167790"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1109\/DSAA.2016.8"},{"key":"ref26","article-title":"Internet Assigned Numbers Authority","year":"2019","journal-title":"Transport Layer Security (TLS) Extensions"},{"key":"ref25","article-title":"Head\/tail breaks: A new classification scheme for data with a heavy-tailed distribution","author":"jiang","year":"2012","journal-title":"The Professional Geographer"}],"event":{"name":"2021 IEEE Symposium Series on Computational Intelligence (SSCI)","location":"Orlando, FL, USA","start":{"date-parts":[[2021,12,5]]},"end":{"date-parts":[[2021,12,7]]}},"container-title":["2021 IEEE Symposium Series on Computational Intelligence (SSCI)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/9659537\/9659538\/09659955.pdf?arnumber=9659955","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,5,10]],"date-time":"2022-05-10T12:56:28Z","timestamp":1652187388000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/9659955\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,12,5]]},"references-count":41,"URL":"https:\/\/doi.org\/10.1109\/ssci50451.2021.9659955","relation":{},"subject":[],"published":{"date-parts":[[2021,12,5]]}}}