{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,29]],"date-time":"2025-09-29T08:10:16Z","timestamp":1759133416211,"version":"3.37.3"},"reference-count":55,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"3","license":[{"start":{"date-parts":[[2018,5,1]],"date-time":"2018-05-01T00:00:00Z","timestamp":1525132800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"}],"funder":[{"DOI":"10.13039\/501100000038","name":"Natural Sciences and Engineering Research Council of Canada","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100000038","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans. Dependable and Secure Comput."],"published-print":{"date-parts":[[2018,5,1]]},"DOI":"10.1109\/tdsc.2016.2593441","type":"journal-article","created":{"date-parts":[[2016,7,19]],"date-time":"2016-07-19T18:03:47Z","timestamp":1468951427000},"page":"364-377","source":"Crossref","is-referenced-by-count":8,"title":["CSC-Detector: A System to Infer Large-Scale Probing Campaigns"],"prefix":"10.1109","volume":"15","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-8040-4635","authenticated-orcid":false,"given":"Elias","family":"Bou-Harb","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3161-1846","authenticated-orcid":false,"given":"Chadi","family":"Assi","sequence":"additional","affiliation":[]},{"given":"Mourad","family":"Debbabi","sequence":"additional","affiliation":[]}],"member":"263","reference":[{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1145\/1298306.1298314"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1016\/j.csda.2006.12.016"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1109\/SURV.2013.102913.00020"},{"key":"ref32","article-title":"Rishi: Identify bot contaminated hosts by IRC nickname evaluation","author":"goebel","year":"2007","journal-title":"Proc 1st Workshop on Hot Topics in Understanding Botnets"},{"key":"ref31","first-page":"12:1","article-title":"BotHunter: Detecting malware infection through IDS-driven dialog correlation","author":"gu","year":"2007","journal-title":"Proc 16th USENIX Security Symp"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1145\/1879141.1879156"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1007\/978-0-387-68768-1_2"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1109\/TCOM.1967.1089532"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1109\/GLOCOM.2008.ECP.314"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1103\/PhysRevE.49.1685"},{"article-title":"An empirical evaluation of IP address\n space occupancy","year":"2004","author":"pryadkin","key":"ref28"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1145\/1452520.1452542"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1145\/1920261.1920276"},{"year":"2013","key":"ref2"},{"year":"2014","key":"ref1"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2010.2086445"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1145\/1269880.1269883"},{"key":"ref21","article-title":"Gray's anatomy: Dissecting scanning activities using IP gray space analysis","author":"jin","year":"2007","journal-title":"Proc Second Workshop Tackling Comput Syst Problems Mach Learn Techn"},{"key":"ref24","article-title":"Using\n honeynets for internet situational awareness","author":"yegneswaran","year":"2005","journal-title":"Proc ACM SIGCOMM HotNets"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1145\/1533057.1533063"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1108\/17440080710848143"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2014.02.005"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1145\/1177080.1177096"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1016\/j.entcs.2006.03.011"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2010.12.002"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1016\/S1389-1286(99)00112-7"},{"article-title":"sfportscan","year":"2004","author":"roelker","key":"ref53"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1145\/1132026.1132027"},{"year":"0","key":"ref10"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1109\/TNET.2011.2109009"},{"key":"ref40","first-page":"149","article-title":"How to own\n the internet in your spare time","author":"staniford","year":"2002","journal-title":"Proc 11th Usenix Sec Symp"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.3233\/JCS-2002-101-205"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1109\/CSCWD.2008.4537071"},{"article-title":"Collaborative detection of coordinated port scans","year":"2012","author":"baldoni","key":"ref14"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1145\/1029208.1029216"},{"year":"0","key":"ref16"},{"key":"ref17","first-page":"167","article-title":"The internet motion sensor-a distributed blackhole monitoring\n system","author":"bailey","year":"2005","journal-title":"Proc 12th ISOC Symp Netw Distrib Syst Secur"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-30143-1_8"},{"year":"0","key":"ref19"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2005.18"},{"year":"2013","key":"ref3"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1109\/TNET.2013.2297678"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1109\/TNET.2011.2109009"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2013.09.008"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1145\/2382416.2382423"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1145\/1879141.1879149"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1109\/ARES.2013.9"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.2307\/2283970"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1145\/1090191.1080112"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1145\/342009.335372"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1145\/1177080.1177086"},{"year":"0","key":"ref42"},{"journal-title":"Cyber Situational Awareness Issues and Research","year":"2009","author":"jajodia","key":"ref41"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2006.06.015"},{"key":"ref43","first-page":"229","article-title":"Snort: Lightweight intrusion detection for networks","author":"roesch","year":"1999","journal-title":"Proc of the 13th USENIX Conf"}],"container-title":["IEEE Transactions on Dependable and Secure Computing"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/8858\/8356073\/07516606.pdf?arnumber=7516606","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,1,12]],"date-time":"2022-01-12T16:25:55Z","timestamp":1642004755000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/7516606\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,5,1]]},"references-count":55,"journal-issue":{"issue":"3"},"URL":"https:\/\/doi.org\/10.1109\/tdsc.2016.2593441","relation":{},"ISSN":["1545-5971"],"issn-type":[{"type":"print","value":"1545-5971"}],"subject":[],"published":{"date-parts":[[2018,5,1]]}}}