{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T04:43:28Z","timestamp":1750308208686,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":28,"publisher":"ACM","license":[{"start":{"date-parts":[[2004,10,29]],"date-time":"2004-10-29T00:00:00Z","timestamp":1099008000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2004,10,29]]},"DOI":"10.1145\/1029618.1029627","type":"proceedings-article","created":{"date-parts":[[2005,1,30]],"date-time":"2005-01-30T17:55:16Z","timestamp":1107107716000},"page":"54-64","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":59,"title":["Toward understanding distributed blackhole placement"],"prefix":"10.1145","author":[{"given":"Evan","family":"Cooke","sequence":"first","affiliation":[{"name":"University of Michigan, Ann Arbor, MI"}]},{"given":"Michael","family":"Bailey","sequence":"additional","affiliation":[{"name":"University of Michigan, Ann Arbor, MI"}]},{"given":"Z. Morley","family":"Mao","sequence":"additional","affiliation":[{"name":"University of Michigan, Ann Arbor, MI"}]},{"given":"David","family":"Watson","sequence":"additional","affiliation":[{"name":"University of Michigan, Ann Arbor, MI"}]},{"given":"Farnam","family":"Jahanian","sequence":"additional","affiliation":[{"name":"University of Michigan, Ann Arbor, MI"}]},{"given":"Danny","family":"McPherson","sequence":"additional","affiliation":[{"name":"Arbor Networks"}]}],"member":"320","published-online":{"date-parts":[[2004,10,29]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"CERT. CERT Advisory CA-2001-26 Nimda Worm. http:\/\/www.cert.org\/advisories\/CA-2001-26.html September 2001.  CERT. CERT Advisory CA-2001-26 Nimda Worm. http:\/\/www.cert.org\/advisories\/CA-2001-26.html September 2001."},{"key":"e_1_3_2_1_2_1","unstructured":"CERT. Code Red II: Another worm exploiting buffer overflow in IIS indexing service DLL. http:\/\/www.cert.org\/incident_notes\/IN-2001-09.html August 2001.  CERT. Code Red II: Another worm exploiting buffer overflow in IIS indexing service DLL. http:\/\/www.cert.org\/incident_notes\/IN-2001-09.html August 2001."},{"key":"e_1_3_2_1_3_1","unstructured":"CERT. CERT Advisory CA-2003-20 W32\/Blaster worm. http:\/\/www.cert.org\/advisories\/CA-2003-20.html August 2003.  CERT. CERT Advisory CA-2003-20 W32\/Blaster worm. http:\/\/www.cert.org\/advisories\/CA-2003-20.html August 2003."},{"key":"e_1_3_2_1_4_1","unstructured":"CERT. CERT advisory CA-2003-20 W32\/Blaster worm. http:\/\/www.cert.org\/advisories\/CA-2003-20.html August 2003.  CERT. CERT advisory CA-2003-20 W32\/Blaster worm. http:\/\/www.cert.org\/advisories\/CA-2003-20.html August 2003."},{"key":"e_1_3_2_1_5_1","volume-title":"Net Flow services and applications","author":"Systems Cisco","year":"1999","unstructured":"Cisco Systems . Net Flow services and applications , 1999 . Cisco Systems. Net Flow services and applications, 1999."},{"key":"e_1_3_2_1_7_1","unstructured":"Dan Golding. Peering Evolution. Nanog Presentation October 2002.  Dan Golding. Peering Evolution. Nanog Presentation October 2002."},{"key":"e_1_3_2_1_8_1","unstructured":"Craig Labovitz Abha Ahuja and Michael Bailey. Shining Light on Dark Address Space. http:\/\/www.arbornetworks.com\/downloads\/research38\/dark_address_space.pdf November 2001.  Craig Labovitz Abha Ahuja and Michael Bailey. Shining Light on Dark Address Space. http:\/\/www.arbornetworks.com\/downloads\/research38\/dark_address_space.pdf November 2001."},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/633025.633047"},{"key":"e_1_3_2_1_10_1","unstructured":"Microsoft Corporation. What you should know about the Sasser worm and its variants. http:\/\/www.microsoft.com\/security\/incident\/sasser.mspx May 2004.  Microsoft Corporation. What you should know about the Sasser worm and its variants. http:\/\/www.microsoft.com\/security\/incident\/sasser.mspx May 2004."},{"key":"e_1_3_2_1_11_1","volume-title":"11th USENIX Security Symposium, Invited talk","author":"Moore David","year":"2002","unstructured":"David Moore . Network telescopes : Observing small or distant security events . In 11th USENIX Security Symposium, Invited talk , San Francisco, CA, August 5--9 2002 . Unpublished. David Moore. Network telescopes: Observing small or distant security events. In 11th USENIX Security Symposium, Invited talk, San Francisco, CA, August 5--9 2002. Unpublished."},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSECP.2003.1219056"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.5555\/1251327.1251329"},{"key":"e_1_3_2_1_15_1","unstructured":"Chris Morrow and Brian Gemberling. How to Allow your Customers to blackhole their own traffic. http:\/\/www.secsup.org\/CustomerBlackHole\/.  Chris Morrow and Brian Gemberling. How to Allow your Customers to blackhole their own traffic. http:\/\/www.secsup.org\/CustomerBlackHole\/."},{"key":"e_1_3_2_1_16_1","unstructured":"R. Pang V. Yegneswaran P. Barford V. Paxson and L. Peterson. Characteristics of Internet Background Radiation. Available at http:\/\/www.cs.princeton.edu\/nsg\/papers\/telescope.pdf.  R. Pang V. Yegneswaran P. Barford V. Paxson and L. Peterson. Characteristics of Internet Background Radiation. Available at http:\/\/www.cs.princeton.edu\/nsg\/papers\/telescope.pdf."},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1016\/S1389-1286(99)00112-7"},{"key":"e_1_3_2_1_18_1","volume-title":"10th DFN-CERT Workshop","author":"Provos Niels","year":"2003","unstructured":"Niels Provos . Honeyd ---A virtual honeypot daemon . In 10th DFN-CERT Workshop , Hamburg, Germany , February 2003 . Niels Provos. Honeyd ---A virtual honeypot daemon. In 10th DFN-CERT Workshop, Hamburg, Germany, February 2003."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.5555\/1039834.1039864"},{"key":"e_1_3_2_1_20_1","unstructured":"SANS Institute. Internet storm center. http:\/\/isc.incidents.org\/ June 2004.  SANS Institute. Internet storm center. http:\/\/isc.incidents.org\/ June 2004."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"crossref","unstructured":"Colleen Shannon and David Moore. The spread of the Witty worm. http:\/\/www.caida.org\/analysis\/secuirty\/witty\/ June 2004.  Colleen Shannon and David Moore. The spread of the Witty worm. http:\/\/www.caida.org\/analysis\/secuirty\/witty\/ June 2004.","DOI":"10.1109\/MSP.2004.59"},{"key":"e_1_3_2_1_22_1","volume-title":"Arbor Networks","author":"Song Dug","year":"2001","unstructured":"Dug Song , Rob Malan , and Robert Stone . A snapshot of global Internet worm activity. Technical report , Arbor Networks , 2001 . Dug Song, Rob Malan, and Robert Stone. A snapshot of global Internet worm activity. Technical report, Arbor Networks, 2001."},{"key":"e_1_3_2_1_23_1","volume-title":"Honeypots: Tracking Hackers","author":"Spitzner Lance","year":"2002","unstructured":"Lance Spitzner . Honeypots: Tracking Hackers . Addison-Wesley , 2002 . Lance Spitzner. Honeypots: Tracking Hackers. Addison-Wesley, 2002."},{"key":"e_1_3_2_1_24_1","unstructured":"Lance Spitzner et al. The honeynet project. http:\/\/project.honeynet.org\/ June 2004.  Lance Spitzner et al. The honeynet project. http:\/\/project.honeynet.org\/ June 2004."},{"key":"e_1_3_2_1_25_1","first-page":"199","volume-title":"Proceedings of the 9th USENIX Security Symposium","author":"Robert Stone. Center","year":"2000","unstructured":"Robert Stone. Center Track : An IP overlay network for tracking DoS floods. In USENIX, editor , Proceedings of the 9th USENIX Security Symposium , pages 199 -- 212 , Berkeley, CA, USA, August 14--17 2000 . The USENIX Association. Robert Stone. CenterTrack: An IP overlay network for tracking DoS floods. In USENIX, editor, Proceedings of the 9th USENIX Security Symposium, pages 199--212, Berkeley, CA, USA, August 14--17 2000. The USENIX Association."},{"key":"e_1_3_2_1_26_1","unstructured":"Symantec Corp. Linux.Slapper.Worm. http:\/\/securityresponse.symantec.com\/avcenter\/venc\/data\/linux.slapper.worm.html.  Symantec Corp. Linux.Slapper.Worm. http:\/\/securityresponse.symantec.com\/avcenter\/venc\/data\/linux.slapper.worm.html."},{"key":"e_1_3_2_1_27_1","unstructured":"Team CYMRU. The darknet project. http:\/\/www.cymru.com\/Darknet\/index.html June 2004.  Team CYMRU. The darknet project. http:\/\/www.cymru.com\/Darknet\/index.html June 2004."},{"key":"e_1_3_2_1_28_1","unstructured":"University of Oregon.RouteViews project. http:\/\/www.routeviews.org\/.  University of Oregon.RouteViews project. http:\/\/www.routeviews.org\/."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/948187.948190"},{"key":"e_1_3_2_1_30_1","volume-title":"Proceedings of Network and Distributed System Security Symposium ( NDSS '04)","author":"Yegneswaran Vinod","year":"2004","unstructured":"Vinod Yegneswaran , Paul Barford , and Somesh Jha . Global intrusion detection in the DOMINO overlay system . In Proceedings of Network and Distributed System Security Symposium ( NDSS '04) , San Diego, CA , February 2004 . Vinod Yegneswaran, Paul Barford, and Somesh Jha. Global intrusion detection in the DOMINO overlay system. In Proceedings of Network and Distributed System Security Symposium ( NDSS '04), San Diego, CA, February 2004."}],"event":{"name":"CCS04: 11th ACM Conference on Computer and Communications Security 2004","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control","ACM Association for Computing Machinery"],"location":"Washington DC USA","acronym":"CCS04"},"container-title":["Proceedings of the 2004 ACM workshop on Rapid malcode"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1029618.1029627","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1029618.1029627","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T16:31:00Z","timestamp":1750264260000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1029618.1029627"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2004,10,29]]},"references-count":28,"alternative-id":["10.1145\/1029618.1029627","10.1145\/1029618"],"URL":"https:\/\/doi.org\/10.1145\/1029618.1029627","relation":{},"subject":[],"published":{"date-parts":[[2004,10,29]]},"assertion":[{"value":"2004-10-29","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}