{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,21]],"date-time":"2026-01-21T11:55:45Z","timestamp":1768996545978,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":36,"publisher":"ACM","license":[{"start":{"date-parts":[[2004,10,25]],"date-time":"2004-10-25T00:00:00Z","timestamp":1098662400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2004,10,25]]},"DOI":"10.1145\/1030083.1030100","type":"proceedings-article","created":{"date-parts":[[2005,1,30]],"date-time":"2005-01-30T17:55:16Z","timestamp":1107107716000},"page":"110-120","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":72,"title":["Web tap"],"prefix":"10.1145","author":[{"given":"Kevin","family":"Borders","sequence":"first","affiliation":[{"name":"University of Michigan, Ann Arbor, MI"}]},{"given":"Atul","family":"Prakash","sequence":"additional","affiliation":[{"name":"University of Michigan, Ann Arbor, MI"}]}],"member":"320","published-online":{"date-parts":[[2004,10,25]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"http:\/\/www.lavasoftusa.com\/software\/adaware\/","author":"Ad-Aware","year":"2004","unstructured":"Ad-Aware , http:\/\/www.lavasoftusa.com\/software\/adaware\/ , 2004 .]] Ad-Aware, http:\/\/www.lavasoftusa.com\/software\/adaware\/, 2004.]]"},{"key":"e_1_3_2_1_2_1","volume-title":"July","author":"Barbara D.","year":"2002","unstructured":"D. Barbara , R. Goel , and S. Jajodia . Mining Malicious Data Corruption with Hidden Markov Models. 16th Annual IFIP WG 11.3 Working Conference on Data and Application Security , July 2002 .]] D. Barbara, R. Goel, and S. Jajodia. Mining Malicious Data Corruption with Hidden Markov Models. 16th Annual IFIP WG 11.3 Working Conference on Data and Application Security, July 2002.]]"},{"key":"e_1_3_2_1_4_1","volume-title":"President, the Center For Democracy & Technology On the SPY BLOCK Act, Before the Senate Committee On Commerce, Science, And Transportation Subcommittee on Communication","author":"Berman J.","year":"2004","unstructured":"J. Berman , Prepared Statement of Jerry Berman , President, the Center For Democracy & Technology On the SPY BLOCK Act, Before the Senate Committee On Commerce, Science, And Transportation Subcommittee on Communication , March 2004 .]] J. Berman, Prepared Statement of Jerry Berman, President, the Center For Democracy & Technology On the SPY BLOCK Act, Before the Senate Committee On Commerce, Science, And Transportation Subcommittee on Communication, March 2004.]]"},{"key":"e_1_3_2_1_5_1","volume-title":"http:\/\/blackice.iss.net\/","author":"Protection ICE PC","year":"2004","unstructured":"Black ICE PC Protection , http:\/\/blackice.iss.net\/ , 2004 .]] BlackICE PC Protection, http:\/\/blackice.iss.net\/, 2004.]]"},{"key":"e_1_3_2_1_6_1","volume-title":"October","author":"Vulnerability CERT","year":"1998","unstructured":"CERT Vulnerability Note VN-98.07 , http:\/\/www.cert .org\/vulnotes\/VN-98.07.backorifice.html , October 1998 .]] CERT Vulnerability Note VN-98.07, http:\/\/www.cert .org\/vulnotes\/VN-98.07.backorifice.html, October 1998.]]"},{"key":"e_1_3_2_1_7_1","unstructured":"CERT Advisory CA-2003-22 Multiple Vulnerabilities in Microsoft Internet Explorer http:\/\/www.cert.org\/advisories\/ CA-2003-22.html August 2003.]]  CERT Advisory CA-2003-22 Multiple Vulnerabilities in Microsoft Internet Explorer http:\/\/www.cert.org\/advisories\/ CA-2003-22.html August 2003.]]"},{"key":"e_1_3_2_1_8_1","volume-title":"USENIX proceedings","author":"Cheswick B.","year":"1990","unstructured":"B. Cheswick , An Evening with Berferd in which a cracker is Lured, Endured, and Studied , USENIX proceedings , January 1990 .]] B. Cheswick, An Evening with Berferd in which a cracker is Lured, Endured, and Studied, USENIX proceedings, January 1990.]]"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.1987.232894"},{"key":"e_1_3_2_1_10_1","volume-title":"Proc. of USENIX Symposium on Internet Technology and Systems","author":"Duska B.","year":"1997","unstructured":"B. Duska , D. Marwood , and M. J. Feeley , The measured access characteristics of World Wide Web client proxy caches , Proc. of USENIX Symposium on Internet Technology and Systems , December 1997 .]] B. Duska, D. Marwood, and M. J. Feeley, The measured access characteristics of World Wide Web client proxy caches, Proc. of USENIX Symposium on Internet Technology and Systems, December 1997.]]"},{"key":"e_1_3_2_1_11_1","volume-title":"http:\/\/www.gray-world.net\/pr_firepass. shtml","author":"Dyatlov A.","year":"2004","unstructured":"A. Dyatlov , Firepass , http:\/\/www.gray-world.net\/pr_firepass. shtml , 2004 .]] A. Dyatlov, Firepass, http:\/\/www.gray-world.net\/pr_firepass. shtml, 2004.]]"},{"key":"e_1_3_2_1_12_1","volume-title":"http:\/\/www.gray-world.net\/pr_wsh.shtml","author":"Dyatlov A.","year":"2004","unstructured":"A. Dyatlov , S. Castro , Wsh ' Web Shell' , http:\/\/www.gray-world.net\/pr_wsh.shtml , 2004 .]] A. Dyatlov, S. Castro, Wsh 'Web Shell', http:\/\/www.gray-world.net\/pr_wsh.shtml, 2004.]]"},{"key":"e_1_3_2_1_13_1","volume-title":"http:\/\/eyeonsecurity.org\/advisories\/Gator\/","year":"2002","unstructured":"EyeOnSecurity , http:\/\/eyeonsecurity.org\/advisories\/Gator\/ , 2002 .]] EyeOnSecurity, http:\/\/eyeonsecurity.org\/advisories\/Gator\/, 2002.]]"},{"key":"e_1_3_2_1_14_1","volume-title":"RFC","author":"Fielding R.","year":"1999","unstructured":"R. Fielding , J. Gettys , J. C. Mogul , H. Frystyk , L. Masinter , P. Leach and T. Berners-Lee . Hypertext Transfer Protocol HTTP\/1.1 , RFC 2616, June 1999 .]] R. Fielding, J. Gettys, J. C. Mogul, H. Frystyk, L. Masinter, P. Leach and T. Berners-Lee. Hypertext Transfer Protocol HTTP\/1.1, RFC 2616, June 1999.]]"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.5555\/525080.884258"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.5555\/784589.784655"},{"key":"e_1_3_2_1_17_1","unstructured":"S. Hisao Tiny HTTP Proxy http:\/\/mail.python.org\/ pipermail\/python-list\/2003-June\/168957.html June 2003.]]  S. Hisao Tiny HTTP Proxy http:\/\/mail.python.org\/ pipermail\/python-list\/2003-June\/168957.html June 2003.]]"},{"key":"e_1_3_2_1_18_1","volume-title":"http:\/\/www.hopster.com\/","author":"Hopster","year":"2004","unstructured":"Hopster , http:\/\/www.hopster.com\/ , 2004 .]] Hopster, http:\/\/www.hopster.com\/, 2004.]]"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1109\/RISP.1991.130799"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1016\/S0140-3664(01)00407-8"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/508791.508835"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/948109.948144"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/288090.288122"},{"key":"e_1_3_2_1_24_1","volume-title":"Handbook for the computer Security Certification of Trusted Systems","author":"McHugh J.","year":"1995","unstructured":"J. McHugh , \" Covert Channel Analysis\" , Handbook for the computer Security Certification of Trusted Systems , 1995 .]] J. McHugh, \"Covert Channel Analysis\", Handbook for the computer Security Certification of Trusted Systems, 1995.]]"},{"key":"e_1_3_2_1_25_1","unstructured":"MIMEsweeper http:\/\/www.mimesweeper.com\/products\/msw\/msw_web\/default.aspx 2004.]]  MIMEsweeper http:\/\/www.mimesweeper.com\/products\/msw\/msw_web\/default.aspx 2004.]]"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/CMPASS.1994.318449"},{"key":"e_1_3_2_1_27_1","volume-title":"Bro: A System for Detecting Network Intruders in Real-Time. Proc. of the 7th Usenix Security Symposium","author":"Paxson V.","year":"1998","unstructured":"V. Paxson . Bro: A System for Detecting Network Intruders in Real-Time. Proc. of the 7th Usenix Security Symposium , January 1998 .]] V. Paxson. Bro: A System for Detecting Network Intruders in Real-Time. Proc. of the 7th Usenix Security Symposium, January 1998.]]"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/90.392383"},{"issue":"7","key":"e_1_3_2_1_29_1","first-page":"1062","volume":"87","author":"Petitcolas F. A. P.","year":"1999","unstructured":"F. A. P. Petitcolas , R. J. Anderson , and M. G. Kuhn , Information hiding---A survey, Proceedings of the IEEE, special issue on protection of multimedia content , 87 ( 7 ): 1062 - 1078 , July 1999 .]] F. A. P. Petitcolas, R. J. Anderson, and M. G. Kuhn, Information hiding---A survey, Proceedings of the IEEE, special issue on protection of multimedia content, 87(7):1062-1078, July 1999.]]","journal-title":"Information hiding---A survey, Proceedings of the IEEE, special issue on protection of multimedia content"},{"key":"e_1_3_2_1_30_1","first-page":"141","volume-title":"Proc. of the First Symposium on Networked Systems Design and Implementation","author":"Saroiu S.","year":"2004","unstructured":"S. Saroiu , S. D. Gribble , and H. M. Levy , Measurement and Analysis of Spyware in a University Environment , Proc. of the First Symposium on Networked Systems Design and Implementation , pp. 141 -- 153 , March 2004 .]] S. Saroiu, S. D. Gribble, and H. M. Levy, Measurement and Analysis of Spyware in a University Environment, Proc. of the First Symposium on Networked Systems Design and Implementation, pp. 141--153, March 2004.]]"},{"key":"e_1_3_2_1_31_1","volume-title":"Snort - Lightweight Intrusion Detection for Networks. Proc. of the USENIX LISA '99 Conference","author":"Roesch M.","year":"1999","unstructured":"M. Roesch . Snort - Lightweight Intrusion Detection for Networks. Proc. of the USENIX LISA '99 Conference , November 1999 .]] M. Roesch. Snort - Lightweight Intrusion Detection for Networks. Proc. of the USENIX LISA '99 Conference, November 1999.]]"},{"key":"e_1_3_2_1_32_1","volume-title":"http:\/\/www.safer-networking.org\/","author":"Search Spybot","year":"2004","unstructured":"Spybot - Search and Destroy , http:\/\/www.safer-networking.org\/ , 2004 .]] Spybot - Search and Destroy, http:\/\/www.safer-networking.org\/, 2004.]]"},{"key":"e_1_3_2_1_33_1","unstructured":"SpywareBlaster http:\/\/www.javacoolsoftware.com\/ spywareblaster.html\/ 2004.]]  SpywareBlaster http:\/\/www.javacoolsoftware.com\/ spywareblaster.html\/ 2004.]]"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.5555\/829514.830544"},{"key":"e_1_3_2_1_35_1","volume-title":"http:\/\/www.websense.com\/products\/about\/ howitworks\/index.cfm","author":"Websense","year":"2004","unstructured":"Websense , http:\/\/www.websense.com\/products\/about\/ howitworks\/index.cfm , 2004 .]] Websense, http:\/\/www.websense.com\/products\/about\/ howitworks\/index.cfm, 2004.]]"},{"issue":"3","key":"e_1_3_2_1_36_1","volume":"52","author":"Ye N.","year":"2003","unstructured":"N. Ye , Y. Zhang , and C.M. Borror . Robustness of Markov chain model for cyber attack detection. IEEE Transactions on Reliability , 52 ( 3 ), September 2003 .]] N. Ye, Y. Zhang, and C.M. Borror. Robustness of Markov chain model for cyber attack detection. IEEE Transactions on Reliability, 52(3), September 2003.]]","journal-title":"IEEE Transactions on Reliability"},{"key":"e_1_3_2_1_37_1","volume-title":"Proc. of the 9th USENIX Security Symposium","author":"Zhang Y.","year":"2000","unstructured":"Y. Zhang , V. Paxson , \" Detecting Backdoors\" , Proc. of the 9th USENIX Security Symposium , August 2000 .]] Y. Zhang, V. Paxson, \"Detecting Backdoors\", Proc. of the 9th USENIX Security Symposium, August 2000.]]"}],"event":{"name":"CCS04: 11th ACM Conference on Computer and Communications Security 2004","location":"Washington DC USA","acronym":"CCS04","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control","ACM Association for Computing Machinery"]},"container-title":["Proceedings of the 11th ACM conference on Computer and communications security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1030083.1030100","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1030083.1030100","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T16:25:07Z","timestamp":1750263907000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1030083.1030100"}},"subtitle":["detecting covert web traffic"],"short-title":[],"issued":{"date-parts":[[2004,10,25]]},"references-count":36,"alternative-id":["10.1145\/1030083.1030100","10.1145\/1030083"],"URL":"https:\/\/doi.org\/10.1145\/1030083.1030100","relation":{},"subject":[],"published":{"date-parts":[[2004,10,25]]},"assertion":[{"value":"2004-10-25","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}