{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,19]],"date-time":"2025-12-19T09:21:15Z","timestamp":1766136075702,"version":"3.41.0"},"reference-count":14,"publisher":"Association for Computing Machinery (ACM)","issue":"5","license":[{"start":{"date-parts":[[2009,10,7]],"date-time":"2009-10-07T00:00:00Z","timestamp":1254873600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["SIGCOMM Comput. Commun. Rev."],"published-print":{"date-parts":[[2009,10,7]]},"abstract":"<jats:p>Much of Internet traffic modeling, firewall, and intrusion detection research requires traces where some ground truth regarding application and protocol is associated with each packet or flow. This paper presents the design, development and experimental evaluation of gt, an open source software toolset for associating ground truth information with Internet traffic traces. By probing the monitored host's kernel to obtain information on active Internet sessions, gt gathers ground truth at the application level. Preliminary experimental results show that gt's effectiveness comes at little cost in terms of overhead on the hosting machines. Furthermore, when coupled with other packet inspection mechanisms, gt can derive ground truth not only in terms of applications (e.g., e-mail), but also in terms of protocols (e.g., SMTP vs. POP3).<\/jats:p>","DOI":"10.1145\/1629607.1629610","type":"journal-article","created":{"date-parts":[[2009,10,8]],"date-time":"2009-10-08T17:31:08Z","timestamp":1255023068000},"page":"12-18","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":154,"title":["GT"],"prefix":"10.1145","volume":"39","author":[{"given":"F.","family":"Gringoli","sequence":"first","affiliation":[{"name":"Universit\u00e0 di Brescia, Brescia, Italy"}]},{"given":"Luca","family":"Salgarelli","sequence":"additional","affiliation":[{"name":"Universit\u00e0 di Brescia, Brescia, Italy"}]},{"given":"M.","family":"Dusi","sequence":"additional","affiliation":[{"name":"Universit\u00e0 di Brescia, Brescia, Italy"}]},{"given":"N.","family":"Cascarano","sequence":"additional","affiliation":[{"name":"Politecnico di Torino, Torino, Italy"}]},{"given":"F.","family":"Risso","sequence":"additional","affiliation":[{"name":"Politecnico di Torino, Torino, Italy"}]},{"given":"k. c.","family":"claffy","sequence":"additional","affiliation":[{"name":"CAIDA, San Diego, CA, USA"}]}],"member":"320","published-online":{"date-parts":[[2009,10,7]]},"reference":[{"key":"e_1_2_1_1_1","unstructured":"The Ground Truth software tools. http:\/\/www.ing.unibs.it\/ntw\/tools\/gt.  The Ground Truth software tools. http:\/\/www.ing.unibs.it\/ntw\/tools\/gt."},{"key":"e_1_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/1162678.1162679"},{"key":"e_1_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/1544012.1544023"},{"key":"e_1_2_1_4_1","unstructured":"The Cooperative Association for Internet Data Analysis (CAIDA). http:\/\/www.caida.org.  The Cooperative Association for Internet Data Analysis (CAIDA). http:\/\/www.caida.org."},{"key":"e_1_2_1_5_1","unstructured":"LBNL\/ICSI Enterprise Tracing Project. http:\/\/www.icir.org\/enterprise-tracing.  LBNL\/ICSI Enterprise Tracing Project. http:\/\/www.icir.org\/enterprise-tracing."},{"key":"e_1_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2008.09.010"},{"key":"e_1_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/1402946.1402991"},{"key":"e_1_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/1080091.1080119"},{"key":"e_1_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.5555\/1791949.1791960"},{"key":"e_1_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-01645-5_7"},{"key":"e_1_2_1_11_1","unstructured":"L7 Filter. http:\/\/l7-filter.sourceforge.net.  L7 Filter. http:\/\/l7-filter.sourceforge.net."},{"key":"e_1_2_1_12_1","unstructured":"Tcpdump\/Libpcap. http:\/\/www.tcpdump.org.  Tcpdump\/Libpcap. http:\/\/www.tcpdump.org."},{"key":"e_1_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.5555\/1719650.1719672"},{"key":"e_1_2_1_14_1","volume-title":"BlackHat Europe","author":"Biondi P.","year":"2006","unstructured":"P. Biondi and F. Desclaux . Silver Needle in the Skype . In BlackHat Europe , Amsterdam , The Netherlands , Mar. 2006 . P. Biondi and F. Desclaux. Silver Needle in the Skype. In BlackHat Europe, Amsterdam, The Netherlands, Mar. 2006."}],"container-title":["ACM SIGCOMM Computer Communication Review"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1629607.1629610","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1629607.1629610","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T12:23:27Z","timestamp":1750249407000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1629607.1629610"}},"subtitle":["picking up the truth from the ground for internet traffic"],"short-title":[],"issued":{"date-parts":[[2009,10,7]]},"references-count":14,"journal-issue":{"issue":"5","published-print":{"date-parts":[[2009,10,7]]}},"alternative-id":["10.1145\/1629607.1629610"],"URL":"https:\/\/doi.org\/10.1145\/1629607.1629610","relation":{},"ISSN":["0146-4833"],"issn-type":[{"type":"print","value":"0146-4833"}],"subject":[],"published":{"date-parts":[[2009,10,7]]},"assertion":[{"value":"2009-10-07","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}