{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,25]],"date-time":"2025-10-25T14:12:59Z","timestamp":1761401579322,"version":"3.41.0"},"reference-count":34,"publisher":"Association for Computing Machinery (ACM)","issue":"1","license":[{"start":{"date-parts":[[2011,7,1]],"date-time":"2011-07-01T00:00:00Z","timestamp":1309478400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Internet Technol."],"published-print":{"date-parts":[[2011,7]]},"abstract":"<jats:p>There is a continuous struggle for control of resources at every organization that is connected to the Internet. The local organization wishes to use its resources to achieve strategic goals. Some external entities seek direct control of these resources, for purposes such as spamming or launching denial-of-service attacks. Other external entities seek indirect control of assets (e.g., users, finances), but provide services in exchange for them.<\/jats:p>\n          <jats:p>\n            Using a year-long trace from an edge network, we examine what various external organizations know about one organization. We compare the types of information exposed by or to external organizations using either active (\n            <jats:italic>reconnaissance<\/jats:italic>\n            ) or passive (\n            <jats:italic>surveillance<\/jats:italic>\n            ) techniques. We also explore the direct and indirect control external entities have on local IT resources.\n          <\/jats:p>","DOI":"10.1145\/1993083.1993085","type":"journal-article","created":{"date-parts":[[2011,8,3]],"date-time":"2011-08-03T16:16:13Z","timestamp":1312388173000},"page":"1-26","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":6,"title":["Characterizing Intelligence Gathering and Control on an Edge Network"],"prefix":"10.1145","volume":"11","author":[{"given":"Martin","family":"Arlitt","sequence":"first","affiliation":[{"name":"HP Labs, Palo Alto and University of Calgary"}]},{"given":"Niklas","family":"Carlsson","sequence":"additional","affiliation":[{"name":"Link\u00f6ping University"}]},{"given":"Phillipa","family":"Gill","sequence":"additional","affiliation":[{"name":"University of Toronto"}]},{"given":"Aniket","family":"Mahanti","sequence":"additional","affiliation":[{"name":"University of Calgary"}]},{"given":"Carey","family":"Williamson","sequence":"additional","affiliation":[{"name":"University of Calgary"}]}],"member":"320","published-online":{"date-parts":[[2011,7]]},"reference":[{"key":"e_1_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/1298306.1298316"},{"key":"e_1_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/1052812.1052823"},{"volume-title":"Proceedings of the 1st Conference of the 1st Workshop on Hot Topics in Understanding Botnets (HotBots\u201907)","author":"Barford P.","key":"e_1_2_1_3_1","unstructured":"Barford , P. and Blodgett , M . 2007. Toward botnet mesocosms . In Proceedings of the 1st Conference of the 1st Workshop on Hot Topics in Understanding Botnets (HotBots\u201907) . USENIX Association Berkeley, CA. Barford, P. and Blodgett, M. 2007. Toward botnet mesocosms. In Proceedings of the 1st Conference of the 1st Workshop on Hot Topics in Understanding Botnets (HotBots\u201907). USENIX Association Berkeley, CA."},{"key":"e_1_2_1_4_1","first-page":"8","article-title":"An inside look at botnets","volume":"27","author":"Barford P.","year":"2006","unstructured":"Barford , P. and Yegneswaran , V. 2006 . An inside look at botnets . In Advanced in Information Security , vol. 27 , ch. 8 . Barford, P. and Yegneswaran, V. 2006. An inside look at botnets. In Advanced in Information Security, vol. 27, ch. 8.","journal-title":"Advanced in Information Security"},{"key":"e_1_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/1298306.1298319"},{"volume-title":"Proceedings of the IEEE INFOCOM. IEEE","author":"Duffield N.","key":"e_1_2_1_6_1","unstructured":"Duffield , N. , Haffner , P. , Krishnamurthy , B. , and Ringberg , H . 2009. Rule-based anomaly detection on IP flows . In Proceedings of the IEEE INFOCOM. IEEE , Los Alamitos, CA. Duffield, N., Haffner, P., Krishnamurthy, B., and Ringberg, H. 2009. Rule-based anomaly detection on IP flows. In Proceedings of the IEEE INFOCOM. IEEE, Los Alamitos, CA."},{"key":"e_1_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1109\/ISCC.2006.142"},{"volume-title":"Proceedings of SysML.","author":"Jin Y.","key":"e_1_2_1_8_1","unstructured":"Jin , Y. , Simon , G. , Xu , K. , Zhang , Z. , and Kumar , V . 2007a. Gray\u2019s anatomy: Dissecting scanning activities using IP gray space analysis . In Proceedings of SysML. Jin, Y., Simon, G., Xu, K., Zhang, Z., and Kumar, V. 2007a. Gray\u2019s anatomy: Dissecting scanning activities using IP gray space analysis. In Proceedings of SysML."},{"key":"e_1_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/1269880.1269883"},{"key":"e_1_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/1555349.1555356"},{"volume-title":"Proceedings of the IEEE Symposium on Security and Privacy. IEEE","author":"Jung J.","key":"e_1_2_1_11_1","unstructured":"Jung , J. , Paxson , V. , Berger , A. , and Balakrishnan , H . 2004. Fast portscan detection using sequential hypothesis testing . In Proceedings of the IEEE Symposium on Security and Privacy. IEEE , Los Alamitos, CA. Jung, J., Paxson, V., Berger, A., and Balakrishnan, H. 2004. Fast portscan detection using sequential hypothesis testing. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE, Los Alamitos, CA."},{"key":"e_1_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-73614-1_11"},{"volume-title":"Proceedings of the 1st Conference on the 1st Workshop on Hot Topics in Understanding Botnets (HotBots\u201907)","author":"Karasaridis A.","key":"e_1_2_1_13_1","unstructured":"Karasaridis , A. , Rexroad , B. , and Hoeflin , D . 2007. Wide-scale botnet detection and characterization . In Proceedings of the 1st Conference on the 1st Workshop on Hot Topics in Understanding Botnets (HotBots\u201907) . USENIX Association, Berkeley, CA. Karasaridis, A., Rexroad, B., and Hoeflin, D. 2007. Wide-scale botnet detection and characterization. In Proceedings of the 1st Conference on the 1st Workshop on Hot Topics in Understanding Botnets (HotBots\u201907). USENIX Association, Berkeley, CA."},{"volume-title":"Proceedings of the 5th ACM SIGCOMM Conference on Internet Measurement (IMC\u201905)","author":"Katti S.","key":"e_1_2_1_14_1","unstructured":"Katti , S. , Krishnamurthy , B. , and Katabi , D . 2005. Collaborating against common enemies . In Proceedings of the 5th ACM SIGCOMM Conference on Internet Measurement (IMC\u201905) . ACM, New York. Katti, S., Krishnamurthy, B., and Katabi, D. 2005. Collaborating against common enemies. In Proceedings of the 5th ACM SIGCOMM Conference on Internet Measurement (IMC\u201905). ACM, New York."},{"key":"e_1_2_1_15_1","doi-asserted-by":"crossref","unstructured":"Klensin J. 2001. Simple mail transfer protocol. RFC 2821.   Klensin J. 2001. Simple mail transfer protocol. RFC 2821.","DOI":"10.17487\/rfc2821"},{"key":"e_1_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/1526709.1526782"},{"key":"e_1_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/1533057.1533063"},{"key":"e_1_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1109\/VIZSEC.2005.2"},{"key":"e_1_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/1555349.1555352"},{"key":"e_1_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/1028788.1028794"},{"key":"e_1_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/1028788.1028824"},{"key":"e_1_2_1_22_1","doi-asserted-by":"crossref","unstructured":"Postel J. 1982. Simple mail transfer protocol. RFC 821.   Postel J. 1982. Simple mail transfer protocol. RFC 821.","DOI":"10.17487\/rfc0821"},{"volume-title":"Proceedings of the Symposium on Security and Privacy. IEEE","author":"Shankar U.","key":"e_1_2_1_23_1","unstructured":"Shankar , U. and Paxson , V . 2003. Active mapping: Resisting NIDS evasion without altering traffic . In Proceedings of the Symposium on Security and Privacy. IEEE , Los Alamitos, CA. Shankar, U. and Paxson, V. 2003. Active mapping: Resisting NIDS evasion without altering traffic. In Proceedings of the Symposium on Security and Privacy. IEEE, Los Alamitos, CA."},{"key":"e_1_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/1028788.1028799"},{"volume-title":"Proceedings of the 17th International Conference on Parallel and Distributed Computing Systems.","author":"Specht S.","key":"e_1_2_1_25_1","unstructured":"Specht , S. and Lee , R . 2004. Distributed denial of service: Taxonomies of attacks, tools and countermeasures . In Proceedings of the 17th International Conference on Parallel and Distributed Computing Systems. Specht, S. and Lee, R. 2004. Distributed denial of service: Taxonomies of attacks, tools and countermeasures. In Proceedings of the 17th International Conference on Parallel and Distributed Computing Systems."},{"volume-title":"Proceedings of the 11th USENIX Security Symposium. USENIX Association","author":"Staniford S.","key":"e_1_2_1_26_1","unstructured":"Staniford , S. , Paxson , V. , and Weaver , N . 2002. How to own the Internet in your spare time . In Proceedings of the 11th USENIX Security Symposium. USENIX Association , Berkeley, CA. Staniford, S., Paxson, V., and Weaver, N. 2002. How to own the Internet in your spare time. In Proceedings of the 11th USENIX Security Symposium. USENIX Association, Berkeley, CA."},{"volume-title":"Proceedings of the 13th Conference on USENIX Security Symposium (SSYM\u201904)","author":"Weaver N.","key":"e_1_2_1_27_1","unstructured":"Weaver , N. , Staniford , S. , and Paxson , V . 2004. Very fast containment of scanning worms . In Proceedings of the 13th Conference on USENIX Security Symposium (SSYM\u201904) . USENIX Association, Berkeley, CA. Weaver, N., Staniford, S., and Paxson, V. 2004. Very fast containment of scanning worms. In Proceedings of the 13th Conference on USENIX Security Symposium (SSYM\u201904). USENIX Association, Berkeley, CA."},{"volume-title":"Proceedings of the 12th Conference on USENIX Security Symposium (SSYM\u201903)","author":"Weaver N.","key":"e_1_2_1_28_1","unstructured":"Weaver , N. , Sommer , R. , and Paxson , V . 2009. Detecting forged tcp reset packets . In Proceedings of the 12th Conference on USENIX Security Symposium (SSYM\u201903) . USENIX Association, Berkeley, CA. Weaver, N., Sommer, R., and Paxson, V. 2009. Detecting forged tcp reset packets. In Proceedings of the 12th Conference on USENIX Security Symposium (SSYM\u201903). USENIX Association, Berkeley, CA."},{"key":"e_1_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/1594977.1592579"},{"key":"e_1_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1109\/TNET.2007.911438"},{"key":"e_1_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/781027.781045"},{"key":"e_1_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/1029208.1029214"},{"volume-title":"Proceedings of the 1st USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET\u201908)","author":"Zhuang L.","key":"e_1_2_1_33_1","unstructured":"Zhuang , L. , Dunagan , J. , Simon , D. , Daniel , R. , Wang , H. , and Tygar , J . 2008. Characterizing botnets from email spam records . In Proceedings of the 1st USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET\u201908) . USENIX Association, Berkeley, CA. Zhuang, L., Dunagan, J., Simon, D., Daniel, R., Wang, H., and Tygar, J. 2008. Characterizing botnets from email spam records. In Proceedings of the 1st USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET\u201908). USENIX Association, Berkeley, CA."},{"key":"e_1_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1109\/TNET.2005.857113"}],"container-title":["ACM Transactions on Internet Technology"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1993083.1993085","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1993083.1993085","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T11:05:45Z","timestamp":1750244745000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1993083.1993085"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2011,7]]},"references-count":34,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2011,7]]}},"alternative-id":["10.1145\/1993083.1993085"],"URL":"https:\/\/doi.org\/10.1145\/1993083.1993085","relation":{},"ISSN":["1533-5399","1557-6051"],"issn-type":[{"type":"print","value":"1533-5399"},{"type":"electronic","value":"1557-6051"}],"subject":[],"published":{"date-parts":[[2011,7]]},"assertion":[{"value":"2009-09-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2011-02-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2011-07-01","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}