{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,23]],"date-time":"2026-02-23T23:10:16Z","timestamp":1771888216704,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":36,"publisher":"ACM","license":[{"start":{"date-parts":[[2017,12,4]],"date-time":"2017-12-04T00:00:00Z","timestamp":1512345600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2017,12,4]]},"DOI":"10.1145\/3134600.3134605","type":"proceedings-article","created":{"date-parts":[[2017,12,4]],"date-time":"2017-12-04T19:18:32Z","timestamp":1512415112000},"page":"373-386","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":25,"title":["DECANTeR"],"prefix":"10.1145","author":[{"given":"Riccardo","family":"Bortolameotti","sequence":"first","affiliation":[{"name":"University of Twente"}]},{"given":"Thijs","family":"van Ede","sequence":"additional","affiliation":[{"name":"University of Twente"}]},{"given":"Marco","family":"Caselli","sequence":"additional","affiliation":[{"name":"Siemens AG"}]},{"given":"Maarten H.","family":"Everts","sequence":"additional","affiliation":[{"name":"University of Twente and TNO"}]},{"given":"Pieter","family":"Hartel","sequence":"additional","affiliation":[{"name":"Delft University of Technology"}]},{"given":"Rick","family":"Hofstede","sequence":"additional","affiliation":[{"name":"RedSocks Security B.V."}]},{"given":"Willem","family":"Jonker","sequence":"additional","affiliation":[{"name":"University of Twente"}]},{"given":"Andreas","family":"Peter","sequence":"additional","affiliation":[{"name":"University of Twente"}]}],"member":"320","published-online":{"date-parts":[[2017,12,4]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1109\/MALWARE.2012.6461004"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1109\/Trustcom.2015.464"},{"key":"e_1_3_2_1_3_1","volume-title":"Optimized Invariant Representation of Network Traffic for Detecting Unseen Malware Variants. In 25th USENIX Security Symposium, USENIX Security 16","author":"Bartos Karel","year":"2016","unstructured":"Karel Bartos , Michal Sofka , and Vojtech Franc . 2016 . Optimized Invariant Representation of Network Traffic for Detecting Unseen Malware Variants. In 25th USENIX Security Symposium, USENIX Security 16 , Austin, TX, USA , August 10-12, 2016. USENIX Association, 807--822. Karel Bartos, Michal Sofka, and Vojtech Franc. 2016. Optimized Invariant Representation of Network Traffic for Detecting Unseen Malware Variants. In 25th USENIX Security Symposium, USENIX Security 16, Austin, TX, USA, August 10-12, 2016. USENIX Association, 807--822."},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/2420950.2420969"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/1030083.1030100"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2009.9"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/2991079.2991110"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2017.23456"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/DISCEX.2003.1194894"},{"key":"e_1_3_2_1_10_1","volume-title":"Proceedings of the 17th USENIX Security Symposium","author":"Gu Guofei","year":"2008","unstructured":"Guofei Gu , Roberto Perdisci , Junjie Zhang , and Wenke Lee . 2008 . BotMiner: Clustering Analysis of Network Traffic for Protocol and Structure-Independent Botnet Detection . In Proceedings of the 17th USENIX Security Symposium , July 28-August 1, 2008, San Jose, CA, USA. USENIX Association, 139--154. Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee. 2008. BotMiner: Clustering Analysis of Network Traffic for Protocol and Structure-Independent Botnet Detection. In Proceedings of the 17th USENIX Security Symposium, July 28-August 1, 2008, San Jose, CA, USA. USENIX Association, 139--154."},{"key":"e_1_3_2_1_11_1","volume-title":"BotSniffer: Detecting Botnet Command and Control Channelsin Network Traffic.In Proceedings of the Network and Distributed System Security Symposium, NDSS 2008","author":"Gu Guofei","year":"2008","unstructured":"Guofei Gu , Junjie Zhang , and Wenke Lee . 2008 . BotSniffer: Detecting Botnet Command and Control Channelsin Network Traffic.In Proceedings of the Network and Distributed System Security Symposium, NDSS 2008 , San Diego, CA, USA, 10th February - 13th February 2008. The Internet Society. Guofei Gu, Junjie Zhang, and Wenke Lee. 2008. BotSniffer: Detecting Botnet Command and Control Channelsin Network Traffic.In Proceedings of the Network and Distributed System Security Symposium, NDSS 2008, San Diego, CA, USA, 10th February - 13th February 2008. The Internet Society."},{"key":"e_1_3_2_1_12_1","volume-title":"PETS 2011, Waterloo, ON, Canada, July 27-29, 2011. Proceedings. Springer, 18--37","author":"Hart Michael","year":"2011","unstructured":"Michael Hart , Pratyusa K. Manadhata , and Rob Johnson . 2011 . Text Classification for Data Loss Prevention. In Privacy Enhancing Technologies - 11th International Symposium , PETS 2011, Waterloo, ON, Canada, July 27-29, 2011. Proceedings. Springer, 18--37 . Michael Hart, Pratyusa K. Manadhata, and Rob Johnson. 2011. Text Classification for Data Loss Prevention. In Privacy Enhancing Technologies - 11th International Symposium, PETS 2011, Waterloo, ON, Canada, July 27-29, 2011. Proceedings. Springer, 18--37."},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.5555\/2758776.2759006"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.ins.2013.10.005"},{"key":"e_1_3_2_1_15_1","volume-title":"7th International Workshop, DPM 2012","author":"Kheir Nizar","year":"2012","unstructured":"Nizar Kheir . 2012 . Analyzing HTTP User Agent Anomalies for Malware Detection. In Data Privacy Management and Autonomous Spontaneous Security , 7th International Workshop, DPM 2012 , Pisa, Italy , September 13-14, 2012. Springer, 187--200. Nizar Kheir. 2012. Analyzing HTTP User Agent Anomalies for Malware Detection. In Data Privacy Management and Autonomous Spontaneous Security, 7th International Workshop, DPM 2012, Pisa, Italy, September 13-14, 2012. Springer, 187--200."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/948109.948144"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660268"},{"key":"e_1_3_2_1_18_1","volume-title":"Proceedings of the 22th USENIX Security Symposium","author":"Nelms Terry","year":"2013","unstructured":"Terry Nelms , Roberto Perdisci , and Mustaque Ahamad . 2013 . ExecScent: Mining for New C&C Domains in Live Networks with Adaptive Control Protocol Templates . In Proceedings of the 22th USENIX Security Symposium , Washington, DC, USA , August 14-16, 2013. USENIX Association, 589--604. Terry Nelms, Roberto Perdisci, and Mustaque Ahamad. 2013. ExecScent: Mining for New C&C Domains in Live Networks with Adaptive Control Protocol Templates. In Proceedings of the 22th USENIX Security Symposium, Washington, DC, USA, August 14-16, 2013. USENIX Association, 589--604."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1016\/S1389-1286(99)00112-7"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2012.06.022"},{"key":"e_1_3_2_1_21_1","volume-title":"Proceedings of the 7th USENIX Symposium on Networked Systems Design and Implementation, NSDI 2010","author":"Perdisci Roberto","year":"2010","unstructured":"Roberto Perdisci , Wenke Lee , and Nick Feamster . 2010 . Behavioral Clustering of HTTP-Based Malware and Signature Generation Using Malicious Network Traces . In Proceedings of the 7th USENIX Symposium on Networked Systems Design and Implementation, NSDI 2010 , April 28-30, 2010, San Jose, CA, USA. USENIX Association, 391--404. Roberto Perdisci, Wenke Lee, and Nick Feamster. 2010. Behavioral Clustering of HTTP-Based Malware and Signature Generation Using Malicious Network Traces. In Proceedings of the 7th USENIX Symposium on Networked Systems Design and Implementation, NSDI 2010, April 28-30, 2010, San Jose, CA, USA. USENIX Association, 391--404."},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-41284-4_8"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/1978672.1978682"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/EC2ND.2011.12"},{"key":"e_1_3_2_1_25_1","volume-title":"Security and Privacy in Communication Networks - 8th International ICST Conference, SecureComm","author":"Shu Xiaokui","year":"2012","unstructured":"Xiaokui Shu and Danfeng Yao . 2012. Data Leak Detection as a Service . In Security and Privacy in Communication Networks - 8th International ICST Conference, SecureComm 2012 , Padua, Italy, September 3-5, 2012. Springer , 222--240. Xiaokui Shu and Danfeng Yao. 2012. Data Leak Detection as a Service. In Security and Privacy in Communication Networks - 8th International ICST Conference, SecureComm 2012, Padua, Italy, September 3-5, 2012. Springer, 222--240."},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2015.2398363"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2015.2503271"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2014.2382590"},{"key":"e_1_3_2_1_29_1","unstructured":"Veronica Valeros. 2016. In plain sight: Credential and data stealing adware. (2016). http:\/\/blogs.cisco.com\/security\/in-plain-sight-credential-and-data-stealing-adware  Veronica Valeros. 2016. In plain sight: Credential and data stealing adware. (2016). http:\/\/blogs.cisco.com\/security\/in-plain-sight-credential-and-data-stealing-adware"},{"key":"e_1_3_2_1_30_1","volume-title":"Proceedings of the Network and Distributed System Security Symposium, NDSS 2007","author":"Venkataraman Shobha","year":"2007","unstructured":"Shobha Venkataraman , Juan Caballero , Pongsin Poosankam , Min Gyung Kang , and Dawn Xiaodong Song . 2007 . Fig: Automatic Fingerprint Generation . In Proceedings of the Network and Distributed System Security Symposium, NDSS 2007 , San Diego, California, USA, 28th February - 2nd March 2007. The Internet Society. Shobha Venkataraman, Juan Caballero, Pongsin Poosankam, Min Gyung Kang, and Dawn Xiaodong Song. 2007. Fig: Automatic Fingerprint Generation. In Proceedings of the Network and Distributed System Security Symposium, NDSS 2007, San Diego, California, USA, 28th February - 2nd March 2007. The Internet Society."},{"key":"e_1_3_2_1_31_1","unstructured":"Verizon. 2016. Data Breach Investigations Report. (2016). http:\/\/www.verizonenterprise.com\/verizon-insights-lab\/dbir\/2016\/  Verizon. 2016. Data Breach Investigations Report. (2016). http:\/\/www.verizonenterprise.com\/verizon-insights-lab\/dbir\/2016\/"},{"key":"e_1_3_2_1_32_1","volume-title":"IFIP Networking Conference, 2013","author":"Xie Guowu","year":"2013","unstructured":"Guowu Xie , Marios Iliofotou , Thomas Karagiannis , Michalis Faloutsos , and Yaohui Jin . 2013 . ReSurf: Reconstructing Web-Surfing Activity from Network Traffic . In IFIP Networking Conference, 2013 , Brooklyn, New York, USA , 22-24 May, 2013. IEEE, 1--9. Guowu Xie, Marios Iliofotou, Thomas Karagiannis, Michalis Faloutsos, and Yaohui Jin. 2013. ReSurf: Reconstructing Web-Surfing Activity from Network Traffic. In IFIP Networking Conference, 2013, Brooklyn, New York, USA, 22-24 May, 2013. IEEE, 1--9."},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/2554850.2554896"},{"key":"e_1_3_2_1_34_1","volume-title":"Automated Generation of Models for Fast and Precise Detection of HTTP-based Malware. In 2014 Twelfth Annual International Conference on Privacy, Security and Trust","author":"Zarras Apostolis","year":"2014","unstructured":"Apostolis Zarras , Antonis Papadogiannakis , Robert Gawlik , and Thorsten Holz . 2014 . Automated Generation of Models for Fast and Precise Detection of HTTP-based Malware. In 2014 Twelfth Annual International Conference on Privacy, Security and Trust , Toronto, ON, Canada , July 23-24, 2014. 249--256. Apostolis Zarras, Antonis Papadogiannakis, Robert Gawlik, and Thorsten Holz. 2014. Automated Generation of Models for Fast and Precise Detection of HTTP-based Malware. In 2014 Twelfth Annual International Conference on Privacy, Security and Trust, Toronto, ON, Canada, July 23-24, 2014. 249--256."},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2016.01.002"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/2566590.2566610"}],"event":{"name":"ACSAC 2017: 2017 Annual Computer Security Applications Conference","location":"Orlando FL USA","acronym":"ACSAC 2017"},"container-title":["Proceedings of the 33rd Annual Computer Security Applications Conference"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3134600.3134605","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3134600.3134605","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T03:30:11Z","timestamp":1750217411000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3134600.3134605"}},"subtitle":["DEteCtion of Anomalous outbouNd HTTP TRaffic by Passive Application Fingerprinting"],"short-title":[],"issued":{"date-parts":[[2017,12,4]]},"references-count":36,"alternative-id":["10.1145\/3134600.3134605","10.1145\/3134600"],"URL":"https:\/\/doi.org\/10.1145\/3134600.3134605","relation":{},"subject":[],"published":{"date-parts":[[2017,12,4]]},"assertion":[{"value":"2017-12-04","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}