{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T04:24:18Z","timestamp":1750220658703,"version":"3.41.0"},"reference-count":28,"publisher":"Association for Computing Machinery (ACM)","issue":"1","license":[{"start":{"date-parts":[[2020,3,17]],"date-time":"2020-03-17T00:00:00Z","timestamp":1584403200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"SIDN-fonds"},{"name":"H2020 CONCORDIA","award":["830927"],"award-info":[{"award-number":["830927"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Digital Threats"],"published-print":{"date-parts":[[2020,3,31]]},"abstract":"<jats:p>The Internet exposes us to cyberthreats attacking information, services, and the Internet infrastructure itself. Such attacks are typically detected in a reactive fashion. The downside of this approach is that alerts of an attack are issued as it is happening. In this article, we advocate that the security community could benefit by complementing traditional reactive solutions with a proactive threat detection approach, as this would enable us to provide early warnings by analyzing and detecting threat indicators in actively collected data. By describing three use cases from the DNS domain, we highlight the strengths and limitations of proactive threat detection and discuss how we could integrate those with existing solutions.<\/jats:p>","DOI":"10.1145\/3373639","type":"journal-article","created":{"date-parts":[[2020,3,17]],"date-time":"2020-03-17T15:33:05Z","timestamp":1584459185000},"page":"1-13","source":"Crossref","is-referenced-by-count":2,"title":["Looking Beyond the Horizon"],"prefix":"10.1145","volume":"1","author":[{"given":"Olivier Van der","family":"Toorn","sequence":"first","affiliation":[{"name":"University of Twente, Enschede, Overijssel"}]},{"given":"Anna","family":"Sperotto","sequence":"additional","affiliation":[{"name":"University of Twente, Enschede, Overijssel"}]}],"member":"320","published-online":{"date-parts":[[2020,3,17]]},"reference":[{"volume-title":"Proceedings of the 2011 NDSS Symposium (NDSS\u201911)","year":"2011","author":"Bilge Leyla","key":"e_1_2_1_1_1"},{"key":"e_1_2_1_2_1","doi-asserted-by":"crossref","unstructured":"Tung Bui (Ed.). 2017. Can Cybersecurity Be Proactive? A Big Data Approach and Challenges. IBM. DOI:https:\/\/doi.org\/10.24251\/hicss.2017.725  Tung Bui (Ed.). 2017. Can Cybersecurity Be Proactive? A Big Data Approach and Challenges. IBM. DOI:https:\/\/doi.org\/10.24251\/hicss.2017.725","DOI":"10.24251\/HICSS.2017.725"},{"key":"e_1_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2011.07.018"},{"volume-title":"Remarks on Internet Freedom. Retrieved","year":"2020","author":"Clinton H.","key":"e_1_2_1_4_1"},{"volume-title":"Proceedings of the 3rd USENIX Conference on Large-Scale Exploits and Emergent Threats: Botnets, Spyware, Worms, and More (LEET\u201910)","year":"2010","author":"Felegyhazi Mark","key":"e_1_2_1_5_1"},{"key":"e_1_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1109\/TNET.2017.2724506"},{"volume-title":"Proceedings of the 2011 IEEE 10th International Conference on Trust, Security, and Privacy in Computing and Communications. IEEE","year":"2011","author":"Fukushima Y.","key":"e_1_2_1_7_1"},{"volume-title":"Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (CCS\u201916)","year":"2016","author":"Hao Shuang","key":"e_1_2_1_8_1"},{"volume-title":"Proceedings of the 6th International Conference on Collaborative Computing: Networking, Applications, and Worksharing (CollaborateCom\u201910)","year":"2010","author":"He Yuanchen","key":"e_1_2_1_9_1"},{"volume-title":"Proceedings of the ACM Internet Measurement Conference. ACM","year":"2008","author":"Heidemann John","key":"e_1_2_1_10_1"},{"volume-title":"Dyn Analysis Summary of Friday October 21 Attack. Retrieved","year":"2020","author":"Hilton Scott","key":"e_1_2_1_11_1"},{"key":"e_1_2_1_12_1","first-page":"2012","volume-title":"Life Cycle of a Typical gTLD Domain Name. Retrieved","author":"ICANN.","year":"2020"},{"key":"e_1_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134002"},{"volume-title":"Proceedings of the 19th International Symposium on Research in Attacks, Intrusions, and Defenses (RAID\u201906)","year":"2016","author":"Kountouras Athanasios","key":"e_1_2_1_14_1"},{"volume-title":"Research in Attacks, Intrusions, and Defenses","author":"Kr\u00e4mer Lukas","key":"e_1_2_1_15_1"},{"volume-title":"$2.3 Billion Lost to CEO Email Scams. Retrieved","year":"2020","author":"Krebs Brian","key":"e_1_2_1_16_1"},{"key":"e_1_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2015.12.008"},{"volume-title":"Proceedings of the ACM Conference on Computer and Communications Security. ACM","year":"2014","author":"Lee Lung Hao","key":"e_1_2_1_18_1"},{"volume-title":"Proceedings of the 2013 IFIP\/IEEE International Symposium on Integrated Network Management (IM\u201913)","author":"Moura G. C. M.","key":"e_1_2_1_19_1"},{"key":"e_1_2_1_20_1","unstructured":"Pierluigi Paganini. 2016. 150 000 IoT Devices Behind the 1Tbps DDoS Attack on OVH. Retrieved February 1 2020 from http:\/\/securityaffairs.co\/wordpress\/51726\/cyber-crime\/ovh-hit-botnet-iot.html.  Pierluigi Paganini. 2016. 150 000 IoT Devices Behind the 1Tbps DDoS Attack on OVH. Retrieved February 1 2020 from http:\/\/securityaffairs.co\/wordpress\/51726\/cyber-crime\/ovh-hit-botnet-iot.html."},{"volume-title":"Proceedings of the 2013 Conference on Internet Measurement Conference (IMC\u201913)","year":"2013","author":"Schomp Kyle","key":"e_1_2_1_21_1"},{"volume-title":"Proceedings of the 2018 IEEE\/IFIP Network Operations and Management Symposium (NOMS\u201918)","year":"2018","author":"van der Toorn O.","key":"e_1_2_1_22_1"},{"key":"e_1_2_1_23_1","doi-asserted-by":"crossref","first-page":"1887","DOI":"10.1109\/JSAC.2016.2558918","article-title":"A high-performance, scalable infrastructure for large-scale active DNS measurements","volume":"34","author":"van Rijswijk-Deij R.","year":"2016","journal-title":"IEEE Journal on Selected Areas in Communications"},{"volume-title":"Proceedings of the 2014 Internet Measurement Conference (IMC\u201914)","year":"2014","author":"van Rijswijk-Deij Roland","key":"e_1_2_1_24_1"},{"key":"e_1_2_1_25_1","first-page":"5","article-title":"Making the case for elliptic curves in DNSSEC","volume":"45","author":"van Rijswijk-Deij Roland","year":"2015","journal-title":"SIGCOMM Computer Communication Review"},{"volume-title":"Proceedings of the 2008 5th IEEE Consumer Communications and Networking Conference (CCNC\u201908)","year":"2008","author":"Villamar\u00edn-Salom\u00f3n Ricardo","key":"e_1_2_1_26_1"},{"volume-title":"Proceedings of of FIRST","year":"2005","author":"Weimer Florian","key":"e_1_2_1_27_1"},{"key":"e_1_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-73614-1_8"}],"container-title":["Digital Threats: Research and Practice"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3373639","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3373639","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T22:02:34Z","timestamp":1750197754000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3373639"}},"subtitle":["Thoughts on Proactive Detection of Threats"],"short-title":[],"issued":{"date-parts":[[2020,3,17]]},"references-count":28,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2020,3,31]]}},"alternative-id":["10.1145\/3373639"],"URL":"https:\/\/doi.org\/10.1145\/3373639","relation":{},"ISSN":["2692-1626","2576-5337"],"issn-type":[{"type":"print","value":"2692-1626"},{"type":"electronic","value":"2576-5337"}],"subject":[],"published":{"date-parts":[[2020,3,17]]}}}