{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,28]],"date-time":"2025-09-28T20:46:10Z","timestamp":1759092370057,"version":"3.41.0"},"reference-count":12,"publisher":"Association for Computing Machinery (ACM)","issue":"3","license":[{"start":{"date-parts":[[2022,5,10]],"date-time":"2022-05-10T00:00:00Z","timestamp":1652140800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["Digital Threats"],"published-print":{"date-parts":[[2022,9,30]]},"abstract":"<jats:p>This article describes a system for storing historical forensic artifacts collected from SSH connections. This system exposes a REST API in a similar fashion as passive DNS databases, malware hash registries, and SSL notaries with the goal of supporting incident investigations and monitoring of infrastructure.<\/jats:p>","DOI":"10.1145\/3491262","type":"journal-article","created":{"date-parts":[[2021,10,15]],"date-time":"2021-10-15T18:44:36Z","timestamp":1634323476000},"page":"1-5","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":5,"title":["Active and Passive Collection of SSH Key Material for Cyber Threat Intelligence"],"prefix":"10.1145","volume":"3","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-5437-4652","authenticated-orcid":false,"given":"Alexandre","family":"Dulaunoy","sequence":"first","affiliation":[{"name":"CIRCL, Luxembourg, Luxembourg"}]},{"given":"Jean-Louis","family":"Huynen","sequence":"additional","affiliation":[{"name":"CIRCL, Luxembourg, Luxembourg"}]},{"given":"Aurelien","family":"Thirion","sequence":"additional","affiliation":[{"name":"CIRCL, Luxembourg, Luxembourg"}]}],"member":"320","published-online":{"date-parts":[[2022,5,10]]},"reference":[{"key":"e_1_3_2_2_2","unstructured":"CIRCL Team. 2020. Passive SSH. https:\/\/github.com\/D4-project\/passive-ssh."},{"key":"e_1_3_2_3_2","volume-title":"Passive DNS - Common Output Format","author":"Dulaunoy Alexandre","year":"2020","unstructured":"Alexandre Dulaunoy, Aaron Kaplan, Paul A. Vixie, and Henry Stern. 2020. Passive DNS - Common Output Format. Internet-Draft draft-dulaunoy-dnsop-passive-dns-cof-07. Internet Engineering Task Force. https:\/\/datatracker.ietf.org\/doc\/html\/draft-dulaunoy-dnsop-passive-dns-cof-07. Work in Progress."},{"key":"e_1_3_2_4_2","unstructured":"Alexandre Dulaunoy and Eireann Leverett. [n.d.]. Passive SSL Passive - Detection and Reconnaissance Techniques to Find Track and Attribute Vulnerable Devices. https:\/\/www.first.org\/resources\/papers\/conf2015\/first_2015_-_leverett_-_dulaunoy_-_passive_detection_20150604.pdf."},{"key":"e_1_3_2_5_2","doi-asserted-by":"publisher","DOI":"10.1109\/NOMS.2014.6838249"},{"key":"e_1_3_2_6_2","unstructured":"Guardicore. 2020. FritzFrog: A New Generation of Peer-to-Peer Botnets. https:\/\/www.guardicore.com\/2020\/08\/fritzfrog-p2p-botnet-infects-ssh-servers\/."},{"key":"e_1_3_2_7_2","doi-asserted-by":"publisher","DOI":"10.1145\/2659897"},{"key":"e_1_3_2_8_2","doi-asserted-by":"crossref","first-page":"5049","DOI":"10.1109\/BigData.2018.8622074","volume-title":"2018 IEEE International Conference on Big Data (Big Data\u201918)","author":"Mokaddem Sami","year":"2018","unstructured":"Sami Mokaddem, G\u00e9rard Wagener, and Alexandre Dulaunoy. 2018. AIL-The design and implementation of an analysis information leak framework. In 2018 IEEE International Conference on Big Data (Big Data\u201918). IEEE, 5049\u20135057."},{"key":"e_1_3_2_9_2","unstructured":"Ben Reardon. 2018. Open Sourcing HASSH: A profiling method for SSH Clients and Servers. https:\/\/engineering.salesforce.com\/open-sourcing-hassh-abed3ae5044c."},{"key":"e_1_3_2_10_2","unstructured":"Salesforce. [n.d.]. \u201cHASSH\u201d - A Profiling Method for SSH Clients and Servers.https:\/\/github.com\/salesforce\/hassh."},{"key":"e_1_3_2_11_2","doi-asserted-by":"crossref","first-page":"3","DOI":"10.1007\/978-3-662-61313-9_1","volume-title":"Attribution of Advanced Persistent Threats","author":"Steffens Timo","year":"2020","unstructured":"Timo Steffens. 2020. Advanced persistent threats. In Attribution of Advanced Persistent Threats. Springer, 3\u201321."},{"key":"e_1_3_2_12_2","doi-asserted-by":"publisher","DOI":"10.1145\/2994539.2994542"},{"key":"e_1_3_2_13_2","doi-asserted-by":"crossref","DOI":"10.17487\/rfc4253","volume-title":"The Secure Shell (SSH) Transport Layer Protocol","author":"Ylonen T.","year":"2006","unstructured":"T. Ylonen and Ed C. Lonvick. 2006. The Secure Shell (SSH) Transport Layer Protocol. RFC 4253. RFC Editor."}],"container-title":["Digital Threats: Research and Practice"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3491262","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3491262","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T18:09:20Z","timestamp":1750183760000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3491262"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,5,10]]},"references-count":12,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2022,9,30]]}},"alternative-id":["10.1145\/3491262"],"URL":"https:\/\/doi.org\/10.1145\/3491262","relation":{},"ISSN":["2692-1626","2576-5337"],"issn-type":[{"type":"print","value":"2692-1626"},{"type":"electronic","value":"2576-5337"}],"subject":[],"published":{"date-parts":[[2022,5,10]]},"assertion":[{"value":"2021-02-26","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2021-07-29","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2022-05-10","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}