{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T04:08:51Z","timestamp":1750219731894,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":34,"publisher":"ACM","license":[{"start":{"date-parts":[[2023,8,7]],"date-time":"2023-08-07T00:00:00Z","timestamp":1691366400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/100000001","name":"NSF (National Science Foundation)","doi-asserted-by":"publisher","award":["CNS-2152644"],"award-info":[{"award-number":["CNS-2152644"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,8,7]]},"DOI":"10.1145\/3607505.3607526","type":"proceedings-article","created":{"date-parts":[[2023,8,21]],"date-time":"2023-08-21T16:33:41Z","timestamp":1692635621000},"page":"57-63","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":1,"title":["In the Line of Fire: Risks of DPI-triggered Data Collection"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0006-7293-3290","authenticated-orcid":false,"given":"Ariana","family":"Mirian","sequence":"first","affiliation":[{"name":"University of California, San Diego, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5128-6200","authenticated-orcid":false,"given":"Alisha","family":"Ukani","sequence":"additional","affiliation":[{"name":"University of California, San Diego, United States of America"}]},{"ORCID":"https:\/\/orcid.org\/0009-0001-7540-1218","authenticated-orcid":false,"given":"Ian","family":"Foster","sequence":"additional","affiliation":[{"name":"DNS Coffee, United States of America"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1359-1722","authenticated-orcid":false,"given":"Gautam","family":"Akiwate","sequence":"additional","affiliation":[{"name":"Stanford University, United States of America"}]},{"ORCID":"https:\/\/orcid.org\/0009-0005-6566-0231","authenticated-orcid":false,"given":"Taner","family":"Halicioglu","sequence":"additional","affiliation":[{"name":"Independent, USA"}]},{"ORCID":"https:\/\/orcid.org\/0009-0001-1569-6288","authenticated-orcid":false,"given":"Cynthia T.","family":"Moore","sequence":"additional","affiliation":[{"name":"University of California, San Diego, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5679-3888","authenticated-orcid":false,"given":"Alex C.","family":"Snoeren","sequence":"additional","affiliation":[{"name":"University of California, San Diego, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0865-7499","authenticated-orcid":false,"given":"Geoffrey M.","family":"Voelker","sequence":"additional","affiliation":[{"name":"University of California, San Diego, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6617-8029","authenticated-orcid":false,"given":"Stefan","family":"Savage","sequence":"additional","affiliation":[{"name":"University of California, San Diego, USA"}]}],"member":"320","published-online":{"date-parts":[[2023,8,21]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"S. Alvarez. 2007. AntiVirus (In)Security. https:\/\/fahrplan.events.ccc.de\/camp\/2007\/Fahrplan\/attachments\/1324-AntivirusInSecuritySergioshadownAlvarez.pdf.  S. Alvarez. 2007. AntiVirus (In)Security. https:\/\/fahrplan.events.ccc.de\/camp\/2007\/Fahrplan\/attachments\/1324-AntivirusInSecuritySergioshadownAlvarez.pdf."},{"volume-title":"Proceedings of the 14th USENIX Security Symposium(USENIX Security \u201905)","author":"Bethencourt J.","key":"e_1_3_2_1_2_1","unstructured":"J. Bethencourt , J. Franklin , and M. Vernon . 2005. Mapping Internet Sensors With Probe Response Attacks . In Proceedings of the 14th USENIX Security Symposium(USENIX Security \u201905) . USENIX Association, Baltimore, MD, USA, 193\u2013208. J. Bethencourt, J. Franklin, and M. Vernon. 2005. Mapping Internet Sensors With Probe Response Attacks. In Proceedings of the 14th USENIX Security Symposium(USENIX Security \u201905). USENIX Association, Baltimore, MD, USA, 193\u2013208."},{"volume-title":"Proceedings of the 2012 ACM Conference on Computer and Communications Security","author":"Bilge L.","key":"e_1_3_2_1_3_1","unstructured":"L. Bilge and T. Dumitra\u015f . 2012. Before We Knew It: An Empirical Study of Zero-Day Attacks in the Real World . In Proceedings of the 2012 ACM Conference on Computer and Communications Security ( Raleigh, North Carolina, USA) (CCS \u201912). Association for Computing Machinery, New York, NY, USA, 833\u2013844. L. Bilge and T. Dumitra\u015f. 2012. Before We Knew It: An Empirical Study of Zero-Day Attacks in the Real World. In Proceedings of the 2012 ACM Conference on Computer and Communications Security (Raleigh, North Carolina, USA) (CCS \u201912). Association for Computing Machinery, New York, NY, USA, 833\u2013844."},{"volume-title":"Weaponizing Middleboxes for TCP Reflected Amplification. In 30th USENIX Security Symposium (USENIX Security 21)","author":"Bock K.","key":"e_1_3_2_1_4_1","unstructured":"K. Bock , A. Alaraj , Y. Fax , K. Hurley , E. Wustrow , and D. Levin . 2021 . Weaponizing Middleboxes for TCP Reflected Amplification. In 30th USENIX Security Symposium (USENIX Security 21) . USENIX Association, 3345\u20133361. https:\/\/www.usenix.org\/conference\/usenixsecurity21\/presentation\/bock K. Bock, A. Alaraj, Y. Fax, K. Hurley, E. Wustrow, and D. Levin. 2021. Weaponizing Middleboxes for TCP Reflected Amplification. In 30th USENIX Security Symposium (USENIX Security 21). USENIX Association, 3345\u20133361. https:\/\/www.usenix.org\/conference\/usenixsecurity21\/presentation\/bock"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1109\/SPW53761.2021.00059"},{"key":"e_1_3_2_1_6_1","unstructured":"CAIDA 2020. Routeviews Prefix to AS mappings Dataset for IPv4 and IPv6. http:\/\/www.caida.org\/data\/routing\/routeviews-prefix2as.xml.  CAIDA 2020. Routeviews Prefix to AS mappings Dataset for IPv4 and IPv6. http:\/\/www.caida.org\/data\/routing\/routeviews-prefix2as.xml."},{"volume-title":"July 22","year":"2020","key":"e_1_3_2_1_7_1","unstructured":"[ 7 ] Censys [n. d.]. censys.io , July 22 , 2020 dataset. [7] Censys [n. d.]. censys.io, July 22, 2020 dataset."},{"key":"e_1_3_2_1_8_1","unstructured":"J. Cox. 2020. Leaked Documents Expose the Secretive Market for Your Web Browsing Data. https:\/\/www.vice.com\/en\/article\/qjdkq7\/avast-antivirus-sells-user-browsing-data-investigation.  J. Cox. 2020. Leaked Documents Expose the Secretive Market for Your Web Browsing Data. https:\/\/www.vice.com\/en\/article\/qjdkq7\/avast-antivirus-sells-user-browsing-data-investigation."},{"key":"e_1_3_2_1_9_1","unstructured":"Skylight Cyber. 2019. Cylance I Kill You!https:\/\/skylightcyber.com\/2019\/07\/18\/cylance-i-kill-you\/.  Skylight Cyber. 2019. Cylance I Kill You!https:\/\/skylightcyber.com\/2019\/07\/18\/cylance-i-kill-you\/."},{"volume-title":"Proceedings the 24th Network and Distributed System Security Symposium(NDSS \u201917)","author":"Durumeric Z.","key":"e_1_3_2_1_10_1","unstructured":"Z. Durumeric , Z. Ma , D. Springall , R. Barnes , N Sullivan , E. Bursztein , M Bailey , J.A. Halderman , and V. Paxson . 2017. The Security Impact of HTTPS Interception . In Proceedings the 24th Network and Distributed System Security Symposium(NDSS \u201917) . Internet Society, San Diego, CA, USA, 1\u201314. Z. Durumeric, Z. Ma, D. Springall, R. Barnes, N Sullivan, E. Bursztein, M Bailey, J.A. Halderman, and V. Paxson. 2017. The Security Impact of HTTPS Interception. In Proceedings the 24th Network and Distributed System Security Symposium(NDSS \u201917). Internet Society, San Diego, CA, USA, 1\u201314."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"crossref","unstructured":"R. Fielding J. Gettys J. Mogul H. Frystyk L. Masinter P. Leach and T. Berners-Lee. 1999. Hypertext Transfer Protocol (HTTP\/1.1): Authentication. https:\/\/datatracker.ietf.org\/doc\/html\/rfc2616.  R. Fielding J. Gettys J. Mogul H. Frystyk L. Masinter P. Leach and T. Berners-Lee. 1999. Hypertext Transfer Protocol (HTTP\/1.1): Authentication. https:\/\/datatracker.ietf.org\/doc\/html\/rfc2616.","DOI":"10.17487\/rfc2616"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"crossref","unstructured":"R. Fielding and J. Reschke. 2014. Hypertext Transfer Protocol (HTTP\/1.1): Authentication. https:\/\/datatracker.ietf.org\/doc\/html\/rfc7235.  R. Fielding and J. Reschke. 2014. Hypertext Transfer Protocol (HTTP\/1.1): Authentication. https:\/\/datatracker.ietf.org\/doc\/html\/rfc7235.","DOI":"10.17487\/rfc7235"},{"key":"e_1_3_2_1_13_1","unstructured":"M. Handley V. Paxson and C. Kreibich. 2001. Network Intrusion Detection: Evasion Traffic Normalization an End-to-End Protocol Semantics. https:\/\/www.usenix.org\/conference\/10th-usenix-security-symposium\/network-intrusion-detection-evasion-traffic-normalization. In 10th USENIX Security Symposium (USENIX Security 01). USENIX Association Washington D.C.  M. Handley V. Paxson and C. Kreibich. 2001. Network Intrusion Detection: Evasion Traffic Normalization an End-to-End Protocol Semantics. https:\/\/www.usenix.org\/conference\/10th-usenix-security-symposium\/network-intrusion-detection-evasion-traffic-normalization. In 10th USENIX Security Symposium (USENIX Security 01). USENIX Association Washington D.C."},{"volume-title":"Proceedings of the Conference on Applied Machine Learning in Information Security(CAMLIS \u201919)","author":"Joshi A.","key":"e_1_3_2_1_14_1","unstructured":"A. Joshi , L. Lloyd , P. Westin , and S. Seethapathy . 2019. Using Lexical Features for URL Classification \u2014 A Machine Learning Approach . In Proceedings of the Conference on Applied Machine Learning in Information Security(CAMLIS \u201919) . Washington, DC, USA, 1\u20136. A. Joshi, L. Lloyd, P. Westin, and S. Seethapathy. 2019. Using Lexical Features for URL Classification \u2014 A Machine Learning Approach. In Proceedings of the Conference on Applied Machine Learning in Information Security(CAMLIS \u201919). Washington, DC, USA, 1\u20136."},{"key":"e_1_3_2_1_15_1","unstructured":"RACK911 Labs. 2020. Exploiting (Almost) Every Antivirus Software. https:\/\/rack911labs.ca\/research\/exploiting-almost-every-antivirus-software\/.  RACK911 Labs. 2020. Exploiting (Almost) Every Antivirus Software. https:\/\/rack911labs.ca\/research\/exploiting-almost-every-antivirus-software\/."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/1961189.1961202"},{"key":"e_1_3_2_1_17_1","unstructured":"K. Manson. 2022. NSA Probing Reach of Software From Russia\u2019s Kaspersky in US Systems. https:\/\/www.bloomberg.com\/news\/articles\/2022-05-10\/nsa-probing-kaspersky-s-reach-in-us-after-russian-invasion.  K. Manson. 2022. NSA Probing Reach of Software From Russia\u2019s Kaspersky in US Systems. https:\/\/www.bloomberg.com\/news\/articles\/2022-05-10\/nsa-probing-kaspersky-s-reach-in-us-after-russian-invasion."},{"key":"e_1_3_2_1_18_1","unstructured":"S. Morgenroth. 2008. Using Google bots as an attack vector.  S. Morgenroth. 2008. Using Google bots as an attack vector."},{"key":"e_1_3_2_1_19_1","unstructured":"NetAcuity [n. d.]. NetAcuity. https:\/\/digitalelement.com\/solutions\/ip-location-targeting\/netacuity.  NetAcuity [n. d.]. NetAcuity. https:\/\/digitalelement.com\/solutions\/ip-location-targeting\/netacuity."},{"key":"e_1_3_2_1_20_1","unstructured":"NIST 2004. CVE-204-0362. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2004-0362.  NIST 2004. CVE-204-0362. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2004-0362."},{"key":"e_1_3_2_1_21_1","unstructured":"NIST 2018. CVE-2018-11776. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2018-11776.  NIST 2018. CVE-2018-11776. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2018-11776."},{"key":"e_1_3_2_1_22_1","unstructured":"NIST 2021. CVE-2021-33599. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-33599.  NIST 2021. CVE-2021-33599. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-33599."},{"key":"e_1_3_2_1_23_1","unstructured":"NIST 2022. CVE-2022-20685. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-20685.  NIST 2022. CVE-2022-20685. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-20685."},{"key":"e_1_3_2_1_24_1","unstructured":"OpenIntel 2022. Open Intel. http:\/\/www.caida.org\/data\/routing\/routeviews-prefix2as.xml.  OpenIntel 2022. Open Intel. http:\/\/www.caida.org\/data\/routing\/routeviews-prefix2as.xml."},{"key":"e_1_3_2_1_25_1","volume-title":"Augur: Internet-Wide Detection of Connectivity Disruptions. In 2017 IEEE Symposium on Security and Privacy (SP). 427\u2013443","author":"Pearce P.","year":"2017","unstructured":"P. Pearce , R. Ensafi , F. Li , N. Feamster , and V. Paxson . 2017 . Augur: Internet-Wide Detection of Connectivity Disruptions. In 2017 IEEE Symposium on Security and Privacy (SP). 427\u2013443 . https:\/\/doi.org\/10.1109\/SP. 2017 .55 10.1109\/SP.2017.55 P. Pearce, R. Ensafi, F. Li, N. Feamster, and V. Paxson. 2017. Augur: Internet-Wide Detection of Connectivity Disruptions. In 2017 IEEE Symposium on Security and Privacy (SP). 427\u2013443. https:\/\/doi.org\/10.1109\/SP.2017.55"},{"key":"e_1_3_2_1_26_1","unstructured":"T.\u00a0H. Ptacek and T.\u00a0N. Newsham. 1998. Insertion Evasion and Denial of Service: Eluding Network Intrusion Detection. https:\/\/apps.dtic.mil\/sti\/citations\/ADA391565.  T.\u00a0H. Ptacek and T.\u00a0N. Newsham. 1998. Insertion Evasion and Denial of Service: Eluding Network Intrusion Detection. https:\/\/apps.dtic.mil\/sti\/citations\/ADA391565."},{"key":"e_1_3_2_1_27_1","unstructured":"E. Rey. 2015. Playing With Fire: Attacking the FireEye MPS. https:\/\/static.ernw.de\/whitepaper\/ERNW_Newsletter_51_Playing_With_Fire_signed.pdf.  E. Rey. 2015. Playing With Fire: Attacking the FireEye MPS. https:\/\/static.ernw.de\/whitepaper\/ERNW_Newsletter_51_Playing_With_Fire_signed.pdf."},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2004.59"},{"key":"e_1_3_2_1_29_1","unstructured":"E. Shimony. 2020. Anti-Virus Vulnerabilities: Who\u2019s Guarding the Watch Tower?https:\/\/www.cyberark.com\/resources\/threat-research-blog\/anti-virus-vulnerabilities-who-s-guarding-the-watch-tower.  E. Shimony. 2020. Anti-Virus Vulnerabilities: Who\u2019s Guarding the Watch Tower?https:\/\/www.cyberark.com\/resources\/threat-research-blog\/anti-virus-vulnerabilities-who-s-guarding-the-watch-tower."},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"crossref","unstructured":"J.\u00a0W. Stokes J.\u00a0C. Platt H.\u00a0J. Wang J. Faulhaber J. Keller M. Marinescu A. Thomas and M. Gheorghescu. 2012. Scalable Telemetry Classification for Automated Malware Detection. In Computer Security \u2013 ESORICS 2012. Springer Berlin Heidelberg Berlin Heidelberg 788\u2013805.  J.\u00a0W. Stokes J.\u00a0C. Platt H.\u00a0J. Wang J. Faulhaber J. Keller M. Marinescu A. Thomas and M. Gheorghescu. 2012. Scalable Telemetry Classification for Automated Malware Detection. In Computer Security \u2013 ESORICS 2012. Springer Berlin Heidelberg Berlin Heidelberg 788\u2013805.","DOI":"10.1007\/978-3-642-33167-1_45"},{"key":"e_1_3_2_1_31_1","unstructured":"M. Stone. 2021. CVE-2021-1647: Windows Defender mpengine remote code execution. https:\/\/googleprojectzero.github.io\/0days-in-the-wild\/\/0day-RCAs\/2021\/CVE-2021-1647.html.  M. Stone. 2021. CVE-2021-1647: Windows Defender mpengine remote code execution. https:\/\/googleprojectzero.github.io\/0days-in-the-wild\/\/0day-RCAs\/2021\/CVE-2021-1647.html."},{"key":"e_1_3_2_1_32_1","unstructured":"F. Xue. 2008. Attacking Antivirus. BlackHat.  F. Xue. 2008. Attacking Antivirus. BlackHat."},{"key":"e_1_3_2_1_33_1","unstructured":"K. Zetter. 2016. Symantec\u2019s Woes Expose the Antivirus Industry\u2019s Security Gaps. https:\/\/www.wired.com\/2016\/06\/symantecs-woes-expose-antivirus-software-security-gaps\/.  K. Zetter. 2016. Symantec\u2019s Woes Expose the Antivirus Industry\u2019s Security Gaps. https:\/\/www.wired.com\/2016\/06\/symantecs-woes-expose-antivirus-software-security-gaps\/."},{"volume-title":"Proceedings of the 21st ACM Internet Measurement Conference (Virtual Event) (IMC \u201921)","author":"Ziv M.","key":"e_1_3_2_1_34_1","unstructured":"M. Ziv , L. Izhikevich , K. Ruth , K. Izhikevich , and Z. Durumeric . 2021. ASdb: A System for Classifying Owners of Autonomous Systems . In Proceedings of the 21st ACM Internet Measurement Conference (Virtual Event) (IMC \u201921) . Association for Computing Machinery, 703\u2013719. M. Ziv, L. Izhikevich, K. Ruth, K. Izhikevich, and Z. Durumeric. 2021. ASdb: A System for Classifying Owners of Autonomous Systems. In Proceedings of the 21st ACM Internet Measurement Conference (Virtual Event) (IMC \u201921). Association for Computing Machinery, 703\u2013719."}],"event":{"name":"CSET 2023: 2023 Cyber Security Experimentation and Test Workshop","acronym":"CSET 2023","location":"Marina del Rey CA USA"},"container-title":["2023 Cyber Security Experimentation and Test Workshop"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3607505.3607526","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3607505.3607526","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T16:36:28Z","timestamp":1750178188000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3607505.3607526"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,8,7]]},"references-count":34,"alternative-id":["10.1145\/3607505.3607526","10.1145\/3607505"],"URL":"https:\/\/doi.org\/10.1145\/3607505.3607526","relation":{},"subject":[],"published":{"date-parts":[[2023,8,7]]},"assertion":[{"value":"2023-08-21","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}