{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T04:12:24Z","timestamp":1750219944908,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":32,"publisher":"ACM","license":[{"start":{"date-parts":[[2023,9,10]],"date-time":"2023-09-10T00:00:00Z","timestamp":1694304000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"German Federal Ministry of Education and Research","award":["16KIS1221","16KIS1370","16KISK002","16KISK107"],"award-info":[{"award-number":["16KIS1221","16KIS1370","16KISK002","16KISK107"]}]},{"DOI":"10.13039\/501100001659","name":"Deutsche Forschungsgemeinschaft","doi-asserted-by":"publisher","award":["CA595\/13-1"],"award-info":[{"award-number":["CA595\/13-1"]}],"id":[{"id":"10.13039\/501100001659","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100019188","name":"HORIZON EUROPE Excellent Science","doi-asserted-by":"publisher","award":["101008468"],"award-info":[{"award-number":["101008468"]}],"id":[{"id":"10.13039\/100019188","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100018695","name":"HORIZON EUROPE Research Infrastructures","doi-asserted-by":"publisher","award":["101079774"],"award-info":[{"award-number":["101079774"]}],"id":[{"id":"10.13039\/100018695","id-type":"DOI","asserted-by":"publisher"}]},{"name":"FEDER development fund of the Brittany region"},{"name":"Bavarian Ministry of Economic Affairs, Regional Development and Energy"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,9,10]]},"DOI":"10.1145\/3609021.3609294","type":"proceedings-article","created":{"date-parts":[[2023,8,18]],"date-time":"2023-08-18T17:13:20Z","timestamp":1692378800000},"page":"8-14","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":4,"title":["Network Profiles for Detecting Application-Characteristic Behavior Using Linux eBPF"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0004-6462-4127","authenticated-orcid":false,"given":"Lars","family":"W\u00fcstrich","sequence":"first","affiliation":[{"name":"Technical University of Munich, Garching near Munich, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0009-0008-5109-4509","authenticated-orcid":false,"given":"Markus","family":"Schacherbauer","sequence":"additional","affiliation":[{"name":"Technical University of Munich, Garching near Munich, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0009-0007-3347-974X","authenticated-orcid":false,"given":"Markus","family":"Budeus","sequence":"additional","affiliation":[{"name":"Technical University of Munich, Garching near Munich, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0009-0000-5775-5031","authenticated-orcid":false,"given":"Dominik","family":"Freiherr von K\u00fcn\u00dfberg","sequence":"additional","affiliation":[{"name":"Technical University of Munich, Garching near Munich, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7173-3573","authenticated-orcid":false,"given":"Sebastian","family":"Gallenm\u00fcller","sequence":"additional","affiliation":[{"name":"Technical University of Munich, Garching near Munich, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5241-3809","authenticated-orcid":false,"given":"Marc-Oliver","family":"Pahl","sequence":"additional","affiliation":[{"name":"IMT Atlantique, Rennes, France"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2347-1839","authenticated-orcid":false,"given":"Georg","family":"Carle","sequence":"additional","affiliation":[{"name":"Technical University of Munich, Garching near Munich, Germany"}]}],"member":"320","published-online":{"date-parts":[[2023,9,10]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"Traffic Causality Graphs: Profiling Network Applications Through Temporal and Spatial Causality of Flows. In 23rd International Teletraffic Congress, ITC 2011","author":"Asai Hirochika","year":"2011","unstructured":"Hirochika Asai , Kensuke Fukuda , and Hiroshi Esaki . 2011 . Traffic Causality Graphs: Profiling Network Applications Through Temporal and Spatial Causality of Flows. In 23rd International Teletraffic Congress, ITC 2011 , San Francisco, CA, USA, September 6--9 , 2011, \u00c5ke Arvidsson, Gustavo de Veciana, Steven H. Low, Charles R. Kalmanek, and Deep Medhi (Eds.). IEEE, 95--102. https:\/\/ieeexplore.ieee.org\/document\/6038469\/ Hirochika Asai, Kensuke Fukuda, and Hiroshi Esaki. 2011. Traffic Causality Graphs: Profiling Network Applications Through Temporal and Spatial Causality of Flows. In 23rd International Teletraffic Congress, ITC 2011, San Francisco, CA, USA, September 6--9, 2011, \u00c5ke Arvidsson, Gustavo de Veciana, Steven H. Low, Charles R. Kalmanek, and Deep Medhi (Eds.). IEEE, 95--102. https:\/\/ieeexplore.ieee.org\/document\/6038469\/"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1109\/GLOCOM.2009.5426172"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1109\/NOMS.2012.6211945"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/3472305.3472321"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/1879141.1879175"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1109\/QRS.2015.26"},{"volume-title":"Path of a Packet in the Linux Kernel Stack","author":"Chimata Ashwin Kumar","key":"e_1_3_2_1_7_1","unstructured":"Ashwin Kumar Chimata . 2005. Path of a Packet in the Linux Kernel Stack . University of Kansas (2005) . Ashwin Kumar Chimata. 2005. Path of a Packet in the Linux Kernel Stack. University of Kansas (2005)."},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1109\/INFCOM.2013.6566868"},{"key":"e_1_3_2_1_9_1","unstructured":"Arnout Engelen. Accessed 2023-07-24. Nethogs. https:\/\/github.com\/raboof\/nethogs.  Arnout Engelen. Accessed 2023-07-24. Nethogs. https:\/\/github.com\/raboof\/nethogs."},{"key":"e_1_3_2_1_10_1","unstructured":"Falco. Accessed 2023-07-24. Detect security threats in real time. https:\/\/falco.org\/.  Falco. Accessed 2023-07-24. Detect security threats in real time. https:\/\/falco.org\/."},{"key":"e_1_3_2_1_11_1","volume-title":"Proceedings of the Royal Society of London. Series A, Containing Papers of a Mathematical and Physical Character 125","author":"Fisher Ronald Aylmer","year":"1929","unstructured":"Ronald Aylmer Fisher . 1929 . Tests of Significance in Harmonic Analysis . Proceedings of the Royal Society of London. Series A, Containing Papers of a Mathematical and Physical Character 125 , 796 (1929), 54--59. Ronald Aylmer Fisher. 1929. Tests of Significance in Harmonic Analysis. Proceedings of the Royal Society of London. Series A, Containing Papers of a Mathematical and Physical Character 125, 796 (1929), 54--59."},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/90.944338"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/3485983.3494841"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-58201-2_17"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/JISIC.2014.52"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.is.2007.07.003"},{"key":"e_1_3_2_1_17_1","unstructured":"Cilium Hubble. Accessed 2023-07-24. Hubble - Network Service & Security Observability for Kubernetes using eBPF. https:\/\/github.com\/cilium\/hubble.  Cilium Hubble. Accessed 2023-07-24. Hubble - Network Service & Security Observability for Kubernetes using eBPF. https:\/\/github.com\/cilium\/hubble."},{"key":"e_1_3_2_1_18_1","unstructured":"Intel. Accessed 2023-07-24. Intel VTune Profiler. https:\/\/www.intel.com\/content\/www\/us\/en\/developer\/tools\/oneapi\/vtune-profiler.html.  Intel. Accessed 2023-07-24. Intel VTune Profiler. https:\/\/www.intel.com\/content\/www\/us\/en\/developer\/tools\/oneapi\/vtune-profiler.html."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/1080091.1080119"},{"key":"e_1_3_2_1_20_1","volume-title":"Kernel-Supported Cost-Effective Audit Logging for Causality Tracking. In 2018 USENIX Annual Technical Conference (USENIX ATC 18)","author":"Ma Shiqing","year":"2018","unstructured":"Shiqing Ma , Juan Zhai , Yonghwi Kwon , Kyu Hyung Lee , Xiangyu Zhang , Gabriela Ciocarlie , Ashish Gehani , Vinod Yegneswaran , Dongyan Xu , and Somesh Jha . 2018 . Kernel-Supported Cost-Effective Audit Logging for Causality Tracking. In 2018 USENIX Annual Technical Conference (USENIX ATC 18) . USENIX Association, Boston, MA, 241--254. https:\/\/www.usenix.org\/conference\/atc18\/presentation\/ma-shiqing Shiqing Ma, Juan Zhai, Yonghwi Kwon, Kyu Hyung Lee, Xiangyu Zhang, Gabriela Ciocarlie, Ashish Gehani, Vinod Yegneswaran, Dongyan Xu, and Somesh Jha. 2018. Kernel-Supported Cost-Effective Audit Logging for Causality Tracking. In 2018 USENIX Annual Technical Conference (USENIX ATC 18). USENIX Association, Boston, MA, 241--254. https:\/\/www.usenix.org\/conference\/atc18\/presentation\/ma-shiqing"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23350"},{"key":"e_1_3_2_1_22_1","unstructured":"Linux manual page. Accessed 2023-07-24. netstat(8). https:\/\/linux.die.net\/man\/8\/netstat.  Linux manual page. Accessed 2023-07-24. netstat(8). https:\/\/linux.die.net\/man\/8\/netstat."},{"key":"e_1_3_2_1_23_1","unstructured":"Linux manual page. Accessed 2023-07-24. packet(7). https:\/\/man7.org\/linux\/man-pages\/man7\/packet.7.html.  Linux manual page. Accessed 2023-07-24. packet(7). https:\/\/man7.org\/linux\/man-pages\/man7\/packet.7.html."},{"key":"e_1_3_2_1_24_1","unstructured":"Simone Margaritelli. Accessed 2023-07-24. OpenSnitch. https:\/\/github.com\/evilsocket\/opensnitch.  Simone Margaritelli. Accessed 2023-07-24. OpenSnitch. https:\/\/github.com\/evilsocket\/opensnitch."},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.23919\/APCC.2017.8303960"},{"key":"e_1_3_2_1_27_1","unstructured":"osquery. Accessed 2023-07-24. Performant Endpoint Visibility. https:\/\/osquery.io\/.  osquery. Accessed 2023-07-24. Performant Endpoint Visibility. https:\/\/osquery.io\/."},{"key":"e_1_3_2_1_28_1","volume-title":"A new Method for Flow-Based Network Intrusion Detection Using Inverse Statistical Physics. CoRR abs\/1910.07266","author":"Pontes Camila F. T.","year":"2019","unstructured":"Camila F. T. Pontes , Jo\u00e3o J. C. Gondim , Matt Bishop , and Marcelo Antonio Marotta . 2019. A new Method for Flow-Based Network Intrusion Detection Using Inverse Statistical Physics. CoRR abs\/1910.07266 ( 2019 ). arXiv:1910.07266 http:\/\/arxiv.org\/abs\/1910.07266 Camila F. T. Pontes, Jo\u00e3o J. C. Gondim, Matt Bishop, and Marcelo Antonio Marotta. 2019. A new Method for Flow-Based Network Intrusion Detection Using Inverse Statistical Physics. CoRR abs\/1910.07266 (2019). arXiv:1910.07266 http:\/\/arxiv.org\/abs\/1910.07266"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/1658939.1658966"},{"key":"e_1_3_2_1_30_1","unstructured":"redbpf. Accessed 2023-07-24. Rust library for building and running BPF\/eBPF modules. https:\/\/github.com\/foniod\/redbpf.  redbpf. Accessed 2023-07-24. Rust library for building and running BPF\/eBPF modules. https:\/\/github.com\/foniod\/redbpf."},{"key":"e_1_3_2_1_31_1","unstructured":"Cilium Tetragon. Accessed 2023-07-24. tetragon - eBPF-based Security Observability and Runtime Enforcement. https:\/\/github.com\/cilium\/tetragon.  Cilium Tetragon. Accessed 2023-07-24. tetragon - eBPF-based Security Observability and Runtime Enforcement. https:\/\/github.com\/cilium\/tetragon."},{"key":"e_1_3_2_1_32_1","unstructured":"Dominik von K\u00fcn\u00dfberg. Accessed 2023-07-24. network-matcher. https:\/\/github.com\/undvikar\/network-matcher  Dominik von K\u00fcn\u00dfberg. Accessed 2023-07-24. network-matcher. https:\/\/github.com\/undvikar\/network-matcher"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.2200\/S00001ED1V01Y200508SPR001"}],"event":{"name":"eBPF '23: 1st Workshop on eBPF and Kernel Extensions","sponsor":["SIGCOMM ACM Special Interest Group on Data Communication"],"location":"New York NY USA","acronym":"eBPF '23"},"container-title":["Proceedings of the 1st Workshop on eBPF and Kernel Extensions"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3609021.3609294","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T17:48:57Z","timestamp":1750182537000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3609021.3609294"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,9,10]]},"references-count":32,"alternative-id":["10.1145\/3609021.3609294","10.1145\/3609021"],"URL":"https:\/\/doi.org\/10.1145\/3609021.3609294","relation":{},"subject":[],"published":{"date-parts":[[2023,9,10]]},"assertion":[{"value":"2023-09-10","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}