{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,3]],"date-time":"2026-06-03T00:58:34Z","timestamp":1780448314907,"version":"3.54.1"},"publisher-location":"New York, NY, USA","reference-count":78,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,11,4]],"date-time":"2024-11-04T00:00:00Z","timestamp":1730678400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by-nc\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100006374","name":"NSF (National Science Foundation)","doi-asserted-by":"publisher","award":["OAC-2319959, OAC- 2131987, CNS-212039"],"award-info":[{"award-number":["OAC-2319959, OAC- 2131987, CNS-212039"]}],"id":[{"id":"10.13039\/501100006374","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,11,4]]},"DOI":"10.1145\/3646547.3688426","type":"proceedings-article","created":{"date-parts":[[2024,11,1]],"date-time":"2024-11-01T09:40:26Z","timestamp":1730454026000},"page":"241-258","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":7,"title":["DarkSim: A similarity-based time-series analytic framework for darknet traffic"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-3708-2148","authenticated-orcid":false,"given":"Max","family":"Gao","sequence":"first","affiliation":[{"name":"CAIDA\/UC San Diego, San Diego, CA, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3300-9514","authenticated-orcid":false,"given":"Ricky","family":"Mok","sequence":"additional","affiliation":[{"name":"CAIDA\/UC San Diego, San Diego, CA, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0002-1622-2305","authenticated-orcid":false,"given":"Esteban","family":"Carisimo","sequence":"additional","affiliation":[{"name":"Northwestern University, Evanston, IL, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0001-0732-2390","authenticated-orcid":false,"given":"Eric","family":"Li","sequence":"additional","affiliation":[{"name":"UC San Diego, San Diego, CA, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0006-7845-8865","authenticated-orcid":false,"given":"Shubham","family":"Kulkarni","sequence":"additional","affiliation":[{"name":"UC San Diego, San Diego, CA, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4824-3493","authenticated-orcid":false,"given":"kc","family":"claffy","sequence":"additional","affiliation":[{"name":"CAIDA\/UC San Diego, San Diego, CA, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2024,11,4]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.5555\/3089844.3089855"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICIMP.2009.8"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.5555\/3241189.3241275"},{"key":"e_1_3_2_1_4_1","volume-title":"First-Ever Attack Leveraging Kubernetes RBAC to Backdoor Clusters. https:\/\/blog.aquasec.com\/leveraging-kubernetes-rbac-to-backdoor-clusters Retrieved","year":"2023","unstructured":"Aqua. 2023. First-Ever Attack Leveraging Kubernetes RBAC to Backdoor Clusters. https:\/\/blog.aquasec.com\/leveraging-kubernetes-rbac-to-backdoor-clusters Retrieved December 3, 2023 from"},{"key":"e_1_3_2_1_5_1","volume-title":"TeamTNT Reemerged with New Aggressive Cloud Campaign. https:\/\/blog.aquasec.com\/teamtnt-reemerged-with-new-aggressive-cloud-campaign Retrieved","year":"2023","unstructured":"Aqua. 2023. TeamTNT Reemerged with New Aggressive Cloud Campaign. https:\/\/blog.aquasec.com\/teamtnt-reemerged-with-new-aggressive-cloud-campaign Retrieved December 3, 2023 from"},{"key":"e_1_3_2_1_6_1","volume-title":"Apache Avro - a data serialization system. https:\/\/avro.apache.org\/ Retrieved","author":"Avro Apache","year":"2023","unstructured":"Apache Avro. 2023. Apache Avro - a data serialization system. https:\/\/avro.apache.org\/ Retrieved December 3, 2023 from"},{"key":"e_1_3_2_1_7_1","volume-title":"James Large, and Jason Lines","author":"Bagnall Anthony J.","year":"2016","unstructured":"Anthony J. Bagnall, Aaron Bostrom, James Large, and Jason Lines. 2016. The Great Time Series Classification Bake Off: An Experimental Evaluation of Recently Proposed Algorithms. Extended Version. (2016). showeprint[arXiv]1602.01711 http:\/\/arxiv.org\/abs\/1602.01711"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1109\/CICYBS.2014.7013367"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/LCNW.2015.7365905"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.5555\/3000850.3000887"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/3098954.3098985"},{"key":"e_1_3_2_1_12_1","volume-title":"https:\/\/stardust.caida.org\/docs\/data\/flowtuple\/ Retrieved","author":"FlowTuple CAIDA.","year":"2024","unstructured":"CAIDA. 2021. FlowTuple. https:\/\/stardust.caida.org\/docs\/data\/flowtuple\/ Retrieved September 4, 2024 from"},{"key":"e_1_3_2_1_13_1","volume-title":"https:\/\/stardust.caida.org\/docs\/data\/dos\/ Retrieved","author":"CAIDA.","year":"2024","unstructured":"CAIDA. 2021. RSDoS. https:\/\/stardust.caida.org\/docs\/data\/dos\/ Retrieved September 4, 2024 from"},{"key":"e_1_3_2_1_14_1","volume-title":"STARDUST Grafana dashboard. https:\/\/explore.stardust.caida.org Retrieved","author":"CAIDA.","year":"2024","unstructured":"CAIDA. 2021. STARDUST Grafana dashboard. https:\/\/explore.stardust.caida.org Retrieved September 4, 2024 from"},{"key":"e_1_3_2_1_15_1","volume-title":"2021 d. STARDUST. UCSD network telescope. https:\/\/stardust.caida.org Retrieved","author":"CAIDA.","year":"2024","unstructured":"CAIDA. 2021 d. STARDUST. UCSD network telescope. https:\/\/stardust.caida.org Retrieved September 4, 2024 from"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-58951-6_5"},{"key":"e_1_3_2_1_17_1","volume-title":"Detecting CVE-2022--23270 in PPTP. https:\/\/corelight.com\/blog\/detecting-cve-2022--23270-in-pptp Retrieved","year":"2023","unstructured":"Corelight. 2022. Detecting CVE-2022--23270 in PPTP. https:\/\/corelight.com\/blog\/detecting-cve-2022--23270-in-pptp Retrieved December 3, 2023 from"},{"key":"e_1_3_2_1_18_1","unstructured":"Crowdstrike. 2023. CrowdStrike Discovers First-Ever Dero Cryptojacking Campaign Targeting Kubernetes. https:\/\/www.crowdstrike.com\/blog\/crowdstrike-discovers-first-ever-dero-cryptojacking-campaign-targeting-kubernetes\/ Retrieved December 3 2023 from"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/2567561.2567568"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/tnet.2013.2297678"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1109\/TNET.2013.2291244"},{"key":"e_1_3_2_1_22_1","volume-title":"Dask: Library for dynamic task scheduling. https:\/\/dask.org Retrieved","author":"Team Dask Development","year":"2016","unstructured":"Dask Development Team. 2016. Dask: Library for dynamic task scheduling. https:\/\/dask.org Retrieved September 4, 2024 from"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.14778\/1454159.1454226"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.5555\/2671225.2671230"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1093\/biostatistics\/kxm045"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-26561-2_45"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/3517745.3563015"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/3485983.3494863"},{"key":"e_1_3_2_1_29_1","volume-title":"MASSCAN: Mass IP port scanner. https:\/\/github.com\/robertdavidgraham\/masscan Retrieved","author":"Graham Robert","year":"2021","unstructured":"Robert Graham. 2021. MASSCAN: Mass IP port scanner. https:\/\/github.com\/robertdavidgraham\/masscan Retrieved September 4, 2024 from"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1080\/01621459.1974.10482962"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","unstructured":"Chansu Han Jumpei Shimamura Takeshi Takahashi Daisuke Inoue Masanori Kawakita Jun'ichi Takeuchi and Koji Nakao. 2019. Real-Time Detection of Malware Activities by Analyzing Darknet Traffic Using Graphical Lasso. In Proceedings of the IEEE International Conference On Trust Security And Privacy In Computing And Communications\/IEEE International Conference On Big Data Science And Engineering (TrustCom\/BigDataSE). https:\/\/doi.org\/10.1109\/TrustCom\/BigDataSE.2019.00028","DOI":"10.1109\/TrustCom\/BigDataSE.2019.00028"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/access.2022.3145966"},{"key":"e_1_3_2_1_33_1","volume-title":"Han","author":"Chansu","year":"2023","unstructured":"Chansu et al. Han. 2023. Dark-TRACER. https:\/\/github.com\/Gotchance\/Dark-TRACER Retrieved September 4, 2024 from"},{"key":"e_1_3_2_1_34_1","volume-title":"Kubernetes adoption, security, and market trends report","author":"Hat Red","year":"2023","unstructured":"Red Hat. 2023. Kubernetes adoption, security, and market trends report 2023. https:\/\/www.redhat.com\/en\/resources\/kubernetes-adoption-security-market-trends-overview Retrieved December 3, 2023 from"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2014.2321898"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.5555\/2627435.2697058"},{"key":"e_1_3_2_1_37_1","volume-title":"Ports used by IBM Cloud Orchestrator. https:\/\/www.ibm.com\/docs\/en\/cloud-orchestrator\/2.5.0.3?topic=reference-ports-used-by-cloud-orchestrator Retrieved December, 3","author":"IBM.","year":"2023","unstructured":"IBM. 2021. Ports used by IBM Cloud Orchestrator. https:\/\/www.ibm.com\/docs\/en\/cloud-orchestrator\/2.5.0.3?topic=reference-ports-used-by-cloud-orchestrator Retrieved December, 3, 2023 from"},{"key":"e_1_3_2_1_38_1","volume-title":"https:\/\/www.influxdata.com Retrieved","author":"DB.","year":"2024","unstructured":"influxdata. 2023. InfluxDB. https:\/\/www.influxdata.com Retrieved September 4, 2024 from"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-02490-0_71"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1109\/TASSP.1975.1162641"},{"key":"e_1_3_2_1_41_1","volume-title":"Internet Facts and Figures","author":"ITU.","year":"2023","unstructured":"ITU. 2024. Internet Facts and Figures 2023. https:\/\/www.itu.int\/itu-d\/reports\/statistics\/2023\/10\/10\/ff23-internet-traffic\/ Retrieved January 10, 2024 from"},{"key":"e_1_3_2_1_42_1","volume-title":"Simple Network Management Protocol (SNMP) over Transmission Control Protocol (TCP) Transport Mapping. https:\/\/www.rfc-editor","author":"Schoenwaelder TU","year":"2023","unstructured":"TU Braunschweig J. Schoenwaelder. 2002. Simple Network Management Protocol (SNMP) over Transmission Control Protocol (TCP) Transport Mapping. https:\/\/www.rfc-editor.org\/rfc\/rfc3430.html Retrieved December 3, 2023 from"},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1145\/3131365.3131383"},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/3278532.3278571"},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1109\/tifs.2022.3211644"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1287\/mnsc.6.4.366"},{"key":"e_1_3_2_1_47_1","volume-title":"https:\/\/kubernetes.io\/docs\/reference\/networking\/ports-and-protocols\/ Retrieved","author":"Protocols Ports","year":"2023","unstructured":"Kubernetes. 2022. Ports and Protocols. https:\/\/kubernetes.io\/docs\/reference\/networking\/ports-and-protocols\/ Retrieved December 3, 2023 from"},{"key":"e_1_3_2_1_48_1","volume-title":"Thousands of Unsecured Kubernetes Clusters Exposed. https:\/\/redhuntlabs.com\/blog\/unsecured-kubernetes-clusters-exposed\/ Retrieved","author":"Labs RedHunt","year":"2023","unstructured":"RedHunt Labs. 2023. Thousands of Unsecured Kubernetes Clusters Exposed. https:\/\/redhuntlabs.com\/blog\/unsecured-kubernetes-clusters-exposed\/ Retrieved December 3, 2023 from"},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.5281\/zenodo.830033"},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.apenergy.2017.03.010"},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.18637\/jss.v088.i05"},{"key":"e_1_3_2_1_52_1","volume-title":"https:\/\/github.com\/wannesm\/dtaidistance Retrieved","author":"Distance","year":"2024","unstructured":"et al. Meert, Wannes. 2020. DTAIDistance (v2.3.10). https:\/\/github.com\/wannesm\/dtaidistance Retrieved September 4, 2024 from"},{"key":"e_1_3_2_1_53_1","volume-title":"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023--21706 Retrieved","year":"2023","unstructured":"Microsoft. 2023. CVE-2023--21706. https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023--21706 Retrieved December 3, 2023 from"},{"key":"e_1_3_2_1_54_1","volume-title":"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023--21718 Retrieved","year":"2023","unstructured":"Microsoft. 2023. CVE-2023--21718. https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023--21718 Retrieved December 3, 2023 from"},{"key":"e_1_3_2_1_55_1","volume-title":"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023--21803 Retrieved","year":"2023","unstructured":"Microsoft. 2023. CVE-2023--21803. https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023--21803 Retrieved December 3, 2023 from"},{"key":"e_1_3_2_1_56_1","unstructured":"Matthew Middlehurst Patrick Sch\u00e4fer and Anthony Bagnall. 2023. Bake off redux: a review and experimental evaluation of recent time series classification algorithms. (2023). showeprint[arXiv]2304.13029 https:\/\/arxiv.org\/abs\/2304.13029"},{"key":"e_1_3_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.5555\/2999792.2999959"},{"key":"e_1_3_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.1145\/1132026.1132027"},{"key":"e_1_3_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.1145\/2939672.2945383"},{"key":"e_1_3_2_1_60_1","volume-title":"Kubernetes adoption creates new cybersecurity challenges. https:\/\/www.helpnetsecurity.com\/2023\/11\/13\/cloud-native-environments-risks\/ Retrieved","author":"Security Help","year":"2023","unstructured":"Help net Security. 2023. Kubernetes adoption creates new cybersecurity challenges. https:\/\/www.helpnetsecurity.com\/2023\/11\/13\/cloud-native-environments-risks\/ Retrieved December 3, 2023 from"},{"key":"e_1_3_2_1_61_1","doi-asserted-by":"publisher","DOI":"10.1145\/3473604.3474562"},{"key":"e_1_3_2_1_62_1","doi-asserted-by":"publisher","DOI":"10.1145\/2339530.2339576"},{"key":"e_1_3_2_1_63_1","unstructured":"Aaditya Ramdas Nicolas Garcia and Marco Cuturi. 2015. On Wasserstein Two Sample Testing and Related Families of Nonparametric Tests. arxiv: 1509.02237 [math.ST]"},{"key":"e_1_3_2_1_64_1","volume-title":"AJP File Read\/Inclusion in Apache Tomcat (CVE-2020--1938) and Undertow (CVE-2020--1745). https:\/\/access.redhat.com\/solutions\/4851251 Retrieved","year":"2023","unstructured":"RedHat. 2024. AJP File Read\/Inclusion in Apache Tomcat (CVE-2020--1938) and Undertow (CVE-2020--1745). https:\/\/access.redhat.com\/solutions\/4851251 Retrieved December 3, 2023 from"},{"key":"e_1_3_2_1_65_1","volume-title":"Darknet Processing. https:\/\/github.com\/Merit-Research\/darknet-events Retrieved","author":"Research Merit","year":"2024","unstructured":"Merit Research. 2021. Darknet Processing. https:\/\/github.com\/Merit-Research\/darknet-events Retrieved September 4, 2024 from"},{"key":"e_1_3_2_1_66_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICDMW.2017.93"},{"key":"e_1_3_2_1_67_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.aci.2017.12.002"},{"key":"e_1_3_2_1_68_1","doi-asserted-by":"publisher","DOI":"10.1109\/TASSP.1978.1163055"},{"key":"e_1_3_2_1_69_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-57675-2_37"},{"key":"e_1_3_2_1_70_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10618-015-0441-y"},{"key":"e_1_3_2_1_71_1","volume-title":"https:\/\/www.sdsc.edu\/services\/hpc\/expanse\/ Retrieved","author":"Expanse SDSC.","year":"2024","unstructured":"SDSC. 2020. Expanse. https:\/\/www.sdsc.edu\/services\/hpc\/expanse\/ Retrieved September 4, 2024 from"},{"key":"e_1_3_2_1_72_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10618-018-0557-y"},{"key":"e_1_3_2_1_73_1","doi-asserted-by":"publisher","DOI":"10.1145\/3517745.3561458"},{"key":"e_1_3_2_1_74_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2023.3249474"},{"key":"e_1_3_2_1_75_1","volume-title":"Microsoft's","year":"2023","unstructured":"Tenable. 2023. Microsoft's February 2023 Patch Tuesday Addresses 75 CVEs (CVE-2023--23376). https:\/\/www.tenable.com\/blog\/microsofts-february-2023-patch-tuesday-addresses-75-cves-cve-2023--23376 Retrieved December 3, 2023 from"},{"key":"e_1_3_2_1_76_1","volume-title":"Unsecured Kubernetes Instances Could Be Vulnerable to Exploitation. https:\/\/unit42.paloaltonetworks.com\/unsecured-kubernetes-instances\/ Retrieved","year":"2023","unstructured":"Unit42. 2023. Unsecured Kubernetes Instances Could Be Vulnerable to Exploitation. https:\/\/unit42.paloaltonetworks.com\/unsecured-kubernetes-instances\/ Retrieved December 3, 2023 from"},{"key":"e_1_3_2_1_77_1","volume-title":"Problemy Peredachi Informatsii","volume":"5","author":"Vaserstein Leonid Nisonovich","year":"1969","unstructured":"Leonid Nisonovich Vaserstein. 1969. Markov processes over denumerable products of spaces, describing large systems of automata. Problemy Peredachi Informatsii, Vol. 5, 3 (1969)."},{"key":"e_1_3_2_1_78_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.physa.2012.03.036"}],"event":{"name":"IMC '24: ACM Internet Measurement Conference","location":"Madrid Spain","acronym":"IMC '24","sponsor":["SIGMETRICS ACM Special Interest Group on Measurement and Evaluation","SIGCOMM ACM Special Interest Group on Data Communication"]},"container-title":["Proceedings of the 2024 ACM on Internet Measurement Conference"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3646547.3688426","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3646547.3688426","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T11:51:11Z","timestamp":1755863471000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3646547.3688426"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,11,4]]},"references-count":78,"alternative-id":["10.1145\/3646547.3688426","10.1145\/3646547"],"URL":"https:\/\/doi.org\/10.1145\/3646547.3688426","relation":{},"subject":[],"published":{"date-parts":[[2024,11,4]]},"assertion":[{"value":"2024-11-04","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}