{"id":"https://openalex.org/W4399852622","doi":"https://doi.org/10.23919/tma62044.2024.10559063","title":"Propagating Threat Scores with a TLS Ecosystem Graph Model Derived by Active Measurements","display_name":"Propagating Threat Scores with a TLS Ecosystem Graph Model Derived by Active Measurements","publication_year":2024,"publication_date":"2024-05-21","ids":{"openalex":"https://openalex.org/W4399852622","doi":"https://doi.org/10.23919/tma62044.2024.10559063"},"language":"en","primary_location":{"id":"doi:10.23919/tma62044.2024.10559063","is_oa":false,"landing_page_url":"http://dx.doi.org/10.23919/tma62044.2024.10559063","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2024 8th Network Traffic Measurement and Analysis Conference (TMA)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.23919/TMA62044.2024.10559063","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5005401301","display_name":"Markus Sosnowski","orcid":"https://orcid.org/0000-0002-7322-5804"},"institutions":[{"id":"https://openalex.org/I62916508","display_name":"Technical University of Munich","ror":"https://ror.org/02kkvpp62","country_code":"DE","type":"education","lineage":["https://openalex.org/I62916508"]}],"countries":["DE"],"is_corresponding":true,"raw_author_name":"Markus Sosnowski","raw_affiliation_strings":["Technical University of Munich,Germany","Technical University of Munich, Germany","Department of Computer Engineering, Chair of Network Architectures and Services, TUM School of Computation Information and Technology"],"affiliations":[{"raw_affiliation_string":"Technical University of Munich,Germany","institution_ids":["https://openalex.org/I62916508"]},{"raw_affiliation_string":"Technical University of Munich, Germany","institution_ids":["https://openalex.org/I62916508"]},{"raw_affiliation_string":"Department of Computer Engineering, Chair of Network Architectures and Services, TUM School of Computation Information and Technology","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5049611799","display_name":"Patrick Sattler","orcid":"https://orcid.org/0000-0001-9375-3113"},"institutions":[{"id":"https://openalex.org/I62916508","display_name":"Technical University of Munich","ror":"https://ror.org/02kkvpp62","country_code":"DE","type":"education","lineage":["https://openalex.org/I62916508"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Patrick Sattler","raw_affiliation_strings":["Technical University of Munich,Germany","Technical University of Munich, Germany","Department of Computer Engineering, Chair of Network Architectures and Services, TUM School of Computation Information and Technology"],"affiliations":[{"raw_affiliation_string":"Technical University of Munich,Germany","institution_ids":["https://openalex.org/I62916508"]},{"raw_affiliation_string":"Technical University of Munich, Germany","institution_ids":["https://openalex.org/I62916508"]},{"raw_affiliation_string":"Department of Computer Engineering, Chair of Network Architectures and Services, TUM School of Computation Information and Technology","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5009418849","display_name":"Johannes Zirngibl","orcid":"https://orcid.org/0000-0002-2918-016X"},"institutions":[{"id":"https://openalex.org/I62916508","display_name":"Technical University of Munich","ror":"https://ror.org/02kkvpp62","country_code":"DE","type":"education","lineage":["https://openalex.org/I62916508"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Johannes Zirngibl","raw_affiliation_strings":["Technical University of Munich,Germany","Technical University of Munich, Germany","Department of Computer Engineering, Chair of Network Architectures and Services, TUM School of Computation Information and Technology"],"affiliations":[{"raw_affiliation_string":"Technical University of Munich,Germany","institution_ids":["https://openalex.org/I62916508"]},{"raw_affiliation_string":"Technical University of Munich, Germany","institution_ids":["https://openalex.org/I62916508"]},{"raw_affiliation_string":"Department of Computer Engineering, Chair of Network Architectures and Services, TUM School of Computation Information and Technology","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5099292852","display_name":"Tim Betzer","orcid":"https://orcid.org/0009-0003-8134-6854"},"institutions":[{"id":"https://openalex.org/I62916508","display_name":"Technical University of Munich","ror":"https://ror.org/02kkvpp62","country_code":"DE","type":"education","lineage":["https://openalex.org/I62916508"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Tim Betzer","raw_affiliation_strings":["Technical University of Munich,Germany","Technical University of Munich, Germany","Department of Computer Engineering, Chair of Network Architectures and Services, TUM School of Computation Information and Technology"],"affiliations":[{"raw_affiliation_string":"Technical University of Munich,Germany","institution_ids":["https://openalex.org/I62916508"]},{"raw_affiliation_string":"Technical University of Munich, Germany","institution_ids":["https://openalex.org/I62916508"]},{"raw_affiliation_string":"Department of Computer Engineering, Chair of Network Architectures and Services, TUM School of Computation Information and Technology","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5060144977","display_name":"Georg Carle","orcid":"https://orcid.org/0000-0002-2347-1839"},"institutions":[{"id":"https://openalex.org/I62916508","display_name":"Technical University of Munich","ror":"https://ror.org/02kkvpp62","country_code":"DE","type":"education","lineage":["https://openalex.org/I62916508"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Georg Carle","raw_affiliation_strings":["Technical University of Munich,Germany","Technical University of Munich, Germany","Department of Computer Engineering, Chair of Network Architectures and Services, TUM School of Computation Information and Technology"],"affiliations":[{"raw_affiliation_string":"Technical University of Munich,Germany","institution_ids":["https://openalex.org/I62916508"]},{"raw_affiliation_string":"Technical University of Munich, Germany","institution_ids":["https://openalex.org/I62916508"]},{"raw_affiliation_string":"Department of Computer Engineering, Chair of Network Architectures and Services, TUM School of Computation Information and Technology","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5005401301"],"corresponding_institution_ids":["https://openalex.org/I62916508"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.08335325,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"11"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10064","display_name":"Complex Network Analysis Techniques","score":0.9869999885559082,"subfield":{"id":"https://openalex.org/subfields/3109","display_name":"Statistical and Nonlinear Physics"},"field":{"id":"https://openalex.org/fields/31","display_name":"Physics and Astronomy"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10064","display_name":"Complex Network Analysis Techniques","score":0.9869999885559082,"subfield":{"id":"https://openalex.org/subfields/3109","display_name":"Statistical and Nonlinear Physics"},"field":{"id":"https://openalex.org/fields/31","display_name":"Physics and Astronomy"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12592","display_name":"Opinion Dynamics and Social Influence","score":0.9588000178337097,"subfield":{"id":"https://openalex.org/subfields/3109","display_name":"Statistical and Nonlinear Physics"},"field":{"id":"https://openalex.org/fields/31","display_name":"Physics and Astronomy"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9467999935150146,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6121518611907959},{"id":"https://openalex.org/keywords/ecosystem","display_name":"Ecosystem","score":0.5929746031761169},{"id":"https://openalex.org/keywords/graph","display_name":"Graph","score":0.4637129604816437},{"id":"https://openalex.org/keywords/theoretical-computer-science","display_name":"Theoretical computer science","score":0.24251788854599},{"id":"https://openalex.org/keywords/ecology","display_name":"Ecology","score":0.19300416111946106},{"id":"https://openalex.org/keywords/biology","display_name":"Biology","score":0.0839691162109375}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6121518611907959},{"id":"https://openalex.org/C110872660","wikidata":"https://www.wikidata.org/wiki/Q37813","display_name":"Ecosystem","level":2,"score":0.5929746031761169},{"id":"https://openalex.org/C132525143","wikidata":"https://www.wikidata.org/wiki/Q141488","display_name":"Graph","level":2,"score":0.4637129604816437},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.24251788854599},{"id":"https://openalex.org/C18903297","wikidata":"https://www.wikidata.org/wiki/Q7150","display_name":"Ecology","level":1,"score":0.19300416111946106},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0839691162109375}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.23919/tma62044.2024.10559063","is_oa":false,"landing_page_url":"http://dx.doi.org/10.23919/tma62044.2024.10559063","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2024 8th Network Traffic Measurement and Analysis Conference (TMA)","raw_type":"proceedings-article"},{"id":"pmh:oai:zenodo.org:14861701","is_oa":true,"landing_page_url":"https://doi.org/10.23919/TMA62044.2024.10559063","pdf_url":null,"source":{"id":"https://openalex.org/S4306400562","display_name":"Zenodo (CERN European Organization for Nuclear Research)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I67311998","host_organization_name":"European Organization for Nuclear Research","host_organization_lineage":["https://openalex.org/I67311998"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"info:eu-repo/semantics/conferencePaper"}],"best_oa_location":{"id":"pmh:oai:zenodo.org:14861701","is_oa":true,"landing_page_url":"https://doi.org/10.23919/TMA62044.2024.10559063","pdf_url":null,"source":{"id":"https://openalex.org/S4306400562","display_name":"Zenodo (CERN European Organization for Nuclear Research)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I67311998","host_organization_name":"European Organization for Nuclear Research","host_organization_lineage":["https://openalex.org/I67311998"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"info:eu-repo/semantics/conferencePaper"},"sustainable_development_goals":[{"display_name":"Life in Land","score":0.41999998688697815,"id":"https://metadata.un.org/sdg/15"}],"awards":[{"id":"https://openalex.org/G6649427564","display_name":null,"funder_award_id":"16KIS1370,16KISK001K,16KISK107","funder_id":"https://openalex.org/F4320321114","funder_display_name":"Bundesministerium f\u00fcr Bildung und Forschung"},{"id":"https://openalex.org/G996416203","display_name":null,"funder_award_id":"CA595/13-1","funder_id":"https://openalex.org/F4320320879","funder_display_name":"Deutsche Forschungsgemeinschaft"}],"funders":[{"id":"https://openalex.org/F4320320879","display_name":"Deutsche Forschungsgemeinschaft","ror":"https://ror.org/018mejw64"},{"id":"https://openalex.org/F4320321114","display_name":"Bundesministerium f\u00fcr Bildung und Forschung","ror":"https://ror.org/04pz7b180"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":29,"referenced_works":["https://openalex.org/W1828150029","https://openalex.org/W2044354000","https://openalex.org/W2066636486","https://openalex.org/W2071376663","https://openalex.org/W2104899073","https://openalex.org/W2292723020","https://openalex.org/W2487661922","https://openalex.org/W2552873532","https://openalex.org/W2604746202","https://openalex.org/W2788194436","https://openalex.org/W2805572865","https://openalex.org/W2895807258","https://openalex.org/W2986143645","https://openalex.org/W2990619902","https://openalex.org/W3013443908","https://openalex.org/W3044183949","https://openalex.org/W3093603548","https://openalex.org/W3104735167","https://openalex.org/W3210970122","https://openalex.org/W4253083841","https://openalex.org/W4298051233","https://openalex.org/W4324009745","https://openalex.org/W4386214697","https://openalex.org/W4391406902","https://openalex.org/W4391696937","https://openalex.org/W4392964528","https://openalex.org/W6677217071","https://openalex.org/W6838959161","https://openalex.org/W6850886346"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2748952813","https://openalex.org/W2390279801","https://openalex.org/W2358668433","https://openalex.org/W4396701345","https://openalex.org/W2376932109","https://openalex.org/W2001405890","https://openalex.org/W4396696052","https://openalex.org/W2382290278","https://openalex.org/W4395014643"],"abstract_inverted_index":{"The":[0,134],"Internet":[1,238],"is":[2,74,101],"shaped":[3],"by":[4],"independent":[5],"actors":[6],"and":[7,37,49,93,127,180,224],"heterogeneous":[8],"deployments.":[9],"With":[10,170],"the":[11,54,66,83,88,132,143,163,166,171,185,199,209,221,237],"wide":[12],"adoption":[13],"of":[14,22,69,82,121,160,165,173,198,236],"Transport":[15],"Layer":[16],"Security":[17],"(TLS),":[18],"a":[19,27,79,106,117,157,215,225],"whole":[20],"ecosystem":[21,85,223],"intertwined":[23],"entities":[24,36],"emerged.":[25],"Acquiring":[26],"comprehensive":[28],"view":[29],"allows":[30],"searching":[31,240],"for":[32,56,241],"previously":[33],"unknown":[34,242],"malicious":[35],"providing":[38],"valuable":[39],"cyber-threat":[40],"intelligence.":[41],"Actively":[42],"collected":[43],"Internet-wide":[44,125],"Domain":[45],"Name":[46],"System":[47],"(DNS)":[48],"TLS":[50,84,128,222],"meta-data":[51],"can":[52],"provide":[53],"basis":[55],"such":[57],"large-scale":[58],"analyses.":[59],"However,":[60],"in":[61,162],"order":[62],"to":[63,104,112,130,155,192,196,219,228],"efficiently":[64],"navigate":[65],"vast":[67],"volumes":[68],"data,":[70],"an":[71],"effective":[72],"methodology":[73],"required.":[75],"This":[76,212],"work":[77,213],"proposes":[78,214],"graph":[80,217],"model":[81,218],"that":[86],"utilizes":[87],"relationships":[89],"between":[90],"servers,":[91],"domains,":[92],"certificates.":[94],"A":[95],"Probabilistic":[96],"Threat":[97],"Propagation":[98],"(PTP)":[99],"algorithm":[100],"then":[102],"used":[103,154],"propagate":[105],"threat":[107,147,150],"score":[108],"from":[109],"existing":[110],"blocklists":[111],"related":[113],"nodes.":[114],"We":[115],"conducted":[116],"one-year-long":[118],"measurement":[119,136],"study":[120],"13":[122],"monthly":[123],"active":[124],"DNS":[126],"measurements":[129],"evaluate":[131],"methodology.":[133],"latest":[135],"found":[137,168],"four":[138],"highly":[139],"suspicious":[140,234],"clusters":[141],"among":[142],"nodes":[144,201],"with":[145],"high":[146,158],"scores.":[148],"External":[149],"intelligence":[151],"services":[152],"were":[153,190],"confirm":[156],"rate":[159],"maliciousness":[161],"rest":[164],"newly":[167],"servers.":[169],"help":[172,229],"optimized":[174],"thresholds,":[175],"we":[176],"identified":[177,200],"557":[178],"domains":[179],"11":[181],"IP":[182],"addresses":[183],"throughout":[184],"last":[186],"year":[187],"before":[188],"they":[189],"known":[191],"be":[193],"malicious.":[194],"Up":[195],"40%":[197],"appeared":[202],"on":[203,208,233],"average":[204],"three":[205],"months":[206],"later":[207],"input":[210],"blocklist.":[211],"versatile":[216],"analyze":[220],"PTP":[226],"analysis":[227],"security":[230],"researchers":[231],"focus":[232],"subsets":[235],"when":[239],"threats.":[243]},"counts_by_year":[],"updated_date":"2025-12-26T23:08:49.675405","created_date":"2025-10-10T00:00:00"}