Full download text book at textbookfull.

com

Security and Privacy in Communication

Networks 16th EAI International
Conference SecureComm 2020 Washington DC
USA October 21 23 2020 Proceedings Part
II Noseong Park
DOWLOAD HERE

https://textbookfull.com/product/security-and-
privacy-in-communication-networks-16th-eai-
international-conference-
securecomm-2020-washington-dc-usa-
october-21-23-2020-proceedings-part-ii-noseong-
park/

DOWLOAD NOW

Download more textbook from textbookfull.com

More products digital (pdf, epub, mobi) instant
download maybe you interests ...

Security and Privacy in Communication Networks 16th EAI

International Conference SecureComm 2020 Washington DC
USA October 21 23 2020 Proceedings Part I Noseong Park

https://textbookfull.com/product/security-and-privacy-in-
communication-networks-16th-eai-international-conference-
securecomm-2020-washington-dc-usa-october-21-23-2020-proceedings-
part-i-noseong-park/

Security and Privacy in Communication Networks 15th EAI

International Conference SecureComm 2019 Orlando FL USA
October 23 25 2019 Proceedings Part II Songqing Chen

https://textbookfull.com/product/security-and-privacy-in-
communication-networks-15th-eai-international-conference-
securecomm-2019-orlando-fl-usa-october-23-25-2019-proceedings-
part-ii-songqing-chen/

Social Cultural and Behavioral Modeling 13th

International Conference SBP BRiMS 2020 Washington DC
USA October 18 21 2020 Proceedings Robert Thomson

https://textbookfull.com/product/social-cultural-and-behavioral-
modeling-13th-international-conference-sbp-brims-2020-washington-
dc-usa-october-18-21-2020-proceedings-robert-thomson/

Security and Privacy in Communication Networks 14th

International Conference SecureComm 2018 Singapore
Singapore August 8 10 2018 Proceedings Part II Raheem
Beyah
https://textbookfull.com/product/security-and-privacy-in-
communication-networks-14th-international-conference-
securecomm-2018-singapore-singapore-august-8-10-2018-proceedings-
Security and Privacy in Communication Networks 12th
International Conference SecureComm 2016 Guangzhou
China October 10 12 2016 Proceedings 1st Edition Robert
Deng
https://textbookfull.com/product/security-and-privacy-in-
communication-networks-12th-international-conference-
securecomm-2016-guangzhou-china-
october-10-12-2016-proceedings-1st-edition-robert-deng/

Computer Vision ECCV 2020 16th European Conference

Glasgow UK August 23 28 2020 Proceedings Part II Andrea
Vedaldi

https://textbookfull.com/product/computer-vision-eccv-2020-16th-
european-conference-glasgow-uk-august-23-28-2020-proceedings-
part-ii-andrea-vedaldi/

Security and Privacy in Communication Networks 14th

International Conference SecureComm 2018 Singapore
Singapore August 8 10 2018 Proceedings Part I Raheem
Beyah
https://textbookfull.com/product/security-and-privacy-in-
communication-networks-14th-international-conference-
securecomm-2018-singapore-singapore-august-8-10-2018-proceedings-
part-i-raheem-beyah/

e Learning e Education and Online Training 6th EAI

International Conference eLEOT 2020 Changsha China June
20 21 2020 Proceedings Part II Shuai Liu

https://textbookfull.com/product/e-learning-e-education-and-
online-training-6th-eai-international-conference-
eleot-2020-changsha-china-june-20-21-2020-proceedings-part-ii-
shuai-liu/

Computer Aided Verification 32nd International

Conference CAV 2020 Los Angeles CA USA July 21 24 2020
Proceedings Part II Shuvendu K. Lahiri

https://textbookfull.com/product/computer-aided-
verification-32nd-international-conference-cav-2020-los-angeles-
ca-usa-july-21-24-2020-proceedings-part-ii-shuvendu-k-lahiri/
Noseong Park · Kun Sun ·
Sara Foresti · Kevin Butler ·
Nitesh Saxena (Eds.)

336

Security and Privacy

in Communication
Networks
16th EAI International Conference, SecureComm 2020
Washington, DC, USA, October 21–23, 2020
Proceedings, Part II

Part 2
Lecture Notes of the Institute
for Computer Sciences, Social Informatics
and Telecommunications Engineering 336

Editorial Board Members

Ozgur Akan
Middle East Technical University, Ankara, Turkey
Paolo Bellavista
University of Bologna, Bologna, Italy
Jiannong Cao
Hong Kong Polytechnic University, Hong Kong, China
Geoffrey Coulson
Lancaster University, Lancaster, UK
Falko Dressler
University of Erlangen, Erlangen, Germany
Domenico Ferrari
Università Cattolica Piacenza, Piacenza, Italy
Mario Gerla
UCLA, Los Angeles, USA
Hisashi Kobayashi
Princeton University, Princeton, USA
Sergio Palazzo
University of Catania, Catania, Italy
Sartaj Sahni
University of Florida, Gainesville, USA
Xuemin (Sherman) Shen
University of Waterloo, Waterloo, Canada
Mircea Stan
University of Virginia, Charlottesville, USA
Xiaohua Jia
City University of Hong Kong, Kowloon, Hong Kong
Albert Y. Zomaya
University of Sydney, Sydney, Australia
More information about this series at http://www.springer.com/series/8197
Noseong Park Kun Sun
• •

Sara Foresti Kevin Butler

• •

Nitesh Saxena (Eds.)

Security and Privacy

in Communication
Networks
16th EAI International Conference, SecureComm 2020
Washington, DC, USA, October 21–23, 2020
Proceedings, Part II

123
Editors
Noseong Park Kun Sun
Yonsei University George Mason University
Seoul, Korea (Republic of) Fairfax, VA, USA
Sara Foresti Kevin Butler
Dipartimento di Informatica University of Florida
Universita degli Studi Gainesville, FL, USA
Milan, Milano, Italy
Nitesh Saxena
Division of Nephrology
University of Alabama
Birmingham, AL, USA

ISSN 1867-8211 ISSN 1867-822X (electronic)

Lecture Notes of the Institute for Computer Sciences, Social Informatics
and Telecommunications Engineering
ISBN 978-3-030-63094-2 ISBN 978-3-030-63095-9 (eBook)
https://doi.org/10.1007/978-3-030-63095-9

© ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2020
This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of the
material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation,
broadcasting, reproduction on microfilms or in any other physical way, and transmission or information
storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now
known or hereafter developed.
The use of general descriptive names, registered names, trademarks, service marks, etc. in this publication
does not imply, even in the absence of a specific statement, that such names are exempt from the relevant
protective laws and regulations and therefore free for general use.
The publisher, the authors and the editors are safe to assume that the advice and information in this book are
believed to be true and accurate at the date of publication. Neither the publisher nor the authors or the editors
give a warranty, expressed or implied, with respect to the material contained herein or for any errors or
omissions that may have been made. The publisher remains neutral with regard to jurisdictional claims in
published maps and institutional affiliations.

This Springer imprint is published by the registered company Springer Nature Switzerland AG
The registered company address is: Gewerbestrasse 11, 6330 Cham, Switzerland
 Preface

We are delighted to introduce the proceedings of the 16th EAI International Conference
on Security and Privacy in Communication Networks (SecureComm 2020). This
conference has brought together researchers, developers, and practitioners from around
the world who are leveraging and developing security and privacy technology for a safe
and robust system or network.
These proceedings contain 60 papers, which were selected from 120 submissions
(an acceptance rate of 50%) from universities, national laboratories, and the private
sector from across the USA as well as other countries in Europe and Asia. All the
submissions went through an extensive review process by internationally-recognized
experts in cybersecurity.
Any successful conference requires the contributions of different stakeholder groups
and individuals, who have selflessly volunteered their time and energy in disseminating
the call for papers, submitting their research findings, participating in the peer reviews
and discussions, etc. First and foremost, we would like to offer our gratitude to the
entire Organizing Committee for guiding the entire process of the conference. We are
also deeply grateful to all the Technical Program Committee members for their time
and effort in reading, commenting, debating, and finally selecting the papers. We also
thank all the external reviewers for assisting the Technical Program Committee in their
particular areas of expertise as well as all the authors, participants, and session chairs
for their valuable contributions. Support from the Steering Committee and EAI staff
members was also crucial in ensuring the success of the conference. It was a great
privilege to work with such a large group of dedicated and talented individuals.
We hope that you found the discussions and interactions at SecureComm 2020,
which was held online, enjoyable and that the proceedings will simulate further
research.

October 2020 Kun Sun

Sara Foresti
Kevin Butler
Nitesh Saxena
 Organization

Steering Committee
Imrich Chlamtac University of Trento, Italy
Guofei Gu Texas A&M University, USA
Peng Liu Penn State University, USA
Sencun Zhu Penn State University, USA

Organizing Committee
General Co-chairs
Kun Sun George Mason University, USA
Sara Foresti Università degli Studi di Milano, Italy

TPC Chair and Co-chair

Kevin Butler University of Florida, USA
Nitesh Saxena University of Alabama at Birmingham, USA

Sponsorship and Exhibit Chair

Liang Zhao George Mason University, USA

Local Chair
Hemant Purohit George Mason University, USA

Workshops Chair
Qi Li Tsinghua University, China

Publicity and Social Media Chairs

Emanuela Marasco George Mason University, USA
Carol Fung Virginia Commonwealth University, USA

Publications Chair
Noseong Park Yonsei University, South Korea

Web Chair
Pengbin Feng George Mason University, USA

Panels Chair
Massimiliano Albanese George Mason University, USA
viii Organization

Tutorials Chair
Fabio Scotti Università degli Studi di Milano, Italy

Technical Program Committee

Adwait Nadkarni William & Mary, USA
Amro Awad Sandia National Laboratories, USA
An Wang Case Western Reserve University, USA
Aziz Mohaisen University of Central Florida, USA
Birhanu Eshete University of Michigan - Dearborn, USA
Byron Williams University of Florida, USA
Cliff Zou University of Central Florida, USA
Cong Wang City University of Hong Kong, Hong Kong
Daniel Takabi Georgia State University, USA
Dave (Jing) Tian Purdue University, USA
David Barrera Carleton University, Canada
Debin Gao Singapore Management University, Singapore
Dinghao Wu Penn State University, USA
Eric Chan-Tin Loyola University Chicago, USA
Eugene Vasserman Kansas State University, USA
Fatima M. Anwar University of Massachusetts Amherst, USA
Fengyuan Xu Nanjing University, China
Girish Revadigar University of New South Wales, Australia
Gokhan Kul University of Massachusetts Dartmouth, USA
Huacheng Zeng University of Louisville, USA
Hyoungshick Kim Sungkyunkwan University, South Korea
Jeffrey Spaulding Canisius College, USA
Jian Liu The University of Tennessee at Knoxville, USA
Jiawei Yuan University of Massachusetts Dartmouth, USA
Jun Dai California State University, Sacramento, USA
Kai Bu Zhejiang University, China
Kai Chen Institute of Information Engineering, Chinese Academy
of Sciences, China
Karim Elish Florida Polytechnic University, USA
Kuan Zhang University of Nebraska-Lincoln, USA
Le Guan University of Georgia, USA
Maliheh Shirvanian Visa Research, USA
Martin Strohmeier University of Oxford, UK
Mengjun Xie The University of Tennessee at Chattanooga, USA
Mohamed Shehab University of North Carolina at Charlotte, USA
Mohammad Mannan Concordia University, Canada
Murtuza Jadliwala The University of Texas at San Antonio, USA
Neil Gong Duke University, USA
Patrick McDaniel Penn State University, USA
Pierangela Samarati Università degli Studi di Milano, Italy
 Organization ix

Qiang Tang New Jersey Institute of Technology, USA

Rongxing Lu University of New Brunswick, Canada
Sankardas Roy Bowling Green State University, USA
Selcuk Uluagac Florida International University, USA
Seungwon Shin KAIST, South Korea
Shouhuai Xu The University of Texas at San Antonio, USA
Simon Woo SUNY Korea, South Korea
Suzanne Wetzel Stevens Institute of Technology, USA
Taegyu Kim Purdue University, USA
Thomas Moyer University of North Carolina at Charlotte, USA
Tzipora Halevi Brooklyn College, USA
Vinnie Monaco Naval Postgraduate School, USA
Wenhai Sun Purdue University, USA
Wenjing Lou Virginia Polytechnic Institute and State University,
USA
Wensheng Zhang Iowa State University, USA
Xiao Zhang Palo Alto Networks, USA
Xingliang Yuan Monash University, Australia
Yanchao Zhang Arizona State University, USA
Yingying Chen Rutgers University, USA
Yinzhi Cao Johns Hopkins University, USA
Yong Guan Iowa State University, USA
Yuan (Alex) Zhang Nanjing University, China
Yuan Zhang Fudan University, China
Z. Berkay Celik Purdue University, USA
Zhiqiang Lin Ohio State University, USA
 Contents – Part II

A Practical Machine Learning-Based Framework to Detect DNS Covert

Communication in Enterprises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Ruming Tang, Cheng Huang, Yanti Zhou, Haoxian Wu, Xianglin Lu,
Yongqian Sun, Qi Li, Jinjin Li, Weiyao Huang, Siyuan Sun, and Dan Pei

CacheLoc: Leveraging CDN Edge Servers for User Geolocation . . . . . . . . . . 22

Mingkui Wei, Khaled Rabieh, and Faisal Kaleem

Modeling Mission Impact of Cyber Attacks on Energy Delivery Systems. . . . 41

Md Ariful Haque, Sachin Shetty, Charles A. Kamhoua,
and Kimberly Gold

Identifying DApps and User Behaviors on Ethereum via Encrypted Traffic . . . 62

Yu Wang, Zhenzhen Li, Gaopeng Gou, Gang Xiong, Chencheng Wang,
and Zhen Li

TransNet: Unseen Malware Variants Detection Using Deep

Transfer Learning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
Candong Rong, Gaopeng Gou, Mingxin Cui, Gang Xiong, Zhen Li,
and Li Guo

A Brokerage Approach for Secure Multi-Cloud Storage

Resource Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
Muhammad Ihsan Haikal Sukmana, Kennedy Aondona Torkura,
Sezi Dwi Sagarianti Prasetyo, Feng Cheng, and Christoph Meinel

On the Effectiveness of Behavior-Based Ransomware Detection . . . . . . . . . . 120

Jaehyun Han, Zhiqiang Lin, and Donald E. Porter

POQ: A Consensus Protocol for Private Blockchains Using Intel SGX . . . . . . 141
Golam Dastoger Bashar, Alejandro Anzola Avila, and Gaby G. Dagher

Share Withholding in Blockchain Mining. . . . . . . . . . . . . . . . . . . . . . . . . . 161

Sang-Yoon Chang

PEDR: A Novel Evil Twin Attack Detection Scheme Based on Phase

Error Drift Range . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188
Jiahui Zhang, Qian Lu, Ruobing Jiang, and Haipeng Qu

Differentially Private Social Graph Publishing for Community Detection . . . . 208

Xuebin Ma, Jingyu Yang, and Shengyi Guan
xii Contents – Part II

LaaCan: A Lightweight Authentication Architecture for Vehicle Controller

Area Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215
Syed Akib Anwar Hridoy and Mohammad Zulkernine

A Machine Learning Based Smartphone App for GPS Spoofing Detection . . . 235
Javier Campos, Kristen Johnson, Jonathan Neeley, Staci Roesch,
Farha Jahan, Quamar Niyaz, and Khair Al Shamaileh

AOMDroid: Detecting Obfuscation Variants of Android Malware Using

Transfer Learning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242
Yu Jiang, Ruixuan Li, Junwei Tang, Ali Davanian, and Heng Yin

ML-Based Early Detection of IoT Botnets . . . . . . . . . . . . . . . . . . . . . . . . . 254

Ayush Kumar, Mrinalini Shridhar, Sahithya Swaminathan,
and Teng Joon Lim

Post-Quantum Cryptography in WireGuard VPN. . . . . . . . . . . . . . . . . . . . . 261

Quentin M. Kniep, Wolf Müller, and Jens-Peter Redlich

Evaluating the Cost of Personnel Activities in Cybersecurity Management:

A Case Study . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268
Rafał Leszczyna

SGX-Cube: An SGX-Enhanced Single Sign-On System Against

Server-Side Credential Leakage. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275
Songsong Liu, Qiyang Song, Kun Sun, and Qi Li

EW256357 : A New Secure NIST P-256 Compatible Elliptic Curve

for VoIP Applications’ Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291
Nilanjan Sen, Ram Dantu, and Kirill Morozov

Ucam: A User-Centric, Blockchain-Based and End-to-End Secure Home IP

Camera System. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311
Xinxin Fan, Zhi Zhong, Qi Chai, and Dong Guo

Private Global Generator Aggregation from Different Types

of Local Models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 324
Chunling Han and Rui Xue

Perturbing Smart Contract Execution Through the Underlying Runtime . . . . . 336

Pinchen Cui and David Umphress

Blockchain Based Multi-keyword Similarity Search Scheme over

Encrypted Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 350
Mingyue Li, Chunfu Jia, and Wei Shao
 Contents – Part II xiii

Using the Physical Layer to Detect Attacks on Building

Automation Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 372
Andreas Zdziarstek, Willi Brekenfelder, and Felix Eibisch

Formalizing Dynamic Behaviors of Smart Contract Workflow in Smart

Healthcare Supply Chain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 391
Mohammad Saidur Rahman, Ibrahim Khalil, and Abdelaziz Bouras

Malware Classification Using Attention-Based Transductive

Learning Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 403
Liting Deng, Hui Wen, Mingfeng Xin, Yue Sun, Limin Sun,
and Hongsong Zhu

COOB: Hybrid Secure Device Pairing Scheme in a Hostile Environment . . . . 419

Sameh Khalfaoui, Jean Leneutre, Arthur Villard, Jingxuan Ma,
and Pascal Urien

A Robust Watermarking Scheme with High Security and Low

Computational Complexity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 439
Liangjia Li, Yuling Luo, Junxiu Liu, Senhui Qiu, and Lanhang Li

Selecting Privacy Enhancing Technologies for IoT-Based Services . . . . . . . . 455

Immanuel Kunz, Christian Banse, and Philipp Stephanow

Khopesh - Contact Tracing Without Sacrificing Privacy . . . . . . . . . . . . . . . . 475

Friedrich Doku and Ethan Doku

Author Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 487

 Contents – Part I

Email Address Mutation for Proactive Deterrence Against Lateral

Spear-Phishing Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Md Mazharul Islam, Ehab Al-Shaer,
and Muhammad Abdul Basit Ur Rahim

ThreatZoom: Hierarchical Neural Network for CVEs

to CWEs Classification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Ehsan Aghaei, Waseem Shadid, and Ehab Al-Shaer

Detecting Dictionary Based AGDs Based on Community Detection . . . . . . . 42

Qianying Shen and Futai Zou

On the Accuracy of Measured Proximity of Bluetooth-Based Contact

Tracing Apps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Qingchuan Zhao, Haohuang Wen, Zhiqiang Lin, Dong Xuan,
and Ness Shroff

A Formal Verification of Configuration-Based Mutation Techniques

for Moving Target Defense . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Muhammad Abdul Basit Ur Rahim, Ehab Al-Shaer, and Qi Duan

Coronavirus Contact Tracing App Privacy: What Data Is Shared

by the Singapore OpenTrace App? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
Douglas J. Leith and Stephen Farrell

The Maestro Attack: Orchestrating Malicious Flows with BGP . . . . . . . . . . . 97

Tyler McDaniel, Jared M. Smith, and Max Schuchard

pyDNetTopic: A Framework for Uncovering What Darknet Market Users

Talking About . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
Jingcheng Yang, Haowei Ye, and Futai Zou

MisMesh: Security Issues and Challenges in Service Meshes . . . . . . . . . . . . 140

Dalton A. Hahn, Drew Davidson, and Alexandru G. Bardas

The Bitcoin Hunter: Detecting Bitcoin Traffic over Encrypted Channels . . . . 152
Fatemeh Rezaei, Shahrzad Naseri, Ittay Eyal, and Amir Houmansadr

MAAN: A Multiple Attribute Association Network for Mobile Encrypted

Traffic Classification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172
Fengzhao Shi, Chao Zheng, Yiming Cui, and Qingyun Liu
xvi Contents – Part I

Assessing Adaptive Attacks Against Trained JavaScript Classifiers . . . . . . . . 190

Niels Hansen, Lorenzo De Carli, and Drew Davidson

An Encryption System for Securing Physical Signals. . . . . . . . . . . . . . . . . . 211

Yisroel Mirsky, Benjamin Fedidat, and Yoram Haddad

A Cooperative Jamming Game in Wireless Networks Under Uncertainty . . . . 233

Zhifan Xu and Melike Baykal-Gürsoy

SmartSwitch: Efficient Traffic Obfuscation Against Stream Fingerprinting . . . 255

Haipeng Li, Ben Niu, and Boyang Wang

Misreporting Attacks in Software-Defined Networking. . . . . . . . . . . . . . . . . 276

Quinn Burke, Patrick McDaniel, Thomas La Porta, Mingli Yu,
and Ting He

A Study of the Privacy of COVID-19 Contact Tracing Apps . . . . . . . . . . . . 297

Haohuang Wen, Qingchuan Zhao, Zhiqiang Lin, Dong Xuan,
and Ness Shroff

Best-Effort Adversarial Approximation of Black-Box Malware Classifiers . . . 318

Abdullah Ali and Birhanu Eshete

Review Trade: Everything Is Free in Incentivized Review Groups. . . . . . . . . 339

Yubao Zhang, Shuai Hao, and Haining Wang

Integrity: Finding Integer Errors by Targeted Fuzzing . . . . . . . . . . . . . . . . . 360

Yuyang Rong, Peng Chen, and Hao Chen

Improving Robustness of a Popular Probabilistic Clustering Algorithm

Against Insider Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 381
Sayed M. Saghaian N. E., Tom La Porta, Simone Silvestri,
and Patrick McDaniel

Automated Bystander Detection and Anonymization

in Mobile Photography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 402
David Darling, Ang Li, and Qinghua Li

SmartWiFi: Universal and Secure Smart Contract-Enabled WiFi Hotspot . . . . 425

Nikolay Ivanov, Jianzhi Lou, and Qiben Yan

ByPass: Reconsidering the Usability of Password Managers . . . . . . . . . . . . . 446

Elizabeth Stobert, Tina Safaie, Heather Molyneaux,
Mohammad Mannan, and Amr Youssef

Anomaly Detection on Web-User Behaviors Through Deep Learning . . . . . . 467

Jiaping Gui, Zhengzhang Chen, Xiao Yu, Cristian Lumezanu,
and Haifeng Chen
 Contents – Part I xvii

Identity Armour: User Controlled Browser Security. . . . . . . . . . . . . . . . . . . 474

Ross Copeland and Drew Davidson

Connecting Web Event Forecasting with Anomaly Detection: A Case Study

on Enterprise Web Applications Using Self-supervised Neural Networks . . . . 481
Xiaoyong Yuan, Lei Ding, Malek Ben Salem, Xiaolin Li, and Dapeng Wu

Performance Analysis of Elliptic Curves for VoIP Audio Encryption Using

a Softphone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 503
Nilanjan Sen, Ram Dantu, and Mark Thompson

TCNN: Two-Way Convolutional Neural Network for Image Steganalysis . . . 509

Zhili Chen, Baohua Yang, Fuhu Wu, Shuai Ren, and Hong Zhong

PrivyTRAC – Privacy and Security Preserving Contact Tracing System . . . . . 515

Ssu-Hsin Yu

Author Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 527

 A Practical Machine Learning-Based
Framework to Detect DNS Covert
Communication in Enterprises

Ruming Tang1,2 , Cheng Huang3 , Yanti Zhou4 , Haoxian Wu3 , Xianglin Lu1,2 ,
Yongqian Sun5 , Qi Li1,2(B) , Jinjin Li4 , Weiyao Huang4 , Siyuan Sun4 ,
and Dan Pei1,2
1
Tsinghua University, Beijing, China
trm14@mails.tsinghua.edu.cn, {peidan,qli01}@tsinghua.edu.cn
2
Beijing National Research Center for Information Science and Technology
(BNRist), Beijing, China
everl@bupt.edu.cn
3
BizSeer Technologies Co., Ltd., Beijing, China
huangcheng@bizseer.com, MOVIEGEORGE@pku.edu.cn
4
Bank of Communications, Shanghai, China
{zhouyt,lijj,huangweiyao,sunsiyuan}@bankcomm.com
5
Nankai University, Tianjin, China
sunyongqian@nankai.edu.cn

Abstract. DNS is a key protocol of the Internet infrastructure, which

ensures network connectivity. However, DNS suffers from various threats.
In particular, DNS covert communication is one serious threat in enter-
prise networks, by which attackers establish stealthy communications
between internal hosts and remote servers. In this paper, we propose
D 2 C2 (Detection of DNS Covert Communication), a practical and flex-
ible machine learning-based framework to detect DNS covert communi-
cations. D 2 C2 is an end-to-end framework contains modular detection
models including supervised and unsupervised ones, which detect multi-
ple types of threats efficiently and flexibly. We have deployed D 2 C2 in a
large commercial bank with 100 millions of DNS queries per day. During
the deployment, D 2 C2 detected over 4k anomalous DNS communica-
tions per day, achieving high precision over 0.97 on average. It uncovers
a significant number of unnoticed security issues including seven com-
promised hosts in the enterprise network.

Keywords: DNS · Malicious domain detection · Data exfiltration ·

DGA

1 Introduction
As a core infrastructure on the Internet, the Domain Name System (DNS)
is commonly used in all kinds of Internet applications, to translate easy-to-
c ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2020
Published by Springer Nature Switzerland AG 2020. All Rights Reserved
N. Park et al. (Eds.): SecureComm 2020, LNICST 336, pp. 1–21, 2020.
https://doi.org/10.1007/978-3-030-63095-9_1
2 R. Tang et al.

Fig. 1. Examples of (a) normal DNS lookups, (b) DNS-based data exfiltration, and (c)
DNS-based C&C.

recognize domain names into IP addresses. Unfortunately, the DNS system suf-
fers from known vulnerabilities, such as DDoS [27], spoofing [24] and other
exploits [8,30,36]. To defend against these attacks, approaches such as [10,18,24]
have been proposed. Unlike those traditional attacks which target DNS system
itself, DNS covert communication is leveraged to transmit messages cross the
boundary between an enterprise’s LAN (i.e., office network and datacenter) and
the Internet, through DNS messages in a stealthy and unauthorized manner.
However, the defense against DNS covert communication in enterprises is still
not well-studied, and is the focus of this paper.
In enterprises, security tools are commonly deployed to closely monitor the
traffic between the enterprise’s LAN and the Internet to detect serious security
attacks such as data exfiltration (which transmits valuable internal data to the
Internet), command-and-control (C&C) of internal hosts by external attackers,
and so on. However, those data exfiltration and C&C using covert communication
via the DNS traffic [7,8,22,23,28] are still hard to detect.
Figure 1 shows examples of normal DNS lookup and DNS covert communi-
cation. In the normal DNS lookup in Fig. 1(a), a normal host queries its local
DNS server about google.com, and the local DNS server then iteratively queries
DNS root server and .com top-level domain server (both are omitted in the
figure) and relays the response (which indicates the corresponding IP address is
172.217.164.100 ) from the authoritative name server for google.com to the host.
Figure 1(b) shows an example of real point of sale (POS) malware, in which POS
 A Practical Machine Learning-Based Framework 3

malware exfiltrated credit card information in the domain names of the DNS
queries [20]. Such exfiltration incidents (e.g., MULTIGRAIN [20], UDPoS [28])
caused many loss to the users and providers. The compromised host encodes the
stolen credit card information as subdomains in the domain name to be queried,
and when the query arrives at the authoritative name server controlled by the
attacker, the attacker can then easily decode the credit card information from
the queried domain name. Figure 1(c) shows an example of DNS C&C [22] where
a malware-infected host talks to and receives command from its C&C server by
sending a DNS query message to and receiving corresponding DNS response from
the compromised authoritative name server, which is the C&C server. In this
example, the seemingly-random domain name (rohgoruhgsorhugih.nl) queried
are actually dynamically generated by Domain-Generation-Algorithms (DGAs)
and automatically synchronized between the compromised host and the C&C
server [9,13,29,30,35,36].
Therefore, new detection methods are needed to detect these DNS covert
communication because traditional security tools based on blacklists, rules,
signatures cannot enumerate or capture the dynamically changing subdomain
names in the DNS covert communications exemplified in Fig. 1 (b)(c).
Our intuitive idea in detecting DNS covert communication is to apply
machine learning (ML) to capture a suspicious domain based on its features
(see the feature list in Table 2, e.g., the length of the domain). Although this
idea is promising, previous ML-based approaches along this direction have not
been deployed in the real-world enterprises yet, to the best of our knowledge,
due to the following the three challenges.
First, the performance of different ML algorithms might be different for dif-
ferent enterprises because the DNS traffic data distribution might be different.
Furthermore, the machine learning algorithms used in previous works, super-
vised models perform better and are preferred for some kinds of known threat
types, while unsupervised models are more preferred for some unknown but rare
threats. Thus, the algorithms used should be generic and flexible (as opposed to
being fixed) in the detection system. Second, different DNS covert communica-
tion threats might have different patterns, thus previous machine-leaning based
approaches, to the best of our knowledge, so far only focuses on specific types
of such attacks, e.g., [7,8] only detect data exfiltration, and [30] only detects
DGA domains. However, enterprises in the real-world are interested in detect-
ing various attacks, thus are reluctant to deploy the aforementioned piece-meal
approaches that can detect only one type of DNS covert communication. Third,
a practical ML-based detection system needs to have feedback mechanisms to
either add labeled data for re-training in the supervised approaches and/or tune
the parameters in the unsupervised approaches, and also fully utilize (as opposed
to replacing) the traditional DNS security tools such as the domain blacklist.
To tackle the above challenges, in this paper we propose a practical, flexi-
ble and end-to-end ML-based framework, called D 2 C2 (Detecting DNS Covert
Communication), to effectively detect various DNS covert communications in
enterprises by leveraging supervised and unsupervised classifiers trained by var-
4 R. Tang et al.

ious types of features extracted from DNS logs. It is an end-to-end framework

and consists of several modules with an intuitive but efficient workflow, which
is easy to be deployed and maintained in enterprise environments. One flexible
detection module is used to detect all types of covert communication threats
via domain names in DNS traffic. D 2 C2 also uses feedback to take advantage of
manual investigations on alerts to improve detection performance. The results
of detection are aggregated and visualized, for better display for the operators,
to make D 2 C2 more friendly to the users.
In the flexible detection module, modular multiple detection models are used,
including supervised and unsupervised approaches so that, for each type of
threat, the most suitable model (detector) for it can be applied. Based on all
results aggregated from detectors, D 2 C2 is able to reveal covert communication
threats in a comprehensive way. The flexible and modular design of multiple
detectors also makes it very flexible. Each detector can be adjusted easily and
individually for updating or modification, e.g., model tuning or re-training.
Our major contributions can be summarized as follows.

– We propose the first practical, flexible, and end-to-end ML-based framework,

D 2 C2 , which is easy to be deployed in enterprises to detect DNS covert com-
munication threats, to the best of our knowledge.
– We design a modular threat detection component which consists of super-
vised and unsupervised methods in series, and can be modified flexibly and
individually to handle different data distribution in different enterprises.
– We deployed D 2 C2 in a large commercial bank with more than 25K hosts,
detecting more than 100 millions DNS queries per day. D 2 C2 is the first large-
scale deployment of DNS covert communication detection system in the wild,
to the best of our knowledge.
– Based on our evaluation over 5 billion DNS logs, D 2 C2 detected 4k anomalous
logs per day efficiently, and achieved high precision (over 0.97). It uncovered
real covert communication threats in the wild, including 7 compromised hosts
unknown to the operators previously.

2 Background

2.1 Domain Name System

A DNS log contains several important fields: NAME (the queried domain name),
TYPE (A for IPv4 address, CNAME for canonical names, TXT for text records
and etc.), and RDATA (the resource) [21]. For example, the query in Fig. 1(a)
contains the queried name (www.google.com), class (IN ), type (A). The response
log contains the response: RCODE (Response Code), TTL (Time to Live) and
the answer, and the corresponding query. The answer is the IPv4 address(es) for
the queried name. RCODE indicates the condition of the answer, NOERROR
(in this example) means a normal answer, and NXDomain indicates that the
queried name does not exist.
 A Practical Machine Learning-Based Framework 5

Fig. 2. Typical types of DNS external exploits threats.

Although DNS is a fundamental system that many services rely on, some
enterprise operators treat DNS as a “set and forget” infrastructure, and do not
update them from time to time with the latest security mechanisms [17]. For
example, DNSSEC [12] is one security extension of DNS proposed early, but its
adoption is quite slow till recently [10,15]. Some operators may be interested in
the availability of DNS only when DNS servers go wrong.
Figure 2 shows some typical exploits against DNS [17]. Attacks against DNS
infrastructure itself (i.e., DDoS and spoofing) are much easier to be noticed
because it leads to the failures or errors in DNS servers. DDoS (Distributed
Denial of Service) attacks compromise the availability of DNS, and spoofing (to
redirect users to attackers) leads to wrong or unreachable destinations. Besides
these, some attackers take advantage of the lack of monitoring on DNS traffic,
and choose DNS as a channel for covert communication (in bold in Fig. 2), which
is more difficult to notice.

2.2 Covert Communications in DNS Channel

In this paper, we focus on DNS Covert Communication, which is one of the
most important DNS-related threats in enterprise environments, where operators
pay close attention to malicious communication to the Internet. In a covert
communication case, attackers use DNS to establish a communication channel
between compromised hosts and remote servers, without being monitored by
other security measures.
A common attack is to encode data in certain fields in the DNS packet
[8,17,31]. Attackers can simply use the subdomains as payloads, encoding data
into the NAME field like “<encoded...information>.evildomain.com.” as shown
in Fig. 1(b), which is known as data exfiltration. Such encoded data are usually
long strings that are not commonly seen in normal domain names. Some attackers
also use DNS channel to transmit C&C communication between compromised
hosts and remote C&C servers. In this way, the compromised hosts can inform
the attackers of their current status. Figure 1(c) shows an example of a host
querying a C&C domain, which is generated by an algorithm (IRCBot). Obvious
differences can be seen between popular domain names and this domain name,
which contains no recognizable words or abbreviation.
In general, malicious communication through DNS channel can be deter-
mined by two indicators: whether the DNS packets carry malicious payloads or
the hosts connect to malicious destinations. As mentioned before, the domain
Another random document with
no related content on Scribd:
in none of these things, had, on one or two occasions, by the use of
philosophic “myth” replete with more than Socratic irony, described
these beings as playing a part between God and man which might
be tolerantly regarded as not greatly dissimilar from that popularly
assigned to the lesser deities of the Hellenic Olympus.[235] In the
“Statesman,” the creation-myth, to which the Stranger invites the
younger Socrates to give his entire attention, “like a child to a story,”
describes how the Deity himself tended men and was their protector,
while Dæmons had a share, after the manner of shepherds, in the
superintendence of animals according to genera and herds.[236]
Another story which Socrates, in the “Banquet,” says that he heard
from Diotima, that wonderful person who postponed the Athenian
plague for ten years, tells how Eros is a great Dæmon; how
Dæmons are intermediate between gods and mortals; how the race
of Dæmons interpret and transmit to the gods the prayers and
sacrifices of men, and interpret and transmit to men the answers
and commands of the gods.[237] For God, we are told, is not directly
associated with man; but it is through the mediation of the
Dæmons, who are many and various, that all communion and
converse take place between the human and the Divine.
But apart altogether from the philosophic use of Dæmonology,
there are evidences that the belief in Dæmons was held in some sort
of loose combination with the popular polytheistic faith. The Hesiodic
poems were a compendium of early Hellenic theology,[238] and
Hesiod, according to Plutarch himself, was the first to indicate with
clearness and distinctness the existence of four species of rational
beings—gods, dæmons, heroes, and men.[239] In the passage of
Hesiod referred to (Works and Days, 109 sqq.) two kinds of Dæmons
are described. The dwellers in the Golden Age are transformed, after
their sleep-like death on earth, into Terrestrial Dæmons:—

“When earth’s dark breast had closed this race around,

Great Jove as demons raised them from the ground;
Earth-hovering spirits, they their charge began,
 The ministers of good, and guards of man.
Mantled with mist of darkling air they glide,
And compass earth and pass on every side;
And mark, with earnest vigilance of eyes,
Where just deeds live, or crookèd wrongs arise.”[240]
They are virtuous, holy beings, endowed with immortality—“Jove’s
immortal guardians over mortal men.”[241] The races of the Silver
Age become Subterranean powers, blessed beings, but inferior in
honour to the former class, and distinctly described as mortal.[242]
Hesiod says nothing about Evil Dæmons, although the
disappearance of the Brazen Race furnished an opportunity for their
introduction into his scheme of supernatural beings. But once the
existence of beings inferior to the gods in the celestial hierarchy
obtained a recognition in popular tradition, however vague the
recognition might be, the conception would tend to gather strength
and definiteness from the necessity, first expressed by the
philosophers, but doubtless widely spread among the people, of
safeguarding the sanctity of the gods, while at the same time
recognizing the substantial validity of tradition. This tendency would
be also probably aided by the fact that in Homer, as Plutarch points
out, and in the dramatists and prose writers generally, as is well
known, the designations of “gods” and “dæmons” were mutually
interchanged.[243] Plutarch, at all events, who boldly uses the
Dæmons to perform such functions, and to bear the blame for such
actions, as were inappropriate to the divine character, is enabled to
make one of his dramatis personæ—Cleombrotus, the traveller, who
was specially devoted to the study of such matters—assert that “it
can be demonstrated by unexceptionable testimony from antiquity
that there do exist beings of a nature intermediate between that of
God and man, beings subject to mortal passions and liable to
inevitable changes, but whom we must, in accordance with the
established custom of our fathers, regard and invoke as Dæmons,
giving them all due reverence.”[244] It is natural, therefore, in the
light of these indications, to believe that, side by side with the
popular gods, there existed, in the popular imagination, subordinate
beings of two kinds, both described as Dæmons: the first class
comprising the good and benevolent Dæmons of Hesiod, the second
including Dæmons of an evil character and disposition, the belief in
which had developed naturally out of the Hesiodic conception, from
the necessity of fixing the responsibility of evil deeds on supernatural
beings different in nature from the purity and goodness of Deity.[245]
Such a classification of supernatural beings—gods, Dæmons, and
evil Dæmons—could not, of course, be rigidly maintained; the more
the good Dæmons were discriminated from their evil brethren, the
more they would tend to become identified with the gods of the
popular tradition, and the line of demarcation between the divine
and the dæmonic nature would be broken down,[246] Dæmons and
gods would be identified, and the splendour and purity of the
Supreme God of all would shine out more fully when contrasted with
those other gods, who, after all, were only Dæmons. Such, at least,
is the process which appears to be taking place in the numerous
contributions which Plutarch makes to the subject of Dæmonology.
He is evidently a sincere believer in the existence of Dæmons, not a
believer in the Platonic sense, and not a believer merely because he
wishes to come to terms with popular ideas. But the final result, so it
appears to us, is that the popular gods become identified with
Dæmons, and are prepared, even in Pagan times, to take that
position which was assigned to them with such whole-hearted
sincerity by the early Christian Fathers;[247] to become the fiends
and devils and sprites of another dispensation; to aid Saladin in
excluding the Crusaders from the Holy Land; to “drink beer instead
of nectar” as day labourers in German forests; or to shine with a
sinister splendour on the lives of monks and peasants in the rural
districts of France.[248]
Plutarch gives emphatic indications of his own attitude on the
subject by drawing attention to such expressions of the earlier
philosophers as pointed to the recognition of two opposite
descriptions of Dæmons—the virtuous and the vicious. In one place,
as we have seen, he admits that Homer does not distinguish
between the terms “Gods” and “Dæmons,” and in his historical
résumé of Dæmonology in the “Isis and Osiris,”[249] he is compelled
to make a parallel admission that the Homeric epithet derived from
Dæmons is indiscriminately applied to good and bad actions. He
makes this admission, however, the basis of a subtle conclusion to
the effect that Homer wished to imply that the Dæmons had a
confused and ill-defined character, involving the existence of both
good and bad specimens of the race. Nothing definitely
distinguishing between the two sorts of Dæmons is to be obtained
from Plato,[250] and Plutarch accordingly dwells with special
emphasis upon the views of Empedocles and Xenocrates, who
maintained, the one, that Dæmons who had been guilty of sins of
commission or omission were driven about between earth and sky
and sea and sun, until this purifying chastisement restored them to
their natural position in the dæmonic hierarchy;[251] the other, that
certain disgraceful and ill-omened sacrificial observances “are not
properly connected with the worship of the gods or of good
Dæmons,[252] but that there are surrounding us certain beings,
great and potent, but malignant too, and hateful, who rejoice in
such repulsive ceremonies, and are thereby restrained from the
perpetration of greater evils.” Democritus and Chrysippus are
elsewhere quoted as supporters of the same view.[253]
Plutarch, accordingly, faithful to his principle of making Philosophy
Mystagogue to Religion, has obtained from the philosophers a
conviction that there are two kinds of dæmonic beings, two sets of
supernatural characters with attributes inferior to those of the Divine
Nature, and yet superior to those displayed by the human family. It
has already been shown how naturally the good Dæmons would
tend to become identified with the gods: a passage has just been
quoted in which we can see this process of identification taking
place. But Plutarch furnishes still more emphatic testimony to the
necessity of such a consummation.
 The group of philosophers gathered together at Delphi to discuss
the cessation of the oracles have fallen into an argument on the
nature of Dæmons, and certain considerations have been introduced
which indicate a liability to vice and death as inherent in their
nature. This conclusion shocks one of the speakers, but the pious
Cleombrotus wants to know in what respect Dæmons will differ from
gods if they are endowed with immortality and immunity from sin.
[254] It is most significant, however, that the famous and beautiful
story which Cleombrotus tells in support of his belief in the mortality
of Dæmons, the story of the death of “the great Pan,” is actually
concerned with an announcement of the death of one whom the
popular faith accepted as a deity.[255] Demetrius, who had just come
from Britain, near which were many scattered desert islands, some
of them named after Dæmons and heroes, gives an authentic
account of the death of a Dæmon in the island of Anglesea.[256]
Cleombrotus then shows how a belief in the nativity and mortality of
the Dæmons is not unknown in Greek philosophy, “for the Stoics,”
says he, “maintain this view, not only with regard to the Dæmons
but also with regard to the gods—holding one for the Eternal and
Immutable, while regarding the remainder to have been born, and
to be subject to death.”[257] The whole course of the argument,
even though the speakers are represented as unconscious of the
fact, leads to the identification of the popular deities with the
Dæmons. This strain of thought elsewhere loses the unconscious
quality, and becomes as definitely dogmatic as Plutarch’s Academic
bent of mind would allow. In the “Isis and Osiris,” for example, he
argues for the probability of the view which assigns the legends of
these two deities not to gods or men, but to Dæmons;[258] and
proceeds still further to breach the partition wall between the two
natures by introducing into his Dæmonology such legends as have
raised Osiris and Isis, on account of their virtue, from the rank of
good Dæmons to that of the gods,[259] and describes them as
receiving everywhere the combined honours of gods and Dæmons;
and he appropriates the argument to Greek religion by comparing
this promotion to those of Herakles and Dionysus; by identifying Isis
with Proserpine, and subsequently Osiris with Dionysus.[260]
But whatever may have been the views explicitly maintained by
Plutarch in this connexion, it is his constant practice to shift on to
the shoulders of the Dæmons the responsibility for all those legends,
ceremonies, and practices, which, however appropriate and
necessary parts of the national faith they may be, are yet
inconsistent with the qualities rightly attributable to Deity.[261] We
have already noticed his unwillingness to impugn the immutability of
the Creator by regarding His essence as capable of metamorphosis
into the phenomena of the created world.[262] “It is,” says
Ammonius, “the function of some other god to do and suffer these
changes—or, rather, of some Dæmon appointed to direct Nature in
the processes of generation and destruction.” This relationship of the
Dæmons to the supreme power as conceived by philosophy is more
completely stated in the short tract, “De Fato,”[263] where we are
told that (1) there is a first and supreme Providence which is the
intelligence of the First Deity, or, as one may regard it, His
benevolent will towards all creatures, in accordance with which all
divine things universally received the most admirable and perfect
order; (2) the second Providence is that of the second gods, who
move through the sky, by which human affairs are duly ordered,
including those relating to the permanence and preservation of the
various species; (3) the third Providence may properly be regarded
as the superintendence of the Dæmons who are situated near the
earth, observing and directing the actions of men. But, as we have
already noted, this formal distinction between (2) and (3) is not
maintained in practice. Cleombrotus, who knows more about these
things than most people, insists that it is not possible that the gods
could have been pleased with festivals and sacrifices, “at which there
are banquets of raw flesh and victims torn in pieces, as well as
fastings and loud lamentations, and often ‘foul language, mad
shrieks, and tossing of dishevelled hair,’” but that all such dread
observances must have had the object of pacifying the anger of the
mischievous Dæmons.[264] It was not to the gods that human
sacrifices were welcome; it was not Artemis who demanded the
slaughter of Iphigenia;[265] these were the deeds of “fierce and
violent Dæmons,” who also perpetrated those many rapes, and
inflicted those pestilences and famines which are anciently attributed
to the gods. “All the rapes here, and the wanderings there, that are
celebrated in legends and sacred hymns, all the hidings and flights
and servitudes, do not belong to the gods, but represent the
chances and changes incident to the careers of Dæmons.” It was not
“holy Apollo” who was banished from Heaven to serve Admetus;—
but here the speech comes to an end with a rapid change of subject,
as if Cleombrotus shrinks from the assertion that a Dæmon was the
real hero of an episode with which so many beautiful and famous
legends of the “hereditary Faith” were connected. When some of the
most celebrated national myths concerning the gods are assigned to
Dæmons, we are not far away from the identification of the former
with the latter, and the consequent degradation of the gods to the
lower rank. It is true that the various speakers on the subject do
not, in so many words, identify the Dæmons with the gods of the
Mythology.[266] They deprive the gods of many of their attributes,
and give them to the Dæmons; they deprive them of others, and
give them to the One Eternal Deity. It is difficult to see how the
Gods could maintain their existence under this twofold tendency of
deprivation, supported as they might be by formal classifications
which assigned them a superior place. Even the Father of Gods and
Men—the Zeus of Homer—turns his eyes “no very great way ahead
from Troy to Thrace and the nomads of the Danube, but the true
Zeus gazes upon beauteous and becoming transformations in many
worlds.”[267] To contrast the Zeus “of Homer” with the “true” Zeus is
to do little else than to place the former in that subordinate rank
proper not to the Divine, but to the Dæmonic character. Plutarch is
perfectly consistent in applying this method of interpretation to the
gods of other nations no less than to the gods of Greece. In the “Isis
and Osiris,” he inclines to the belief that these great Egyptian Deities
are themselves only Dæmons, although he refuses to dogmatize on
the point, and gives a series of more or less recognized explanations
of the Egyptian myth. He cannot refrain, however, from using so
appropriate an occasion of denouncing the absurdity of the Greeks in
imputing so many terrible actions and qualities to their gods—“For
the legends of Giants and Titans, handed down among the Greeks,
the monstrous deeds of Cronus, the battle between Pytho and
Apollo, the flight of Dionysus, the wanderings of Demeter, fall not
behind the stories told of Osiris and Typhon, and other legends that
one may hear recounted by mythologists without restraint.”[268]
Such, then, is the relation in which the Dæmons stand to the
Divine nature: they are made the scapegoat for everything obscene,
cruel, selfish, traditionally imputed to the gods; and the Supreme
Deity rises more conspicuously lofty for its freedom from everything
that can tend to drag it down to the baseness of human passions.
For Plutarch makes it very clear that it is the human element in
these mixed natures that originates their disorderly appetites.
Although the Dæmons “exceed mankind in strength and capacity,
yet the divine element in their composition is not pure and
unalloyed, inasmuch as it participates in the faculties of the soul and
the sensations of the body, is liable to pleasure and pain, and to
such other conditions as are involved in these vicissitudes of feeling,
and bring disturbance upon all in a greater or less degree.”[269] It is
by virtue of this participation in the “disturbing” elements of human
nature that they are fitted to play that part between God and man
which Plutarch, after Plato, calls the “interpretative” and the
“communicative.”[270] This enables the Dæmons to play a loftier part
than that hitherto assigned them; to respond, in fact, to that
universal craving of humanity for some mediator between their
weakness and the eternal splendour and perfection of the Highest.
The whole question of inspiration and revelation, both oracular and
personal, is bound up with the Dæmonic function, and to both these
spheres of its operation, the public and the private, Plutarch gives
the fullest and most earnest consideration. Previous, therefore, to
discussing this aspect of the Dæmonic character and influence, it will
be necessary to ascertain what were Plutarch’s views on the subject
of inspiration and prophecy, and what was his attitude to that
question of Divination which exercised so great a fascination on the
mind of antiquity.
 CHAPTER VII.
Necessity for a Mediator between God and Man partly met by Oracular Inspiration
—General failure of Oracles in the age of Plutarch—Plutarch’s “Delphian
Essays”—The De Pythiæ Oraculis: nature of Inspiration: oracles not verbally
inspired—The De Defectu Oraculorum—Various explanations of Inspiration—
Plutarch inclines to accept that which assumes an original Divine afflatus
placed under the superintendence of Dæmons, whose activities are subject to
the operation of natural causes.

An age which attempts to reinvigorate its own ethical life by

draughts of inspiration from springs hallowed by their duration from
an immemorial antiquity, will naturally regret that currents, which
once ran full, now flow no longer in their early strength, but have
dwindled to insignificant rills, or are dried up altogether in their
courses. And there is no source of religious inspiration so greatly
held in honour as that which comes from the communication of
mankind with the Divine Being.[271] Visions, dreams, incantations,
inspired writings, omens, and prophecies have been valued as
means of bringing man into communication with God, and as
furnishing an unerring way of indicating the Divine will to humanity.
But it would be difficult to mention any institution or practice having
this ostensible aim which has had such absolute sway over the
minds of those who came within reach of its influence, as the group
of oracles which were celebrated in the ancient Hellenic world. It is
no wonder, therefore, that in the age of Plutarch the present silence
of the oracles was a common topic of speculation, of anxious alarm
to the pious, of ribald sarcasm to the profane. Juvenal[272] satirically
describes the meaner methods which the cessation of the Oracle at
Delphi has imposed upon those who yet wish to peer through the
gloom that hides the future. Lucan laments the loss which his
degenerate time suffers from this cause: “non ullo secula dono
Nostra carent majore Deum, quam Delphica sedes Quod siluit;”[273]
and speculates as to the probable reason for the failure of the
ancient inspiration.[274] That Plutarch should have shown solicitude
on this aspect of the ancient faith is natural, and one cannot but be
grateful that the chances of time have preserved the exhaustive
tracts in which he and his friends are represented as discussing
various questions connected with the inspiration of the Delphic
Oracle, and the manner in which this inspiration was conveyed to
humanity. No extant work gives us so intelligible and natural an
explanation of the significance which oracular institutions possessed
for the ancient world, nor so close an insight into the workings of
the minds of educated men at one of the most important periods of
human history, in face of one of the most interesting and, perhaps,
most appalling of human problems. We have already made copious
quotations from the two tracts in question; we now propose to use
them mainly for the light which they cast on the question of oracular
inspiration. We refer to the tracts known as the “De Pythiæ Oraculis”
and the “De Defectu Oraculorum.” These two tracts (together with
the one entitled the “De Ε apud Delphos”)[275] purport to be reports
of conversations held by philosophical friends and acquaintances of
Plutarch at the shrine of Apollo at Delphi.
The dialogue, briefly called “On the Pythian Responses,” deals, as
the Greek title indicates, with the fact that the Pythia at Delphi no
longer uses verse as the instrument of her inspired utterances. It
takes the form of a conversation in the Delphic temple, between
Philinus, Diogenianus, Theon, Serapion, and Boethus—the first of
whom reports the conversation to his friend Basilocles, who has
grown quite weary of waiting while the rest of the party conduct
Diogenianus, a visitor, on a tour of inspection among the sacred
offerings in the Temple.[276] Philinus[277] tells how “after the
Ciceroni (οἱ περιηγηταὶ) had gone through their wonted programme,
disregarding our requests that they would cut short their formal
narratives and their explanations of most of the inscriptions,” the
conversation had turned by a series of natural gradations from the
interesting objects, that so strongly attracted the attention of
visitors, to the medium through which the oracles of the God had
been conveyed to humanity.[278] Diogenianus had noted that “the
majority of the oracular utterances were crowded with faults of
inelegance and incorrectness, both of composition and metre.”
Serapion, to whom previous reference has been made, and who is
here described as “the poet from Athens,” will not admit the
correctness of this impious indictment.[279] “You are of opinion,
then,” said he, “that, believing these verses to be the work of the
god, we may assert that they are inferior to those of Homer and
Hesiod? Shall we not rather regard them as being the best and most
beautiful of all compositions, and reconstitute, by the standard which
they supply, our own taste and judgment, so long corrupted by an
evil tradition?” Boethus, “the geometrician,” who has lately joined
the Epicureans, uses a neat form of the argumentum ad hominem in
refutation of Serapion, paying him a polished compliment at the
same time.[280] “Your own poems,” says he, “grave, indeed, and
philosophic in matter, are, in power and grace and finish, much more
after the model of Homer and Hesiod than of the Pythia;” and he
gives concise expression to the two opposing mental attitudes in
which questions of this kind are universally approached. “Some will
maintain that the oracles are fine poems because they are the god’s,
others that they cannot be the god’s because they are not fine
poems.” Serapion emphatically re-asserts the former of these two
views, maintaining that “our eyes and our ears are diseased. We
have become accustomed, by long indulgence in luxury and
effeminacy, to regard sweetness as identical with beauty.”[281]
Theon[282] is the exponent of a compromise not unknown in modern
discussions on the “Inspiration of the Scriptures”—“Since these
verses are inferior to those of Homer, it cannot be maintained that
the god is their author. He supplies the primary inspiration to the
prophetess, who gives expression thereto in accordance with her
natural aptitude and capacity. He only suggests the images, and
makes the light of the future shine in her soul.” The conversation
then turns upon certain events which had accompanied, or been
preceded by, portents and wonders happening to statues and other
gifts consecrated in the Temple. On this subject Philinus asserts his
firm belief that “all the sacred offerings at Delphi are specially moved
by divine forethought to the indication of futurity, and that no
fragment of them is dead and irresponsive, but all are filled with
divine power.” Boethus, as a newly converted Epicurean, makes a
mock of this view, this “identification of Apollo with brass and stone,
as if chance were not quite competent to account for such
coincidences,” and he subsequently enlarges his view as follows:
—“What possible condition of temporal affairs, my friend, cannot be
assigned to natural causes? What strange and unexpected event,
occurring by sea or by land, to cities or to individual men, could one
predict without some chance of hitting the mark?[283] Yet you would
hardly call this prediction; it would be merely assertion, or, rather,
the dissemination at random, into the abyss of infinity, of bare words
without any guiding principle leading them to a particular end, words
which, as they wander about, are sometimes met by chance events
which correspond with them.” And Boethus continues to insist that,
though some predictions may have by accident come true, the
original assertions were not the less false on that account. Serapion
admits that this may be true about vague predictions, but maintains
that such detailed prophecies as those he proceeds to quote from
history do not owe their accomplishment to chance.[284]
The attention of the disputants—if these calm and dignified
colloquies can be called disputes—is here again attracted to the
objects of artistic and historical interest surrounding them, among
which the guide takes occasion to point out the place where formerly
had reposed the iron spits dedicated by the courtezan Rhodopis
under the circumstances detailed by Herodotus.[285] Diogenianus
warmly protests against such offerings having ever been admitted
into the Temple, but Serapion draws his attention to the golden
statue of the more notorious Phryne, “that trophy of Greek
incontinence,”—as Crates had called it—and condemns the
inconsistency of these objections in people who see, without a
protest, the temple crowded with offerings made by the Greek cities
for victories in their internecine warfare. “It were fitting,” exclaims
he, “that kings and magistrates should consecrate to the god
offerings of justice, temperance, and magnanimity, and not tributes
of a golden and luxurious wealth, which the most evil livers often
abound in.”[286]
The concluding portion of this somewhat discursive tract is
devoted to a speech by Theon on the question with which the title
only has so far dealt, the cessation of the oracle to use verse.
Theon, as we have seen, believes that the god inspires the thought,
and not the expression, of the Pythia, and his explanation of the
change of medium is purely natural, being based upon the general
tendency towards prose which early became evident in Greek
Literature and Philosophy. Besides, the matters on which the oracle
is now consulted are not such as to require the mystery and
magnificence of verse.[287] “In these cases it would be absurd to
employ the diction, metre, and imagery of poetry, when what is
required is a simple and concise reply. It would be like a vain Sophist
to turn an oracle finely for the sake of show. The Pythian priestess,
moreover, is noble and virtuous in her own character, and when she
mounts the tripod and approaches the god, she is more intent on
truth than appearance, more regardful of the god’s message than of
the praise or blame of men.”[288] “In old days,” continues Theon,
“were not wanting those who accused the oracles of uncertainty and
ambiguity, and there are now those who accuse them of excessive
simplicity. But the ways of such persons are childish and silly: for
just as children take more delight in looking at rainbows and
aureoles and comets than at the sun and moon, so do these desire
enigmas and allegories and metaphors to fill the heart of man with
wonder and mystery. In their ignorance of the true reason of the
change (in the oracle’s mode of expression), they depart, blaming
the god instead of charging the defect to the weakness of our
human intellect, which cannot comprehend the purposes of the
Deity.”[289]
In this defence of the Deity Theon has apparently committed
himself to a view of the manner in which the process of inspiration
takes place. “The body employs many organs, while the soul
employs the body and its parts. The soul, in like manner, is God’s
instrument. Now the virtue of an instrument consists in imitating,
subject to its natural limitations, the power that makes use of it, and
in exhibiting the thought of that power in operation. This it cannot
do to the extent of reproducing the purity and perfection of the
Divine Creator, but its work is mixed with alien matter. The Moon
reproduces the splendour of the Sun, but in a dim and weak form.
These images are representations of the way in which the Pythia
reproduces for the service of mankind the thoughts of God.”[290] We
may be tempted, while reading this explanation, to assert that
Plutarch wishes to maintain that the inspiration of the Pythia by the
Deity is direct. But these illustrations are intended only to explain
why the Pythian verses are not divinely perfect. They come through
a human soul, which has the weakness of an instrument, and is
prevented by its limitations from expressing the purity and beauty of
the divine thought. The manner of this inspiration is more fully
discussed in the following dialogue, the “De Defectu Oraculorum.”
This tract is in the form of a letter addressed to Terentius Priscus,
and although the person speaking as “I” in the dialogue is alluded to
as “Lamprias”[291] by the other speakers, it is clearly Plutarch
himself who is modestly represented under this guise. After a
warning, characteristic of Plutarch both as regards its purport and
the manner in which it is conveyed (by means of a historical
reminiscence), that these questions are not to be tested “like a
painting by the touch,” the writer brings a party of philosophers
together at Delphi “shortly before the Pythian games held under
Callistratus.” Two of these philosophers are already known to us.
Like the eagles or swans of the ancient legend they had met at
Delphi coming from opposite quarters of the globe;[292] Demetrius,
of Tarsus, returning home from Britain, and Cleombrotus, of
Lacedæmon, from prolonged journeyings by land and sea, in Egypt
and the East. Cleombrotus, being possessed of a competence,
employed his means and his leisure in travel, for the purpose of
accumulating evidence to form the basis of that branch of
philosophy whose end and aim, as he expressed it, was Theology.
[293] A preliminary discussion takes place respecting the “everlasting
lamp” which Cleombrotus had been shown in the Temple of Ammon,
a discussion involving abstract consideration of Mathematics and
Astronomy. In this conversation, Plutarch’s three favourite
characters, doubtlessly representing three common types of the day,
are again depicted in the pious belief of Cleombrotus, the scepticism
of Demetrius, and the judicial pose of the Academic Ammonius. The
mention of the Temple of Ammon naturally leads Plutarch to raise
the question of the present silence of that famous oracle.[294]
Demetrius diverts this particular topic into a general inquiry
respecting the comparative failure of oracles all the world over.[295]
Bœotia, for example, once so renowned in this respect, suffers from
an almost total drought of oracular inspiration. While Demetrius is
speaking, the party—Demetrius, Cleombrotus, Ammonius, and
Plutarch—had walked from the shrine towards the “doors of the Hall
of the Cnidians,[296] and,” proceeds Plutarch, “entering therein we
came upon our friends sitting down and waiting for us.” Demetrius
playfully suggests that their listless attitude and idle expression do
not indicate attention to any important subject of discussion; but
Heracleon of Megara retorts sharply upon the grammarian that
people who try to solve trifling questions of grammar and philology
naturally contract their brows and contort their features;[297] but
there are subjects of importance which people discuss with their
eyebrows composed in their natural way. “Such,” amiably replies
Cleombrotus, “such is the subject we now propose to discuss;” and,
the two groups having joined company, he proceeds to explain the
topic to his hearers. His observations excite the cynic Didymus,
surnamed Planetiades, in a remarkable manner.[298] Striking his
cynic’s staff upon the ground, he inveighs against the wickedness of
the times, and wonders that the Divine Providence has not gathered
up its oracles on every side and taken its departure long ago, like
the Aidos and Nemesis of Hesiod. “I would suggest for your
discussion the question why some god has not repeated the feat of
Hercules and shattered the tripod, filled to overflowing, as it has
been, with disgraceful and atheistical requests. Some of us have
questioned the god as if he were a sophist, anxious to show off his
rhetorical skill. Some of us have appealed to him about riches and
treasures; some about legacies; some about unlawful marriages.
Surely Pythagoras was utterly wrong when he said that men were at
their best when approaching the gods. Do we not expose, naked and
unashamed, to the eyes of the god such vices and diseases of the
soul as we should shun mentioning even in the presence of an old
and experienced man?”[299] He was going to add more, when
Heracleon twitched his cloak, “but I,” writes Plutarch, “being on
more familiar terms with him than were the others, said to him, ‘My
dear Planetiades, cease your efforts to provoke a god who is really
amiable and gentle, and who has been, as Pindar says,

“Adjudged exceeding mild to mortal men.”

And whether he is the sun, or lord and father of the sun and of the
whole perceptible world, it is not right to believe that he would
deprive the men of to-day of the help of his utterances, for he is the
author and supporter of our life, and the master of our intelligence.
Nor is it reasonable to suppose that Providence, which, like a kind
and tender mother, has given us all that we possess, should wish to
punish us in one single point alone—by taking away from us that
prophetic aid which was once given to us. Just as if the wicked were
not as numerous when the oracles were firmly established in many
parts of the earth! Sit down again, and, in honour of the Pythian
games, make a truce for once with vice, which you are always eager
to chastise, and help us to find out the cause of the failure of the
oracles.’ The only result of my remarks was that Planetiades went
out-of-doors in silence.[300] After a brief silence, Ammonius turned
to me and said, ‘Come, Lamprias, we must be careful not to deprive
the god of all agency in this matter. For if we maintain that the
cessation of the oracles is due to any other cause than the will of
God, we can hardly escape the conclusion that their foundation also
was not His work. If the prophetic power of the oracles is, indeed,
the work of God, we can imagine no greater or stronger power than
that required to destroy it. Planetiades’ remarks were displeasing to
me, particularly on account of the inconstancy which he attributes to
God in His attitude towards men’s wickedness, now punishing and
now protecting it, as if God were some king or tyrant excluding
vicious men at one door while welcoming and rewarding them at
another. We ought to start with the principle that God’s action is
always marked by an adaptation of means to ends, that He does not
furnish an excess of what is not required, and should then observe
that Greece has shared in a particular degree that general
depopulation which wars and revolutions have effected in all parts of
the world, to such an extent, indeed, that the whole of Greece could
now barely furnish the 3000 hoplites which were Megara’s
contingent to Platæa.[301] If we were to do this we should
accurately display our own judgment; for how could the god leave
his oracles with us for the mere purpose of marking the desolation of
our land? For who would be the better if its ancient oracle were still
left to Tegyra, or at Ptoum, where after searching whole days you
can hardly find a single herdsman tending his cattle? Even this most
ancient and famous oracle at Delphi is related to have been for a
long period reduced to a state of desolation and inaccessibility by a
terrible monster in the shape of a serpent. But this desolation is not
rightly explained. The solitude brought the serpent, not the serpent
the solitude. But when, in the great purpose of God, Greece again
grew strong in its cities, and the land was replenished with mankind,
the temple was served by two priestesses, who took alternate duties
on the tripod, and a third was appointed to be available in case of
emergency. But now there is but one Pythia; and her we find enough
for all our needs. For the prophetic inspiration that yet remains is
sufficient to send all comers away with their requirements satisfied.
Agamemnon employed nine heralds; and even so he was hard put to
it to control the assembly of the Greeks, so numerous it was. But
within a few days you will have an opportunity of observing that one
voice will easily reach the ears of everybody in the Theatre here. In
a similar manner the prophetic influence of the god issued by a
greater number of voices when the population was greater. But as
things at present are, the real cause for astonishment would be that
the god should allow the prophetic agency to waste like water, or his
voice to sound in vain like the cries of shepherds and sheep re-
echoing among the rocky solitudes.’[302] Ammonius ceased, and I
remained silent. But Cleombrotus, turning to me, said: ‘Was it not
you who, just now, maintained that it is the god himself who not
only gives, but also takes away the oracles?’ ‘No, indeed,’ replied I,
‘on the contrary, I assert that the god has taken away neither oracle
nor sacred shrine. But just as the god bestows upon us many other
things which are subject to decay and destruction by natural
processes—or, rather, the original substance, containing a principle
of change and movement in its own nature, often dissolves itself and
reshapes itself without the intervention of the original creator—so in
like manner, I think, the oracles undergo darkenings and declines,
being included in the truth of the statement that the god bestows
many fair gifts on men, but not one of them to last for ever; or, as
Sophocles has it, “the gods immortal are, but not their
works”’”—“The foundation of oracles is rightly assigned to God,”
continues Plutarch, “but the law of their existence and its operation
we must seek for in nature and in matter. For it is nothing but the
most childish folly to look upon God as a sort of ventriloquist: like
the fellows once called Eurycleis and nowadays Pythons, inserting
Himself into the bodies of the prophets, using their mouths and
vocal chords as instruments of His messages. For he who puts God
into this personal contact with human weaknesses and necessities,
sins against His glory, and deprives Him of the excellence and
grandeur of His Virtue.” This strong insistence upon the splendour of
the Divine Nature is, as we know, one of the most characteristic
elements of Plutarch’s philosophy, and, so long as he can preserve
this intact, he is not careful of consistency in his arguments on less
important points of doctrine. We have seen him shrinking in
conversation from too close an identification with Rationalism; and
we are also prepared to find him giving importance to a view which
introduces a supernatural element even into the operation of
secondary causes. Hence Cleombrotus is represented as saying how
difficult it is to draw the line exactly at the direct interposition of
Providence in human affairs; since those who exclude God from
second causes, and those who see Him everywhere, are equally in
error. Hence the pious student of Theology is permitted to give a full
exposition of the doctrines of Dæmonology as applied to the
question of Oracles and Inspiration. “Plato delivered Philosophy from
many difficulties when he discovered Matter as the substratum of
phenomenal qualities; but those who invented the science of
Dæmonology have solved greater difficulties still.” We are already
familiar with the nature and activities of the Dæmons; it remains to
see how their existence is applied to the question under discussion.
“Let us not listen,” says Cleombrotus, “to those who say that oracles
are not divinely inspired, or that religious rites and ceremonies are
disregarded by the gods: nor, on the other hand, let us approve of
the view that God is actively, personally, and directly concerned in
these matters; but let us believe that the Dæmons are
superintendents of, and participators in, the sacred sacrifices and
mysteries, justly assigning these functions to Lieutenants of the
gods, as it were to Servants and Secretaries, while others go about
and punish great and notorious acts of injustice.”[303] This belief, in
the opinion of Cleombrotus, furnishes an explanation of the silent
periods of the oracles. “I am not afraid to say, as many others have
said before me, that when the Dæmons who have been appointed to
administer prophetic shrines and oracles leave them finally, then the
shrines and oracles finally decline. If these guardians flee and go
elsewhither, and then return after a long interval, the oracles, silent
during their absence, become again, as of old, the means of
conveying responses to those who come to consult them.” “But,”
says Demetrius, “it is impossible to assert that the oracles are silent
owing to their desertion by the Dæmons, unless we are first
reassured respecting the method by which the Dæmons, when in
actual superintendence of the oracles, make them actively
inspired.”[304] Plutarch here introduces a rationalistic argument
imputing prophetic inspiration to subterrestrial exhalations, and
draws down upon himself the reproof from Ammonius that he has
followed up the abstraction of Divination from the gods by now
depriving the Dæmons of that power and referring it to “exhalations,
winds, and vapours.” Plutarch, however, though adhering to
Rationalism to the extent of insisting on the operation of secondary
causes, saves his piety by explicitly placing them under the
superintendence of the Dæmons. “There are two causes of
generation: the Zeus of the ancient poets and theologians, and the
physical causes of the natural philosophers. The study of either of
these sets of causes, to the exclusion of the other, leads to defective
philosophy. But he who first made use of both these principles,
combining creative Reason with created Matter, freed us from fear of
criticism either on the ground of impiety or unreason. For we deprive
prophetic inspiration neither of God nor of Reason when we allow as
its material the human soul, and assign as its instrument the
inspiring exhalation.[305] The Earth, indeed, breeds these
exhalations, but he that implants in the earth its tempering and
transforming power—I mean the Sun—is regarded as a god in our
ancestral religion. Then, if we leave the Dæmons as presidents and
attendants and guardians, to secure the due harmonizing of the
various elements of the inspiring exhalation, now slackening and
now tightening it, now restraining its excessive power of phrensy
and confusion, and gently tempering its stimulating force so that it
becomes harmless and painless to those under its influence—if we
adopt these views, we shall be in perfect harmony with reason and
possibility.”[306]
The one thing that is conspicuously evident throughout these
discussions on important questions of Religion is the earnest
sincerity with which they are universally approached. We notice
everywhere that combination of piety with philosophy, which is
characteristic of Plutarch’s own genius, and which appears to be no
less characteristic of the society in which he constantly moves. Even
the Epicurean Boethus, an excellent man with his witty stories and
courtly compliments, finds it somehow in his power to defend the
dignity of the prophetic God against those who would “mix Him up
with every piece of stone or brass,” while those who are most
solicitously inclined to a pious reverence of the ancient faith—
Serapion for a prominent example—never for long forget that spirit
of critical detachment proper to the inquiring philosopher.[307]
“There is no one here present,” says Heracleon,“who is profane and
uninitiated, and holds views of the gods inconsistent with our own;
but we must take care that we ourselves do not unconsciously admit
absurd and far-reaching hypotheses in support of our
arguments.”[308] But it is Plutarch himself who, shunning the
“falsehood of extremes,” most conspicuously represents this spirit of
compromise. It is Theon-Plutarch who finds a middle way between
the views of Boethus and those of Serapion on the subject of
prophecy, and it is Lamprias-Plutarch who, knowing that these things
involve many contentions and are open to numerous contradictions,
combines the belief in an original divine inspiration, with a
recognition of the scientific importance of subsidiary causes, moving
unchecked in the sphere of Nature. “The power of the exhalation
which inspires the Pythia is in truth divine and dæmonic, but it is not
exempt from the operation of causes that bring silence, age, decay
and destruction on all that lives between the earth and moon.”[309]
Plutarch here strikes with clear emphasis a note not out of harmony
with the spirit of modern Theology; and had he pushed this view to
its logical conclusion, as the Epicurean Boethus[310] did, the
Dæmons would have disappeared, and their places would have been
wholly occupied by natural causes operating under the Divine
impetus inspired by the great First Cause. But the necessity for a
personality, human on one aspect, Divine on the other, to stand
between God and man, was too strongly felt by Plutarch to enable
him to accept without qualification the conclusions of pure
rationalism. The blank between the Creator and His creatures is
occupied, therefore, partly by natural causes, partly by the Dæmons,
whose existence and mode of operation are now involved in the
working of natural causes regarded as under their superintendence,
and now appear as supernatural agencies vaguely dependent upon
the will of the Supreme Power.
 CHAPTER VIII.
Sincerity of Plutarch’s belief in Dæmons—Function of the Dæmons as Mediators
not confined to oracular inspiration—Dæmons in their personal relationship
with the human soul—The De Dæmonio Socratis—This tract not a formal
treatise on Demonology—Various explanations of the Socratic “Dæmon”—
Ethical value of the conception of Dæmons as spiritual guardians of individual
men—“Men may rise on stepping-stones of their dead selves to higher
things”—Dangers of the conception—Superstition: Plutarch’s general attitude
towards that Vice.

The evident sincerity of Plutarch’s piety—his attitude of more than

toleration towards everything consecrated by the religious tradition
of his age and country—render it impossible for us to regard his
system of Dæmonology as a mere concession made by Rationalism
to Superstition.[311] But it is not the less clear that Plutarch thinks he
has found in the existence of Dæmons not only a means of
communication between God and man, but a means of reconciliation
between Philosophy and Piety, between Boethus and Serapion. It is
a very happy circumstance for a man’s moral progress when he finds
Religion and Reason in an agreement so plausible; and when Reason
has in some way furnished the very means of agreement—for was it
not Plato himself to whom most people had gone for their
Dæmonology?—the resulting tendency will have the strength of two
harmonizing influences, instead of the halting weakness of a
compromise between two mutually conflicting elements.[312] Plato’s
Dæmonology is a trick of fence: an ironical pose of sympathetic
agreement with popular ideas: but Plutarch does not see this, and
can honestly think himself a Platonist, a philosopher, even on a
question whose settlement demands philosophical concessions all
along the line. It is true that there was one gain for Philosophy
which, in Plutarch’s mind, would compensate for even greater
sacrifices than it was actually called upon to make: the gain, namely,
that each concession to the belief in Dæmons would bring into
greater prominence the pure splendour and naked simplicity of the
idea of God. As God was withdrawn not only from participation in
the ignoble adventures of the Homeric legends, but also from the
direct inspiration of oracular and prophetic phrensy, His character
would become more worthy of the adoration of the Best, while His
omnipotence would be maintained by virtue of the controlling power
exercised by Him over all subordinate powers. The gain for a
philosophic conception of the Deity was so great in this direction,
that we are without surprise in seeing Plutarch proceed still further
on the same path. The Dæmons by their divine alloy come into close
contact with the nature of God: they perform many functions as
interpreters of the Divine Will to humanity. But by virtue of the
human element in their character, they are fitted for assuming a
personal relationship with individual men, and for becoming the
instruments by means of which God enters into those ethical
relations with humanity which we have seen described in the “De
Sera Numinis Vindicta.” The hint for this aspect of their work and
influence Plutarch has found in the Hesiodic people of the golden
age, whose death promoted them to the duty of keeping watch over
the actions of men. We have seen him already develop this hint in
an assertion that the Dæmons, in addition to attending on shrines
and religious ceremonies, are endowed with punitive authority over
great sinners; and the ethical value of the doctrine is enforced in a
passage in which the love of justice, the fear of dishonour, the
adoration of virtue, the amenities and graces of civilized life, are
intimately associated with the belief that good deities and Dæmons
keep a watch upon our career.[313] This belief in an intimate
personal relation between men and Dæmons received its most
notorious expression in the famous philosophic tradition of the
Dæmon of Socrates, and it is naturally in a tract with this title that
we have the fullest information respecting Plutarch’s view of the
personal connexion between Dæmons and men. The essay, “On the
Dæmon of Socrates,” does not, however, contain an exhaustive and
scientific discussion of this interesting aspect of Theology similar to
that given by Apuleius in his tract with the same designation. At first
we find ourselves plunged into the midst of a most dramatically told
piece of history—the famous Return of the Theban Exiles under
Pelopidas after the treacherous seizure of the Cadmea by the
Spartans. In the pauses of the plot the Thebans—averse from such
studies as their character is supposed to have been—discourse on
these high questions of religious philosophy, and one would almost
guess that Plutarch’s subsidiary intention was to indicate, by the
broken character of the discussion, the difficulty of attaining to a
complete and final view of the subject. Various rational and
supernatural explanations of the well-known Socratic expression are
suggested, explanations which vary in harmony with the different
types of character, or mental attitude, already familiar in Plutarch.
Galaxidorus takes the extreme rationalistic view. He rebukes
Philosophy for promising to pursue scientific methods in the
investigation of “the Good and the Expedient,” and then, in contempt
of Reason, falling back upon the gods as principles of action, thus
relying on dreams instead of demonstrations.[314] He thinks the
Dæmon of Socrates was nothing but the “last straw” which inclines,
in one direction or the other, a man whose close and experienced
study of every aspect of the case has not enabled him to come to a
practical decision. A sneeze might be the grain which turned the
balance. Phidolaus will not allow so “great a phenomenon of
prophetic inspiration” to be explained by a sneeze, a method of
divination which “is only jestingly used by common people in small
matters.”[315] A statement of Simmias to the effect that he had
heard Socrates often inveighing against those who asserted they had
seen a divine vision, while he always listened sympathetically to
those who said they had heard a voice, leads to a general surmise
that the Dæmon may have been “not an apparition, but the
perception of a voice or the interpretation of a word, which had
occurred to him under extraordinary circumstances, just as in a
dream there is no actual voice, but we have fancies and notions of
words, and imagine that we can hear people speaking.”[316]
Archidamas, who is narrating the dialogue and its events to
Caphisias, here expounds his own views on the subject in the light of
the foregoing explanation. He thinks that the voice, or the
perception of a voice, which influenced Socrates, was the speech of
a Dæmon, who, without the intermediation of audible sound, made
this direct appeal to the mind of the pure and passionless sage;[317]
it was the influence of a superior intelligence and of a diviner soul,
operating upon the soul of Socrates, whose calm and holy temper
fitted him “to hear this spiritual speech which, though filling all the
air around, is only heard by those whose souls are freed from
passion, and its perturbing influence.”[318] Here we have the
extreme religious view placed, as usual, in contrast with the sceptical
rationalism of Galaxidorus, which has also been indirectly opposed
by a narrative of the events, involving the hearing of a Dæmonic
voice, connected with the death and burial of a Pythagorean
philosopher, Lysis, from which it appears that the Pythagoreans
believed that a few men only were under the guardian care of the
Dæmons.[319] These two opposing views having been fully
expounded by their respective defenders, we should now expect the
dialogue to be concluded, in the usual manner of Plutarch, with a
compromise between the rationalistic and the religious attitudes. But
on this occasion we are disappointed. Plutarch abandons the rôle of
rationalist and gives himself up entirely to the view of Dæmonic
influence expounded by Archidamas, taking Myth for his guide again
whither Philosophy refuses to go. He is careful, however, as in the
parallel case in the “De Sera Numinis Vindicta,” at once to still the
suspicion of the philosopher and to put the pious reader on his
guard, by suggesting a contrast between Myth and Reason before
entering on the narrative, a warning which is strongly emphasized by
the fact that even Theocritus, “the Soothsayer,” can only claim for
Myth, that it is not to be depended upon for scientific accuracy, but
only sometimes comes in contact with Truth.[320] The Myth in this
case describes the experiences in the Cave of Trophonius of the
young philosopher Timarchus, a friend of Socrates, who desired to
ascertain the true nature of the “Dæmon” of that great man. The
story is told with considerable beauty of imagery, an example of
Plutarch’s skill in which we have already seen in the similar story of
Thespesius of Soli. The soul of the philosopher leaves his body
through the sutures of the cranium. In the subterranean regions he
stays two nights and a day, receiving from an invisible spirit much
information concerning the afterworld and the beings who inhabit it.
The main object of the story seems to be to establish and elucidate
the ethical value of the doctrine of Dæmonology, while at the same
time we note that a mystical significance now begins to be attached
to certain principles long the topic of discussion in the schools.
Timarchus is informed by the invisible spirit that there are four
principles which operate throughout the universe: the first of Life,
the second of Motion, the third of Generation, the fourth of
Corruption. The sphere of Life is united to the sphere of Motion by
the Monad in the world of invisibility; the sphere of Motion is united
to the sphere of Generation by Nous in the Sun; the sphere of
Generation is united to the sphere of Corruption by Nature in the
Moon. Over each of these unions a Fate presides. The other
“islands” are peopled by gods: but the Moon is inhabited by
Epichthonian Dæmons, being raised only a little above Styx, which is
“the way to Hell.”[321] Styx periodically seizes upon many of these
souls in the Moon, and they are swallowed up in Hell. Other souls, at
the end of their participation in the life of generation, are received
into the Moon from below, except such as are “polluted and
unpurified,” these being driven away from her by thunder and
lightning to undergo another period of generation. As in the myth of
Thespesius, there is a chasm through which the souls pass and
repass to and from the life of earth. “What,” asks Timarchus, “are
these stars that dart about the chasm, some descending into its
depths, others arising from it?” “These are Dæmons,” he is told; and
we can only conclude that they are identical with the souls already
described as inhabiting the Moon. These Dæmons are incarnated in
mankind. Some are altogether dominated by the passions and
appetites of the body, others enter into it only partly, retaining the
purest portion of their substance unmingled with the human frame.
“It is not dragged down, but floats above the top of the head of a
man, who is, as it were, sinking in the depths, but whose soul is
supported by the connexion so long as it is submissive to this
influence, and is not controlled by its bodily passions. The part
beneath the waves in the body is called the soul; but the eternal,
uncorrupted part is called the mind, by those who think it is within
the body.—Those who rightly judge, know it to be outside, and
describe it as a Dæmon.” The point of this narrative is emphasized
by Theanor, who expresses his belief that “there are very few men
whom God honours by addressing his commands directly to them.
The souls of such men, freed from the domination of passion and
earthly desires, become Dæmons, who act as guardian angels to
certain men, whose long-continued struggles after the good excite
their attention, and at last obtain their assistance.” Each of these
Dæmons loves to help the soul confided to its care, and to save it by
its inspirations. The soul who adheres to the Dæmon, and listens to
its warnings, attains a happy ending; those who refuse to obey are
abandoned by it, and may expect no happiness.[322] “The connexion
which attaches the Dæmon to the soul is, as it were, a restraint
upon the irrational part thereof. When Reason pulls the chain it gives
rise to repentance for the sins which the soul has committed under
the influence of passion, shame for illicit and immoderate
indulgences, and finally produces a tendency to submit in quiet
patience to the better influence of the Dæmon. The condition of
absolute submission does not come all at once, but those who have
been obedient to their Dæmon from the very beginning constitute
the class of prophets and god-inspired men.” The Dæmons have
here assigned to them a protective care of humanity; they assist the
souls who struggle after goodness, and desert those who refuse to
obey their injunctions. A few good men, specially honoured by the
deity, may themselves become Dæmons, and act as guardian angels
to others. Plutarch repeats this view more systematically elsewhere,
giving it a more general application. “It is maintained by some that
... just as water is perceived to be produced from earth, from water,
air, and from air, fire, in a constantly ascending process, so also the
better souls undergo a transformation from men to heroes, from
heroes to dæmons, and from dæmons, some few souls, being
purified through prolonged practice of virtue, are brought to a
participation in the divine nature itself.”[323]
This examination of the story of Timarchus lends a strong support
to the statement already made respecting Plutarch’s use of myth. In
the “De Sera Numinis Vindicta” we saw that he could not accept as a
subject of rational demonstration the theory of rewards and
punishments in a future life; but so convinced is he of the ethical
value of that belief that he has recourse to a most solemn myth,
which he clearly hopes will operate for goodness through the
imagination if not through the intellect. The myth embodied in the
“De Dæmonio Socratis” has a similar origin and an identical aim.
How important to a man in his efforts after Goodness to know that
he is under the observation of a Being whose half-human, half-divine
nature, fits him equally to feel sympathy and administer aid! That is
an aspect of Plutarch’s teaching which requires no emphasis to-
day.... With the Plutarchean doctrine of Dæmons is also involved the
sublimely moral notion of eternal endeavour after a higher and more
perfect goodness. The human being who earnestly strives to be
good within the limits of his present opportunities will have a larger
sphere of activity thrown open to him as a Dæmon in the Afterworld.
The human soul transfigured into the strength and splendour of this
higher nature has work to perform which may develop such qualities
as will bring their owner into closer proximity with the Highest
Divine. The doctrine of Dæmons, as expounded by Plutarch, involves
the profound moral truth that there is no limit to the perfectibility of
human nature; and we can surely forgive much that is irrational and
fantastic in a scheme which embodies so effective an inspiration to
goodness.[324]
But the value and moral dignity of any principle depend upon the
method of its interpretation and application. That sense of personal
dependence upon a benevolent supernatural power which Plutarch
associates with the teachings of Dæmonology may be identical with
the purest and loftiest religion, or may degenerate into the meanest
and most degrading superstition, according to its development in the
mind of the individual believer. If this intercourse is regarded as
spiritual only, the communion of soul with soul in the “sessions of
sweet, silent thought,” high religious possibilities issue which no form
of faith can dispense with. Any attempt to degrade this intercourse
to material ends, or to appeal to it through material channels,
involves recourse to magical rites, and superstitious practices of the
grossest description. It is necessary, too, that even where there is no
recourse to materialistic avenues of access to the spiritual world, the
mind should cultivate a belief in the benevolence of the Higher
Powers so that it may maintain a rational dignity and fearlessness in
its communion with them. Plutarch is aware of these clangers. He
knows that Dæmonology, and even Theology, may involve
Superstition, and he takes pains to close those avenues to its
approach, which a misunderstanding of the subject, a mistaken
mental attitude towards it, may easily throw widely open. He seldom
misses an opportunity of inculcating the proper attitude of mind to
assume in face of questions of Religion, or of placing such questions
in an atmosphere of clear and rational daylight, which is equally
unlike the dim gloom of Superstition, and the blinding glare of
Atheism. In a word, he continues to make Reason his Mystagogue to
Religion. Polemically, as against the Epicureans, he is inclined to
argue that Atheism is an unmixed evil, since it deprives mankind of
Hope, Courage, and Pleasure, and leaves us no refuge in God from
the sorrows and troubles of life.[325] He adds that Superstition
should be removed as a dimming rheum from before our eyes; but,
if that is impossible, we must not knock the eye out for the sake of
removing the rheum, or turn the sight of Faith to the blindness of
Atheism in order to destroy false ideas of the Deity. Although he
admits that there are some men for whom it is best to be in fear of
God; although he knows that a much greater number combine with
their honour and worship of the Deity a certain superstitious fear
and dread of Him; yet he insists most strongly that these feelings
are totally eclipsed by the hope and joy that attend their communion
with God.[326] He draws a beautiful picture of the happiness