{"id":"https://openalex.org/W3006136675","doi":"https://doi.org/10.1007/978-3-030-58201-2_17","title":"Zeek-Osquery: Host-Network Correlation for Advanced Monitoring and Intrusion Detection","display_name":"Zeek-Osquery: Host-Network Correlation for Advanced Monitoring and Intrusion Detection","publication_year":2020,"publication_date":"2020-01-01","ids":{"openalex":"https://openalex.org/W3006136675","doi":"https://doi.org/10.1007/978-3-030-58201-2_17","mag":"3006136675"},"language":"en","primary_location":{"id":"doi:10.1007/978-3-030-58201-2_17","is_oa":false,"landing_page_url":"https://doi.org/10.1007/978-3-030-58201-2_17","pdf_url":null,"source":{"id":"https://openalex.org/S4210185096","display_name":"IFIP advances in information and communication technology","issn_l":"1868-422X","issn":["1868-422X","1868-4238"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"book series"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IFIP Advances in Information and Communication Technology","raw_type":"book-chapter"},"type":"book-chapter","indexed_in":["arxiv","crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://arxiv.org/pdf/2002.04547","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5087551982","display_name":"Steffen Haas","orcid":null},"institutions":[{"id":"https://openalex.org/I159176309","display_name":"Universit\u00e4t Hamburg","ror":"https://ror.org/00g30e956","country_code":"DE","type":"education","lineage":["https://openalex.org/I159176309"]}],"countries":["DE"],"is_corresponding":true,"raw_author_name":"Steffen Haas","raw_affiliation_strings":["Universit\u00e4t Hamburg, Hamburg, Germany","UHH - Universit\u00e4t Hamburg (Germany)"],"affiliations":[{"raw_affiliation_string":"Universit\u00e4t Hamburg, Hamburg, Germany","institution_ids":["https://openalex.org/I159176309"]},{"raw_affiliation_string":"UHH - Universit\u00e4t Hamburg (Germany)","institution_ids":["https://openalex.org/I159176309"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5015612893","display_name":"Robin Sommer","orcid":null},"institutions":[{"id":"https://openalex.org/I4210156008","display_name":"HealthInsight","ror":"https://ror.org/05cewnq61","country_code":"US","type":"nonprofit","lineage":["https://openalex.org/I4210156008"]},{"id":"https://openalex.org/I1301653859","display_name":"nLIGHT (United States)","ror":"https://ror.org/01se7j361","country_code":"US","type":"company","lineage":["https://openalex.org/I1301653859"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Robin Sommer","raw_affiliation_strings":["Corelight, Inc., San Francisco, USA","Corelight (22 4th St Floor 6, San Francisco, CA 94103, \u00c9tats-Unis - United States)"],"affiliations":[{"raw_affiliation_string":"Corelight, Inc., San Francisco, USA","institution_ids":["https://openalex.org/I4210156008"]},{"raw_affiliation_string":"Corelight (22 4th St Floor 6, San Francisco, CA 94103, \u00c9tats-Unis - United States)","institution_ids":["https://openalex.org/I1301653859"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5033270363","display_name":"Mathias Fischer","orcid":"https://orcid.org/0000-0002-6254-8288"},"institutions":[{"id":"https://openalex.org/I159176309","display_name":"Universit\u00e4t Hamburg","ror":"https://ror.org/00g30e956","country_code":"DE","type":"education","lineage":["https://openalex.org/I159176309"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Mathias Fischer","raw_affiliation_strings":["Universit\u00e4t Hamburg, Hamburg, Germany","UHH - Universit\u00e4t Hamburg (Germany)"],"affiliations":[{"raw_affiliation_string":"Universit\u00e4t Hamburg, Hamburg, Germany","institution_ids":["https://openalex.org/I159176309"]},{"raw_affiliation_string":"UHH - Universit\u00e4t Hamburg (Germany)","institution_ids":["https://openalex.org/I159176309"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5087551982"],"corresponding_institution_ids":["https://openalex.org/I159176309"],"apc_list":null,"apc_paid":null,"fwci":9.1697,"has_fulltext":false,"cited_by_count":26,"citation_normalized_percentile":{"value":0.98198493,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":96,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"248","last_page":"262"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/host","display_name":"Host (biology)","score":0.818831205368042},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.7827771902084351},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7529435157775879},{"id":"https://openalex.org/keywords/scripting-language","display_name":"Scripting language","score":0.5565742254257202},{"id":"https://openalex.org/keywords/software-deployment","display_name":"Software deployment","score":0.5206369757652283},{"id":"https://openalex.org/keywords/visibility","display_name":"Visibility","score":0.49072539806365967},{"id":"https://openalex.org/keywords/botnet","display_name":"Botnet","score":0.4598430395126343},{"id":"https://openalex.org/keywords/encryption","display_name":"Encryption","score":0.45590633153915405},{"id":"https://openalex.org/keywords/network-security","display_name":"Network security","score":0.4458497166633606},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.4434862732887268},{"id":"https://openalex.org/keywords/network-monitoring","display_name":"Network monitoring","score":0.43896815180778503},{"id":"https://openalex.org/keywords/scope","display_name":"Scope (computer science)","score":0.4150688052177429},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.39147159457206726},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.32447493076324463},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.16848242282867432},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.09387317299842834}],"concepts":[{"id":"https://openalex.org/C126831891","wikidata":"https://www.wikidata.org/wiki/Q221673","display_name":"Host (biology)","level":2,"score":0.818831205368042},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.7827771902084351},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7529435157775879},{"id":"https://openalex.org/C61423126","wikidata":"https://www.wikidata.org/wiki/Q187432","display_name":"Scripting language","level":2,"score":0.5565742254257202},{"id":"https://openalex.org/C105339364","wikidata":"https://www.wikidata.org/wiki/Q2297740","display_name":"Software deployment","level":2,"score":0.5206369757652283},{"id":"https://openalex.org/C123403432","wikidata":"https://www.wikidata.org/wiki/Q654068","display_name":"Visibility","level":2,"score":0.49072539806365967},{"id":"https://openalex.org/C22735295","wikidata":"https://www.wikidata.org/wiki/Q317671","display_name":"Botnet","level":3,"score":0.4598430395126343},{"id":"https://openalex.org/C148730421","wikidata":"https://www.wikidata.org/wiki/Q141090","display_name":"Encryption","level":2,"score":0.45590633153915405},{"id":"https://openalex.org/C182590292","wikidata":"https://www.wikidata.org/wiki/Q989632","display_name":"Network security","level":2,"score":0.4458497166633606},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.4434862732887268},{"id":"https://openalex.org/C81877898","wikidata":"https://www.wikidata.org/wiki/Q1965787","display_name":"Network monitoring","level":2,"score":0.43896815180778503},{"id":"https://openalex.org/C2778012447","wikidata":"https://www.wikidata.org/wiki/Q1034415","display_name":"Scope (computer science)","level":2,"score":0.4150688052177429},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.39147159457206726},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.32447493076324463},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.16848242282867432},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.09387317299842834},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C120665830","wikidata":"https://www.wikidata.org/wiki/Q14620","display_name":"Optics","level":1,"score":0.0},{"id":"https://openalex.org/C18903297","wikidata":"https://www.wikidata.org/wiki/Q7150","display_name":"Ecology","level":1,"score":0.0}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1007/978-3-030-58201-2_17","is_oa":false,"landing_page_url":"https://doi.org/10.1007/978-3-030-58201-2_17","pdf_url":null,"source":{"id":"https://openalex.org/S4210185096","display_name":"IFIP advances in information and communication technology","issn_l":"1868-422X","issn":["1868-422X","1868-4238"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"book series"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IFIP Advances in Information and Communication Technology","raw_type":"book-chapter"},{"id":"pmh:oai:arXiv.org:2002.04547","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2002.04547","pdf_url":"https://arxiv.org/pdf/2002.04547","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},{"id":"pmh:oai:HAL:hal-03440828v1","is_oa":true,"landing_page_url":"https://inria.hal.science/hal-03440828","pdf_url":null,"source":{"id":"https://openalex.org/S4306402512","display_name":"HAL (Le Centre pour la Communication Scientifique Directe)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I1294671590","host_organization_name":"Centre National de la Recherche Scientifique","host_organization_lineage":["https://openalex.org/I1294671590"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"35th IFIP International Conference on ICT Systems Security and Privacy Protection (SEC), Sep 2020, Maribor, Slovenia. pp.248-262, &#x27E8;10.1007/978-3-030-58201-2_17&#x27E9;","raw_type":"Conference papers"}],"best_oa_location":{"id":"pmh:oai:arXiv.org:2002.04547","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2002.04547","pdf_url":"https://arxiv.org/pdf/2002.04547","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16","score":0.4300000071525574}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":20,"referenced_works":["https://openalex.org/W47175211","https://openalex.org/W1444906800","https://openalex.org/W1516506771","https://openalex.org/W1541939527","https://openalex.org/W1581408521","https://openalex.org/W1772700132","https://openalex.org/W1992705187","https://openalex.org/W2006508099","https://openalex.org/W2077121139","https://openalex.org/W2126107976","https://openalex.org/W2170313477","https://openalex.org/W2295705535","https://openalex.org/W2579106964","https://openalex.org/W2591278480","https://openalex.org/W2900713154","https://openalex.org/W2902478145","https://openalex.org/W2946001656","https://openalex.org/W2967841957","https://openalex.org/W4225591807","https://openalex.org/W4245671428"],"related_works":["https://openalex.org/W2061466315","https://openalex.org/W2376886931","https://openalex.org/W1992118813","https://openalex.org/W2010561419","https://openalex.org/W2374845301","https://openalex.org/W2351448539","https://openalex.org/W1977863481","https://openalex.org/W2384741105","https://openalex.org/W1495178644","https://openalex.org/W2185594426"],"abstract_inverted_index":null,"counts_by_year":[{"year":2025,"cited_by_count":7},{"year":2024,"cited_by_count":3},{"year":2023,"cited_by_count":3},{"year":2022,"cited_by_count":9},{"year":2021,"cited_by_count":4}],"updated_date":"2026-03-20T23:20:44.827607","created_date":"2020-02-24T00:00:00"}