{"id":"https://openalex.org/W132412525","doi":"https://doi.org/10.1007/978-3-642-30054-7_13","title":"Detecting Stealthy Backdoors with Association Rule Mining","display_name":"Detecting Stealthy Backdoors with Association Rule Mining","publication_year":2012,"publication_date":"2012-01-01","ids":{"openalex":"https://openalex.org/W132412525","doi":"https://doi.org/10.1007/978-3-642-30054-7_13","mag":"132412525"},"language":"en","primary_location":{"id":"doi:10.1007/978-3-642-30054-7_13","is_oa":true,"landing_page_url":"https://doi.org/10.1007/978-3-642-30054-7_13","pdf_url":"https://link.springer.com/content/pdf/10.1007/978-3-642-30054-7_13.pdf","source":{"id":"https://openalex.org/S106296714","display_name":"Lecture notes in computer science","issn_l":"0302-9743","issn":["0302-9743","1611-3349"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"book series"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Lecture Notes in Computer Science","raw_type":"book-chapter"},"type":"book-chapter","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"bronze","oa_url":"https://link.springer.com/content/pdf/10.1007/978-3-642-30054-7_13.pdf","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5010916706","display_name":"Stefan Hommes","orcid":"https://orcid.org/0000-0003-4451-8576"},"institutions":[{"id":"https://openalex.org/I186903577","display_name":"University of Luxembourg","ror":"https://ror.org/036x5ad56","country_code":"LU","type":"education","lineage":["https://openalex.org/I186903577"]}],"countries":["LU"],"is_corresponding":true,"raw_author_name":"Stefan Hommes","raw_affiliation_strings":["SnT, University of Luxembourg, 6, rue R. Coudenhove-Kalergi, L-1359, Luxembourg"],"affiliations":[{"raw_affiliation_string":"SnT, University of Luxembourg, 6, rue R. Coudenhove-Kalergi, L-1359, Luxembourg","institution_ids":["https://openalex.org/I186903577"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5069228908","display_name":"Radu State","orcid":"https://orcid.org/0000-0002-4751-9577"},"institutions":[{"id":"https://openalex.org/I186903577","display_name":"University of Luxembourg","ror":"https://ror.org/036x5ad56","country_code":"LU","type":"education","lineage":["https://openalex.org/I186903577"]}],"countries":["LU"],"is_corresponding":false,"raw_author_name":"Radu State","raw_affiliation_strings":["SnT, University of Luxembourg, 6, rue R. Coudenhove-Kalergi, L-1359, Luxembourg"],"affiliations":[{"raw_affiliation_string":"SnT, University of Luxembourg, 6, rue R. Coudenhove-Kalergi, L-1359, Luxembourg","institution_ids":["https://openalex.org/I186903577"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5009071576","display_name":"Thomas Engel","orcid":"https://orcid.org/0000-0002-7374-3927"},"institutions":[{"id":"https://openalex.org/I186903577","display_name":"University of Luxembourg","ror":"https://ror.org/036x5ad56","country_code":"LU","type":"education","lineage":["https://openalex.org/I186903577"]}],"countries":["LU"],"is_corresponding":false,"raw_author_name":"Thomas Engel","raw_affiliation_strings":["SnT, University of Luxembourg, 6, rue R. Coudenhove-Kalergi, L-1359, Luxembourg"],"affiliations":[{"raw_affiliation_string":"SnT, University of Luxembourg, 6, rue R. Coudenhove-Kalergi, L-1359, Luxembourg","institution_ids":["https://openalex.org/I186903577"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5010916706"],"corresponding_institution_ids":["https://openalex.org/I186903577"],"apc_list":{"value":5000,"currency":"EUR","value_usd":5392},"apc_paid":null,"fwci":1.2032,"has_fulltext":true,"cited_by_count":2,"citation_normalized_percentile":{"value":0.77472004,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":94,"max":96},"biblio":{"volume":null,"issue":null,"first_page":"161","last_page":"171"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9957000017166138,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10538","display_name":"Data Mining Algorithms and Applications","score":0.9945999979972839,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/backdoor","display_name":"Backdoor","score":0.971387505531311},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8222303986549377},{"id":"https://openalex.org/keywords/leverage","display_name":"Leverage (statistics)","score":0.656134307384491},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.5953657627105713},{"id":"https://openalex.org/keywords/association-rule-learning","display_name":"Association rule learning","score":0.5643871426582336},{"id":"https://openalex.org/keywords/port","display_name":"Port (circuit theory)","score":0.5294313430786133},{"id":"https://openalex.org/keywords/rare-events","display_name":"Rare events","score":0.49018150568008423},{"id":"https://openalex.org/keywords/sequence","display_name":"Sequence (biology)","score":0.4461195468902588},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.4187396168708801},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.34402796626091003},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.34249913692474365},{"id":"https://openalex.org/keywords/theoretical-computer-science","display_name":"Theoretical computer science","score":0.32045114040374756},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.21892774105072021}],"concepts":[{"id":"https://openalex.org/C2781045450","wikidata":"https://www.wikidata.org/wiki/Q254569","display_name":"Backdoor","level":2,"score":0.971387505531311},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8222303986549377},{"id":"https://openalex.org/C153083717","wikidata":"https://www.wikidata.org/wiki/Q6535263","display_name":"Leverage (statistics)","level":2,"score":0.656134307384491},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.5953657627105713},{"id":"https://openalex.org/C193524817","wikidata":"https://www.wikidata.org/wiki/Q386780","display_name":"Association rule learning","level":2,"score":0.5643871426582336},{"id":"https://openalex.org/C32802771","wikidata":"https://www.wikidata.org/wiki/Q2443617","display_name":"Port (circuit theory)","level":2,"score":0.5294313430786133},{"id":"https://openalex.org/C2777317252","wikidata":"https://www.wikidata.org/wiki/Q18393516","display_name":"Rare events","level":2,"score":0.49018150568008423},{"id":"https://openalex.org/C2778112365","wikidata":"https://www.wikidata.org/wiki/Q3511065","display_name":"Sequence (biology)","level":2,"score":0.4461195468902588},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.4187396168708801},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.34402796626091003},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.34249913692474365},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.32045114040374756},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.21892774105072021},{"id":"https://openalex.org/C105795698","wikidata":"https://www.wikidata.org/wiki/Q12483","display_name":"Statistics","level":1,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.0},{"id":"https://openalex.org/C54355233","wikidata":"https://www.wikidata.org/wiki/Q7162","display_name":"Genetics","level":1,"score":0.0},{"id":"https://openalex.org/C119599485","wikidata":"https://www.wikidata.org/wiki/Q43035","display_name":"Electrical engineering","level":1,"score":0.0}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1007/978-3-642-30054-7_13","is_oa":true,"landing_page_url":"https://doi.org/10.1007/978-3-642-30054-7_13","pdf_url":"https://link.springer.com/content/pdf/10.1007/978-3-642-30054-7_13.pdf","source":{"id":"https://openalex.org/S106296714","display_name":"Lecture notes in computer science","issn_l":"0302-9743","issn":["0302-9743","1611-3349"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"book series"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Lecture Notes in Computer Science","raw_type":"book-chapter"},{"id":"pmh:oai:HAL:hal-01531956v1","is_oa":true,"landing_page_url":"https://inria.hal.science/hal-01531956","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"11th International Networking Conference (NETWORKING), May 2012, Prague, Czech Republic. pp.161-171, &#x27E8;10.1007/978-3-642-30054-7_13&#x27E9;","raw_type":"Conference papers"},{"id":"pmh:oai:orbilu.uni.lu:10993/7679","is_oa":false,"landing_page_url":"https://orbilu.uni.lu/handle/10993/7679","pdf_url":null,"source":{"id":"https://openalex.org/S4306401815","display_name":"Open Repository and Bibliography (University of Luxembourg)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I186903577","host_organization_name":"University of Luxembourg","host_organization_lineage":["https://openalex.org/I186903577"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"IFIP Networking 2012, 161-171 (2012); Networking, Prague, Czechia [CZ], 2012","raw_type":"peer reviewed"}],"best_oa_location":{"id":"doi:10.1007/978-3-642-30054-7_13","is_oa":true,"landing_page_url":"https://doi.org/10.1007/978-3-642-30054-7_13","pdf_url":"https://link.springer.com/content/pdf/10.1007/978-3-642-30054-7_13.pdf","source":{"id":"https://openalex.org/S106296714","display_name":"Lecture notes in computer science","issn_l":"0302-9743","issn":["0302-9743","1611-3349"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"book series"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Lecture Notes in Computer Science","raw_type":"book-chapter"},"sustainable_development_goals":[{"score":0.47999998927116394,"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[{"id":"https://openalex.org/F4320321038","display_name":"Fonds National de la Recherche Luxembourg","ror":"https://ror.org/039z13y21"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W132412525.pdf","grobid_xml":"https://content.openalex.org/works/W132412525.grobid-xml"},"referenced_works_count":15,"referenced_works":["https://openalex.org/W1527422375","https://openalex.org/W1744212210","https://openalex.org/W1965702297","https://openalex.org/W2000106226","https://openalex.org/W2026562765","https://openalex.org/W2095979141","https://openalex.org/W2112198484","https://openalex.org/W2113898611","https://openalex.org/W2141405654","https://openalex.org/W2147191819","https://openalex.org/W2166559705","https://openalex.org/W2222807470","https://openalex.org/W2749706176","https://openalex.org/W2998574808","https://openalex.org/W3010548695"],"related_works":["https://openalex.org/W4320031223","https://openalex.org/W4200629851","https://openalex.org/W4281902577","https://openalex.org/W4309417370","https://openalex.org/W4292107232","https://openalex.org/W3009072493","https://openalex.org/W4386080799","https://openalex.org/W3140988292","https://openalex.org/W4317672133","https://openalex.org/W4386185023"],"abstract_inverted_index":{"In":[0],"this":[1],"paper":[2],"we":[3],"describe":[4],"a":[5,10,25,28,87,116,125],"practical":[6],"approach":[7],"for":[8,108],"detecting":[9],"class":[11],"of":[12,40,64,82,89,96,100,118],"backdoor":[13,26],"communication":[14],"channel":[15],"that":[16,106],"relies":[17],"on":[18,27,132],"port":[19,42,47,109],"knocking":[20,110],"in":[21],"order":[22],"to":[23,79,115],"activate":[24],"remote":[29],"compromised":[30],"system.":[31],"Detecting":[32],"such":[33],"activation":[34],"sequences":[35,43,81,111],"is":[36,92,102],"extremely":[37],"challenging":[38],"because":[39,63],"varying":[41],"and":[44,66,127,135],"easily":[45],"modifiable":[46],"values.":[48],"Simple":[49],"signature-based":[50],"approaches":[51],"are":[52],"not":[53,61],"appropriate,":[54],"whilst":[55],"more":[56],"advanced":[57],"statistics-based":[58],"testing":[59],"will":[60],"work":[62],"missing":[65],"incomplete":[67],"data.":[68],"We":[69,104,122],"leverage":[70],"techniques":[71],"derived":[72],"from":[73],"the":[74,93],"data":[75],"mining":[76],"community":[77],"designed":[78],"detect":[80],"rare":[83,90,120],"events.":[84],"Simply":[85],"stated,":[86],"sequence":[88],"events":[91],"joint":[94],"occurrence":[95],"several":[97],"events,":[98],"each":[99],"which":[101],"rare.":[103],"show":[105,128],"searching":[107],"can":[112],"be":[113],"reduced":[114],"problem":[117],"finding":[119],"associations.":[121],"have":[123],"implemented":[124],"prototype":[126],"some":[129],"experimental":[130],"results":[131],"its":[133],"performance":[134],"underlying":[136],"functioning.":[137]},"counts_by_year":[{"year":2014,"cited_by_count":2}],"updated_date":"2026-04-04T16:13:02.066488","created_date":"2025-10-10T00:00:00"}