{"id":"https://openalex.org/W2119662014","doi":"https://doi.org/10.1007/978-3-642-30633-4_13","title":"Real-Time and Resilient Intrusion Detection: A Flow-Based Approach","display_name":"Real-Time and Resilient Intrusion Detection: A Flow-Based Approach","publication_year":2012,"publication_date":"2012-01-01","ids":{"openalex":"https://openalex.org/W2119662014","doi":"https://doi.org/10.1007/978-3-642-30633-4_13","mag":"2119662014"},"language":"en","primary_location":{"id":"doi:10.1007/978-3-642-30633-4_13","is_oa":false,"landing_page_url":"https://doi.org/10.1007/978-3-642-30633-4_13","pdf_url":null,"source":{"id":"https://openalex.org/S106296714","display_name":"Lecture notes in computer science","issn_l":"0302-9743","issn":["0302-9743","1611-3349"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"book series"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Lecture Notes in Computer Science","raw_type":"book-chapter"},"type":"book-chapter","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://ris.utwente.nl/ws/files/5319040/aims2012_phd_2.pdf","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5087439261","display_name":"Rick Hofstede","orcid":null},"institutions":[{"id":"https://openalex.org/I94624287","display_name":"University of Twente","ror":"https://ror.org/006hf6230","country_code":"NL","type":"education","lineage":["https://openalex.org/I94624287"]}],"countries":["NL"],"is_corresponding":true,"raw_author_name":"Rick Hofstede","raw_affiliation_strings":["Design and Analysis of Communication Systems (DACS), University of Twente, Enschede, The Netherlands"],"affiliations":[{"raw_affiliation_string":"Design and Analysis of Communication Systems (DACS), University of Twente, Enschede, The Netherlands","institution_ids":["https://openalex.org/I94624287"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5067140003","display_name":"Aiko Pras","orcid":"https://orcid.org/0000-0002-5091-8608"},"institutions":[{"id":"https://openalex.org/I94624287","display_name":"University of Twente","ror":"https://ror.org/006hf6230","country_code":"NL","type":"education","lineage":["https://openalex.org/I94624287"]}],"countries":["NL"],"is_corresponding":false,"raw_author_name":"Aiko Pras","raw_affiliation_strings":["Design and Analysis of Communication Systems (DACS), University of Twente, Enschede, The Netherlands"],"affiliations":[{"raw_affiliation_string":"Design and Analysis of Communication Systems (DACS), University of Twente, Enschede, The Netherlands","institution_ids":["https://openalex.org/I94624287"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5087439261"],"corresponding_institution_ids":["https://openalex.org/I94624287"],"apc_list":{"value":5000,"currency":"EUR","value_usd":5392},"apc_paid":null,"fwci":3.0134,"has_fulltext":true,"cited_by_count":9,"citation_normalized_percentile":{"value":0.91596138,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":97},"biblio":{"volume":null,"issue":null,"first_page":"109","last_page":"112"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12326","display_name":"Network Packet Processing and Optimization","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.8587862253189087},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8405657410621643},{"id":"https://openalex.org/keywords/netflow","display_name":"NetFlow","score":0.8115463852882385},{"id":"https://openalex.org/keywords/network-packet","display_name":"Network packet","score":0.6049756407737732},{"id":"https://openalex.org/keywords/host-based-intrusion-detection-system","display_name":"Host-based intrusion detection system","score":0.5299806594848633},{"id":"https://openalex.org/keywords/anomaly-based-intrusion-detection-system","display_name":"Anomaly-based intrusion detection system","score":0.4754619002342224},{"id":"https://openalex.org/keywords/flow","display_name":"Flow (mathematics)","score":0.47186630964279175},{"id":"https://openalex.org/keywords/real-time-computing","display_name":"Real-time computing","score":0.4320458471775055},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.346160888671875},{"id":"https://openalex.org/keywords/intrusion-prevention-system","display_name":"Intrusion prevention system","score":0.3320878744125366},{"id":"https://openalex.org/keywords/distributed-computing","display_name":"Distributed computing","score":0.3277580440044403},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.2921707034111023}],"concepts":[{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.8587862253189087},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8405657410621643},{"id":"https://openalex.org/C188067584","wikidata":"https://www.wikidata.org/wiki/Q219363","display_name":"NetFlow","level":2,"score":0.8115463852882385},{"id":"https://openalex.org/C158379750","wikidata":"https://www.wikidata.org/wiki/Q214111","display_name":"Network packet","level":2,"score":0.6049756407737732},{"id":"https://openalex.org/C90936777","wikidata":"https://www.wikidata.org/wiki/Q917189","display_name":"Host-based intrusion detection system","level":4,"score":0.5299806594848633},{"id":"https://openalex.org/C137524506","wikidata":"https://www.wikidata.org/wiki/Q2247688","display_name":"Anomaly-based intrusion detection system","level":3,"score":0.4754619002342224},{"id":"https://openalex.org/C38349280","wikidata":"https://www.wikidata.org/wiki/Q1434290","display_name":"Flow (mathematics)","level":2,"score":0.47186630964279175},{"id":"https://openalex.org/C79403827","wikidata":"https://www.wikidata.org/wiki/Q3988","display_name":"Real-time computing","level":1,"score":0.4320458471775055},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.346160888671875},{"id":"https://openalex.org/C27061796","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion prevention system","level":3,"score":0.3320878744125366},{"id":"https://openalex.org/C120314980","wikidata":"https://www.wikidata.org/wiki/Q180634","display_name":"Distributed computing","level":1,"score":0.3277580440044403},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.2921707034111023},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0},{"id":"https://openalex.org/C2524010","wikidata":"https://www.wikidata.org/wiki/Q8087","display_name":"Geometry","level":1,"score":0.0}],"mesh":[],"locations_count":4,"locations":[{"id":"doi:10.1007/978-3-642-30633-4_13","is_oa":false,"landing_page_url":"https://doi.org/10.1007/978-3-642-30633-4_13","pdf_url":null,"source":{"id":"https://openalex.org/S106296714","display_name":"Lecture notes in computer science","issn_l":"0302-9743","issn":["0302-9743","1611-3349"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"book series"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Lecture Notes in Computer Science","raw_type":"book-chapter"},{"id":"pmh:oai:ris.utwente.nl:publications/165080cb-f9a0-42dd-8c9a-7041c3c06af7","is_oa":true,"landing_page_url":"https://research.utwente.nl/en/publications/165080cb-f9a0-42dd-8c9a-7041c3c06af7","pdf_url":"https://ris.utwente.nl/ws/files/5319040/aims2012_phd_2.pdf","source":{"id":"https://openalex.org/S4406922991","display_name":"University of Twente Research Information","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Hofstede, R J & Pras, A 2012, Real-Time and Resilient Intrusion Detection: A Flow-Based Approach. in Proceedings of the 6th International Conference on Autonomous Infrastructure, Management, and Security (AIMS 2012). Lecture Notes in Computer Science, vol. 7279, Springer, Berlin, pp. 109-112. https://doi.org/10.1007/978-3-642-30633-4_13","raw_type":"info:eu-repo/semantics/publishedVersion"},{"id":"pmh:oai:HAL:hal-01529793v1","is_oa":true,"landing_page_url":"https://inria.hal.science/hal-01529793","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"6th International Conference on Autonomous Infrastructure (AIMS), Jun 2012, Luxembourg, Luxembourg. pp.109-112, &#x27E8;10.1007/978-3-642-30633-4_13&#x27E9;","raw_type":"Conference papers"},{"id":"pmh:oai:ris.utwente.nl:publications/6dfe71b2-0de1-4fa1-84c9-606282b439eb","is_oa":false,"landing_page_url":"https://tnc2012.terena.org/core/poster/21","pdf_url":null,"source":{"id":"https://openalex.org/S4406922991","display_name":"University of Twente Research Information","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":""}],"best_oa_location":{"id":"pmh:oai:ris.utwente.nl:publications/165080cb-f9a0-42dd-8c9a-7041c3c06af7","is_oa":true,"landing_page_url":"https://research.utwente.nl/en/publications/165080cb-f9a0-42dd-8c9a-7041c3c06af7","pdf_url":"https://ris.utwente.nl/ws/files/5319040/aims2012_phd_2.pdf","source":{"id":"https://openalex.org/S4406922991","display_name":"University of Twente Research Information","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Hofstede, R J & Pras, A 2012, Real-Time and Resilient Intrusion Detection: A Flow-Based Approach. in Proceedings of the 6th International Conference on Autonomous Infrastructure, Management, and Security (AIMS 2012). Lecture Notes in Computer Science, vol. 7279, Springer, Berlin, pp. 109-112. https://doi.org/10.1007/978-3-642-30633-4_13","raw_type":"info:eu-repo/semantics/publishedVersion"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W2119662014.pdf","grobid_xml":"https://content.openalex.org/works/W2119662014.grobid-xml"},"referenced_works_count":12,"referenced_works":["https://openalex.org/W40890042","https://openalex.org/W1891111920","https://openalex.org/W1974918169","https://openalex.org/W2078191206","https://openalex.org/W2131605042","https://openalex.org/W2157955210","https://openalex.org/W2171331105","https://openalex.org/W2190687780","https://openalex.org/W2260663092","https://openalex.org/W2260798440","https://openalex.org/W4205324726","https://openalex.org/W4238844397"],"related_works":["https://openalex.org/W2357468538","https://openalex.org/W3148526535","https://openalex.org/W2374614522","https://openalex.org/W2359460876","https://openalex.org/W2350900992","https://openalex.org/W2394461323","https://openalex.org/W3140688961","https://openalex.org/W2355007334","https://openalex.org/W1807418813","https://openalex.org/W2228468079"],"abstract_inverted_index":{"Flow-based":[0],"intrusion":[1,35,75],"detection":[2,36,54],"will":[3,104],"play":[4],"an":[5],"important":[6],"role":[7],"in":[8,81,99],"high-speed":[9],"networks,":[10],"due":[11,57],"to":[12,38,48,58,78,84,106],"the":[13,41,59],"stringent":[14],"performance":[15],"requirements":[16],"of":[17,55,61,90],"packet-based":[18],"solutions.":[19],"Flow":[20],"monitoring":[21,64,93],"technologies,":[22],"such":[23],"as":[24],"NetFlow":[25],"or":[26],"IPFIX,":[27],"aggregate":[28],"individual":[29],"packets":[30],"into":[31],"flows,":[32],"requiring":[33],"new":[34],"algorithms":[37,45],"deal":[39],"with":[40],"aggregated":[42],"data.":[43],"These":[44],"are":[46],"subject":[47],"constraints":[49],"on":[50,92],"real-time":[51],"and":[52,83,103],"accurate":[53],"intrusions,":[56],"nature":[60],"current":[62],"flow":[63],"technologies.":[65],"In":[66],"this":[67],"paper,":[68],"we":[69],"propose":[70],"a":[71,107],"framework":[72],"for":[73],"flow-based":[74],"detection,":[76],"aiming":[77],"detect":[79],"intrusions":[80],"real-time,":[82],"be":[85],"resilient":[86],"against":[87],"negative":[88],"effects":[89],"attacks":[91],"systems.":[94],"This":[95],"research":[96],"is":[97],"still":[98],"its":[100],"initial":[101],"phase":[102],"contribute":[105],"Ph.D.":[108],"thesis":[109],"after":[110],"four":[111],"years.":[112]},"counts_by_year":[{"year":2021,"cited_by_count":1},{"year":2017,"cited_by_count":1},{"year":2016,"cited_by_count":2},{"year":2015,"cited_by_count":3},{"year":2013,"cited_by_count":2}],"updated_date":"2026-03-20T23:20:44.827607","created_date":"2025-10-10T00:00:00"}