{"id":"https://openalex.org/W3047988770","doi":"https://doi.org/10.1109/access.2020.3014619","title":"ARBA: Anomaly and Reputation Based Approach for Detecting Infected IoT Devices","display_name":"ARBA: Anomaly and Reputation Based Approach for Detecting Infected IoT Devices","publication_year":2020,"publication_date":"2020-01-01","ids":{"openalex":"https://openalex.org/W3047988770","doi":"https://doi.org/10.1109/access.2020.3014619","mag":"3047988770"},"language":"en","primary_location":{"id":"doi:10.1109/access.2020.3014619","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2020.3014619","pdf_url":"https://ieeexplore.ieee.org/ielx7/6287639/8948470/09160931.pdf","source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://ieeexplore.ieee.org/ielx7/6287639/8948470/09160931.pdf","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5090919089","display_name":"Gilad Rosenthal","orcid":"https://orcid.org/0000-0002-0933-1338"},"institutions":[{"id":"https://openalex.org/I124227911","display_name":"Ben-Gurion University of the Negev","ror":"https://ror.org/05tkyf982","country_code":"IL","type":"education","lineage":["https://openalex.org/I124227911"]}],"countries":["IL"],"is_corresponding":false,"raw_author_name":"Gilad Rosenthal","raw_affiliation_strings":["School of Electrical and Computer Engineering, Ben-Gurion University of the Negev, Be\u2019er Sheva, Israel","School of Electrical and Computer Engineering, Ben-Gurion University of the Negev, Be'er Sheva, Israel"],"raw_orcid":"https://orcid.org/0000-0002-0933-1338","affiliations":[{"raw_affiliation_string":"School of Electrical and Computer Engineering, Ben-Gurion University of the Negev, Be\u2019er Sheva, Israel","institution_ids":["https://openalex.org/I124227911"]},{"raw_affiliation_string":"School of Electrical and Computer Engineering, Ben-Gurion University of the Negev, Be'er Sheva, Israel","institution_ids":["https://openalex.org/I124227911"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5066302005","display_name":"Ofir Erets Kdosha","orcid":"https://orcid.org/0000-0001-6028-6723"},"institutions":[{"id":"https://openalex.org/I124227911","display_name":"Ben-Gurion University of the Negev","ror":"https://ror.org/05tkyf982","country_code":"IL","type":"education","lineage":["https://openalex.org/I124227911"]}],"countries":["IL"],"is_corresponding":false,"raw_author_name":"Ofir Erets Kdosha","raw_affiliation_strings":["School of Electrical and Computer Engineering, Ben-Gurion University of the Negev, Be\u2019er Sheva, Israel","School of Electrical and Computer Engineering, Ben-Gurion University of the Negev, Be'er Sheva, Israel"],"raw_orcid":"https://orcid.org/0000-0001-6028-6723","affiliations":[{"raw_affiliation_string":"School of Electrical and Computer Engineering, Ben-Gurion University of the Negev, Be\u2019er Sheva, Israel","institution_ids":["https://openalex.org/I124227911"]},{"raw_affiliation_string":"School of Electrical and Computer Engineering, Ben-Gurion University of the Negev, Be'er Sheva, Israel","institution_ids":["https://openalex.org/I124227911"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5066085947","display_name":"Kobi Cohen","orcid":"https://orcid.org/0000-0003-0532-009X"},"institutions":[{"id":"https://openalex.org/I124227911","display_name":"Ben-Gurion University of the Negev","ror":"https://ror.org/05tkyf982","country_code":"IL","type":"education","lineage":["https://openalex.org/I124227911"]}],"countries":["IL"],"is_corresponding":false,"raw_author_name":"Kobi Cohen","raw_affiliation_strings":["School of Electrical and Computer Engineering, Ben-Gurion University of the Negev, Be\u2019er Sheva, Israel","School of Electrical and Computer Engineering, Ben-Gurion University of the Negev, Be'er Sheva, Israel"],"raw_orcid":"https://orcid.org/0000-0003-0532-009X","affiliations":[{"raw_affiliation_string":"School of Electrical and Computer Engineering, Ben-Gurion University of the Negev, Be\u2019er Sheva, Israel","institution_ids":["https://openalex.org/I124227911"]},{"raw_affiliation_string":"School of Electrical and Computer Engineering, Ben-Gurion University of the Negev, Be'er Sheva, Israel","institution_ids":["https://openalex.org/I124227911"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5067977927","display_name":"Alon Freund","orcid":"https://orcid.org/0000-0002-9768-7018"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Alon Freund","raw_affiliation_strings":["IBM Cyber Security Center of Excellence, Be\u2019er Sheva, Israel","IBM Cyber Security Center of Excellence, Be'er Sheva, Israel"],"raw_orcid":"https://orcid.org/0000-0002-9768-7018","affiliations":[{"raw_affiliation_string":"IBM Cyber Security Center of Excellence, Be\u2019er Sheva, Israel","institution_ids":[]},{"raw_affiliation_string":"IBM Cyber Security Center of Excellence, Be'er Sheva, Israel","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5033762600","display_name":"Avishay Bartik","orcid":"https://orcid.org/0000-0002-0454-4043"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Avishay Bartik","raw_affiliation_strings":["IBM Cyber Security Center of Excellence, Be\u2019er Sheva, Israel","IBM Cyber Security Center of Excellence, Be'er Sheva, Israel"],"raw_orcid":"https://orcid.org/0000-0002-0454-4043","affiliations":[{"raw_affiliation_string":"IBM Cyber Security Center of Excellence, Be\u2019er Sheva, Israel","institution_ids":[]},{"raw_affiliation_string":"IBM Cyber Security Center of Excellence, Be'er Sheva, Israel","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5019238211","display_name":"Aviv Ron","orcid":"https://orcid.org/0000-0002-5936-973X"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Aviv Ron","raw_affiliation_strings":["IBM Cyber Security Center of Excellence, Be\u2019er Sheva, Israel","IBM Cyber Security Center of Excellence, Be'er Sheva, Israel"],"raw_orcid":"https://orcid.org/0000-0002-5936-973X","affiliations":[{"raw_affiliation_string":"IBM Cyber Security Center of Excellence, Be\u2019er Sheva, Israel","institution_ids":[]},{"raw_affiliation_string":"IBM Cyber Security Center of Excellence, Be'er Sheva, Israel","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":{"value":1850,"currency":"USD","value_usd":1850},"apc_paid":{"value":1850,"currency":"USD","value_usd":1850},"fwci":1.1345,"has_fulltext":true,"cited_by_count":11,"citation_normalized_percentile":{"value":0.80351247,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":94,"max":97},"biblio":{"volume":"8","issue":null,"first_page":"145751","last_page":"145767"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8502130508422852},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.7160353660583496},{"id":"https://openalex.org/keywords/domain-name-system","display_name":"Domain Name System","score":0.6120266318321228},{"id":"https://openalex.org/keywords/server","display_name":"Server","score":0.5112802982330322},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.508986234664917},{"id":"https://openalex.org/keywords/host","display_name":"Host (biology)","score":0.47597235441207886},{"id":"https://openalex.org/keywords/protocol","display_name":"Protocol (science)","score":0.43584689497947693},{"id":"https://openalex.org/keywords/ibm","display_name":"IBM","score":0.41164273023605347},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.3837851881980896},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.3809420168399811},{"id":"https://openalex.org/keywords/distributed-computing","display_name":"Distributed computing","score":0.323020875453949},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.22535604238510132},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.14973369240760803}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8502130508422852},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.7160353660583496},{"id":"https://openalex.org/C35026560","wikidata":"https://www.wikidata.org/wiki/Q8767","display_name":"Domain Name System","level":3,"score":0.6120266318321228},{"id":"https://openalex.org/C93996380","wikidata":"https://www.wikidata.org/wiki/Q44127","display_name":"Server","level":2,"score":0.5112802982330322},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.508986234664917},{"id":"https://openalex.org/C126831891","wikidata":"https://www.wikidata.org/wiki/Q221673","display_name":"Host (biology)","level":2,"score":0.47597235441207886},{"id":"https://openalex.org/C2780385302","wikidata":"https://www.wikidata.org/wiki/Q367158","display_name":"Protocol (science)","level":3,"score":0.43584689497947693},{"id":"https://openalex.org/C70388272","wikidata":"https://www.wikidata.org/wiki/Q5968558","display_name":"IBM","level":2,"score":0.41164273023605347},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.3837851881980896},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3809420168399811},{"id":"https://openalex.org/C120314980","wikidata":"https://www.wikidata.org/wiki/Q180634","display_name":"Distributed computing","level":1,"score":0.323020875453949},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.22535604238510132},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.14973369240760803},{"id":"https://openalex.org/C171250308","wikidata":"https://www.wikidata.org/wiki/Q11468","display_name":"Nanotechnology","level":1,"score":0.0},{"id":"https://openalex.org/C18903297","wikidata":"https://www.wikidata.org/wiki/Q7150","display_name":"Ecology","level":1,"score":0.0},{"id":"https://openalex.org/C192562407","wikidata":"https://www.wikidata.org/wiki/Q228736","display_name":"Materials science","level":0,"score":0.0},{"id":"https://openalex.org/C204787440","wikidata":"https://www.wikidata.org/wiki/Q188504","display_name":"Alternative medicine","level":2,"score":0.0},{"id":"https://openalex.org/C142724271","wikidata":"https://www.wikidata.org/wiki/Q7208","display_name":"Pathology","level":1,"score":0.0},{"id":"https://openalex.org/C71924100","wikidata":"https://www.wikidata.org/wiki/Q11190","display_name":"Medicine","level":0,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/access.2020.3014619","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2020.3014619","pdf_url":"https://ieeexplore.ieee.org/ielx7/6287639/8948470/09160931.pdf","source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},{"id":"pmh:oai:doaj.org/article:2c9564d22fd94b3a8be76b93651e39cf","is_oa":true,"landing_page_url":"https://doaj.org/article/2c9564d22fd94b3a8be76b93651e39cf","pdf_url":null,"source":{"id":"https://openalex.org/S4306401280","display_name":"DOAJ (DOAJ: Directory of Open Access Journals)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by-sa","license_id":"https://openalex.org/licenses/cc-by-sa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"IEEE Access, Vol 8, Pp 145751-145767 (2020)","raw_type":"article"}],"best_oa_location":{"id":"doi:10.1109/access.2020.3014619","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2020.3014619","pdf_url":"https://ieeexplore.ieee.org/ielx7/6287639/8948470/09160931.pdf","source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"sustainable_development_goals":[{"score":0.4399999976158142,"id":"https://metadata.un.org/sdg/9","display_name":"Industry, innovation and infrastructure"}],"awards":[],"funders":[{"id":"https://openalex.org/F4320323051","display_name":"Ben-Gurion University of the Negev","ror":"https://ror.org/05tkyf982"},{"id":"https://openalex.org/F4320336203","display_name":"Cyber Security Research Center, Ben-Gurion University of the Negev","ror":null}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W3047988770.pdf","grobid_xml":"https://content.openalex.org/works/W3047988770.grobid-xml"},"referenced_works_count":59,"referenced_works":["https://openalex.org/W155384935","https://openalex.org/W1479710165","https://openalex.org/W1520571120","https://openalex.org/W1550514379","https://openalex.org/W1565377632","https://openalex.org/W1595868485","https://openalex.org/W1883521032","https://openalex.org/W1887449239","https://openalex.org/W1978470213","https://openalex.org/W1978972543","https://openalex.org/W2003116136","https://openalex.org/W2009033060","https://openalex.org/W2050692567","https://openalex.org/W2070495730","https://openalex.org/W2076028002","https://openalex.org/W2082167858","https://openalex.org/W2084274161","https://openalex.org/W2101737524","https://openalex.org/W2111619626","https://openalex.org/W2122941797","https://openalex.org/W2139587494","https://openalex.org/W2168248885","https://openalex.org/W2191989567","https://openalex.org/W2239778906","https://openalex.org/W2294798173","https://openalex.org/W2296719434","https://openalex.org/W2528500008","https://openalex.org/W2546365070","https://openalex.org/W2564705125","https://openalex.org/W2743681928","https://openalex.org/W2768718335","https://openalex.org/W2783229742","https://openalex.org/W2794890550","https://openalex.org/W2796812987","https://openalex.org/W2797742547","https://openalex.org/W2804240301","https://openalex.org/W2808012850","https://openalex.org/W2889547652","https://openalex.org/W2904027722","https://openalex.org/W2907376671","https://openalex.org/W2911964244","https://openalex.org/W2912755644","https://openalex.org/W2941141808","https://openalex.org/W2945910721","https://openalex.org/W2951694401","https://openalex.org/W2962940036","https://openalex.org/W2963379686","https://openalex.org/W2972478609","https://openalex.org/W2975453956","https://openalex.org/W2986276296","https://openalex.org/W2990730058","https://openalex.org/W3014294420","https://openalex.org/W3105750153","https://openalex.org/W4237332204","https://openalex.org/W6606342502","https://openalex.org/W6632893704","https://openalex.org/W6639502241","https://openalex.org/W6671366592","https://openalex.org/W6817563333"],"related_works":["https://openalex.org/W3126131865","https://openalex.org/W2183899684","https://openalex.org/W4253186488","https://openalex.org/W2044344400","https://openalex.org/W2054545906","https://openalex.org/W2065991182","https://openalex.org/W2948569047","https://openalex.org/W596534943","https://openalex.org/W2784818382","https://openalex.org/W3214913819"],"abstract_inverted_index":{"Today,":[0],"cyber":[1],"attacks":[2,17],"are":[3,63,72,79],"constantly":[4],"evolving":[5],"and":[6,69,87,115,131,149,165,178,187,230],"changing,":[7],"which":[8,78,205],"makes":[9],"them":[10],"harder":[11],"to":[12,65,81,138,192],"detect.":[13],"In":[14,34,124],"particular,":[15],"detecting":[16,40,211],"in":[18,143,157,168,182,210,214,236],"large-scale":[19,144],"networks":[20],"is":[21,174,206],"very":[22],"challenging":[23],"because":[24,109],"they":[25,110],"require":[26,198],"high":[27],"detection":[28],"rates":[29],"under":[30],"real-time":[31,170,180,238],"resource":[32],"constraints.":[33],"this":[35,125],"paper,":[36],"we":[37,133],"focus":[38],"on":[39,220],"infected":[41,140,212],"Internet":[42],"of":[43,75,94,106,120,184,207],"Things":[44],"(IoT)":[45],"hosts":[46,91,142,213],"from":[47,225],"domain":[48,166],"name":[49],"system":[50],"(DNS)":[51],"traffic":[52,201],"data.":[53],"IoT":[54,90,141],"hosts,":[55],"such":[56],"as":[57,118],"streaming":[58,223],"cameras,":[59],"printers,":[60],"air":[61],"conditioners,":[62],"hard":[64],"protect,":[66],"unlike":[67],"PCs":[68],"servers.":[70],"Enterprises":[71],"often":[73],"unaware":[74],"the":[76,82,95,112,232],"devices":[77],"connected":[80],"network,":[83],"their":[84,121],"types,":[85],"makes,":[86],"vulnerabilities.":[88],"Since":[89],"make":[92],"use":[93],"DNS":[96,99,113,145],"protocol,":[97],"analyzing":[98],"data":[100,224],"can":[101],"give":[102],"a":[103,135,159,169,199,237],"broad":[104],"view":[105],"malicious":[107],"activities,":[108],"abuse":[111],"protocol":[114],"leave":[116],"fingerprints":[117],"part":[119],"attack":[122],"vector.":[123],"collaborative":[126],"research":[127,217],"between":[128],"Ben-Gurion":[129],"University,":[130],"IBM,":[132],"establish":[134],"novel":[136],"algorithm":[137],"detect":[139],"traffic,":[146,229],"named":[147],"Anomaly":[148],"Reputation":[150],"Based":[151],"Algorithm":[152],"(ARBA).":[153],"Its":[154],"novelty":[155],"resides":[156],"developing":[158],"framework":[160],"that":[161],"combines":[162],"host":[163],"classification":[164],"reputation":[167],"production":[171,239],"environment.":[172,240],"ARBA":[173],"highly":[175],"computational":[176,188],"efficient":[177],"meets":[179],"requirements":[181],"terms":[183],"run":[185],"time":[186],"complexity.":[189],"By":[190],"contrast":[191],"existing":[193],"algorithms,":[194],"it":[195],"does":[196],"not":[197],"massive":[200],"volume":[202],"for":[203],"training,":[204],"significant":[208],"interest":[209],"real-time.":[215],"The":[216],"was":[218],"conducted":[219],"real":[221],"live":[222],"IBM":[226],"internal":[227],"network":[228],"confirm":[231],"algorithm's":[233],"strong":[234],"performance":[235]},"counts_by_year":[{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":2},{"year":2023,"cited_by_count":2},{"year":2022,"cited_by_count":3},{"year":2021,"cited_by_count":2}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}