{"id":"https://openalex.org/W3210227224","doi":"https://doi.org/10.1109/ccci52664.2021.9583212","title":"Catching Unusual Traffic Behavior using TF\u2013IDF-based Port Access Statistics Analysis","display_name":"Catching Unusual Traffic Behavior using TF\u2013IDF-based Port Access Statistics Analysis","publication_year":2021,"publication_date":"2021-10-15","ids":{"openalex":"https://openalex.org/W3210227224","doi":"https://doi.org/10.1109/ccci52664.2021.9583212","mag":"3210227224"},"language":"en","primary_location":{"id":"doi:10.1109/ccci52664.2021.9583212","is_oa":false,"landing_page_url":"https://doi.org/10.1109/ccci52664.2021.9583212","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2021 International Conference on Communications, Computing, Cybersecurity, and Informatics (CCCI)","raw_type":"proceedings-article"},"type":"preprint","indexed_in":["arxiv","crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://arxiv.org/pdf/2111.06080","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5071394015","display_name":"Keiichi Shima","orcid":"https://orcid.org/0000-0003-2512-2584"},"institutions":[{"id":"https://openalex.org/I4387153849","display_name":"Internet Initiative Japan","ror":"https://ror.org/05c4bsk60","country_code":null,"type":"company","lineage":["https://openalex.org/I4210145792","https://openalex.org/I4387153849"]}],"countries":["JP"],"is_corresponding":true,"raw_author_name":"Keiichi Shima","raw_affiliation_strings":["Internet Initiative, Japan"],"affiliations":[{"raw_affiliation_string":"Internet Initiative, Japan","institution_ids":["https://openalex.org/I4387153849"]}]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":1,"corresponding_author_ids":["https://openalex.org/A5071394015"],"corresponding_institution_ids":["https://openalex.org/I4387153849"],"apc_list":null,"apc_paid":null,"fwci":0.3185,"has_fulltext":false,"cited_by_count":2,"citation_normalized_percentile":{"value":0.62308559,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":94,"max":96},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"5"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12326","display_name":"Network Packet Processing and Optimization","score":0.9979000091552734,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7471609115600586},{"id":"https://openalex.org/keywords/tf\u2013idf","display_name":"tf\u2013idf","score":0.7345849871635437},{"id":"https://openalex.org/keywords/port","display_name":"Port (circuit theory)","score":0.6321071982383728},{"id":"https://openalex.org/keywords/traffic-analysis","display_name":"Traffic analysis","score":0.576164722442627},{"id":"https://openalex.org/keywords/term","display_name":"Term (time)","score":0.4374552369117737},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.43029019236564636},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.3867132365703583},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.0996021032333374}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7471609115600586},{"id":"https://openalex.org/C81758059","wikidata":"https://www.wikidata.org/wiki/Q796584","display_name":"tf\u2013idf","level":3,"score":0.7345849871635437},{"id":"https://openalex.org/C32802771","wikidata":"https://www.wikidata.org/wiki/Q2443617","display_name":"Port (circuit theory)","level":2,"score":0.6321071982383728},{"id":"https://openalex.org/C2781317605","wikidata":"https://www.wikidata.org/wiki/Q7832483","display_name":"Traffic analysis","level":2,"score":0.576164722442627},{"id":"https://openalex.org/C61797465","wikidata":"https://www.wikidata.org/wiki/Q1188986","display_name":"Term (time)","level":2,"score":0.4374552369117737},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.43029019236564636},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.3867132365703583},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.0996021032333374},{"id":"https://openalex.org/C62520636","wikidata":"https://www.wikidata.org/wiki/Q944","display_name":"Quantum mechanics","level":1,"score":0.0},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0},{"id":"https://openalex.org/C119599485","wikidata":"https://www.wikidata.org/wiki/Q43035","display_name":"Electrical engineering","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/ccci52664.2021.9583212","is_oa":false,"landing_page_url":"https://doi.org/10.1109/ccci52664.2021.9583212","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2021 International Conference on Communications, Computing, Cybersecurity, and Informatics (CCCI)","raw_type":"proceedings-article"},{"id":"pmh:oai:arXiv.org:2111.06080","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2111.06080","pdf_url":"https://arxiv.org/pdf/2111.06080","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"}],"best_oa_location":{"id":"pmh:oai:arXiv.org:2111.06080","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2111.06080","pdf_url":"https://arxiv.org/pdf/2111.06080","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":12,"referenced_works":["https://openalex.org/W1990680872","https://openalex.org/W2080099070","https://openalex.org/W2146872105","https://openalex.org/W2166277028","https://openalex.org/W2301803821","https://openalex.org/W2575100999","https://openalex.org/W2748868501","https://openalex.org/W2757758197","https://openalex.org/W2900749811","https://openalex.org/W3097490366","https://openalex.org/W6743493502","https://openalex.org/W6785223009"],"related_works":["https://openalex.org/W2382433580","https://openalex.org/W2100326285","https://openalex.org/W2369751049","https://openalex.org/W2198237484","https://openalex.org/W2381981226","https://openalex.org/W4296339319","https://openalex.org/W2041122820","https://openalex.org/W2383777945","https://openalex.org/W2030848013","https://openalex.org/W3210227224"],"abstract_inverted_index":{"Detecting":[0],"the":[1,9,47,53,63],"anomalous":[2],"behavior":[3,40],"of":[4,8,103],"traffic":[5,104],"is":[6,28,94],"one":[7,117],"important":[10],"actions":[11],"for":[12,98],"network":[13,42],"operators.":[14],"In":[15],"this":[16,66],"study,":[17],"we":[18,68,110],"applied":[19],"term":[20,48],"frequency":[21,25],"\u2013":[22],"inverse":[23],"document":[24,50],"(TF\u2013IDF),":[26],"which":[27],"a":[29,95,100,107],"popular":[30],"method":[31],"used":[32],"in":[33,74],"natural":[34],"language":[35],"processing,":[36],"to":[37,52,78],"detect":[38,112],"unusual":[39],"from":[41],"access":[43,58,81,84],"logs.":[44],"We":[45],"mapped":[46],"and":[49,56,61,116],"concept":[51],"port":[54,80],"number":[55],"daily":[57],"history,":[59],"respectively,":[60],"calculated":[62],"TF\u2013IDF.":[64],"With":[65],"approach,":[67],"could":[69,111],"obtain":[70],"ports":[71],"frequently":[72],"observed":[73],"fewer":[75],"days":[76],"compared":[77],"other":[79],"activities.":[82],"Such":[83],"behaviors":[85],"are":[86],"not":[87],"always":[88],"malicious":[89],"activities;":[90],"however,":[91],"such":[92],"information":[93],"good":[96],"indicator":[97],"starting":[99],"deeper":[101],"analysis":[102],"behavior.":[105],"Using":[106],"real-life":[108],"dataset,":[109],"two":[113],"bot-oriented":[114],"accesses":[115],"unique":[118],"UDP":[119],"traffic.":[120]},"counts_by_year":[{"year":2023,"cited_by_count":2}],"updated_date":"2026-03-20T23:20:44.827607","created_date":"2021-11-08T00:00:00"}