{"id":"https://openalex.org/W4388016151","doi":"https://doi.org/10.1109/ccci58712.2023.10290797","title":"Outlier-based Anomaly Detection in Firewall Logs","display_name":"Outlier-based Anomaly Detection in Firewall Logs","publication_year":2023,"publication_date":"2023-10-18","ids":{"openalex":"https://openalex.org/W4388016151","doi":"https://doi.org/10.1109/ccci58712.2023.10290797"},"language":"en","primary_location":{"id":"doi:10.1109/ccci58712.2023.10290797","is_oa":false,"landing_page_url":"https://doi.org/10.1109/ccci58712.2023.10290797","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2023 International Conference on Communications, Computing, Cybersecurity, and Informatics (CCCI)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5104189324","display_name":"Xiu-Ru Liang","orcid":null},"institutions":[{"id":"https://openalex.org/I4210143126","display_name":"Acer (Taiwan)","ror":"https://ror.org/03xajsx66","country_code":"TW","type":"company","lineage":["https://openalex.org/I4210143126"]}],"countries":["TW"],"is_corresponding":true,"raw_author_name":"Xiu-Ru Liang","raw_affiliation_strings":["Acer Cyber Security Inc,Department of Development and Innovation Service,Taipei,Taiwan","Department of Development and Innovation Service, Acer Cyber Security Inc, Taipei, Taiwan"],"affiliations":[{"raw_affiliation_string":"Acer Cyber Security Inc,Department of Development and Innovation Service,Taipei,Taiwan","institution_ids":[]},{"raw_affiliation_string":"Department of Development and Innovation Service, Acer Cyber Security Inc, Taipei, Taiwan","institution_ids":["https://openalex.org/I4210143126"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5075887466","display_name":"Huei-Tang Li","orcid":null},"institutions":[{"id":"https://openalex.org/I4210143126","display_name":"Acer (Taiwan)","ror":"https://ror.org/03xajsx66","country_code":"TW","type":"company","lineage":["https://openalex.org/I4210143126"]}],"countries":["TW"],"is_corresponding":false,"raw_author_name":"Huei-Tang Li","raw_affiliation_strings":["Acer Cyber Security Inc,Department of Development and Innovation Service,Taipei,Taiwan","Department of Development and Innovation Service, Acer Cyber Security Inc, Taipei, Taiwan"],"affiliations":[{"raw_affiliation_string":"Acer Cyber Security Inc,Department of Development and Innovation Service,Taipei,Taiwan","institution_ids":[]},{"raw_affiliation_string":"Department of Development and Innovation Service, Acer Cyber Security Inc, Taipei, Taiwan","institution_ids":["https://openalex.org/I4210143126"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5072457022","display_name":"Chiung-Ying Huang","orcid":null},"institutions":[{"id":"https://openalex.org/I4210143126","display_name":"Acer (Taiwan)","ror":"https://ror.org/03xajsx66","country_code":"TW","type":"company","lineage":["https://openalex.org/I4210143126"]}],"countries":["TW"],"is_corresponding":false,"raw_author_name":"Chiung-Ying Huang","raw_affiliation_strings":["Acer Cyber Security Inc,Department of Development and Innovation Service,Taipei,Taiwan","Department of Development and Innovation Service, Acer Cyber Security Inc, Taipei, Taiwan"],"affiliations":[{"raw_affiliation_string":"Acer Cyber Security Inc,Department of Development and Innovation Service,Taipei,Taiwan","institution_ids":[]},{"raw_affiliation_string":"Department of Development and Innovation Service, Acer Cyber Security Inc, Taipei, Taiwan","institution_ids":["https://openalex.org/I4210143126"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5028636203","display_name":"Wei-An Chen","orcid":"https://orcid.org/0000-0003-4293-5827"},"institutions":[{"id":"https://openalex.org/I4210143126","display_name":"Acer (Taiwan)","ror":"https://ror.org/03xajsx66","country_code":"TW","type":"company","lineage":["https://openalex.org/I4210143126"]}],"countries":["TW"],"is_corresponding":false,"raw_author_name":"Wei-An Chen","raw_affiliation_strings":["Acer Cyber Security Inc,Department of Development and Innovation Service,Taipei,Taiwan","Department of Development and Innovation Service, Acer Cyber Security Inc, Taipei, Taiwan"],"affiliations":[{"raw_affiliation_string":"Acer Cyber Security Inc,Department of Development and Innovation Service,Taipei,Taiwan","institution_ids":[]},{"raw_affiliation_string":"Department of Development and Innovation Service, Acer Cyber Security Inc, Taipei, Taiwan","institution_ids":["https://openalex.org/I4210143126"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5109695801","display_name":"Yi-Feng Chen","orcid":null},"institutions":[{"id":"https://openalex.org/I4210143126","display_name":"Acer (Taiwan)","ror":"https://ror.org/03xajsx66","country_code":"TW","type":"company","lineage":["https://openalex.org/I4210143126"]}],"countries":["TW"],"is_corresponding":false,"raw_author_name":"Yi-Feng Chen","raw_affiliation_strings":["Acer Cyber Security Inc,Department of Development and Innovation Service,Taipei,Taiwan","Department of Development and Innovation Service, Acer Cyber Security Inc, Taipei, Taiwan"],"affiliations":[{"raw_affiliation_string":"Acer Cyber Security Inc,Department of Development and Innovation Service,Taipei,Taiwan","institution_ids":[]},{"raw_affiliation_string":"Department of Development and Innovation Service, Acer Cyber Security Inc, Taipei, Taiwan","institution_ids":["https://openalex.org/I4210143126"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5102572469","display_name":"Zhi-Jia Gao","orcid":null},"institutions":[{"id":"https://openalex.org/I4210143126","display_name":"Acer (Taiwan)","ror":"https://ror.org/03xajsx66","country_code":"TW","type":"company","lineage":["https://openalex.org/I4210143126"]}],"countries":["TW"],"is_corresponding":false,"raw_author_name":"Zhi-Jia Gao","raw_affiliation_strings":["Acer Cyber Security Inc,Department of Development and Innovation Service,Taipei,Taiwan","Department of Development and Innovation Service, Acer Cyber Security Inc, Taipei, Taiwan"],"affiliations":[{"raw_affiliation_string":"Acer Cyber Security Inc,Department of Development and Innovation Service,Taipei,Taiwan","institution_ids":[]},{"raw_affiliation_string":"Department of Development and Innovation Service, Acer Cyber Security Inc, Taipei, Taiwan","institution_ids":["https://openalex.org/I4210143126"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5060648143","display_name":"Mengwei Sun","orcid":"https://orcid.org/0009-0009-1035-6901"},"institutions":[{"id":"https://openalex.org/I4210143126","display_name":"Acer (Taiwan)","ror":"https://ror.org/03xajsx66","country_code":"TW","type":"company","lineage":["https://openalex.org/I4210143126"]}],"countries":["TW"],"is_corresponding":false,"raw_author_name":"Meng-Wei Sun","raw_affiliation_strings":["Acer Cyber Security Inc,Department of Development and Innovation Service,Taipei,Taiwan","Department of Development and Innovation Service, Acer Cyber Security Inc, Taipei, Taiwan"],"affiliations":[{"raw_affiliation_string":"Acer Cyber Security Inc,Department of Development and Innovation Service,Taipei,Taiwan","institution_ids":[]},{"raw_affiliation_string":"Department of Development and Innovation Service, Acer Cyber Security Inc, Taipei, Taiwan","institution_ids":["https://openalex.org/I4210143126"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5044680594","display_name":"Hao-Cheng Chia","orcid":null},"institutions":[{"id":"https://openalex.org/I4210143126","display_name":"Acer (Taiwan)","ror":"https://ror.org/03xajsx66","country_code":"TW","type":"company","lineage":["https://openalex.org/I4210143126"]}],"countries":["TW"],"is_corresponding":false,"raw_author_name":"Hao-Cheng Chia","raw_affiliation_strings":["Acer Cyber Security Inc,Department of Development and Innovation Service,Taipei,Taiwan","Department of Development and Innovation Service, Acer Cyber Security Inc, Taipei, Taiwan"],"affiliations":[{"raw_affiliation_string":"Acer Cyber Security Inc,Department of Development and Innovation Service,Taipei,Taiwan","institution_ids":[]},{"raw_affiliation_string":"Department of Development and Innovation Service, Acer Cyber Security Inc, Taipei, Taiwan","institution_ids":["https://openalex.org/I4210143126"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":8,"corresponding_author_ids":["https://openalex.org/A5104189324"],"corresponding_institution_ids":["https://openalex.org/I4210143126"],"apc_list":null,"apc_paid":null,"fwci":0.2009,"has_fulltext":false,"cited_by_count":1,"citation_normalized_percentile":{"value":0.51836669,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":91,"max":95},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"10"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9991999864578247,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8051882982254028},{"id":"https://openalex.org/keywords/firewall","display_name":"Firewall (physics)","score":0.7270379066467285},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.6709942817687988},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.664704442024231},{"id":"https://openalex.org/keywords/denial-of-service-attack","display_name":"Denial-of-service attack","score":0.6419593691825867},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6020969748497009},{"id":"https://openalex.org/keywords/network-security","display_name":"Network security","score":0.5075106024742126},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.4340728521347046},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.29413360357284546},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.24512577056884766},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.15471342206001282}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8051882982254028},{"id":"https://openalex.org/C77714075","wikidata":"https://www.wikidata.org/wiki/Q5452017","display_name":"Firewall (physics)","level":5,"score":0.7270379066467285},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.6709942817687988},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.664704442024231},{"id":"https://openalex.org/C38822068","wikidata":"https://www.wikidata.org/wiki/Q131406","display_name":"Denial-of-service attack","level":3,"score":0.6419593691825867},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6020969748497009},{"id":"https://openalex.org/C182590292","wikidata":"https://www.wikidata.org/wiki/Q989632","display_name":"Network security","level":2,"score":0.5075106024742126},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.4340728521347046},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.29413360357284546},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.24512577056884766},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.15471342206001282},{"id":"https://openalex.org/C183915046","wikidata":"https://www.wikidata.org/wiki/Q1316152","display_name":"Charged black hole","level":4,"score":0.0},{"id":"https://openalex.org/C74650414","wikidata":"https://www.wikidata.org/wiki/Q11397","display_name":"Classical mechanics","level":1,"score":0.0},{"id":"https://openalex.org/C115304011","wikidata":"https://www.wikidata.org/wiki/Q72755","display_name":"Schwarzschild radius","level":3,"score":0.0},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0},{"id":"https://openalex.org/C124017977","wikidata":"https://www.wikidata.org/wiki/Q11412","display_name":"Gravitation","level":2,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/ccci58712.2023.10290797","is_oa":false,"landing_page_url":"https://doi.org/10.1109/ccci58712.2023.10290797","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2023 International Conference on Communications, Computing, Cybersecurity, and Informatics (CCCI)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.6700000166893005,"display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":23,"referenced_works":["https://openalex.org/W58222680","https://openalex.org/W1586466177","https://openalex.org/W2061122559","https://openalex.org/W2121511513","https://openalex.org/W2131389289","https://openalex.org/W2150847526","https://openalex.org/W2162774438","https://openalex.org/W2168917894","https://openalex.org/W2561684037","https://openalex.org/W2594130805","https://openalex.org/W2766503369","https://openalex.org/W2963273426","https://openalex.org/W2967841957","https://openalex.org/W3000440607","https://openalex.org/W3005641848","https://openalex.org/W4214863042","https://openalex.org/W4239954780","https://openalex.org/W4244733066","https://openalex.org/W4283827423","https://openalex.org/W4290712489","https://openalex.org/W6602334920","https://openalex.org/W6684764302","https://openalex.org/W6839423749"],"related_works":["https://openalex.org/W2387982609","https://openalex.org/W2359453783","https://openalex.org/W2357071520","https://openalex.org/W2061466315","https://openalex.org/W2376886931","https://openalex.org/W1992118813","https://openalex.org/W2010561419","https://openalex.org/W2374845301","https://openalex.org/W2351448539","https://openalex.org/W1977863481"],"abstract_inverted_index":{"Nowadays,":[0],"most":[1],"corporations":[2],"or":[3],"government":[4],"agencies":[5],"adopt":[6],"various":[7,129],"cybersecurity":[8,19,130],"detection":[9,24],"and":[10,42,79,83,105,132,161,172,194],"protection":[11,40,47],"systems":[12,25,29],"to":[13,61,70,77,101,118,148,153,170],"safeguard":[14],"their":[15,174],"assets.":[16],"Currently":[17],"available":[18],"products":[20],"include":[21],"firewalls,":[22],"intrusion":[23,27],"(IDS),":[26],"prevention":[28],"(IPS),":[30],"web":[31],"application":[32],"firewalls":[33],"(WAF),":[34],"anti-virus":[35],"software,":[36],"distributed":[37],"denial-of-service":[38],"(DDoS)":[39],"systems,":[41,48],"advanced":[43],"persistent":[44],"threat":[45],"(APT)":[46],"among":[49],"many":[50],"others.":[51],"This":[52,123],"article":[53],"proposes":[54],"the":[55,91,107,126,142,154],"use":[56],"of":[57,93,110,128,144,190,196],"unsupervised":[58,159],"learning":[59,160],"methods":[60],"detect":[62],"anomalous":[63,183],"behavior":[64,151,184],"in":[65,185],"network":[66,197],"environments.":[67],"In":[68],"order":[69],"find":[71],"critical":[72],"behavioral":[73,88],"features,":[74],"we":[75],"attempted":[76],"extract":[78],"analyze":[80],"different":[81,102],"fields,":[82],"ultimately":[84],"discovering":[85],"two":[86],"key":[87],"features:":[89],"(1)":[90],"number":[92,109],"daily":[94,111],"connections":[95,112],"from":[96,113],"a":[97,114,119],"source":[98,115,191],"IP":[99,116,121,192],"address":[100,117],"external":[103],"hosts,":[104],"(2)":[106],"total":[108],"destination":[120],"address.":[122],"method":[124],"simplifies":[125],"complexity":[127],"devices":[131],"introduces":[133],"our":[134,164],"designed":[135],"long-cycle":[136],"analysis":[137],"method.":[138],"It":[139],"also":[140],"solves":[141],"problem":[143],"not":[145],"being":[146],"able":[147],"define":[149],"baseline":[150],"due":[152],"high":[155],"cost":[156],"involved.":[157],"Through":[158],"feature":[162],"compression,":[163],"proposed":[165,178],"methodology":[166,179],"allows":[167],"monitoring":[168],"targets":[169],"self-compare":[171],"self-verify":[173],"own":[175],"behavior.":[176],"Our":[177],"can":[180],"figure":[181],"out":[182],"over":[186],"170":[187],"customers,":[188],"billions":[189],"addresses,":[193],"trillions":[195],"connections.":[198]},"counts_by_year":[{"year":2025,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}