{"id":"https://openalex.org/W2567646754","doi":"https://doi.org/10.1109/ccnc.2017.7983209","title":"Distributed network anomaly detection on an event processing framework","display_name":"Distributed network anomaly detection on an event processing framework","publication_year":2017,"publication_date":"2017-01-01","ids":{"openalex":"https://openalex.org/W2567646754","doi":"https://doi.org/10.1109/ccnc.2017.7983209","mag":"2567646754"},"language":"en","primary_location":{"id":"doi:10.1109/ccnc.2017.7983209","is_oa":false,"landing_page_url":"https://doi.org/10.1109/ccnc.2017.7983209","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2017 14th IEEE Annual Consumer Communications &amp; Networking Conference (CCNC)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5061979506","display_name":"Atanas Pamukchiev","orcid":null},"institutions":[{"id":"https://openalex.org/I7882870","display_name":"University of Glasgow","ror":"https://ror.org/00vtgdb53","country_code":"GB","type":"education","lineage":["https://openalex.org/I7882870"]}],"countries":["GB"],"is_corresponding":true,"raw_author_name":"Atanas Pamukchiev","raw_affiliation_strings":["School of Computing Science, University of Glasgow, Glasgow, Scotland"],"affiliations":[{"raw_affiliation_string":"School of Computing Science, University of Glasgow, Glasgow, Scotland","institution_ids":["https://openalex.org/I7882870"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5050078912","display_name":"Simon Jou\u00ebt","orcid":null},"institutions":[{"id":"https://openalex.org/I7882870","display_name":"University of Glasgow","ror":"https://ror.org/00vtgdb53","country_code":"GB","type":"education","lineage":["https://openalex.org/I7882870"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Simon Jouet","raw_affiliation_strings":["School of Computing Science, University of Glasgow, Glasgow, Scotland"],"affiliations":[{"raw_affiliation_string":"School of Computing Science, University of Glasgow, Glasgow, Scotland","institution_ids":["https://openalex.org/I7882870"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5021350142","display_name":"Dimitrios P. Pezaros","orcid":"https://orcid.org/0000-0003-0939-378X"},"institutions":[{"id":"https://openalex.org/I7882870","display_name":"University of Glasgow","ror":"https://ror.org/00vtgdb53","country_code":"GB","type":"education","lineage":["https://openalex.org/I7882870"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Dimitrios P. Pezaros","raw_affiliation_strings":["School of Computing Science, University of Glasgow, Glasgow, Scotland"],"affiliations":[{"raw_affiliation_string":"School of Computing Science, University of Glasgow, Glasgow, Scotland","institution_ids":["https://openalex.org/I7882870"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5061979506"],"corresponding_institution_ids":["https://openalex.org/I7882870"],"apc_list":null,"apc_paid":null,"fwci":1.2432,"has_fulltext":false,"cited_by_count":7,"citation_normalized_percentile":{"value":0.81491255,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":96},"biblio":{"volume":null,"issue":null,"first_page":"659","last_page":"664"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10714","display_name":"Software-Defined Networks and 5G","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7866335511207581},{"id":"https://openalex.org/keywords/complex-event-processing","display_name":"Complex event processing","score":0.6889627575874329},{"id":"https://openalex.org/keywords/network-monitoring","display_name":"Network monitoring","score":0.6875326633453369},{"id":"https://openalex.org/keywords/orchestration","display_name":"Orchestration","score":0.5823296308517456},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.572336733341217},{"id":"https://openalex.org/keywords/distributed-computing","display_name":"Distributed computing","score":0.5535003542900085},{"id":"https://openalex.org/keywords/software-defined-networking","display_name":"Software-defined networking","score":0.5434229373931885},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.5420554280281067},{"id":"https://openalex.org/keywords/event","display_name":"Event (particle physics)","score":0.5107991695404053},{"id":"https://openalex.org/keywords/network-packet","display_name":"Network packet","score":0.48587530851364136},{"id":"https://openalex.org/keywords/packet-processing","display_name":"Packet processing","score":0.4514632523059845},{"id":"https://openalex.org/keywords/real-time-computing","display_name":"Real-time computing","score":0.4480555057525635},{"id":"https://openalex.org/keywords/network-topology","display_name":"Network topology","score":0.43952932953834534},{"id":"https://openalex.org/keywords/network-administrator","display_name":"Network administrator","score":0.4348013401031494},{"id":"https://openalex.org/keywords/network-management","display_name":"Network management","score":0.434045672416687},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.3817281126976013},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.171182781457901},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.11310639977455139}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7866335511207581},{"id":"https://openalex.org/C123606473","wikidata":"https://www.wikidata.org/wiki/Q907918","display_name":"Complex event processing","level":3,"score":0.6889627575874329},{"id":"https://openalex.org/C81877898","wikidata":"https://www.wikidata.org/wiki/Q1965787","display_name":"Network monitoring","level":2,"score":0.6875326633453369},{"id":"https://openalex.org/C199168358","wikidata":"https://www.wikidata.org/wiki/Q3367000","display_name":"Orchestration","level":3,"score":0.5823296308517456},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.572336733341217},{"id":"https://openalex.org/C120314980","wikidata":"https://www.wikidata.org/wiki/Q180634","display_name":"Distributed computing","level":1,"score":0.5535003542900085},{"id":"https://openalex.org/C77270119","wikidata":"https://www.wikidata.org/wiki/Q1655198","display_name":"Software-defined networking","level":2,"score":0.5434229373931885},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.5420554280281067},{"id":"https://openalex.org/C2779662365","wikidata":"https://www.wikidata.org/wiki/Q5416694","display_name":"Event (particle physics)","level":2,"score":0.5107991695404053},{"id":"https://openalex.org/C158379750","wikidata":"https://www.wikidata.org/wiki/Q214111","display_name":"Network packet","level":2,"score":0.48587530851364136},{"id":"https://openalex.org/C2779581428","wikidata":"https://www.wikidata.org/wiki/Q7122997","display_name":"Packet processing","level":3,"score":0.4514632523059845},{"id":"https://openalex.org/C79403827","wikidata":"https://www.wikidata.org/wiki/Q3988","display_name":"Real-time computing","level":1,"score":0.4480555057525635},{"id":"https://openalex.org/C199845137","wikidata":"https://www.wikidata.org/wiki/Q145490","display_name":"Network topology","level":2,"score":0.43952932953834534},{"id":"https://openalex.org/C2779173999","wikidata":"https://www.wikidata.org/wiki/Q680296","display_name":"Network administrator","level":2,"score":0.4348013401031494},{"id":"https://openalex.org/C129763632","wikidata":"https://www.wikidata.org/wiki/Q1454667","display_name":"Network management","level":2,"score":0.434045672416687},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.3817281126976013},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.171182781457901},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.11310639977455139},{"id":"https://openalex.org/C153349607","wikidata":"https://www.wikidata.org/wiki/Q36649","display_name":"Visual arts","level":1,"score":0.0},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0},{"id":"https://openalex.org/C62520636","wikidata":"https://www.wikidata.org/wiki/Q944","display_name":"Quantum mechanics","level":1,"score":0.0},{"id":"https://openalex.org/C558565934","wikidata":"https://www.wikidata.org/wiki/Q2743","display_name":"Musical","level":2,"score":0.0},{"id":"https://openalex.org/C142362112","wikidata":"https://www.wikidata.org/wiki/Q735","display_name":"Art","level":0,"score":0.0},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/ccnc.2017.7983209","is_oa":false,"landing_page_url":"https://doi.org/10.1109/ccnc.2017.7983209","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2017 14th IEEE Annual Consumer Communications &amp; Networking Conference (CCNC)","raw_type":"proceedings-article"},{"id":"pmh:oai:eprints.gla.ac.uk:130943","is_oa":false,"landing_page_url":"http://eprints.gla.ac.uk/view/author/33944.html>","pdf_url":null,"source":{"id":"https://openalex.org/S4210235606","display_name":"ENLIGHTEN (Jurnal Bimbingan dan Konseling Islam)","issn_l":"2622-8912","issn":["2622-8912","2622-8920"],"is_oa":false,"is_in_doaj":true,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":null,"license_id":null,"version":"acceptedVersion","is_accepted":true,"is_published":false,"raw_source_name":null,"raw_type":"PeerReviewed"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Industry, innovation and infrastructure","id":"https://metadata.un.org/sdg/9","score":0.49000000953674316}],"awards":[{"id":"https://openalex.org/G1708471004","display_name":null,"funder_award_id":"EP/N033957/1","funder_id":"https://openalex.org/F4320334627","funder_display_name":"Engineering and Physical Sciences Research Council"},{"id":"https://openalex.org/G1983833196","display_name":null,"funder_award_id":"EP/L005255/1","funder_id":"https://openalex.org/F4320334627","funder_display_name":"Engineering and Physical Sciences Research Council"}],"funders":[{"id":"https://openalex.org/F4320334627","display_name":"Engineering and Physical Sciences Research Council","ror":"https://ror.org/0439y7842"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":14,"referenced_works":["https://openalex.org/W1541939527","https://openalex.org/W1563242287","https://openalex.org/W1584928512","https://openalex.org/W1674877186","https://openalex.org/W1763270762","https://openalex.org/W2007087405","https://openalex.org/W2064955109","https://openalex.org/W2075218499","https://openalex.org/W2079089668","https://openalex.org/W2094314323","https://openalex.org/W2099218848","https://openalex.org/W2124365372","https://openalex.org/W2137559158","https://openalex.org/W2166992175"],"related_works":["https://openalex.org/W2770733137","https://openalex.org/W2360330114","https://openalex.org/W3139002588","https://openalex.org/W3112536095","https://openalex.org/W2553802035","https://openalex.org/W2359696011","https://openalex.org/W4388491859","https://openalex.org/W4388190366","https://openalex.org/W3107658934","https://openalex.org/W2567646754"],"abstract_inverted_index":{"Network":[0],"Intrusion":[1],"Detection":[2],"Systems":[3],"(NIDS)":[4],"are":[5,26,33],"an":[6],"integral":[7],"part":[8],"of":[9,40,50,89,110,158],"modern":[10,51],"data":[11,52,185],"centres":[12],"to":[13,57,62,65,80,106],"ensure":[14],"high":[15,201],"availability":[16],"and":[17,47,98,135,143,188,203],"compliance":[18],"with":[19,120,195],"Service":[20],"Level":[21],"Agreements":[22],"(SLAs).":[23],"Currently,":[24],"NIDS":[25],"deployed":[27],"on":[28,86,206],"high-performance,":[29],"high-cost":[30],"middleboxes":[31],"that":[32,190],"responsible":[34],"for":[35,140,166],"monitoring":[36],"a":[37,77,100,137,155],"limited":[38],"section":[39],"the":[41,59,67,87,108,111,117,128,132,146,152,159,163,179,191,196],"network.":[42],"The":[43],"fast":[44,68],"increasing":[45],"size":[46],"aggregate":[48],"throughput":[49],"centre":[53,186],"networks":[54],"have":[55,96,177],"come":[56],"challenge":[58],"current":[60],"approach":[61,79,113],"anomaly":[63],"detection":[64,83],"satisfy":[66],"growing":[69],"compute":[70],"demand.":[71],"In":[72],"this":[73],"paper,":[74],"we":[75],"propose":[76],"novel":[78],"distributed":[81],"intrusion":[82],"systems":[84],"based":[85],"architecture":[88],"recently":[90],"proposed":[91,112,180],"event":[92,168,173],"processing":[93,164,169],"frameworks.":[94],"We":[95,176],"designed":[97],"implemented":[99],"prototype":[101],"system":[102,124,181,192],"using":[103,182],"Apache":[104],"Storm":[105],"show":[107],"benefits":[109],"as":[114,116],"well":[115],"architectural":[118],"differences":[119],"traditional":[121],"systems.":[122],"Our":[123],"distributes":[125,162],"modules":[126],"across":[127],"available":[129,184],"devices":[130],"within":[131],"network":[133,160,197],"fabric":[134],"uses":[136],"centralised":[138],"controller":[139,153],"orchestration,":[141],"management":[142],"correlation.":[144],"Following":[145],"Software":[147],"Defined":[148],"Networking":[149],"(SDN)":[150],"paradigm,":[151],"maintains":[154],"complete":[156],"view":[157],"but":[161],"logic":[165],"quick":[167],"while":[170,199],"performing":[171],"complex":[172],"correlation":[174],"centrally.":[175],"evaluated":[178],"publicly":[183],"traces":[187],"demonstrated":[189],"can":[193],"scale":[194],"topology":[198],"providing":[200],"performance":[202],"minimal":[204],"impact":[205],"packet":[207],"latency.":[208]},"counts_by_year":[{"year":2021,"cited_by_count":1},{"year":2020,"cited_by_count":1},{"year":2019,"cited_by_count":2},{"year":2018,"cited_by_count":2},{"year":2017,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}