{"id":"https://openalex.org/W1561104315","doi":"https://doi.org/10.1109/csac.2003.1254328","title":"Collaborative intrusion detection system (CIDS): framework for accurate and efficient IDS","display_name":"Collaborative intrusion detection system (CIDS): framework for accurate and efficient IDS","publication_year":2004,"publication_date":"2004-07-08","ids":{"openalex":"https://openalex.org/W1561104315","doi":"https://doi.org/10.1109/csac.2003.1254328","mag":"1561104315"},"language":"en","primary_location":{"id":"doi:10.1109/csac.2003.1254328","is_oa":false,"landing_page_url":"https://doi.org/10.1109/csac.2003.1254328","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"19th Annual Computer Security Applications Conference, 2003. Proceedings.","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5091560296","display_name":"Yu\u2010Sung Wu","orcid":"https://orcid.org/0000-0002-9219-4804"},"institutions":[{"id":"https://openalex.org/I219193219","display_name":"Purdue University West Lafayette","ror":"https://ror.org/02dqehb95","country_code":"US","type":"education","lineage":["https://openalex.org/I219193219"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Yu-Sung Wu","raw_affiliation_strings":["School of Electrical and Computer Engineering, Purdue University, USA","Sch. of Electr. & Comput. engineering, Purdue Univ., West Lafayette, IN, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"School of Electrical and Computer Engineering, Purdue University, USA","institution_ids":[]},{"raw_affiliation_string":"Sch. of Electr. & Comput. engineering, Purdue Univ., West Lafayette, IN, USA","institution_ids":["https://openalex.org/I219193219"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5068008194","display_name":"Bingrui Foo","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Bingrui Foo","raw_affiliation_strings":["School of Electrical and Computer Engineering, Purdue University, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"School of Electrical and Computer Engineering, Purdue University, USA","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5110078877","display_name":"Yongguo Mei","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Yongguo Mei","raw_affiliation_strings":["School of Electrical and Computer Engineering, Purdue University, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"School of Electrical and Computer Engineering, Purdue University, USA","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5047310442","display_name":"Saurabh Bagchi","orcid":"https://orcid.org/0000-0002-4239-5632"},"institutions":[{"id":"https://openalex.org/I219193219","display_name":"Purdue University West Lafayette","ror":"https://ror.org/02dqehb95","country_code":"US","type":"education","lineage":["https://openalex.org/I219193219"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"S. Bagchi","raw_affiliation_strings":["School of Electrical and Computer Engineering, Purdue University, USA","Sch. of Electr. & Comput. engineering, Purdue Univ., West Lafayette, IN, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"School of Electrical and Computer Engineering, Purdue University, USA","institution_ids":[]},{"raw_affiliation_string":"Sch. of Electr. & Comput. engineering, Purdue Univ., West Lafayette, IN, USA","institution_ids":["https://openalex.org/I219193219"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":4.9905,"has_fulltext":false,"cited_by_count":124,"citation_normalized_percentile":{"value":0.95486905,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"234","last_page":"244"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9991999864578247,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9975000023841858,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.8106006383895874},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.796959638595581},{"id":"https://openalex.org/keywords/workload","display_name":"Workload","score":0.5714966058731079},{"id":"https://openalex.org/keywords/kernel","display_name":"Kernel (algebra)","score":0.5418532490730286},{"id":"https://openalex.org/keywords/premise","display_name":"Premise","score":0.44830596446990967},{"id":"https://openalex.org/keywords/real-time-computing","display_name":"Real-time computing","score":0.4378422796726227},{"id":"https://openalex.org/keywords/detector","display_name":"Detector","score":0.43121716380119324},{"id":"https://openalex.org/keywords/flooding","display_name":"Flooding (psychology)","score":0.4151079058647156},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.3914813697338104},{"id":"https://openalex.org/keywords/distributed-computing","display_name":"Distributed computing","score":0.35601624846458435},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.12691420316696167}],"concepts":[{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.8106006383895874},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.796959638595581},{"id":"https://openalex.org/C2778476105","wikidata":"https://www.wikidata.org/wiki/Q628539","display_name":"Workload","level":2,"score":0.5714966058731079},{"id":"https://openalex.org/C74193536","wikidata":"https://www.wikidata.org/wiki/Q574844","display_name":"Kernel (algebra)","level":2,"score":0.5418532490730286},{"id":"https://openalex.org/C2778023277","wikidata":"https://www.wikidata.org/wiki/Q321703","display_name":"Premise","level":2,"score":0.44830596446990967},{"id":"https://openalex.org/C79403827","wikidata":"https://www.wikidata.org/wiki/Q3988","display_name":"Real-time computing","level":1,"score":0.4378422796726227},{"id":"https://openalex.org/C94915269","wikidata":"https://www.wikidata.org/wiki/Q1834857","display_name":"Detector","level":2,"score":0.43121716380119324},{"id":"https://openalex.org/C186594467","wikidata":"https://www.wikidata.org/wiki/Q1429176","display_name":"Flooding (psychology)","level":2,"score":0.4151079058647156},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.3914813697338104},{"id":"https://openalex.org/C120314980","wikidata":"https://www.wikidata.org/wiki/Q180634","display_name":"Distributed computing","level":1,"score":0.35601624846458435},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.12691420316696167},{"id":"https://openalex.org/C76155785","wikidata":"https://www.wikidata.org/wiki/Q418","display_name":"Telecommunications","level":1,"score":0.0},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0},{"id":"https://openalex.org/C114614502","wikidata":"https://www.wikidata.org/wiki/Q76592","display_name":"Combinatorics","level":1,"score":0.0},{"id":"https://openalex.org/C542102704","wikidata":"https://www.wikidata.org/wiki/Q183257","display_name":"Psychotherapist","level":1,"score":0.0},{"id":"https://openalex.org/C15744967","wikidata":"https://www.wikidata.org/wiki/Q9418","display_name":"Psychology","level":0,"score":0.0},{"id":"https://openalex.org/C41895202","wikidata":"https://www.wikidata.org/wiki/Q8162","display_name":"Linguistics","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/csac.2003.1254328","is_oa":false,"landing_page_url":"https://doi.org/10.1109/csac.2003.1254328","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"19th Annual Computer Security Applications Conference, 2003. Proceedings.","raw_type":"proceedings-article"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.129.7898","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.129.7898","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://dynamo.ecn.purdue.edu/~sbagchi/Research/Papers/cids_acsac03.pdf","raw_type":"text"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":17,"referenced_works":["https://openalex.org/W1515452738","https://openalex.org/W1554596310","https://openalex.org/W1602380388","https://openalex.org/W1649901946","https://openalex.org/W1674877186","https://openalex.org/W2012701999","https://openalex.org/W2068789742","https://openalex.org/W2108867737","https://openalex.org/W2141200504","https://openalex.org/W2141289698","https://openalex.org/W2141867896","https://openalex.org/W2163277533","https://openalex.org/W2979006918","https://openalex.org/W6630926928","https://openalex.org/W6633128530","https://openalex.org/W6637096788","https://openalex.org/W6768650569"],"related_works":["https://openalex.org/W590788508","https://openalex.org/W4235873430","https://openalex.org/W2611974471","https://openalex.org/W4313233093","https://openalex.org/W2358082531","https://openalex.org/W2589976903","https://openalex.org/W2335596023","https://openalex.org/W2026719400","https://openalex.org/W2374273535","https://openalex.org/W4225892616"],"abstract_inverted_index":{"We":[0],"present":[1,92],"the":[2,29,45,48,71,89,93,126,136,189,192,196,205,215,220,228,238],"design":[3,94],"and":[4,15,35,38,66,95,104,117,149,160,174,179,204,218],"implementation":[5,96],"of":[6,73,97,154,172,191,222,227,241],"a":[7,20,39,53,63,80,98,105,115,118,133,143,180],"collaborative":[8],"intrusion":[9,17,243],"detection":[10,18,74,171],"system":[11,139,193],"(CIDS)":[12],"for":[13,43,56,124,202],"accurate":[14],"efficient":[16],"in":[19,83,247],"distributed":[21],"system.":[22],"CIDS":[23,68,99,211,231],"employs":[24,101],"multiple":[25],"specialized":[26],"detectors":[27,50,207],"at":[28],"different":[30,49,152],"layers":[31],"-":[32,37,156],"network,":[33],"kernel":[34,107],"application":[36,148],"manager":[40,113],"based":[41,121],"framework":[42],"aggregating":[44],"alarms":[46,127,201,224],"from":[47],"to":[51,76,87,128,169,187,225,236],"provide":[52],"combined":[54],"alarm":[55,217],"an":[57,242,249],"intrusion.":[58,137],"The":[59,112,138,163,185],"premise":[60],"is":[61,140,245],"that":[62,195],"carefully":[64],"designed":[65],"configured":[67],"can":[69,232],"increase":[70],"accuracy":[72,190],"compared":[75,168],"individual":[77],"detectors,":[78],"without":[79],"substantial":[81],"degradation":[82],"performance.":[84],"In":[85],"order":[86],"validate":[88],"premise,":[90],"we":[91],"which":[100,244],"Snort,":[102],"Libsafe,":[103],"new":[106],"level":[108],"IDS":[109],"called":[110],"Sysmon.":[111],"has":[114],"graph-based":[116],"Bayesian":[119],"network":[120],"aggregation":[122],"method":[123],"combining":[125],"finally":[129],"come":[130],"up":[131],"with":[132],"decision":[134],"about":[135],"evaluated":[141],"using":[142],"Web-based":[144],"electronic":[145],"store":[146],"front":[147],"under":[150,176],"three":[151],"classes":[153],"attacks":[155],"buffer":[157,181],"overflow,":[158],"flooding":[159],"script-based":[161],"attacks.":[162],"results":[164],"show":[165,194],"performance":[166],"degradations":[167],"no":[170],"3.9%":[173],"6.3%":[175],"normal":[177,197],"workload":[178,198],"overflow":[182],"attack":[183],"respectively.":[184],"experiments":[186],"evaluate":[188],"generates":[199],"false":[200,216],"Snort":[203],"elementary":[206],"produce":[208],"missed":[209,223],"alarms.":[210],"does":[212],"not":[213],"flag":[214],"reduces":[219],"incidence":[221],"1":[226],"7":[229],"cases.":[230],"also":[233],"be":[234],"used":[235],"measure":[237],"propagation":[239],"time":[240],"useful":[246],"choosing":[248],"appropriate":[250],"response":[251],"strategy.":[252]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":3},{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":1},{"year":2022,"cited_by_count":4},{"year":2021,"cited_by_count":7},{"year":2020,"cited_by_count":11},{"year":2019,"cited_by_count":8},{"year":2018,"cited_by_count":12},{"year":2017,"cited_by_count":8},{"year":2016,"cited_by_count":9},{"year":2015,"cited_by_count":3},{"year":2014,"cited_by_count":8},{"year":2013,"cited_by_count":5},{"year":2012,"cited_by_count":7}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}