{"id":"https://openalex.org/W4310172353","doi":"https://doi.org/10.1109/csnet56116.2022.9955596","title":"GRAFFITO-IDS: A Graph-based Algorithm for Feature Enrichment on Online Intrusion Detection Systems","display_name":"GRAFFITO-IDS: A Graph-based Algorithm for Feature Enrichment on Online Intrusion Detection Systems","publication_year":2022,"publication_date":"2022-10-24","ids":{"openalex":"https://openalex.org/W4310172353","doi":"https://doi.org/10.1109/csnet56116.2022.9955596"},"language":"en","primary_location":{"id":"doi:10.1109/csnet56116.2022.9955596","is_oa":false,"landing_page_url":"https://doi.org/10.1109/csnet56116.2022.9955596","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2022 6th Cyber Security in Networking Conference (CSNet)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5022723490","display_name":"Igor Jochem Sanz","orcid":null},"institutions":[{"id":"https://openalex.org/I122140584","display_name":"Universidade Federal do Rio de Janeiro","ror":"https://ror.org/03490as77","country_code":"BR","type":"education","lineage":["https://openalex.org/I122140584"]}],"countries":["BR"],"is_corresponding":true,"raw_author_name":"Igor Jochem Sanz","raw_affiliation_strings":["Universidade Federal do Rio de Janeiro, Instituto de Pesquisas Eldorado,Campinas,SP,Brazil","Universidade Federal do Rio de Janeiro, Instituto de Pesquisas Eldorado, Campinas, SP, Brazil"],"affiliations":[{"raw_affiliation_string":"Universidade Federal do Rio de Janeiro, Instituto de Pesquisas Eldorado,Campinas,SP,Brazil","institution_ids":["https://openalex.org/I122140584"]},{"raw_affiliation_string":"Universidade Federal do Rio de Janeiro, Instituto de Pesquisas Eldorado, Campinas, SP, Brazil","institution_ids":["https://openalex.org/I122140584"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5009077442","display_name":"Gabriel Antonio F. Rebello","orcid":"https://orcid.org/0000-0003-3344-0734"},"institutions":[{"id":"https://openalex.org/I122140584","display_name":"Universidade Federal do Rio de Janeiro","ror":"https://ror.org/03490as77","country_code":"BR","type":"education","lineage":["https://openalex.org/I122140584"]}],"countries":["BR"],"is_corresponding":false,"raw_author_name":"Gabriel Antonio Fontes Rebello","raw_affiliation_strings":["Grupo de Teleinform&#x00E1;tica e Automa&#x00E7;&#x00E3;o, Universidade Federal do Rio de Janeiro,Rio de Janeiro,RJ,Brazil"],"affiliations":[{"raw_affiliation_string":"Grupo de Teleinform&#x00E1;tica e Automa&#x00E7;&#x00E3;o, Universidade Federal do Rio de Janeiro,Rio de Janeiro,RJ,Brazil","institution_ids":["https://openalex.org/I122140584"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5026700596","display_name":"Otto Carlos M. B. Duarte","orcid":"https://orcid.org/0000-0002-6642-4100"},"institutions":[{"id":"https://openalex.org/I122140584","display_name":"Universidade Federal do Rio de Janeiro","ror":"https://ror.org/03490as77","country_code":"BR","type":"education","lineage":["https://openalex.org/I122140584"]}],"countries":["BR"],"is_corresponding":false,"raw_author_name":"Otto Carlos Muniz Bandeira Duarte","raw_affiliation_strings":["Grupo de Teleinform&#x00E1;tica e Automa&#x00E7;&#x00E3;o, Universidade Federal do Rio de Janeiro,Rio de Janeiro,RJ,Brazil"],"affiliations":[{"raw_affiliation_string":"Grupo de Teleinform&#x00E1;tica e Automa&#x00E7;&#x00E3;o, Universidade Federal do Rio de Janeiro,Rio de Janeiro,RJ,Brazil","institution_ids":["https://openalex.org/I122140584"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5022723490"],"corresponding_institution_ids":["https://openalex.org/I122140584"],"apc_list":null,"apc_paid":null,"fwci":0.1381,"has_fulltext":false,"cited_by_count":1,"citation_normalized_percentile":{"value":0.49087181,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":94},"biblio":{"volume":"6","issue":null,"first_page":"1","last_page":"7"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9970999956130981,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8126092553138733},{"id":"https://openalex.org/keywords/denial-of-service-attack","display_name":"Denial-of-service attack","score":0.7343072891235352},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.728668749332428},{"id":"https://openalex.org/keywords/false-positive-paradox","display_name":"False positive paradox","score":0.5817229151725769},{"id":"https://openalex.org/keywords/network-security","display_name":"Network security","score":0.5422374606132507},{"id":"https://openalex.org/keywords/graph","display_name":"Graph","score":0.5188756585121155},{"id":"https://openalex.org/keywords/botnet","display_name":"Botnet","score":0.5087228417396545},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.4569847881793976},{"id":"https://openalex.org/keywords/algorithm","display_name":"Algorithm","score":0.42953428626060486},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.38898810744285583},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.3855710029602051},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.37866753339767456},{"id":"https://openalex.org/keywords/theoretical-computer-science","display_name":"Theoretical computer science","score":0.22813868522644043},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.15023770928382874}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8126092553138733},{"id":"https://openalex.org/C38822068","wikidata":"https://www.wikidata.org/wiki/Q131406","display_name":"Denial-of-service attack","level":3,"score":0.7343072891235352},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.728668749332428},{"id":"https://openalex.org/C64869954","wikidata":"https://www.wikidata.org/wiki/Q1859747","display_name":"False positive paradox","level":2,"score":0.5817229151725769},{"id":"https://openalex.org/C182590292","wikidata":"https://www.wikidata.org/wiki/Q989632","display_name":"Network security","level":2,"score":0.5422374606132507},{"id":"https://openalex.org/C132525143","wikidata":"https://www.wikidata.org/wiki/Q141488","display_name":"Graph","level":2,"score":0.5188756585121155},{"id":"https://openalex.org/C22735295","wikidata":"https://www.wikidata.org/wiki/Q317671","display_name":"Botnet","level":3,"score":0.5087228417396545},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.4569847881793976},{"id":"https://openalex.org/C11413529","wikidata":"https://www.wikidata.org/wiki/Q8366","display_name":"Algorithm","level":1,"score":0.42953428626060486},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.38898810744285583},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.3855710029602051},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.37866753339767456},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.22813868522644043},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.15023770928382874},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/csnet56116.2022.9955596","is_oa":false,"landing_page_url":"https://doi.org/10.1109/csnet56116.2022.9955596","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2022 6th Cyber Security in Networking Conference (CSNet)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","score":0.5899999737739563,"id":"https://metadata.un.org/sdg/16"}],"awards":[{"id":"https://openalex.org/G5779807464","display_name":null,"funder_award_id":"2015/24514-9,2015/24485-9,2014/50937-1","funder_id":"https://openalex.org/F4320320997","funder_display_name":"Funda\u00e7\u00e3o de Amparo \u00e0 Pesquisa do Estado de S\u00e3o Paulo"}],"funders":[{"id":"https://openalex.org/F4320320997","display_name":"Funda\u00e7\u00e3o de Amparo \u00e0 Pesquisa do Estado de S\u00e3o Paulo","ror":"https://ror.org/02ddkpn78"},{"id":"https://openalex.org/F4320321091","display_name":"Coordena\u00e7\u00e3o de Aperfei\u00e7oamento de Pessoal de N\u00edvel Superior","ror":"https://ror.org/00x0ma614"},{"id":"https://openalex.org/F4320322025","display_name":"Conselho Nacional de Desenvolvimento Cient\u00edfico e Tecnol\u00f3gico","ror":"https://ror.org/03swz6y49"},{"id":"https://openalex.org/F4320322749","display_name":"Funda\u00e7\u00e3o Carlos Chagas Filho de Amparo \u00e0 Pesquisa do Estado do Rio de Janeiro","ror":"https://ror.org/03kk0s825"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":27,"referenced_works":["https://openalex.org/W1985902740","https://openalex.org/W1986644953","https://openalex.org/W2020657476","https://openalex.org/W2073089243","https://openalex.org/W2077488147","https://openalex.org/W2093331366","https://openalex.org/W2096118443","https://openalex.org/W2119271160","https://openalex.org/W2169768310","https://openalex.org/W2171707538","https://openalex.org/W2284900416","https://openalex.org/W2342408547","https://openalex.org/W2613920221","https://openalex.org/W2620580412","https://openalex.org/W2782220218","https://openalex.org/W2782336203","https://openalex.org/W2809409545","https://openalex.org/W2887492447","https://openalex.org/W2891929340","https://openalex.org/W2906229594","https://openalex.org/W2962590879","https://openalex.org/W2973442392","https://openalex.org/W3036195893","https://openalex.org/W3037541110","https://openalex.org/W4210358464","https://openalex.org/W6674005338","https://openalex.org/W6704694796"],"related_works":["https://openalex.org/W2038807247","https://openalex.org/W2097156747","https://openalex.org/W2559738661","https://openalex.org/W2147314218","https://openalex.org/W2061466315","https://openalex.org/W2376886931","https://openalex.org/W1992118813","https://openalex.org/W2010561419","https://openalex.org/W2374845301","https://openalex.org/W2351448539"],"abstract_inverted_index":{"The":[0],"increasing":[1],"number":[2,161],"of":[3,11,13,20,30,47,51,89,93,122,141,162],"connected":[4],"devices":[5],"to":[6,98,103,155],"provide":[7],"the":[8,16,25,44,99,104,145,150,160],"required":[9],"ubiquitousness":[10],"Internet":[12],"Things":[14],"and":[15,22,95,134,137,157,165],"massive":[17],"machine-type":[18],"communications":[19],"5G":[21],"beyond":[23],"pave":[24],"way":[26],"for":[27,67,115],"distributed":[28],"denial":[29],"service":[31],"attacks":[32],"at":[33],"an":[34,63],"unprecedented":[35],"scale.":[36],"Graph":[37],"theory,":[38],"strengthened":[39],"by":[40,56,72],"machine-learning":[41],"techniques,":[42,109],"improves":[43,149],"automatic":[45],"discovery":[46],"group":[48],"behavior":[49],"patterns":[50],"network":[52,117,125],"threats":[53],"often":[54],"missed":[55],"traditional":[57],"security":[58],"systems.":[59],"This":[60],"paper":[61],"proposes":[62],"intrusion":[64],"detection":[65,70,152],"system":[66,114],"online":[68],"threat":[69,151],"enriched":[71],"a":[73,78,86,90,119,123,127,135],"graph-based":[74,147],"analysis.":[75],"We":[76],"develop":[77],"feature":[79],"enrichment":[80,148],"algorithm":[81],"that":[82],"infers":[83],"metrics":[84],"from":[85],"graph":[87],"modeling":[88],"time-windowed":[91],"set":[92,101],"samples":[94],"incorporates":[96],"them":[97],"original":[100],"prior":[102],"classification.":[105],"Using":[106],"different":[107],"learning":[108],"we":[110],"evaluated":[111],"our":[112],"proposed":[113,146],"three":[116],"datasets:":[118],"real":[120],"traffic":[121,129],"Brazilian":[124],"operator,":[126],"synthetic":[128],"produced":[130],"in":[131],"GTA/UFRJ":[132],"lab,":[133],"realistic":[136],"publicly":[138],"available":[139],"dataset":[140],"botnet.":[142],"Results":[143],"show":[144],"accuracy":[153],"up":[154],"15.7%":[156],"significantly":[158],"reduces":[159],"false":[163,166],"negatives":[164],"positives.":[167]},"counts_by_year":[{"year":2023,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}