{"id":"https://openalex.org/W2147191819","doi":"https://doi.org/10.1109/icdm.2003.1250987","title":"Learning rules for anomaly detection of hostile network traffic","display_name":"Learning rules for anomaly detection of hostile network traffic","publication_year":2003,"publication_date":"2003-01-01","ids":{"openalex":"https://openalex.org/W2147191819","doi":"https://doi.org/10.1109/icdm.2003.1250987","mag":"2147191819"},"language":"en","primary_location":{"id":"doi:10.1109/icdm.2003.1250987","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icdm.2003.1250987","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Third IEEE International Conference on Data Mining","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5040390102","display_name":"Matthew V. Mahoney","orcid":null},"institutions":[{"id":"https://openalex.org/I106959904","display_name":"Florida Institute of Technology","ror":"https://ror.org/04atsbb87","country_code":"US","type":"education","lineage":["https://openalex.org/I106959904"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"M.V. Mahoney","raw_affiliation_strings":["Department of Computer Sciences, Florida Institute of Technology, Melbourne, FL, USA","Dept. of Comput. Sci. Florida, Inst. of Technol., Melbourne, FL, USA"],"affiliations":[{"raw_affiliation_string":"Department of Computer Sciences, Florida Institute of Technology, Melbourne, FL, USA","institution_ids":["https://openalex.org/I106959904"]},{"raw_affiliation_string":"Dept. of Comput. Sci. Florida, Inst. of Technol., Melbourne, FL, USA","institution_ids":["https://openalex.org/I106959904"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5072267835","display_name":"Philip K. Chan","orcid":"https://orcid.org/0000-0002-3878-4205"},"institutions":[{"id":"https://openalex.org/I106959904","display_name":"Florida Institute of Technology","ror":"https://ror.org/04atsbb87","country_code":"US","type":"education","lineage":["https://openalex.org/I106959904"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"P.K. Chan","raw_affiliation_strings":["Department of Computer Sciences, Florida Institute of Technology, Melbourne, FL, USA","Dept. of Comput. Sci. Florida, Inst. of Technol., Melbourne, FL, USA"],"affiliations":[{"raw_affiliation_string":"Department of Computer Sciences, Florida Institute of Technology, Melbourne, FL, USA","institution_ids":["https://openalex.org/I106959904"]},{"raw_affiliation_string":"Dept. of Comput. Sci. Florida, Inst. of Technol., Melbourne, FL, USA","institution_ids":["https://openalex.org/I106959904"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5040390102"],"corresponding_institution_ids":["https://openalex.org/I106959904"],"apc_list":null,"apc_paid":null,"fwci":8.4588,"has_fulltext":false,"cited_by_count":199,"citation_normalized_percentile":{"value":0.97692916,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":94,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"601","last_page":"604"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9970999956130981,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12326","display_name":"Network Packet Processing and Optimization","score":0.994700014591217,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.762018084526062},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.6875625848770142},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.6853556036949158},{"id":"https://openalex.org/keywords/network-packet","display_name":"Network packet","score":0.6624035239219666},{"id":"https://openalex.org/keywords/anomaly","display_name":"Anomaly (physics)","score":0.58463454246521},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.5300804376602173},{"id":"https://openalex.org/keywords/set","display_name":"Set (abstract data type)","score":0.5104102492332458},{"id":"https://openalex.org/keywords/ip-address","display_name":"Ip address","score":0.49147355556488037},{"id":"https://openalex.org/keywords/data-set","display_name":"Data set","score":0.4523301422595978},{"id":"https://openalex.org/keywords/range","display_name":"Range (aeronautics)","score":0.4405853748321533},{"id":"https://openalex.org/keywords/intrusion","display_name":"Intrusion","score":0.4149268567562103},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.37789013981819153},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.36807113885879517},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.32622218132019043},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.08961224555969238}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.762018084526062},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.6875625848770142},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.6853556036949158},{"id":"https://openalex.org/C158379750","wikidata":"https://www.wikidata.org/wiki/Q214111","display_name":"Network packet","level":2,"score":0.6624035239219666},{"id":"https://openalex.org/C12997251","wikidata":"https://www.wikidata.org/wiki/Q567560","display_name":"Anomaly (physics)","level":2,"score":0.58463454246521},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.5300804376602173},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.5104102492332458},{"id":"https://openalex.org/C2985371682","wikidata":"https://www.wikidata.org/wiki/Q11135","display_name":"Ip address","level":2,"score":0.49147355556488037},{"id":"https://openalex.org/C58489278","wikidata":"https://www.wikidata.org/wiki/Q1172284","display_name":"Data set","level":2,"score":0.4523301422595978},{"id":"https://openalex.org/C204323151","wikidata":"https://www.wikidata.org/wiki/Q905424","display_name":"Range (aeronautics)","level":2,"score":0.4405853748321533},{"id":"https://openalex.org/C158251709","wikidata":"https://www.wikidata.org/wiki/Q354025","display_name":"Intrusion","level":2,"score":0.4149268567562103},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.37789013981819153},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.36807113885879517},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.32622218132019043},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.08961224555969238},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0},{"id":"https://openalex.org/C146978453","wikidata":"https://www.wikidata.org/wiki/Q3798668","display_name":"Aerospace engineering","level":1,"score":0.0},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0},{"id":"https://openalex.org/C127313418","wikidata":"https://www.wikidata.org/wiki/Q1069","display_name":"Geology","level":0,"score":0.0},{"id":"https://openalex.org/C26873012","wikidata":"https://www.wikidata.org/wiki/Q214781","display_name":"Condensed matter physics","level":1,"score":0.0},{"id":"https://openalex.org/C17409809","wikidata":"https://www.wikidata.org/wiki/Q161764","display_name":"Geochemistry","level":1,"score":0.0}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1109/icdm.2003.1250987","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icdm.2003.1250987","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Third IEEE International Conference on Data Mining","raw_type":"proceedings-article"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.6.6512","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.6.6512","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://www.cs.fit.edu/~mmahoney/paper9.pdf","raw_type":"text"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.62.4811","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.62.4811","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://cs.fit.edu/~pkc/papers/icdm03.pdf","raw_type":"text"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[{"id":"https://openalex.org/F4320332180","display_name":"Defense Advanced Research Projects Agency","ror":"https://ror.org/02caytj08"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":26,"referenced_works":["https://openalex.org/W91862604","https://openalex.org/W132371169","https://openalex.org/W1484413656","https://openalex.org/W1506285740","https://openalex.org/W1516506771","https://openalex.org/W1591480890","https://openalex.org/W1670263352","https://openalex.org/W1674877186","https://openalex.org/W1988918299","https://openalex.org/W1999427165","https://openalex.org/W2012603689","https://openalex.org/W2083477206","https://openalex.org/W2095979141","https://openalex.org/W2105818147","https://openalex.org/W2108601876","https://openalex.org/W2128217000","https://openalex.org/W2128796442","https://openalex.org/W2132111557","https://openalex.org/W2140711496","https://openalex.org/W2147191819","https://openalex.org/W2148275477","https://openalex.org/W2162240407","https://openalex.org/W6628750762","https://openalex.org/W6630856255","https://openalex.org/W6637096788","https://openalex.org/W6674420512"],"related_works":["https://openalex.org/W2806741695","https://openalex.org/W4290647774","https://openalex.org/W3189286258","https://openalex.org/W3207797160","https://openalex.org/W3210364259","https://openalex.org/W4300558037","https://openalex.org/W2667207928","https://openalex.org/W2912112202","https://openalex.org/W4377864969","https://openalex.org/W3030345572"],"abstract_inverted_index":{"We":[0,21,37],"introduce":[1],"an":[2],"algorithm":[3],"called":[4],"LERAD":[5,23,39],"that":[6],"learns":[7],"rules":[8],"for":[9],"finding":[10],"rare":[11],"events":[12],"in":[13,27,54],"nominal":[14],"time-series":[15],"data":[16,48],"with":[17],"long":[18],"range":[19],"dependencies.":[20],"use":[22],"to":[24,33],"find":[25],"anomalies":[26],"network":[28],"packets":[29],"and":[30,50],"TCP":[31],"sessions":[32],"detect":[34],"novel":[35],"intrusions.":[36],"evaluated":[38],"on":[40,51],"the":[41],"1999":[42],"DARPA/Lincoln":[43],"Laboratory":[44],"intrusion":[45],"detection":[46],"evaluation":[47],"set":[49],"traffic":[52],"collected":[53],"a":[55],"university":[56],"departmental":[57],"server":[58],"environment.":[59]},"counts_by_year":[{"year":2024,"cited_by_count":3},{"year":2023,"cited_by_count":2},{"year":2022,"cited_by_count":2},{"year":2021,"cited_by_count":7},{"year":2020,"cited_by_count":12},{"year":2019,"cited_by_count":5},{"year":2018,"cited_by_count":13},{"year":2017,"cited_by_count":8},{"year":2016,"cited_by_count":12},{"year":2015,"cited_by_count":8},{"year":2014,"cited_by_count":13},{"year":2013,"cited_by_count":15},{"year":2012,"cited_by_count":6}],"updated_date":"2026-03-10T16:38:18.471706","created_date":"2025-10-10T00:00:00"}