{"id":"https://openalex.org/W2566050683","doi":"https://doi.org/10.1109/icnp.2016.7785325","title":"Enhanced telemetry for encrypted threat analytics","display_name":"Enhanced telemetry for encrypted threat analytics","publication_year":2016,"publication_date":"2016-11-01","ids":{"openalex":"https://openalex.org/W2566050683","doi":"https://doi.org/10.1109/icnp.2016.7785325","mag":"2566050683"},"language":"en","primary_location":{"id":"doi:10.1109/icnp.2016.7785325","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icnp.2016.7785325","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2016 IEEE 24th International Conference on Network Protocols (ICNP)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5011885435","display_name":"David McGrew","orcid":"https://orcid.org/0009-0007-4033-8662"},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"David McGrew","raw_affiliation_strings":["Cisco"],"affiliations":[{"raw_affiliation_string":"Cisco","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5001372796","display_name":"Blake Anderson","orcid":"https://orcid.org/0000-0002-4185-5801"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Blake Anderson","raw_affiliation_strings":["Cisco"],"affiliations":[{"raw_affiliation_string":"Cisco","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5011885435"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":3.4278,"has_fulltext":false,"cited_by_count":29,"citation_normalized_percentile":{"value":0.93855837,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"6"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9986000061035156,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8387236595153809},{"id":"https://openalex.org/keywords/telemetry","display_name":"Telemetry","score":0.7367284893989563},{"id":"https://openalex.org/keywords/encryption","display_name":"Encryption","score":0.6404470205307007},{"id":"https://openalex.org/keywords/byte","display_name":"Byte","score":0.5954169631004333},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.5511099100112915},{"id":"https://openalex.org/keywords/protocol","display_name":"Protocol (science)","score":0.5468258261680603},{"id":"https://openalex.org/keywords/network-packet","display_name":"Network packet","score":0.5356715321540833},{"id":"https://openalex.org/keywords/flow","display_name":"Flow (mathematics)","score":0.45113712549209595},{"id":"https://openalex.org/keywords/focus","display_name":"Focus (optics)","score":0.4510594308376312},{"id":"https://openalex.org/keywords/information-flow","display_name":"Information flow","score":0.41647422313690186},{"id":"https://openalex.org/keywords/real-time-computing","display_name":"Real-time computing","score":0.4142988920211792},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.35510173439979553},{"id":"https://openalex.org/keywords/computer-hardware","display_name":"Computer hardware","score":0.16896513104438782},{"id":"https://openalex.org/keywords/telecommunications","display_name":"Telecommunications","score":0.09155547618865967}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8387236595153809},{"id":"https://openalex.org/C183121708","wikidata":"https://www.wikidata.org/wiki/Q209867","display_name":"Telemetry","level":2,"score":0.7367284893989563},{"id":"https://openalex.org/C148730421","wikidata":"https://www.wikidata.org/wiki/Q141090","display_name":"Encryption","level":2,"score":0.6404470205307007},{"id":"https://openalex.org/C43364308","wikidata":"https://www.wikidata.org/wiki/Q8799","display_name":"Byte","level":2,"score":0.5954169631004333},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.5511099100112915},{"id":"https://openalex.org/C2780385302","wikidata":"https://www.wikidata.org/wiki/Q367158","display_name":"Protocol (science)","level":3,"score":0.5468258261680603},{"id":"https://openalex.org/C158379750","wikidata":"https://www.wikidata.org/wiki/Q214111","display_name":"Network packet","level":2,"score":0.5356715321540833},{"id":"https://openalex.org/C38349280","wikidata":"https://www.wikidata.org/wiki/Q1434290","display_name":"Flow (mathematics)","level":2,"score":0.45113712549209595},{"id":"https://openalex.org/C192209626","wikidata":"https://www.wikidata.org/wiki/Q190909","display_name":"Focus (optics)","level":2,"score":0.4510594308376312},{"id":"https://openalex.org/C2779136372","wikidata":"https://www.wikidata.org/wiki/Q10283002","display_name":"Information flow","level":2,"score":0.41647422313690186},{"id":"https://openalex.org/C79403827","wikidata":"https://www.wikidata.org/wiki/Q3988","display_name":"Real-time computing","level":1,"score":0.4142988920211792},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.35510173439979553},{"id":"https://openalex.org/C9390403","wikidata":"https://www.wikidata.org/wiki/Q3966","display_name":"Computer hardware","level":1,"score":0.16896513104438782},{"id":"https://openalex.org/C76155785","wikidata":"https://www.wikidata.org/wiki/Q418","display_name":"Telecommunications","level":1,"score":0.09155547618865967},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C142724271","wikidata":"https://www.wikidata.org/wiki/Q7208","display_name":"Pathology","level":1,"score":0.0},{"id":"https://openalex.org/C71924100","wikidata":"https://www.wikidata.org/wiki/Q11190","display_name":"Medicine","level":0,"score":0.0},{"id":"https://openalex.org/C41895202","wikidata":"https://www.wikidata.org/wiki/Q8162","display_name":"Linguistics","level":1,"score":0.0},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0},{"id":"https://openalex.org/C120665830","wikidata":"https://www.wikidata.org/wiki/Q14620","display_name":"Optics","level":1,"score":0.0},{"id":"https://openalex.org/C151730666","wikidata":"https://www.wikidata.org/wiki/Q7205","display_name":"Paleontology","level":1,"score":0.0},{"id":"https://openalex.org/C2524010","wikidata":"https://www.wikidata.org/wiki/Q8087","display_name":"Geometry","level":1,"score":0.0},{"id":"https://openalex.org/C204787440","wikidata":"https://www.wikidata.org/wiki/Q188504","display_name":"Alternative medicine","level":2,"score":0.0},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/icnp.2016.7785325","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icnp.2016.7785325","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2016 IEEE 24th International Conference on Network Protocols (ICNP)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/17","display_name":"Partnerships for the goals","score":0.4300000071525574}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":19,"referenced_works":["https://openalex.org/W40890042","https://openalex.org/W578229076","https://openalex.org/W1516506771","https://openalex.org/W1551618785","https://openalex.org/W1555759181","https://openalex.org/W1674877186","https://openalex.org/W1775772884","https://openalex.org/W1801756924","https://openalex.org/W2027197817","https://openalex.org/W2076014973","https://openalex.org/W2149274049","https://openalex.org/W2157949690","https://openalex.org/W2164078599","https://openalex.org/W2963065250","https://openalex.org/W4253269957","https://openalex.org/W4285719527","https://openalex.org/W6637096788","https://openalex.org/W6638021444","https://openalex.org/W6684045843"],"related_works":["https://openalex.org/W2070863773","https://openalex.org/W4212896802","https://openalex.org/W2056771637","https://openalex.org/W748047311","https://openalex.org/W2359918844","https://openalex.org/W4298110012","https://openalex.org/W2519661158","https://openalex.org/W4388599231","https://openalex.org/W4315926519","https://openalex.org/W3085294341"],"abstract_inverted_index":{"Traditional":[0],"flow":[1,60,71,150],"monitoring":[2,72,151],"provides":[3],"a":[4,21,39,59,70,101,149],"high-level":[5],"view":[6],"of":[7,20,38,58,76,83,88,98,136,141,171],"network":[8,198],"communications":[9],"by":[10,174],"reporting":[11],"the":[12,33,93,107,134],"addresses,":[13],"ports,":[14],"and":[15,17,67,95,118,153,187],"byte":[16],"packet":[18],"counts":[19],"flow.":[22,40,102],"This":[23],"data":[24,84,104,144,185],"is":[25,79,126],"valuable,":[26],"but":[27],"it":[28],"gives":[29],"little":[30],"insight":[31],"into":[32],"actual":[34],"content":[35],"or":[36],"context":[37],"To":[41],"obtain":[42],"this":[43,130,164],"missing":[44],"insight,":[45],"we":[46,132,180],"investigated":[47],"intra-flow":[48,143],"data,":[49],"that":[50,55,61,85,110,161,182],"is,":[51],"information":[52],"about":[53],"events":[54],"occur":[56],"inside":[57],"can":[62,192],"be":[63],"conveniently":[64],"collected,":[65],"stored,":[66],"analyzed":[68],"within":[69,100],"framework.":[73],"The":[74],"focus":[75],"our":[77,175],"work":[78],"on":[80,163,169],"new":[81,142],"types":[82],"are":[86],"independent":[87],"protocol":[89],"details,":[90],"such":[91],"as":[92],"lengths":[94],"arrival":[96],"times":[97],"messages":[99],"These":[103],"elements":[105],"have":[106],"attractive":[108],"property":[109],"they":[111],"apply":[112],"equally":[113],"well":[114],"to":[115,148,156],"both":[116],"encrypted":[117,197],"unencrypted":[119],"flows.":[120],"Protocol-aware":[121],"telemetry,":[122,125,138],"specifically":[123],"TLS-aware":[124],"also":[127],"analyzed.":[128],"In":[129],"paper,":[131],"explore":[133],"benefits":[135],"enhanced":[137],"desirable":[139],"properties":[140],"features":[145,186],"with":[146],"respect":[147],"system,":[152],"how":[154],"best":[155],"use":[157],"machine":[158,189],"learning":[159,190],"classifiers":[160],"operate":[162],"data.":[165],"We":[166],"provide":[167],"results":[168],"millions":[170],"flows":[172],"processed":[173],"open":[176],"source":[177],"program.":[178],"Finally,":[179],"show":[181],"leveraging":[183],"appropriate":[184],"simple":[188],"models":[191],"successfully":[193],"identify":[194],"threats":[195],"in":[196],"traffic.":[199]},"counts_by_year":[{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":4},{"year":2023,"cited_by_count":3},{"year":2022,"cited_by_count":3},{"year":2021,"cited_by_count":4},{"year":2020,"cited_by_count":5},{"year":2019,"cited_by_count":1},{"year":2018,"cited_by_count":3},{"year":2017,"cited_by_count":3},{"year":2016,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}