{"id":"https://openalex.org/W2040146912","doi":"https://doi.org/10.1109/infcomw.2014.6849283","title":"Behavioral analytics for inferring large-scale orchestrated probing events","display_name":"Behavioral analytics for inferring large-scale orchestrated probing events","publication_year":2014,"publication_date":"2014-04-01","ids":{"openalex":"https://openalex.org/W2040146912","doi":"https://doi.org/10.1109/infcomw.2014.6849283","mag":"2040146912"},"language":"en","primary_location":{"id":"doi:10.1109/infcomw.2014.6849283","is_oa":false,"landing_page_url":"https://doi.org/10.1109/infcomw.2014.6849283","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2014 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5039079298","display_name":"Elias Bou\u2010Harb","orcid":"https://orcid.org/0000-0001-8040-4635"},"institutions":[{"id":"https://openalex.org/I60158472","display_name":"Concordia University","ror":"https://ror.org/0420zvk78","country_code":"CA","type":"education","lineage":["https://openalex.org/I60158472"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Elias Bou-Harb","raw_affiliation_strings":["NCFTA","NCFTA, Concordia Univ., Montreal, QC, Canada"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"NCFTA","institution_ids":[]},{"raw_affiliation_string":"NCFTA, Concordia Univ., Montreal, QC, Canada","institution_ids":["https://openalex.org/I60158472"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5028605138","display_name":"Mourad Debbabi","orcid":"https://orcid.org/0000-0003-3015-3043"},"institutions":[{"id":"https://openalex.org/I60158472","display_name":"Concordia University","ror":"https://ror.org/0420zvk78","country_code":"CA","type":"education","lineage":["https://openalex.org/I60158472"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Mourad Debbabi","raw_affiliation_strings":["NCFTA","NCFTA, Concordia Univ., Montreal, QC, Canada"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"NCFTA","institution_ids":[]},{"raw_affiliation_string":"NCFTA, Concordia Univ., Montreal, QC, Canada","institution_ids":["https://openalex.org/I60158472"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5072393948","display_name":"Chadi Assi","orcid":"https://orcid.org/0000-0002-3161-1846"},"institutions":[{"id":"https://openalex.org/I60158472","display_name":"Concordia University","ror":"https://ror.org/0420zvk78","country_code":"CA","type":"education","lineage":["https://openalex.org/I60158472"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Chadi Assi","raw_affiliation_strings":["NCFTA","NCFTA, Concordia Univ., Montreal, QC, Canada"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"NCFTA","institution_ids":[]},{"raw_affiliation_string":"NCFTA, Concordia Univ., Montreal, QC, Canada","institution_ids":["https://openalex.org/I60158472"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":2.5192,"has_fulltext":false,"cited_by_count":21,"citation_normalized_percentile":{"value":0.90369485,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"506","last_page":"511"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9961000084877014,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9955000281333923,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8217190504074097},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.8213807344436646},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.7693427801132202},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.6297294497489929},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6155140399932861},{"id":"https://openalex.org/keywords/event","display_name":"Event (particle physics)","score":0.4920913577079773},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.4755275547504425},{"id":"https://openalex.org/keywords/data-science","display_name":"Data science","score":0.46778404712677},{"id":"https://openalex.org/keywords/botnet","display_name":"Botnet","score":0.46673688292503357},{"id":"https://openalex.org/keywords/cyberspace","display_name":"Cyberspace","score":0.455729603767395},{"id":"https://openalex.org/keywords/analytics","display_name":"Analytics","score":0.44979429244995117},{"id":"https://openalex.org/keywords/task","display_name":"Task (project management)","score":0.4261576533317566},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.2073729932308197}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8217190504074097},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.8213807344436646},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.7693427801132202},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.6297294497489929},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6155140399932861},{"id":"https://openalex.org/C2779662365","wikidata":"https://www.wikidata.org/wiki/Q5416694","display_name":"Event (particle physics)","level":2,"score":0.4920913577079773},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.4755275547504425},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.46778404712677},{"id":"https://openalex.org/C22735295","wikidata":"https://www.wikidata.org/wiki/Q317671","display_name":"Botnet","level":3,"score":0.46673688292503357},{"id":"https://openalex.org/C2781241145","wikidata":"https://www.wikidata.org/wiki/Q204606","display_name":"Cyberspace","level":3,"score":0.455729603767395},{"id":"https://openalex.org/C79158427","wikidata":"https://www.wikidata.org/wiki/Q485396","display_name":"Analytics","level":2,"score":0.44979429244995117},{"id":"https://openalex.org/C2780451532","wikidata":"https://www.wikidata.org/wiki/Q759676","display_name":"Task (project management)","level":2,"score":0.4261576533317566},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.2073729932308197},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C187736073","wikidata":"https://www.wikidata.org/wiki/Q2920921","display_name":"Management","level":1,"score":0.0},{"id":"https://openalex.org/C151730666","wikidata":"https://www.wikidata.org/wiki/Q7205","display_name":"Paleontology","level":1,"score":0.0},{"id":"https://openalex.org/C62520636","wikidata":"https://www.wikidata.org/wiki/Q944","display_name":"Quantum mechanics","level":1,"score":0.0},{"id":"https://openalex.org/C162324750","wikidata":"https://www.wikidata.org/wiki/Q8134","display_name":"Economics","level":0,"score":0.0},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/infcomw.2014.6849283","is_oa":false,"landing_page_url":"https://doi.org/10.1109/infcomw.2014.6849283","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2014 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","score":0.5899999737739563,"id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":14,"referenced_works":["https://openalex.org/W191098608","https://openalex.org/W1546137167","https://openalex.org/W1998960172","https://openalex.org/W2040393847","https://openalex.org/W2067117154","https://openalex.org/W2092350847","https://openalex.org/W2102671922","https://openalex.org/W2108303927","https://openalex.org/W2116227232","https://openalex.org/W2123070675","https://openalex.org/W2144489971","https://openalex.org/W2155372789","https://openalex.org/W6607784307","https://openalex.org/W6682782530"],"related_works":["https://openalex.org/W2294483539","https://openalex.org/W2368745349","https://openalex.org/W2378449000","https://openalex.org/W2938399969","https://openalex.org/W2929621094","https://openalex.org/W1996006176","https://openalex.org/W4285325964","https://openalex.org/W1979706594","https://openalex.org/W2093290584","https://openalex.org/W1966145327"],"abstract_inverted_index":{"The":[0,121,179],"significant":[1],"dependence":[2],"on":[3],"cyberspace":[4],"has":[5],"indeed":[6,201],"brought":[7],"new":[8,130],"risks":[9],"that":[10,54,101,135,187,190,215,219],"often":[11],"compromise,":[12],"exploit":[13],"and":[14,18,144,163,175,229,263],"damage":[15],"invaluable":[16],"data":[17,72,95,176],"systems.":[19],"Thus,":[20],"the":[21,41,61,105,108,157,216],"capability":[22],"to":[23,52,77,96,114,140,232,252],"proactively":[24],"infer":[25,115,253],"malicious":[26,69],"activities":[27],"is":[28,181,200,220,226],"of":[29,44,67,107,128,132,149,249],"paramount":[30],"importance.":[31],"In":[32],"this":[33],"context,":[34],"inferring":[35],"probing":[36,109,133,195,256],"events,":[37],"which":[38,225],"are":[39],"commonly":[40],"first":[42],"stage":[43],"any":[45],"cyber":[46,151,234,250,260],"attack,":[47],"render":[48],"a":[49,79,98,124,129,191,207],"promising":[50],"tactic":[51],"achieve":[53],"task.":[55],"We":[56,213],"have":[57],"been":[58],"receiving":[59],"for":[60,258],"past":[62],"three":[63],"years":[64],"12":[65,89],"GB":[66],"daily":[68],"real":[70,172],"darknet":[71,223],"(i.e.,":[73,118],"Internet":[74],"traffic":[75,174],"destined":[76],"half":[78],"million":[80],"routable":[81],"yet":[82,204],"unallocated":[83],"IP":[84],"addresses)":[85],"from":[86,197],"more":[87],"than":[88],"countries.":[90],"This":[91],"paper":[92],"exploits":[93],"such":[94],"propose":[97],"novel":[99],"approach":[100,159,180,218],"aims":[102],"at":[103],"capturing":[104],"behavior":[106],"sources":[110],"in":[111,206],"an":[112],"attempt":[113],"their":[116],"orchestration":[117],"coordination)":[119],"pattern.":[120],"latter":[122],"defines":[123],"recently":[125],"discovered":[126],"characteristic":[127],"phenomenon":[131],"events":[134,251,257],"could":[136,237],"be":[137,238],"ominously":[138],"leveraged":[139],"cause":[141],"drastic":[142],"Internet-wide":[143],"enterprise":[145],"impacts":[146],"as":[147],"precursors":[148],"various":[150,161],"attacks.":[152],"To":[153],"accomplish":[154],"its":[155],"goals,":[156],"proposed":[158,217],"leverages":[160],"signal":[162],"statistical":[164],"techniques,":[165],"information":[166],"theoretical":[167],"metrics,":[168],"fuzzy":[169],"approaches":[170],"with":[171],"malware":[173],"mining":[177],"methods.":[178],"validated":[182],"through":[183],"one":[184],"use":[185],"case":[186],"arguably":[188],"proves":[189],"previously":[192],"analyzed":[193],"orchestrated":[194,255],"event":[196],"last":[198],"year":[199],"still":[202],"active,":[203],"operating":[205],"stealthy,":[208],"very":[209],"low":[210],"rate":[211],"mode.":[212],"envision":[214],"tailored":[221],"towards":[222],"data,":[224],"frequently,":[227],"abundantly":[228],"effectively":[230],"used":[231,239],"generate":[233],"threat":[235],"intelligence,":[236],"by":[240],"network":[241],"security":[242],"analysts,":[243],"emergency":[244],"response":[245],"teams":[246],"and/or":[247],"observers":[248],"large-scale":[254],"early":[259],"attack":[261],"warning":[262],"notification.":[264]},"counts_by_year":[{"year":2023,"cited_by_count":1},{"year":2022,"cited_by_count":3},{"year":2021,"cited_by_count":1},{"year":2020,"cited_by_count":2},{"year":2019,"cited_by_count":6},{"year":2018,"cited_by_count":1},{"year":2017,"cited_by_count":3},{"year":2016,"cited_by_count":2},{"year":2015,"cited_by_count":2}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}