{"id":"https://openalex.org/W2135475312","doi":"https://doi.org/10.1109/inm.2015.7140395","title":"A first look at HTTP(S) intrusion detection using NetFlow/IPFIX","display_name":"A first look at HTTP(S) intrusion detection using NetFlow/IPFIX","publication_year":2015,"publication_date":"2015-05-01","ids":{"openalex":"https://openalex.org/W2135475312","doi":"https://doi.org/10.1109/inm.2015.7140395","mag":"2135475312"},"language":"en","primary_location":{"id":"doi:10.1109/inm.2015.7140395","is_oa":false,"landing_page_url":"https://doi.org/10.1109/inm.2015.7140395","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2015 IFIP/IEEE International Symposium on Integrated Network Management (IM)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://ris.utwente.nl/ws/files/5492018/133801_2.pdf","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5076772757","display_name":"Olivier van der Toorn","orcid":"https://orcid.org/0000-0002-1610-7086"},"institutions":[{"id":"https://openalex.org/I94624287","display_name":"University of Twente","ror":"https://ror.org/006hf6230","country_code":"NL","type":"education","lineage":["https://openalex.org/I94624287"]}],"countries":["NL"],"is_corresponding":true,"raw_author_name":"Olivier van der Toorn","raw_affiliation_strings":["Design and Analysis of Communication Systems (DACS), University of Twente, Enschede, The Netherlands","Design and Analysis of Communication Systems (DACS), Centre for Telematics and Information Technology (CTIT), University of Twente, Enschede, The Netherlands"],"affiliations":[{"raw_affiliation_string":"Design and Analysis of Communication Systems (DACS), University of Twente, Enschede, The Netherlands","institution_ids":["https://openalex.org/I94624287"]},{"raw_affiliation_string":"Design and Analysis of Communication Systems (DACS), Centre for Telematics and Information Technology (CTIT), University of Twente, Enschede, The Netherlands","institution_ids":["https://openalex.org/I94624287"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5087439261","display_name":"Rick Hofstede","orcid":null},"institutions":[{"id":"https://openalex.org/I94624287","display_name":"University of Twente","ror":"https://ror.org/006hf6230","country_code":"NL","type":"education","lineage":["https://openalex.org/I94624287"]}],"countries":["NL"],"is_corresponding":false,"raw_author_name":"Rick Hofstede","raw_affiliation_strings":["Design and Analysis of Communication Systems (DACS), University of Twente, Enschede, The Netherlands","Design and Analysis of Communication Systems (DACS), Centre for Telematics and Information Technology (CTIT), University of Twente, Enschede, The Netherlands"],"affiliations":[{"raw_affiliation_string":"Design and Analysis of Communication Systems (DACS), University of Twente, Enschede, The Netherlands","institution_ids":["https://openalex.org/I94624287"]},{"raw_affiliation_string":"Design and Analysis of Communication Systems (DACS), Centre for Telematics and Information Technology (CTIT), University of Twente, Enschede, The Netherlands","institution_ids":["https://openalex.org/I94624287"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5043382340","display_name":"Mattijs Jonker","orcid":"https://orcid.org/0000-0001-5174-9140"},"institutions":[{"id":"https://openalex.org/I94624287","display_name":"University of Twente","ror":"https://ror.org/006hf6230","country_code":"NL","type":"education","lineage":["https://openalex.org/I94624287"]}],"countries":["NL"],"is_corresponding":false,"raw_author_name":"Mattijs Jonker","raw_affiliation_strings":["Design and Analysis of Communication Systems (DACS), University of Twente, Enschede, The Netherlands","Design and Analysis of Communication Systems (DACS), Centre for Telematics and Information Technology (CTIT), University of Twente, Enschede, The Netherlands"],"affiliations":[{"raw_affiliation_string":"Design and Analysis of Communication Systems (DACS), University of Twente, Enschede, The Netherlands","institution_ids":["https://openalex.org/I94624287"]},{"raw_affiliation_string":"Design and Analysis of Communication Systems (DACS), Centre for Telematics and Information Technology (CTIT), University of Twente, Enschede, The Netherlands","institution_ids":["https://openalex.org/I94624287"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5025537461","display_name":"Anna Sperotto","orcid":"https://orcid.org/0000-0002-9481-5846"},"institutions":[{"id":"https://openalex.org/I94624287","display_name":"University of Twente","ror":"https://ror.org/006hf6230","country_code":"NL","type":"education","lineage":["https://openalex.org/I94624287"]}],"countries":["NL"],"is_corresponding":false,"raw_author_name":"Anna Sperotto","raw_affiliation_strings":["Design and Analysis of Communication Systems (DACS), University of Twente, Enschede, The Netherlands","Design and Analysis of Communication Systems (DACS), Centre for Telematics and Information Technology (CTIT), University of Twente, Enschede, The Netherlands"],"affiliations":[{"raw_affiliation_string":"Design and Analysis of Communication Systems (DACS), University of Twente, Enschede, The Netherlands","institution_ids":["https://openalex.org/I94624287"]},{"raw_affiliation_string":"Design and Analysis of Communication Systems (DACS), Centre for Telematics and Information Technology (CTIT), University of Twente, Enschede, The Netherlands","institution_ids":["https://openalex.org/I94624287"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5076772757"],"corresponding_institution_ids":["https://openalex.org/I94624287"],"apc_list":null,"apc_paid":null,"fwci":1.0512,"has_fulltext":true,"cited_by_count":8,"citation_normalized_percentile":{"value":0.80827654,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":96},"biblio":{"volume":null,"issue":null,"first_page":"862","last_page":"865"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10714","display_name":"Software-Defined Networks and 5G","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/netflow","display_name":"NetFlow","score":0.9480354189872742},{"id":"https://openalex.org/keywords/denial-of-service-attack","display_name":"Denial-of-service attack","score":0.7915747761726379},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.7285639047622681},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7210930585861206},{"id":"https://openalex.org/keywords/open-source","display_name":"Open source","score":0.5023388862609863},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.49611911177635193},{"id":"https://openalex.org/keywords/dictionary-attack","display_name":"Dictionary attack","score":0.419949471950531},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.40538737177848816},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.253932923078537},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.24535122513771057},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.18350714445114136},{"id":"https://openalex.org/keywords/password","display_name":"Password","score":0.06597843766212463}],"concepts":[{"id":"https://openalex.org/C188067584","wikidata":"https://www.wikidata.org/wiki/Q219363","display_name":"NetFlow","level":2,"score":0.9480354189872742},{"id":"https://openalex.org/C38822068","wikidata":"https://www.wikidata.org/wiki/Q131406","display_name":"Denial-of-service attack","level":3,"score":0.7915747761726379},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.7285639047622681},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7210930585861206},{"id":"https://openalex.org/C3018397939","wikidata":"https://www.wikidata.org/wiki/Q3644502","display_name":"Open source","level":3,"score":0.5023388862609863},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.49611911177635193},{"id":"https://openalex.org/C113328881","wikidata":"https://www.wikidata.org/wiki/Q599809","display_name":"Dictionary attack","level":3,"score":0.419949471950531},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.40538737177848816},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.253932923078537},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.24535122513771057},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.18350714445114136},{"id":"https://openalex.org/C109297577","wikidata":"https://www.wikidata.org/wiki/Q161157","display_name":"Password","level":2,"score":0.06597843766212463}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1109/inm.2015.7140395","is_oa":false,"landing_page_url":"https://doi.org/10.1109/inm.2015.7140395","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2015 IFIP/IEEE International Symposium on Integrated Network Management (IM)","raw_type":"proceedings-article"},{"id":"pmh:oai:ris.utwente.nl:openaire/05825ab7-6eaf-46be-ab1b-387eef5e0194","is_oa":true,"landing_page_url":"https://research.utwente.nl/en/publications/05825ab7-6eaf-46be-ab1b-387eef5e0194","pdf_url":"https://ris.utwente.nl/ws/files/5492018/133801_2.pdf","source":{"id":"https://openalex.org/S4406922991","display_name":"University of Twente Research Information","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"van der Toorn, O I, Hofstede, R J, Jonker, M & Sperotto, A 2015, A First Look at HTTP(S) Intrusion Detection using NetFlow/IPFIX. in Proceedings of the 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM 2015). IEEE, USA, pp. 862-865, 14th IFIP/IEEE International Symposium on Integrated Network Management, IM 2015, Ottawa, Ontario, Canada, 11/05/15. https://doi.org/10.1109/INM.2015.7140395","raw_type":"info:eu-repo/semantics/publishedVersion"},{"id":"pmh:oai:ris.utwente.nl:ec_fundedresources/05825ab7-6eaf-46be-ab1b-387eef5e0194","is_oa":false,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4406922991","display_name":"University of Twente Research Information","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":""}],"best_oa_location":{"id":"pmh:oai:ris.utwente.nl:openaire/05825ab7-6eaf-46be-ab1b-387eef5e0194","is_oa":true,"landing_page_url":"https://research.utwente.nl/en/publications/05825ab7-6eaf-46be-ab1b-387eef5e0194","pdf_url":"https://ris.utwente.nl/ws/files/5492018/133801_2.pdf","source":{"id":"https://openalex.org/S4406922991","display_name":"University of Twente Research Information","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"van der Toorn, O I, Hofstede, R J, Jonker, M & Sperotto, A 2015, A First Look at HTTP(S) Intrusion Detection using NetFlow/IPFIX. in Proceedings of the 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM 2015). IEEE, USA, pp. 862-865, 14th IFIP/IEEE International Symposium on Integrated Network Management, IM 2015, Ottawa, Ontario, Canada, 11/05/15. https://doi.org/10.1109/INM.2015.7140395","raw_type":"info:eu-repo/semantics/publishedVersion"},"sustainable_development_goals":[{"score":0.6399999856948853,"display_name":"Industry, innovation and infrastructure","id":"https://metadata.un.org/sdg/9"}],"awards":[{"id":"https://openalex.org/G2507322060","display_name":null,"funder_award_id":"STREP","funder_id":"https://openalex.org/F4320320300","funder_display_name":"European Commission"},{"id":"https://openalex.org/G4267418990","display_name":"Security And InteroperabiLity in Next Generation PPDR CommUnication InfrastructureS","funder_award_id":"313296","funder_id":"https://openalex.org/F4320320300","funder_display_name":"European Commission"},{"id":"https://openalex.org/G6864424335","display_name":null,"funder_award_id":"318488","funder_id":"https://openalex.org/F4320320300","funder_display_name":"European Commission"},{"id":"https://openalex.org/G765451370","display_name":null,"funder_award_id":"ICT-318488","funder_id":"https://openalex.org/F4320320300","funder_display_name":"European Commission"}],"funders":[{"id":"https://openalex.org/F4320320300","display_name":"European Commission","ror":"https://ror.org/00k4n6c32"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W2135475312.pdf","grobid_xml":"https://content.openalex.org/works/W2135475312.grobid-xml"},"referenced_works_count":2,"referenced_works":["https://openalex.org/W2004013580","https://openalex.org/W2053550965"],"related_works":["https://openalex.org/W2134539183","https://openalex.org/W2359209543","https://openalex.org/W2370801098","https://openalex.org/W2380475535","https://openalex.org/W2377112249","https://openalex.org/W4320027669","https://openalex.org/W3199479007","https://openalex.org/W2611702147","https://openalex.org/W2294934636","https://openalex.org/W2526365583"],"abstract_inverted_index":{"Brute-force":[0],"attacks":[1,49,81],"against":[2],"Web":[3,13],"site":[4,14],"are":[5],"a":[6,44,74,87],"common":[7],"area":[8],"of":[9,25,58,99],"concern,":[10],"both":[11],"for":[12,77],"owners":[15],"and":[16,30,51],"hosters.":[17],"This":[18],"is":[19,56],"mainly":[20],"due":[21],"to":[22,106],"the":[23,31,35,66],"impact":[24],"potential":[26],"compromises":[27],"resulting":[28],"therefrom,":[29],"increased":[32],"load":[33],"on":[34],"underlying":[36],"infrastructure.":[37],"The":[38],"latter":[39],"may":[40],"even":[41],"result":[42],"in":[43,69],"Denial-of-Service":[45],"(DoS).":[46],"Detecting":[47],"brute-force":[48],"-":[50,55],"ultimately":[52],"mitigating":[53],"them":[54],"therefore":[57],"great":[59],"importance.":[60],"In":[61],"this":[62,70],"paper,":[63],"we":[64,101],"take":[65],"first":[67],"step":[68],"direction,":[71],"by":[72,97],"presenting":[73],"network-based":[75],"approach":[76],"detecting":[78],"HTTP(S)":[79],"dictionary":[80],"using":[82],"NetFlow/IPFIX.":[83],"We":[84],"have":[85],"developed":[86],"prototype":[88],"Intrusion":[89],"Detection":[90],"System":[91],"(IDS),":[92],"released":[93],"as":[94],"open-source":[95],"software,":[96],"means":[98],"which":[100],"can":[102],"achieve":[103],"accuracies":[104],"close":[105],"100%.":[107]},"counts_by_year":[{"year":2021,"cited_by_count":2},{"year":2020,"cited_by_count":2},{"year":2019,"cited_by_count":1},{"year":2017,"cited_by_count":1},{"year":2016,"cited_by_count":2}],"updated_date":"2026-04-21T08:09:41.155169","created_date":"2025-10-10T00:00:00"}