{"id":"https://openalex.org/W1972093758","doi":"https://doi.org/10.1109/iri.2014.7051865","title":"Stream computing for large-scale, multi-channel cyber threat analytics","display_name":"Stream computing for large-scale, multi-channel cyber threat analytics","publication_year":2014,"publication_date":"2014-08-01","ids":{"openalex":"https://openalex.org/W1972093758","doi":"https://doi.org/10.1109/iri.2014.7051865","mag":"1972093758"},"language":"en","primary_location":{"id":"doi:10.1109/iri.2014.7051865","is_oa":false,"landing_page_url":"https://doi.org/10.1109/iri.2014.7051865","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2014 IEEE 15th International Conference on Information Reuse and Integration (IEEE IRI 2014)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5109894761","display_name":"Douglas Lee Schales","orcid":null},"institutions":[{"id":"https://openalex.org/I1341412227","display_name":"IBM (United States)","ror":"https://ror.org/05hh8d621","country_code":"US","type":"company","lineage":["https://openalex.org/I1341412227"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Douglas L. Schales","raw_affiliation_strings":["IBM Research","IBM Research, -"],"affiliations":[{"raw_affiliation_string":"IBM Research","institution_ids":[]},{"raw_affiliation_string":"IBM Research, -","institution_ids":["https://openalex.org/I1341412227"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5050855162","display_name":"Mihai Christodorescu","orcid":"https://orcid.org/0000-0001-5808-8015"},"institutions":[{"id":"https://openalex.org/I19268510","display_name":"Qualcomm (United Kingdom)","ror":"https://ror.org/04d3djg48","country_code":"GB","type":"company","lineage":["https://openalex.org/I19268510","https://openalex.org/I4210087596"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Mihai Christodorescu","raw_affiliation_strings":["Qualcomm Research","QualComm Research"],"affiliations":[{"raw_affiliation_string":"Qualcomm Research","institution_ids":["https://openalex.org/I19268510"]},{"raw_affiliation_string":"QualComm Research","institution_ids":["https://openalex.org/I19268510"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101916473","display_name":"Xin Hu","orcid":"https://orcid.org/0000-0002-0114-1716"},"institutions":[{"id":"https://openalex.org/I1341412227","display_name":"IBM (United States)","ror":"https://ror.org/05hh8d621","country_code":"US","type":"company","lineage":["https://openalex.org/I1341412227"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Xin Hu","raw_affiliation_strings":["IBM Research","IBM Research, -"],"affiliations":[{"raw_affiliation_string":"IBM Research","institution_ids":[]},{"raw_affiliation_string":"IBM Research, -","institution_ids":["https://openalex.org/I1341412227"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5037719518","display_name":"Jiyong Jang","orcid":"https://orcid.org/0000-0001-8111-2503"},"institutions":[{"id":"https://openalex.org/I1341412227","display_name":"IBM (United States)","ror":"https://ror.org/05hh8d621","country_code":"US","type":"company","lineage":["https://openalex.org/I1341412227"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Jiyong Jang","raw_affiliation_strings":["IBM Research","IBM Research, -"],"affiliations":[{"raw_affiliation_string":"IBM Research","institution_ids":[]},{"raw_affiliation_string":"IBM Research, -","institution_ids":["https://openalex.org/I1341412227"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5111366518","display_name":"Josyula R. Rao","orcid":null},"institutions":[{"id":"https://openalex.org/I1341412227","display_name":"IBM (United States)","ror":"https://ror.org/05hh8d621","country_code":"US","type":"company","lineage":["https://openalex.org/I1341412227"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Josyula R. Rao","raw_affiliation_strings":["IBM Research","IBM Research, -"],"affiliations":[{"raw_affiliation_string":"IBM Research","institution_ids":[]},{"raw_affiliation_string":"IBM Research, -","institution_ids":["https://openalex.org/I1341412227"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5015743671","display_name":"Reiner Sailer","orcid":null},"institutions":[{"id":"https://openalex.org/I1341412227","display_name":"IBM (United States)","ror":"https://ror.org/05hh8d621","country_code":"US","type":"company","lineage":["https://openalex.org/I1341412227"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Reiner Sailer","raw_affiliation_strings":["IBM Research","IBM Research, -"],"affiliations":[{"raw_affiliation_string":"IBM Research","institution_ids":[]},{"raw_affiliation_string":"IBM Research, -","institution_ids":["https://openalex.org/I1341412227"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5028670480","display_name":"Marc Ph. Stoecklin","orcid":null},"institutions":[{"id":"https://openalex.org/I1341412227","display_name":"IBM (United States)","ror":"https://ror.org/05hh8d621","country_code":"US","type":"company","lineage":["https://openalex.org/I1341412227"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Marc Ph. Stoecklin","raw_affiliation_strings":["IBM Research","IBM Research, -"],"affiliations":[{"raw_affiliation_string":"IBM Research","institution_ids":[]},{"raw_affiliation_string":"IBM Research, -","institution_ids":["https://openalex.org/I1341412227"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5089904591","display_name":"Wietse Venema","orcid":null},"institutions":[{"id":"https://openalex.org/I1341412227","display_name":"IBM (United States)","ror":"https://ror.org/05hh8d621","country_code":"US","type":"company","lineage":["https://openalex.org/I1341412227"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Wietse Venema","raw_affiliation_strings":["IBM Research","IBM Research, -"],"affiliations":[{"raw_affiliation_string":"IBM Research","institution_ids":[]},{"raw_affiliation_string":"IBM Research, -","institution_ids":["https://openalex.org/I1341412227"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5100686453","display_name":"Ting Wang","orcid":"https://orcid.org/0000-0001-7414-5390"},"institutions":[{"id":"https://openalex.org/I1341412227","display_name":"IBM (United States)","ror":"https://ror.org/05hh8d621","country_code":"US","type":"company","lineage":["https://openalex.org/I1341412227"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Ting Wang","raw_affiliation_strings":["IBM Research","IBM Research, -"],"affiliations":[{"raw_affiliation_string":"IBM Research","institution_ids":[]},{"raw_affiliation_string":"IBM Research, -","institution_ids":["https://openalex.org/I1341412227"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":9,"corresponding_author_ids":["https://openalex.org/A5109894761"],"corresponding_institution_ids":["https://openalex.org/I1341412227"],"apc_list":null,"apc_paid":null,"fwci":0.6896,"has_fulltext":false,"cited_by_count":4,"citation_normalized_percentile":{"value":0.72371242,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":94},"biblio":{"volume":null,"issue":null,"first_page":"8","last_page":"15"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9976999759674072,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7891137599945068},{"id":"https://openalex.org/keywords/scalability","display_name":"Scalability","score":0.7140992879867554},{"id":"https://openalex.org/keywords/netflow","display_name":"NetFlow","score":0.691891074180603},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.571140468120575},{"id":"https://openalex.org/keywords/analytics","display_name":"Analytics","score":0.5290003418922424},{"id":"https://openalex.org/keywords/dynamic-host-configuration-protocol","display_name":"Dynamic Host Configuration Protocol","score":0.5252123475074768},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.5146344900131226},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.4921371340751648},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4798852205276489},{"id":"https://openalex.org/keywords/big-data","display_name":"Big data","score":0.44845741987228394},{"id":"https://openalex.org/keywords/data-science","display_name":"Data science","score":0.27457359433174133},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.26656627655029297},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.20371729135513306},{"id":"https://openalex.org/keywords/database","display_name":"Database","score":0.19309014081954956}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7891137599945068},{"id":"https://openalex.org/C48044578","wikidata":"https://www.wikidata.org/wiki/Q727490","display_name":"Scalability","level":2,"score":0.7140992879867554},{"id":"https://openalex.org/C188067584","wikidata":"https://www.wikidata.org/wiki/Q219363","display_name":"NetFlow","level":2,"score":0.691891074180603},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.571140468120575},{"id":"https://openalex.org/C79158427","wikidata":"https://www.wikidata.org/wiki/Q485396","display_name":"Analytics","level":2,"score":0.5290003418922424},{"id":"https://openalex.org/C26876914","wikidata":"https://www.wikidata.org/wiki/Q11166","display_name":"Dynamic Host Configuration Protocol","level":3,"score":0.5252123475074768},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.5146344900131226},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.4921371340751648},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4798852205276489},{"id":"https://openalex.org/C75684735","wikidata":"https://www.wikidata.org/wiki/Q858810","display_name":"Big data","level":2,"score":0.44845741987228394},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.27457359433174133},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.26656627655029297},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.20371729135513306},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.19309014081954956},{"id":"https://openalex.org/C2985371682","wikidata":"https://www.wikidata.org/wiki/Q11135","display_name":"Ip address","level":2,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C151730666","wikidata":"https://www.wikidata.org/wiki/Q7205","display_name":"Paleontology","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/iri.2014.7051865","is_oa":false,"landing_page_url":"https://doi.org/10.1109/iri.2014.7051865","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2014 IEEE 15th International Conference on Information Reuse and Integration (IEEE IRI 2014)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.5299999713897705,"display_name":"Responsible consumption and production","id":"https://metadata.un.org/sdg/12"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":40,"referenced_works":["https://openalex.org/W47988595","https://openalex.org/W80155331","https://openalex.org/W155384935","https://openalex.org/W191098608","https://openalex.org/W1516506771","https://openalex.org/W1526702615","https://openalex.org/W1541939527","https://openalex.org/W1551705282","https://openalex.org/W1583098994","https://openalex.org/W1594972289","https://openalex.org/W1598022263","https://openalex.org/W1605124321","https://openalex.org/W1674877186","https://openalex.org/W1775772884","https://openalex.org/W1954903228","https://openalex.org/W1990089904","https://openalex.org/W2016551721","https://openalex.org/W2040424958","https://openalex.org/W2095815177","https://openalex.org/W2100903665","https://openalex.org/W2104209065","https://openalex.org/W2124365372","https://openalex.org/W2126345423","https://openalex.org/W2148877413","https://openalex.org/W2149701633","https://openalex.org/W2173213060","https://openalex.org/W2184786010","https://openalex.org/W6601890406","https://openalex.org/W6603260413","https://openalex.org/W6606342502","https://openalex.org/W6607784307","https://openalex.org/W6632301646","https://openalex.org/W6632924670","https://openalex.org/W6634779276","https://openalex.org/W6635485772","https://openalex.org/W6635614179","https://openalex.org/W6636189822","https://openalex.org/W6637096788","https://openalex.org/W6638021444","https://openalex.org/W6640663528"],"related_works":["https://openalex.org/W2134539183","https://openalex.org/W2359209543","https://openalex.org/W1595071278","https://openalex.org/W2370801098","https://openalex.org/W2380475535","https://openalex.org/W2377112249","https://openalex.org/W4320027669","https://openalex.org/W3020596246","https://openalex.org/W2051048366","https://openalex.org/W2329795475"],"abstract_inverted_index":{"The":[0],"cyber":[1],"threat":[2],"landscape,":[3],"controlled":[4],"by":[5,21],"organized":[6],"crime":[7],"and":[8,46,69,93,119,124,128,145,149],"nation":[9],"states,":[10],"is":[11,90,134],"evolving":[12,57,129],"rapidly":[13],"towards":[14],"evasive,":[15],"multi-channel":[16],"attacks,":[17],"as":[18,25,99],"impressively":[19],"shown":[20],"malicious":[22,173],"operations":[23],"such":[24],"GhostNet,":[26],"Aurora,":[27],"Stuxnet,":[28],"Night":[29],"Dragon,":[30],"or":[31],"APT1.":[32],"As":[33],"threats":[34,56,109],"blend":[35],"across":[36,110,175],"diverse":[37],"data":[38,112,177],"channels,":[39],"their":[40],"detection":[41],"requires":[42],"scalable":[43],"distributed":[44],"monitoring":[45,172],"cross-correlation":[47,148],"with":[48,157],"a":[49,80,100,186],"substantial":[50],"amount":[51],"of":[52,65,151,153,189],"contextual":[53],"information.":[54],"With":[55],"more":[58],"rapidly,":[59],"the":[60,162],"classical":[61],"defense":[62],"life":[63],"cycle":[64],"post-mortem":[66],"detection,":[67],"analysis,":[68],"signature":[70],"creation":[71],"becomes":[72],"less":[73],"effective.":[74],"In":[75],"this":[76],"paper,":[77],"we":[78,164],"present":[79],"highly-scalable,":[81],"dynamic":[82],"cybersecurity":[83,104],"analytics":[84,105],"platform":[85],"extensible":[86],"at":[87],"runtime.":[88],"It":[89],"specifically":[91],"designed":[92],"implemented":[94],"to":[95,171],"deliver":[96],"generic":[97],"capabilities":[98],"basis":[101],"for":[102,126],"future":[103],"that":[106,120,140,146],"effectively":[107],"detect":[108],"multiple":[111,176],"channels":[113,178],"while":[114],"recording":[115],"relevant":[116],"context":[117],"information,":[118],"support":[121],"automated":[122],"learning":[123],"mining":[125],"new":[127],"malware":[130],"behaviors.":[131],"Our":[132],"implementation":[133],"based":[135],"on":[136],"stream":[137,169],"computing":[138,170],"middleware":[139],"has":[141],"proven":[142],"high":[143],"scalability,":[144],"enables":[147],"analysis":[150],"millions":[152],"events":[154],"per":[155],"second":[156],"millisecond":[158],"latency.":[159],"We":[160],"report":[161],"lessons":[163],"have":[165],"learned":[166],"from":[167],"applying":[168],"activity":[174],"(e.g.,":[179],"DNS,":[180],"NetFlow,":[181],"ARP,":[182],"DHCP,":[183],"HTTP)":[184],"in":[185],"production":[187],"network":[188],"about":[190],"fifteen":[191],"thousand":[192],"nodes.":[193]},"counts_by_year":[{"year":2019,"cited_by_count":1},{"year":2018,"cited_by_count":1},{"year":2017,"cited_by_count":1},{"year":2015,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}