{"id":"https://openalex.org/W2051627298","doi":"https://doi.org/10.1109/ldav.2011.6092312","title":"Atypical behavior identification in large-scale network traffic","display_name":"Atypical behavior identification in large-scale network traffic","publication_year":2011,"publication_date":"2011-10-01","ids":{"openalex":"https://openalex.org/W2051627298","doi":"https://doi.org/10.1109/ldav.2011.6092312","mag":"2051627298"},"language":"en","primary_location":{"id":"doi:10.1109/ldav.2011.6092312","is_oa":false,"landing_page_url":"https://doi.org/10.1109/ldav.2011.6092312","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2011 IEEE Symposium on Large Data Analysis and Visualization","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5054038232","display_name":"Daniel M. Best","orcid":null},"institutions":[{"id":"https://openalex.org/I142606810","display_name":"Pacific Northwest National Laboratory","ror":"https://ror.org/05h992307","country_code":"US","type":"facility","lineage":["https://openalex.org/I1325736334","https://openalex.org/I1330989302","https://openalex.org/I142606810","https://openalex.org/I39565521"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Daniel M. Best","raw_affiliation_strings":["Pacific Northwest National Laboratory, USA","Pacific Northwest National Laboratory USA"],"affiliations":[{"raw_affiliation_string":"Pacific Northwest National Laboratory, USA","institution_ids":["https://openalex.org/I142606810"]},{"raw_affiliation_string":"Pacific Northwest National Laboratory USA","institution_ids":["https://openalex.org/I142606810"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5004210323","display_name":"Ryan Hafen","orcid":"https://orcid.org/0000-0002-5516-8367"},"institutions":[{"id":"https://openalex.org/I142606810","display_name":"Pacific Northwest National Laboratory","ror":"https://ror.org/05h992307","country_code":"US","type":"facility","lineage":["https://openalex.org/I1325736334","https://openalex.org/I1330989302","https://openalex.org/I142606810","https://openalex.org/I39565521"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Ryan P. Hafen","raw_affiliation_strings":["Pacific Northwest National Laboratory, USA","Pacific Northwest National Laboratory USA"],"affiliations":[{"raw_affiliation_string":"Pacific Northwest National Laboratory, USA","institution_ids":["https://openalex.org/I142606810"]},{"raw_affiliation_string":"Pacific Northwest National Laboratory USA","institution_ids":["https://openalex.org/I142606810"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5019576915","display_name":"Bryan Olsen","orcid":null},"institutions":[{"id":"https://openalex.org/I142606810","display_name":"Pacific Northwest National Laboratory","ror":"https://ror.org/05h992307","country_code":"US","type":"facility","lineage":["https://openalex.org/I1325736334","https://openalex.org/I1330989302","https://openalex.org/I142606810","https://openalex.org/I39565521"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Bryan K. Olsen","raw_affiliation_strings":["Pacific Northwest National Laboratory, USA","Pacific Northwest National Laboratory USA"],"affiliations":[{"raw_affiliation_string":"Pacific Northwest National Laboratory, USA","institution_ids":["https://openalex.org/I142606810"]},{"raw_affiliation_string":"Pacific Northwest National Laboratory USA","institution_ids":["https://openalex.org/I142606810"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5079291115","display_name":"William Pike","orcid":null},"institutions":[{"id":"https://openalex.org/I142606810","display_name":"Pacific Northwest National Laboratory","ror":"https://ror.org/05h992307","country_code":"US","type":"facility","lineage":["https://openalex.org/I1325736334","https://openalex.org/I1330989302","https://openalex.org/I142606810","https://openalex.org/I39565521"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"William A. Pike","raw_affiliation_strings":["Pacific Northwest National Laboratory","Pacific Northwest National Laboratory USA"],"affiliations":[{"raw_affiliation_string":"Pacific Northwest National Laboratory","institution_ids":["https://openalex.org/I142606810"]},{"raw_affiliation_string":"Pacific Northwest National Laboratory USA","institution_ids":["https://openalex.org/I142606810"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5054038232"],"corresponding_institution_ids":["https://openalex.org/I142606810"],"apc_list":null,"apc_paid":null,"fwci":0.5151,"has_fulltext":false,"cited_by_count":10,"citation_normalized_percentile":{"value":0.68316164,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":96},"biblio":{"volume":null,"issue":null,"first_page":"15","last_page":"22"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10799","display_name":"Data Visualization and Analytics","score":0.9991000294685364,"subfield":{"id":"https://openalex.org/subfields/1707","display_name":"Computer Vision and Pattern Recognition"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10799","display_name":"Data Visualization and Analytics","score":0.9991000294685364,"subfield":{"id":"https://openalex.org/subfields/1707","display_name":"Computer Vision and Pattern Recognition"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9980000257492065,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9962999820709229,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8146799802780151},{"id":"https://openalex.org/keywords/terabyte","display_name":"Terabyte","score":0.7289324402809143},{"id":"https://openalex.org/keywords/scalability","display_name":"Scalability","score":0.7258885502815247},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.6566412448883057},{"id":"https://openalex.org/keywords/interactivity","display_name":"Interactivity","score":0.6139255166053772},{"id":"https://openalex.org/keywords/identification","display_name":"Identification (biology)","score":0.5864132046699524},{"id":"https://openalex.org/keywords/usability","display_name":"Usability","score":0.5362777709960938},{"id":"https://openalex.org/keywords/petabyte","display_name":"Petabyte","score":0.4956854581832886},{"id":"https://openalex.org/keywords/visualization","display_name":"Visualization","score":0.4805198609828949},{"id":"https://openalex.org/keywords/data-science","display_name":"Data science","score":0.4799523651599884},{"id":"https://openalex.org/keywords/data-visualization","display_name":"Data visualization","score":0.47024956345558167},{"id":"https://openalex.org/keywords/scale","display_name":"Scale (ratio)","score":0.4301531910896301},{"id":"https://openalex.org/keywords/big-data","display_name":"Big data","score":0.42701610922813416},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.28083091974258423},{"id":"https://openalex.org/keywords/database","display_name":"Database","score":0.2527100443840027},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.21445193886756897},{"id":"https://openalex.org/keywords/human\u2013computer-interaction","display_name":"Human\u2013computer interaction","score":0.20891624689102173},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.14316093921661377}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8146799802780151},{"id":"https://openalex.org/C199683683","wikidata":"https://www.wikidata.org/wiki/Q8799","display_name":"Terabyte","level":2,"score":0.7289324402809143},{"id":"https://openalex.org/C48044578","wikidata":"https://www.wikidata.org/wiki/Q727490","display_name":"Scalability","level":2,"score":0.7258885502815247},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.6566412448883057},{"id":"https://openalex.org/C144430266","wikidata":"https://www.wikidata.org/wiki/Q839721","display_name":"Interactivity","level":2,"score":0.6139255166053772},{"id":"https://openalex.org/C116834253","wikidata":"https://www.wikidata.org/wiki/Q2039217","display_name":"Identification (biology)","level":2,"score":0.5864132046699524},{"id":"https://openalex.org/C170130773","wikidata":"https://www.wikidata.org/wiki/Q216378","display_name":"Usability","level":2,"score":0.5362777709960938},{"id":"https://openalex.org/C13600138","wikidata":"https://www.wikidata.org/wiki/Q8799","display_name":"Petabyte","level":3,"score":0.4956854581832886},{"id":"https://openalex.org/C36464697","wikidata":"https://www.wikidata.org/wiki/Q451553","display_name":"Visualization","level":2,"score":0.4805198609828949},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.4799523651599884},{"id":"https://openalex.org/C172367668","wikidata":"https://www.wikidata.org/wiki/Q6504956","display_name":"Data visualization","level":3,"score":0.47024956345558167},{"id":"https://openalex.org/C2778755073","wikidata":"https://www.wikidata.org/wiki/Q10858537","display_name":"Scale (ratio)","level":2,"score":0.4301531910896301},{"id":"https://openalex.org/C75684735","wikidata":"https://www.wikidata.org/wiki/Q858810","display_name":"Big data","level":2,"score":0.42701610922813416},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.28083091974258423},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.2527100443840027},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.21445193886756897},{"id":"https://openalex.org/C107457646","wikidata":"https://www.wikidata.org/wiki/Q207434","display_name":"Human\u2013computer interaction","level":1,"score":0.20891624689102173},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.14316093921661377},{"id":"https://openalex.org/C62520636","wikidata":"https://www.wikidata.org/wiki/Q944","display_name":"Quantum mechanics","level":1,"score":0.0},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0},{"id":"https://openalex.org/C59822182","wikidata":"https://www.wikidata.org/wiki/Q441","display_name":"Botany","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/ldav.2011.6092312","is_oa":false,"landing_page_url":"https://doi.org/10.1109/ldav.2011.6092312","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2011 IEEE Symposium on Large Data Analysis and Visualization","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[{"id":"https://openalex.org/F4320306084","display_name":"U.S. Department of Energy","ror":"https://ror.org/01bj3aw27"},{"id":"https://openalex.org/F4320306110","display_name":"U.S. Department of Homeland Security","ror":"https://ror.org/00jyr0d86"},{"id":"https://openalex.org/F4320306250","display_name":"Battelle","ror":"https://ror.org/01h5tnr73"},{"id":"https://openalex.org/F4320332664","display_name":"Science and Technology Directorate","ror":"https://ror.org/00jyr0d86"},{"id":"https://openalex.org/F4320338354","display_name":"Pacific Northwest National Laboratory","ror":"https://ror.org/05h992307"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":21,"referenced_works":["https://openalex.org/W1543057386","https://openalex.org/W1731704170","https://openalex.org/W1834737771","https://openalex.org/W1985987493","https://openalex.org/W1997020216","https://openalex.org/W2092923243","https://openalex.org/W2100565272","https://openalex.org/W2111726016","https://openalex.org/W2113377603","https://openalex.org/W2117717899","https://openalex.org/W2122646361","https://openalex.org/W2130087897","https://openalex.org/W2150847526","https://openalex.org/W2153463096","https://openalex.org/W2155788085","https://openalex.org/W2319794630","https://openalex.org/W3122751795","https://openalex.org/W4256358309","https://openalex.org/W6637271140","https://openalex.org/W6676404769","https://openalex.org/W6679027663"],"related_works":["https://openalex.org/W1538652242","https://openalex.org/W2011521129","https://openalex.org/W4379164835","https://openalex.org/W2461968736","https://openalex.org/W4386544342","https://openalex.org/W1971438544","https://openalex.org/W2481053450","https://openalex.org/W2034909456","https://openalex.org/W4254487859","https://openalex.org/W2037329379"],"abstract_inverted_index":{"Cyber":[0],"analysts":[1],"are":[2],"faced":[3],"with":[4,101],"the":[5,127,147],"daunting":[6],"challenge":[7],"of":[8,16,19,27,29,43,78,83],"identifying":[9,50],"exploits":[10],"and":[11,33,49,60,80,94,99,140,153],"threats":[12],"within":[13],"potentially":[14],"billions":[15],"daily":[17],"records":[18],"network":[20,114],"traffic.":[21],"Enterprise-wide":[22],"cyber":[23],"traffic":[24],"involves":[25],"hundreds":[26],"millions":[28],"distinct":[30],"IP":[31],"addresses":[32],"results":[34],"in":[35,112],"data":[36,57,66,79,122,133],"sets":[37],"ranging":[38],"from":[39],"terabytes":[40],"to":[41,96,125,131,137,145],"petabytes":[42],"raw":[44],"data.":[45,103],"Creating":[46],"behavioral":[47,84,148],"models":[48,55],"trends":[51],"based":[52],"on":[53],"those":[54],"requires":[56],"intensive":[58,123],"architectures":[59,124],"techniques":[61,130,136],"that":[62,74,108],"can":[63],"scale":[64],"as":[65],"volume":[67],"increases.":[68],"Analysts":[69],"need":[70],"scalable":[71],"visualization":[72],"methods":[73],"foster":[75],"interactive":[76],"exploration":[77],"enable":[81],"identification":[82],"anomalies.":[85],"Developers":[86],"must":[87],"carefully":[88],"consider":[89],"application":[90,107],"design,":[91],"storage,":[92],"processing,":[93],"display":[95],"provide":[97],"usability":[98],"interactivity":[100],"large-scale":[102],"We":[104],"present":[105],"an":[106],"highlights":[109],"atypical":[110,151],"behavior":[111],"enterprise":[113],"flow":[115],"records.":[116],"This":[117],"is":[118],"accomplished":[119],"by":[120],"utilizing":[121],"store":[126],"data,":[128],"aggregation":[129],"optimize":[132],"access,":[134],"statistical":[135],"characterize":[138],"behavior,":[139],"a":[141],"visual":[142],"analytic":[143],"environment":[144],"render":[146],"trends,":[149],"highlight":[150],"activity,":[152],"allow":[154],"for":[155],"exploration.":[156]},"counts_by_year":[{"year":2022,"cited_by_count":1},{"year":2020,"cited_by_count":1},{"year":2019,"cited_by_count":1},{"year":2018,"cited_by_count":1},{"year":2017,"cited_by_count":1},{"year":2016,"cited_by_count":1},{"year":2015,"cited_by_count":2},{"year":2014,"cited_by_count":1},{"year":2012,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}