{"id":"https://openalex.org/W2563589617","doi":"https://doi.org/10.1109/milcom.2016.7795420","title":"Characterizing network behavior features using a cyber-security ontology","display_name":"Characterizing network behavior features using a cyber-security ontology","publication_year":2016,"publication_date":"2016-11-01","ids":{"openalex":"https://openalex.org/W2563589617","doi":"https://doi.org/10.1109/milcom.2016.7795420","mag":"2563589617"},"language":"en","primary_location":{"id":"doi:10.1109/milcom.2016.7795420","is_oa":false,"landing_page_url":"https://doi.org/10.1109/milcom.2016.7795420","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"MILCOM 2016 - 2016 IEEE Military Communications Conference","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5080441846","display_name":"Noam Ben\u2010Asher","orcid":"https://orcid.org/0000-0001-8140-2383"},"institutions":[{"id":"https://openalex.org/I166416128","display_name":"DEVCOM Army Research Laboratory","ror":"https://ror.org/011hc8f90","country_code":"US","type":"government","lineage":["https://openalex.org/I1304082316","https://openalex.org/I1330347796","https://openalex.org/I166416128","https://openalex.org/I2802705668","https://openalex.org/I4210154437"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Noam Ben-Asher","raw_affiliation_strings":["U.S. Army Research Laboratory, IBM T.J.Watson Research Center, Adelphi, MD"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"U.S. Army Research Laboratory, IBM T.J.Watson Research Center, Adelphi, MD","institution_ids":["https://openalex.org/I166416128"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5016706843","display_name":"Steve Hutchinson","orcid":null},"institutions":[{"id":"https://openalex.org/I61822063","display_name":"ICF International (United States)","ror":"https://ror.org/0156f0c06","country_code":"US","type":"company","lineage":["https://openalex.org/I61822063"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Steve Hutchinson","raw_affiliation_strings":["ICF International, Adelphi, MD"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"ICF International, Adelphi, MD","institution_ids":["https://openalex.org/I61822063"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5052185760","display_name":"Alessandro Oltramari","orcid":"https://orcid.org/0000-0003-1559-4852"},"institutions":[{"id":"https://openalex.org/I74973139","display_name":"Carnegie Mellon University","ror":"https://ror.org/05x2bcf33","country_code":"US","type":"education","lineage":["https://openalex.org/I74973139"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Alessandro Oltramari","raw_affiliation_strings":["Carnegie Mellon University, CyLab, Pittsburgh, PA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Carnegie Mellon University, CyLab, Pittsburgh, PA","institution_ids":["https://openalex.org/I74973139"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.2954,"has_fulltext":false,"cited_by_count":2,"citation_normalized_percentile":{"value":0.67268225,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":94},"biblio":{"volume":"6","issue":null,"first_page":"758","last_page":"763"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9986000061035156,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9941999912261963,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8625600337982178},{"id":"https://openalex.org/keywords/ontology","display_name":"Ontology","score":0.6249381899833679},{"id":"https://openalex.org/keywords/network-packet","display_name":"Network packet","score":0.6042885780334473},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.533069908618927},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.5209987759590149},{"id":"https://openalex.org/keywords/modular-design","display_name":"Modular design","score":0.4991416931152344},{"id":"https://openalex.org/keywords/vocabulary","display_name":"Vocabulary","score":0.49667292833328247},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.4659612774848938},{"id":"https://openalex.org/keywords/focus","display_name":"Focus (optics)","score":0.4610430896282196},{"id":"https://openalex.org/keywords/network-security","display_name":"Network security","score":0.4407654404640198},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4350017309188843},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.3722531199455261}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8625600337982178},{"id":"https://openalex.org/C25810664","wikidata":"https://www.wikidata.org/wiki/Q44325","display_name":"Ontology","level":2,"score":0.6249381899833679},{"id":"https://openalex.org/C158379750","wikidata":"https://www.wikidata.org/wiki/Q214111","display_name":"Network packet","level":2,"score":0.6042885780334473},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.533069908618927},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.5209987759590149},{"id":"https://openalex.org/C101468663","wikidata":"https://www.wikidata.org/wiki/Q1620158","display_name":"Modular design","level":2,"score":0.4991416931152344},{"id":"https://openalex.org/C2777601683","wikidata":"https://www.wikidata.org/wiki/Q6499736","display_name":"Vocabulary","level":2,"score":0.49667292833328247},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.4659612774848938},{"id":"https://openalex.org/C192209626","wikidata":"https://www.wikidata.org/wiki/Q190909","display_name":"Focus (optics)","level":2,"score":0.4610430896282196},{"id":"https://openalex.org/C182590292","wikidata":"https://www.wikidata.org/wiki/Q989632","display_name":"Network security","level":2,"score":0.4407654404640198},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4350017309188843},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.3722531199455261},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C111472728","wikidata":"https://www.wikidata.org/wiki/Q9471","display_name":"Epistemology","level":1,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0},{"id":"https://openalex.org/C41895202","wikidata":"https://www.wikidata.org/wiki/Q8162","display_name":"Linguistics","level":1,"score":0.0},{"id":"https://openalex.org/C120665830","wikidata":"https://www.wikidata.org/wiki/Q14620","display_name":"Optics","level":1,"score":0.0},{"id":"https://openalex.org/C151730666","wikidata":"https://www.wikidata.org/wiki/Q7205","display_name":"Paleontology","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/milcom.2016.7795420","is_oa":false,"landing_page_url":"https://doi.org/10.1109/milcom.2016.7795420","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"MILCOM 2016 - 2016 IEEE Military Communications Conference","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16","score":0.699999988079071}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":29,"referenced_works":["https://openalex.org/W136808696","https://openalex.org/W1527627804","https://openalex.org/W1602395689","https://openalex.org/W1678959094","https://openalex.org/W1923940819","https://openalex.org/W1990089904","https://openalex.org/W2023945984","https://openalex.org/W2065126904","https://openalex.org/W2076076142","https://openalex.org/W2099456548","https://openalex.org/W2110425399","https://openalex.org/W2124391744","https://openalex.org/W2155814345","https://openalex.org/W2168620475","https://openalex.org/W2399628510","https://openalex.org/W2402136125","https://openalex.org/W2405946111","https://openalex.org/W2407451098","https://openalex.org/W2507956480","https://openalex.org/W2640631472","https://openalex.org/W3144368627","https://openalex.org/W4285719527","https://openalex.org/W6636059598","https://openalex.org/W6637280203","https://openalex.org/W6640271264","https://openalex.org/W6674791442","https://openalex.org/W6713285233","https://openalex.org/W6713639262","https://openalex.org/W6713887106"],"related_works":["https://openalex.org/W2061466315","https://openalex.org/W2376886931","https://openalex.org/W2010561419","https://openalex.org/W2374845301","https://openalex.org/W2351448539","https://openalex.org/W1977863481","https://openalex.org/W2384741105","https://openalex.org/W1495178644","https://openalex.org/W2185594426","https://openalex.org/W2377372927"],"abstract_inverted_index":{"This":[0,76],"paper":[1],"discusses":[2],"the":[3,38,47,59,79,138],"use":[4],"of":[5,21,28,37,50,56,84,97,110,140],"an":[6],"ontology":[7],"to":[8,45,68,123,127],"characterize":[9],"network":[10,22,98,111,141],"behavior":[11,104,112],"features.":[12,113],"Efficient":[13],"and":[14,70,91,133,143],"timely":[15],"threat":[16,74],"detection":[17],"requires":[18],"careful":[19],"examination":[20],"packets":[23],"as":[24,26,65],"well":[25],"integration":[27],"observed":[29],"packet":[30,51],"level":[31],"behaviors":[32,72],"into":[33],"a":[34,43,66,88,93,108,128],"coherent":[35],"view":[36],"network.":[39],"We":[40,100],"focus":[41],"on":[42,82],"method":[44],"capture":[46,69],"semantic":[48],"properties":[49],"transmission":[52],"at":[53],"different":[54],"levels":[55],"granularity,":[57],"making":[58],"case":[60],"for":[61,73],"using":[62,107],"modular":[63,95],"ontologies":[64,83],"tool":[67],"integrate":[71],"detection.":[75],"study":[77],"extends":[78],"existing":[80],"work":[81],"cyber":[85,144],"security,":[86],"embracing":[87],"holistic":[89],"approach":[90,119],"providing":[92],"well-grounded":[94],"representation":[96],"behaviors.":[99],"demonstrate":[101],"how":[102,117],"beaconing":[103,126],"is":[105],"represented":[106],"vocabulary":[109],"Then,":[114],"we":[115],"show":[116],"this":[118],"can":[120],"be":[121],"used":[122],"detect":[124],"malware":[125],"command-and-control":[129],"server.":[130],"Further":[131],"implications":[132],"extensions":[134],"are":[135],"discussed":[136],"in":[137],"context":[139],"intrusion":[142],"security.":[145]},"counts_by_year":[{"year":2024,"cited_by_count":1},{"year":2018,"cited_by_count":1}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}