{"id":"https://openalex.org/W3120695945","doi":"https://doi.org/10.1109/nca51143.2020.9306732","title":"Go With the Flow: Clustering Dynamically-Defined NetFlow Features for Network Intrusion Detection with DynIDS","display_name":"Go With the Flow: Clustering Dynamically-Defined NetFlow Features for Network Intrusion Detection with DynIDS","publication_year":2020,"publication_date":"2020-11-24","ids":{"openalex":"https://openalex.org/W3120695945","doi":"https://doi.org/10.1109/nca51143.2020.9306732","mag":"3120695945"},"language":"en","primary_location":{"id":"doi:10.1109/nca51143.2020.9306732","is_oa":false,"landing_page_url":"https://doi.org/10.1109/nca51143.2020.9306732","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2020 IEEE 19th International Symposium on Network Computing and Applications (NCA)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5033568694","display_name":"Lu\u00eds Dias","orcid":"https://orcid.org/0000-0003-2842-6655"},"institutions":[{"id":"https://openalex.org/I121345201","display_name":"Instituto de Engenharia de Sistemas e Computadores Investiga\u00e7\u00e3o e Desenvolvimento","ror":"https://ror.org/04mqy3p58","country_code":"PT","type":"nonprofit","lineage":["https://openalex.org/I121345201","https://openalex.org/I4210125590"]},{"id":"https://openalex.org/I141596103","display_name":"University of Lisbon","ror":"https://ror.org/01c27hj86","country_code":"PT","type":"education","lineage":["https://openalex.org/I141596103"]}],"countries":["PT"],"is_corresponding":true,"raw_author_name":"Luis Dias","raw_affiliation_strings":["INESC-ID, Instituto Superior T\u00e9cnico, Universidade de Lisboa, Portugal"],"affiliations":[{"raw_affiliation_string":"INESC-ID, Instituto Superior T\u00e9cnico, Universidade de Lisboa, Portugal","institution_ids":["https://openalex.org/I121345201","https://openalex.org/I141596103"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5008742989","display_name":"Sim\u00e3o Valente","orcid":"https://orcid.org/0000-0002-6099-8082"},"institutions":[{"id":"https://openalex.org/I141596103","display_name":"University of Lisbon","ror":"https://ror.org/01c27hj86","country_code":"PT","type":"education","lineage":["https://openalex.org/I141596103"]},{"id":"https://openalex.org/I121345201","display_name":"Instituto de Engenharia de Sistemas e Computadores Investiga\u00e7\u00e3o e Desenvolvimento","ror":"https://ror.org/04mqy3p58","country_code":"PT","type":"nonprofit","lineage":["https://openalex.org/I121345201","https://openalex.org/I4210125590"]}],"countries":["PT"],"is_corresponding":false,"raw_author_name":"Simao Valente","raw_affiliation_strings":["INESC-ID, Instituto Superior T\u00e9cnico, Universidade de Lisboa, Portugal"],"affiliations":[{"raw_affiliation_string":"INESC-ID, Instituto Superior T\u00e9cnico, Universidade de Lisboa, Portugal","institution_ids":["https://openalex.org/I121345201","https://openalex.org/I141596103"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5016455665","display_name":"Miguel Correia","orcid":"https://orcid.org/0000-0001-7873-5531"},"institutions":[{"id":"https://openalex.org/I141596103","display_name":"University of Lisbon","ror":"https://ror.org/01c27hj86","country_code":"PT","type":"education","lineage":["https://openalex.org/I141596103"]},{"id":"https://openalex.org/I121345201","display_name":"Instituto de Engenharia de Sistemas e Computadores Investiga\u00e7\u00e3o e Desenvolvimento","ror":"https://ror.org/04mqy3p58","country_code":"PT","type":"nonprofit","lineage":["https://openalex.org/I121345201","https://openalex.org/I4210125590"]}],"countries":["PT"],"is_corresponding":false,"raw_author_name":"Miguel Correia","raw_affiliation_strings":["INESC-ID, Instituto Superior T\u00e9cnico, Universidade de Lisboa, Portugal"],"affiliations":[{"raw_affiliation_string":"INESC-ID, Instituto Superior T\u00e9cnico, Universidade de Lisboa, Portugal","institution_ids":["https://openalex.org/I121345201","https://openalex.org/I141596103"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5033568694"],"corresponding_institution_ids":["https://openalex.org/I121345201","https://openalex.org/I141596103"],"apc_list":null,"apc_paid":null,"fwci":1.4565,"has_fulltext":false,"cited_by_count":16,"citation_normalized_percentile":{"value":0.84130154,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":94,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"10"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12326","display_name":"Network Packet Processing and Optimization","score":0.9901000261306763,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/netflow","display_name":"NetFlow","score":0.8890407085418701},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7819370031356812},{"id":"https://openalex.org/keywords/cluster-analysis","display_name":"Cluster analysis","score":0.7713196277618408},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.7578942775726318},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.6210654377937317},{"id":"https://openalex.org/keywords/aggregate","display_name":"Aggregate (composite)","score":0.5793571472167969},{"id":"https://openalex.org/keywords/curse-of-dimensionality","display_name":"Curse of dimensionality","score":0.530222475528717},{"id":"https://openalex.org/keywords/set","display_name":"Set (abstract data type)","score":0.510410726070404},{"id":"https://openalex.org/keywords/data-set","display_name":"Data set","score":0.42152416706085205},{"id":"https://openalex.org/keywords/anomaly-based-intrusion-detection-system","display_name":"Anomaly-based intrusion detection system","score":0.41197672486305237},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.35982292890548706},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.34201934933662415},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.17978957295417786}],"concepts":[{"id":"https://openalex.org/C188067584","wikidata":"https://www.wikidata.org/wiki/Q219363","display_name":"NetFlow","level":2,"score":0.8890407085418701},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7819370031356812},{"id":"https://openalex.org/C73555534","wikidata":"https://www.wikidata.org/wiki/Q622825","display_name":"Cluster analysis","level":2,"score":0.7713196277618408},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.7578942775726318},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.6210654377937317},{"id":"https://openalex.org/C4679612","wikidata":"https://www.wikidata.org/wiki/Q866298","display_name":"Aggregate (composite)","level":2,"score":0.5793571472167969},{"id":"https://openalex.org/C111030470","wikidata":"https://www.wikidata.org/wiki/Q1430460","display_name":"Curse of dimensionality","level":2,"score":0.530222475528717},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.510410726070404},{"id":"https://openalex.org/C58489278","wikidata":"https://www.wikidata.org/wiki/Q1172284","display_name":"Data set","level":2,"score":0.42152416706085205},{"id":"https://openalex.org/C137524506","wikidata":"https://www.wikidata.org/wiki/Q2247688","display_name":"Anomaly-based intrusion detection system","level":3,"score":0.41197672486305237},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.35982292890548706},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.34201934933662415},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.17978957295417786},{"id":"https://openalex.org/C159985019","wikidata":"https://www.wikidata.org/wiki/Q181790","display_name":"Composite material","level":1,"score":0.0},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0},{"id":"https://openalex.org/C192562407","wikidata":"https://www.wikidata.org/wiki/Q228736","display_name":"Materials science","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/nca51143.2020.9306732","is_oa":false,"landing_page_url":"https://doi.org/10.1109/nca51143.2020.9306732","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2020 IEEE 19th International Symposium on Network Computing and Applications (NCA)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.6100000143051147,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":54,"referenced_works":["https://openalex.org/W40890042","https://openalex.org/W42722137","https://openalex.org/W1128809682","https://openalex.org/W1507388815","https://openalex.org/W1673310716","https://openalex.org/W1680622244","https://openalex.org/W1775772884","https://openalex.org/W1966809779","https://openalex.org/W1972645849","https://openalex.org/W1975415766","https://openalex.org/W1990089904","https://openalex.org/W1994212840","https://openalex.org/W2006907251","https://openalex.org/W2011301426","https://openalex.org/W2011430131","https://openalex.org/W2029979651","https://openalex.org/W2092799168","https://openalex.org/W2097364154","https://openalex.org/W2101234009","https://openalex.org/W2103116581","https://openalex.org/W2108142795","https://openalex.org/W2109807070","https://openalex.org/W2115967611","https://openalex.org/W2127218421","https://openalex.org/W2129139910","https://openalex.org/W2153233077","https://openalex.org/W2158703410","https://openalex.org/W2160197181","https://openalex.org/W2160642098","https://openalex.org/W2171667726","https://openalex.org/W2182343634","https://openalex.org/W2242464395","https://openalex.org/W2255206882","https://openalex.org/W2284033649","https://openalex.org/W2292529361","https://openalex.org/W2342249984","https://openalex.org/W2408793237","https://openalex.org/W2422558391","https://openalex.org/W2527802371","https://openalex.org/W2740924709","https://openalex.org/W2789828921","https://openalex.org/W2891980516","https://openalex.org/W2951333071","https://openalex.org/W2951566836","https://openalex.org/W2965541274","https://openalex.org/W2995052153","https://openalex.org/W4237171445","https://openalex.org/W4248606406","https://openalex.org/W4253269957","https://openalex.org/W6637131181","https://openalex.org/W6638021444","https://openalex.org/W6675354045","https://openalex.org/W6678914141","https://openalex.org/W6703928569"],"related_works":["https://openalex.org/W2337148208","https://openalex.org/W3004832009","https://openalex.org/W3036013726","https://openalex.org/W1971929717","https://openalex.org/W1724519426","https://openalex.org/W2351051591","https://openalex.org/W2369534771","https://openalex.org/W2357468538","https://openalex.org/W1548126107","https://openalex.org/W2209997499"],"abstract_inverted_index":{"The":[0],"paper":[1],"presents":[2],"DynIDS,":[3],"a":[4,48,63,103],"network":[5,28,43],"intrusion":[6,44],"detection":[7,45],"approach":[8],"that":[9,72,82],"flags":[10],"malicious":[11],"activity":[12],"without":[13,74],"previous":[14,41],"knowledge":[15],"about":[16],"attacks":[17],"or":[18],"training":[19],"data.":[20],"DynIDS":[21,97],"dynamically":[22],"defines":[23],"and":[24,30,102],"extracts":[25],"features":[26,66],"from":[27],"data,":[29],"uses":[31],"clustering":[32],"algorithms":[33],"to":[34,56],"aggregate":[35],"hosts":[36],"with":[37,99],"similar":[38],"behavior.":[39],"All":[40],"clustering-based":[42],"approaches":[46],"use":[47,62],"static":[49],"set":[50,64],"of":[51,65,79,90,93],"features,":[52],"restricting":[53],"their":[54],"ability":[55],"detect":[57],"certain":[58],"attacks.":[59],"Instead,":[60],"we":[61,83],"defined":[67],"dynamically,":[68],"at":[69],"runtime,":[70],"avoiding":[71],"restriction":[73],"falling":[75],"into":[76],"the":[77,88],"curse":[78],"dimensionality,":[80],"something":[81],"believe":[84],"is":[85],"essential":[86],"for":[87],"adoption":[89],"this":[91],"kind":[92],"approaches.":[94],"We":[95],"evaluated":[96],"experimentally":[98],"an":[100],"evaluation":[101],"real-world":[104],"dataset,":[105],"obtaining":[106],"better":[107],"F-Score":[108],"than":[109],"alternative":[110],"solutions.":[111]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":4},{"year":2024,"cited_by_count":2},{"year":2023,"cited_by_count":2},{"year":2022,"cited_by_count":2},{"year":2021,"cited_by_count":3},{"year":2020,"cited_by_count":2}],"updated_date":"2026-04-13T07:58:08.660418","created_date":"2025-10-10T00:00:00"}