{"id":"https://openalex.org/W2100659764","doi":"https://doi.org/10.1109/saint.2004.1266117","title":"Malicious sniffing systems detection platform","display_name":"Malicious sniffing systems detection platform","publication_year":2004,"publication_date":"2004-05-25","ids":{"openalex":"https://openalex.org/W2100659764","doi":"https://doi.org/10.1109/saint.2004.1266117","mag":"2100659764"},"language":"en","primary_location":{"id":"doi:10.1109/saint.2004.1266117","is_oa":false,"landing_page_url":"https://doi.org/10.1109/saint.2004.1266117","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"CCECE 2003 - Canadian Conference on Electrical and Computer Engineering. Toward a Caring and Humane Technology (Cat. No.03CH37436)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5011728448","display_name":"Zouheir Trabelsi","orcid":"https://orcid.org/0000-0001-8686-8975"},"institutions":[{"id":"https://openalex.org/I4210120884","display_name":"Institut Sup\u00e9rieur des \u00c9tudes Technologiques en Communications de Tunis","ror":"https://ror.org/02rfbsc53","country_code":"TN","type":"education","lineage":["https://openalex.org/I4210120884"]}],"countries":["TN"],"is_corresponding":true,"raw_author_name":"Z. Trabelsi","raw_affiliation_strings":["College of Telecommunications (SUPCOM), University of Tunisia Cit\u00e9 Technologique des Communications, Ariana, Tunisia","Coll. of Telecommun., Tunisia Univ., Ariana, Tunisia"],"affiliations":[{"raw_affiliation_string":"College of Telecommunications (SUPCOM), University of Tunisia Cit\u00e9 Technologique des Communications, Ariana, Tunisia","institution_ids":["https://openalex.org/I4210120884"]},{"raw_affiliation_string":"Coll. of Telecommun., Tunisia Univ., Ariana, Tunisia","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5090319465","display_name":"Hamza Rahmani","orcid":null},"institutions":[{"id":"https://openalex.org/I4210120884","display_name":"Institut Sup\u00e9rieur des \u00c9tudes Technologiques en Communications de Tunis","ror":"https://ror.org/02rfbsc53","country_code":"TN","type":"education","lineage":["https://openalex.org/I4210120884"]}],"countries":["TN"],"is_corresponding":false,"raw_author_name":"H. Rahmani","raw_affiliation_strings":["College of Telecommunications (SUPCOM), University of Tunisia Cit\u00e9 Technologique des Communications, Ariana, Tunisia","Coll. of Telecommun., Tunisia Univ., Ariana, Tunisia"],"affiliations":[{"raw_affiliation_string":"College of Telecommunications (SUPCOM), University of Tunisia Cit\u00e9 Technologique des Communications, Ariana, Tunisia","institution_ids":["https://openalex.org/I4210120884"]},{"raw_affiliation_string":"Coll. of Telecommun., Tunisia Univ., Ariana, Tunisia","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5082634945","display_name":"K. Kaouech","orcid":null},"institutions":[{"id":"https://openalex.org/I4210120884","display_name":"Institut Sup\u00e9rieur des \u00c9tudes Technologiques en Communications de Tunis","ror":"https://ror.org/02rfbsc53","country_code":"TN","type":"education","lineage":["https://openalex.org/I4210120884"]}],"countries":["TN"],"is_corresponding":false,"raw_author_name":"K. Kaouech","raw_affiliation_strings":["College of Telecommunications (SUPCOM), University of Tunisia Cit\u00e9 Technologique des Communications, Ariana, Tunisia","Coll. of Telecommun., Tunisia Univ., Ariana, Tunisia"],"affiliations":[{"raw_affiliation_string":"College of Telecommunications (SUPCOM), University of Tunisia Cit\u00e9 Technologique des Communications, Ariana, Tunisia","institution_ids":["https://openalex.org/I4210120884"]},{"raw_affiliation_string":"Coll. of Telecommun., Tunisia Univ., Ariana, Tunisia","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5068044579","display_name":"Mondher Frikha","orcid":"https://orcid.org/0000-0003-2584-5141"},"institutions":[{"id":"https://openalex.org/I4210120884","display_name":"Institut Sup\u00e9rieur des \u00c9tudes Technologiques en Communications de Tunis","ror":"https://ror.org/02rfbsc53","country_code":"TN","type":"education","lineage":["https://openalex.org/I4210120884"]}],"countries":["TN"],"is_corresponding":false,"raw_author_name":"M. Frikha","raw_affiliation_strings":["College of Telecommunications (SUPCOM), University of Tunisia Cit\u00e9 Technologique des Communications, Ariana, Tunisia","Coll. of Telecommun., Tunisia Univ., Ariana, Tunisia"],"affiliations":[{"raw_affiliation_string":"College of Telecommunications (SUPCOM), University of Tunisia Cit\u00e9 Technologique des Communications, Ariana, Tunisia","institution_ids":["https://openalex.org/I4210120884"]},{"raw_affiliation_string":"Coll. of Telecommun., Tunisia Univ., Ariana, Tunisia","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5011728448"],"corresponding_institution_ids":["https://openalex.org/I4210120884"],"apc_list":null,"apc_paid":null,"fwci":0.4986,"has_fulltext":false,"cited_by_count":38,"citation_normalized_percentile":{"value":0.73529223,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"201","last_page":"207"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9991999864578247,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9890000224113464,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7606707811355591},{"id":"https://openalex.org/keywords/network-packet","display_name":"Network packet","score":0.7419425249099731},{"id":"https://openalex.org/keywords/network-administrator","display_name":"Network administrator","score":0.7371985912322998},{"id":"https://openalex.org/keywords/host","display_name":"Host (biology)","score":0.719232439994812},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.632798433303833},{"id":"https://openalex.org/keywords/password","display_name":"Password","score":0.5900298953056335},{"id":"https://openalex.org/keywords/netflow","display_name":"NetFlow","score":0.5360683798789978},{"id":"https://openalex.org/keywords/internet-control-message-protocol","display_name":"Internet Control Message Protocol","score":0.534934937953949},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.49076494574546814},{"id":"https://openalex.org/keywords/arp-spoofing","display_name":"ARP spoofing","score":0.4865478575229645},{"id":"https://openalex.org/keywords/packet-analyzer","display_name":"Packet analyzer","score":0.4629666805267334},{"id":"https://openalex.org/keywords/network-interface-controller","display_name":"Network interface controller","score":0.46186429262161255},{"id":"https://openalex.org/keywords/ethernet","display_name":"Ethernet","score":0.4537534713745117},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.4505603015422821},{"id":"https://openalex.org/keywords/botnet","display_name":"Botnet","score":0.4321017861366272},{"id":"https://openalex.org/keywords/denial-of-service-attack","display_name":"Denial-of-service attack","score":0.4285489022731781},{"id":"https://openalex.org/keywords/network-security","display_name":"Network security","score":0.413075715303421},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.3204922676086426},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.3153279721736908},{"id":"https://openalex.org/keywords/network-address-translation","display_name":"Network address translation","score":0.2520653307437897},{"id":"https://openalex.org/keywords/internet-protocol","display_name":"Internet Protocol","score":0.20592349767684937}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7606707811355591},{"id":"https://openalex.org/C158379750","wikidata":"https://www.wikidata.org/wiki/Q214111","display_name":"Network packet","level":2,"score":0.7419425249099731},{"id":"https://openalex.org/C2779173999","wikidata":"https://www.wikidata.org/wiki/Q680296","display_name":"Network administrator","level":2,"score":0.7371985912322998},{"id":"https://openalex.org/C126831891","wikidata":"https://www.wikidata.org/wiki/Q221673","display_name":"Host (biology)","level":2,"score":0.719232439994812},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.632798433303833},{"id":"https://openalex.org/C109297577","wikidata":"https://www.wikidata.org/wiki/Q161157","display_name":"Password","level":2,"score":0.5900298953056335},{"id":"https://openalex.org/C188067584","wikidata":"https://www.wikidata.org/wiki/Q219363","display_name":"NetFlow","level":2,"score":0.5360683798789978},{"id":"https://openalex.org/C195219913","wikidata":"https://www.wikidata.org/wiki/Q13162","display_name":"Internet Control Message Protocol","level":3,"score":0.534934937953949},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.49076494574546814},{"id":"https://openalex.org/C86255107","wikidata":"https://www.wikidata.org/wiki/Q296847","display_name":"ARP spoofing","level":5,"score":0.4865478575229645},{"id":"https://openalex.org/C95362637","wikidata":"https://www.wikidata.org/wiki/Q54366","display_name":"Packet analyzer","level":3,"score":0.4629666805267334},{"id":"https://openalex.org/C171659815","wikidata":"https://www.wikidata.org/wiki/Q165233","display_name":"Network interface controller","level":2,"score":0.46186429262161255},{"id":"https://openalex.org/C172173386","wikidata":"https://www.wikidata.org/wiki/Q79984","display_name":"Ethernet","level":2,"score":0.4537534713745117},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.4505603015422821},{"id":"https://openalex.org/C22735295","wikidata":"https://www.wikidata.org/wiki/Q317671","display_name":"Botnet","level":3,"score":0.4321017861366272},{"id":"https://openalex.org/C38822068","wikidata":"https://www.wikidata.org/wiki/Q131406","display_name":"Denial-of-service attack","level":3,"score":0.4285489022731781},{"id":"https://openalex.org/C182590292","wikidata":"https://www.wikidata.org/wiki/Q989632","display_name":"Network security","level":2,"score":0.413075715303421},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.3204922676086426},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.3153279721736908},{"id":"https://openalex.org/C147873670","wikidata":"https://www.wikidata.org/wiki/Q11182","display_name":"Network address translation","level":4,"score":0.2520653307437897},{"id":"https://openalex.org/C35341882","wikidata":"https://www.wikidata.org/wiki/Q8795","display_name":"Internet Protocol","level":3,"score":0.20592349767684937},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C18903297","wikidata":"https://www.wikidata.org/wiki/Q7150","display_name":"Ecology","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/saint.2004.1266117","is_oa":false,"landing_page_url":"https://doi.org/10.1109/saint.2004.1266117","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"CCECE 2003 - Canadian Conference on Electrical and Computer Engineering. Toward a Caring and Humane Technology (Cat. No.03CH37436)","raw_type":"proceedings-article"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.459.2714","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.459.2714","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://www.cse.scu.edu/~tschwarz/COEN152_06/Lectures/01266117.pdf","raw_type":"text"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.7400000095367432,"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":9,"referenced_works":["https://openalex.org/W1540641082","https://openalex.org/W1629946144","https://openalex.org/W1894334734","https://openalex.org/W1920802909","https://openalex.org/W2089861006","https://openalex.org/W3198712592","https://openalex.org/W4230038347","https://openalex.org/W4230634801","https://openalex.org/W4235381699"],"related_works":["https://openalex.org/W2596839210","https://openalex.org/W2360330114","https://openalex.org/W1999777453","https://openalex.org/W67669235","https://openalex.org/W3013879072","https://openalex.org/W2392689070","https://openalex.org/W2347982600","https://openalex.org/W2389067198","https://openalex.org/W2557588416","https://openalex.org/W4255720194"],"abstract_inverted_index":{"Among":[0],"various":[1],"types":[2],"of":[3,15,105,162,189,194,232],"attacks":[4,19],"on":[5,120,150,170,234],"an":[6,34,121,235],"Ethernet":[7,35,122,236],"network,":[8,36],"a":[9,27,50,118,145,166,179,203,208,226],"\"sniffing":[10],"attack\"":[11],"is":[12,53,168,177,211],"probably":[13],"one":[14],"the":[16,39,46,55,61,65,84,101,151,158,163,174,187,190,230],"most":[17],"difficult":[18],"to":[20,29,64,92,113,134,144,198],"handle.":[21],"Sniffers":[22,86],"are":[23,216,242],"programs":[24],"that":[25,221],"allow":[26],"host":[28,116,176],"capture":[30,93],"any":[31,115],"packets":[32,62,139,196],"in":[33,54,80,83,218],"by":[37,90],"putting":[38],"host's":[40,51],"network":[41],"interface":[42],"card":[43],"(NIC)":[44],"into":[45],"promiscuous":[47],"mode.":[48],"When":[49],"NIC":[52],"normal":[56],"mode,":[57],"it":[58],"captures":[59],"only":[60],"sent":[63,197],"host.":[66,147],"Since":[67],"many":[68],"basic":[69],"services,":[70],"such":[71],"as":[72],"FTP":[73],"and":[74,78,95,103,157,239],"SMTP,":[75],"send":[76,135],"passwords":[77,94],"data":[79],"clear":[81],"text":[82],"packets,":[85],"can":[87,110],"be":[88,111],"used":[89,112],"hackers":[91],"confidential":[96],"data.":[97],"This":[98],"paper":[99],"presents":[100],"design":[102],"implementation":[104],"two":[106,214,219],"different":[107],"techniques":[108,215],"which":[109],"detect":[114],"running":[117,178],"sniffer":[119],"network.":[123,237],"The":[124,181,213],"first":[125,133],"technique,":[126,183],"ARP":[127,137],"(address":[128],"resolution":[129],"protocol)":[130],"detection,":[131,185],"attempts":[132],"trap":[136],"request":[138],"with":[140],"fake":[141],"hardware":[142],"addresses,":[143],"suspicious":[146,164,175,199],"Then,":[148,201],"based":[149],"generated":[152],"responses":[153],"(ARP":[154],"reply":[155],"packets)":[156],"operating":[159],"system":[160,224],"(OS)":[161],"host,":[165],"decision":[167,210],"made":[169],"whether":[171],"or":[172],"not":[173],"sniffer.":[180],"second":[182],"RTT":[184,191],"uses":[186],"measurement":[188],"(round-trip":[192],"time)":[193],"ICMP":[195],"hosts.":[200],"using":[202],"statistical":[204],"model":[205],"(the":[206],"z-statistics)":[207],"probabilistic":[209],"made.":[212],"implemented":[217],"tools":[220],"automatically":[222],"give":[223],"administrator":[225],"helping":[227],"hand":[228],"regarding":[229],"detection":[231],"sniffers":[233],"Related":[238],"future":[240],"works":[241],"discussed.":[243]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":3},{"year":2023,"cited_by_count":1},{"year":2021,"cited_by_count":2},{"year":2020,"cited_by_count":1},{"year":2019,"cited_by_count":1},{"year":2018,"cited_by_count":3},{"year":2017,"cited_by_count":1},{"year":2016,"cited_by_count":4},{"year":2015,"cited_by_count":3},{"year":2014,"cited_by_count":1},{"year":2013,"cited_by_count":4},{"year":2012,"cited_by_count":3}],"updated_date":"2026-04-05T17:49:38.594831","created_date":"2025-10-10T00:00:00"}