{"id":"https://openalex.org/W4206956181","doi":"https://doi.org/10.1109/ssci50451.2021.9659955","title":"Near-real-time Anomaly Detection in Encrypted Traffic using Machine Learning Techniques","display_name":"Near-real-time Anomaly Detection in Encrypted Traffic using Machine Learning Techniques","publication_year":2021,"publication_date":"2021-12-05","ids":{"openalex":"https://openalex.org/W4206956181","doi":"https://doi.org/10.1109/ssci50451.2021.9659955"},"language":"en","primary_location":{"id":"doi:10.1109/ssci50451.2021.9659955","is_oa":false,"landing_page_url":"https://doi.org/10.1109/ssci50451.2021.9659955","pdf_url":null,"source":{"id":"https://openalex.org/S4363604921","display_name":"2021 IEEE Symposium Series on Computational Intelligence (SSCI)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2021 IEEE Symposium Series on Computational Intelligence (SSCI)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5005581132","display_name":"Daniele Ucci","orcid":"https://orcid.org/0000-0002-5902-3958"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Daniele Ucci","raw_affiliation_strings":["Data Analytics Team Cyber Security Division, Aizoon Technology Consulting, Turin, Italy"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Data Analytics Team Cyber Security Division, Aizoon Technology Consulting, Turin, Italy","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5014517738","display_name":"Filippo Sobrero","orcid":"https://orcid.org/0009-0003-7677-052X"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Filippo Sobrero","raw_affiliation_strings":["Data Analytics Team Cyber Security Division, Aizoon Technology Consulting, Turin, Italy"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Data Analytics Team Cyber Security Division, Aizoon Technology Consulting, Turin, Italy","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5075110204","display_name":"Federica Bisio","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Federica Bisio","raw_affiliation_strings":["Data Analytics Team Cyber Security Division, Aizoon Technology Consulting, Turin, Italy"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Data Analytics Team Cyber Security Division, Aizoon Technology Consulting, Turin, Italy","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5049852149","display_name":"Matteo Zorzino","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Matteo Zorzino","raw_affiliation_strings":["Cyber Security Division aizoOn Technology Consulting, Intelligent Security Operation Center, Turin, Italy"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Cyber Security Division aizoOn Technology Consulting, Intelligent Security Operation Center, Turin, Italy","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":4,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.9276,"has_fulltext":false,"cited_by_count":6,"citation_normalized_percentile":{"value":0.69331683,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":97},"biblio":{"volume":null,"issue":null,"first_page":"01","last_page":"08"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/encryption","display_name":"Encryption","score":0.7864999771118164},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7201977968215942},{"id":"https://openalex.org/keywords/analytics","display_name":"Analytics","score":0.6773683428764343},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.6307408809661865},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.6107117533683777},{"id":"https://openalex.org/keywords/network-packet","display_name":"Network packet","score":0.5687201619148254},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5321649312973022},{"id":"https://openalex.org/keywords/identification","display_name":"Identification (biology)","score":0.44270968437194824},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.42530545592308044},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.3290427327156067},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.28867703676223755},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.15270981192588806}],"concepts":[{"id":"https://openalex.org/C148730421","wikidata":"https://www.wikidata.org/wiki/Q141090","display_name":"Encryption","level":2,"score":0.7864999771118164},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7201977968215942},{"id":"https://openalex.org/C79158427","wikidata":"https://www.wikidata.org/wiki/Q485396","display_name":"Analytics","level":2,"score":0.6773683428764343},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.6307408809661865},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.6107117533683777},{"id":"https://openalex.org/C158379750","wikidata":"https://www.wikidata.org/wiki/Q214111","display_name":"Network packet","level":2,"score":0.5687201619148254},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5321649312973022},{"id":"https://openalex.org/C116834253","wikidata":"https://www.wikidata.org/wiki/Q2039217","display_name":"Identification (biology)","level":2,"score":0.44270968437194824},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.42530545592308044},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.3290427327156067},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.28867703676223755},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.15270981192588806},{"id":"https://openalex.org/C59822182","wikidata":"https://www.wikidata.org/wiki/Q441","display_name":"Botany","level":1,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/ssci50451.2021.9659955","is_oa":false,"landing_page_url":"https://doi.org/10.1109/ssci50451.2021.9659955","pdf_url":null,"source":{"id":"https://openalex.org/S4363604921","display_name":"2021 IEEE Symposium Series on Computational Intelligence (SSCI)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2021 IEEE Symposium Series on Computational Intelligence (SSCI)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.550000011920929,"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":26,"referenced_works":["https://openalex.org/W395611350","https://openalex.org/W1862271745","https://openalex.org/W2076014973","https://openalex.org/W2114123573","https://openalex.org/W2118286367","https://openalex.org/W2118722179","https://openalex.org/W2537766808","https://openalex.org/W2562370852","https://openalex.org/W2605422749","https://openalex.org/W2733681384","https://openalex.org/W2743556905","https://openalex.org/W2773625629","https://openalex.org/W2783320270","https://openalex.org/W2912711574","https://openalex.org/W2919493784","https://openalex.org/W2963015369","https://openalex.org/W2963065250","https://openalex.org/W3011400958","https://openalex.org/W3089398505","https://openalex.org/W3098102491","https://openalex.org/W4213009331","https://openalex.org/W4234390219","https://openalex.org/W6677599357","https://openalex.org/W6740744476","https://openalex.org/W6785444229","https://openalex.org/W6981170678"],"related_works":["https://openalex.org/W2097492617","https://openalex.org/W2753240997","https://openalex.org/W1764168690","https://openalex.org/W2537959205","https://openalex.org/W2740895074","https://openalex.org/W2772446090","https://openalex.org/W4284893819","https://openalex.org/W3152891574","https://openalex.org/W2249809453","https://openalex.org/W4316881845"],"abstract_inverted_index":{"In":[0,56],"the":[1,4,38,47,112,122,134,179,192],"last":[2],"decade,":[3],"adoption":[5],"of":[6,49,111,124,133,161],"HTTPS":[7,24],"for":[8,53],"securing":[9],"Internet":[10],"communications":[11,33],"increased":[12],"by":[13,25,46,79,153,169],"up":[14],"to":[15,20,23,72,118,189],"90%.":[16],"Threat":[17],"actors":[18],"adapted":[19],"this":[21,57],"transition":[22],"writing":[26],"more":[27],"sophisticated":[28],"malware":[29],"that":[30],"encrypt":[31],"their":[32],"with":[34,83,107,182],"command-and-control":[35],"centers.":[36],"On":[37],"other":[39],"hand,":[40],"network":[41,67,93,114,197],"security":[42,94,155],"appliances":[43],"are":[44],"limited":[45],"impossibility":[48],"inspecting":[50],"packet":[51,159],"payloads":[52],"deeper":[54],"investigations.":[55],"paper,":[58],"we":[59],"propose":[60],"a":[61,84,92,108,142,145,183],"cybersecurity":[62,105],"analytics":[63,88,136,193],"which":[64,103],"monitors":[65,194],"encrypted":[66,196],"flows":[68],"and":[69,77,115,144,157,163,167],"extracts":[70],"features":[71],"detect":[73],"possible":[74],"occurring":[75],"attacks":[76],"anomalies,":[78],"combining":[80],"machine":[81],"learning":[82],"statistical":[85],"approach.":[86],"The":[87,130],"is":[89],"embedded":[90],"in":[91,121],"monitoring":[95],"platform,":[96],"named":[97],"ararnis":[98],"<sup":[99],"xmlns:mml=\"http://www.w3.org/1998/Math/MathML\"":[100],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">\u00ae</sup>":[101],",":[102],"provides":[104],"analysts":[106,156],"comprehensive":[109],"overview":[110],"monitored":[113],"its":[116],"traffic":[117],"support":[119],"them":[120],"identification":[123],"potentially":[125],"malicious":[126,146,180],"activities":[127],"taking":[128],"place.":[129],"detection":[131],"capabilities":[132],"proposed":[135],"have":[137],"been":[138,151],"tested":[139],"both":[140],"on":[141,178],"benign":[143],"dataset.":[147],"This":[148],"latter":[149],"has":[150],"assembled":[152],"our":[154],"includes":[158],"captures":[160],"samples":[162],"tools,":[164],"respectively,":[165],"developed":[166],"used":[168],"worldwide":[170],"leading":[171],"threat":[172],"actors.":[173],"Results":[174],"show":[175],"96.6%":[176],"accuracy":[177],"dataset,":[181],"false":[184],"positive":[185],"rate":[186],"approximatively":[187],"equal":[188],"0.001%":[190],"when":[191],"legitimate":[195],"traffic.":[198]},"counts_by_year":[{"year":2025,"cited_by_count":3},{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":2}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}