{"id":"https://openalex.org/W2766849988","doi":"https://doi.org/10.1109/tifs.2017.2769018","title":"An Effective Payload Attribution Scheme for Cybercriminal Detection Using Compressed Bitmap Index Tables and Traffic Downsampling","display_name":"An Effective Payload Attribution Scheme for Cybercriminal Detection Using Compressed Bitmap Index Tables and Traffic Downsampling","publication_year":2017,"publication_date":"2017-11-01","ids":{"openalex":"https://openalex.org/W2766849988","doi":"https://doi.org/10.1109/tifs.2017.2769018","mag":"2766849988"},"language":"en","primary_location":{"id":"doi:10.1109/tifs.2017.2769018","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tifs.2017.2769018","pdf_url":null,"source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Forensics and Security","raw_type":"journal-article"},"type":"article","indexed_in":["arxiv","crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://arxiv.org/pdf/1906.04998","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5002776249","display_name":"Mohammad Hosseini","orcid":"https://orcid.org/0000-0002-1911-9234"},"institutions":[{"id":"https://openalex.org/I133529467","display_name":"Sharif University of Technology","ror":"https://ror.org/024c2fq17","country_code":"IR","type":"education","lineage":["https://openalex.org/I133529467"]}],"countries":["IR"],"is_corresponding":true,"raw_author_name":"S. Mohammad Hosseini","raw_affiliation_strings":["Department of Computer Engineering, Sharif University of Technology, Tehran, Iran","Sharif Univ. of Technology"],"affiliations":[{"raw_affiliation_string":"Department of Computer Engineering, Sharif University of Technology, Tehran, Iran","institution_ids":["https://openalex.org/I133529467"]},{"raw_affiliation_string":"Sharif Univ. of Technology","institution_ids":["https://openalex.org/I133529467"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5024678473","display_name":"Amir Hossein Jahangir","orcid":"https://orcid.org/0000-0002-8837-0668"},"institutions":[{"id":"https://openalex.org/I133529467","display_name":"Sharif University of Technology","ror":"https://ror.org/024c2fq17","country_code":"IR","type":"education","lineage":["https://openalex.org/I133529467"]}],"countries":["IR"],"is_corresponding":false,"raw_author_name":"Amir Hossein Jahangir","raw_affiliation_strings":["Department of Computer Engineering, Sharif University of Technology, Tehran, Iran","Sharif Univ. of Technology"],"affiliations":[{"raw_affiliation_string":"Department of Computer Engineering, Sharif University of Technology, Tehran, Iran","institution_ids":["https://openalex.org/I133529467"]},{"raw_affiliation_string":"Sharif Univ. of Technology","institution_ids":["https://openalex.org/I133529467"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5002776249"],"corresponding_institution_ids":["https://openalex.org/I133529467"],"apc_list":null,"apc_paid":null,"fwci":0.4379,"has_fulltext":false,"cited_by_count":9,"citation_normalized_percentile":{"value":0.68731978,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":99},"biblio":{"volume":"13","issue":"4","first_page":"850","last_page":"860"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8456846475601196},{"id":"https://openalex.org/keywords/payload","display_name":"Payload (computing)","score":0.6578162908554077},{"id":"https://openalex.org/keywords/bloom-filter","display_name":"Bloom filter","score":0.6033865213394165},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.5510190725326538},{"id":"https://openalex.org/keywords/volume","display_name":"Volume (thermodynamics)","score":0.5347769260406494},{"id":"https://openalex.org/keywords/upsampling","display_name":"Upsampling","score":0.4647566080093384},{"id":"https://openalex.org/keywords/bitmap","display_name":"Bitmap","score":0.456964910030365},{"id":"https://openalex.org/keywords/network-packet","display_name":"Network packet","score":0.3875434398651123},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.3473196029663086},{"id":"https://openalex.org/keywords/real-time-computing","display_name":"Real-time computing","score":0.3382527828216553},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.20925688743591309}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8456846475601196},{"id":"https://openalex.org/C134066672","wikidata":"https://www.wikidata.org/wiki/Q1424639","display_name":"Payload (computing)","level":3,"score":0.6578162908554077},{"id":"https://openalex.org/C147224247","wikidata":"https://www.wikidata.org/wiki/Q885373","display_name":"Bloom filter","level":2,"score":0.6033865213394165},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.5510190725326538},{"id":"https://openalex.org/C20556612","wikidata":"https://www.wikidata.org/wiki/Q4469374","display_name":"Volume (thermodynamics)","level":2,"score":0.5347769260406494},{"id":"https://openalex.org/C110384440","wikidata":"https://www.wikidata.org/wiki/Q1143270","display_name":"Upsampling","level":3,"score":0.4647566080093384},{"id":"https://openalex.org/C3115412","wikidata":"https://www.wikidata.org/wiki/Q1194708","display_name":"Bitmap","level":2,"score":0.456964910030365},{"id":"https://openalex.org/C158379750","wikidata":"https://www.wikidata.org/wiki/Q214111","display_name":"Network packet","level":2,"score":0.3875434398651123},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.3473196029663086},{"id":"https://openalex.org/C79403827","wikidata":"https://www.wikidata.org/wiki/Q3988","display_name":"Real-time computing","level":1,"score":0.3382527828216553},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.20925688743591309},{"id":"https://openalex.org/C115961682","wikidata":"https://www.wikidata.org/wiki/Q860623","display_name":"Image (mathematics)","level":2,"score":0.0},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0},{"id":"https://openalex.org/C62520636","wikidata":"https://www.wikidata.org/wiki/Q944","display_name":"Quantum mechanics","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/tifs.2017.2769018","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tifs.2017.2769018","pdf_url":null,"source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Forensics and Security","raw_type":"journal-article"},{"id":"pmh:oai:arXiv.org:1906.04998","is_oa":true,"landing_page_url":"http://arxiv.org/abs/1906.04998","pdf_url":"https://arxiv.org/pdf/1906.04998","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"}],"best_oa_location":{"id":"pmh:oai:arXiv.org:1906.04998","is_oa":true,"landing_page_url":"http://arxiv.org/abs/1906.04998","pdf_url":"https://arxiv.org/pdf/1906.04998","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},"sustainable_development_goals":[{"score":0.6600000262260437,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":39,"referenced_works":["https://openalex.org/W191282143","https://openalex.org/W405205512","https://openalex.org/W1542195498","https://openalex.org/W1578679497","https://openalex.org/W1970399788","https://openalex.org/W1972374951","https://openalex.org/W1993284846","https://openalex.org/W2014113877","https://openalex.org/W2030005028","https://openalex.org/W2061070202","https://openalex.org/W2066197655","https://openalex.org/W2068234211","https://openalex.org/W2105047865","https://openalex.org/W2111295912","https://openalex.org/W2116236383","https://openalex.org/W2117354552","https://openalex.org/W2119613543","https://openalex.org/W2123845384","https://openalex.org/W2124731132","https://openalex.org/W2134552038","https://openalex.org/W2142215216","https://openalex.org/W2143024194","https://openalex.org/W2148914579","https://openalex.org/W2168595508","https://openalex.org/W2169047570","https://openalex.org/W2295582926","https://openalex.org/W2295872724","https://openalex.org/W2407165745","https://openalex.org/W2460765705","https://openalex.org/W2542765808","https://openalex.org/W3041969239","https://openalex.org/W3137162676","https://openalex.org/W4230727836","https://openalex.org/W4233670650","https://openalex.org/W4251630043","https://openalex.org/W6607796048","https://openalex.org/W6678572820","https://openalex.org/W6713860211","https://openalex.org/W6729088447"],"related_works":["https://openalex.org/W2086572746","https://openalex.org/W2604468458","https://openalex.org/W2157216338","https://openalex.org/W1662107788","https://openalex.org/W121740227","https://openalex.org/W3082379938","https://openalex.org/W2135966669","https://openalex.org/W2118491900","https://openalex.org/W2367834236","https://openalex.org/W3160314615"],"abstract_inverted_index":{"Payload":[0],"attribution":[1],"systems":[2],"(PAS)":[3],"are":[4,143],"one":[5],"of":[6,11,21,40,57,85,89,113,128],"the":[7,19,27,35,52,64,68,83,122,153,184,189],"most":[8],"important":[9],"tools":[10],"network":[12,28,65],"forensics":[13],"for":[14,91,131],"detecting":[15,132],"an":[16],"offender":[17],"after":[18],"occurrence":[20],"a":[22,41,47,72,92,100,111,165],"cybercrime.":[23],"A":[24],"PAS":[25,73],"stores":[26],"traffic":[29,114,174],"history":[30],"in":[31,45,63,121],"order":[32,157],"to":[33,151,158],"detect":[34,152],"source":[36,139],"and":[37,78,140,173,179],"destination":[38,141],"pair":[39],"certain":[42],"data":[43,69,90,94],"stream":[44,95],"case":[46],"malicious":[48,93],"activity":[49],"occurs":[50],"on":[51,109,168],"network.":[53],"The":[54,124],"huge":[55],"volume":[56,88],"information":[58],"that":[59,67,183],"is":[60,134],"daily":[61],"transferred":[62],"means":[66],"stored":[70],"by":[71],"must":[74,96],"be":[75,97],"as":[76,80,146],"compact":[77],"concise":[79],"possible.":[81],"Moreover,":[82],"investigation":[84],"this":[86,104,160],"large":[87],"handled":[98],"within":[99],"reasonable":[101],"time.":[102],"For":[103],"purpose,":[105],"several":[106],"techniques":[107,130],"based":[108,167],"storing":[110],"digest":[112],"using":[115],"Bloom":[116],"filters":[117],"have":[118,163],"been":[119],"proposed":[120,164,185],"literature.":[123],"false":[125,190],"positive":[126,191],"rate":[127],"existing":[129],"cybercriminals":[133],"unacceptably":[135],"high,":[136],"i.e.,":[137],"many":[138],"pairs":[142],"falsely":[144],"determined":[145],"malicious,":[147],"making":[148],"it":[149],"difficult":[150],"true":[154],"criminal.":[155],"In":[156],"ameliorate":[159],"problem,":[161],"we":[162],"solution":[166],"compressed":[169],"bitmap":[170],"index":[171],"tables":[172],"downsampling.":[175],"Our":[176],"analytical":[177],"evaluation":[178],"experimental":[180],"results":[181],"show":[182],"method":[186],"significantly":[187],"reduces":[188],"rate.":[192]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2023,"cited_by_count":1},{"year":2022,"cited_by_count":4},{"year":2021,"cited_by_count":1},{"year":2019,"cited_by_count":1},{"year":2018,"cited_by_count":1}],"updated_date":"2026-03-20T23:20:44.827607","created_date":"2025-10-10T00:00:00"}