{"id":"https://openalex.org/W2944742272","doi":"https://doi.org/10.1109/tifs.2019.2915190","title":"Digesting Network Traffic for Forensic Investigation Using Digital Signal Processing Techniques","display_name":"Digesting Network Traffic for Forensic Investigation Using Digital Signal Processing Techniques","publication_year":2019,"publication_date":"2019-05-08","ids":{"openalex":"https://openalex.org/W2944742272","doi":"https://doi.org/10.1109/tifs.2019.2915190","mag":"2944742272"},"language":"en","primary_location":{"id":"doi:10.1109/tifs.2019.2915190","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tifs.2019.2915190","pdf_url":null,"source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Forensics and Security","raw_type":"journal-article"},"type":"article","indexed_in":["arxiv","crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://arxiv.org/pdf/1910.02023","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":null,"display_name":"S. Mohammad Hosseini","orcid":"https://orcid.org/0000-0002-1911-9234"},"institutions":[{"id":"https://openalex.org/I133529467","display_name":"Sharif University of Technology","ror":"https://ror.org/024c2fq17","country_code":"IR","type":"education","lineage":["https://openalex.org/I133529467"]}],"countries":["IR"],"is_corresponding":true,"raw_author_name":"S. Mohammad Hosseini","raw_affiliation_strings":["Department of Computer Engineering, Sharif University of Technology, Tehran, Iran"],"raw_orcid":"https://orcid.org/0000-0002-1911-9234","affiliations":[{"raw_affiliation_string":"Department of Computer Engineering, Sharif University of Technology, Tehran, Iran","institution_ids":["https://openalex.org/I133529467"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Amir Hossein Jahangir","orcid":"https://orcid.org/0000-0002-8837-0668"},"institutions":[{"id":"https://openalex.org/I133529467","display_name":"Sharif University of Technology","ror":"https://ror.org/024c2fq17","country_code":"IR","type":"education","lineage":["https://openalex.org/I133529467"]}],"countries":["IR"],"is_corresponding":false,"raw_author_name":"Amir Hossein Jahangir","raw_affiliation_strings":["Department of Computer Engineering, Sharif University of Technology, Tehran, Iran"],"raw_orcid":"https://orcid.org/0000-0002-8837-0668","affiliations":[{"raw_affiliation_string":"Department of Computer Engineering, Sharif University of Technology, Tehran, Iran","institution_ids":["https://openalex.org/I133529467"]}]},{"author_position":"last","author":{"id":null,"display_name":"Mehdi Kazemi","orcid":null},"institutions":[{"id":"https://openalex.org/I133529467","display_name":"Sharif University of Technology","ror":"https://ror.org/024c2fq17","country_code":"IR","type":"education","lineage":["https://openalex.org/I133529467"]}],"countries":["IR"],"is_corresponding":false,"raw_author_name":"Mehdi Kazemi","raw_affiliation_strings":["Department of Computer Engineering, Sharif University of Technology, Tehran, Iran"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Computer Engineering, Sharif University of Technology, Tehran, Iran","institution_ids":["https://openalex.org/I133529467"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":[],"corresponding_institution_ids":["https://openalex.org/I133529467"],"apc_list":null,"apc_paid":null,"fwci":0.289,"has_fulltext":false,"cited_by_count":7,"citation_normalized_percentile":{"value":0.65389773,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":98},"biblio":{"volume":"14","issue":"12","first_page":"3312","last_page":"3321"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.76419997215271,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.76419997215271,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.16449999809265137,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.02879999950528145,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/payload","display_name":"Payload (computing)","score":0.739300012588501},{"id":"https://openalex.org/keywords/bloom-filter","display_name":"Bloom filter","score":0.4537000060081482},{"id":"https://openalex.org/keywords/digital-forensics","display_name":"Digital forensics","score":0.4449000060558319},{"id":"https://openalex.org/keywords/digital-signature","display_name":"Digital signature","score":0.38510000705718994},{"id":"https://openalex.org/keywords/volume","display_name":"Volume (thermodynamics)","score":0.35499998927116394},{"id":"https://openalex.org/keywords/population","display_name":"Population","score":0.3384999930858612}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8438000082969666},{"id":"https://openalex.org/C134066672","wikidata":"https://www.wikidata.org/wiki/Q1424639","display_name":"Payload (computing)","level":3,"score":0.739300012588501},{"id":"https://openalex.org/C147224247","wikidata":"https://www.wikidata.org/wiki/Q885373","display_name":"Bloom filter","level":2,"score":0.4537000060081482},{"id":"https://openalex.org/C84418412","wikidata":"https://www.wikidata.org/wiki/Q3246940","display_name":"Digital forensics","level":2,"score":0.4449000060558319},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.39730000495910645},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3970000147819519},{"id":"https://openalex.org/C118463975","wikidata":"https://www.wikidata.org/wiki/Q220849","display_name":"Digital signature","level":3,"score":0.38510000705718994},{"id":"https://openalex.org/C20556612","wikidata":"https://www.wikidata.org/wiki/Q4469374","display_name":"Volume (thermodynamics)","level":2,"score":0.35499998927116394},{"id":"https://openalex.org/C2908647359","wikidata":"https://www.wikidata.org/wiki/Q2625603","display_name":"Population","level":2,"score":0.3384999930858612},{"id":"https://openalex.org/C2781317605","wikidata":"https://www.wikidata.org/wiki/Q7832483","display_name":"Traffic analysis","level":2,"score":0.3352999985218048},{"id":"https://openalex.org/C79403827","wikidata":"https://www.wikidata.org/wiki/Q3988","display_name":"Real-time computing","level":1,"score":0.32120001316070557},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.2831999957561493},{"id":"https://openalex.org/C78548338","wikidata":"https://www.wikidata.org/wiki/Q2493","display_name":"Data compression","level":2,"score":0.27799999713897705},{"id":"https://openalex.org/C2779696439","wikidata":"https://www.wikidata.org/wiki/Q7512811","display_name":"Signature (topology)","level":2,"score":0.2741999924182892},{"id":"https://openalex.org/C104267543","wikidata":"https://www.wikidata.org/wiki/Q208163","display_name":"Signal processing","level":3,"score":0.27410000562667847},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.25450000166893005}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/tifs.2019.2915190","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tifs.2019.2915190","pdf_url":null,"source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Forensics and Security","raw_type":"journal-article"},{"id":"pmh:oai:arXiv.org:1910.02023","is_oa":true,"landing_page_url":"http://arxiv.org/abs/1910.02023","pdf_url":"https://arxiv.org/pdf/1910.02023","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"}],"best_oa_location":{"id":"pmh:oai:arXiv.org:1910.02023","is_oa":true,"landing_page_url":"http://arxiv.org/abs/1910.02023","pdf_url":"https://arxiv.org/pdf/1910.02023","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":19,"referenced_works":["https://openalex.org/W1542195498","https://openalex.org/W1970399788","https://openalex.org/W1972374951","https://openalex.org/W1993284846","https://openalex.org/W2014113877","https://openalex.org/W2031614119","https://openalex.org/W2066197655","https://openalex.org/W2068234211","https://openalex.org/W2111295912","https://openalex.org/W2116236383","https://openalex.org/W2119613543","https://openalex.org/W2123845384","https://openalex.org/W2124423813","https://openalex.org/W2137786570","https://openalex.org/W2140196014","https://openalex.org/W2148914579","https://openalex.org/W2295872724","https://openalex.org/W2766849988","https://openalex.org/W4253072731"],"related_works":[],"abstract_inverted_index":{"One":[0],"of":[1,6,19,26,47,59,76,102,105,175],"the":[2,23,43,56,85,91,173,186,220],"most":[3],"important":[4],"practices":[5],"cybercrime":[7],"investigations":[8],"is":[9,52,117],"to":[10,45,54,62,161,207,225,229],"search":[11],"a":[12,30,73,99,113,149,190,198,215,230],"network":[13],"traffic":[14,48,64,77,128],"history":[15],"for":[16,94,168,202],"an":[17,27,95],"excerpt":[18,44,96],"traffic,":[20],"such":[21,171],"as":[22,172],"disclosed":[24],"information":[25],"organization":[28],"or":[29],"worm's":[31],"signature.":[32],"In":[33,87,108],"post-mortem":[34],"investigations,":[35],"criminals":[36],"and":[37,121,181,196],"targets":[38],"are":[39,165],"detected":[40],"by":[41,134,222],"attributing":[42],"payloads":[46],"flows.":[49],"Since":[50],"it":[51],"impossible":[53],"store":[55],"high":[57],"volume":[58],"data":[60],"related":[61],"long-term":[63],"history,":[65],"payload":[66,140],"attribution":[67,141],"systems":[68],"(PASs)":[69],"based":[70,118],"on":[71,119],"storing":[72],"compact":[74],"digest":[75,93],"using":[78],"Bloom":[79],"filters":[80],"have":[81],"been":[82,132],"presented":[83],"in":[84,98,148,159,189,205],"literature.":[86],"these":[88],"systems,":[89],"querying":[90],"stored":[92],"results":[97,147,188],"low":[100,150],"number":[101],"suspects":[103],"instead":[104],"certain":[106],"criminals.":[107],"this":[109],"paper,":[110],"we":[111],"present":[112],"different":[114],"PAS":[115,212,221],"which":[116,164],"simple":[120],"widespread":[122],"digital":[123],"signal":[124],"processing":[125,200],"techniques.":[126],"Our":[127,178],"digesting":[129],"scheme":[130],"has":[131],"inspired":[133],"DSP-based":[135],"compression":[136],"algorithms.":[137],"The":[138],"proposed":[139],"system,":[142],"named":[143],"DSPAS,":[144],"not":[145],"only":[146],"false":[151,193],"positive":[152,194],"rate":[153,195],"but":[154],"also":[155,197],"outperforms":[156],"previous":[157,208],"schemes":[158],"response":[160],"wildcard":[162,203],"queries":[163,204],"essentially":[166],"applicable":[167],"complex":[169],"excerpts,":[170],"signature":[174],"polymorphic":[176],"worms.":[177],"theoretical":[179],"analysis":[180],"practical":[182],"evaluations":[183],"show":[184],"that":[185],"DSPAS":[187],"significantly":[191],"lower":[192,199],"time":[201],"comparison":[206],"works.":[209],"Moreover,":[210],"our":[211],"can":[213],"prevent":[214],"malicious":[216],"insider":[217],"from":[218],"evading":[219],"its":[223],"ability":[224],"find":[226],"strings":[227],"similar":[228],"queried":[231],"excerpt.":[232]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":1},{"year":2022,"cited_by_count":1},{"year":2021,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2019-05-16T00:00:00"}