{"id":"https://openalex.org/W1972428331","doi":"https://doi.org/10.1109/tnet.2014.2381230","title":"A Semantics-Aware Approach to the Automated Network Protocol Identification","display_name":"A Semantics-Aware Approach to the Automated Network Protocol Identification","publication_year":2015,"publication_date":"2015-01-08","ids":{"openalex":"https://openalex.org/W1972428331","doi":"https://doi.org/10.1109/tnet.2014.2381230","mag":"1972428331"},"language":"en","primary_location":{"id":"doi:10.1109/tnet.2014.2381230","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tnet.2014.2381230","pdf_url":null,"source":{"id":"https://openalex.org/S62238642","display_name":"IEEE/ACM Transactions on Networking","issn_l":"1063-6692","issn":["1063-6692","1558-2566"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE/ACM Transactions on Networking","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5028040417","display_name":"Xiaochun Yun","orcid":"https://orcid.org/0000-0003-2849-1086"},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"government","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Xiaochun Yun","raw_affiliation_strings":["Chinese Academy of Sciences, Institute of Information Engineering, Beijing, China","Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Chinese Academy of Sciences, Institute of Information Engineering, Beijing, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]},{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Yipeng Wang","orcid":null},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"government","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yipeng Wang","raw_affiliation_strings":["Chinese Academy of Sciences, Institute of Information Engineering, Beijing, China","Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Chinese Academy of Sciences, Institute of Information Engineering, Beijing, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]},{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100715812","display_name":"Yongzheng Zhang","orcid":"https://orcid.org/0000-0002-1895-9215"},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"government","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yongzheng Zhang","raw_affiliation_strings":["Chinese Academy of Sciences, Institute of Information Engineering, Beijing, China","Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Chinese Academy of Sciences, Institute of Information Engineering, Beijing, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]},{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5016175345","display_name":"Yu Zhou","orcid":"https://orcid.org/0000-0003-4188-9953"},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"government","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yu Zhou","raw_affiliation_strings":["Chinese Academy of Sciences, Institute of Information Engineering, Beijing, China","Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Chinese Academy of Sciences, Institute of Information Engineering, Beijing, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]},{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5028040417"],"corresponding_institution_ids":["https://openalex.org/I19820366","https://openalex.org/I4210156404"],"apc_list":null,"apc_paid":null,"fwci":10.7189,"has_fulltext":false,"cited_by_count":93,"citation_normalized_percentile":{"value":0.98226263,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":94,"max":100},"biblio":{"volume":"24","issue":"1","first_page":"583","last_page":"595"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12326","display_name":"Network Packet Processing and Optimization","score":0.9988999962806702,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.9036552906036377},{"id":"https://openalex.org/keywords/protocol","display_name":"Protocol (science)","score":0.5602357387542725},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.5444343090057373},{"id":"https://openalex.org/keywords/bittorrent","display_name":"BitTorrent","score":0.502959668636322},{"id":"https://openalex.org/keywords/tunneling-protocol","display_name":"Tunneling protocol","score":0.4760165810585022},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.46224096417427063},{"id":"https://openalex.org/keywords/network-packet","display_name":"Network packet","score":0.4569559097290039},{"id":"https://openalex.org/keywords/internet-protocol-suite","display_name":"Internet protocol suite","score":0.4406053423881531},{"id":"https://openalex.org/keywords/identifier","display_name":"Identifier","score":0.42430436611175537},{"id":"https://openalex.org/keywords/peer-to-peer","display_name":"Peer-to-peer","score":0.1582154631614685},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.15601861476898193}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.9036552906036377},{"id":"https://openalex.org/C2780385302","wikidata":"https://www.wikidata.org/wiki/Q367158","display_name":"Protocol (science)","level":3,"score":0.5602357387542725},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.5444343090057373},{"id":"https://openalex.org/C520566109","wikidata":"https://www.wikidata.org/wiki/Q133862","display_name":"BitTorrent","level":3,"score":0.502959668636322},{"id":"https://openalex.org/C76885553","wikidata":"https://www.wikidata.org/wiki/Q957589","display_name":"Tunneling protocol","level":4,"score":0.4760165810585022},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.46224096417427063},{"id":"https://openalex.org/C158379750","wikidata":"https://www.wikidata.org/wiki/Q214111","display_name":"Network packet","level":2,"score":0.4569559097290039},{"id":"https://openalex.org/C65567647","wikidata":"https://www.wikidata.org/wiki/Q81414","display_name":"Internet protocol suite","level":3,"score":0.4406053423881531},{"id":"https://openalex.org/C154504017","wikidata":"https://www.wikidata.org/wiki/Q853614","display_name":"Identifier","level":2,"score":0.42430436611175537},{"id":"https://openalex.org/C534932454","wikidata":"https://www.wikidata.org/wiki/Q161410","display_name":"Peer-to-peer","level":2,"score":0.1582154631614685},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.15601861476898193},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.0},{"id":"https://openalex.org/C142724271","wikidata":"https://www.wikidata.org/wiki/Q7208","display_name":"Pathology","level":1,"score":0.0},{"id":"https://openalex.org/C71924100","wikidata":"https://www.wikidata.org/wiki/Q11190","display_name":"Medicine","level":0,"score":0.0},{"id":"https://openalex.org/C204787440","wikidata":"https://www.wikidata.org/wiki/Q188504","display_name":"Alternative medicine","level":2,"score":0.0},{"id":"https://openalex.org/C151730666","wikidata":"https://www.wikidata.org/wiki/Q7205","display_name":"Paleontology","level":1,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tnet.2014.2381230","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tnet.2014.2381230","pdf_url":null,"source":{"id":"https://openalex.org/S62238642","display_name":"IEEE/ACM Transactions on Networking","issn_l":"1063-6692","issn":["1063-6692","1558-2566"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE/ACM Transactions on Networking","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G363069508","display_name":null,"funder_award_id":"61402472","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G8639760124","display_name":null,"funder_award_id":"61303170","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":43,"referenced_works":["https://openalex.org/W1482382132","https://openalex.org/W1496875660","https://openalex.org/W1538375546","https://openalex.org/W1574901103","https://openalex.org/W1880262756","https://openalex.org/W1918274310","https://openalex.org/W1968002881","https://openalex.org/W1973668864","https://openalex.org/W1975570633","https://openalex.org/W1999880153","https://openalex.org/W2001082470","https://openalex.org/W2008993342","https://openalex.org/W2019774807","https://openalex.org/W2026065824","https://openalex.org/W2049867480","https://openalex.org/W2049882758","https://openalex.org/W2055261595","https://openalex.org/W2056325176","https://openalex.org/W2075798023","https://openalex.org/W2085092855","https://openalex.org/W2110591510","https://openalex.org/W2115675703","https://openalex.org/W2122160290","https://openalex.org/W2122226347","https://openalex.org/W2133473417","https://openalex.org/W2137831706","https://openalex.org/W2140839850","https://openalex.org/W2141950720","https://openalex.org/W2144801155","https://openalex.org/W2145802904","https://openalex.org/W2148346742","https://openalex.org/W2151191426","https://openalex.org/W2168883902","https://openalex.org/W2511353470","https://openalex.org/W4236506014","https://openalex.org/W4237791300","https://openalex.org/W4256038730","https://openalex.org/W6628807819","https://openalex.org/W6632460521","https://openalex.org/W6640164566","https://openalex.org/W6642404687","https://openalex.org/W6655507990","https://openalex.org/W6884739614"],"related_works":["https://openalex.org/W2374988017","https://openalex.org/W3008319526","https://openalex.org/W2358285889","https://openalex.org/W2741684734","https://openalex.org/W1599215918","https://openalex.org/W4250093546","https://openalex.org/W2363852297","https://openalex.org/W2005183672","https://openalex.org/W2388383092","https://openalex.org/W1597757236"],"abstract_inverted_index":{"Traffic":[0],"classification,":[1],"a":[2,12,39,63,66,250,256],"mapping":[3],"of":[4,14,30,59,82,88,103,225,234,241],"traffic":[5],"to":[6,130,144,164,219],"network":[7,21,23,40,133,192,223],"applications,":[8],"is":[9,73,249],"important":[10],"for":[11,155,176],"variety":[13],"networking":[15],"and":[16,123,149,158,173,180,186,197,210,237,253],"security":[17],"issues,":[18],"such":[19],"as":[20,25,27,65],"measurement,":[22],"monitoring,":[24],"well":[26],"the":[28,47,76,80,101,111,120,126,138,217,222,226],"detection":[29],"malware":[31],"activities.":[32],"In":[33,106],"this":[34],"paper,":[35],"we":[36,108],"propose":[37],"Securitas,":[38,107],"trace-based":[41],"protocol":[42,51,60,64,83,104,113,229],"identification":[43],"system,":[44,252],"which":[45],"exploits":[46],"semantic":[48],"information":[49],"in":[50,100,259],"message":[52,114],"formats.":[53],"Securitas":[54,185,215,248],"requires":[55],"no":[56,162],"prior":[57],"knowledge":[58],"specifications.":[61],"Deeming":[62],"language":[67],"between":[68],"two":[69],"processes,":[70],"our":[71],"approach":[72],"based":[74],"upon":[75],"new":[77],"insight":[78],"that":[79,96,214],"n-grams":[81,118],"traces,":[84],"just":[85],"like":[86],"those":[87],"natural":[89],"languages,":[90],"exhibit":[91],"highly":[92],"skewed":[93],"frequency-rank":[94],"distribution":[95],"can":[97],"be":[98],"leveraged":[99],"context":[102],"identification.":[105],"first":[109],"extract":[110],"statistical":[112,128],"formats":[115,129],"by":[116],"clustering":[117],"with":[119,230],"same":[121],"semantics,":[122],"then":[124],"use":[125],"corresponding":[127],"classify":[131],"raw":[132],"traces.":[134],"Our":[135,200,244],"tool":[136],"involves":[137],"following":[139],"key":[140],"features:":[141],"1)":[142],"applicable":[143],"both":[145,156,177,195],"connection":[146,150],"oriented":[147],"protocols":[148],"less":[151],"protocols;":[152,160],"2)":[153],"suitable":[154],"text":[157],"binary":[159,198],"3)":[161],"need":[163],"assemble":[165],"IP":[166],"packets":[167],"into":[168],"TCP":[169],"or":[170],"UDP":[171],"flows;":[172],"4)":[174],"effective":[175],"long-live":[178],"flows":[179],"short-live":[181],"flows.":[182],"We":[183],"implement":[184],"conduct":[187],"extensive":[188],"evaluations":[189],"on":[190,203],"real-world":[191],"traces":[193,212,224],"containing":[194],"textual":[196],"protocols.":[199],"experimental":[201,245],"results":[202,246],"BitTorrent,":[204],"CIFS/SMB,":[205],"DNS,":[206],"FTP,":[207],"PPLIVE,":[208],"SIP,":[209],"SMTP":[211],"show":[213],"has":[216],"ability":[218],"accurately":[220],"identify":[221],"target":[227],"application":[228],"an":[231,238],"average":[232,239],"recall":[233],"about":[235,242],"97.4%":[236],"precision":[240],"98.4%.":[243],"prove":[247],"robust":[251],"meanwhile":[254],"displaying":[255],"competitive":[257],"performance":[258],"practice.":[260]},"counts_by_year":[{"year":2026,"cited_by_count":4},{"year":2025,"cited_by_count":7},{"year":2024,"cited_by_count":7},{"year":2023,"cited_by_count":9},{"year":2022,"cited_by_count":11},{"year":2021,"cited_by_count":13},{"year":2020,"cited_by_count":10},{"year":2019,"cited_by_count":8},{"year":2018,"cited_by_count":13},{"year":2017,"cited_by_count":6},{"year":2016,"cited_by_count":3},{"year":2015,"cited_by_count":2}],"updated_date":"2026-03-31T07:56:22.981413","created_date":"2025-10-10T00:00:00"}