{"id":"https://openalex.org/W2775542991","doi":"https://doi.org/10.1109/tnet.2017.2765719","title":"Anomaly Detection and Attribution in Networks With Temporally Correlated Traffic","display_name":"Anomaly Detection and Attribution in Networks With Temporally Correlated Traffic","publication_year":2017,"publication_date":"2017-12-08","ids":{"openalex":"https://openalex.org/W2775542991","doi":"https://doi.org/10.1109/tnet.2017.2765719","mag":"2775542991"},"language":"en","primary_location":{"id":"doi:10.1109/tnet.2017.2765719","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tnet.2017.2765719","pdf_url":null,"source":{"id":"https://openalex.org/S62238642","display_name":"IEEE/ACM Transactions on Networking","issn_l":"1063-6692","issn":["1063-6692","1558-2566"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE/ACM Transactions on Networking","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5051994726","display_name":"Ido Nevat","orcid":"https://orcid.org/0000-0003-1567-3446"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Ido Nevat","raw_affiliation_strings":["TUM CREATE, Singapore"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"TUM CREATE, Singapore","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5012540529","display_name":"Dinil Mon Divakaran","orcid":"https://orcid.org/0000-0001-8706-432X"},"institutions":[{"id":"https://openalex.org/I115228651","display_name":"Agency for Science, Technology and Research","ror":"https://ror.org/036wvzt09","country_code":"SG","type":"government","lineage":["https://openalex.org/I115228651"]},{"id":"https://openalex.org/I3005327000","display_name":"Institute for Infocomm Research","ror":"https://ror.org/053rfa017","country_code":"SG","type":"facility","lineage":["https://openalex.org/I115228651","https://openalex.org/I3005327000","https://openalex.org/I91275662"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Dinil Mon Divakaran","raw_affiliation_strings":["Cyber Security and Intelligence Department, A*STAR Institute for Infocomm Research, Singapore"],"raw_orcid":"https://orcid.org/0000-0001-8706-432X","affiliations":[{"raw_affiliation_string":"Cyber Security and Intelligence Department, A*STAR Institute for Infocomm Research, Singapore","institution_ids":["https://openalex.org/I3005327000","https://openalex.org/I115228651"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5091256297","display_name":"Sai Ganesh Nagarajan","orcid":"https://orcid.org/0000-0001-9821-432X"},"institutions":[{"id":"https://openalex.org/I115228651","display_name":"Agency for Science, Technology and Research","ror":"https://ror.org/036wvzt09","country_code":"SG","type":"government","lineage":["https://openalex.org/I115228651"]},{"id":"https://openalex.org/I3005327000","display_name":"Institute for Infocomm Research","ror":"https://ror.org/053rfa017","country_code":"SG","type":"facility","lineage":["https://openalex.org/I115228651","https://openalex.org/I3005327000","https://openalex.org/I91275662"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Sai Ganesh Nagarajan","raw_affiliation_strings":["Cyber Security and Intelligence Department, A*STAR Institute for Infocomm Research, Singapore"],"raw_orcid":"https://orcid.org/0000-0001-9821-432X","affiliations":[{"raw_affiliation_string":"Cyber Security and Intelligence Department, A*STAR Institute for Infocomm Research, Singapore","institution_ids":["https://openalex.org/I3005327000","https://openalex.org/I115228651"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5110435265","display_name":"Pengfei Zhang","orcid":"https://orcid.org/0000-0003-1567-3446"},"institutions":[{"id":"https://openalex.org/I40120149","display_name":"University of Oxford","ror":"https://ror.org/052gg0110","country_code":"GB","type":"education","lineage":["https://openalex.org/I40120149"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Pengfei Zhang","raw_affiliation_strings":["Department of Engineering Science, University of Oxford, Oxford, U.K"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Engineering Science, University of Oxford, Oxford, U.K","institution_ids":["https://openalex.org/I40120149"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5072380004","display_name":"Le Su","orcid":null},"institutions":[{"id":"https://openalex.org/I115228651","display_name":"Agency for Science, Technology and Research","ror":"https://ror.org/036wvzt09","country_code":"SG","type":"government","lineage":["https://openalex.org/I115228651"]},{"id":"https://openalex.org/I3005327000","display_name":"Institute for Infocomm Research","ror":"https://ror.org/053rfa017","country_code":"SG","type":"facility","lineage":["https://openalex.org/I115228651","https://openalex.org/I3005327000","https://openalex.org/I91275662"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Le Su","raw_affiliation_strings":["Cyber Security and Intelligence Department, A*STAR Institute for Infocomm Research, Singapore"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Cyber Security and Intelligence Department, A*STAR Institute for Infocomm Research, Singapore","institution_ids":["https://openalex.org/I3005327000","https://openalex.org/I115228651"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5022967171","display_name":"Li Ling Ko","orcid":null},"institutions":[{"id":"https://openalex.org/I107639228","display_name":"University of Notre Dame","ror":"https://ror.org/00mkhxb43","country_code":"US","type":"education","lineage":["https://openalex.org/I107639228"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Li Ling Ko","raw_affiliation_strings":["Department of Mathematics, University of Notre Dame, Notre Dame, IN, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Mathematics, University of Notre Dame, Notre Dame, IN, USA","institution_ids":["https://openalex.org/I107639228"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5040321131","display_name":"Vrizlynn L. L. Thing","orcid":"https://orcid.org/0000-0003-4424-8596"},"institutions":[{"id":"https://openalex.org/I115228651","display_name":"Agency for Science, Technology and Research","ror":"https://ror.org/036wvzt09","country_code":"SG","type":"government","lineage":["https://openalex.org/I115228651"]},{"id":"https://openalex.org/I3005327000","display_name":"Institute for Infocomm Research","ror":"https://ror.org/053rfa017","country_code":"SG","type":"facility","lineage":["https://openalex.org/I115228651","https://openalex.org/I3005327000","https://openalex.org/I91275662"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Vrizlynn L. L. Thing","raw_affiliation_strings":["Cyber Security and Intelligence Department, A*STAR Institute for Infocomm Research, Singapore"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Cyber Security and Intelligence Department, A*STAR Institute for Infocomm Research, Singapore","institution_ids":["https://openalex.org/I3005327000","https://openalex.org/I115228651"]}]}],"institutions":[],"countries_distinct_count":3,"institutions_distinct_count":7,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":7.2499,"has_fulltext":false,"cited_by_count":81,"citation_normalized_percentile":{"value":0.97432091,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":95,"max":100},"biblio":{"volume":"26","issue":"1","first_page":"131","last_page":"144"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9984999895095825,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.8277280926704407},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7170689105987549},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.5961638689041138},{"id":"https://openalex.org/keywords/anomaly","display_name":"Anomaly (physics)","score":0.5661773681640625},{"id":"https://openalex.org/keywords/markov-chain","display_name":"Markov chain","score":0.46614140272140503},{"id":"https://openalex.org/keywords/algorithm","display_name":"Algorithm","score":0.3543951213359833},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.35122090578079224},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.2758776545524597}],"concepts":[{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.8277280926704407},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7170689105987549},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.5961638689041138},{"id":"https://openalex.org/C12997251","wikidata":"https://www.wikidata.org/wiki/Q567560","display_name":"Anomaly (physics)","level":2,"score":0.5661773681640625},{"id":"https://openalex.org/C98763669","wikidata":"https://www.wikidata.org/wiki/Q176645","display_name":"Markov chain","level":2,"score":0.46614140272140503},{"id":"https://openalex.org/C11413529","wikidata":"https://www.wikidata.org/wiki/Q8366","display_name":"Algorithm","level":1,"score":0.3543951213359833},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.35122090578079224},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.2758776545524597},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0},{"id":"https://openalex.org/C26873012","wikidata":"https://www.wikidata.org/wiki/Q214781","display_name":"Condensed matter physics","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tnet.2017.2765719","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tnet.2017.2765719","pdf_url":null,"source":{"id":"https://openalex.org/S62238642","display_name":"IEEE/ACM Transactions on Networking","issn_l":"1063-6692","issn":["1063-6692","1558-2566"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE/ACM Transactions on Networking","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.7300000190734863,"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16"}],"awards":[{"id":"https://openalex.org/G6516231878","display_name":null,"funder_award_id":"NRF2014NCR-NCR001-034","funder_id":"https://openalex.org/F4320320709","funder_display_name":"National Research Foundation Singapore"}],"funders":[{"id":"https://openalex.org/F4320320709","display_name":"National Research Foundation Singapore","ror":"https://ror.org/03cpyc314"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":47,"referenced_works":["https://openalex.org/W155952036","https://openalex.org/W1492251543","https://openalex.org/W1502364872","https://openalex.org/W1536252645","https://openalex.org/W1577352482","https://openalex.org/W1602011302","https://openalex.org/W1965392255","https://openalex.org/W1981155179","https://openalex.org/W1991315500","https://openalex.org/W1996773330","https://openalex.org/W2004013580","https://openalex.org/W2009618608","https://openalex.org/W2039503172","https://openalex.org/W2041404167","https://openalex.org/W2046660258","https://openalex.org/W2047883932","https://openalex.org/W2056859449","https://openalex.org/W2057331964","https://openalex.org/W2059120410","https://openalex.org/W2076758681","https://openalex.org/W2085533912","https://openalex.org/W2093579479","https://openalex.org/W2105934885","https://openalex.org/W2106263082","https://openalex.org/W2106664133","https://openalex.org/W2106858907","https://openalex.org/W2119742497","https://openalex.org/W2120664731","https://openalex.org/W2127904409","https://openalex.org/W2132288523","https://openalex.org/W2133615895","https://openalex.org/W2140437701","https://openalex.org/W2154195006","https://openalex.org/W2154421872","https://openalex.org/W2164145253","https://openalex.org/W2279380784","https://openalex.org/W2591735613","https://openalex.org/W2963951005","https://openalex.org/W2978725006","https://openalex.org/W3103993650","https://openalex.org/W3137956290","https://openalex.org/W4210869902","https://openalex.org/W4239856175","https://openalex.org/W4246098931","https://openalex.org/W4249267923","https://openalex.org/W6676218002","https://openalex.org/W6820917105"],"related_works":["https://openalex.org/W2806741695","https://openalex.org/W4290647774","https://openalex.org/W3189286258","https://openalex.org/W3207797160","https://openalex.org/W3210364259","https://openalex.org/W4300558037","https://openalex.org/W2667207928","https://openalex.org/W2912112202","https://openalex.org/W4377864969","https://openalex.org/W3120251014"],"abstract_inverted_index":{"Anomaly":[0],"detection":[1,80,110,137],"in":[2,9,68,95,173,179],"communication":[3],"networks":[4,69],"is":[5,101,114],"the":[6,10,33,39,46,49,77,83,117,141,151,163,169,180,188,200,227],"first":[7,75,113,167],"step":[8],"challenging":[11],"task":[12],"of":[13,35,44,150],"securing":[14],"a":[15,58,96,146],"network,":[16],"as":[17,125,127,217,219],"anomalies":[18,124,129,178],"may":[19],"indicate":[20],"suspicious":[21],"behaviors,":[22],"attacks,":[23],"network":[24,164],"malfunctions,":[25],"or":[26],"failures.":[27],"In":[28],"this":[29,54],"paper,":[30],"we":[31,56],"address":[32],"problem":[34,81,99],"not":[36],"only":[37],"detecting":[38],"anomalous":[40,197],"events":[41],"but":[42],"also":[43],"attributing":[45],"anomaly":[47,79,109,136,184],"to":[48,130,166,175],"flows":[50,143,195],"causing":[51],"it.":[52],"To":[53],"end,":[55],"develop":[57,106],"new":[59],"statistical":[60],"decision":[61],"theoretic":[62],"framework":[63],"for":[64,89],"temporally":[65],"correlated":[66],"traffic":[67,153,223],"via":[70,82,138],"Markov":[71],"chain":[72],"modeling.":[73],"We":[74,104,203],"formulate":[76],"optimal":[78],"generalized":[84],"likelihood":[85],"ratio":[86],"test":[87],"(GLRT)":[88],"our":[90,210],"composite":[91],"model.":[92],"This":[93],"results":[94],"combinatorial":[97],"optimization":[98],"which":[100,122,193],"prohibitively":[102],"expensive.":[103],"then":[105],"two":[107,156],"low-complexity":[108],"algorithms.":[111],"The":[112,132,155],"based":[115],"on":[116,140,212,220],"cross":[118],"entropy":[119],"(CE)":[120],"method,":[121],"detects":[123],"well":[126,218],"attributes":[128],"flows.":[131,154],"second":[133],"algorithm":[134,172],"performs":[135],"GLRT":[139],"aggregated":[142],"transformation":[144],"-":[145],"compact":[147],"low-dimensional":[148],"representation":[149],"raw":[152],"algorithms":[157,211],"complement":[158],"each":[159],"other":[160],"and":[161,208,214,230],"allow":[162],"operator":[165,189],"activate":[168],"flow":[170],"aggregation":[171],"order":[174],"quickly":[176],"detect":[177],"system.":[181],"Once":[182],"an":[183],"has":[185],"been":[186],"detected,":[187],"can":[190],"further":[191],"investigate":[192],"specific":[194],"are":[196],"by":[198],"running":[199],"CE-based":[201],"algorithm.":[202],"perform":[204],"extensive":[205],"performance":[206],"evaluations":[207],"experiment":[209],"synthetic":[213],"semi-synthetic":[215],"data,":[216],"real":[221],"Internet":[222],"data":[224],"obtained":[225],"from":[226],"MAWI":[228],"archive,":[229],"finally":[231],"make":[232],"recommendations":[233],"regarding":[234],"their":[235],"usability.":[236]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":5},{"year":2024,"cited_by_count":6},{"year":2023,"cited_by_count":6},{"year":2022,"cited_by_count":16},{"year":2021,"cited_by_count":14},{"year":2020,"cited_by_count":13},{"year":2019,"cited_by_count":17},{"year":2018,"cited_by_count":3}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}