{"id":"https://openalex.org/W2003231840","doi":"https://doi.org/10.1109/ares.2010.31","title":"Layered Higher Order N-grams for Hardening Payload Based Anomaly Intrusion Detection","display_name":"Layered Higher Order N-grams for Hardening Payload Based Anomaly Intrusion Detection","publication_year":2010,"publication_date":"2010-02-01","ids":{"openalex":"https://openalex.org/W2003231840","doi":"https://doi.org/10.1109/ares.2010.31","mag":"2003231840"},"language":"en","primary_location":{"id":"doi:10.1109/ares.2010.31","is_oa":false,"landing_page_url":"https://doi.org/10.1109/ares.2010.31","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2010 International Conference on Availability, Reliability and Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5028480555","display_name":"Neminath Hubballi","orcid":"https://orcid.org/0000-0001-9669-9773"},"institutions":[{"id":"https://openalex.org/I1317621060","display_name":"Indian Institute of Technology Guwahati","ror":"https://ror.org/0022nd079","country_code":"IN","type":"education","lineage":["https://openalex.org/I1317621060"]}],"countries":["IN"],"is_corresponding":true,"raw_author_name":"Neminath Hubballi","raw_affiliation_strings":["Department of Computer Science and Engineering, Indian Institute of Technology, Guwahati, India","Department of Computer Science, and Engineering, Indian Institute of Technology Guwahati, India"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science and Engineering, Indian Institute of Technology, Guwahati, India","institution_ids":["https://openalex.org/I1317621060"]},{"raw_affiliation_string":"Department of Computer Science, and Engineering, Indian Institute of Technology Guwahati, India","institution_ids":["https://openalex.org/I1317621060"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5052215348","display_name":"Santosh Biswas","orcid":"https://orcid.org/0000-0003-3020-4154"},"institutions":[{"id":"https://openalex.org/I1317621060","display_name":"Indian Institute of Technology Guwahati","ror":"https://ror.org/0022nd079","country_code":"IN","type":"education","lineage":["https://openalex.org/I1317621060"]}],"countries":["IN"],"is_corresponding":false,"raw_author_name":"Santosh Biswas","raw_affiliation_strings":["Department of Computer Science and Engineering, Indian Institute of Technology, Guwahati, India","Department of Computer Science, and Engineering, Indian Institute of Technology Guwahati, India"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science and Engineering, Indian Institute of Technology, Guwahati, India","institution_ids":["https://openalex.org/I1317621060"]},{"raw_affiliation_string":"Department of Computer Science, and Engineering, Indian Institute of Technology Guwahati, India","institution_ids":["https://openalex.org/I1317621060"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5053883070","display_name":"Sukumar Nandi","orcid":"https://orcid.org/0000-0002-5869-1057"},"institutions":[{"id":"https://openalex.org/I1317621060","display_name":"Indian Institute of Technology Guwahati","ror":"https://ror.org/0022nd079","country_code":"IN","type":"education","lineage":["https://openalex.org/I1317621060"]}],"countries":["IN"],"is_corresponding":false,"raw_author_name":"Sukumar Nandi","raw_affiliation_strings":["Department of Computer Science and Engineering, Indian Institute of Technology, Guwahati, India","Department of Computer Science, and Engineering, Indian Institute of Technology Guwahati, India"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science and Engineering, Indian Institute of Technology, Guwahati, India","institution_ids":["https://openalex.org/I1317621060"]},{"raw_affiliation_string":"Department of Computer Science, and Engineering, Indian Institute of Technology Guwahati, India","institution_ids":["https://openalex.org/I1317621060"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5028480555"],"corresponding_institution_ids":["https://openalex.org/I1317621060"],"apc_list":null,"apc_paid":null,"fwci":2.1368,"has_fulltext":false,"cited_by_count":20,"citation_normalized_percentile":{"value":0.87414169,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":97},"biblio":{"volume":null,"issue":null,"first_page":"321","last_page":"326"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12326","display_name":"Network Packet Processing and Optimization","score":0.9975000023841858,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/payload","display_name":"Payload (computing)","score":0.7528272867202759},{"id":"https://openalex.org/keywords/network-packet","display_name":"Network packet","score":0.709867000579834},{"id":"https://openalex.org/keywords/bin","display_name":"Bin","score":0.6961451768875122},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.691938042640686},{"id":"https://openalex.org/keywords/byte","display_name":"Byte","score":0.6809353828430176},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.6390159130096436},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.6124697327613831},{"id":"https://openalex.org/keywords/deep-packet-inspection","display_name":"Deep packet inspection","score":0.585804283618927},{"id":"https://openalex.org/keywords/constant-false-alarm-rate","display_name":"Constant false alarm rate","score":0.5750895738601685},{"id":"https://openalex.org/keywords/anomaly","display_name":"Anomaly (physics)","score":0.5253212451934814},{"id":"https://openalex.org/keywords/real-time-computing","display_name":"Real-time computing","score":0.39258766174316406},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.36841967701911926},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.3648851811885834},{"id":"https://openalex.org/keywords/algorithm","display_name":"Algorithm","score":0.2933293879032135},{"id":"https://openalex.org/keywords/computer-hardware","display_name":"Computer hardware","score":0.07757234573364258},{"id":"https://openalex.org/keywords/physics","display_name":"Physics","score":0.073357492685318}],"concepts":[{"id":"https://openalex.org/C134066672","wikidata":"https://www.wikidata.org/wiki/Q1424639","display_name":"Payload (computing)","level":3,"score":0.7528272867202759},{"id":"https://openalex.org/C158379750","wikidata":"https://www.wikidata.org/wiki/Q214111","display_name":"Network packet","level":2,"score":0.709867000579834},{"id":"https://openalex.org/C156273044","wikidata":"https://www.wikidata.org/wiki/Q4913766","display_name":"Bin","level":2,"score":0.6961451768875122},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.691938042640686},{"id":"https://openalex.org/C43364308","wikidata":"https://www.wikidata.org/wiki/Q8799","display_name":"Byte","level":2,"score":0.6809353828430176},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.6390159130096436},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.6124697327613831},{"id":"https://openalex.org/C204679922","wikidata":"https://www.wikidata.org/wiki/Q734252","display_name":"Deep packet inspection","level":3,"score":0.585804283618927},{"id":"https://openalex.org/C77052588","wikidata":"https://www.wikidata.org/wiki/Q644307","display_name":"Constant false alarm rate","level":2,"score":0.5750895738601685},{"id":"https://openalex.org/C12997251","wikidata":"https://www.wikidata.org/wiki/Q567560","display_name":"Anomaly (physics)","level":2,"score":0.5253212451934814},{"id":"https://openalex.org/C79403827","wikidata":"https://www.wikidata.org/wiki/Q3988","display_name":"Real-time computing","level":1,"score":0.39258766174316406},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.36841967701911926},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.3648851811885834},{"id":"https://openalex.org/C11413529","wikidata":"https://www.wikidata.org/wiki/Q8366","display_name":"Algorithm","level":1,"score":0.2933293879032135},{"id":"https://openalex.org/C9390403","wikidata":"https://www.wikidata.org/wiki/Q3966","display_name":"Computer hardware","level":1,"score":0.07757234573364258},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.073357492685318},{"id":"https://openalex.org/C26873012","wikidata":"https://www.wikidata.org/wiki/Q214781","display_name":"Condensed matter physics","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/ares.2010.31","is_oa":false,"landing_page_url":"https://doi.org/10.1109/ares.2010.31","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2010 International Conference on Availability, Reliability and Security","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[{"id":"https://openalex.org/F4320332180","display_name":"Defense Advanced Research Projects Agency","ror":"https://ror.org/02caytj08"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":16,"referenced_works":["https://openalex.org/W1509130105","https://openalex.org/W1516506771","https://openalex.org/W1551618785","https://openalex.org/W1591480890","https://openalex.org/W1594536929","https://openalex.org/W1601009504","https://openalex.org/W1982304603","https://openalex.org/W1988918299","https://openalex.org/W1999427165","https://openalex.org/W2007087405","https://openalex.org/W2064853889","https://openalex.org/W2116065364","https://openalex.org/W2121035740","https://openalex.org/W2128660623","https://openalex.org/W6633024543","https://openalex.org/W6677305135"],"related_works":["https://openalex.org/W2107701374","https://openalex.org/W1616588898","https://openalex.org/W4249504934","https://openalex.org/W1574986946","https://openalex.org/W1497214516","https://openalex.org/W1971040605","https://openalex.org/W1523103140","https://openalex.org/W4293863310","https://openalex.org/W3160314615","https://openalex.org/W1488288477"],"abstract_inverted_index":{"Application":[0],"based":[1,65,165],"intrusion":[2,68],"detection":[3,77],"involves":[4],"analysis":[5],"of":[6,23,58,61,117,142,150,169,181,191,199,206],"network":[7,49,67],"packet":[8,80,92],"payload":[9,17,64],"data.":[10,156],"Recently":[11],"statistical":[12],"methods":[13],"for":[14,34,46,63],"analyzing":[15],"the":[16,48,89,111,122,136,143,148,153,167,170,174,182,185,204,207],"are":[18,44],"being":[19],"used.":[20],"Since":[21],"behavior":[22],"every":[24],"application":[25],"is":[26,32,81,93,102,131,139,147,177],"not":[27],"same":[28],"a":[29,56,115,132,197,210],"different":[30],"model":[31],"necessary":[33],"each":[35,126,163],"application.":[36],"Studies":[37],"have":[38],"revealed":[39],"that":[40],"higher":[41],"order":[42],"n-grams":[43,124],"good":[45],"capturing":[47],"profile.":[50],"In":[51],"this":[52],"paper":[53],"we":[54,107],"introduce":[55],"concept":[57],"layered":[59],"version":[60],"n-gram":[62,130,144],"anomaly":[66,76,160],"detection.":[69],"Each":[70,128],"layer":[71,100],"works":[72],"as":[73,83,95,104,179,214,216],"an":[74,159],"independent":[75],"system.":[78],"A":[79,91],"declared":[82,94,103],"normal":[84,189],"after":[85],"passing":[86],"through":[87],"all":[88],"layers.":[90],"anomalous":[96,105],"if":[97],"at":[98],"any":[99],"it":[101],"and":[106,119,145,176],"stop":[108],"further":[109],"processing":[110],"packet.":[112],"We":[113,157],"create":[114],"set":[116,198],"bins":[118],"equally":[120],"distribute":[121],"distinct":[123],"to":[125,162],"bin.":[127],"such":[129],"2":[133],"tulle":[134],"where":[135],"first":[137],"element":[138],"byte":[140],"values":[141],"second":[146],"frequency":[149,168],"gram":[151,172],"in":[152,173],"entire":[154],"training":[155],"assign":[158],"score":[161],"bin":[164,175],"on":[166,188],"individual":[171],"termed":[178],"coverage":[180],"bin.We":[183],"evaluate":[184],"proposed":[186],"scheme":[187],"traffic":[190],"DARLA":[192],"99":[193],"dataset":[194],"mixed":[195],"with":[196,209],"attacks.":[200],"Experimental":[201],"results":[202],"shows":[203],"efficacy":[205],"method":[208],"false":[211],"alarm":[212],"rate":[213],"low":[215],"0.001\\%.":[217]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2023,"cited_by_count":1},{"year":2022,"cited_by_count":1},{"year":2020,"cited_by_count":2},{"year":2019,"cited_by_count":1},{"year":2018,"cited_by_count":2},{"year":2016,"cited_by_count":2},{"year":2015,"cited_by_count":3},{"year":2014,"cited_by_count":1},{"year":2013,"cited_by_count":2},{"year":2012,"cited_by_count":2}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}