{"id":"https://openalex.org/W2113641431","doi":"https://doi.org/10.1109/icc.2009.5199022","title":"Extracting Attack Sessions from Real Traffic with Intrusion Prevention Systems","display_name":"Extracting Attack Sessions from Real Traffic with Intrusion Prevention Systems","publication_year":2009,"publication_date":"2009-06-01","ids":{"openalex":"https://openalex.org/W2113641431","doi":"https://doi.org/10.1109/icc.2009.5199022","mag":"2113641431"},"language":"en","primary_location":{"id":"doi:10.1109/icc.2009.5199022","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icc.2009.5199022","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2009 IEEE International Conference on Communications","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5068036897","display_name":"I.-W. Chen","orcid":null},"institutions":[{"id":"https://openalex.org/I148366613","display_name":"National Yang Ming Chiao Tung University","ror":"https://ror.org/00se2k293","country_code":"TW","type":"education","lineage":["https://openalex.org/I148366613"]}],"countries":["TW"],"is_corresponding":false,"raw_author_name":"I.-W. Chen","raw_affiliation_strings":["Department of Computer Science, National Chiao Tung University, Hsinchu, Taiwan","Department of Computer Science; National Chiao Tung University; Hsinchu; Taiwan"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Computer Science, National Chiao Tung University, Hsinchu, Taiwan","institution_ids":["https://openalex.org/I148366613"]},{"raw_affiliation_string":"Department of Computer Science; National Chiao Tung University; Hsinchu; Taiwan","institution_ids":["https://openalex.org/I148366613"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5084330488","display_name":"Po\u2010Ching Lin","orcid":"https://orcid.org/0000-0001-8294-5857"},"institutions":[{"id":"https://openalex.org/I148366613","display_name":"National Yang Ming Chiao Tung University","ror":"https://ror.org/00se2k293","country_code":"TW","type":"education","lineage":["https://openalex.org/I148366613"]}],"countries":["TW"],"is_corresponding":false,"raw_author_name":"P.-C. Lin","raw_affiliation_strings":["Department of Computer Science, National Chiao Tung University, Hsinchu, Taiwan","Department of Computer Science; National Chiao Tung University; Hsinchu; Taiwan"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Computer Science, National Chiao Tung University, Hsinchu, Taiwan","institution_ids":["https://openalex.org/I148366613"]},{"raw_affiliation_string":"Department of Computer Science; National Chiao Tung University; Hsinchu; Taiwan","institution_ids":["https://openalex.org/I148366613"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5038203605","display_name":"Chaomin Luo","orcid":"https://orcid.org/0000-0002-7578-3631"},"institutions":[{"id":"https://openalex.org/I148366613","display_name":"National Yang Ming Chiao Tung University","ror":"https://ror.org/00se2k293","country_code":"TW","type":"education","lineage":["https://openalex.org/I148366613"]}],"countries":["TW"],"is_corresponding":false,"raw_author_name":"C.-C. Luo","raw_affiliation_strings":["Department of Computer Science, National Chiao Tung University, Hsinchu, Taiwan","Department of Computer Science; National Chiao Tung University; Hsinchu; Taiwan"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Computer Science, National Chiao Tung University, Hsinchu, Taiwan","institution_ids":["https://openalex.org/I148366613"]},{"raw_affiliation_string":"Department of Computer Science; National Chiao Tung University; Hsinchu; Taiwan","institution_ids":["https://openalex.org/I148366613"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5110209875","display_name":"Tung-Shuan Cheng","orcid":null},"institutions":[{"id":"https://openalex.org/I148366613","display_name":"National Yang Ming Chiao Tung University","ror":"https://ror.org/00se2k293","country_code":"TW","type":"education","lineage":["https://openalex.org/I148366613"]}],"countries":["TW"],"is_corresponding":false,"raw_author_name":"T.-H. Cheng","raw_affiliation_strings":["Department of Computer Science, National Chiao Tung University, Hsinchu, Taiwan","Department of Computer Science; National Chiao Tung University; Hsinchu; Taiwan"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Computer Science, National Chiao Tung University, Hsinchu, Taiwan","institution_ids":["https://openalex.org/I148366613"]},{"raw_affiliation_string":"Department of Computer Science; National Chiao Tung University; Hsinchu; Taiwan","institution_ids":["https://openalex.org/I148366613"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5021844836","display_name":"Ying\u2013Dar Lin","orcid":"https://orcid.org/0000-0002-5226-4396"},"institutions":[{"id":"https://openalex.org/I148366613","display_name":"National Yang Ming Chiao Tung University","ror":"https://ror.org/00se2k293","country_code":"TW","type":"education","lineage":["https://openalex.org/I148366613"]}],"countries":["TW"],"is_corresponding":false,"raw_author_name":"Y.-D. Lin","raw_affiliation_strings":["Department of Computer Science, National Chiao Tung University, Hsinchu, Taiwan","Department of Computer Science; National Chiao Tung University; Hsinchu; Taiwan"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Computer Science, National Chiao Tung University, Hsinchu, Taiwan","institution_ids":["https://openalex.org/I148366613"]},{"raw_affiliation_string":"Department of Computer Science; National Chiao Tung University; Hsinchu; Taiwan","institution_ids":["https://openalex.org/I148366613"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5085347760","display_name":"Yuan\u2010Cheng Lai","orcid":"https://orcid.org/0000-0003-3695-5784"},"institutions":[{"id":"https://openalex.org/I154864474","display_name":"National Taiwan University of Science and Technology","ror":"https://ror.org/00q09pe49","country_code":"TW","type":"education","lineage":["https://openalex.org/I154864474"]}],"countries":["TW"],"is_corresponding":false,"raw_author_name":"Y.-C. Lai","raw_affiliation_strings":["Department of Information and Management, National Taiwan University of Science and Technology, Taipei, Taiwan"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Information and Management, National Taiwan University of Science and Technology, Taipei, Taiwan","institution_ids":["https://openalex.org/I154864474"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5103544034","display_name":"Fuliang Lin","orcid":null},"institutions":[{"id":"https://openalex.org/I151281966","display_name":"Cisco Systems (China)","ror":"https://ror.org/02qy75381","country_code":"CN","type":"company","lineage":["https://openalex.org/I135428043","https://openalex.org/I151281966"]},{"id":"https://openalex.org/I2801562743","display_name":"Cisco College","ror":"https://ror.org/03gc7jk79","country_code":"US","type":"education","lineage":["https://openalex.org/I2801562743"]}],"countries":["CN","US"],"is_corresponding":false,"raw_author_name":"F. C. Lin","raw_affiliation_strings":["Cisco, Inc., San Jose, USA","[Cisco, San Jose]"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Cisco, Inc., San Jose, USA","institution_ids":["https://openalex.org/I2801562743"]},{"raw_affiliation_string":"[Cisco, San Jose]","institution_ids":["https://openalex.org/I151281966"]}]}],"institutions":[],"countries_distinct_count":3,"institutions_distinct_count":7,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":1.0887,"has_fulltext":false,"cited_by_count":12,"citation_normalized_percentile":{"value":0.80022078,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":97},"biblio":{"volume":"3","issue":null,"first_page":"1","last_page":"5"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12326","display_name":"Network Packet Processing and Optimization","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/session","display_name":"Session (web analytics)","score":0.8431873321533203},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8067429065704346},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.7148932218551636},{"id":"https://openalex.org/keywords/network-packet","display_name":"Network packet","score":0.6832095980644226},{"id":"https://openalex.org/keywords/tuple","display_name":"Tuple","score":0.46147915720939636},{"id":"https://openalex.org/keywords/intrusion","display_name":"Intrusion","score":0.4601576328277588},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4051510691642761},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.3855818212032318},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.1002248227596283}],"concepts":[{"id":"https://openalex.org/C2779182362","wikidata":"https://www.wikidata.org/wiki/Q17126187","display_name":"Session (web analytics)","level":2,"score":0.8431873321533203},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8067429065704346},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.7148932218551636},{"id":"https://openalex.org/C158379750","wikidata":"https://www.wikidata.org/wiki/Q214111","display_name":"Network packet","level":2,"score":0.6832095980644226},{"id":"https://openalex.org/C118930307","wikidata":"https://www.wikidata.org/wiki/Q600590","display_name":"Tuple","level":2,"score":0.46147915720939636},{"id":"https://openalex.org/C158251709","wikidata":"https://www.wikidata.org/wiki/Q354025","display_name":"Intrusion","level":2,"score":0.4601576328277588},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4051510691642761},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.3855818212032318},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.1002248227596283},{"id":"https://openalex.org/C17409809","wikidata":"https://www.wikidata.org/wiki/Q161764","display_name":"Geochemistry","level":1,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0},{"id":"https://openalex.org/C127313418","wikidata":"https://www.wikidata.org/wiki/Q1069","display_name":"Geology","level":0,"score":0.0},{"id":"https://openalex.org/C118615104","wikidata":"https://www.wikidata.org/wiki/Q121416","display_name":"Discrete mathematics","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/icc.2009.5199022","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icc.2009.5199022","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2009 IEEE International Conference on Communications","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.7099999785423279,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":19,"referenced_works":["https://openalex.org/W22110662","https://openalex.org/W87387619","https://openalex.org/W178064068","https://openalex.org/W191098608","https://openalex.org/W1484602731","https://openalex.org/W1491237615","https://openalex.org/W1534036437","https://openalex.org/W1598457761","https://openalex.org/W1674877186","https://openalex.org/W2010573219","https://openalex.org/W2096248434","https://openalex.org/W2098477437","https://openalex.org/W2134322493","https://openalex.org/W2145185087","https://openalex.org/W2158288237","https://openalex.org/W2164686665","https://openalex.org/W2752885492","https://openalex.org/W3145128584","https://openalex.org/W6628890982"],"related_works":["https://openalex.org/W4296749040","https://openalex.org/W4230197055","https://openalex.org/W2143551613","https://openalex.org/W4245395944","https://openalex.org/W1979740464","https://openalex.org/W621808327","https://openalex.org/W644007644","https://openalex.org/W3012257603","https://openalex.org/W3177475962","https://openalex.org/W2133389611"],"abstract_inverted_index":{"False":[0,4],"Positive":[1],"(FP)":[2],"and":[3,50,85,101,111,194,213,215,223,246,266],"Negative":[5],"(FN)":[6],"happen":[7],"to":[8,35,56,67,89,116,150,157,186,191,235,252],"every":[9],"Intrusion":[10],"Prevention":[11],"System":[12],"(IPS).":[13],"No":[14],"one":[15],"could":[16],"do":[17],"better":[18],"judgment":[19],"than":[20],"others":[21],"all":[22],"the":[23,69,93,106,121,146,182,202,218,229,249,267],"time.":[24],"This":[25],"work":[26],"proposes":[27],"a":[28,37,199,237],"system":[29],"of":[30,39,59,71,95,123,181,231,260],"Attack":[31],"Session":[32],"Extraction":[33],"(ASE)":[34],"create":[36],"pool":[38],"suspicious":[40,64,78,160,200,238],"traffic":[41,65,110,114,161,164,168],"traces":[42,66,75,115,169,183],"which":[43,87],"cause":[44,82],"potential":[45,51],"FNs":[46,100,193],"(abbreviated":[47,53],"as":[48,54,248],"P-FNs)":[49],"FPs":[52],"P-FPs)":[55],"IPSes.":[57,118],"Developers":[58],"IPSes":[60,96],"can":[61,126,170],"use":[62],"these":[63],"improve":[68],"accuracy":[70],"their":[72],"products.":[73],"Traffic":[74],"are":[76,83,99,103,132],"called":[77],"since":[79],"what":[80],"they":[81],"P-FNs":[84,98,149],"P-FPs":[86,102],"need":[88],"be":[90,172,187,192],"confirmed":[91,190],"by":[92,177],"developers":[94],"whether":[97],"FPs.":[104,195],"First,":[105],"ASE":[107,154,203],"captures":[108],"real":[109],"replays":[112],"captured":[113],"multiple":[117,241],"By":[119],"comparing":[120],"logs":[122,131],"IPSes,":[124],"we":[125],"find":[127],"that":[128,151,258],"some":[129],"attack":[130],"logged":[133,136],"or":[134],"not":[135],"only":[137],"at":[138],"certain":[139],"IPS.":[140,152],"The":[141,153,166,255],"former":[142],"is":[143,148,270],"P-FPs,":[144],"while":[145],"latter":[147],"then":[155,171],"starts":[156],"extract":[158,198,236],"this":[159],"from":[162],"replayed":[163],"traces.":[165],"extracted":[167,261],"used":[173],"for":[174,217],"further":[175],"analysis":[176],"IPS":[178],"developers.":[179],"Some":[180],"may":[184],"prove":[185],"guilty,":[188],"i.e.":[189],"To":[196],"completely":[197],"session,":[201,225],"uses":[204],"an":[205],"association":[206],"mechanism":[207],"based":[208],"on":[209],"anchor":[210],"packets,":[211],"five-tuple":[212],"time,":[214],"similarity":[216,232],"first":[219,221],"packet,":[220],"connection,":[222],"whole":[224],"respectively.":[226],"It":[227],"calculates":[228],"degree":[230],"among":[233],"packets":[234],"session":[239],"containing":[240],"connections.":[242],"We":[243],"define":[244],"variation":[245],"completeness/purity":[247,269],"performance":[250],"indexes":[251],"evaluate":[253],"ASE.":[254],"experiments":[256],"demonstrate":[257],"95%":[259],"sessions":[262],"have":[263],"low":[264],"variation,":[265],"average":[268],"around":[271],"80%.":[272]},"counts_by_year":[{"year":2018,"cited_by_count":1},{"year":2017,"cited_by_count":1},{"year":2016,"cited_by_count":1},{"year":2015,"cited_by_count":1},{"year":2014,"cited_by_count":3},{"year":2013,"cited_by_count":2},{"year":2012,"cited_by_count":2}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}