{"id":"https://openalex.org/W3035525586","doi":"https://doi.org/10.1109/medcomnet49392.2020.9191549","title":"A Model-Based Approach to Anomaly Detection Trading Detection Time and False Alarm Rate","display_name":"A Model-Based Approach to Anomaly Detection Trading Detection Time and False Alarm Rate","publication_year":2020,"publication_date":"2020-06-01","ids":{"openalex":"https://openalex.org/W3035525586","doi":"https://doi.org/10.1109/medcomnet49392.2020.9191549","mag":"3035525586"},"language":"en","primary_location":{"id":"doi:10.1109/medcomnet49392.2020.9191549","is_oa":false,"landing_page_url":"https://doi.org/10.1109/medcomnet49392.2020.9191549","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2020 Mediterranean Communication and Computer Networking Conference (MedComNet)","raw_type":"proceedings-article"},"type":"preprint","indexed_in":["crossref","datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2006.08811","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5020454668","display_name":"Charles F. Gon\u00e7alves","orcid":"https://orcid.org/0000-0002-2870-8962"},"institutions":[{"id":"https://openalex.org/I76903346","display_name":"University of Coimbra","ror":"https://ror.org/04z8k9a98","country_code":"PT","type":"education","lineage":["https://openalex.org/I76903346"]}],"countries":["PT"],"is_corresponding":true,"raw_author_name":"Charles F. Goncalves","raw_affiliation_strings":["University of Coimbra, CISUC, DEI, Portugal"],"affiliations":[{"raw_affiliation_string":"University of Coimbra, CISUC, DEI, Portugal","institution_ids":["https://openalex.org/I76903346"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5034604991","display_name":"Daniel Sadoc Menasch\u00e9","orcid":"https://orcid.org/0000-0002-8953-4003"},"institutions":[{"id":"https://openalex.org/I122140584","display_name":"Universidade Federal do Rio de Janeiro","ror":"https://ror.org/03490as77","country_code":"BR","type":"education","lineage":["https://openalex.org/I122140584"]}],"countries":["BR"],"is_corresponding":false,"raw_author_name":"Daniel S. Menasche","raw_affiliation_strings":["Federal University of Rio de Janeiro, Brazil","Federal University of Rio de Janeiro -Brazil"],"affiliations":[{"raw_affiliation_string":"Federal University of Rio de Janeiro, Brazil","institution_ids":["https://openalex.org/I122140584"]},{"raw_affiliation_string":"Federal University of Rio de Janeiro -Brazil","institution_ids":["https://openalex.org/I122140584"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5018164102","display_name":"Alberto Avritzer","orcid":"https://orcid.org/0000-0002-9401-9663"},"institutions":[{"id":"https://openalex.org/I20089843","display_name":"Princeton University","ror":"https://ror.org/00hx57361","country_code":"US","type":"education","lineage":["https://openalex.org/I20089843"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Alberto Avritzer","raw_affiliation_strings":["eSulab Solutions, Princeton, New Jersey","[eSulab Solutions, Princeton, New Jersey]"],"affiliations":[{"raw_affiliation_string":"eSulab Solutions, Princeton, New Jersey","institution_ids":["https://openalex.org/I20089843"]},{"raw_affiliation_string":"[eSulab Solutions, Princeton, New Jersey]","institution_ids":["https://openalex.org/I20089843"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5030619096","display_name":"Nuno Antunes","orcid":"https://orcid.org/0000-0002-6044-4012"},"institutions":[{"id":"https://openalex.org/I76903346","display_name":"University of Coimbra","ror":"https://ror.org/04z8k9a98","country_code":"PT","type":"education","lineage":["https://openalex.org/I76903346"]}],"countries":["PT"],"is_corresponding":false,"raw_author_name":"Nuno Antunes","raw_affiliation_strings":["University of Coimbra, CISUC, DEI, Portugal"],"affiliations":[{"raw_affiliation_string":"University of Coimbra, CISUC, DEI, Portugal","institution_ids":["https://openalex.org/I76903346"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5016622594","display_name":"Marco Vieira","orcid":"https://orcid.org/0000-0001-5103-8541"},"institutions":[{"id":"https://openalex.org/I76903346","display_name":"University of Coimbra","ror":"https://ror.org/04z8k9a98","country_code":"PT","type":"education","lineage":["https://openalex.org/I76903346"]}],"countries":["PT"],"is_corresponding":false,"raw_author_name":"Marco Vieira","raw_affiliation_strings":["University of Coimbra, CISUC, DEI, Portugal"],"affiliations":[{"raw_affiliation_string":"University of Coimbra, CISUC, DEI, Portugal","institution_ids":["https://openalex.org/I76903346"]}]}],"institutions":[],"countries_distinct_count":3,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5020454668"],"corresponding_institution_ids":["https://openalex.org/I76903346"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.084667,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"8"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/false-positive-paradox","display_name":"False positive paradox","score":0.8569375276565552},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.8270780444145203},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7839243412017822},{"id":"https://openalex.org/keywords/constant-false-alarm-rate","display_name":"Constant false alarm rate","score":0.7743666172027588},{"id":"https://openalex.org/keywords/workload","display_name":"Workload","score":0.5547745823860168},{"id":"https://openalex.org/keywords/false-alarm","display_name":"False alarm","score":0.5092021822929382},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.5060014128684998},{"id":"https://openalex.org/keywords/set","display_name":"Set (abstract data type)","score":0.4951142370700836},{"id":"https://openalex.org/keywords/anomaly","display_name":"Anomaly (physics)","score":0.4763612747192383},{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.47582200169563293},{"id":"https://openalex.org/keywords/false-positive-rate","display_name":"False positive rate","score":0.44879287481307983},{"id":"https://openalex.org/keywords/system-call","display_name":"System call","score":0.4343382716178894},{"id":"https://openalex.org/keywords/false-positives-and-false-negatives","display_name":"False positives and false negatives","score":0.42379170656204224},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.3657904863357544},{"id":"https://openalex.org/keywords/real-time-computing","display_name":"Real-time computing","score":0.3403083086013794}],"concepts":[{"id":"https://openalex.org/C64869954","wikidata":"https://www.wikidata.org/wiki/Q1859747","display_name":"False positive paradox","level":2,"score":0.8569375276565552},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.8270780444145203},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7839243412017822},{"id":"https://openalex.org/C77052588","wikidata":"https://www.wikidata.org/wiki/Q644307","display_name":"Constant false alarm rate","level":2,"score":0.7743666172027588},{"id":"https://openalex.org/C2778476105","wikidata":"https://www.wikidata.org/wiki/Q628539","display_name":"Workload","level":2,"score":0.5547745823860168},{"id":"https://openalex.org/C2776836416","wikidata":"https://www.wikidata.org/wiki/Q1364844","display_name":"False alarm","level":2,"score":0.5092021822929382},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.5060014128684998},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.4951142370700836},{"id":"https://openalex.org/C12997251","wikidata":"https://www.wikidata.org/wiki/Q567560","display_name":"Anomaly (physics)","level":2,"score":0.4763612747192383},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.47582200169563293},{"id":"https://openalex.org/C95922358","wikidata":"https://www.wikidata.org/wiki/Q5432725","display_name":"False positive rate","level":2,"score":0.44879287481307983},{"id":"https://openalex.org/C2778579508","wikidata":"https://www.wikidata.org/wiki/Q722192","display_name":"System call","level":2,"score":0.4343382716178894},{"id":"https://openalex.org/C112789634","wikidata":"https://www.wikidata.org/wiki/Q18207010","display_name":"False positives and false negatives","level":3,"score":0.42379170656204224},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.3657904863357544},{"id":"https://openalex.org/C79403827","wikidata":"https://www.wikidata.org/wiki/Q3988","display_name":"Real-time computing","level":1,"score":0.3403083086013794},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0},{"id":"https://openalex.org/C26873012","wikidata":"https://www.wikidata.org/wiki/Q214781","display_name":"Condensed matter physics","level":1,"score":0.0},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1109/medcomnet49392.2020.9191549","is_oa":false,"landing_page_url":"https://doi.org/10.1109/medcomnet49392.2020.9191549","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2020 Mediterranean Communication and Computer Networking Conference (MedComNet)","raw_type":"proceedings-article"},{"id":"doi:10.48550/arxiv.2006.08811","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2006.08811","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"},{"id":"mag:3035525586","is_oa":false,"landing_page_url":null,"pdf_url":null,"source":null,"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":null}],"best_oa_location":{"id":"doi:10.48550/arxiv.2006.08811","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2006.08811","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":27,"referenced_works":["https://openalex.org/W28796308","https://openalex.org/W255556494","https://openalex.org/W1744212210","https://openalex.org/W2013704995","https://openalex.org/W2054506507","https://openalex.org/W2063519156","https://openalex.org/W2082085551","https://openalex.org/W2096596928","https://openalex.org/W2097962294","https://openalex.org/W2100142058","https://openalex.org/W2103366724","https://openalex.org/W2120860555","https://openalex.org/W2122646361","https://openalex.org/W2131493074","https://openalex.org/W2142776626","https://openalex.org/W2160841769","https://openalex.org/W2298032891","https://openalex.org/W2337969425","https://openalex.org/W2478353283","https://openalex.org/W2584276464","https://openalex.org/W2735629973","https://openalex.org/W2810550035","https://openalex.org/W2820900234","https://openalex.org/W2886540402","https://openalex.org/W3145004415","https://openalex.org/W6675035833","https://openalex.org/W6721503118"],"related_works":["https://openalex.org/W3086798928","https://openalex.org/W2147808388","https://openalex.org/W2954054142","https://openalex.org/W2047991543","https://openalex.org/W2809108362","https://openalex.org/W1989359075","https://openalex.org/W2046608104","https://openalex.org/W85751471","https://openalex.org/W2921858075","https://openalex.org/W2110900978","https://openalex.org/W2910977229","https://openalex.org/W2785391232","https://openalex.org/W2145633527","https://openalex.org/W2417710767","https://openalex.org/W2410334729","https://openalex.org/W222845733","https://openalex.org/W3195763278","https://openalex.org/W3002384864","https://openalex.org/W2466747396","https://openalex.org/W2922298999"],"abstract_inverted_index":{"The":[0,100,123,152],"complexity":[1],"and":[2,16,46,91,108,110],"ubiquity":[3],"of":[4,78,97,116,137,147,166],"modern":[5],"computing":[6],"systems":[7],"is":[8,39,125],"a":[9,24,120,135,163],"fertile":[10],"ground":[11],"for":[12],"anomalies,":[13,161],"including":[14],"security":[15],"privacy":[17],"breaches.":[18],"In":[19,71],"this":[20],"paper,":[21],"we":[22,60],"propose":[23],"new":[25],"methodology":[26,102,124],"that":[27,143],"addresses":[28],"the":[29,76,114,128,145,160],"practical":[30],"challenges":[31],"to":[32,41,47,112,157],"implement":[33],"anomaly":[34,63],"detection":[35,64],"approaches.":[36],"Specifically,":[37],"it":[38],"challenging":[40],"define":[42],"normal":[43],"behavior":[44],"comprehensively":[45],"acquire":[48],"data":[49],"on":[50,62,67,87],"anomalies":[51,142,148],"in":[52,119],"diverse":[53],"cloud":[54],"environments.":[55],"To":[56],"tackle":[57],"those":[58,83],"challenges,":[59],"focus":[61],"approaches":[65,84],"based":[66,86],"system":[68,150],"performance":[69,73,89,106],"signatures.":[70],"particular,":[72],"signatures":[74],"have":[75],"potential":[77],"detecting":[79,88],"zero-day":[80],"attacks,":[81],"as":[82],"are":[85],"deviations":[90],"do":[92],"not":[93],"require":[94],"detailed":[95],"knowledge":[96],"attack":[98],"history.":[99],"proposed":[101,153],"leverages":[103],"an":[104],"analytical":[105],"model":[107],"experimentation":[109],"allows":[111],"control":[113],"rate":[115],"false":[117,167],"positives":[118,168],"principled":[121],"manner.":[122],"evaluated":[126],"using":[127,139],"TPCx-V":[129],"workload,":[130],"which":[131],"was":[132,155],"profiled":[133],"during":[134],"set":[136],"executions":[138],"resource":[140],"exhaustion":[141],"emulate":[144],"effects":[146],"affecting":[149],"performance.":[151],"approach":[154],"able":[156],"successfully":[158],"detect":[159],"with":[162],"low":[164],"number":[165],"(precision":[169],"90%-98%).":[170]},"counts_by_year":[],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}