{"id":"https://openalex.org/W2112135709","doi":"https://doi.org/10.1145/1028788.1028812","title":"On scalable attack detection in the network","display_name":"On scalable attack detection in the network","publication_year":2004,"publication_date":"2004-10-25","ids":{"openalex":"https://openalex.org/W2112135709","doi":"https://doi.org/10.1145/1028788.1028812","mag":"2112135709"},"language":"en","primary_location":{"id":"doi:10.1145/1028788.1028812","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1028788.1028812","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 4th ACM SIGCOMM conference on Internet measurement","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5071146373","display_name":"Ramana Rao Kompella","orcid":"https://orcid.org/0000-0002-7559-8997"},"institutions":[{"id":"https://openalex.org/I36258959","display_name":"University of California, San Diego","ror":"https://ror.org/0168r3w48","country_code":"US","type":"education","lineage":["https://openalex.org/I36258959"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Ramana Rao Kompella","raw_affiliation_strings":["University of California, San Diego, La Jolla, CA"],"affiliations":[{"raw_affiliation_string":"University of California, San Diego, La Jolla, CA","institution_ids":["https://openalex.org/I36258959"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5103710224","display_name":"Sumeet Singh","orcid":null},"institutions":[{"id":"https://openalex.org/I36258959","display_name":"University of California, San Diego","ror":"https://ror.org/0168r3w48","country_code":"US","type":"education","lineage":["https://openalex.org/I36258959"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Sumeet Singh","raw_affiliation_strings":["University of California, San Diego, La Jolla, CA"],"affiliations":[{"raw_affiliation_string":"University of California, San Diego, La Jolla, CA","institution_ids":["https://openalex.org/I36258959"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5102730096","display_name":"George Varghese","orcid":"https://orcid.org/0000-0002-8218-5701"},"institutions":[{"id":"https://openalex.org/I36258959","display_name":"University of California, San Diego","ror":"https://ror.org/0168r3w48","country_code":"US","type":"education","lineage":["https://openalex.org/I36258959"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"George Varghese","raw_affiliation_strings":["University of California, San Diego, La Jolla, CA"],"affiliations":[{"raw_affiliation_string":"University of California, San Diego, La Jolla, CA","institution_ids":["https://openalex.org/I36258959"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5071146373"],"corresponding_institution_ids":["https://openalex.org/I36258959"],"apc_list":null,"apc_paid":null,"fwci":5.5473,"has_fulltext":false,"cited_by_count":92,"citation_normalized_percentile":{"value":0.96109454,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":94,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"187","last_page":"200"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12326","display_name":"Network Packet Processing and Optimization","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8186793327331543},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.6143291592597961},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.5492187142372131},{"id":"https://openalex.org/keywords/scalability","display_name":"Scalability","score":0.5319191813468933},{"id":"https://openalex.org/keywords/router","display_name":"Router","score":0.46998512744903564},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.32728415727615356},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.09310880303382874}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8186793327331543},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.6143291592597961},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.5492187142372131},{"id":"https://openalex.org/C48044578","wikidata":"https://www.wikidata.org/wiki/Q727490","display_name":"Scalability","level":2,"score":0.5319191813468933},{"id":"https://openalex.org/C2775896111","wikidata":"https://www.wikidata.org/wiki/Q642560","display_name":"Router","level":2,"score":0.46998512744903564},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.32728415727615356},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.09310880303382874}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/1028788.1028812","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1028788.1028812","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 4th ACM SIGCOMM conference on Internet measurement","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","score":0.6499999761581421,"id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":34,"referenced_works":["https://openalex.org/W1498585374","https://openalex.org/W1516506771","https://openalex.org/W1524600321","https://openalex.org/W1563061804","https://openalex.org/W1649901946","https://openalex.org/W1655765388","https://openalex.org/W1744212210","https://openalex.org/W1977141583","https://openalex.org/W2001968297","https://openalex.org/W2023955403","https://openalex.org/W2034302520","https://openalex.org/W2052207834","https://openalex.org/W2056431591","https://openalex.org/W2089181240","https://openalex.org/W2101357108","https://openalex.org/W2102481563","https://openalex.org/W2109599309","https://openalex.org/W2114615295","https://openalex.org/W2116398767","https://openalex.org/W2117002131","https://openalex.org/W2118878434","https://openalex.org/W2121511513","https://openalex.org/W2123845384","https://openalex.org/W2127273221","https://openalex.org/W2136262545","https://openalex.org/W2139665594","https://openalex.org/W2141487810","https://openalex.org/W2145185087","https://openalex.org/W2159160833","https://openalex.org/W2164686665","https://openalex.org/W4206137901","https://openalex.org/W4237898653","https://openalex.org/W6677150613","https://openalex.org/W7057441940"],"related_works":["https://openalex.org/W2122026593","https://openalex.org/W1588358165","https://openalex.org/W4237683758","https://openalex.org/W2582203024","https://openalex.org/W2370711413","https://openalex.org/W2375932043","https://openalex.org/W2052038519","https://openalex.org/W2841075164","https://openalex.org/W1980506749","https://openalex.org/W2375594474"],"abstract_inverted_index":{"Current":[0],"intrusion":[1],"detection":[2,48],"and":[3,63,158],"prevention":[4],"systems":[5,28,44],"seek":[6],"to":[7,53,68,89,127,137],"detect":[8,93],"a":[9,152],"wide":[10,153],"class":[11],"of":[12,31,155],"network":[13,21],"intrusions":[14],"(e.g.,":[15],"DoS":[16,156],"attacks,":[17],"worms,":[18],"port":[19],"scans)at":[20],"vantage":[22],"points.":[23],"Unfortunately,":[24],"all":[25],"the":[26,86,141],"IDS":[27,43],"we":[29,82],"know":[30],"keep":[32],"per-connection":[33],"or":[34,76],"per-flow":[35,97,185],"state.":[36,98,186],"Thus":[37,78],"it":[38,174],"is":[39],"hardly":[40],"surprising":[41],"that":[42,59,102,145,160,176],"(other":[45],"than":[46],"signature":[47],"mechanisms)":[49],"have":[50,66,146],"not":[51],"scaled":[52,67],"multi-gigabit":[54],"speeds.":[55],"By":[56,172],"contrast,":[57,173],"note":[58],"both":[60],"router":[61],"lookups":[62,75],"fair":[64],"queuing":[65],"high":[69],"speeds":[70],"using":[71],"<i>aggregation</i>":[72],"via":[73],"prefix":[74],"DiffServ.":[77],"in":[79],"this":[80],"paper,":[81],"initiate":[83],"research":[84],"into":[85],"question":[87],"as":[88],"whether":[90],"one":[91],"can":[92,116,125,168],"attacks":[94,144,157],"without":[95,183],"keeping":[96,184],"We":[99,150],"will":[100],"show":[101,159],"such":[103],"aggregation,":[104],"while":[105],"making":[106],"fast":[107],"implementations":[108],"possible,":[109],"immediately":[110],"cause":[111,117],"two":[112],"problems.":[113],"First,":[114],"aggregation":[115],"<i>behavioral</i>":[118],"aliasing":[119],"where,":[120],"for":[121],"example,":[122],"good":[123],"behaviors":[124],"aggregate":[126,148],"look":[128],"like":[129],"bad":[130],"behaviors.":[131],"Second,":[132],"aggregated":[133],"schemes":[134],"are":[135],"susceptible":[136],"spoofing":[138],"by":[139],"which":[140],"intruder":[142],"sends":[143],"appropriate":[147],"behavior.":[149],"examine":[151],"variety":[154],"several":[161],"categories":[162],"(bandwidth":[163],"based,":[164],"claim-and-hold,":[165],"host":[166],"scanning)":[167],"be":[169,180],"scalably":[170,181],"detected.":[171],"appears":[175],"stealthy":[177],"port-scanning":[178],"cannot":[179],"detected":[182]},"counts_by_year":[{"year":2021,"cited_by_count":3},{"year":2020,"cited_by_count":3},{"year":2019,"cited_by_count":3},{"year":2018,"cited_by_count":4},{"year":2017,"cited_by_count":2},{"year":2016,"cited_by_count":3},{"year":2015,"cited_by_count":5},{"year":2014,"cited_by_count":3},{"year":2013,"cited_by_count":3},{"year":2012,"cited_by_count":4}],"updated_date":"2026-03-10T16:38:18.471706","created_date":"2025-10-10T00:00:00"}