{"id":"https://openalex.org/W1985793456","doi":"https://doi.org/10.1145/1162666.1162669","title":"Towards scalable and robust distributed intrusion alert fusion with good load balancing","display_name":"Towards scalable and robust distributed intrusion alert fusion with good load balancing","publication_year":2006,"publication_date":"2006-09-11","ids":{"openalex":"https://openalex.org/W1985793456","doi":"https://doi.org/10.1145/1162666.1162669","mag":"1985793456"},"language":"en","primary_location":{"id":"doi:10.1145/1162666.1162669","is_oa":true,"landing_page_url":"https://doi.org/10.1145/1162666.1162669","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/1162666.1162669","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/1162666.1162669","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5091296600","display_name":"Zhichun Li","orcid":"https://orcid.org/0000-0002-1451-0904"},"institutions":[{"id":"https://openalex.org/I111979921","display_name":"Northwestern University","ror":"https://ror.org/000e0be47","country_code":"US","type":"education","lineage":["https://openalex.org/I111979921"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Zhichun Li","raw_affiliation_strings":["Northwestern University, Evanston, IL"],"affiliations":[{"raw_affiliation_string":"Northwestern University, Evanston, IL","institution_ids":["https://openalex.org/I111979921"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100724651","display_name":"Yan Chen","orcid":"https://orcid.org/0000-0003-3986-2583"},"institutions":[{"id":"https://openalex.org/I111979921","display_name":"Northwestern University","ror":"https://ror.org/000e0be47","country_code":"US","type":"education","lineage":["https://openalex.org/I111979921"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Yan Chen","raw_affiliation_strings":["Northwestern University, Evanston, IL"],"affiliations":[{"raw_affiliation_string":"Northwestern University, Evanston, IL","institution_ids":["https://openalex.org/I111979921"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5022470901","display_name":"Aaron Beach","orcid":"https://orcid.org/0000-0001-9514-2746"},"institutions":[{"id":"https://openalex.org/I111979921","display_name":"Northwestern University","ror":"https://ror.org/000e0be47","country_code":"US","type":"education","lineage":["https://openalex.org/I111979921"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Aaron Beach","raw_affiliation_strings":["Northwestern University, Evanston, IL"],"affiliations":[{"raw_affiliation_string":"Northwestern University, Evanston, IL","institution_ids":["https://openalex.org/I111979921"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5091296600"],"corresponding_institution_ids":["https://openalex.org/I111979921"],"apc_list":null,"apc_paid":null,"fwci":3.1501,"has_fulltext":true,"cited_by_count":69,"citation_normalized_percentile":{"value":0.92065881,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"115","last_page":"122"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9990000128746033,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10742","display_name":"Peer-to-Peer Network Technologies","score":0.9973000288009644,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8212368488311768},{"id":"https://openalex.org/keywords/scalability","display_name":"Scalability","score":0.6439236402511597},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.6089799404144287},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.5876706838607788},{"id":"https://openalex.org/keywords/distributed-hash-table","display_name":"Distributed hash table","score":0.4991645812988281},{"id":"https://openalex.org/keywords/routing-table","display_name":"Routing table","score":0.4821452796459198},{"id":"https://openalex.org/keywords/single-point-of-failure","display_name":"Single point of failure","score":0.44202932715415955},{"id":"https://openalex.org/keywords/distributed-computing","display_name":"Distributed computing","score":0.43391868472099304},{"id":"https://openalex.org/keywords/routing","display_name":"Routing (electronic design automation)","score":0.3985900282859802},{"id":"https://openalex.org/keywords/routing-protocol","display_name":"Routing protocol","score":0.3211025595664978},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.30579835176467896},{"id":"https://openalex.org/keywords/peer-to-peer","display_name":"Peer-to-peer","score":0.2586561441421509},{"id":"https://openalex.org/keywords/database","display_name":"Database","score":0.11712655425071716}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8212368488311768},{"id":"https://openalex.org/C48044578","wikidata":"https://www.wikidata.org/wiki/Q727490","display_name":"Scalability","level":2,"score":0.6439236402511597},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.6089799404144287},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.5876706838607788},{"id":"https://openalex.org/C2780224649","wikidata":"https://www.wikidata.org/wiki/Q863506","display_name":"Distributed hash table","level":3,"score":0.4991645812988281},{"id":"https://openalex.org/C184896649","wikidata":"https://www.wikidata.org/wiki/Q290066","display_name":"Routing table","level":4,"score":0.4821452796459198},{"id":"https://openalex.org/C165136773","wikidata":"https://www.wikidata.org/wiki/Q1363179","display_name":"Single point of failure","level":2,"score":0.44202932715415955},{"id":"https://openalex.org/C120314980","wikidata":"https://www.wikidata.org/wiki/Q180634","display_name":"Distributed computing","level":1,"score":0.43391868472099304},{"id":"https://openalex.org/C74172769","wikidata":"https://www.wikidata.org/wiki/Q1446839","display_name":"Routing (electronic design automation)","level":2,"score":0.3985900282859802},{"id":"https://openalex.org/C104954878","wikidata":"https://www.wikidata.org/wiki/Q1648707","display_name":"Routing protocol","level":3,"score":0.3211025595664978},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.30579835176467896},{"id":"https://openalex.org/C534932454","wikidata":"https://www.wikidata.org/wiki/Q161410","display_name":"Peer-to-peer","level":2,"score":0.2586561441421509},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.11712655425071716}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1145/1162666.1162669","is_oa":true,"landing_page_url":"https://doi.org/10.1145/1162666.1162669","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/1162666.1162669","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense","raw_type":"proceedings-article"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.114.8475","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.114.8475","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://www.cs.northwestern.edu/~zli109/publication/Li-LSAD06.pdf","raw_type":"text"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.118.5471","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.118.5471","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://www.cs.northwestern.edu/~ychen/Papers/LSAD06.pdf","raw_type":"text"}],"best_oa_location":{"id":"doi:10.1145/1162666.1162669","is_oa":true,"landing_page_url":"https://doi.org/10.1145/1162666.1162669","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/1162666.1162669","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense","raw_type":"proceedings-article"},"sustainable_development_goals":[{"score":0.6100000143051147,"display_name":"Industry, innovation and infrastructure","id":"https://metadata.un.org/sdg/9"}],"awards":[],"funders":[],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W1985793456.pdf","grobid_xml":"https://content.openalex.org/works/W1985793456.grobid-xml"},"referenced_works_count":32,"referenced_works":["https://openalex.org/W71235019","https://openalex.org/W116657184","https://openalex.org/W1498585374","https://openalex.org/W1540548505","https://openalex.org/W1541939527","https://openalex.org/W1563061804","https://openalex.org/W1586871184","https://openalex.org/W1597305440","https://openalex.org/W1605124321","https://openalex.org/W1630225947","https://openalex.org/W1744212210","https://openalex.org/W1985382559","https://openalex.org/W1994340575","https://openalex.org/W2023955403","https://openalex.org/W2029030698","https://openalex.org/W2092043296","https://openalex.org/W2096030967","https://openalex.org/W2100583963","https://openalex.org/W2104692292","https://openalex.org/W2107800601","https://openalex.org/W2123482462","https://openalex.org/W2134006599","https://openalex.org/W2137430899","https://openalex.org/W2151839674","https://openalex.org/W2157413319","https://openalex.org/W2158049821","https://openalex.org/W2162733677","https://openalex.org/W2163059190","https://openalex.org/W2170313477","https://openalex.org/W2288766236","https://openalex.org/W4235795579","https://openalex.org/W4285719527"],"related_works":["https://openalex.org/W1589448563","https://openalex.org/W2490513112","https://openalex.org/W1761577731","https://openalex.org/W2986790267","https://openalex.org/W1587312129","https://openalex.org/W2045498485","https://openalex.org/W2396038392","https://openalex.org/W2118867570","https://openalex.org/W2102755235","https://openalex.org/W4233890295"],"abstract_inverted_index":{"Traffic":[0],"anomalies":[1],"and":[2,21,59,132,134,137,145,169],"distributed":[3,28,38,62],"attacks":[4],"are":[5],"commonplace":[6],"in":[7,153],"today's":[8],"networks.":[9],"Single":[10],"point":[11],"detection":[12,30],"is":[13,106],"often":[14],"insufficient":[15],"to":[16,49,79,90,102,160],"determine":[17],"the":[18,55,68,72,80,91,141,148,162,167,171,174,199,218,223],"causes,":[19],"patterns":[20],"prevalence":[22],"of":[23,117,120,124,140,147,183,231],"such":[24],"events.":[25],"Most":[26],"existing":[27],"intrusion":[29,69,82,233],"systems":[31],"(DIDS)":[32],"rely":[33],"on":[34,54,180],"centralized":[35],"fusion,":[36],"or":[37,176],"fusion":[39,94],"with":[40,84],"unscalable":[41],"communication":[42],"mechanisms.":[43],"In":[44],"this":[45],"paper,":[46],"we":[47],"propose":[48,157],"build":[50],"a":[51],"DIDS":[52],"based":[53,113,179],"emerging":[56],"decentralized":[57],"location":[58],"routing":[60,110],"infrastructure:":[61],"hash":[63],"table":[64],"(DHT).":[65],"We":[66,155],"embed":[67],"symptoms":[70],"into":[71],"DHT":[73,205],"dimensions":[74],"so":[75],"that":[76,198],"alarms":[77,101,163,211],"related":[78,210],"same":[81,92],"(thus":[83],"similar":[85],"symptoms)":[86],"will":[87],"be":[88],"routed":[89],"sensor":[93],"center":[95],"(SFC)":[96],"while":[97,212],"evenly":[98,165,216],"distributing":[99,213],"unrelated":[100,214],"different":[103],"SFCs.":[104,219],"This":[105],"achieved":[107],"through":[108],"careful":[109],"key":[111],"design":[112],"on:":[114],"1)":[115],"analysis":[116,139],"essential":[118],"characteristics":[119],"four":[121],"common":[122],"types":[123],"intrusions:":[125],"DoS":[126],"attacks,":[127],"port":[128,143],"scanning,":[129],"virus/worm":[130],"infection":[131],"botnets;":[133],"2)":[135],"distribution":[136],"stability":[138],"popular":[142,149],"numbers":[144],"those":[146],"source":[150],"IP":[151],"subnets":[152],"scans.":[154],"further":[156],"several":[158],"schemes":[159],"distribute":[161],"more":[164],"across":[166],"SFCs,":[168],"improve":[170],"resiliency":[172],"against":[173],"failures":[175],"attacks.":[177],"Evaluation":[178],"one":[181],"month":[182],"DShield":[184],"firewall":[185],"logs":[186],"(600":[187],"million":[188],"scan":[189],"records)":[190],"collected":[191],"from":[192],"over":[193],"2200":[194],"worldwide":[195],"providers":[196],"show":[197],"resulting":[200],"system,":[201],"termed":[202],"Cyber":[203],"Disease":[204],"(CDDHT),":[206],"can":[207],"effectively":[208],"fuse":[209],"ones":[215],"among":[217],"It":[220],"significantly":[221],"outperforms":[222],"traditional":[224],"hierarchical":[225],"approach":[226],"when":[227],"facing":[228],"large":[229],"amounts":[230],"diverse":[232],"alerts.":[234]},"counts_by_year":[{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":1},{"year":2022,"cited_by_count":1},{"year":2021,"cited_by_count":4},{"year":2020,"cited_by_count":5},{"year":2019,"cited_by_count":6},{"year":2018,"cited_by_count":7},{"year":2017,"cited_by_count":7},{"year":2016,"cited_by_count":5},{"year":2015,"cited_by_count":1},{"year":2014,"cited_by_count":3},{"year":2013,"cited_by_count":6},{"year":2012,"cited_by_count":3}],"updated_date":"2026-04-04T16:13:02.066488","created_date":"2025-10-10T00:00:00"}