{"id":"https://openalex.org/W2032247543","doi":"https://doi.org/10.1145/1180405.1180414","title":"Evading network anomaly detection systems","display_name":"Evading network anomaly detection systems","publication_year":2006,"publication_date":"2006-10-30","ids":{"openalex":"https://openalex.org/W2032247543","doi":"https://doi.org/10.1145/1180405.1180414","mag":"2032247543"},"language":"en","primary_location":{"id":"doi:10.1145/1180405.1180414","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1180405.1180414","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 13th ACM conference on Computer and communications security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5034137329","display_name":"Prahlad Fogla","orcid":null},"institutions":[{"id":"https://openalex.org/I130701444","display_name":"Georgia Institute of Technology","ror":"https://ror.org/01zkghx44","country_code":"US","type":"education","lineage":["https://openalex.org/I130701444"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Prahlad Fogla","raw_affiliation_strings":["Georgia Institute of Technology, Atlanta, Georgia","Georgia Institute of Technology , Atlanta, Georgia"],"affiliations":[{"raw_affiliation_string":"Georgia Institute of Technology, Atlanta, Georgia","institution_ids":["https://openalex.org/I130701444"]},{"raw_affiliation_string":"Georgia Institute of Technology , Atlanta, Georgia","institution_ids":["https://openalex.org/I130701444"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5047140382","display_name":"Wenke Lee","orcid":"https://orcid.org/0000-0003-2761-1277"},"institutions":[{"id":"https://openalex.org/I130701444","display_name":"Georgia Institute of Technology","ror":"https://ror.org/01zkghx44","country_code":"US","type":"education","lineage":["https://openalex.org/I130701444"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Wenke Lee","raw_affiliation_strings":["Georgia Institute of Technology, Atlanta, Georgia","Georgia Institute of Technology , Atlanta, Georgia"],"affiliations":[{"raw_affiliation_string":"Georgia Institute of Technology, Atlanta, Georgia","institution_ids":["https://openalex.org/I130701444"]},{"raw_affiliation_string":"Georgia Institute of Technology , Atlanta, Georgia","institution_ids":["https://openalex.org/I130701444"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5034137329"],"corresponding_institution_ids":["https://openalex.org/I130701444"],"apc_list":null,"apc_paid":null,"fwci":9.959,"has_fulltext":false,"cited_by_count":157,"citation_normalized_percentile":{"value":0.98277852,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"59","last_page":"68"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9984999895095825,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8098026514053345},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.7795233726501465},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.7481909990310669},{"id":"https://openalex.org/keywords/heuristic","display_name":"Heuristic","score":0.6735597848892212},{"id":"https://openalex.org/keywords/evasion","display_name":"Evasion (ethics)","score":0.6208928227424622},{"id":"https://openalex.org/keywords/hacker","display_name":"Hacker","score":0.5894514322280884},{"id":"https://openalex.org/keywords/payload","display_name":"Payload (computing)","score":0.5883041620254517},{"id":"https://openalex.org/keywords/network-packet","display_name":"Network packet","score":0.5667080879211426},{"id":"https://openalex.org/keywords/attack-patterns","display_name":"Attack patterns","score":0.5339798927307129},{"id":"https://openalex.org/keywords/anomaly","display_name":"Anomaly (physics)","score":0.5156389474868774},{"id":"https://openalex.org/keywords/anomaly-based-intrusion-detection-system","display_name":"Anomaly-based intrusion detection system","score":0.4290403723716736},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.3748074769973755},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.35349729657173157},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.18140986561775208}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8098026514053345},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.7795233726501465},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.7481909990310669},{"id":"https://openalex.org/C173801870","wikidata":"https://www.wikidata.org/wiki/Q201413","display_name":"Heuristic","level":2,"score":0.6735597848892212},{"id":"https://openalex.org/C2781251061","wikidata":"https://www.wikidata.org/wiki/Q5416089","display_name":"Evasion (ethics)","level":3,"score":0.6208928227424622},{"id":"https://openalex.org/C86844869","wikidata":"https://www.wikidata.org/wiki/Q2798820","display_name":"Hacker","level":2,"score":0.5894514322280884},{"id":"https://openalex.org/C134066672","wikidata":"https://www.wikidata.org/wiki/Q1424639","display_name":"Payload (computing)","level":3,"score":0.5883041620254517},{"id":"https://openalex.org/C158379750","wikidata":"https://www.wikidata.org/wiki/Q214111","display_name":"Network packet","level":2,"score":0.5667080879211426},{"id":"https://openalex.org/C2780741293","wikidata":"https://www.wikidata.org/wiki/Q4818019","display_name":"Attack patterns","level":3,"score":0.5339798927307129},{"id":"https://openalex.org/C12997251","wikidata":"https://www.wikidata.org/wiki/Q567560","display_name":"Anomaly (physics)","level":2,"score":0.5156389474868774},{"id":"https://openalex.org/C137524506","wikidata":"https://www.wikidata.org/wiki/Q2247688","display_name":"Anomaly-based intrusion detection system","level":3,"score":0.4290403723716736},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3748074769973755},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.35349729657173157},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.18140986561775208},{"id":"https://openalex.org/C203014093","wikidata":"https://www.wikidata.org/wiki/Q101929","display_name":"Immunology","level":1,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C26873012","wikidata":"https://www.wikidata.org/wiki/Q214781","display_name":"Condensed matter physics","level":1,"score":0.0},{"id":"https://openalex.org/C8891405","wikidata":"https://www.wikidata.org/wiki/Q1059","display_name":"Immune system","level":2,"score":0.0},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/1180405.1180414","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1180405.1180414","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 13th ACM conference on Computer and communications security","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.5899999737739563,"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"},{"id":"https://openalex.org/F4320332923","display_name":"U.S. Navy","ror":"https://ror.org/03ar0mv07"},{"id":"https://openalex.org/F4320337345","display_name":"Office of Naval Research","ror":"https://ror.org/00rk2pe57"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":36,"referenced_works":["https://openalex.org/W1485086418","https://openalex.org/W1525958661","https://openalex.org/W1551618785","https://openalex.org/W1574173537","https://openalex.org/W1580559113","https://openalex.org/W1595564425","https://openalex.org/W1621186777","https://openalex.org/W1674877186","https://openalex.org/W1862271745","https://openalex.org/W1903577715","https://openalex.org/W1947347140","https://openalex.org/W1989359075","https://openalex.org/W1993426957","https://openalex.org/W2034362794","https://openalex.org/W2100609826","https://openalex.org/W2103378897","https://openalex.org/W2106649514","https://openalex.org/W2108601876","https://openalex.org/W2116065364","https://openalex.org/W2131523719","https://openalex.org/W2135143063","https://openalex.org/W2137786570","https://openalex.org/W2146211060","https://openalex.org/W2151298633","https://openalex.org/W2151996777","https://openalex.org/W2162240407","https://openalex.org/W2167332015","https://openalex.org/W2168844087","https://openalex.org/W2752885492","https://openalex.org/W2752929869","https://openalex.org/W3145128584","https://openalex.org/W4232676016","https://openalex.org/W4285719527","https://openalex.org/W4299940018","https://openalex.org/W6681652963","https://openalex.org/W7029321148"],"related_works":["https://openalex.org/W3209300462","https://openalex.org/W4247243350","https://openalex.org/W4234221680","https://openalex.org/W2168341697","https://openalex.org/W2476296253","https://openalex.org/W1507306356","https://openalex.org/W105025798","https://openalex.org/W2035106801","https://openalex.org/W2166199068","https://openalex.org/W2507681538"],"abstract_inverted_index":{"Attackers":[0],"often":[1],"try":[2],"to":[3,66,143,159,170,199],"evade":[4],"an":[5,99,104,172],"intrusion":[6],"detection":[7,48,101,216],"system":[8,102],"(IDS)":[9],"when":[10],"launching":[11],"their":[12],"attacks.":[13],"There":[14],"have":[15,204,221],"been":[16],"several":[17],"published":[18],"studies":[19],"in":[20,27,71,116,153],"evasion":[21],"attacks,":[22],"some":[23,44],"with":[24,206],"available":[25,152],"tools,":[26],"the":[28,34,76,82,95,124,134,144,182,194,201,210,219],"research":[29],"community":[30],"as":[31,33],"well":[32],"\"hackers''":[35],"community.":[36],"Our":[37,175],"recent":[38],"empirical":[39],"case":[40],"study":[41],"showed":[42],"that":[43,75,115,121,150],"payload-based":[45],"network":[46],"anomaly":[47,100,215],"systems":[49],"can":[50,106,140,156,177,184,196],"be":[51,141,157,185,197],"evaded":[52],"by":[53,187],"a":[54,63,73,91,119,129,138,161,167,188],"polymorphic":[55,69],"blending":[56],"attack":[57,79],"(PBA).":[58],"The":[59],"main":[60],"idea":[61],"of":[62,78,136],"PBA":[64,111,120,139,189],"is":[65,128],"create":[67],"each":[68],"instance":[70],"such":[72],"way":[74],"statistics":[77],"packet(s)":[80],"match":[81],"normal":[83,125],"traffic":[84,126],"profile.":[85],"In":[86],"this":[87],"paper,":[88],"we":[89],"present":[90,166],"formal":[92],"framework":[93,176,208],"for":[94],"open":[96],"problem:":[97],"given":[98],"and":[103,213,218],"attack,":[105],"one":[107],"automatically":[108],"generate":[109],"its":[110],"instances?":[112],"We":[113,164,203],"show":[114],"general,":[117],"generating":[118],"optimally":[122],"matches":[123],"profile":[127],"hard":[130],"problem":[131,135],"(NP-complete).":[132],"However,":[133],"finding":[137],"reduced":[142],"SAT":[145],"or":[146],"ILP":[147],"problems":[148],"so":[149],"solvers":[151],"those":[154],"domains":[155],"used":[158],"find":[160,171],"near-optimal":[162],"solution.":[163,174],"also":[165,191],"heuristic":[168],"(hill-climbing)":[169],"approximate":[173],"not":[178],"only":[179],"expose":[180],"how":[181,193],"IDS":[183,195],"exploited":[186],"but":[190],"suggest":[192],"improved":[198],"prevent":[200],"PBA.":[202],"experimented":[205],"our":[207,223],"using":[209],"PAYL":[211],"1-gram":[212],"2-gram":[214],"system,":[217],"results":[220],"validated":[222],"framework.":[224]},"counts_by_year":[{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":1},{"year":2022,"cited_by_count":1},{"year":2021,"cited_by_count":6},{"year":2020,"cited_by_count":3},{"year":2019,"cited_by_count":21},{"year":2018,"cited_by_count":14},{"year":2017,"cited_by_count":8},{"year":2016,"cited_by_count":10},{"year":2015,"cited_by_count":7},{"year":2014,"cited_by_count":11},{"year":2013,"cited_by_count":3},{"year":2012,"cited_by_count":11}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}