{"id":"https://openalex.org/W2113272265","doi":"https://doi.org/10.1145/1185347.1185370","title":"Scalable network-based buffer overflow attack detection","display_name":"Scalable network-based buffer overflow attack detection","publication_year":2006,"publication_date":"2006-12-03","ids":{"openalex":"https://openalex.org/W2113272265","doi":"https://doi.org/10.1145/1185347.1185370","mag":"2113272265"},"language":"en","primary_location":{"id":"doi:10.1145/1185347.1185370","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1185347.1185370","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5024320548","display_name":"Fu\u2010Hau Hsu","orcid":"https://orcid.org/0000-0002-2586-5874"},"institutions":[{"id":"https://openalex.org/I22265921","display_name":"National Central University","ror":"https://ror.org/00944ve71","country_code":"TW","type":"education","lineage":["https://openalex.org/I22265921"]}],"countries":["TW"],"is_corresponding":true,"raw_author_name":"Fu-Hau Hsu","raw_affiliation_strings":["National Central University, Taiwan, R.O.C","National Central University, Taiwan, R. O. C"],"affiliations":[{"raw_affiliation_string":"National Central University, Taiwan, R.O.C","institution_ids":["https://openalex.org/I22265921"]},{"raw_affiliation_string":"National Central University, Taiwan, R. O. C","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5073020523","display_name":"Fanglu Guo","orcid":null},"institutions":[{"id":"https://openalex.org/I1308906816","display_name":"NortonLifeLock (United States)","ror":"https://ror.org/0449t3a80","country_code":"US","type":"company","lineage":["https://openalex.org/I1308906816"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Fanglu Guo","raw_affiliation_strings":["Symantec Research Laboratory, Cupertino, CA","Symantec Research Laboratory, Cupertino, CA#TAB#"],"affiliations":[{"raw_affiliation_string":"Symantec Research Laboratory, Cupertino, CA","institution_ids":["https://openalex.org/I1308906816"]},{"raw_affiliation_string":"Symantec Research Laboratory, Cupertino, CA#TAB#","institution_ids":["https://openalex.org/I1308906816"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5111960386","display_name":"Tzi\u2010cker Chiueh","orcid":null},"institutions":[{"id":"https://openalex.org/I59553526","display_name":"Stony Brook University","ror":"https://ror.org/05qghxh33","country_code":"US","type":"education","lineage":["https://openalex.org/I59553526"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Tzi-cker Chiueh","raw_affiliation_strings":["Stony Brook University, Stony Brook, NY"],"affiliations":[{"raw_affiliation_string":"Stony Brook University, Stony Brook, NY","institution_ids":["https://openalex.org/I59553526"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5024320548"],"corresponding_institution_ids":["https://openalex.org/I22265921"],"apc_list":null,"apc_paid":null,"fwci":0.6036,"has_fulltext":false,"cited_by_count":20,"citation_normalized_percentile":{"value":0.7272314,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":98},"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9990000128746033,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/buffer-overflow","display_name":"Buffer overflow","score":0.9521999359130859},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8350367546081543},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.6373425126075745},{"id":"https://openalex.org/keywords/scalability","display_name":"Scalability","score":0.5633730292320251},{"id":"https://openalex.org/keywords/overhead","display_name":"Overhead (engineering)","score":0.5259326100349426},{"id":"https://openalex.org/keywords/network-packet","display_name":"Network packet","score":0.5118502974510193},{"id":"https://openalex.org/keywords/payload","display_name":"Payload (computing)","score":0.500701904296875},{"id":"https://openalex.org/keywords/false-positive-paradox","display_name":"False positive paradox","score":0.42855238914489746},{"id":"https://openalex.org/keywords/attack-model","display_name":"Attack model","score":0.415319561958313},{"id":"https://openalex.org/keywords/real-time-computing","display_name":"Real-time computing","score":0.3416239023208618},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.3186696171760559},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.2179984748363495}],"concepts":[{"id":"https://openalex.org/C40842320","wikidata":"https://www.wikidata.org/wiki/Q19423","display_name":"Buffer overflow","level":2,"score":0.9521999359130859},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8350367546081543},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.6373425126075745},{"id":"https://openalex.org/C48044578","wikidata":"https://www.wikidata.org/wiki/Q727490","display_name":"Scalability","level":2,"score":0.5633730292320251},{"id":"https://openalex.org/C2779960059","wikidata":"https://www.wikidata.org/wiki/Q7113681","display_name":"Overhead (engineering)","level":2,"score":0.5259326100349426},{"id":"https://openalex.org/C158379750","wikidata":"https://www.wikidata.org/wiki/Q214111","display_name":"Network packet","level":2,"score":0.5118502974510193},{"id":"https://openalex.org/C134066672","wikidata":"https://www.wikidata.org/wiki/Q1424639","display_name":"Payload (computing)","level":3,"score":0.500701904296875},{"id":"https://openalex.org/C64869954","wikidata":"https://www.wikidata.org/wiki/Q1859747","display_name":"False positive paradox","level":2,"score":0.42855238914489746},{"id":"https://openalex.org/C65856478","wikidata":"https://www.wikidata.org/wiki/Q3991682","display_name":"Attack model","level":2,"score":0.415319561958313},{"id":"https://openalex.org/C79403827","wikidata":"https://www.wikidata.org/wiki/Q3988","display_name":"Real-time computing","level":1,"score":0.3416239023208618},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3186696171760559},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.2179984748363495},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/1185347.1185370","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1185347.1185370","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":20,"referenced_works":["https://openalex.org/W70341044","https://openalex.org/W1485086418","https://openalex.org/W1534815787","https://openalex.org/W1537077670","https://openalex.org/W1545927878","https://openalex.org/W1553177637","https://openalex.org/W1568015003","https://openalex.org/W1579850852","https://openalex.org/W1655226010","https://openalex.org/W1671661096","https://openalex.org/W1993426957","https://openalex.org/W2066023578","https://openalex.org/W2091820864","https://openalex.org/W2116065364","https://openalex.org/W2160760912","https://openalex.org/W2162986442","https://openalex.org/W2163939341","https://openalex.org/W2350778671","https://openalex.org/W4285719527","https://openalex.org/W6602894725"],"related_works":["https://openalex.org/W2353840198","https://openalex.org/W2373025652","https://openalex.org/W3120511008","https://openalex.org/W2161406213","https://openalex.org/W1569451733","https://openalex.org/W2091999583","https://openalex.org/W2981477719","https://openalex.org/W1976259329","https://openalex.org/W2955240225","https://openalex.org/W1528755754"],"abstract_inverted_index":{"Buffer":[0],"overflow":[1,38,70,90,117,133,184],"attack":[2,6,71,118,185],"is":[3,149],"the":[4,46,50,95,103,137,175,181],"main":[5],"method":[7],"that":[8,52,125,156,172],"most":[9,40],"if":[10],"not":[11],"all":[12,128,159],"existing":[13,160],"malicious":[14],"worms":[15],"use":[16],"to":[17,22,45,102,142,188],"propagate":[18],"themselves":[19],"from":[20],"machine":[21],"machine.":[23],"Although":[24],"a":[25,64,110,122,143,152,167],"great":[26],"deal":[27],"of":[28,41,59,108,131,139],"research":[29],"has":[30],"been":[31],"invested":[32],"in":[33],"defense":[34],"mechanisms":[35],"against":[36],"buffer":[37,69,89,116,132,183],"attack,":[39],"them":[42],"require":[43],"modifications":[44,101],"network":[47,190],"applications":[48],"and/or":[49],"platforms":[51],"host":[53],"them.":[54],"Being":[55],"an":[56],"extension":[57],"work":[58],"CTCP,":[60],"this":[61],"paper":[62],"presents":[63],"network-based":[65],"low":[66],"performance":[67],"overhead":[68],"detection":[72,186],"system":[73],"called":[74],"Nebula":[75,120,148,165],"1":[76],"NEtwork-based":[77],"BUffer":[78],"overfLow":[79],"Attack":[80],"detection,":[81],"which":[82],"can":[83,126],"detect":[84],"both":[85],"known":[86,129],"and":[87,179],"zero-day":[88],"attacks":[91,134],"based":[92],"solely":[93],"on":[94,151],"packets":[96],"observed":[97],"without":[98],"requiring":[99],"any":[100],"end":[104],"hosts.":[105],"Moreover,":[106],"instead":[107],"deriving":[109],"specific":[111],"signature":[112,124],"for":[113],"each":[114],"individual":[115],"instance,":[119],"uses":[121],"generalized":[123],"capture":[127],"variants":[130],"while":[135],"reducing":[136],"number":[138],"false":[140,176],"positives":[141],"negligible":[144],"level.":[145],"In":[146],"addition,":[147],"built":[150],"centralized":[153],"TCP/IP":[154],"architecture":[155],"effectively":[157],"defeats":[158],"NIDS":[161],"evasion":[162],"techniques.":[163],"Finally,":[164],"incorporates":[166],"payload":[168],"type":[169],"identification":[170],"mechanism":[171],"reduces":[173],"further":[174],"positive":[177],"rate":[178],"scales":[180],"proposed":[182],"scheme":[187],"gigabit":[189],"links.":[191]},"counts_by_year":[{"year":2022,"cited_by_count":2},{"year":2016,"cited_by_count":2},{"year":2015,"cited_by_count":1},{"year":2014,"cited_by_count":3},{"year":2012,"cited_by_count":4}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}