{"id":"https://openalex.org/W2155915275","doi":"https://doi.org/10.1145/1452520.1452539","title":"An empirical evaluation of entropy-based traffic anomaly detection","display_name":"An empirical evaluation of entropy-based traffic anomaly detection","publication_year":2008,"publication_date":"2008-10-20","ids":{"openalex":"https://openalex.org/W2155915275","doi":"https://doi.org/10.1145/1452520.1452539","mag":"2155915275"},"language":"en","primary_location":{"id":"doi:10.1145/1452520.1452539","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1452520.1452539","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 8th ACM SIGCOMM conference on Internet measurement","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5040773832","display_name":"George Nychis","orcid":null},"institutions":[{"id":"https://openalex.org/I74973139","display_name":"Carnegie Mellon University","ror":"https://ror.org/05x2bcf33","country_code":"US","type":"education","lineage":["https://openalex.org/I74973139"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"George Nychis","raw_affiliation_strings":["Carnegie Mellon University, Pittsburgh, PA, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Carnegie Mellon University, Pittsburgh, PA, USA","institution_ids":["https://openalex.org/I74973139"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5079175103","display_name":"Vyas Sekar","orcid":"https://orcid.org/0000-0001-5452-8976"},"institutions":[{"id":"https://openalex.org/I74973139","display_name":"Carnegie Mellon University","ror":"https://ror.org/05x2bcf33","country_code":"US","type":"education","lineage":["https://openalex.org/I74973139"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Vyas Sekar","raw_affiliation_strings":["Carnegie Mellon University, Pittsburgh, PA, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Carnegie Mellon University, Pittsburgh, PA, USA","institution_ids":["https://openalex.org/I74973139"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5085479490","display_name":"David G. Andersen","orcid":null},"institutions":[{"id":"https://openalex.org/I74973139","display_name":"Carnegie Mellon University","ror":"https://ror.org/05x2bcf33","country_code":"US","type":"education","lineage":["https://openalex.org/I74973139"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"David G. Andersen","raw_affiliation_strings":["Carnegie Mellon University, Pittsburgh, PA, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Carnegie Mellon University, Pittsburgh, PA, USA","institution_ids":["https://openalex.org/I74973139"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5110739499","display_name":"Hyong Kim","orcid":null},"institutions":[{"id":"https://openalex.org/I74973139","display_name":"Carnegie Mellon University","ror":"https://ror.org/05x2bcf33","country_code":"US","type":"education","lineage":["https://openalex.org/I74973139"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Hyong Kim","raw_affiliation_strings":["Carnegie Mellon University, Pittsburgh, PA, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Carnegie Mellon University, Pittsburgh, PA, USA","institution_ids":["https://openalex.org/I74973139"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5100323367","display_name":"Hui Zhang","orcid":"https://orcid.org/0000-0001-8107-4930"},"institutions":[{"id":"https://openalex.org/I74973139","display_name":"Carnegie Mellon University","ror":"https://ror.org/05x2bcf33","country_code":"US","type":"education","lineage":["https://openalex.org/I74973139"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Hui Zhang","raw_affiliation_strings":["Carnegie Mellon University, Pittsburgh, PA, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Carnegie Mellon University, Pittsburgh, PA, USA","institution_ids":["https://openalex.org/I74973139"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":20.9757,"has_fulltext":false,"cited_by_count":299,"citation_normalized_percentile":{"value":0.99496841,"is_in_top_1_percent":true,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":95,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"151","last_page":"156"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.8173071146011353},{"id":"https://openalex.org/keywords/header","display_name":"Header","score":0.7324389815330505},{"id":"https://openalex.org/keywords/entropy","display_name":"Entropy (arrow of time)","score":0.6281682252883911},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6188744306564331},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.4860094487667084},{"id":"https://openalex.org/keywords/probability-distribution","display_name":"Probability distribution","score":0.4643820524215698},{"id":"https://openalex.org/keywords/mathematics","display_name":"Mathematics","score":0.15051347017288208},{"id":"https://openalex.org/keywords/statistics","display_name":"Statistics","score":0.14976349472999573},{"id":"https://openalex.org/keywords/physics","display_name":"Physics","score":0.10875779390335083},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.07704442739486694}],"concepts":[{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.8173071146011353},{"id":"https://openalex.org/C48105269","wikidata":"https://www.wikidata.org/wiki/Q1141160","display_name":"Header","level":2,"score":0.7324389815330505},{"id":"https://openalex.org/C106301342","wikidata":"https://www.wikidata.org/wiki/Q4117933","display_name":"Entropy (arrow of time)","level":2,"score":0.6281682252883911},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6188744306564331},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.4860094487667084},{"id":"https://openalex.org/C149441793","wikidata":"https://www.wikidata.org/wiki/Q200726","display_name":"Probability distribution","level":2,"score":0.4643820524215698},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.15051347017288208},{"id":"https://openalex.org/C105795698","wikidata":"https://www.wikidata.org/wiki/Q12483","display_name":"Statistics","level":1,"score":0.14976349472999573},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.10875779390335083},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.07704442739486694},{"id":"https://openalex.org/C62520636","wikidata":"https://www.wikidata.org/wiki/Q944","display_name":"Quantum mechanics","level":1,"score":0.0}],"mesh":[],"locations_count":4,"locations":[{"id":"doi:10.1145/1452520.1452539","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1452520.1452539","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 8th ACM SIGCOMM conference on Internet measurement","raw_type":"proceedings-article"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.150.601","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.150.601","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://www.cs.cmu.edu/~dga/papers/entropy-imc2008.pdf","raw_type":"text"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.295.8667","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.295.8667","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://www.andrew.cmu.edu/user/gnychis/entropy_analysis.pdf","raw_type":"text"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.352.8765","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.352.8765","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://www.cs.cmu.edu/~vyass/papers/imcfp04-nychis.pdf","raw_type":"text"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":16,"referenced_works":["https://openalex.org/W1698314624","https://openalex.org/W1744212210","https://openalex.org/W2010973140","https://openalex.org/W2078021840","https://openalex.org/W2096847629","https://openalex.org/W2108673751","https://openalex.org/W2109885200","https://openalex.org/W2113061123","https://openalex.org/W2121511513","https://openalex.org/W2130598205","https://openalex.org/W2132598186","https://openalex.org/W2146189323","https://openalex.org/W2159262496","https://openalex.org/W2164210932","https://openalex.org/W2341203409","https://openalex.org/W4241915340"],"related_works":["https://openalex.org/W2171597999","https://openalex.org/W2189136227","https://openalex.org/W1866537546","https://openalex.org/W630850086","https://openalex.org/W3200508093","https://openalex.org/W4372053344","https://openalex.org/W3193978431","https://openalex.org/W2379752180","https://openalex.org/W2519240373","https://openalex.org/W1496096987"],"abstract_inverted_index":{"Entropy-based":[0],"approaches":[1],"for":[2,167],"anomaly":[3,27,107,169],"detection":[4,38,108],"are":[5,97,116],"appealing":[6],"since":[7],"they":[8],"provide":[9,104],"more":[10],"fine-grained":[11],"insights":[12],"than":[13],"traditional":[14],"traffic":[15,46],"volume":[16],"analysis.":[17],"While":[18],"previous":[19],"work":[20],"has":[21,30],"demonstrated":[22],"the":[23,37,72,86,92,130,144],"benefits":[24],"of":[25,40,44,57,74,88,91],"entropy-based":[26,42,168],"detection,":[28],"there":[29],"been":[31],"little":[32],"effort":[33],"to":[34],"comprehensively":[35],"understand":[36],"power":[39],"using":[41,137],"analysis":[43,136],"multiple":[45],"distributions":[47,70,96,115,148],"in":[48,129,152],"conjunction":[49],"with":[50,100],"each":[51,79,101],"other.":[52],"We":[53,83],"consider":[54],"two":[55],"classes":[56],"distributions:":[58],"flow-header":[59],"features":[60,68],"(IP":[61],"addresses,":[62],"ports,":[63],"and":[64,66,94,103,112,119,132,146,155],"flow-sizes),":[65],"behavioral":[67,111],"(degree":[69],"measuring":[71],"number":[73],"distinct":[75],"destination/source":[76],"IPs":[77],"that":[78,85,122,143],"host":[80],"communicates":[81],"with).":[82],"observe":[84],"timeseries":[87],"entropy":[89],"values":[90],"address":[93,133,147],"port":[95,131,145],"strongly":[98],"correlated":[99,118],"other":[102],"very":[105],"similar":[106],"capabilities.":[109],"The":[110],"flow":[113],"size":[114],"less":[117],"detect":[120],"incidents":[121],"do":[123],"not":[124],"show":[125],"up":[126],"as":[127],"anomalies":[128,140],"distributions.":[134],"Further":[135],"synthetically":[138],"generated":[139],"also":[141],"suggests":[142],"have":[149],"limited":[150],"utility":[151],"detecting":[153],"scan":[154],"bandwidth":[156],"flood":[157],"anomalies.":[158],"Based":[159],"on":[160],"our":[161],"analysis,":[162],"we":[163],"discuss":[164],"important":[165],"implications":[166],"detection.":[170]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":3},{"year":2024,"cited_by_count":7},{"year":2023,"cited_by_count":6},{"year":2022,"cited_by_count":8},{"year":2021,"cited_by_count":17},{"year":2020,"cited_by_count":19},{"year":2019,"cited_by_count":28},{"year":2018,"cited_by_count":21},{"year":2017,"cited_by_count":21},{"year":2016,"cited_by_count":18},{"year":2015,"cited_by_count":32},{"year":2014,"cited_by_count":24},{"year":2013,"cited_by_count":22},{"year":2012,"cited_by_count":17}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}