{"id":"https://openalex.org/W2170580798","doi":"https://doi.org/10.1145/1592681.1592686","title":"Impact of IT monoculture on behavioral end host intrusion detection","display_name":"Impact of IT monoculture on behavioral end host intrusion detection","publication_year":2009,"publication_date":"2009-08-21","ids":{"openalex":"https://openalex.org/W2170580798","doi":"https://doi.org/10.1145/1592681.1592686","mag":"2170580798"},"language":"en","primary_location":{"id":"doi:10.1145/1592681.1592686","is_oa":true,"landing_page_url":"https://doi.org/10.1145/1592681.1592686","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/1592681.1592686","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 1st ACM workshop on Research on enterprise networking","raw_type":"proceedings-article"},"type":"preprint","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/1592681.1592686","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5063563552","display_name":"Dhiman Barman","orcid":null},"institutions":[{"id":"https://openalex.org/I1339145263","display_name":"Juniper Networks (United States)","ror":"https://ror.org/02pwct569","country_code":"US","type":"company","lineage":["https://openalex.org/I1339145263"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Dhiman Barman","raw_affiliation_strings":["Juniper, Sunnyvale, CA, USA"],"affiliations":[{"raw_affiliation_string":"Juniper, Sunnyvale, CA, USA","institution_ids":["https://openalex.org/I1339145263"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5089322398","display_name":"Jaideep Chandrashekar","orcid":"https://orcid.org/0000-0003-4615-7487"},"institutions":[{"id":"https://openalex.org/I1343180700","display_name":"Intel (United States)","ror":"https://ror.org/01ek73717","country_code":"US","type":"company","lineage":["https://openalex.org/I1343180700"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Jaideep Chandrashekar","raw_affiliation_strings":["Intel Labs, Berkeley, CA, USA"],"affiliations":[{"raw_affiliation_string":"Intel Labs, Berkeley, CA, USA","institution_ids":["https://openalex.org/I1343180700"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5061868730","display_name":"Nina Taft","orcid":null},"institutions":[{"id":"https://openalex.org/I1343180700","display_name":"Intel (United States)","ror":"https://ror.org/01ek73717","country_code":"US","type":"company","lineage":["https://openalex.org/I1343180700"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Nina Taft","raw_affiliation_strings":["Intel Labs, Berkeley, CA, USA"],"affiliations":[{"raw_affiliation_string":"Intel Labs, Berkeley, CA, USA","institution_ids":["https://openalex.org/I1343180700"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5018876909","display_name":"Michalis Faloutsos","orcid":"https://orcid.org/0000-0002-3882-9987"},"institutions":[{"id":"https://openalex.org/I103635307","display_name":"University of California, Riverside","ror":"https://ror.org/03nawhv43","country_code":"US","type":"education","lineage":["https://openalex.org/I103635307"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Michalis Faloutsos","raw_affiliation_strings":["University of California, Riverside, CA, USA"],"affiliations":[{"raw_affiliation_string":"University of California, Riverside, CA, USA","institution_ids":["https://openalex.org/I103635307"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5082878554","display_name":"Ling Huang","orcid":"https://orcid.org/0000-0001-5089-4637"},"institutions":[{"id":"https://openalex.org/I1343180700","display_name":"Intel (United States)","ror":"https://ror.org/01ek73717","country_code":"US","type":"company","lineage":["https://openalex.org/I1343180700"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Ling Huang","raw_affiliation_strings":["Intel Labs, Berkeley, CA, USA"],"affiliations":[{"raw_affiliation_string":"Intel Labs, Berkeley, CA, USA","institution_ids":["https://openalex.org/I1343180700"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5070726630","display_name":"Fr\u00e9d\u00e9ric Giroire","orcid":"https://orcid.org/0000-0002-3727-051X"},"institutions":[{"id":"https://openalex.org/I1326498283","display_name":"Institut national de recherche en informatique et en automatique","ror":"https://ror.org/02kvxyf05","country_code":"FR","type":"funder","lineage":["https://openalex.org/I1326498283"]}],"countries":["FR"],"is_corresponding":false,"raw_author_name":"Frederic Giroire","raw_affiliation_strings":["INRIA, Sophia-Antipolis, France"],"affiliations":[{"raw_affiliation_string":"INRIA, Sophia-Antipolis, France","institution_ids":["https://openalex.org/I1326498283"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5063563552"],"corresponding_institution_ids":["https://openalex.org/I1339145263"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":true,"cited_by_count":7,"citation_normalized_percentile":{"value":0.22705024,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":97},"biblio":{"volume":null,"issue":null,"first_page":"27","last_page":"36"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9990000128746033,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9973000288009644,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.7779082655906677},{"id":"https://openalex.org/keywords/host","display_name":"Host (biology)","score":0.7283516526222229},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7031771540641785},{"id":"https://openalex.org/keywords/false-positive-paradox","display_name":"False positive paradox","score":0.6725980043411255},{"id":"https://openalex.org/keywords/monoculture","display_name":"Monoculture","score":0.6694349050521851},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.5647765398025513},{"id":"https://openalex.org/keywords/honeypot","display_name":"Honeypot","score":0.5382160544395447},{"id":"https://openalex.org/keywords/component","display_name":"Component (thermodynamics)","score":0.5236518383026123},{"id":"https://openalex.org/keywords/population","display_name":"Population","score":0.5215965509414673},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5066848397254944},{"id":"https://openalex.org/keywords/diversity","display_name":"Diversity (politics)","score":0.5038508772850037},{"id":"https://openalex.org/keywords/point","display_name":"Point (geometry)","score":0.49628645181655884},{"id":"https://openalex.org/keywords/false-positives-and-false-negatives","display_name":"False positives and false negatives","score":0.49554526805877686},{"id":"https://openalex.org/keywords/intrusion","display_name":"Intrusion","score":0.49117419123649597},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.37363606691360474},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.2471659779548645},{"id":"https://openalex.org/keywords/mathematics","display_name":"Mathematics","score":0.11268594861030579},{"id":"https://openalex.org/keywords/ecology","display_name":"Ecology","score":0.07076486945152283}],"concepts":[{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.7779082655906677},{"id":"https://openalex.org/C126831891","wikidata":"https://www.wikidata.org/wiki/Q221673","display_name":"Host (biology)","level":2,"score":0.7283516526222229},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7031771540641785},{"id":"https://openalex.org/C64869954","wikidata":"https://www.wikidata.org/wiki/Q1859747","display_name":"False positive paradox","level":2,"score":0.6725980043411255},{"id":"https://openalex.org/C157005057","wikidata":"https://www.wikidata.org/wiki/Q220212","display_name":"Monoculture","level":2,"score":0.6694349050521851},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.5647765398025513},{"id":"https://openalex.org/C191267431","wikidata":"https://www.wikidata.org/wiki/Q911932","display_name":"Honeypot","level":2,"score":0.5382160544395447},{"id":"https://openalex.org/C168167062","wikidata":"https://www.wikidata.org/wiki/Q1117970","display_name":"Component (thermodynamics)","level":2,"score":0.5236518383026123},{"id":"https://openalex.org/C2908647359","wikidata":"https://www.wikidata.org/wiki/Q2625603","display_name":"Population","level":2,"score":0.5215965509414673},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5066848397254944},{"id":"https://openalex.org/C2781316041","wikidata":"https://www.wikidata.org/wiki/Q1230584","display_name":"Diversity (politics)","level":2,"score":0.5038508772850037},{"id":"https://openalex.org/C28719098","wikidata":"https://www.wikidata.org/wiki/Q44946","display_name":"Point (geometry)","level":2,"score":0.49628645181655884},{"id":"https://openalex.org/C112789634","wikidata":"https://www.wikidata.org/wiki/Q18207010","display_name":"False positives and false negatives","level":3,"score":0.49554526805877686},{"id":"https://openalex.org/C158251709","wikidata":"https://www.wikidata.org/wiki/Q354025","display_name":"Intrusion","level":2,"score":0.49117419123649597},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.37363606691360474},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.2471659779548645},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.11268594861030579},{"id":"https://openalex.org/C18903297","wikidata":"https://www.wikidata.org/wiki/Q7150","display_name":"Ecology","level":1,"score":0.07076486945152283},{"id":"https://openalex.org/C19165224","wikidata":"https://www.wikidata.org/wiki/Q23404","display_name":"Anthropology","level":1,"score":0.0},{"id":"https://openalex.org/C149923435","wikidata":"https://www.wikidata.org/wiki/Q37732","display_name":"Demography","level":1,"score":0.0},{"id":"https://openalex.org/C2524010","wikidata":"https://www.wikidata.org/wiki/Q8087","display_name":"Geometry","level":1,"score":0.0},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0},{"id":"https://openalex.org/C97355855","wikidata":"https://www.wikidata.org/wiki/Q11473","display_name":"Thermodynamics","level":1,"score":0.0},{"id":"https://openalex.org/C127313418","wikidata":"https://www.wikidata.org/wiki/Q1069","display_name":"Geology","level":0,"score":0.0},{"id":"https://openalex.org/C144024400","wikidata":"https://www.wikidata.org/wiki/Q21201","display_name":"Sociology","level":0,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C17409809","wikidata":"https://www.wikidata.org/wiki/Q161764","display_name":"Geochemistry","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/1592681.1592686","is_oa":true,"landing_page_url":"https://doi.org/10.1145/1592681.1592686","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/1592681.1592686","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 1st ACM workshop on Research on enterprise networking","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/1592681.1592686","is_oa":true,"landing_page_url":"https://doi.org/10.1145/1592681.1592686","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/1592681.1592686","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 1st ACM workshop on Research on enterprise networking","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G6611396172","display_name":"CT-ISG:   I-BLOCK:  Understanding and Filtering of Malicious IP Traffic","funder_award_id":"0831530","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G7800329095","display_name":"NECO:   A Graph-Based Approach to Traffic Monitoring  and Application Classification","funder_award_id":"0832069","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"},{"id":"https://openalex.org/F4320320883","display_name":"Agence Nationale de la Recherche","ror":"https://ror.org/00rbzpz17"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W2170580798.pdf","grobid_xml":"https://content.openalex.org/works/W2170580798.grobid-xml"},"referenced_works_count":27,"referenced_works":["https://openalex.org/W33043110","https://openalex.org/W56428933","https://openalex.org/W191098608","https://openalex.org/W1462349742","https://openalex.org/W1499588019","https://openalex.org/W1516506771","https://openalex.org/W1561744373","https://openalex.org/W1578479156","https://openalex.org/W1583098994","https://openalex.org/W1972976939","https://openalex.org/W2041700825","https://openalex.org/W2094587856","https://openalex.org/W2097602077","https://openalex.org/W2108860402","https://openalex.org/W2111817346","https://openalex.org/W2118878434","https://openalex.org/W2125807466","https://openalex.org/W2129191249","https://openalex.org/W2129860818","https://openalex.org/W2135143063","https://openalex.org/W2155141181","https://openalex.org/W2161792382","https://openalex.org/W2778703290","https://openalex.org/W3015784459","https://openalex.org/W4246870340","https://openalex.org/W6679048907","https://openalex.org/W6776095975"],"related_works":["https://openalex.org/W1557094818","https://openalex.org/W2183246718","https://openalex.org/W1973412793","https://openalex.org/W2099261052","https://openalex.org/W4292605373","https://openalex.org/W2951146195","https://openalex.org/W4226316650","https://openalex.org/W3123215897","https://openalex.org/W2153600354","https://openalex.org/W4243739114"],"abstract_inverted_index":{"In":[0],"this":[1,49,123],"paper,":[2],"we":[3],"study":[4],"the":[5,18,28,46,53,75,81,85,96,136,145],"impact":[6,48],"of":[7,20,31,56,72,80,139,147],"today's":[8],"IT":[9,153],"policies,":[10,119],"defined":[11],"based":[12,120],"upon":[13,121],"a":[14,69],"monoculture":[15,97],"approach,":[16],"on":[17],"performance":[19,47,134],"endhost":[21],"anomaly":[22,90],"detectors.":[23],"This":[24],"approach":[25,98],"leads":[26],"to":[27,99],"uniform":[29],"configuration":[30,101],"Host":[32],"intrusion":[33],"detection":[34,91],"systems":[35],"(HIDS)":[36],"across":[37],"all":[38],"hosts":[39],"in":[40,74,78,103,151],"an":[41],"enterprise":[42,65],"networks.":[43],"We":[44,67,93,115],"assess":[45],"policy":[50],"has":[51],"from":[52,63],"individual's":[54],"point":[55],"view":[57],"by":[58],"analyzing":[59],"network":[60],"traces":[61],"collected":[62],"350":[64],"users.":[66],"uncover":[68],"great":[70],"deal":[71],"diversity":[73,124],"user":[76],"population":[77],"terms":[79],"\"tail\"":[82],"behavior,":[83],"i.e.,":[84],"component":[86],"which":[87],"matters":[88],"for":[89,135],"systems.":[92],"demonstrate":[94],"that":[95,105,127],"HIDS":[100],"results":[102],"users":[104],"experience":[106],"wildly":[107],"different":[108],"false":[109,112,148],"positive":[110],"and":[111,125,156],"negatives":[113],"rates.":[114],"then":[116],"introduce":[117],"new":[118],"leveraging":[122],"show":[126],"not":[128],"only":[129],"do":[130],"they":[131,142],"dramatically":[132],"improve":[133],"vast":[137],"majority":[138],"users,":[140],"but":[141],"also":[143],"reduce":[144,158],"number":[146],"positives":[149],"arriving":[150],"centralized":[152],"operation":[154],"centers,":[155],"can":[157],"attack":[159],"strength.":[160]},"counts_by_year":[{"year":2022,"cited_by_count":1},{"year":2016,"cited_by_count":1},{"year":2015,"cited_by_count":2},{"year":2014,"cited_by_count":3}],"updated_date":"2026-04-10T15:06:20.359241","created_date":"2025-10-10T00:00:00"}