{"id":"https://openalex.org/W2054537057","doi":"https://doi.org/10.1145/1599272.1599277","title":"Addressing the attack attribution problem using knowledge discovery and multi-criteria fuzzy decision-making","display_name":"Addressing the attack attribution problem using knowledge discovery and multi-criteria fuzzy decision-making","publication_year":2009,"publication_date":"2009-06-28","ids":{"openalex":"https://openalex.org/W2054537057","doi":"https://doi.org/10.1145/1599272.1599277","mag":"2054537057"},"language":"en","primary_location":{"id":"doi:10.1145/1599272.1599277","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1599272.1599277","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM SIGKDD Workshop on CyberSecurity and Intelligence Informatics","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5076214057","display_name":"Olivier Thonnard","orcid":"https://orcid.org/0000-0003-2390-0346"},"institutions":[{"id":"https://openalex.org/I150517870","display_name":"Royal Military Academy","ror":"https://ror.org/02vmnye06","country_code":"BE","type":"education","lineage":["https://openalex.org/I150517870"]}],"countries":["BE"],"is_corresponding":true,"raw_author_name":"Olivier Thonnard","raw_affiliation_strings":["Royal Military Academy, Brussels, Belgium"],"affiliations":[{"raw_affiliation_string":"Royal Military Academy, Brussels, Belgium","institution_ids":["https://openalex.org/I150517870"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5022101559","display_name":"Wim Mees","orcid":"https://orcid.org/0000-0002-0696-8093"},"institutions":[{"id":"https://openalex.org/I150517870","display_name":"Royal Military Academy","ror":"https://ror.org/02vmnye06","country_code":"BE","type":"education","lineage":["https://openalex.org/I150517870"]}],"countries":["BE"],"is_corresponding":false,"raw_author_name":"Wim Mees","raw_affiliation_strings":["Royal Military Academy, Brussels, Belgium"],"affiliations":[{"raw_affiliation_string":"Royal Military Academy, Brussels, Belgium","institution_ids":["https://openalex.org/I150517870"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5049275649","display_name":"Marc Daci\u00e9r","orcid":"https://orcid.org/0000-0003-3206-2030"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Marc Dacier","raw_affiliation_strings":["Symantec Research, Sophia Antipolis, France"],"affiliations":[{"raw_affiliation_string":"Symantec Research, Sophia Antipolis, France","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5076214057"],"corresponding_institution_ids":["https://openalex.org/I150517870"],"apc_list":null,"apc_paid":null,"fwci":2.7428,"has_fulltext":false,"cited_by_count":15,"citation_normalized_percentile":{"value":0.90676286,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":96},"biblio":{"volume":null,"issue":null,"first_page":"11","last_page":"21"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9984999895095825,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.800143837928772},{"id":"https://openalex.org/keywords/zombie","display_name":"Zombie","score":0.6172037720680237},{"id":"https://openalex.org/keywords/botnet","display_name":"Botnet","score":0.5487943887710571},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.5375162959098816},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5254485011100769},{"id":"https://openalex.org/keywords/inference","display_name":"Inference","score":0.5209542512893677},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.4305146336555481},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.36248666048049927},{"id":"https://openalex.org/keywords/data-science","display_name":"Data science","score":0.327400267124176},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.11255398392677307}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.800143837928772},{"id":"https://openalex.org/C144446859","wikidata":"https://www.wikidata.org/wiki/Q219164","display_name":"Zombie","level":2,"score":0.6172037720680237},{"id":"https://openalex.org/C22735295","wikidata":"https://www.wikidata.org/wiki/Q317671","display_name":"Botnet","level":3,"score":0.5487943887710571},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.5375162959098816},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5254485011100769},{"id":"https://openalex.org/C2776214188","wikidata":"https://www.wikidata.org/wiki/Q408386","display_name":"Inference","level":2,"score":0.5209542512893677},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.4305146336555481},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.36248666048049927},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.327400267124176},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.11255398392677307},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/1599272.1599277","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1599272.1599277","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM SIGKDD Workshop on CyberSecurity and Intelligence Informatics","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","score":0.8199999928474426,"id":"https://metadata.un.org/sdg/16"}],"awards":[{"id":"https://openalex.org/G4604302155","display_name":null,"funder_award_id":"FP7-ICT-216026-WOMBAT","funder_id":"https://openalex.org/F4320334960","funder_display_name":"Seventh Framework Programme"}],"funders":[{"id":"https://openalex.org/F4320334960","display_name":"Seventh Framework Programme","ror":"https://ror.org/00k4n6c32"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":28,"referenced_works":["https://openalex.org/W202500387","https://openalex.org/W1499648394","https://openalex.org/W1562402498","https://openalex.org/W1583098994","https://openalex.org/W1612920240","https://openalex.org/W1775772884","https://openalex.org/W1929673617","https://openalex.org/W1965555277","https://openalex.org/W1971784203","https://openalex.org/W1980793860","https://openalex.org/W1992176519","https://openalex.org/W2060907774","https://openalex.org/W2065806103","https://openalex.org/W2096030967","https://openalex.org/W2102671922","https://openalex.org/W2105767494","https://openalex.org/W2134928993","https://openalex.org/W2141844238","https://openalex.org/W2146950091","https://openalex.org/W2150142104","https://openalex.org/W2152969395","https://openalex.org/W2153517517","https://openalex.org/W2157444450","https://openalex.org/W2158060559","https://openalex.org/W2166604284","https://openalex.org/W2187089797","https://openalex.org/W2914982603","https://openalex.org/W2999905431"],"related_works":["https://openalex.org/W3211952845","https://openalex.org/W3159690896","https://openalex.org/W4230824443","https://openalex.org/W2945572725","https://openalex.org/W1989286518","https://openalex.org/W2921012173","https://openalex.org/W2758517546","https://openalex.org/W3134680667","https://openalex.org/W2804396347","https://openalex.org/W2185943007"],"abstract_inverted_index":{"In":[0,70,103,181],"network":[1],"traffic":[2],"monitoring,":[3],"and":[4,65],"more":[5],"particularly":[6],"in":[7,82,116],"the":[8,13,20,52,87,141,156,184],"realm":[9],"of":[10,15,22,91,128,143,155,179,199,210,230],"threat":[11],"intelligence,":[12],"problem":[14,115],"\"attack":[16],"attribution\"":[17],"refers":[18],"to":[19,28,68,84,96,99,112,170,190,225],"process":[21,151],"effectively":[23,222],"attributing":[24],"new":[25],"attack":[26,45,78,165,173,214],"events":[27],"(un)-known":[29],"phenomena,":[30],"based":[31,123],"on":[32,38,51,124,153,164],"some":[33,100],"evidence":[34],"or":[35,40,54,95,195],"traces":[36],"left":[37],"one":[39],"several":[41],"monitoring":[42],"platforms.":[43],"Real-world":[44],"phenomena":[46,174,186],"are":[47,168],"often":[48],"largely":[49],"distributed":[50],"Internet,":[53],"can":[55,187,221],"sometimes":[56],"evolve":[57],"quite":[58],"rapidly.":[59],"This":[60],"makes":[61],"them":[62],"inherently":[63],"complex":[64],"thus":[66],"difficult":[67],"analyze.":[69],"general,":[71],"an":[72,144],"analyst":[73],"must":[74],"consider":[75],"many":[76],"different":[77],"features":[79],"(or":[80],"criteria)":[81],"order":[83],"decide":[85],"about":[86],"plausible":[88],"root":[89],"cause":[90],"a":[92,108,117,125,129,134,148,176,205,227,235],"given":[93,101],"attack,":[94],"attribute":[97],"it":[98],"phenomenon.":[102],"this":[104,114,162,219],"paper,":[105],"we":[106,167,216],"introduce":[107],"global":[109],"analysis":[110,229],"method":[111,163,220],"address":[113],"systematic":[118],"way.":[119],"Our":[120],"approach":[121],"is":[122],"novel":[126],"combination":[127],"knowledge":[130],"discovery":[131],"technique":[132],"with":[133,175,212],"fuzzy":[135],"inference":[136],"system,":[137],"which":[138],"somehow":[139],"mimics":[140],"reasoning":[142],"expert":[145],"by":[146,204],"implementing":[147],"multi-criteria":[149],"decision-making":[150],"built":[152],"top":[154],"previously":[157],"extracted":[158],"knowledge.":[159],"By":[160,208],"applying":[161],"traces,":[166,215],"able":[169],"identify":[171],"large-scale":[172],"high":[177],"degree":[178],"confidence.":[180],"most":[182],"cases,":[183],"observed":[185],"be":[188],"attributed":[189],"so-called":[191],"zombie":[192,232],"armies":[193,233],"-":[194],"botnets,":[196],"i.e.":[197],"groups":[198],"compromised":[200],"machines":[201],"controlled":[202],"remotely":[203],"same":[206],"entity.":[207],"means":[209],"experiments":[211],"real-world":[213],"show":[217],"how":[218],"help":[223],"us":[224],"perform":[226],"behavioral":[228],"those":[231],"from":[234],"long-term,":[236],"strategic":[237],"viewpoint.":[238]},"counts_by_year":[{"year":2024,"cited_by_count":2},{"year":2021,"cited_by_count":1},{"year":2020,"cited_by_count":1},{"year":2017,"cited_by_count":1},{"year":2015,"cited_by_count":1},{"year":2013,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}