{"id":"https://openalex.org/W2063519156","doi":"https://doi.org/10.1145/1712605.1712623","title":"Monitoring for security intrusion using performance signatures","display_name":"Monitoring for security intrusion using performance signatures","publication_year":2010,"publication_date":"2010-01-28","ids":{"openalex":"https://openalex.org/W2063519156","doi":"https://doi.org/10.1145/1712605.1712623","mag":"2063519156"},"language":"en","primary_location":{"id":"doi:10.1145/1712605.1712623","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1712605.1712623","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the first joint WOSP/SIPEW international conference on Performance engineering","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5018164102","display_name":"Alberto Avritzer","orcid":"https://orcid.org/0000-0002-9401-9663"},"institutions":[{"id":"https://openalex.org/I4210137693","display_name":"Siemens (United States)","ror":"https://ror.org/04axb7e79","country_code":"US","type":"company","lineage":["https://openalex.org/I1325886976","https://openalex.org/I4210137693"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Alberto Avritzer","raw_affiliation_strings":["Siemens Corporate Research, Princeton, NJ, USA"],"affiliations":[{"raw_affiliation_string":"Siemens Corporate Research, Princeton, NJ, USA","institution_ids":["https://openalex.org/I4210137693"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5109862240","display_name":"Rajanikanth Tanikella","orcid":null},"institutions":[{"id":"https://openalex.org/I4210137693","display_name":"Siemens (United States)","ror":"https://ror.org/04axb7e79","country_code":"US","type":"company","lineage":["https://openalex.org/I1325886976","https://openalex.org/I4210137693"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Rajanikanth Tanikella","raw_affiliation_strings":["Siemens Corporate Research, Princeton, NJ, USA"],"affiliations":[{"raw_affiliation_string":"Siemens Corporate Research, Princeton, NJ, USA","institution_ids":["https://openalex.org/I4210137693"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5050125593","display_name":"Kiran James","orcid":null},"institutions":[{"id":"https://openalex.org/I4210137693","display_name":"Siemens (United States)","ror":"https://ror.org/04axb7e79","country_code":"US","type":"company","lineage":["https://openalex.org/I1325886976","https://openalex.org/I4210137693"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Kiran James","raw_affiliation_strings":["Siemens Corporate Research, Princeton, NJ, USA"],"affiliations":[{"raw_affiliation_string":"Siemens Corporate Research, Princeton, NJ, USA","institution_ids":["https://openalex.org/I4210137693"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5112690349","display_name":"Robert Cole","orcid":null},"institutions":[{"id":"https://openalex.org/I2802946424","display_name":"Johns Hopkins University Applied Physics Laboratory","ror":"https://ror.org/029pp9z10","country_code":"US","type":"facility","lineage":["https://openalex.org/I145311948","https://openalex.org/I2802946424"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Robert G. Cole","raw_affiliation_strings":["JHU/Applied Physics Laboratory, Laurel, MD, USA","[JHU Applied Physics Laboratory, Laurel, MD, USA]"],"affiliations":[{"raw_affiliation_string":"JHU/Applied Physics Laboratory, Laurel, MD, USA","institution_ids":["https://openalex.org/I2802946424"]},{"raw_affiliation_string":"[JHU Applied Physics Laboratory, Laurel, MD, USA]","institution_ids":["https://openalex.org/I2802946424"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5110160347","display_name":"Elaine J. Weyuker","orcid":"https://orcid.org/0000-0002-1660-199X"},"institutions":[{"id":"https://openalex.org/I1283103587","display_name":"AT&T (United States)","ror":"https://ror.org/02bbd5539","country_code":"US","type":"company","lineage":["https://openalex.org/I1283103587"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Elaine Weyuker","raw_affiliation_strings":["AT&amp;T Labs - Research, Florham Park, NJ, USA","AT&T Labs---Research, Florham Park, NJ, USA#TAB#"],"affiliations":[{"raw_affiliation_string":"AT&amp;T Labs - Research, Florham Park, NJ, USA","institution_ids":["https://openalex.org/I1283103587"]},{"raw_affiliation_string":"AT&T Labs---Research, Florham Park, NJ, USA#TAB#","institution_ids":["https://openalex.org/I1283103587"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5018164102"],"corresponding_institution_ids":["https://openalex.org/I4210137693"],"apc_list":null,"apc_paid":null,"fwci":2.4929,"has_fulltext":false,"cited_by_count":33,"citation_normalized_percentile":{"value":0.89605107,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"93","last_page":"104"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7742918729782104},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.750472903251648},{"id":"https://openalex.org/keywords/signature","display_name":"Signature (topology)","score":0.7061218023300171},{"id":"https://openalex.org/keywords/benchmark","display_name":"Benchmark (surveying)","score":0.6485532522201538},{"id":"https://openalex.org/keywords/enterprise-information-security-architecture","display_name":"Enterprise information security architecture","score":0.5014481544494629},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.48668843507766724},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.47176626324653625},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4660879969596863},{"id":"https://openalex.org/keywords/mode","display_name":"Mode (computer interface)","score":0.4581950604915619},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.22751829028129578},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.21361148357391357},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.10823434591293335}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7742918729782104},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.750472903251648},{"id":"https://openalex.org/C2779696439","wikidata":"https://www.wikidata.org/wiki/Q7512811","display_name":"Signature (topology)","level":2,"score":0.7061218023300171},{"id":"https://openalex.org/C185798385","wikidata":"https://www.wikidata.org/wiki/Q1161707","display_name":"Benchmark (surveying)","level":2,"score":0.6485532522201538},{"id":"https://openalex.org/C31139447","wikidata":"https://www.wikidata.org/wiki/Q5380386","display_name":"Enterprise information security architecture","level":2,"score":0.5014481544494629},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.48668843507766724},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.47176626324653625},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4660879969596863},{"id":"https://openalex.org/C48677424","wikidata":"https://www.wikidata.org/wiki/Q6888088","display_name":"Mode (computer interface)","level":2,"score":0.4581950604915619},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.22751829028129578},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.21361148357391357},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.10823434591293335},{"id":"https://openalex.org/C2524010","wikidata":"https://www.wikidata.org/wiki/Q8087","display_name":"Geometry","level":1,"score":0.0},{"id":"https://openalex.org/C13280743","wikidata":"https://www.wikidata.org/wiki/Q131089","display_name":"Geodesy","level":1,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0},{"id":"https://openalex.org/C205649164","wikidata":"https://www.wikidata.org/wiki/Q1071","display_name":"Geography","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/1712605.1712623","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1712605.1712623","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the first joint WOSP/SIPEW international conference on Performance engineering","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.6399999856948853,"display_name":"Industry, innovation and infrastructure","id":"https://metadata.un.org/sdg/9"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":13,"referenced_works":["https://openalex.org/W202200800","https://openalex.org/W1941427975","https://openalex.org/W1996360405","https://openalex.org/W1999794722","https://openalex.org/W2017697761","https://openalex.org/W2082085551","https://openalex.org/W2109192777","https://openalex.org/W2142776626","https://openalex.org/W2156186849","https://openalex.org/W2159416255","https://openalex.org/W2169828789","https://openalex.org/W4232836212","https://openalex.org/W4245141357"],"related_works":["https://openalex.org/W2378211422","https://openalex.org/W4321353415","https://openalex.org/W2745001401","https://openalex.org/W2130974462","https://openalex.org/W3168204329","https://openalex.org/W2126852659","https://openalex.org/W1498606401","https://openalex.org/W2784006287","https://openalex.org/W2479682920","https://openalex.org/W1564613859"],"abstract_inverted_index":{"A":[0],"new":[1,120],"approach":[2,37,178],"for":[3,24,71,141,188],"detecting":[4],"security":[5,25,30,123,135,149,163,170,189],"attacks":[6,62,136,164],"on":[7,39],"software":[8,13],"systems":[9,74,99],"by":[10,167,176,196],"monitoring":[11,31,171,180,197],"the":[12,40,43,47,55,142,148,159,162,168],"system":[14,49,110],"performance":[15,34,44,56,111,129,139,181,199],"signatures":[16,112,140],"is":[17,87],"introduced.":[18],"We":[19,125,154,183],"present":[20],"a":[21,127],"proposed":[22],"architecture":[23,187],"intrusion":[26,190],"detection":[27,191],"using":[28],"off-the-shelf":[29,169],"tools":[32,172],"and":[33,53,82,100,131,147],"signatures.":[35,182,200],"Our":[36],"relies":[38],"assumption":[41,67],"that":[42,54,75,86,156,185],"signature":[45,57],"of":[46,58,61,92,122,134,145,152,158,161,179,198],"well-behaved":[48,109],"can":[50,63,113,192],"be":[51,64,114,193],"measured":[52],"several":[59],"types":[60,121,133,160],"identified.":[65],"This":[66],"has":[68],"been":[69],"validated":[70],"operations":[72],"support":[73],"are":[76],"used":[77,115,126],"to":[78,116,137],"monitor":[79],"large":[80],"infrastructures":[81,94],"receive":[83],"aggregated":[84],"traffic":[85],"periodic":[88],"in":[89],"nature.":[90],"Examples":[91],"such":[93],"include":[95],"telecommunications":[96],"systems,":[97],"transportation":[98],"power":[101],"generation":[102],"systems.":[103],"In":[104],"addition,":[105],"significant":[106],"deviation":[107],"from":[108],"trigger":[117],"alerts":[118],"about":[119],"attacks.":[124],"custom":[128],"benchmark":[130],"five":[132],"derive":[138],"normal":[143],"mode":[144,151],"operation":[146],"attack":[150],"operation.":[153],"observed":[155],"one":[157],"went":[165],"undetected":[166],"but":[173],"was":[174],"detected":[175],"our":[177],"conclude":[184],"an":[186],"effectively":[194],"complemented":[195]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2023,"cited_by_count":2},{"year":2022,"cited_by_count":2},{"year":2020,"cited_by_count":6},{"year":2019,"cited_by_count":1},{"year":2018,"cited_by_count":2},{"year":2017,"cited_by_count":2},{"year":2016,"cited_by_count":2},{"year":2015,"cited_by_count":4},{"year":2014,"cited_by_count":4},{"year":2013,"cited_by_count":4},{"year":2012,"cited_by_count":2}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}