{"id":"https://openalex.org/W2149169025","doi":"https://doi.org/10.1145/1835804.1835828","title":"Metric forensics","display_name":"Metric forensics","publication_year":2010,"publication_date":"2010-07-25","ids":{"openalex":"https://openalex.org/W2149169025","doi":"https://doi.org/10.1145/1835804.1835828","mag":"2149169025"},"language":"en","primary_location":{"id":"doi:10.1145/1835804.1835828","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1835804.1835828","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 16th ACM SIGKDD international conference on Knowledge discovery and data mining","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5112370375","display_name":"Keith Henderson","orcid":"https://orcid.org/0009-0003-2629-5767"},"institutions":[{"id":"https://openalex.org/I1282311441","display_name":"Lawrence Livermore National Laboratory","ror":"https://ror.org/041nk4h53","country_code":"US","type":"facility","lineage":["https://openalex.org/I1282311441","https://openalex.org/I1330989302","https://openalex.org/I198811213","https://openalex.org/I4210138311"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Keith Henderson","raw_affiliation_strings":["Lawrence Livermore National Laboratory, Livermore, CA, USA"],"affiliations":[{"raw_affiliation_string":"Lawrence Livermore National Laboratory, Livermore, CA, USA","institution_ids":["https://openalex.org/I1282311441"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5080731595","display_name":"Tina Eliassi\u2010Rad","orcid":"https://orcid.org/0000-0002-1892-1188"},"institutions":[{"id":"https://openalex.org/I1282311441","display_name":"Lawrence Livermore National Laboratory","ror":"https://ror.org/041nk4h53","country_code":"US","type":"facility","lineage":["https://openalex.org/I1282311441","https://openalex.org/I1330989302","https://openalex.org/I198811213","https://openalex.org/I4210138311"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Tina Eliassi-Rad","raw_affiliation_strings":["Lawrence Livermore National Laboratory, Livermore, CA, USA"],"affiliations":[{"raw_affiliation_string":"Lawrence Livermore National Laboratory, Livermore, CA, USA","institution_ids":["https://openalex.org/I1282311441"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5035605036","display_name":"Christos Faloutsos","orcid":"https://orcid.org/0000-0003-2996-9790"},"institutions":[{"id":"https://openalex.org/I74973139","display_name":"Carnegie Mellon University","ror":"https://ror.org/05x2bcf33","country_code":"US","type":"education","lineage":["https://openalex.org/I74973139"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Christos Faloutsos","raw_affiliation_strings":["Carnegie Mellon University, Pittsburgh, PA, USA"],"affiliations":[{"raw_affiliation_string":"Carnegie Mellon University, Pittsburgh, PA, USA","institution_ids":["https://openalex.org/I74973139"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5001634795","display_name":"Leman Akoglu","orcid":null},"institutions":[{"id":"https://openalex.org/I74973139","display_name":"Carnegie Mellon University","ror":"https://ror.org/05x2bcf33","country_code":"US","type":"education","lineage":["https://openalex.org/I74973139"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Leman Akoglu","raw_affiliation_strings":["Carnegie Mellon University, Pittsburgh, PA, USA"],"affiliations":[{"raw_affiliation_string":"Carnegie Mellon University, Pittsburgh, PA, USA","institution_ids":["https://openalex.org/I74973139"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100440407","display_name":"Lei Li","orcid":"https://orcid.org/0000-0003-3095-9776"},"institutions":[{"id":"https://openalex.org/I74973139","display_name":"Carnegie Mellon University","ror":"https://ror.org/05x2bcf33","country_code":"US","type":"education","lineage":["https://openalex.org/I74973139"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Lei Li","raw_affiliation_strings":["Carnegie Mellon University, Pittsburgh, PA, USA"],"affiliations":[{"raw_affiliation_string":"Carnegie Mellon University, Pittsburgh, PA, USA","institution_ids":["https://openalex.org/I74973139"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5066599523","display_name":"Koji Maruhashi","orcid":null},"institutions":[{"id":"https://openalex.org/I2252096349","display_name":"Fujitsu (Japan)","ror":"https://ror.org/038e2g226","country_code":"JP","type":"company","lineage":["https://openalex.org/I2252096349"]}],"countries":["JP"],"is_corresponding":false,"raw_author_name":"Koji Maruhashi","raw_affiliation_strings":["Fujitsu Laboratories Ltd., Kawasaki, Japan"],"affiliations":[{"raw_affiliation_string":"Fujitsu Laboratories Ltd., Kawasaki, Japan","institution_ids":["https://openalex.org/I2252096349"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5061110232","display_name":"B. Aditya Prakash","orcid":"https://orcid.org/0000-0002-3252-455X"},"institutions":[{"id":"https://openalex.org/I74973139","display_name":"Carnegie Mellon University","ror":"https://ror.org/05x2bcf33","country_code":"US","type":"education","lineage":["https://openalex.org/I74973139"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"B. Aditya Prakash","raw_affiliation_strings":["Carnegie Mellon University, Pittsburgh, PA, USA"],"affiliations":[{"raw_affiliation_string":"Carnegie Mellon University, Pittsburgh, PA, USA","institution_ids":["https://openalex.org/I74973139"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5068043486","display_name":"Hanghang Tong","orcid":"https://orcid.org/0000-0003-4405-3887"},"institutions":[{"id":"https://openalex.org/I74973139","display_name":"Carnegie Mellon University","ror":"https://ror.org/05x2bcf33","country_code":"US","type":"education","lineage":["https://openalex.org/I74973139"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Hanghang Tong","raw_affiliation_strings":["Carnegie Mellon University, Pittsburgh, PA, USA"],"affiliations":[{"raw_affiliation_string":"Carnegie Mellon University, Pittsburgh, PA, USA","institution_ids":["https://openalex.org/I74973139"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":8,"corresponding_author_ids":["https://openalex.org/A5112370375"],"corresponding_institution_ids":["https://openalex.org/I1282311441"],"apc_list":null,"apc_paid":null,"fwci":3.6084,"has_fulltext":false,"cited_by_count":53,"citation_normalized_percentile":{"value":0.93330758,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"163","last_page":"172"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10064","display_name":"Complex Network Analysis Techniques","score":0.9983999729156494,"subfield":{"id":"https://openalex.org/subfields/3109","display_name":"Statistical and Nonlinear Physics"},"field":{"id":"https://openalex.org/fields/31","display_name":"Physics and Astronomy"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9979000091552734,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.80115807056427},{"id":"https://openalex.org/keywords/scalability","display_name":"Scalability","score":0.7343251705169678},{"id":"https://openalex.org/keywords/network-forensics","display_name":"Network forensics","score":0.6274096369743347},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.49706247448921204},{"id":"https://openalex.org/keywords/graph","display_name":"Graph","score":0.47999829053878784},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.46546080708503723},{"id":"https://openalex.org/keywords/theoretical-computer-science","display_name":"Theoretical computer science","score":0.39699697494506836},{"id":"https://openalex.org/keywords/digital-forensics","display_name":"Digital forensics","score":0.27194714546203613},{"id":"https://openalex.org/keywords/database","display_name":"Database","score":0.16013941168785095},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.13895785808563232},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.12701138854026794}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.80115807056427},{"id":"https://openalex.org/C48044578","wikidata":"https://www.wikidata.org/wiki/Q727490","display_name":"Scalability","level":2,"score":0.7343251705169678},{"id":"https://openalex.org/C50747538","wikidata":"https://www.wikidata.org/wiki/Q7001032","display_name":"Network forensics","level":3,"score":0.6274096369743347},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.49706247448921204},{"id":"https://openalex.org/C132525143","wikidata":"https://www.wikidata.org/wiki/Q141488","display_name":"Graph","level":2,"score":0.47999829053878784},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.46546080708503723},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.39699697494506836},{"id":"https://openalex.org/C84418412","wikidata":"https://www.wikidata.org/wiki/Q3246940","display_name":"Digital forensics","level":2,"score":0.27194714546203613},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.16013941168785095},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.13895785808563232},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.12701138854026794}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/1835804.1835828","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1835804.1835828","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 16th ACM SIGKDD international conference on Knowledge discovery and data mining","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.4099999964237213,"id":"https://metadata.un.org/sdg/9","display_name":"Industry, innovation and infrastructure"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":43,"referenced_works":["https://openalex.org/W26537291","https://openalex.org/W75283946","https://openalex.org/W1488681765","https://openalex.org/W1492581097","https://openalex.org/W1538524459","https://openalex.org/W1568436970","https://openalex.org/W1616338336","https://openalex.org/W1964274671","https://openalex.org/W1972309850","https://openalex.org/W1975414584","https://openalex.org/W1976969221","https://openalex.org/W1979511909","https://openalex.org/W1993482412","https://openalex.org/W2009439582","https://openalex.org/W2020423193","https://openalex.org/W2026302857","https://openalex.org/W2032280284","https://openalex.org/W2037360998","https://openalex.org/W2046466133","https://openalex.org/W2054864455","https://openalex.org/W2071488943","https://openalex.org/W2101852873","https://openalex.org/W2102931907","https://openalex.org/W2111708605","https://openalex.org/W2118791829","https://openalex.org/W2122646361","https://openalex.org/W2136088806","https://openalex.org/W2141806397","https://openalex.org/W2144182447","https://openalex.org/W2146603609","https://openalex.org/W2148606196","https://openalex.org/W2155358700","https://openalex.org/W2164210932","https://openalex.org/W2170337404","https://openalex.org/W2175110005","https://openalex.org/W2420733993","https://openalex.org/W2432978112","https://openalex.org/W2769133055","https://openalex.org/W4254182148","https://openalex.org/W6601064156","https://openalex.org/W6680162224","https://openalex.org/W6683182061","https://openalex.org/W6746100895"],"related_works":["https://openalex.org/W2389214306","https://openalex.org/W2547321903","https://openalex.org/W2965083567","https://openalex.org/W4235240664","https://openalex.org/W1838576100","https://openalex.org/W2757182831","https://openalex.org/W2547144372","https://openalex.org/W2095886385","https://openalex.org/W2089704382","https://openalex.org/W1983399550"],"abstract_inverted_index":{"Advances":[0],"in":[1,31,197,206],"data":[2,17],"collection":[3,88,95],"and":[4,58,65,93,108,160,168,182,193,201,214],"storage":[5],"capacity":[6],"have":[7],"made":[8],"it":[9],"increasingly":[10],"possible":[11],"to":[12,122],"collect":[13],"highly":[14,123],"volatile":[15,78,124,199],"graph":[16,21,91,110,178],"for":[18,27,75,130],"analysis.":[19],"Existing":[20],"analysis":[22,76,97,133],"techniques":[23],"are":[24,38,56,106],"not":[25],"appropriate":[26],"such":[28,207],"data,":[29],"especially":[30],"cases":[32],"where":[33,52],"streaming":[34],"or":[35],"near-real-time":[36],"results":[37,189],"required.":[39],"An":[40],"example":[41],"that":[42],"has":[43,179],"drawn":[44],"significant":[45],"research":[46,166],"interest":[47],"is":[48,67,111,138],"the":[49,109,169,191],"cyber-security":[50],"domain,":[51],"internet":[53],"communication":[54],"traces":[55],"collected":[57],"real-time":[59],"discovery":[60],"of":[61,77,89,96,158,195],"events,":[62],"behaviors,":[63],"patterns,":[64],"anomalies":[66],"desired.":[68],"We":[69,145],"propose":[70],"MetricForensics,":[71],"a":[72,82,87,94,141,156,165],"scalable":[73],"framework":[74],"graphs.":[79],"MetricForensics":[80,120,147,196],"combines":[81],"multi-level":[83],"\"drill":[84],"down\"":[85],"approach,":[86],"user-selected":[90],"metrics,":[92],"techniques.":[98],"At":[99],"each":[100],"successive":[101],"level,":[102],"more":[103],"sophisticated":[104],"metrics":[105],"computed":[107],"viewed":[112],"at":[113,140],"finer":[114],"temporal":[115],"resolutions.":[116],"In":[117],"this":[118],"way,":[119],"scales":[121],"graphs":[125],"by":[126],"only":[127],"allocating":[128],"resources":[129],"computationally":[131],"expensive":[132],"when":[134],"an":[135,152],"interesting":[136],"event":[137],"discovered":[139],"coarser":[142],"resolution":[143],"first.":[144],"test":[146],"on":[148],"three":[149],"real-world":[150],"graphs:":[151,208],"enterprise":[153],"IP":[154],"trace,":[155],"trace":[157],"legitimate":[159],"malicious":[161],"network":[162],"traffic":[163],"from":[164],"institution,":[167],"MIT":[170],"Reality":[171],"Mining":[172],"proximity":[173],"sensor":[174],"data.":[175],"Our":[176],"largest":[177],"3M":[180],"vertices":[181],"32M":[183],"edges,":[184],"spanning":[185],"4.5":[186],"days.":[187],"The":[188],"demonstrate":[190],"scalability":[192],"capability":[194],"analyzing":[198],"graphs;":[200],"highlight":[202],"four":[203],"novel":[204],"phenomena":[205],"elbows,":[209],"broken":[210],"correlations,":[211],"prolonged":[212],"spikes,":[213],"lightweight":[215],"stars.":[216]},"counts_by_year":[{"year":2024,"cited_by_count":1},{"year":2022,"cited_by_count":2},{"year":2021,"cited_by_count":2},{"year":2020,"cited_by_count":6},{"year":2019,"cited_by_count":3},{"year":2018,"cited_by_count":5},{"year":2017,"cited_by_count":7},{"year":2016,"cited_by_count":7},{"year":2015,"cited_by_count":6},{"year":2014,"cited_by_count":6},{"year":2013,"cited_by_count":2},{"year":2012,"cited_by_count":3}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2016-06-24T00:00:00"}