{"id":"https://openalex.org/W2014852332","doi":"https://doi.org/10.1145/1866307.1866405","title":"Dialog-based payload aggregation for intrusion detection","display_name":"Dialog-based payload aggregation for intrusion detection","publication_year":2010,"publication_date":"2010-10-04","ids":{"openalex":"https://openalex.org/W2014852332","doi":"https://doi.org/10.1145/1866307.1866405","mag":"2014852332"},"language":"en","primary_location":{"id":"doi:10.1145/1866307.1866405","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1866307.1866405","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 17th ACM conference on Computer and communications security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5015868383","display_name":"Tobias Limmer","orcid":"https://orcid.org/0000-0001-8904-0620"},"institutions":[{"id":"https://openalex.org/I181369854","display_name":"Friedrich-Alexander-Universit\u00e4t Erlangen-N\u00fcrnberg","ror":"https://ror.org/00f7hpc57","country_code":"DE","type":"education","lineage":["https://openalex.org/I181369854"]}],"countries":["DE"],"is_corresponding":true,"raw_author_name":"Tobias Limmer","raw_affiliation_strings":["University of Erlangen, Erlangen, Germany"],"affiliations":[{"raw_affiliation_string":"University of Erlangen, Erlangen, Germany","institution_ids":["https://openalex.org/I181369854"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5042212040","display_name":"Falko Dressler","orcid":"https://orcid.org/0000-0002-1989-1750"},"institutions":[{"id":"https://openalex.org/I181369854","display_name":"Friedrich-Alexander-Universit\u00e4t Erlangen-N\u00fcrnberg","ror":"https://ror.org/00f7hpc57","country_code":"DE","type":"education","lineage":["https://openalex.org/I181369854"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Falko Dressler","raw_affiliation_strings":["University of Erlangen, Erlangen, Germany"],"affiliations":[{"raw_affiliation_string":"University of Erlangen, Erlangen, Germany","institution_ids":["https://openalex.org/I181369854"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5015868383"],"corresponding_institution_ids":["https://openalex.org/I181369854"],"apc_list":null,"apc_paid":null,"fwci":1.4902,"has_fulltext":false,"cited_by_count":5,"citation_normalized_percentile":{"value":0.82797829,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":94},"biblio":{"volume":null,"issue":null,"first_page":"708","last_page":"710"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10138","display_name":"Network Traffic and Congestion Control","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/payload","display_name":"Payload (computing)","score":0.9125055074691772},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8259855508804321},{"id":"https://openalex.org/keywords/byte","display_name":"Byte","score":0.7970796823501587},{"id":"https://openalex.org/keywords/network-packet","display_name":"Network packet","score":0.6643097996711731},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.6629718542098999},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.5584953427314758},{"id":"https://openalex.org/keywords/real-time-computing","display_name":"Real-time computing","score":0.5321314334869385},{"id":"https://openalex.org/keywords/speedup","display_name":"Speedup","score":0.5219720602035522},{"id":"https://openalex.org/keywords/dialog-box","display_name":"Dialog box","score":0.4869635999202728},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.44243699312210083},{"id":"https://openalex.org/keywords/computer-hardware","display_name":"Computer hardware","score":0.19035661220550537},{"id":"https://openalex.org/keywords/parallel-computing","display_name":"Parallel computing","score":0.12130779027938843},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.10454908013343811}],"concepts":[{"id":"https://openalex.org/C134066672","wikidata":"https://www.wikidata.org/wiki/Q1424639","display_name":"Payload (computing)","level":3,"score":0.9125055074691772},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8259855508804321},{"id":"https://openalex.org/C43364308","wikidata":"https://www.wikidata.org/wiki/Q8799","display_name":"Byte","level":2,"score":0.7970796823501587},{"id":"https://openalex.org/C158379750","wikidata":"https://www.wikidata.org/wiki/Q214111","display_name":"Network packet","level":2,"score":0.6643097996711731},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.6629718542098999},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.5584953427314758},{"id":"https://openalex.org/C79403827","wikidata":"https://www.wikidata.org/wiki/Q3988","display_name":"Real-time computing","level":1,"score":0.5321314334869385},{"id":"https://openalex.org/C68339613","wikidata":"https://www.wikidata.org/wiki/Q1549489","display_name":"Speedup","level":2,"score":0.5219720602035522},{"id":"https://openalex.org/C173853756","wikidata":"https://www.wikidata.org/wiki/Q86915","display_name":"Dialog box","level":2,"score":0.4869635999202728},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.44243699312210083},{"id":"https://openalex.org/C9390403","wikidata":"https://www.wikidata.org/wiki/Q3966","display_name":"Computer hardware","level":1,"score":0.19035661220550537},{"id":"https://openalex.org/C173608175","wikidata":"https://www.wikidata.org/wiki/Q232661","display_name":"Parallel computing","level":1,"score":0.12130779027938843},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.10454908013343811}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/1866307.1866405","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1866307.1866405","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 17th ACM conference on Computer and communications security","raw_type":"proceedings-article"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.174.4149","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.174.4149","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://www7.informatik.uni-erlangen.de/%7Edressler/bib/pdf/limmer2010dialog-based.pdf","raw_type":"text"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":5,"referenced_works":["https://openalex.org/W1552569371","https://openalex.org/W2017058405","https://openalex.org/W2124177002","https://openalex.org/W2161480401","https://openalex.org/W3008884790"],"related_works":["https://openalex.org/W2058965144","https://openalex.org/W2164382479","https://openalex.org/W2146343568","https://openalex.org/W98480971","https://openalex.org/W2150291671","https://openalex.org/W2013643406","https://openalex.org/W2027972911","https://openalex.org/W2157978810","https://openalex.org/W2597809628","https://openalex.org/W1574986946"],"abstract_inverted_index":{"Network-based":[0],"Intrusion":[1],"Detection":[2],"Systems":[3],"(IDSs)":[4],"such":[5],"as":[6],"Snort":[7,137],"or":[8,41,98,152],"Bro":[9],"that":[10,140],"have":[11],"to":[12,61,80,88,117,162,172,175],"analyze":[13],"the":[14,19,47,57,69,85,92,100,103,111,125,143,148,158,169,196,214],"packet":[15],"payload":[16,86],"for":[17],"all":[18,188],"received":[20],"data":[21,60,104,122,159,170,197],"show":[22],"severe":[23],"performance":[24],"problems":[25],"if":[26,99],"used":[27],"in":[28,49,157,178,207,213],"high-speed":[29],"networks.":[30],"Recent":[31],"research":[32],"results":[33,206],"improve":[34],"pattern":[35,144],"matchers":[36],"based":[37],"on":[38,68],"efficient":[39],"algorithms":[40],"using":[42,131],"specialized":[43],"hardware.":[44],"We":[45],"approach":[46],"problem":[48],"a":[50,95,179,192,208],"completely":[51],"different":[52],"way":[53],"by":[54,91],"considerably":[55],"reducing":[56],"amount":[58],"of":[59,84,102,115,142,150,187,202,210],"be":[62,89,173],"analyzed":[63,90],"with":[64],"only":[65],"marginal":[66],"impact":[67],"detection":[70],"quality.":[71],"Dialog-based":[72],"Payload":[73],"Aggregation":[74],"(DPA)":[75],"uses":[76],"TCP":[77],"sequence":[78],"numbers":[79],"decide":[81],"which":[82],"parts":[83],"need":[87],"IDS.":[93,120],"Whenever":[94],"connection":[96],"starts,":[97],"direction":[101,155],"transmission":[105],"between":[106,195],"peers":[107],"changes,":[108],"we":[109],"forward":[110],"next":[112],"N":[113],"bytes":[114],"traffic":[116,134],"an":[118,203],"attached":[119],"All":[121],"transferred":[123],"after":[124,154],"window":[126],"is":[127],"discarded.":[128],"Our":[129],"analysis":[130],"live":[132],"network":[133,181],"and":[135,199],"multiple":[136],"rulesets":[138],"shows":[139],"most":[141],"matches":[145],"occur":[146],"at":[147],"beginning":[149],"connections":[151],"directly":[153],"changes":[156],"streams.":[160],"According":[161],"our":[163,166],"experimental":[164],"results,":[165],"method":[167],"reduces":[168],"rate":[171,198],"processed":[174],"around":[176],"1%":[177],"typical":[180],"while":[182],"retaining":[183],"more":[184],"than":[185],"98%":[186],"detected":[189],"events.":[190],"Assuming":[191],"linear":[193],"relationship":[194],"processing":[200],"time":[201],"IDS,":[204],"this":[205],"speedup":[209],"two":[211],"magnitudes":[212],"best":[215],"case.":[216]},"counts_by_year":[{"year":2014,"cited_by_count":1}],"updated_date":"2026-04-05T17:49:38.594831","created_date":"2025-10-10T00:00:00"}