{"id":"https://openalex.org/W2117254617","doi":"https://doi.org/10.1145/2413247.2413254","title":"AFR","display_name":"AFR","publication_year":2012,"publication_date":"2012-12-10","ids":{"openalex":"https://openalex.org/W2117254617","doi":"https://doi.org/10.1145/2413247.2413254","mag":"2117254617"},"language":"en","primary_location":{"id":"doi:10.1145/2413247.2413254","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2413247.2413254","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2012 ACM conference on CoNEXT student workshop","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5069424041","display_name":"David Gugelmann","orcid":null},"institutions":[{"id":"https://openalex.org/I35440088","display_name":"ETH Zurich","ror":"https://ror.org/05a28rw58","country_code":"CH","type":"education","lineage":["https://openalex.org/I2799323385","https://openalex.org/I35440088"]}],"countries":["CH"],"is_corresponding":false,"raw_author_name":"David Gugelmann","raw_affiliation_strings":["ETH Zurich, Zurich, Switzerland"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"ETH Zurich, Zurich, Switzerland","institution_ids":["https://openalex.org/I35440088"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5009380982","display_name":"Dominik Schatzmann","orcid":null},"institutions":[{"id":"https://openalex.org/I35440088","display_name":"ETH Zurich","ror":"https://ror.org/05a28rw58","country_code":"CH","type":"education","lineage":["https://openalex.org/I2799323385","https://openalex.org/I35440088"]}],"countries":["CH"],"is_corresponding":false,"raw_author_name":"Dominik Schatzmann","raw_affiliation_strings":["ETH Zurich, Zurich, Switzerland"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"ETH Zurich, Zurich, Switzerland","institution_ids":["https://openalex.org/I35440088"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5048330561","display_name":"Vincent Lenders","orcid":"https://orcid.org/0000-0002-2289-3722"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Vincent Lenders","raw_affiliation_strings":["armasuisse, Thun, Switzerland","[Armasuisse, Thun, Switzerland]"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"armasuisse, Thun, Switzerland","institution_ids":[]},{"raw_affiliation_string":"[Armasuisse, Thun, Switzerland]","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.13150966,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"9","last_page":"10"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.8420909643173218},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8346124887466431},{"id":"https://openalex.org/keywords/byte","display_name":"Byte","score":0.7246611714363098},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.6418581008911133},{"id":"https://openalex.org/keywords/host","display_name":"Host (biology)","score":0.5379763841629028},{"id":"https://openalex.org/keywords/task","display_name":"Task (project management)","score":0.5156601667404175},{"id":"https://openalex.org/keywords/intrusion","display_name":"Intrusion","score":0.4401696026325226},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.4393763840198517},{"id":"https://openalex.org/keywords/computer-virus","display_name":"Computer virus","score":0.42236387729644775},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.39856141805648804},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.32964688539505005},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.28907567262649536}],"concepts":[{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.8420909643173218},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8346124887466431},{"id":"https://openalex.org/C43364308","wikidata":"https://www.wikidata.org/wiki/Q8799","display_name":"Byte","level":2,"score":0.7246611714363098},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.6418581008911133},{"id":"https://openalex.org/C126831891","wikidata":"https://www.wikidata.org/wiki/Q221673","display_name":"Host (biology)","level":2,"score":0.5379763841629028},{"id":"https://openalex.org/C2780451532","wikidata":"https://www.wikidata.org/wiki/Q759676","display_name":"Task (project management)","level":2,"score":0.5156601667404175},{"id":"https://openalex.org/C158251709","wikidata":"https://www.wikidata.org/wiki/Q354025","display_name":"Intrusion","level":2,"score":0.4401696026325226},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.4393763840198517},{"id":"https://openalex.org/C19407854","wikidata":"https://www.wikidata.org/wiki/Q485","display_name":"Computer virus","level":2,"score":0.42236387729644775},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.39856141805648804},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.32964688539505005},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.28907567262649536},{"id":"https://openalex.org/C18903297","wikidata":"https://www.wikidata.org/wiki/Q7150","display_name":"Ecology","level":1,"score":0.0},{"id":"https://openalex.org/C127313418","wikidata":"https://www.wikidata.org/wiki/Q1069","display_name":"Geology","level":0,"score":0.0},{"id":"https://openalex.org/C187736073","wikidata":"https://www.wikidata.org/wiki/Q2920921","display_name":"Management","level":1,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C162324750","wikidata":"https://www.wikidata.org/wiki/Q8134","display_name":"Economics","level":0,"score":0.0},{"id":"https://openalex.org/C17409809","wikidata":"https://www.wikidata.org/wiki/Q161764","display_name":"Geochemistry","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/2413247.2413254","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2413247.2413254","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2012 ACM conference on CoNEXT student workshop","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":5,"referenced_works":["https://openalex.org/W2040527645","https://openalex.org/W2119026482","https://openalex.org/W2122226347","https://openalex.org/W2137725382","https://openalex.org/W4236506014"],"related_works":["https://openalex.org/W2097492617","https://openalex.org/W2753240997","https://openalex.org/W2497191050","https://openalex.org/W2133389611","https://openalex.org/W3170525725","https://openalex.org/W2166844173","https://openalex.org/W4360996742","https://openalex.org/W2150675148","https://openalex.org/W4376852260","https://openalex.org/W2903617497"],"abstract_inverted_index":{"The":[0,104],"investigation":[1],"of":[2,16,60,113,134],"malware":[3,70],"infections":[4],"in":[5,19,34,90,146],"enterprise":[6,150],"networks":[7],"is":[8,99,124,140],"today":[9],"a":[10,14,38,64],"tedious":[11],"task":[12],"with":[13],"lot":[15],"manual":[17,110],"intervention":[18],"order":[20],"to":[21,56,92],"find":[22],"the":[23,58,87,109,119],"scattered":[24],"relevant":[25,100],"bits":[26],"and":[27,49,53,82,95,137,142],"bytes":[28],"from":[29],"infected":[30],"hosts.":[31],"We":[32,129],"propose":[33],"this":[35],"work":[36,111],"AFR,":[37],"framework":[39],"for":[40,101],"automatic":[41],"multi-stage":[42],"forensic":[43],"data":[44,55,97,123],"retrieval,":[45],"that":[46,98,121,131],"automatically":[47],"analyzes":[48],"retrieves":[50],"network,":[51],"memory":[52,136],"disk":[54,138],"preserve":[57],"evidence":[59],"host":[61],"compromise":[62],"at":[63],"central":[65],"location.":[66],"AFR":[67],"performs":[68],"automated":[69],"analysis":[71],"using":[72],"traditional":[73],"intrusion":[74,79],"detection":[75,80],"techniques":[76],"like":[77],"network":[78],"systems":[81],"anti-virus":[83],"software":[84],"but":[85],"combines":[86],"resulting":[88],"alarms":[89],"real-time":[91],"proactively":[93],"retrieve":[94],"archive":[96],"retrospective":[102],"investigations.":[103],"proactive":[105,132],"retrieval":[106],"approach":[107],"reduces":[108],"load":[112],"IT":[114],"administrators":[115],"while":[116],"significantly":[117],"improving":[118],"likelihood":[120],"volatile":[122],"collected":[125],"before":[126],"it":[127],"vanishes.":[128],"show":[130],"storing":[133],"selected":[135],"dumps":[139],"feasible":[141],"scales":[143],"over":[144],"time":[145],"virtualized":[147],"thin":[148],"client":[149],"environments.":[151]},"counts_by_year":[],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2016-06-24T00:00:00"}