{"id":"https://openalex.org/W1985336413","doi":"https://doi.org/10.1145/2484425.2484428","title":"Massive scale cyber traffic analysis","display_name":"Massive scale cyber traffic analysis","publication_year":2013,"publication_date":"2013-06-23","ids":{"openalex":"https://openalex.org/W1985336413","doi":"https://doi.org/10.1145/2484425.2484428","mag":"1985336413"},"language":"en","primary_location":{"id":"doi:10.1145/2484425.2484428","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2484425.2484428","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"First International Workshop on Graph Data Management Experiences and Systems","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5059387152","display_name":"Cliff Joslyn","orcid":"https://orcid.org/0000-0002-5923-5547"},"institutions":[{"id":"https://openalex.org/I142606810","display_name":"Pacific Northwest National Laboratory","ror":"https://ror.org/05h992307","country_code":"US","type":"facility","lineage":["https://openalex.org/I1325736334","https://openalex.org/I1330989302","https://openalex.org/I142606810","https://openalex.org/I39565521"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Cliff Joslyn","raw_affiliation_strings":["Pacific Northwest National Laboratory (PNNL)"],"affiliations":[{"raw_affiliation_string":"Pacific Northwest National Laboratory (PNNL)","institution_ids":["https://openalex.org/I142606810"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5016440514","display_name":"Sutanay Choudhury","orcid":"https://orcid.org/0000-0001-7352-2035"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Sutanay Choudhury","raw_affiliation_strings":["PNNL"],"affiliations":[{"raw_affiliation_string":"PNNL","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5005082862","display_name":"David J. Haglin","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"David Haglin","raw_affiliation_strings":["PNNL"],"affiliations":[{"raw_affiliation_string":"PNNL","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5007124763","display_name":"Bill Howe","orcid":"https://orcid.org/0000-0001-8588-8472"},"institutions":[{"id":"https://openalex.org/I201448701","display_name":"University of Washington","ror":"https://ror.org/00cvxb145","country_code":"US","type":"education","lineage":["https://openalex.org/I201448701"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Bill Howe","raw_affiliation_strings":["University of Washington"],"affiliations":[{"raw_affiliation_string":"University of Washington","institution_ids":["https://openalex.org/I201448701"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5010137336","display_name":"Bill Nickless","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Bill Nickless","raw_affiliation_strings":["PNNL"],"affiliations":[{"raw_affiliation_string":"PNNL","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5019576915","display_name":"Bryan Olsen","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Bryan Olsen","raw_affiliation_strings":["PNNL"],"affiliations":[{"raw_affiliation_string":"PNNL","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5059387152"],"corresponding_institution_ids":["https://openalex.org/I142606810"],"apc_list":null,"apc_paid":null,"fwci":3.7699,"has_fulltext":false,"cited_by_count":20,"citation_normalized_percentile":{"value":0.93512688,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"6"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12326","display_name":"Network Packet Processing and Optimization","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8116621971130371},{"id":"https://openalex.org/keywords/netflow","display_name":"NetFlow","score":0.7589703798294067},{"id":"https://openalex.org/keywords/sparql","display_name":"SPARQL","score":0.5832900404930115},{"id":"https://openalex.org/keywords/graph","display_name":"Graph","score":0.5806818008422852},{"id":"https://openalex.org/keywords/server","display_name":"Server","score":0.5394251346588135},{"id":"https://openalex.org/keywords/datalog","display_name":"Datalog","score":0.5158461928367615},{"id":"https://openalex.org/keywords/graph-database","display_name":"Graph database","score":0.5088818073272705},{"id":"https://openalex.org/keywords/analytics","display_name":"Analytics","score":0.47771549224853516},{"id":"https://openalex.org/keywords/relational-database","display_name":"Relational database","score":0.43431368470191956},{"id":"https://openalex.org/keywords/network-packet","display_name":"Network packet","score":0.4291408061981201},{"id":"https://openalex.org/keywords/rdf","display_name":"RDF","score":0.41151174902915955},{"id":"https://openalex.org/keywords/theoretical-computer-science","display_name":"Theoretical computer science","score":0.4008139371871948},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.3003482222557068},{"id":"https://openalex.org/keywords/data-science","display_name":"Data science","score":0.3001002073287964},{"id":"https://openalex.org/keywords/information-retrieval","display_name":"Information retrieval","score":0.27578163146972656},{"id":"https://openalex.org/keywords/semantic-web","display_name":"Semantic Web","score":0.25039422512054443},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.24128594994544983}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8116621971130371},{"id":"https://openalex.org/C188067584","wikidata":"https://www.wikidata.org/wiki/Q219363","display_name":"NetFlow","level":2,"score":0.7589703798294067},{"id":"https://openalex.org/C41009113","wikidata":"https://www.wikidata.org/wiki/Q54871","display_name":"SPARQL","level":4,"score":0.5832900404930115},{"id":"https://openalex.org/C132525143","wikidata":"https://www.wikidata.org/wiki/Q141488","display_name":"Graph","level":2,"score":0.5806818008422852},{"id":"https://openalex.org/C93996380","wikidata":"https://www.wikidata.org/wiki/Q44127","display_name":"Server","level":2,"score":0.5394251346588135},{"id":"https://openalex.org/C148230440","wikidata":"https://www.wikidata.org/wiki/Q1172264","display_name":"Datalog","level":2,"score":0.5158461928367615},{"id":"https://openalex.org/C176225458","wikidata":"https://www.wikidata.org/wiki/Q595971","display_name":"Graph database","level":3,"score":0.5088818073272705},{"id":"https://openalex.org/C79158427","wikidata":"https://www.wikidata.org/wiki/Q485396","display_name":"Analytics","level":2,"score":0.47771549224853516},{"id":"https://openalex.org/C5655090","wikidata":"https://www.wikidata.org/wiki/Q192588","display_name":"Relational database","level":2,"score":0.43431368470191956},{"id":"https://openalex.org/C158379750","wikidata":"https://www.wikidata.org/wiki/Q214111","display_name":"Network packet","level":2,"score":0.4291408061981201},{"id":"https://openalex.org/C147497476","wikidata":"https://www.wikidata.org/wiki/Q54872","display_name":"RDF","level":3,"score":0.41151174902915955},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.4008139371871948},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.3003482222557068},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.3001002073287964},{"id":"https://openalex.org/C23123220","wikidata":"https://www.wikidata.org/wiki/Q816826","display_name":"Information retrieval","level":1,"score":0.27578163146972656},{"id":"https://openalex.org/C2129575","wikidata":"https://www.wikidata.org/wiki/Q54837","display_name":"Semantic Web","level":2,"score":0.25039422512054443},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.24128594994544983}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/2484425.2484428","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2484425.2484428","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"First International Workshop on Graph Data Management Experiences and Systems","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[{"id":"https://openalex.org/F4320306084","display_name":"U.S. Department of Energy","ror":"https://ror.org/01bj3aw27"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":13,"referenced_works":["https://openalex.org/W1505228824","https://openalex.org/W1572495409","https://openalex.org/W1594972289","https://openalex.org/W1775772884","https://openalex.org/W1865994522","https://openalex.org/W2044285442","https://openalex.org/W2056116767","https://openalex.org/W2081357650","https://openalex.org/W2109129913","https://openalex.org/W2119895316","https://openalex.org/W2122226347","https://openalex.org/W2137370514","https://openalex.org/W2157949690"],"related_works":["https://openalex.org/W1846461415","https://openalex.org/W2615202182","https://openalex.org/W4206665951","https://openalex.org/W3085073370","https://openalex.org/W2529794967","https://openalex.org/W2978246852","https://openalex.org/W2604011835","https://openalex.org/W2528203718","https://openalex.org/W2951852920","https://openalex.org/W3095797869"],"abstract_inverted_index":{"We":[0,114],"consider":[1],"cyber":[2],"traffic":[3],"analysis":[4],"(TA)":[5],"as":[6,69,125],"a":[7,70,147],"challenge":[8],"problem":[9],"for":[10,80,91,102],"research":[11],"in":[12,133],"graph":[13,72,126],"database":[14],"systems.":[15,153],"TA":[16],"involves":[17],"observing":[18],"and":[19,26,50,73,86,100,139,141],"analyzing":[20],"connections":[21],"between":[22],"clients,":[23],"servers,":[24],"hosts,":[25],"actors":[27],"within":[28],"IP":[29,57],"networks,":[30],"over":[31],"time,":[32],"to":[33,65,130,145],"detect":[34],"suspicious":[35],"patterns.":[36],"Towards":[37],"that":[38],"end,":[39],"NetFlow":[40],"(or":[41],"more":[42],"generically,":[43],"IPFLOW)":[44],"data":[45,68,87],"are":[46],"available":[47],"from":[48,119],"routers":[49],"servers":[51],"which":[52],"summarize":[53],"coherent":[54],"groups":[55],"of":[56,84,150],"packets":[58],"flowing":[59],"through":[60],"the":[61,120],"network.":[62],"The":[63],"ability":[64],"cast":[66,123],"IPFLOW":[67,104,112],"massive":[71],"query":[74,136],"it":[75],"interactively":[76],"is":[77],"potentially":[78],"transformative":[79],"cybersecurity,":[81],"but":[82],"issues":[83],"scale":[85],"complexity":[88],"pose":[89],"challenges":[90],"current":[92],"technology.":[93],"In":[94],"this":[95],"paper,":[96],"we":[97],"outline":[98],"requirements":[99],"opportunities":[101],"graph-structured":[103],"analytics":[105],"based":[106],"on":[107],"our":[108],"experience":[109],"with":[110],"real":[111,116],"databases.":[113],"describe":[115],"use":[117,142],"cases":[118],"security":[121],"domain,":[122],"them":[124,132],"patterns,":[127],"show":[128],"how":[129],"express":[131],"two":[134],"graph-oriented":[135],"languages":[137],"(SPARQL":[138],"Datalog),":[140],"these":[143],"examples":[144],"motivate":[146],"new":[148],"class":[149],"\"hybrid\"":[151],"graph-relational":[152]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":1},{"year":2022,"cited_by_count":1},{"year":2021,"cited_by_count":2},{"year":2019,"cited_by_count":3},{"year":2018,"cited_by_count":2},{"year":2016,"cited_by_count":3},{"year":2015,"cited_by_count":3},{"year":2014,"cited_by_count":4}],"updated_date":"2026-04-05T17:49:38.594831","created_date":"2025-10-10T00:00:00"}