{"id":"https://openalex.org/W2061268091","doi":"https://doi.org/10.1145/2809826.2809835","title":"Behavior-dependent Routing","display_name":"Behavior-dependent Routing","publication_year":2015,"publication_date":"2015-10-06","ids":{"openalex":"https://openalex.org/W2061268091","doi":"https://doi.org/10.1145/2809826.2809835","mag":"2061268091"},"language":"en","primary_location":{"id":"doi:10.1145/2809826.2809835","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2809826.2809835","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2015 Workshop on Automated Decision Making for Active Cyber Defense","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5013287908","display_name":"Christopher Oehmen","orcid":"https://orcid.org/0009-0004-5246-930X"},"institutions":[{"id":"https://openalex.org/I142606810","display_name":"Pacific Northwest National Laboratory","ror":"https://ror.org/05h992307","country_code":"US","type":"facility","lineage":["https://openalex.org/I1325736334","https://openalex.org/I1330989302","https://openalex.org/I142606810","https://openalex.org/I39565521"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Christopher S. Oehmen","raw_affiliation_strings":["Pacific Northwest National Laboratory, Richland, WA, USA","Pacific Northwest National Laboratory, Richland, WA USA"],"affiliations":[{"raw_affiliation_string":"Pacific Northwest National Laboratory, Richland, WA, USA","institution_ids":["https://openalex.org/I142606810"]},{"raw_affiliation_string":"Pacific Northwest National Laboratory, Richland, WA USA","institution_ids":["https://openalex.org/I142606810"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5080470693","display_name":"Thomas E. Carroll","orcid":null},"institutions":[{"id":"https://openalex.org/I142606810","display_name":"Pacific Northwest National Laboratory","ror":"https://ror.org/05h992307","country_code":"US","type":"facility","lineage":["https://openalex.org/I1325736334","https://openalex.org/I1330989302","https://openalex.org/I142606810","https://openalex.org/I39565521"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Thomas E. Carroll","raw_affiliation_strings":["Pacific Northwest National Laboratory, Richland, WA, USA","Pacific Northwest National Laboratory, Richland, WA USA"],"affiliations":[{"raw_affiliation_string":"Pacific Northwest National Laboratory, Richland, WA, USA","institution_ids":["https://openalex.org/I142606810"]},{"raw_affiliation_string":"Pacific Northwest National Laboratory, Richland, WA USA","institution_ids":["https://openalex.org/I142606810"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5108469743","display_name":"Patrick C. Paulson","orcid":null},"institutions":[{"id":"https://openalex.org/I142606810","display_name":"Pacific Northwest National Laboratory","ror":"https://ror.org/05h992307","country_code":"US","type":"facility","lineage":["https://openalex.org/I1325736334","https://openalex.org/I1330989302","https://openalex.org/I142606810","https://openalex.org/I39565521"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Patrick C. Paulson","raw_affiliation_strings":["Pacific Northwest National Laboratory, Richland, WA, USA","Pacific Northwest National Laboratory, Richland, WA USA"],"affiliations":[{"raw_affiliation_string":"Pacific Northwest National Laboratory, Richland, WA, USA","institution_ids":["https://openalex.org/I142606810"]},{"raw_affiliation_string":"Pacific Northwest National Laboratory, Richland, WA USA","institution_ids":["https://openalex.org/I142606810"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5054038232","display_name":"Daniel M. Best","orcid":null},"institutions":[{"id":"https://openalex.org/I142606810","display_name":"Pacific Northwest National Laboratory","ror":"https://ror.org/05h992307","country_code":"US","type":"facility","lineage":["https://openalex.org/I1325736334","https://openalex.org/I1330989302","https://openalex.org/I142606810","https://openalex.org/I39565521"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Daniel M. Best","raw_affiliation_strings":["Pacific Northwest National Laboratory, Richland, WA, USA","Pacific Northwest National Laboratory, Richland, WA USA"],"affiliations":[{"raw_affiliation_string":"Pacific Northwest National Laboratory, Richland, WA, USA","institution_ids":["https://openalex.org/I142606810"]},{"raw_affiliation_string":"Pacific Northwest National Laboratory, Richland, WA USA","institution_ids":["https://openalex.org/I142606810"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5090777939","display_name":"Christine F. Noonan","orcid":"https://orcid.org/0000-0002-6931-0520"},"institutions":[{"id":"https://openalex.org/I142606810","display_name":"Pacific Northwest National Laboratory","ror":"https://ror.org/05h992307","country_code":"US","type":"facility","lineage":["https://openalex.org/I1325736334","https://openalex.org/I1330989302","https://openalex.org/I142606810","https://openalex.org/I39565521"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Christine F. Noonan","raw_affiliation_strings":["Pacific Northwest National Laboratory, Richland, WA, USA","Pacific Northwest National Laboratory, Richland, WA USA"],"affiliations":[{"raw_affiliation_string":"Pacific Northwest National Laboratory, Richland, WA, USA","institution_ids":["https://openalex.org/I142606810"]},{"raw_affiliation_string":"Pacific Northwest National Laboratory, Richland, WA USA","institution_ids":["https://openalex.org/I142606810"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5054552348","display_name":"Seth Thompson","orcid":null},"institutions":[{"id":"https://openalex.org/I142606810","display_name":"Pacific Northwest National Laboratory","ror":"https://ror.org/05h992307","country_code":"US","type":"facility","lineage":["https://openalex.org/I1325736334","https://openalex.org/I1330989302","https://openalex.org/I142606810","https://openalex.org/I39565521"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Seth R. Thompson","raw_affiliation_strings":["Pacific Northwest National Laboratory, Richland, WA, USA","Pacific Northwest National Laboratory, Richland, WA USA"],"affiliations":[{"raw_affiliation_string":"Pacific Northwest National Laboratory, Richland, WA, USA","institution_ids":["https://openalex.org/I142606810"]},{"raw_affiliation_string":"Pacific Northwest National Laboratory, Richland, WA USA","institution_ids":["https://openalex.org/I142606810"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5071430156","display_name":"Jeffrey L. Jensen","orcid":"https://orcid.org/0000-0002-8821-4980"},"institutions":[{"id":"https://openalex.org/I142606810","display_name":"Pacific Northwest National Laboratory","ror":"https://ror.org/05h992307","country_code":"US","type":"facility","lineage":["https://openalex.org/I1325736334","https://openalex.org/I1330989302","https://openalex.org/I142606810","https://openalex.org/I39565521"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Jeffrey L. Jensen","raw_affiliation_strings":["Pacific Northwest National Laboratory, Richland, WA, USA","Pacific Northwest National Laboratory, Richland, WA USA"],"affiliations":[{"raw_affiliation_string":"Pacific Northwest National Laboratory, Richland, WA, USA","institution_ids":["https://openalex.org/I142606810"]},{"raw_affiliation_string":"Pacific Northwest National Laboratory, Richland, WA USA","institution_ids":["https://openalex.org/I142606810"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5034401520","display_name":"Glenn Fink","orcid":"https://orcid.org/0000-0001-5731-6514"},"institutions":[{"id":"https://openalex.org/I142606810","display_name":"Pacific Northwest National Laboratory","ror":"https://ror.org/05h992307","country_code":"US","type":"facility","lineage":["https://openalex.org/I1325736334","https://openalex.org/I1330989302","https://openalex.org/I142606810","https://openalex.org/I39565521"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Glenn A. Fink","raw_affiliation_strings":["Pacific Northwest National Laboratory, Richland, WA, USA","Pacific Northwest National Laboratory, Richland, WA USA"],"affiliations":[{"raw_affiliation_string":"Pacific Northwest National Laboratory, Richland, WA, USA","institution_ids":["https://openalex.org/I142606810"]},{"raw_affiliation_string":"Pacific Northwest National Laboratory, Richland, WA USA","institution_ids":["https://openalex.org/I142606810"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5040788704","display_name":"Elena Peterson","orcid":null},"institutions":[{"id":"https://openalex.org/I142606810","display_name":"Pacific Northwest National Laboratory","ror":"https://ror.org/05h992307","country_code":"US","type":"facility","lineage":["https://openalex.org/I1325736334","https://openalex.org/I1330989302","https://openalex.org/I142606810","https://openalex.org/I39565521"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Elena S. Peterson","raw_affiliation_strings":["Pacific Northwest National Laboratory, Richland, WA, USA","Pacific Northwest National Laboratory, Richland, WA USA"],"affiliations":[{"raw_affiliation_string":"Pacific Northwest National Laboratory, Richland, WA, USA","institution_ids":["https://openalex.org/I142606810"]},{"raw_affiliation_string":"Pacific Northwest National Laboratory, Richland, WA USA","institution_ids":["https://openalex.org/I142606810"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":9,"corresponding_author_ids":["https://openalex.org/A5013287908"],"corresponding_institution_ids":["https://openalex.org/I142606810"],"apc_list":null,"apc_paid":null,"fwci":0.3328,"has_fulltext":false,"cited_by_count":2,"citation_normalized_percentile":{"value":0.65181933,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":94},"biblio":{"volume":null,"issue":null,"first_page":"55","last_page":"58"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9987999796867371,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7189704775810242},{"id":"https://openalex.org/keywords/situation-awareness","display_name":"Situation awareness","score":0.6380447149276733},{"id":"https://openalex.org/keywords/modular-design","display_name":"Modular design","score":0.5851641297340393},{"id":"https://openalex.org/keywords/false-positives-and-false-negatives","display_name":"False positives and false negatives","score":0.4880470037460327},{"id":"https://openalex.org/keywords/automation","display_name":"Automation","score":0.4861133098602295},{"id":"https://openalex.org/keywords/false-positive-paradox","display_name":"False positive paradox","score":0.484195739030838},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4736555516719818},{"id":"https://openalex.org/keywords/routing","display_name":"Routing (electronic design automation)","score":0.43384796380996704},{"id":"https://openalex.org/keywords/cyber-physical-system","display_name":"Cyber-physical system","score":0.4216611385345459},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.18079903721809387},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.17894479632377625},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.14167964458465576}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7189704775810242},{"id":"https://openalex.org/C145804949","wikidata":"https://www.wikidata.org/wiki/Q478123","display_name":"Situation awareness","level":2,"score":0.6380447149276733},{"id":"https://openalex.org/C101468663","wikidata":"https://www.wikidata.org/wiki/Q1620158","display_name":"Modular design","level":2,"score":0.5851641297340393},{"id":"https://openalex.org/C112789634","wikidata":"https://www.wikidata.org/wiki/Q18207010","display_name":"False positives and false negatives","level":3,"score":0.4880470037460327},{"id":"https://openalex.org/C115901376","wikidata":"https://www.wikidata.org/wiki/Q184199","display_name":"Automation","level":2,"score":0.4861133098602295},{"id":"https://openalex.org/C64869954","wikidata":"https://www.wikidata.org/wiki/Q1859747","display_name":"False positive paradox","level":2,"score":0.484195739030838},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4736555516719818},{"id":"https://openalex.org/C74172769","wikidata":"https://www.wikidata.org/wiki/Q1446839","display_name":"Routing (electronic design automation)","level":2,"score":0.43384796380996704},{"id":"https://openalex.org/C179768478","wikidata":"https://www.wikidata.org/wiki/Q1120057","display_name":"Cyber-physical system","level":2,"score":0.4216611385345459},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.18079903721809387},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.17894479632377625},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.14167964458465576},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C78519656","wikidata":"https://www.wikidata.org/wiki/Q101333","display_name":"Mechanical engineering","level":1,"score":0.0},{"id":"https://openalex.org/C146978453","wikidata":"https://www.wikidata.org/wiki/Q3798668","display_name":"Aerospace engineering","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/2809826.2809835","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2809826.2809835","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2015 Workshop on Automated Decision Making for Active Cyber Defense","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.5400000214576721,"id":"https://metadata.un.org/sdg/9","display_name":"Industry, innovation and infrastructure"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":18,"referenced_works":["https://openalex.org/W68041361","https://openalex.org/W1651936986","https://openalex.org/W1966335190","https://openalex.org/W1988086096","https://openalex.org/W2046704354","https://openalex.org/W2067064024","https://openalex.org/W2090119438","https://openalex.org/W2119446207","https://openalex.org/W2121603905","https://openalex.org/W2134006599","https://openalex.org/W2134796613","https://openalex.org/W2137474223","https://openalex.org/W2144171231","https://openalex.org/W2146510646","https://openalex.org/W2154344733","https://openalex.org/W2411007133","https://openalex.org/W6677963921","https://openalex.org/W6682031666"],"related_works":["https://openalex.org/W1557094818","https://openalex.org/W2183246718","https://openalex.org/W1973412793","https://openalex.org/W2099261052","https://openalex.org/W4292605373","https://openalex.org/W2951146195","https://openalex.org/W4226316650","https://openalex.org/W3123215897","https://openalex.org/W2153600354","https://openalex.org/W4243739114"],"abstract_inverted_index":{"As":[0],"cyber":[1,39,57],"attacks":[2],"on":[3,33,104],"enterprise":[4],"systems":[5,20,124],"and":[6,12,30,35,65,136,193,198],"critical":[7],"infrastructure":[8],"increase":[9],"in":[10,18,52,189],"prevalence":[11],"severity,":[13],"persistent":[14],"presence":[15],"of":[16,67,75,86,94,133,167,173],"adversaries":[17,37],"these":[19],"is":[21,42,102,161,182,205],"a":[22,68,73,97,116,120,154,183,190,206],"common":[23],"theme.":[24],"While":[25],"there":[26,41],"are":[27,113,119,128],"many":[28],"efforts":[29],"tools":[31],"focused":[32],"locating":[34],"removing":[36],"from":[38,148],"systems,":[40],"an":[43],"increasing":[44],"need":[45],"for":[46,109,122,156,195,208],"automated,":[47],"steerable":[48,224],"response":[49,158],"that":[50,112,159,185,226],"happens":[51],"attack-relevant":[53],"time":[54],"scales-an":[55],"active":[56,76],"defense.":[58],"The":[59,179],"research":[60],"presented":[61,180],"here":[62],"describes":[63],"design":[64],"implementation":[66],"system":[69,152,181],"(SEQUESTOR)":[70],"to":[71,90,130,163,177,200,217,230],"achieve":[72],"form":[74],"defense":[77],"at":[78],"the":[79,84,140,149,165,171,175],"network":[80],"layer":[81],"by":[82,144],"using":[83],"output":[85],"multiple":[87],"behavior":[88,111,176,187],"models":[89,188,197],"drive":[91],"differential":[92],"routing":[93],"traffic":[95,146],"through":[96],"core":[98],"network.":[99],"This":[100],"approach":[101],"based":[103],"two":[105],"assertions:":[106],"1)":[107],"methods":[108],"detecting":[110],"inconsistent":[114],"with":[115,170],"user's":[117],"past":[118],"proxy":[121],"compromised":[123,151],"or":[125],"credentials,":[126],"but":[127],"subject":[129],"high":[131],"rate":[132],"false":[134,168],"positives;":[135],"2)":[137],"automatically":[138],"changing":[139],"logical":[141],"route":[142],"taken":[143],"future":[145,196],"emanating":[147],"potentially":[150],"provides":[153],"means":[155],"graded":[157],"makes":[160],"possible":[162],"balance":[164],"cost":[166],"positive":[169],"risk":[172],"allowing":[174],"continue.":[178],"framework":[184],"combines":[186],"modular":[191],"way":[192],"allows":[194],"responses":[199,219,225],"be":[201,215],"incorporated.":[202],"Ultimately,":[203],"this":[204],"model":[207],"how":[209],"real-time":[210],"situational":[211],"awareness":[212],"technologies":[213],"can":[214],"coupled":[216],"automated":[218],"as":[220,222],"well":[221],"supporting":[223],"provide":[227],"decision":[228],"support":[229],"human":[231],"operators.":[232]},"counts_by_year":[{"year":2020,"cited_by_count":1},{"year":2018,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}