{"id":"https://openalex.org/W2961854495","doi":"https://doi.org/10.1145/3339252.3341476","title":"Using Temporal and Topological Features for Intrusion Detection in Operational Networks","display_name":"Using Temporal and Topological Features for Intrusion Detection in Operational Networks","publication_year":2019,"publication_date":"2019-08-09","ids":{"openalex":"https://openalex.org/W2961854495","doi":"https://doi.org/10.1145/3339252.3341476","mag":"2961854495"},"language":"en","primary_location":{"id":"doi:10.1145/3339252.3341476","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3339252.3341476","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 14th International Conference on Availability, Reliability and Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["arxiv","crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://arxiv.org/pdf/1907.04098","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":null,"display_name":"Simon D. Duque Anton","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Simon D. Duque Anton","raw_affiliation_strings":["German Research Center for AI, Kaiserslautern, Germany"],"affiliations":[{"raw_affiliation_string":"German Research Center for AI, Kaiserslautern, Germany","institution_ids":[]}]},{"author_position":"middle","author":{"id":null,"display_name":"Daniel Fraunholz","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Daniel Fraunholz","raw_affiliation_strings":["German Research Center for AI, Kaiserslautern, Germany"],"affiliations":[{"raw_affiliation_string":"German Research Center for AI, Kaiserslautern, Germany","institution_ids":[]}]},{"author_position":"last","author":{"id":null,"display_name":"Hans Dieter Schotten","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Hans Dieter Schotten","raw_affiliation_strings":["German Research Center for AI, Kaiserslautern, Germany"],"affiliations":[{"raw_affiliation_string":"German Research Center for AI, Kaiserslautern, Germany","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":3,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":1.1121,"has_fulltext":false,"cited_by_count":6,"citation_normalized_percentile":{"value":0.80159154,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":97},"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9987999796867371,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12391","display_name":"Artificial Immune Systems Applications","score":0.9829999804496765,"subfield":{"id":"https://openalex.org/subfields/2204","display_name":"Biomedical Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.6779999732971191},{"id":"https://openalex.org/keywords/encryption","display_name":"Encryption","score":0.47429999709129333},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.43849998712539673},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.424699991941452},{"id":"https://openalex.org/keywords/outlier","display_name":"Outlier","score":0.3864000141620636},{"id":"https://openalex.org/keywords/graph","display_name":"Graph","score":0.3573000133037567},{"id":"https://openalex.org/keywords/authentication","display_name":"Authentication (law)","score":0.35679998993873596}],"concepts":[{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.6779999732971191},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6626999974250793},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.569599986076355},{"id":"https://openalex.org/C148730421","wikidata":"https://www.wikidata.org/wiki/Q141090","display_name":"Encryption","level":2,"score":0.47429999709129333},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.43849998712539673},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.424699991941452},{"id":"https://openalex.org/C79337645","wikidata":"https://www.wikidata.org/wiki/Q779824","display_name":"Outlier","level":2,"score":0.3864000141620636},{"id":"https://openalex.org/C120314980","wikidata":"https://www.wikidata.org/wiki/Q180634","display_name":"Distributed computing","level":1,"score":0.37279999256134033},{"id":"https://openalex.org/C79403827","wikidata":"https://www.wikidata.org/wiki/Q3988","display_name":"Real-time computing","level":1,"score":0.36970001459121704},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.35839998722076416},{"id":"https://openalex.org/C132525143","wikidata":"https://www.wikidata.org/wiki/Q141488","display_name":"Graph","level":2,"score":0.3573000133037567},{"id":"https://openalex.org/C148417208","wikidata":"https://www.wikidata.org/wiki/Q4825882","display_name":"Authentication (law)","level":2,"score":0.35679998993873596},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.32510000467300415},{"id":"https://openalex.org/C158251709","wikidata":"https://www.wikidata.org/wiki/Q354025","display_name":"Intrusion","level":2,"score":0.3224000036716461},{"id":"https://openalex.org/C179768478","wikidata":"https://www.wikidata.org/wiki/Q1120057","display_name":"Cyber-physical system","level":2,"score":0.31209999322891235},{"id":"https://openalex.org/C146849305","wikidata":"https://www.wikidata.org/wiki/Q370766","display_name":"Ground truth","level":2,"score":0.30230000615119934},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.2892000079154968},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.27959999442100525},{"id":"https://openalex.org/C174998907","wikidata":"https://www.wikidata.org/wiki/Q357662","display_name":"Work in process","level":2,"score":0.2540000081062317},{"id":"https://openalex.org/C182590292","wikidata":"https://www.wikidata.org/wiki/Q989632","display_name":"Network security","level":2,"score":0.2529999911785126}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3339252.3341476","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3339252.3341476","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 14th International Conference on Availability, Reliability and Security","raw_type":"proceedings-article"},{"id":"pmh:oai:arXiv.org:1907.04098","is_oa":true,"landing_page_url":"http://arxiv.org/abs/1907.04098","pdf_url":"https://arxiv.org/pdf/1907.04098","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"}],"best_oa_location":{"id":"pmh:oai:arXiv.org:1907.04098","is_oa":true,"landing_page_url":"http://arxiv.org/abs/1907.04098","pdf_url":"https://arxiv.org/pdf/1907.04098","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":25,"referenced_works":["https://openalex.org/W258159988","https://openalex.org/W574641061","https://openalex.org/W1512037836","https://openalex.org/W1578384606","https://openalex.org/W1974853427","https://openalex.org/W2003530067","https://openalex.org/W2007250389","https://openalex.org/W2021702566","https://openalex.org/W2032280284","https://openalex.org/W2080099070","https://openalex.org/W2089554624","https://openalex.org/W2133590498","https://openalex.org/W2135535527","https://openalex.org/W2136997350","https://openalex.org/W2142889610","https://openalex.org/W2154276653","https://openalex.org/W2293689143","https://openalex.org/W2295637543","https://openalex.org/W2338694366","https://openalex.org/W2542991636","https://openalex.org/W2742517588","https://openalex.org/W2769267310","https://openalex.org/W2887434122","https://openalex.org/W2890488673","https://openalex.org/W2897104255"],"related_works":[],"abstract_inverted_index":{"Until":[0],"two":[1],"decades":[2],"ago,":[3],"industrial":[4,29,71,118,143],"networks":[5],"were":[6,134],"deemed":[7],"secure":[8],"due":[9],"to":[10,32,47,109,152],"physical":[11],"separation":[12],"from":[13,38,161],"public":[14],"networks.":[15],"An":[16],"abundance":[17],"of":[18,86,116,140],"successful":[19],"attacks":[20,133],"proved":[21],"that":[22,36,146],"assumption":[23],"wrong.":[24],"Intrusion":[25],"detection":[26],"solutions":[27],"for":[28,60,82,99,175],"application":[30],"need":[31],"meet":[33],"certain":[34],"requirements":[35],"differ":[37],"home-":[39],"and":[40,50,67],"office-environments,":[41],"such":[42],"as":[43,166],"working":[44],"without":[45],"feedback":[46],"the":[48,90,113,137,169],"process":[49,121],"compatibility":[51],"with":[52],"legacy":[53],"systems.":[54],"Industrial":[55],"systems":[56],"are":[57,64,150],"commonly":[58],"used":[59,108,151],"several":[61],"decades,":[62],"updates":[63],"often":[65],"difficult":[66],"expensive.":[68],"Furthermore,":[69,136],"most":[70],"protocols":[72],"do":[73],"not":[74],"have":[75],"inherent":[76],"authentication":[77],"or":[78],"encryption":[79],"mechanisms,":[80],"allowing":[81],"easy":[83],"lateral":[84],"movement":[85],"an":[87,97,117,125,172],"intruder":[88],"once":[89],"perimeter":[91],"is":[92,107,178],"breached.":[93],"In":[94],"this":[95],"work,":[96],"algorithm":[98],"motif":[100],"discovery":[101],"in":[102,112,124,168],"time":[103],"series,":[104],"Matrix":[105],"Profiles,":[106],"detect":[110,153],"outliers":[111],"timing":[114],"behaviour":[115],"process.":[119],"This":[120],"was":[122],"monitored":[123],"experimental":[126],"environment,":[127],"containing":[128],"ground":[129],"truth":[130],"labels":[131],"after":[132],"performed.":[135],"graph":[138],"representations":[139],"a":[141],"different":[142],"data":[144],"set":[145],"has":[147],"been":[148],"emulated":[149],"malicious":[154],"activities.":[155],"These":[156],"activities":[157],"can":[158],"be":[159],"derived":[160],"anomalous":[162],"communication":[163],"patterns,":[164],"represented":[165],"edges":[167],"graph.":[170],"Finally,":[171],"integration":[173],"concept":[174],"both":[176],"methods":[177],"proposed.":[179]},"counts_by_year":[{"year":2022,"cited_by_count":4},{"year":2020,"cited_by_count":1},{"year":2019,"cited_by_count":1}],"updated_date":"2026-03-20T23:20:44.827607","created_date":"2019-07-23T00:00:00"}