{"id":"https://openalex.org/W4385993929","doi":"https://doi.org/10.1145/3609021.3609294","title":"Network Profiles for Detecting Application-Characteristic Behavior Using Linux eBPF","display_name":"Network Profiles for Detecting Application-Characteristic Behavior Using Linux eBPF","publication_year":2023,"publication_date":"2023-08-18","ids":{"openalex":"https://openalex.org/W4385993929","doi":"https://doi.org/10.1145/3609021.3609294"},"language":"en","primary_location":{"id":"doi:10.1145/3609021.3609294","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3609021.3609294","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 1st Workshop on eBPF and Kernel Extensions","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5000054203","display_name":"Lars W\u00fcstrich","orcid":"https://orcid.org/0009-0004-6462-4127"},"institutions":[{"id":"https://openalex.org/I62916508","display_name":"Technical University of Munich","ror":"https://ror.org/02kkvpp62","country_code":"DE","type":"education","lineage":["https://openalex.org/I62916508"]}],"countries":["DE"],"is_corresponding":true,"raw_author_name":"Lars W\u00fcstrich","raw_affiliation_strings":["Technical University of Munich, Garching near Munich, Germany"],"raw_orcid":"https://orcid.org/0009-0004-6462-4127","affiliations":[{"raw_affiliation_string":"Technical University of Munich, Garching near Munich, Germany","institution_ids":["https://openalex.org/I62916508"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5092664374","display_name":"Markus Schacherbauer","orcid":"https://orcid.org/0009-0008-5109-4509"},"institutions":[{"id":"https://openalex.org/I62916508","display_name":"Technical University of Munich","ror":"https://ror.org/02kkvpp62","country_code":"DE","type":"education","lineage":["https://openalex.org/I62916508"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Markus Schacherbauer","raw_affiliation_strings":["Technical University of Munich, Garching near Munich, Germany"],"raw_orcid":"https://orcid.org/0009-0008-5109-4509","affiliations":[{"raw_affiliation_string":"Technical University of Munich, Garching near Munich, Germany","institution_ids":["https://openalex.org/I62916508"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5092664375","display_name":"Markus Budeus","orcid":"https://orcid.org/0009-0007-3347-974X"},"institutions":[{"id":"https://openalex.org/I62916508","display_name":"Technical University of Munich","ror":"https://ror.org/02kkvpp62","country_code":"DE","type":"education","lineage":["https://openalex.org/I62916508"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Markus Budeus","raw_affiliation_strings":["Technical University of Munich, Garching near Munich, Germany"],"raw_orcid":"https://orcid.org/0009-0007-3347-974X","affiliations":[{"raw_affiliation_string":"Technical University of Munich, Garching near Munich, Germany","institution_ids":["https://openalex.org/I62916508"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5092664376","display_name":"Dominik Freiherr von K\u00fcn\u00dfberg","orcid":"https://orcid.org/0009-0000-5775-5031"},"institutions":[{"id":"https://openalex.org/I62916508","display_name":"Technical University of Munich","ror":"https://ror.org/02kkvpp62","country_code":"DE","type":"education","lineage":["https://openalex.org/I62916508"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Dominik Freiherr von K\u00fcn\u00dfberg","raw_affiliation_strings":["Technical University of Munich, Garching near Munich, Germany"],"raw_orcid":"https://orcid.org/0009-0000-5775-5031","affiliations":[{"raw_affiliation_string":"Technical University of Munich, Garching near Munich, Germany","institution_ids":["https://openalex.org/I62916508"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5027327845","display_name":"Sebastian Gallenm\u00fcller","orcid":"https://orcid.org/0000-0002-7173-3573"},"institutions":[{"id":"https://openalex.org/I62916508","display_name":"Technical University of Munich","ror":"https://ror.org/02kkvpp62","country_code":"DE","type":"education","lineage":["https://openalex.org/I62916508"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Sebastian Gallenm\u00fcller","raw_affiliation_strings":["Technical University of Munich, Garching near Munich, Germany"],"raw_orcid":"https://orcid.org/0000-0002-7173-3573","affiliations":[{"raw_affiliation_string":"Technical University of Munich, Garching near Munich, Germany","institution_ids":["https://openalex.org/I62916508"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5004198506","display_name":"Marc\u2010Oliver Pahl","orcid":"https://orcid.org/0000-0001-5241-3809"},"institutions":[{"id":"https://openalex.org/I4210127572","display_name":"IMT Atlantique","ror":"https://ror.org/030hj3061","country_code":"FR","type":"education","lineage":["https://openalex.org/I205703379","https://openalex.org/I4210127572"]}],"countries":["FR"],"is_corresponding":false,"raw_author_name":"Marc-Oliver Pahl","raw_affiliation_strings":["IMT Atlantique, Rennes, France"],"raw_orcid":"https://orcid.org/0000-0001-5241-3809","affiliations":[{"raw_affiliation_string":"IMT Atlantique, Rennes, France","institution_ids":["https://openalex.org/I4210127572"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5060144977","display_name":"Georg Carle","orcid":"https://orcid.org/0000-0002-2347-1839"},"institutions":[{"id":"https://openalex.org/I62916508","display_name":"Technical University of Munich","ror":"https://ror.org/02kkvpp62","country_code":"DE","type":"education","lineage":["https://openalex.org/I62916508"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Georg Carle","raw_affiliation_strings":["Technical University of Munich, Garching near Munich, Germany"],"raw_orcid":"https://orcid.org/0000-0002-2347-1839","affiliations":[{"raw_affiliation_string":"Technical University of Munich, Garching near Munich, Germany","institution_ids":["https://openalex.org/I62916508"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":7,"corresponding_author_ids":["https://openalex.org/A5000054203"],"corresponding_institution_ids":["https://openalex.org/I62916508"],"apc_list":null,"apc_paid":null,"fwci":1.1805,"has_fulltext":false,"cited_by_count":6,"citation_normalized_percentile":{"value":0.79958724,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":94,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"8","last_page":"14"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9980000257492065,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8229400515556335},{"id":"https://openalex.org/keywords/botnet","display_name":"Botnet","score":0.7591713666915894},{"id":"https://openalex.org/keywords/dependency","display_name":"Dependency (UML)","score":0.7044212818145752},{"id":"https://openalex.org/keywords/task","display_name":"Task (project management)","score":0.6858088970184326},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.6784316301345825},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.6065773963928223},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.46153414249420166},{"id":"https://openalex.org/keywords/work","display_name":"Work (physics)","score":0.4255933463573456},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.24695363640785217},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.14973270893096924},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.1429123878479004},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.11602699756622314},{"id":"https://openalex.org/keywords/systems-engineering","display_name":"Systems engineering","score":0.10613474249839783},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.09728562831878662}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8229400515556335},{"id":"https://openalex.org/C22735295","wikidata":"https://www.wikidata.org/wiki/Q317671","display_name":"Botnet","level":3,"score":0.7591713666915894},{"id":"https://openalex.org/C19768560","wikidata":"https://www.wikidata.org/wiki/Q320727","display_name":"Dependency (UML)","level":2,"score":0.7044212818145752},{"id":"https://openalex.org/C2780451532","wikidata":"https://www.wikidata.org/wiki/Q759676","display_name":"Task (project management)","level":2,"score":0.6858088970184326},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.6784316301345825},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.6065773963928223},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.46153414249420166},{"id":"https://openalex.org/C18762648","wikidata":"https://www.wikidata.org/wiki/Q42213","display_name":"Work (physics)","level":2,"score":0.4255933463573456},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.24695363640785217},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.14973270893096924},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.1429123878479004},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.11602699756622314},{"id":"https://openalex.org/C201995342","wikidata":"https://www.wikidata.org/wiki/Q682496","display_name":"Systems engineering","level":1,"score":0.10613474249839783},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.09728562831878662},{"id":"https://openalex.org/C78519656","wikidata":"https://www.wikidata.org/wiki/Q101333","display_name":"Mechanical engineering","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3609021.3609294","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3609021.3609294","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 1st Workshop on eBPF and Kernel Extensions","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G3465339082","display_name":null,"funder_award_id":"16KISK002","funder_id":"https://openalex.org/F4320321114","funder_display_name":"Bundesministerium f\u00fcr Bildung und Forschung"},{"id":"https://openalex.org/G3570026678","display_name":null,"funder_award_id":"16KISK107","funder_id":"https://openalex.org/F4320321114","funder_display_name":"Bundesministerium f\u00fcr Bildung und Forschung"},{"id":"https://openalex.org/G3961738109","display_name":null,"funder_award_id":"16KIS1370","funder_id":"https://openalex.org/F4320321114","funder_display_name":"Bundesministerium f\u00fcr Bildung und Forschung"},{"id":"https://openalex.org/G4604120214","display_name":null,"funder_award_id":"101079774","funder_id":"https://openalex.org/F4320338439","funder_display_name":"HORIZON EUROPE Research Infrastructures"},{"id":"https://openalex.org/G6589525889","display_name":null,"funder_award_id":"6G-ANNA","funder_id":"https://openalex.org/F4320321114","funder_display_name":"Bundesministerium f\u00fcr Bildung und Forschung"},{"id":"https://openalex.org/G7472567491","display_name":null,"funder_award_id":"16KISK002","funder_id":"https://openalex.org/F4320320879","funder_display_name":"Deutsche Forschungsgemeinschaft"},{"id":"https://openalex.org/G8673209555","display_name":null,"funder_award_id":"101008468","funder_id":"https://openalex.org/F4320337998","funder_display_name":"HORIZON EUROPE Excellent Science"},{"id":"https://openalex.org/G996416203","display_name":null,"funder_award_id":"CA595/13-1","funder_id":"https://openalex.org/F4320320879","funder_display_name":"Deutsche Forschungsgemeinschaft"}],"funders":[{"id":"https://openalex.org/F4320320879","display_name":"Deutsche Forschungsgemeinschaft","ror":"https://ror.org/018mejw64"},{"id":"https://openalex.org/F4320321114","display_name":"Bundesministerium f\u00fcr Bildung und Forschung","ror":"https://ror.org/04pz7b180"},{"id":"https://openalex.org/F4320327215","display_name":"R\u00e9gion Bretagne","ror":null},{"id":"https://openalex.org/F4320331012","display_name":"Bayerische Staatsministerium f\u00fcr Wirtschaft, Landesentwicklung und Energie","ror":null},{"id":"https://openalex.org/F4320337998","display_name":"HORIZON EUROPE Excellent Science","ror":null},{"id":"https://openalex.org/F4320338439","display_name":"HORIZON EUROPE Research Infrastructures","ror":null}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":17,"referenced_works":["https://openalex.org/W1639956611","https://openalex.org/W1985456010","https://openalex.org/W1985567116","https://openalex.org/W2003957650","https://openalex.org/W2035095458","https://openalex.org/W2068242608","https://openalex.org/W2120256168","https://openalex.org/W2122226347","https://openalex.org/W2156916299","https://openalex.org/W2168595508","https://openalex.org/W2168924027","https://openalex.org/W2579106964","https://openalex.org/W2765076328","https://openalex.org/W2789862816","https://openalex.org/W3006136675","https://openalex.org/W3185496122","https://openalex.org/W3216321736"],"related_works":["https://openalex.org/W2294483539","https://openalex.org/W2378449000","https://openalex.org/W2938399969","https://openalex.org/W3187581118","https://openalex.org/W3143747655","https://openalex.org/W2002178493","https://openalex.org/W2901835651","https://openalex.org/W2883616266","https://openalex.org/W186576250","https://openalex.org/W2372254325"],"abstract_inverted_index":{"Applications":[0],"often":[1],"show":[2,68],"unique":[3],"communication":[4],"behavior.":[5,33],"Knowledge":[6],"about":[7],"this":[8,23,55],"behavior":[9],"is":[10,46],"beneficial":[11],"in":[12],"various":[13],"use":[14],"cases,":[15],"such":[16],"as":[17,106],"anomaly":[18],"or":[19],"dependency":[20],"detection.":[21],"In":[22,64],"paper,":[24],"we":[25,67],"present":[26],"network":[27,62,98],"profiles":[28],"that":[29,57,69],"characterize":[30],"typical":[31],"application":[32,81],"This":[34],"requires":[35],"a":[36,97,107],"reliable":[37],"and":[38,43],"accurate":[39],"association":[40],"of":[41,61,85],"processes":[42],"applications,":[44],"which":[45],"challenging.":[47],"We,":[48],"therefore,":[49],"introduce":[50],"an":[51],"eBPF-based":[52],"matcher":[53],"for":[54],"task":[56],"enables":[58],"the":[59,76],"creation":[60],"profiles.":[63],"our":[65,93],"evaluation":[66],"eBPF":[70],"allows":[71],"us":[72],"to":[73,79,100],"efficiently":[74],"collect":[75],"relevant":[77],"data":[78,87],"build":[80],"profiles,":[82],"addressing":[83],"issues":[84],"other":[86],"collection":[88],"approaches.":[89],"We":[90],"further":[91],"evaluate":[92],"work":[94],"by":[95],"using":[96],"profile":[99],"identify":[101],"emulated":[102],"botnet":[103],"activity":[104],"masqueraded":[105],"benign":[108],"process.":[109]},"counts_by_year":[{"year":2025,"cited_by_count":4},{"year":2024,"cited_by_count":2}],"updated_date":"2026-03-27T05:58:40.876381","created_date":"2025-10-10T00:00:00"}