{"id":"https://openalex.org/W1974715273","doi":"https://doi.org/10.1145/2002259.2002284","title":"Towards vulnerability-based intrusion detection with event processing","display_name":"Towards vulnerability-based intrusion detection with event processing","publication_year":2011,"publication_date":"2011-07-11","ids":{"openalex":"https://openalex.org/W1974715273","doi":"https://doi.org/10.1145/2002259.2002284","mag":"1974715273"},"language":"en","primary_location":{"id":"doi:10.1145/2002259.2002284","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2002259.2002284","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 5th ACM international conference on Distributed event-based system","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5026391811","display_name":"Amer Farroukh","orcid":null},"institutions":[{"id":"https://openalex.org/I185261750","display_name":"University of Toronto","ror":"https://ror.org/03dbr7087","country_code":"CA","type":"education","lineage":["https://openalex.org/I185261750"]}],"countries":["CA"],"is_corresponding":true,"raw_author_name":"Amer Farroukh","raw_affiliation_strings":["University of Toronto, Toronto, ON, Canada","University of Toronto, Toronto, On, Canada"],"affiliations":[{"raw_affiliation_string":"University of Toronto, Toronto, ON, Canada","institution_ids":["https://openalex.org/I185261750"]},{"raw_affiliation_string":"University of Toronto, Toronto, On, Canada","institution_ids":["https://openalex.org/I185261750"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5074420391","display_name":"Mohammad Sadoghi","orcid":"https://orcid.org/0000-0003-2779-6080"},"institutions":[{"id":"https://openalex.org/I185261750","display_name":"University of Toronto","ror":"https://ror.org/03dbr7087","country_code":"CA","type":"education","lineage":["https://openalex.org/I185261750"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Mohammad Sadoghi","raw_affiliation_strings":["University of Toronto, Toronto, ON, Canada","University of Toronto, Toronto, On, Canada"],"affiliations":[{"raw_affiliation_string":"University of Toronto, Toronto, ON, Canada","institution_ids":["https://openalex.org/I185261750"]},{"raw_affiliation_string":"University of Toronto, Toronto, On, Canada","institution_ids":["https://openalex.org/I185261750"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5072791865","display_name":"Hans\u2010Arno Jacobsen","orcid":"https://orcid.org/0000-0003-0813-0101"},"institutions":[{"id":"https://openalex.org/I185261750","display_name":"University of Toronto","ror":"https://ror.org/03dbr7087","country_code":"CA","type":"education","lineage":["https://openalex.org/I185261750"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Hans-Arno Jacobsen","raw_affiliation_strings":["University of Toronto, Toronto, ON, Canada","University of Toronto, Toronto, On, Canada"],"affiliations":[{"raw_affiliation_string":"University of Toronto, Toronto, ON, Canada","institution_ids":["https://openalex.org/I185261750"]},{"raw_affiliation_string":"University of Toronto, Toronto, On, Canada","institution_ids":["https://openalex.org/I185261750"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5026391811"],"corresponding_institution_ids":["https://openalex.org/I185261750"],"apc_list":null,"apc_paid":null,"fwci":4.3851,"has_fulltext":false,"cited_by_count":17,"citation_normalized_percentile":{"value":0.94226013,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"171","last_page":"182"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12326","display_name":"Network Packet Processing and Optimization","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9990000128746033,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8407226800918579},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.719946026802063},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.6617762446403503},{"id":"https://openalex.org/keywords/complex-event-processing","display_name":"Complex event processing","score":0.6023446321487427},{"id":"https://openalex.org/keywords/event","display_name":"Event (particle physics)","score":0.5312827825546265},{"id":"https://openalex.org/keywords/overhead","display_name":"Overhead (engineering)","score":0.5142573714256287},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.4748026430606842},{"id":"https://openalex.org/keywords/pattern-matching","display_name":"Pattern matching","score":0.4663395583629608},{"id":"https://openalex.org/keywords/protocol","display_name":"Protocol (science)","score":0.4416852593421936},{"id":"https://openalex.org/keywords/distributed-computing","display_name":"Distributed computing","score":0.42938753962516785},{"id":"https://openalex.org/keywords/footprint","display_name":"Footprint","score":0.41605016589164734},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.40732696652412415},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.16684672236442566},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.10238125920295715}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8407226800918579},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.719946026802063},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.6617762446403503},{"id":"https://openalex.org/C123606473","wikidata":"https://www.wikidata.org/wiki/Q907918","display_name":"Complex event processing","level":3,"score":0.6023446321487427},{"id":"https://openalex.org/C2779662365","wikidata":"https://www.wikidata.org/wiki/Q5416694","display_name":"Event (particle physics)","level":2,"score":0.5312827825546265},{"id":"https://openalex.org/C2779960059","wikidata":"https://www.wikidata.org/wiki/Q7113681","display_name":"Overhead (engineering)","level":2,"score":0.5142573714256287},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.4748026430606842},{"id":"https://openalex.org/C68859911","wikidata":"https://www.wikidata.org/wiki/Q1503724","display_name":"Pattern matching","level":2,"score":0.4663395583629608},{"id":"https://openalex.org/C2780385302","wikidata":"https://www.wikidata.org/wiki/Q367158","display_name":"Protocol (science)","level":3,"score":0.4416852593421936},{"id":"https://openalex.org/C120314980","wikidata":"https://www.wikidata.org/wiki/Q180634","display_name":"Distributed computing","level":1,"score":0.42938753962516785},{"id":"https://openalex.org/C132943942","wikidata":"https://www.wikidata.org/wiki/Q2562511","display_name":"Footprint","level":2,"score":0.41605016589164734},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.40732696652412415},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.16684672236442566},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.10238125920295715},{"id":"https://openalex.org/C204787440","wikidata":"https://www.wikidata.org/wiki/Q188504","display_name":"Alternative medicine","level":2,"score":0.0},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0},{"id":"https://openalex.org/C142724271","wikidata":"https://www.wikidata.org/wiki/Q7208","display_name":"Pathology","level":1,"score":0.0},{"id":"https://openalex.org/C62520636","wikidata":"https://www.wikidata.org/wiki/Q944","display_name":"Quantum mechanics","level":1,"score":0.0},{"id":"https://openalex.org/C151730666","wikidata":"https://www.wikidata.org/wiki/Q7205","display_name":"Paleontology","level":1,"score":0.0},{"id":"https://openalex.org/C71924100","wikidata":"https://www.wikidata.org/wiki/Q11190","display_name":"Medicine","level":0,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/2002259.2002284","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2002259.2002284","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 5th ACM international conference on Distributed event-based system","raw_type":"proceedings-article"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.361.4699","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.361.4699","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://msrg.org/publications/pdf_files/2011/moIDSDEBS11-Towards_Vulnerability-Based_Intru.pdf","raw_type":"text"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/9","score":0.5899999737739563,"display_name":"Industry, innovation and infrastructure"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":29,"referenced_works":["https://openalex.org/W124244495","https://openalex.org/W1503601067","https://openalex.org/W1516506771","https://openalex.org/W1563402047","https://openalex.org/W1674877186","https://openalex.org/W1777160738","https://openalex.org/W1793399427","https://openalex.org/W1968925642","https://openalex.org/W1971210812","https://openalex.org/W1971405342","https://openalex.org/W1973416607","https://openalex.org/W1985108724","https://openalex.org/W1985987493","https://openalex.org/W2006508099","https://openalex.org/W2017988065","https://openalex.org/W2020493833","https://openalex.org/W2054311069","https://openalex.org/W2062482216","https://openalex.org/W2067580069","https://openalex.org/W2067642869","https://openalex.org/W2077137143","https://openalex.org/W2099964107","https://openalex.org/W2100583963","https://openalex.org/W2116502002","https://openalex.org/W2128263201","https://openalex.org/W2144261930","https://openalex.org/W2144801155","https://openalex.org/W2163762767","https://openalex.org/W4391242466"],"related_works":["https://openalex.org/W2028024605","https://openalex.org/W2360347973","https://openalex.org/W2375382787","https://openalex.org/W2391167130","https://openalex.org/W2092071486","https://openalex.org/W4283067488","https://openalex.org/W2253962881","https://openalex.org/W2131630752","https://openalex.org/W2171447151","https://openalex.org/W2075117337"],"abstract_inverted_index":{"Computer":[0],"systems":[1,23],"continue":[2],"to":[3,12,35,53,64,109,120,151],"be":[4],"breached":[5],"despite":[6],"substantial":[7],"investments":[8],"in":[9,71,99],"defense":[10],"mechanisms":[11],"stop":[13],"attacks":[14,61,123,152],"from":[15],"propagating.":[16],"The":[17],"accuracy":[18],"of":[19,31,60,69,79,102,156],"current":[20],"intrusion":[21],"detection":[22],"(IDSes)":[24],"is":[25,62,172],"hindered":[26],"by":[27],"the":[28,37,55,76,100,103,118,126,157],"limited":[29],"capability":[30],"regular":[32],"expressions":[33],"(REs)":[34],"express":[36],"exact":[38],"vulnerability.":[39,56],"Recent":[40],"advances":[41],"have":[42],"proposed":[43],"vulnerability-based":[44],"IDSes":[45,81],"that":[46,66,86,146],"parse":[47],"traffic":[48,170],"and":[49,105,171],"retrieve":[50],"protocol":[51,133],"semantics":[52],"describe":[54],"Such":[57],"a":[58,139],"description":[59],"analogous":[63],"subscriptions":[65],"specify":[67],"events":[68],"interest":[70],"event":[72,97],"processing":[73,98,168],"systems.":[74,176],"However,":[75],"matching":[77,84],"engine":[78],"state-of-the-art":[80],"lacks":[82],"efficient":[83],"algorithms":[85,108,148],"can":[87],"process":[88],"many":[89],"signatures":[90],"simultaneously.":[91],"In":[92],"this":[93],"work,":[94],"we":[95,115,144],"place":[96],"core":[101],"IDS":[104,158],"propose":[106],"novel":[107],"efficiently":[110],"match":[111],"vulnerability":[112],"signatures.":[113],"Also,":[114],"are":[116,149],"among":[117],"first":[119],"detect":[121],"complex":[122],"such":[124],"as":[125],"Conficker":[127],"worm":[128],"which":[129],"requires":[130],"correlating":[131],"multiple":[132],"data":[134],"units":[135],"(MPDUs)":[136],"while":[137],"maintaining":[138],"small":[140],"memory":[141],"footprint.":[142],"Finally,":[143],"show":[145],"our":[147],"resilient":[150],"through":[153],"extensive":[154],"testing":[155],"under":[159],"different":[160],"workloads.":[161],"Our":[162],"approach":[163],"incurs":[164],"negligible":[165],"overhead":[166],"when":[167],"clean":[169],"faster":[173],"than":[174],"existing":[175]},"counts_by_year":[{"year":2019,"cited_by_count":1},{"year":2018,"cited_by_count":3},{"year":2017,"cited_by_count":1},{"year":2014,"cited_by_count":4},{"year":2013,"cited_by_count":3},{"year":2012,"cited_by_count":2}],"updated_date":"2026-04-05T17:49:38.594831","created_date":"2025-10-10T00:00:00"}