{"id":"https://openalex.org/W2124055781","doi":"https://doi.org/10.1186/1687-417x-2013-7","title":"A quality metric for IDS signatures: in the wild the size matters","display_name":"A quality metric for IDS signatures: in the wild the size matters","publication_year":2013,"publication_date":"2013-12-01","ids":{"openalex":"https://openalex.org/W2124055781","doi":"https://doi.org/10.1186/1687-417x-2013-7","mag":"2124055781"},"language":"en","primary_location":{"id":"doi:10.1186/1687-417x-2013-7","is_oa":true,"landing_page_url":"https://doi.org/10.1186/1687-417x-2013-7","pdf_url":"https://jis-eurasipjournals.springeropen.com/track/pdf/10.1186/1687-417X-2013-7","source":{"id":"https://openalex.org/S5820498","display_name":"EURASIP Journal on Information Security","issn_l":"1687-4161","issn":["1687-4161","1687-417X"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319965","host_organization_name":"Springer Nature","host_organization_lineage":["https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"EURASIP Journal on Information Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","datacite"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://jis-eurasipjournals.springeropen.com/track/pdf/10.1186/1687-417X-2013-7","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5043655606","display_name":"Elias Raftopoulos","orcid":null},"institutions":[{"id":"https://openalex.org/I35440088","display_name":"ETH Zurich","ror":"https://ror.org/05a28rw58","country_code":"CH","type":"education","lineage":["https://openalex.org/I2799323385","https://openalex.org/I35440088"]}],"countries":["CH"],"is_corresponding":false,"raw_author_name":"Elias Raftopoulos","raw_affiliation_strings":["Communication Systems Group, Computer Engineering and Networks Laboratory, ETH Zurich, R\u00e4mistrasse 101, Zurich, 8092, Switzerland","[Communication Systems Group, Computer Engineering and Networks Laboratory, ETH Zurich, Zurich, Switzerland]"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Communication Systems Group, Computer Engineering and Networks Laboratory, ETH Zurich, R\u00e4mistrasse 101, Zurich, 8092, Switzerland","institution_ids":["https://openalex.org/I35440088"]},{"raw_affiliation_string":"[Communication Systems Group, Computer Engineering and Networks Laboratory, ETH Zurich, Zurich, Switzerland]","institution_ids":["https://openalex.org/I35440088"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5080514654","display_name":"Xenofontas Dimitropoulos","orcid":"https://orcid.org/0000-0003-2600-7633"},"institutions":[{"id":"https://openalex.org/I35440088","display_name":"ETH Zurich","ror":"https://ror.org/05a28rw58","country_code":"CH","type":"education","lineage":["https://openalex.org/I2799323385","https://openalex.org/I35440088"]}],"countries":["CH"],"is_corresponding":false,"raw_author_name":"Xenofontas Dimitropoulos","raw_affiliation_strings":["Communication Systems Group, Computer Engineering and Networks Laboratory, ETH Zurich, R\u00e4mistrasse 101, Zurich, 8092, Switzerland","[Communication Systems Group, Computer Engineering and Networks Laboratory, ETH Zurich, Zurich, Switzerland]"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Communication Systems Group, Computer Engineering and Networks Laboratory, ETH Zurich, R\u00e4mistrasse 101, Zurich, 8092, Switzerland","institution_ids":["https://openalex.org/I35440088"]},{"raw_affiliation_string":"[Communication Systems Group, Computer Engineering and Networks Laboratory, ETH Zurich, Zurich, Switzerland]","institution_ids":["https://openalex.org/I35440088"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":{"value":840,"currency":"EUR","value_usd":1040},"apc_paid":{"value":432,"currency":"EUR","value_usd":465},"fwci":0.3221,"has_fulltext":true,"cited_by_count":7,"citation_normalized_percentile":{"value":0.60814088,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":96},"biblio":{"volume":"2013","issue":"1","first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9984999895095825,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8557056188583374},{"id":"https://openalex.org/keywords/metric","display_name":"Metric (unit)","score":0.6802968978881836},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.6739733815193176},{"id":"https://openalex.org/keywords/false-positive-paradox","display_name":"False positive paradox","score":0.6113457083702087},{"id":"https://openalex.org/keywords/signature","display_name":"Signature (topology)","score":0.6027162075042725},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.5545825958251953},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.543059229850769},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.5267003178596497},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.47528210282325745},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.44769537448883057},{"id":"https://openalex.org/keywords/network-security","display_name":"Network security","score":0.43858206272125244},{"id":"https://openalex.org/keywords/quality","display_name":"Quality (philosophy)","score":0.43379032611846924},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.11773121356964111}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8557056188583374},{"id":"https://openalex.org/C176217482","wikidata":"https://www.wikidata.org/wiki/Q860554","display_name":"Metric (unit)","level":2,"score":0.6802968978881836},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.6739733815193176},{"id":"https://openalex.org/C64869954","wikidata":"https://www.wikidata.org/wiki/Q1859747","display_name":"False positive paradox","level":2,"score":0.6113457083702087},{"id":"https://openalex.org/C2779696439","wikidata":"https://www.wikidata.org/wiki/Q7512811","display_name":"Signature (topology)","level":2,"score":0.6027162075042725},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.5545825958251953},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.543059229850769},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.5267003178596497},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.47528210282325745},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.44769537448883057},{"id":"https://openalex.org/C182590292","wikidata":"https://www.wikidata.org/wiki/Q989632","display_name":"Network security","level":2,"score":0.43858206272125244},{"id":"https://openalex.org/C2779530757","wikidata":"https://www.wikidata.org/wiki/Q1207505","display_name":"Quality (philosophy)","level":2,"score":0.43379032611846924},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.11773121356964111},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0},{"id":"https://openalex.org/C111472728","wikidata":"https://www.wikidata.org/wiki/Q9471","display_name":"Epistemology","level":1,"score":0.0},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C2524010","wikidata":"https://www.wikidata.org/wiki/Q8087","display_name":"Geometry","level":1,"score":0.0},{"id":"https://openalex.org/C162324750","wikidata":"https://www.wikidata.org/wiki/Q8134","display_name":"Economics","level":0,"score":0.0},{"id":"https://openalex.org/C21547014","wikidata":"https://www.wikidata.org/wiki/Q1423657","display_name":"Operations management","level":1,"score":0.0}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1186/1687-417x-2013-7","is_oa":true,"landing_page_url":"https://doi.org/10.1186/1687-417x-2013-7","pdf_url":"https://jis-eurasipjournals.springeropen.com/track/pdf/10.1186/1687-417X-2013-7","source":{"id":"https://openalex.org/S5820498","display_name":"EURASIP Journal on Information Security","issn_l":"1687-4161","issn":["1687-4161","1687-417X"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319965","host_organization_name":"Springer Nature","host_organization_lineage":["https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"EURASIP Journal on Information Security","raw_type":"journal-article"},{"id":"pmh:oai:www.research-collection.ethz.ch:20.500.11850/76009","is_oa":true,"landing_page_url":"http://hdl.handle.net/20.500.11850/76009","pdf_url":"http://hdl.handle.net/20.500.11850/76009","source":{"id":"https://openalex.org/S4306402302","display_name":"Repository for Publications and Research Data (ETH Zurich)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I35440088","host_organization_name":"ETH Zurich","host_organization_lineage":["https://openalex.org/I35440088"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"EURASIP Journal on Information Security, 2013","raw_type":"info:eu-repo/semantics/publishedVersion"},{"id":"doi:10.3929/ethz-b-000076009","is_oa":true,"landing_page_url":"https://doi.org/10.3929/ethz-b-000076009","pdf_url":null,"source":{"id":"https://openalex.org/S7407051236","display_name":"ETH Z\u00fcrich Research Collection","issn_l":null,"issn":[],"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article-journal"}],"best_oa_location":{"id":"doi:10.1186/1687-417x-2013-7","is_oa":true,"landing_page_url":"https://doi.org/10.1186/1687-417x-2013-7","pdf_url":"https://jis-eurasipjournals.springeropen.com/track/pdf/10.1186/1687-417X-2013-7","source":{"id":"https://openalex.org/S5820498","display_name":"EURASIP Journal on Information Security","issn_l":"1687-4161","issn":["1687-4161","1687-417X"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319965","host_organization_name":"Springer Nature","host_organization_lineage":["https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"EURASIP Journal on Information Security","raw_type":"journal-article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.7799999713897705,"display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W2124055781.pdf","grobid_xml":"https://content.openalex.org/works/W2124055781.grobid-xml"},"referenced_works_count":28,"referenced_works":["https://openalex.org/W70716443","https://openalex.org/W244636267","https://openalex.org/W1529791103","https://openalex.org/W1534020534","https://openalex.org/W1539025858","https://openalex.org/W1601646087","https://openalex.org/W1607416013","https://openalex.org/W2011505318","https://openalex.org/W2086549170","https://openalex.org/W2104209065","https://openalex.org/W2105300539","https://openalex.org/W2110656807","https://openalex.org/W2117499375","https://openalex.org/W2128666163","https://openalex.org/W2136695760","https://openalex.org/W2142481192","https://openalex.org/W2142595254","https://openalex.org/W2152247885","https://openalex.org/W2162101611","https://openalex.org/W2166336492","https://openalex.org/W2166646839","https://openalex.org/W2328297770","https://openalex.org/W2514543276","https://openalex.org/W2592974517","https://openalex.org/W2601354821","https://openalex.org/W2807748812","https://openalex.org/W4253605269","https://openalex.org/W4285719527"],"related_works":["https://openalex.org/W793625100","https://openalex.org/W2189476992","https://openalex.org/W2546192109","https://openalex.org/W2939087234","https://openalex.org/W2613327973","https://openalex.org/W4379054761","https://openalex.org/W3193776713","https://openalex.org/W578397558","https://openalex.org/W1512042544","https://openalex.org/W2124055781"],"abstract_inverted_index":{"The":[0],"manual":[1],"forensics":[2,34,221],"investigation":[3],"of":[4,17,33,40,94,139,163,180,237],"security":[5,48,65,97,118,207],"incidents":[6,49,114,182],"is":[7,188,239],"an":[8,197],"opaque":[9],"process":[10],"that":[11,103,146,202],"involves":[12],"the":[13,91,95,104,161,178,211,215,220,230],"collection":[14],"and":[15,71,75,100,123,133,166,174,218,252],"correlation":[16],"diverse":[18],"evidence.":[19],"In":[20,157],"this":[21],"work":[22],"we":[23,43,88,130,159,194],"first":[24,89],"conduct":[25],"a":[26,38,54,76,137,185],"complex":[27],"experiment":[28],"to":[29,79,209,228,256],"expand":[30],"our":[31,86,128,192,226],"understanding":[32],"analysis":[35,222,236],"processes.":[36,223],"During":[37],"period":[39],"4":[41],"weeks,":[42],"systematically":[44],"investigated":[45],"200":[46],"detected":[47],"about":[50],"compromised":[51],"hosts":[52],"within":[53],"large":[55],"operational":[56],"network.":[57],"We":[58,224],"used":[59,64],"data":[60,98],"from":[61],"four":[62,96],"commonly":[63],"sources,":[66,119],"namely":[67],"Snort":[68,142,233,245],"alerts,":[69,217],"reconnaissance":[70],"vulnerability":[72,124],"scanners,":[73],"blacklists,":[74,121],"search":[77,105],"engine,":[78],"manually":[80],"investigate":[81],"these":[82],"incidents.":[83],"Based":[84,126,190],"on":[85,127,191],"experiment,":[87,193],"evaluate":[90,210],"(complementary)":[92],"utility":[93],"sources":[99],"surprisingly":[101],"find":[102],"engine":[106],"provided":[107],"useful":[108,240],"evidence":[109],"for":[110,243,248,253],"diagnosing":[111],"many":[112],"more":[113,116],"than":[115],"traditional":[117],"i.e.,":[120,144,177],"reconnaissance,":[122],"reports.":[125],"validation,":[129],"then":[131],"identify":[132,167],"make":[134],"publicly":[135],"available":[136,212],"list":[138],"165":[140],"good":[141,164,186],"signatures,":[143],"signatures":[145,165,238],"were":[147],"effective":[148],"in":[149,183],"identifying":[150],"validated":[151,181],"malware":[152],"without":[153],"producing":[154],"false":[155],"positives.":[156],"addition,":[158],"analyze":[160],"characteristics":[162],"strong":[168],"correlations":[169],"between":[170],"different":[171],"signature":[172,187,199],"features":[173],"their":[175],"effectiveness,":[176],"number":[179],"which":[184],"identified.":[189],"finally":[195],"introduce":[196],"IDS":[198,259],"quality":[200],"metric":[201,227],"can":[203],"be":[204],"exploited":[205],"by":[206],"specialists":[208],"rulesets,":[213],"prioritize":[214],"generated":[216],"facilitate":[219],"apply":[225],"characterize":[229],"most":[231],"popular":[232],"rulesets.":[234],"Our":[235],"not":[241],"only":[242],"configuring":[244],"but":[246],"also":[247],"establishing":[249],"best":[250],"practices":[251],"teaching":[254],"how":[255],"write":[257],"new":[258],"signatures.":[260]},"counts_by_year":[{"year":2024,"cited_by_count":1},{"year":2022,"cited_by_count":2},{"year":2021,"cited_by_count":2},{"year":2019,"cited_by_count":1},{"year":2015,"cited_by_count":1}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}