{"id":"https://openalex.org/W2736633391","doi":"https://doi.org/10.23919/inm.2017.7987293","title":"Learning behavioral fingerprints from Netflows using Timed Automata","display_name":"Learning behavioral fingerprints from Netflows using Timed Automata","publication_year":2017,"publication_date":"2017-05-01","ids":{"openalex":"https://openalex.org/W2736633391","doi":"https://doi.org/10.23919/inm.2017.7987293","mag":"2736633391"},"language":"en","primary_location":{"id":"doi:10.23919/inm.2017.7987293","is_oa":false,"landing_page_url":"https://doi.org/10.23919/inm.2017.7987293","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2017 IFIP/IEEE Symposium on Integrated Network and Service Management (IM)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5008726473","display_name":"Gaetano Pellegrino","orcid":null},"institutions":[{"id":"https://openalex.org/I98358874","display_name":"Delft University of Technology","ror":"https://ror.org/02e2c7k09","country_code":"NL","type":"education","lineage":["https://openalex.org/I98358874"]}],"countries":["NL"],"is_corresponding":true,"raw_author_name":"Gaetano Pellegrino","raw_affiliation_strings":["Delft University of Technology, Delft, the Netherlands"],"affiliations":[{"raw_affiliation_string":"Delft University of Technology, Delft, the Netherlands","institution_ids":["https://openalex.org/I98358874"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5103249328","display_name":"Qin Lin","orcid":"https://orcid.org/0000-0002-5703-9112"},"institutions":[{"id":"https://openalex.org/I98358874","display_name":"Delft University of Technology","ror":"https://ror.org/02e2c7k09","country_code":"NL","type":"education","lineage":["https://openalex.org/I98358874"]}],"countries":["NL"],"is_corresponding":false,"raw_author_name":"Qin Lin","raw_affiliation_strings":["Delft University of Technology, Delft, the Netherlands"],"affiliations":[{"raw_affiliation_string":"Delft University of Technology, Delft, the Netherlands","institution_ids":["https://openalex.org/I98358874"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5004384801","display_name":"Christian Hammerschmidt","orcid":"https://orcid.org/0000-0003-2460-1997"},"institutions":[{"id":"https://openalex.org/I186903577","display_name":"University of Luxembourg","ror":"https://ror.org/036x5ad56","country_code":"LU","type":"education","lineage":["https://openalex.org/I186903577"]}],"countries":["LU"],"is_corresponding":false,"raw_author_name":"Christian Hammerschmidt","raw_affiliation_strings":["University of Luxembourg, Luxembourg"],"affiliations":[{"raw_affiliation_string":"University of Luxembourg, Luxembourg","institution_ids":["https://openalex.org/I186903577"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5062870071","display_name":"Sicco Verwer","orcid":"https://orcid.org/0000-0002-3682-0962"},"institutions":[{"id":"https://openalex.org/I98358874","display_name":"Delft University of Technology","ror":"https://ror.org/02e2c7k09","country_code":"NL","type":"education","lineage":["https://openalex.org/I98358874"]}],"countries":["NL"],"is_corresponding":false,"raw_author_name":"Sicco Verwer","raw_affiliation_strings":["Delft University of Technology, Delft, the Netherlands"],"affiliations":[{"raw_affiliation_string":"Delft University of Technology, Delft, the Netherlands","institution_ids":["https://openalex.org/I98358874"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5008726473"],"corresponding_institution_ids":["https://openalex.org/I98358874"],"apc_list":null,"apc_paid":null,"fwci":1.6576,"has_fulltext":false,"cited_by_count":12,"citation_normalized_percentile":{"value":0.86222673,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":98},"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9983999729156494,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8272204399108887},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.74662184715271},{"id":"https://openalex.org/keywords/botnet","display_name":"Botnet","score":0.7400420904159546},{"id":"https://openalex.org/keywords/netflow","display_name":"NetFlow","score":0.6297074556350708},{"id":"https://openalex.org/keywords/automaton","display_name":"Automaton","score":0.5885390639305115},{"id":"https://openalex.org/keywords/false-positive-paradox","display_name":"False positive paradox","score":0.4897890090942383},{"id":"https://openalex.org/keywords/network-packet","display_name":"Network packet","score":0.4598430395126343},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.4347279667854309},{"id":"https://openalex.org/keywords/learning-automata","display_name":"Learning automata","score":0.4201093018054962},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.36045607924461365},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.2390345335006714},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.15954166650772095},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.12850022315979004}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8272204399108887},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.74662184715271},{"id":"https://openalex.org/C22735295","wikidata":"https://www.wikidata.org/wiki/Q317671","display_name":"Botnet","level":3,"score":0.7400420904159546},{"id":"https://openalex.org/C188067584","wikidata":"https://www.wikidata.org/wiki/Q219363","display_name":"NetFlow","level":2,"score":0.6297074556350708},{"id":"https://openalex.org/C112505250","wikidata":"https://www.wikidata.org/wiki/Q787116","display_name":"Automaton","level":2,"score":0.5885390639305115},{"id":"https://openalex.org/C64869954","wikidata":"https://www.wikidata.org/wiki/Q1859747","display_name":"False positive paradox","level":2,"score":0.4897890090942383},{"id":"https://openalex.org/C158379750","wikidata":"https://www.wikidata.org/wiki/Q214111","display_name":"Network packet","level":2,"score":0.4598430395126343},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.4347279667854309},{"id":"https://openalex.org/C2776807809","wikidata":"https://www.wikidata.org/wiki/Q6510160","display_name":"Learning automata","level":3,"score":0.4201093018054962},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.36045607924461365},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.2390345335006714},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.15954166650772095},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.12850022315979004}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.23919/inm.2017.7987293","is_oa":false,"landing_page_url":"https://doi.org/10.23919/inm.2017.7987293","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2017 IFIP/IEEE Symposium on Integrated Network and Service Management (IM)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.6200000047683716,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[{"id":"https://openalex.org/F4320334893","display_name":"Stichting voor de Technische Wetenschappen","ror":"https://ror.org/057tq3593"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":46,"referenced_works":["https://openalex.org/W38765094","https://openalex.org/W162658008","https://openalex.org/W239671278","https://openalex.org/W1462349742","https://openalex.org/W1514415860","https://openalex.org/W1523767002","https://openalex.org/W1559171143","https://openalex.org/W1581009051","https://openalex.org/W1775772884","https://openalex.org/W1909494783","https://openalex.org/W1976866799","https://openalex.org/W1992904312","https://openalex.org/W2003967425","https://openalex.org/W2004865374","https://openalex.org/W2004929506","https://openalex.org/W2017603160","https://openalex.org/W2018706164","https://openalex.org/W2019669975","https://openalex.org/W2066220442","https://openalex.org/W2076343783","https://openalex.org/W2077488147","https://openalex.org/W2097865740","https://openalex.org/W2112684840","https://openalex.org/W2114996745","https://openalex.org/W2115175195","https://openalex.org/W2115675703","https://openalex.org/W2121972959","https://openalex.org/W2131131861","https://openalex.org/W2138471478","https://openalex.org/W2145027384","https://openalex.org/W2145802904","https://openalex.org/W2154874878","https://openalex.org/W2156453323","https://openalex.org/W2164253698","https://openalex.org/W2243581474","https://openalex.org/W2252366552","https://openalex.org/W2404624386","https://openalex.org/W4241372395","https://openalex.org/W6606615344","https://openalex.org/W6628628164","https://openalex.org/W6633451914","https://openalex.org/W6638021444","https://openalex.org/W6674868794","https://openalex.org/W6677522032","https://openalex.org/W6681664229","https://openalex.org/W6713496300"],"related_works":["https://openalex.org/W2929621094","https://openalex.org/W1996006176","https://openalex.org/W4285325964","https://openalex.org/W2184748140","https://openalex.org/W2110675786","https://openalex.org/W1975357770","https://openalex.org/W2052466667","https://openalex.org/W3120717340","https://openalex.org/W2567044960","https://openalex.org/W1679070068"],"abstract_inverted_index":{"We":[0,47],"present":[1],"a":[2,66,78,96],"novel":[3],"way":[4],"to":[5,38,77,90,115],"detect":[6],"infected":[7],"hosts":[8],"and":[9,35,88,92,94],"identify":[10],"malware":[11],"in":[12,31,108,126],"networks":[13],"by":[14],"analyzing":[15],"network":[16],"communication":[17,83],"statistics":[18],"with":[19],"state-of-the-art":[20],"automata":[21,25],"learning":[22],"algorithms.":[23],"The":[24],"encode":[26],"patterns":[27],"of":[28,44,51,72,82,99,106,138,141],"short-term":[29],"interactions":[30],"known":[32],"malicious":[33],"hosts,":[34],"are":[36,86],"used":[37],"obtain":[39],"small":[40],"but":[41],"effective":[42],"fingerprints":[43],"machine":[45],"behavior.":[46],"showcase":[48],"the":[49,103],"effectiveness":[50],"our":[52],"system,":[53],"named":[54],"BASTA":[55,118],"<sup":[56],"xmlns:mml=\"http://www.w3.org/1998/Math/MathML\"":[57],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">1</sup>":[58],"(Behavioral":[59],"Analytics":[60],"System":[61],"using":[62],"Timed":[63],"Automata),":[64],"on":[65],"public":[67],"dataset":[68],"containing":[69],"Netflow":[70,109],"traces":[71],"real-world":[73],"botnet":[74],"malware.":[75,144],"Compared":[76],"deep":[79],"packet":[80],"inspection":[81],"content,":[84],"Netflows":[85],"easy":[87],"cheap":[89],"collect":[91],"analyze,":[93],"preserve":[95],"greater":[97],"degree":[98],"privacy.":[100],"Even":[101],"though":[102],"high":[104,124],"level":[105],"abstraction":[107],"data":[110],"makes":[111],"it":[112],"more":[113],"difficult":[114],"utilize":[116],"it,":[117],"shows":[119],"very":[120],"impressive":[121],"results":[122],"achieving":[123],"accuracy":[125],"several":[127],"settings":[128],"while":[129],"returning":[130],"few":[131],"false":[132],"positives.":[133],"It":[134],"is":[135],"also":[136],"capable":[137],"detecting":[139],"infections":[140],"previously":[142],"unseen":[143]},"counts_by_year":[{"year":2024,"cited_by_count":1},{"year":2022,"cited_by_count":1},{"year":2021,"cited_by_count":2},{"year":2020,"cited_by_count":5},{"year":2018,"cited_by_count":1},{"year":2017,"cited_by_count":2}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}