{"id":"https://openalex.org/W7116649954","doi":"https://doi.org/10.23919/cnsm67658.2025.11297559","title":"Rethinking NIDS Rule-Based Pre-Filtering","display_name":"Rethinking NIDS Rule-Based Pre-Filtering","publication_year":2025,"publication_date":"2025-10-27","ids":{"openalex":"https://openalex.org/W7116649954","doi":"https://doi.org/10.23919/cnsm67658.2025.11297559"},"language":"en","primary_location":{"id":"doi:10.23919/cnsm67658.2025.11297559","is_oa":false,"landing_page_url":"https://doi.org/10.23919/cnsm67658.2025.11297559","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 21st International Conference on Network and Service Management (CNSM)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5121004278","display_name":"Henrique B. Brum","orcid":null},"institutions":[{"id":"https://openalex.org/I193223587","display_name":"University of Trento","ror":"https://ror.org/05trd4x28","country_code":"IT","type":"education","lineage":["https://openalex.org/I193223587"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Henrique B. Brum","raw_affiliation_strings":["University of Trento"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Trento","institution_ids":["https://openalex.org/I193223587"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5121014101","display_name":"Luis A. D. Knob","orcid":null},"institutions":[{"id":"https://openalex.org/I2277624104","display_name":"Fondazione Bruno Kessler","ror":"https://ror.org/01j33xk10","country_code":"IT","type":"facility","lineage":["https://openalex.org/I2277624104"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Luis A. D. Knob","raw_affiliation_strings":["Fondazione Bruno Kessler"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Fondazione Bruno Kessler","institution_ids":["https://openalex.org/I2277624104"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5009859711","display_name":"Tiago Ferreto","orcid":"https://orcid.org/0000-0001-8485-529X"},"institutions":[{"id":"https://openalex.org/I45643870","display_name":"Pontif\u00edcia Universidade Cat\u00f3lica do Rio Grande do Sul","ror":"https://ror.org/025vmq686","country_code":"BR","type":"education","lineage":["https://openalex.org/I45643870"]}],"countries":["BR"],"is_corresponding":false,"raw_author_name":"Tiago Ferreto","raw_affiliation_strings":["Pontifical Catholic University of Rio Grande do Sul"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Pontifical Catholic University of Rio Grande do Sul","institution_ids":["https://openalex.org/I45643870"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5044055480","display_name":"Domenico Siracusa","orcid":"https://orcid.org/0000-0002-5640-6507"},"institutions":[{"id":"https://openalex.org/I193223587","display_name":"University of Trento","ror":"https://ror.org/05trd4x28","country_code":"IT","type":"education","lineage":["https://openalex.org/I193223587"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Domenico Siracusa","raw_affiliation_strings":["University of Trento"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Trento","institution_ids":["https://openalex.org/I193223587"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":4,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.59492128,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"5"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12326","display_name":"Network Packet Processing and Optimization","score":0.5149999856948853,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12326","display_name":"Network Packet Processing and Optimization","score":0.5149999856948853,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.36169999837875366,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.03550000116229057,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/network-packet","display_name":"Network packet","score":0.7710999846458435},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.7213000059127808},{"id":"https://openalex.org/keywords/matching","display_name":"Matching (statistics)","score":0.4794999957084656},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.45320001244544983},{"id":"https://openalex.org/keywords/network-security","display_name":"Network security","score":0.4083000123500824},{"id":"https://openalex.org/keywords/flow-network","display_name":"Flow network","score":0.4009999930858612},{"id":"https://openalex.org/keywords/traffic-analysis","display_name":"Traffic analysis","score":0.38359999656677246},{"id":"https://openalex.org/keywords/deep-packet-inspection","display_name":"Deep packet inspection","score":0.3824999928474426}],"concepts":[{"id":"https://openalex.org/C158379750","wikidata":"https://www.wikidata.org/wiki/Q214111","display_name":"Network packet","level":2,"score":0.7710999846458435},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.7213000059127808},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6656000018119812},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.5989000201225281},{"id":"https://openalex.org/C165064840","wikidata":"https://www.wikidata.org/wiki/Q1321061","display_name":"Matching (statistics)","level":2,"score":0.4794999957084656},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4742000102996826},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.45320001244544983},{"id":"https://openalex.org/C182590292","wikidata":"https://www.wikidata.org/wiki/Q989632","display_name":"Network security","level":2,"score":0.4083000123500824},{"id":"https://openalex.org/C79403827","wikidata":"https://www.wikidata.org/wiki/Q3988","display_name":"Real-time computing","level":1,"score":0.40529999136924744},{"id":"https://openalex.org/C114809511","wikidata":"https://www.wikidata.org/wiki/Q1412924","display_name":"Flow network","level":2,"score":0.4009999930858612},{"id":"https://openalex.org/C2781317605","wikidata":"https://www.wikidata.org/wiki/Q7832483","display_name":"Traffic analysis","level":2,"score":0.38359999656677246},{"id":"https://openalex.org/C204679922","wikidata":"https://www.wikidata.org/wiki/Q734252","display_name":"Deep packet inspection","level":3,"score":0.3824999928474426},{"id":"https://openalex.org/C137524506","wikidata":"https://www.wikidata.org/wiki/Q2247688","display_name":"Anomaly-based intrusion detection system","level":3,"score":0.3544999957084656},{"id":"https://openalex.org/C38822068","wikidata":"https://www.wikidata.org/wiki/Q131406","display_name":"Denial-of-service attack","level":3,"score":0.29600000381469727},{"id":"https://openalex.org/C2776973144","wikidata":"https://www.wikidata.org/wiki/Q6880649","display_name":"Misuse detection","level":4,"score":0.29350000619888306},{"id":"https://openalex.org/C18762648","wikidata":"https://www.wikidata.org/wiki/Q42213","display_name":"Work (physics)","level":2,"score":0.2897000014781952},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.2881999909877777},{"id":"https://openalex.org/C22735295","wikidata":"https://www.wikidata.org/wiki/Q317671","display_name":"Botnet","level":3,"score":0.28790000081062317},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.27869999408721924},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.2678000032901764},{"id":"https://openalex.org/C38349280","wikidata":"https://www.wikidata.org/wiki/Q1434290","display_name":"Flow (mathematics)","level":2,"score":0.26420000195503235},{"id":"https://openalex.org/C157764524","wikidata":"https://www.wikidata.org/wiki/Q1383412","display_name":"Throughput","level":3,"score":0.26030001044273376}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.23919/cnsm67658.2025.11297559","is_oa":false,"landing_page_url":"https://doi.org/10.23919/cnsm67658.2025.11297559","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 21st International Conference on Network and Service Management (CNSM)","raw_type":"proceedings-article"},{"id":"pmh:oai:iris.unitn.it:11572/473673","is_oa":false,"landing_page_url":"https://hdl.handle.net/11572/473673","pdf_url":null,"source":{"id":"https://openalex.org/S4377196320","display_name":"Iris (University of Trento)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I193223587","host_organization_name":"University of Trento","host_organization_lineage":["https://openalex.org/I193223587"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"info:eu-repo/semantics/conferenceObject"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16","score":0.6271045207977295}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Surging":[0],"network":[1],"traffic":[2,132],"is":[3],"pushing":[4],"signature-based":[5],"Network":[6],"Intrusion":[7],"Detection":[8],"Systems":[9],"(NIDSs)":[10],"to":[11,17,38,56,112,136],"their":[12],"limits,":[13],"as":[14],"they":[15,85],"struggle":[16],"inspect":[18],"every":[19],"incoming":[20],"packet.":[21],"The":[22],"high":[23],"computational":[24],"cost":[25,49],"of":[26,67,164],"analyzing":[27],"each":[28],"packet":[29],"and":[30,41,115],"matching":[31],"it":[32],"against":[33],"large":[34],"rulesets":[35],"can":[36,46],"lead":[37],"system":[39],"saturation":[40],"missed":[42],"attacks.":[43],"Rule-based":[44],"pre-filtering":[45,68,93,128],"reduce":[47],"this":[48],"by":[50],"forwarding":[51,159],"only":[52,134],"potentially":[53],"malicious":[54,110],"packets":[55,87,111,166],"the":[57,65,70,92,96,105,109,137,143,156,173],"NIDS.":[58],"However,":[59],"existing":[60],"work":[61],"has":[62],"largely":[63],"overlooked":[64],"impact":[66],"on":[69,142],"NIDS\u2019s":[71],"attack":[72,82,174],"detection":[73,83,175],"performance.":[74],"Our":[75],"analysis":[76],"shows":[77],"that":[78,88,98,130,153],"current":[79],"methods":[80],"disrupt":[81],"because":[84],"discard":[86],"do":[89],"not":[90,133],"match":[91],"rules,":[94],"ignoring":[95],"fact":[97],"NIDSs":[99],"require":[100],"additional":[101],"flow":[102,145],"information":[103],"(e.g.,":[104],"TCP":[106],"handshake)":[107],"beyond":[108],"process":[113],"flows":[114],"detect":[116],"attacks":[117],"properly.":[118],"To":[119],"address":[120],"this,":[121],"we":[122],"propose":[123],"erBF,":[124],"a":[125],"new":[126],"rule-based":[127],"approach":[129],"pre-filters":[131],"according":[135],"rules":[138],"but":[139],"also":[140],"based":[141],"NIDSs\u2019":[144],"processing":[146],"requirements.":[147],"Experimental":[148],"results":[149],"with":[150],"Snort":[151],"demonstrate":[152],"eRBF":[154],"achieves":[155],"desired":[157],"balance,":[158],"less":[160],"than":[161],"$22":[162],"\\%$":[163],"all":[165],"across":[167],"two":[168],"well-known":[169],"datasets":[170],"while":[171],"maintaining":[172],"above":[176],"$95":[177],"\\%$.":[178]},"counts_by_year":[],"updated_date":"2026-06-20T22:02:38.213706","created_date":"2025-12-22T00:00:00"}