{"id":"https://openalex.org/W2963414839","doi":"https://doi.org/10.3233/jcs-191286","title":"Using side channel TCP features for real-time detection of malware connections","display_name":"Using side channel TCP features for real-time detection of malware connections","publication_year":2019,"publication_date":"2019-07-17","ids":{"openalex":"https://openalex.org/W2963414839","doi":"https://doi.org/10.3233/jcs-191286","mag":"2963414839"},"language":"en","primary_location":{"id":"doi:10.3233/jcs-191286","is_oa":false,"landing_page_url":"https://doi.org/10.3233/jcs-191286","pdf_url":null,"source":{"id":"https://openalex.org/S106992369","display_name":"Journal of Computer Security","issn_l":"0926-227X","issn":["0926-227X","1875-8924"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310318577","host_organization_name":"IOS Press","host_organization_lineage":["https://openalex.org/P4310318577"],"host_organization_lineage_names":["IOS Press"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Computer Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5082176992","display_name":"George Stergiopoulos","orcid":"https://orcid.org/0000-0002-5336-6765"},"institutions":[{"id":"https://openalex.org/I73142707","display_name":"Athens University of Economics and Business","ror":"https://ror.org/03s262162","country_code":"GR","type":"education","lineage":["https://openalex.org/I73142707"]}],"countries":["GR"],"is_corresponding":false,"raw_author_name":"George Stergiopoulos","raw_affiliation_strings":["Information Security and Critical Infrastructure Protection (INFOSEC) Laboratory, Department of Informatics, Athens University of Economics and Business, Athens, Greece. E-mails:\u00a0,\u00a0,\u00a0,\u00a0,\u00a0","Information Security and Critical Infrastructure Protection (INFOSEC) Laboratory, Department of Informatics, Athens University of Economics and Business, Athens, Greece. E-mails:\u00a0geostergiop@aueb.gr,\u00a0chronopoulou.georgia@gmail.com,\u00a0vaggelisbtks@gmail.com,\u00a0ntsalis@aueb.gr,\u00a0dgrit@aueb.gr"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Information Security and Critical Infrastructure Protection (INFOSEC) Laboratory, Department of Informatics, Athens University of Economics and Business, Athens, Greece. E-mails:\u00a0,\u00a0,\u00a0,\u00a0,\u00a0","institution_ids":["https://openalex.org/I73142707"]},{"raw_affiliation_string":"Information Security and Critical Infrastructure Protection (INFOSEC) Laboratory, Department of Informatics, Athens University of Economics and Business, Athens, Greece. E-mails:\u00a0geostergiop@aueb.gr,\u00a0chronopoulou.georgia@gmail.com,\u00a0vaggelisbtks@gmail.com,\u00a0ntsalis@aueb.gr,\u00a0dgrit@aueb.gr","institution_ids":["https://openalex.org/I73142707"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5034462099","display_name":"Georgia Chronopoulou","orcid":null},"institutions":[{"id":"https://openalex.org/I73142707","display_name":"Athens University of Economics and Business","ror":"https://ror.org/03s262162","country_code":"GR","type":"education","lineage":["https://openalex.org/I73142707"]}],"countries":["GR"],"is_corresponding":false,"raw_author_name":"Georgia Chronopoulou","raw_affiliation_strings":["Information Security and Critical Infrastructure Protection (INFOSEC) Laboratory, Department of Informatics, Athens University of Economics and Business, Athens, Greece. E-mails:\u00a0,\u00a0,\u00a0,\u00a0,\u00a0","Information Security and Critical Infrastructure Protection (INFOSEC) Laboratory, Department of Informatics, Athens University of Economics and Business, Athens, Greece. E-mails:\u00a0geostergiop@aueb.gr,\u00a0chronopoulou.georgia@gmail.com,\u00a0vaggelisbtks@gmail.com,\u00a0ntsalis@aueb.gr,\u00a0dgrit@aueb.gr"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Information Security and Critical Infrastructure Protection (INFOSEC) Laboratory, Department of Informatics, Athens University of Economics and Business, Athens, Greece. E-mails:\u00a0,\u00a0,\u00a0,\u00a0,\u00a0","institution_ids":["https://openalex.org/I73142707"]},{"raw_affiliation_string":"Information Security and Critical Infrastructure Protection (INFOSEC) Laboratory, Department of Informatics, Athens University of Economics and Business, Athens, Greece. E-mails:\u00a0geostergiop@aueb.gr,\u00a0chronopoulou.georgia@gmail.com,\u00a0vaggelisbtks@gmail.com,\u00a0ntsalis@aueb.gr,\u00a0dgrit@aueb.gr","institution_ids":["https://openalex.org/I73142707"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5043516303","display_name":"Evangelos Bitsikas","orcid":"https://orcid.org/0000-0002-7850-6867"},"institutions":[{"id":"https://openalex.org/I73142707","display_name":"Athens University of Economics and Business","ror":"https://ror.org/03s262162","country_code":"GR","type":"education","lineage":["https://openalex.org/I73142707"]}],"countries":["GR"],"is_corresponding":false,"raw_author_name":"Evangelos Bitsikas","raw_affiliation_strings":["Information Security and Critical Infrastructure Protection (INFOSEC) Laboratory, Department of Informatics, Athens University of Economics and Business, Athens, Greece. E-mails:\u00a0,\u00a0,\u00a0,\u00a0,\u00a0","Information Security and Critical Infrastructure Protection (INFOSEC) Laboratory, Department of Informatics, Athens University of Economics and Business, Athens, Greece. E-mails:\u00a0geostergiop@aueb.gr,\u00a0chronopoulou.georgia@gmail.com,\u00a0vaggelisbtks@gmail.com,\u00a0ntsalis@aueb.gr,\u00a0dgrit@aueb.gr"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Information Security and Critical Infrastructure Protection (INFOSEC) Laboratory, Department of Informatics, Athens University of Economics and Business, Athens, Greece. E-mails:\u00a0,\u00a0,\u00a0,\u00a0,\u00a0","institution_ids":["https://openalex.org/I73142707"]},{"raw_affiliation_string":"Information Security and Critical Infrastructure Protection (INFOSEC) Laboratory, Department of Informatics, Athens University of Economics and Business, Athens, Greece. E-mails:\u00a0geostergiop@aueb.gr,\u00a0chronopoulou.georgia@gmail.com,\u00a0vaggelisbtks@gmail.com,\u00a0ntsalis@aueb.gr,\u00a0dgrit@aueb.gr","institution_ids":["https://openalex.org/I73142707"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5028648838","display_name":"Nikolaos Tsalis","orcid":null},"institutions":[{"id":"https://openalex.org/I73142707","display_name":"Athens University of Economics and Business","ror":"https://ror.org/03s262162","country_code":"GR","type":"education","lineage":["https://openalex.org/I73142707"]}],"countries":["GR"],"is_corresponding":false,"raw_author_name":"Nikolaos Tsalis","raw_affiliation_strings":["Information Security and Critical Infrastructure Protection (INFOSEC) Laboratory, Department of Informatics, Athens University of Economics and Business, Athens, Greece. E-mails:\u00a0,\u00a0,\u00a0,\u00a0,\u00a0","Information Security and Critical Infrastructure Protection (INFOSEC) Laboratory, Department of Informatics, Athens University of Economics and Business, Athens, Greece. E-mails:\u00a0geostergiop@aueb.gr,\u00a0chronopoulou.georgia@gmail.com,\u00a0vaggelisbtks@gmail.com,\u00a0ntsalis@aueb.gr,\u00a0dgrit@aueb.gr"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Information Security and Critical Infrastructure Protection (INFOSEC) Laboratory, Department of Informatics, Athens University of Economics and Business, Athens, Greece. E-mails:\u00a0,\u00a0,\u00a0,\u00a0,\u00a0","institution_ids":["https://openalex.org/I73142707"]},{"raw_affiliation_string":"Information Security and Critical Infrastructure Protection (INFOSEC) Laboratory, Department of Informatics, Athens University of Economics and Business, Athens, Greece. E-mails:\u00a0geostergiop@aueb.gr,\u00a0chronopoulou.georgia@gmail.com,\u00a0vaggelisbtks@gmail.com,\u00a0ntsalis@aueb.gr,\u00a0dgrit@aueb.gr","institution_ids":["https://openalex.org/I73142707"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5023540661","display_name":"Dimitris Gritzalis","orcid":"https://orcid.org/0000-0002-7793-6128"},"institutions":[{"id":"https://openalex.org/I73142707","display_name":"Athens University of Economics and Business","ror":"https://ror.org/03s262162","country_code":"GR","type":"education","lineage":["https://openalex.org/I73142707"]}],"countries":["GR"],"is_corresponding":true,"raw_author_name":"Dimitris Gritzalis","raw_affiliation_strings":["Information Security and Critical Infrastructure Protection (INFOSEC) Laboratory, Department of Informatics, Athens University of Economics and Business, Athens, Greece. E-mails:\u00a0,\u00a0,\u00a0,\u00a0,\u00a0","Information Security and Critical Infrastructure Protection (INFOSEC) Laboratory, Department of Informatics, Athens University of Economics and Business, Athens, Greece. E-mails:\u00a0geostergiop@aueb.gr,\u00a0chronopoulou.georgia@gmail.com,\u00a0vaggelisbtks@gmail.com,\u00a0ntsalis@aueb.gr,\u00a0dgrit@aueb.gr"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Information Security and Critical Infrastructure Protection (INFOSEC) Laboratory, Department of Informatics, Athens University of Economics and Business, Athens, Greece. E-mails:\u00a0,\u00a0,\u00a0,\u00a0,\u00a0","institution_ids":["https://openalex.org/I73142707"]},{"raw_affiliation_string":"Information Security and Critical Infrastructure Protection (INFOSEC) Laboratory, Department of Informatics, Athens University of Economics and Business, Athens, Greece. E-mails:\u00a0geostergiop@aueb.gr,\u00a0chronopoulou.georgia@gmail.com,\u00a0vaggelisbtks@gmail.com,\u00a0ntsalis@aueb.gr,\u00a0dgrit@aueb.gr","institution_ids":["https://openalex.org/I73142707"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5023540661"],"corresponding_institution_ids":["https://openalex.org/I73142707"],"apc_list":null,"apc_paid":null,"fwci":0.9291,"has_fulltext":false,"cited_by_count":11,"citation_normalized_percentile":{"value":0.77713595,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":98},"biblio":{"volume":"27","issue":"5","first_page":"507","last_page":"520"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/false-positive-paradox","display_name":"False positive paradox","score":0.8287147283554077},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7846620082855225},{"id":"https://openalex.org/keywords/encryption","display_name":"Encryption","score":0.6931663751602173},{"id":"https://openalex.org/keywords/network-packet","display_name":"Network packet","score":0.6532655954360962},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.6004780530929565},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.5151132941246033},{"id":"https://openalex.org/keywords/deep-packet-inspection","display_name":"Deep packet inspection","score":0.4847923815250397},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.47650137543678284},{"id":"https://openalex.org/keywords/real-time-computing","display_name":"Real-time computing","score":0.4729183316230774},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.4440479278564453},{"id":"https://openalex.org/keywords/true-positive-rate","display_name":"True positive rate","score":0.4368118345737457},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.25121569633483887}],"concepts":[{"id":"https://openalex.org/C64869954","wikidata":"https://www.wikidata.org/wiki/Q1859747","display_name":"False positive paradox","level":2,"score":0.8287147283554077},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7846620082855225},{"id":"https://openalex.org/C148730421","wikidata":"https://www.wikidata.org/wiki/Q141090","display_name":"Encryption","level":2,"score":0.6931663751602173},{"id":"https://openalex.org/C158379750","wikidata":"https://www.wikidata.org/wiki/Q214111","display_name":"Network packet","level":2,"score":0.6532655954360962},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.6004780530929565},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.5151132941246033},{"id":"https://openalex.org/C204679922","wikidata":"https://www.wikidata.org/wiki/Q734252","display_name":"Deep packet inspection","level":3,"score":0.4847923815250397},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.47650137543678284},{"id":"https://openalex.org/C79403827","wikidata":"https://www.wikidata.org/wiki/Q3988","display_name":"Real-time computing","level":1,"score":0.4729183316230774},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.4440479278564453},{"id":"https://openalex.org/C2989486834","wikidata":"https://www.wikidata.org/wiki/Q3808900","display_name":"True positive rate","level":2,"score":0.4368118345737457},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.25121569633483887}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.3233/jcs-191286","is_oa":false,"landing_page_url":"https://doi.org/10.3233/jcs-191286","pdf_url":null,"source":{"id":"https://openalex.org/S106992369","display_name":"Journal of Computer Security","issn_l":"0926-227X","issn":["0926-227X","1875-8924"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310318577","host_organization_name":"IOS Press","host_organization_lineage":["https://openalex.org/P4310318577"],"host_organization_lineage_names":["IOS Press"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Computer Security","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":24,"referenced_works":["https://openalex.org/W191098608","https://openalex.org/W766792511","https://openalex.org/W1462349742","https://openalex.org/W1489583541","https://openalex.org/W1499648394","https://openalex.org/W1955645522","https://openalex.org/W1985987493","https://openalex.org/W1988741337","https://openalex.org/W1997299558","https://openalex.org/W2021767337","https://openalex.org/W2048702750","https://openalex.org/W2104209065","https://openalex.org/W2157349061","https://openalex.org/W2167266744","https://openalex.org/W2261753215","https://openalex.org/W2330194958","https://openalex.org/W2330650066","https://openalex.org/W2412589610","https://openalex.org/W2486050448","https://openalex.org/W2559773779","https://openalex.org/W2744198018","https://openalex.org/W2885743621","https://openalex.org/W4230079300","https://openalex.org/W6600980277"],"related_works":["https://openalex.org/W1557094818","https://openalex.org/W2160907113","https://openalex.org/W4287692494","https://openalex.org/W3129715955","https://openalex.org/W3027053746","https://openalex.org/W3047594718","https://openalex.org/W4299651861","https://openalex.org/W2953243682","https://openalex.org/W1975357770","https://openalex.org/W4386222044"],"abstract_inverted_index":{"During":[0],"the":[1,22,75],"past":[2],"years,":[3],"deep":[4],"packet":[5],"inspection":[6],"has":[7,167],"been":[8],"prevalent":[9],"in":[10,33,126,130,175],"network":[11,99,113],"intrusion":[12],"detection":[13,82,156],"systems.":[14],"Most":[15,62],"solutions":[16,79],"employ":[17],"complex":[18],"algorithms":[19],"to":[20,36,86,115,150],"analyze":[21,87],"intended":[23],"behaviour":[24],"and":[25,30,38,42,49,133,165,172],"underlying":[26],"characteristics":[27,110],"of":[28,90,111,138],"packets":[29,114],"their":[31,59],"payloads,":[32],"an":[34],"effort":[35],"detect":[37],"prevent":[39],"malicious":[40,119],"users":[41],"software":[43,65],"from":[44,118],"communicating":[45],"over":[46,107,160],"business":[47],"intranets":[48],"wider":[50],"networks.":[51],"Still,":[52],"there":[53],"are":[54],"multiple":[55,135],"issues":[56],"that":[57,103],"inhibit":[58],"success":[60],"rate.":[61],"signature-based":[63],"security":[64],"is":[66,125],"plagued":[67],"by":[68],"false":[69,72,170,173],"positives":[70,171],"and/or":[71],"negatives.":[73],"On":[74],"other":[76],"hand,":[77],"behavioral-based":[78],"achieve":[80,151],"better":[81],"rates":[83],"but":[84],"need":[85],"large":[88],"amounts":[89],"traffic.":[91,139],"In":[92],"this":[93],"article,":[94],"we":[95],"present":[96],"a":[97],"real-time":[98],"traffic":[100,162],"monitoring":[101],"system":[102],"implements":[104],"machine":[105],"learning":[106],"side":[108],"channel":[109],"TCP":[112,120],"distinguish":[116],"normal":[117],"sessions,":[121],"even":[122],"when":[123],"encryption":[124],"place.":[127],"We":[128,140],"test":[129,134],"university":[131],"networks":[132],"different":[136],"types":[137],"show":[141],"that,":[142],"our":[143],"approach":[144],"(i)":[145],"requires":[146],"notably":[147,168],"less":[148],"information":[149],"similar":[152],"(if":[153],"not":[154],"better)":[155],"rates,":[157],"(ii)":[158],"works":[159],"encrypted":[161],"as":[163],"well,":[164],"(iii)":[166],"low":[169],"negatives":[174],"everyday":[176],"case":[177],"study":[178],"scenarios.":[179]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":3},{"year":2022,"cited_by_count":2},{"year":2021,"cited_by_count":1},{"year":2020,"cited_by_count":2}],"updated_date":"2026-05-21T06:26:12.895304","created_date":"2025-10-10T00:00:00"}