{"id":"https://openalex.org/W3167729385","doi":"https://doi.org/10.3390/computers10060079","title":"CBAM: A Contextual Model for Network Anomaly Detection","display_name":"CBAM: A Contextual Model for Network Anomaly Detection","publication_year":2021,"publication_date":"2021-06-11","ids":{"openalex":"https://openalex.org/W3167729385","doi":"https://doi.org/10.3390/computers10060079","mag":"3167729385"},"language":"en","primary_location":{"id":"doi:10.3390/computers10060079","is_oa":true,"landing_page_url":"https://doi.org/10.3390/computers10060079","pdf_url":"https://www.mdpi.com/2073-431X/10/6/79/pdf?version=1623737257","source":{"id":"https://openalex.org/S4210228075","display_name":"Computers","issn_l":"2073-431X","issn":["2073-431X"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Computers","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://www.mdpi.com/2073-431X/10/6/79/pdf?version=1623737257","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5034965926","display_name":"Henry Clausen","orcid":"https://orcid.org/0000-0002-7255-4745"},"institutions":[{"id":"https://openalex.org/I98677209","display_name":"University of Edinburgh","ror":"https://ror.org/01nrxwf90","country_code":"GB","type":"education","lineage":["https://openalex.org/I98677209"]}],"countries":["GB"],"is_corresponding":true,"raw_author_name":"Henry Clausen","raw_affiliation_strings":["School of Informatics, University of Edinburgh, Edinburgh EH8 9AB, UK"],"affiliations":[{"raw_affiliation_string":"School of Informatics, University of Edinburgh, Edinburgh EH8 9AB, UK","institution_ids":["https://openalex.org/I98677209"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5077910506","display_name":"Gudmund Grov","orcid":"https://orcid.org/0000-0001-8837-5496"},"institutions":[{"id":"https://openalex.org/I163244428","display_name":"Norwegian Defence Research Establishment","ror":"https://ror.org/0098gnz32","country_code":"NO","type":"facility","lineage":["https://openalex.org/I163244428"]},{"id":"https://openalex.org/I184942183","display_name":"University of Oslo","ror":"https://ror.org/01xtthb56","country_code":"NO","type":"education","lineage":["https://openalex.org/I184942183"]}],"countries":["NO"],"is_corresponding":false,"raw_author_name":"Gudmund Grov","raw_affiliation_strings":["Department of Informatics, University of Oslo, 0373 Oslo, Norway","Norwegian Defence Research Establishment (FFI), 2007 Kjeller, Norway"],"affiliations":[{"raw_affiliation_string":"Department of Informatics, University of Oslo, 0373 Oslo, Norway","institution_ids":["https://openalex.org/I184942183"]},{"raw_affiliation_string":"Norwegian Defence Research Establishment (FFI), 2007 Kjeller, Norway","institution_ids":["https://openalex.org/I163244428"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5013254098","display_name":"David Aspinall","orcid":"https://orcid.org/0000-0002-6073-9013"},"institutions":[{"id":"https://openalex.org/I125680101","display_name":"Turing Institute","ror":"https://ror.org/02x2mw849","country_code":"GB","type":"facility","lineage":["https://openalex.org/I125680101"]},{"id":"https://openalex.org/I4210128584","display_name":"The Alan Turing Institute","ror":"https://ror.org/035dkdb55","country_code":"GB","type":"facility","lineage":["https://openalex.org/I4210128584"]},{"id":"https://openalex.org/I98677209","display_name":"University of Edinburgh","ror":"https://ror.org/01nrxwf90","country_code":"GB","type":"education","lineage":["https://openalex.org/I98677209"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"David Aspinall","raw_affiliation_strings":["School of Informatics, University of Edinburgh, Edinburgh EH8 9AB, UK","The Alan Turing Institute, London NW1 2DB, UK"],"affiliations":[{"raw_affiliation_string":"School of Informatics, University of Edinburgh, Edinburgh EH8 9AB, UK","institution_ids":["https://openalex.org/I98677209"]},{"raw_affiliation_string":"The Alan Turing Institute, London NW1 2DB, UK","institution_ids":["https://openalex.org/I125680101","https://openalex.org/I4210128584"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5034965926"],"corresponding_institution_ids":["https://openalex.org/I98677209"],"apc_list":{"value":1600,"currency":"CHF","value_usd":1732},"apc_paid":{"value":1600,"currency":"CHF","value_usd":1732},"fwci":2.2413,"has_fulltext":false,"cited_by_count":20,"citation_normalized_percentile":{"value":0.88201018,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":96,"max":99},"biblio":{"volume":"10","issue":"6","first_page":"79","last_page":"79"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9987000226974487,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7172517776489258},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.6816121339797974},{"id":"https://openalex.org/keywords/anomaly","display_name":"Anomaly (physics)","score":0.6268039345741272},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.6266219019889832},{"id":"https://openalex.org/keywords/benchmark","display_name":"Benchmark (surveying)","score":0.5399951338768005},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.5257354974746704},{"id":"https://openalex.org/keywords/volume","display_name":"Volume (thermodynamics)","score":0.41013550758361816},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.34487685561180115},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.33607354760169983},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.3283742070198059}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7172517776489258},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.6816121339797974},{"id":"https://openalex.org/C12997251","wikidata":"https://www.wikidata.org/wiki/Q567560","display_name":"Anomaly (physics)","level":2,"score":0.6268039345741272},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.6266219019889832},{"id":"https://openalex.org/C185798385","wikidata":"https://www.wikidata.org/wiki/Q1161707","display_name":"Benchmark (surveying)","level":2,"score":0.5399951338768005},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.5257354974746704},{"id":"https://openalex.org/C20556612","wikidata":"https://www.wikidata.org/wiki/Q4469374","display_name":"Volume (thermodynamics)","level":2,"score":0.41013550758361816},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.34487685561180115},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.33607354760169983},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3283742070198059},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0},{"id":"https://openalex.org/C151730666","wikidata":"https://www.wikidata.org/wiki/Q7205","display_name":"Paleontology","level":1,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C205649164","wikidata":"https://www.wikidata.org/wiki/Q1071","display_name":"Geography","level":0,"score":0.0},{"id":"https://openalex.org/C26873012","wikidata":"https://www.wikidata.org/wiki/Q214781","display_name":"Condensed matter physics","level":1,"score":0.0},{"id":"https://openalex.org/C62520636","wikidata":"https://www.wikidata.org/wiki/Q944","display_name":"Quantum mechanics","level":1,"score":0.0},{"id":"https://openalex.org/C13280743","wikidata":"https://www.wikidata.org/wiki/Q131089","display_name":"Geodesy","level":1,"score":0.0}],"mesh":[],"locations_count":5,"locations":[{"id":"doi:10.3390/computers10060079","is_oa":true,"landing_page_url":"https://doi.org/10.3390/computers10060079","pdf_url":"https://www.mdpi.com/2073-431X/10/6/79/pdf?version=1623737257","source":{"id":"https://openalex.org/S4210228075","display_name":"Computers","issn_l":"2073-431X","issn":["2073-431X"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Computers","raw_type":"journal-article"},{"id":"pmh:oai:pure.ed.ac.uk:openaire/843c97f3-6c7d-4c8a-86db-6f631aa805d3","is_oa":true,"landing_page_url":"https://www.research.ed.ac.uk/en/publications/843c97f3-6c7d-4c8a-86db-6f631aa805d3","pdf_url":null,"source":{"id":"https://openalex.org/S4406922455","display_name":"Edinburgh Research Explorer","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Clausen, H, Grov, G & Aspinall, D 2021, 'CBAM: A Contextual Model for Network Anomaly Detection', Computers, vol. 10, no. 6, 79. https://doi.org/10.3390/computers10060079","raw_type":"info:eu-repo/semantics/publishedVersion"},{"id":"pmh:oai:pure.ed.ac.uk:publications/843c97f3-6c7d-4c8a-86db-6f631aa805d3","is_oa":true,"landing_page_url":"http://hdl.handle.net/20.500.11820/843c97f3-6c7d-4c8a-86db-6f631aa805d3","pdf_url":"https://www.pure.ed.ac.uk/ws/files/215555650/CBAM_CLAISEN_DOA07062021_VOR_CC_BY.pdf","source":{"id":"https://openalex.org/S4406922455","display_name":"Edinburgh Research Explorer","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":""},{"id":"pmh:oai:doaj.org/article:eca7fa94a399479fa5e740013b09c12d","is_oa":true,"landing_page_url":"https://doaj.org/article/eca7fa94a399479fa5e740013b09c12d","pdf_url":null,"source":{"id":"https://openalex.org/S112646816","display_name":"SHILAP Revista de lepidopterolog\u00eda","issn_l":"0300-5267","issn":["0300-5267","2340-4078"],"is_oa":true,"is_in_doaj":true,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by-sa","license_id":"https://openalex.org/licenses/cc-by-sa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Computers, Vol 10, Iss 6, p 79 (2021)","raw_type":"article"},{"id":"pmh:oai:www.duo.uio.no:10852/86386","is_oa":true,"landing_page_url":"http://hdl.handle.net/10852/86386","pdf_url":null,"source":{"id":"https://openalex.org/S4306401717","display_name":"Duo Research Archive (University of Oslo)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I184942183","host_organization_name":"University of Oslo","host_organization_lineage":["https://openalex.org/I184942183"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"2073-431X","raw_type":"info:eu-repo/semantics/article"}],"best_oa_location":{"id":"doi:10.3390/computers10060079","is_oa":true,"landing_page_url":"https://doi.org/10.3390/computers10060079","pdf_url":"https://www.mdpi.com/2073-431X/10/6/79/pdf?version=1623737257","source":{"id":"https://openalex.org/S4210228075","display_name":"Computers","issn_l":"2073-431X","issn":["2073-431X"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Computers","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G251722195","display_name":null,"funder_award_id":"EP/T027037/1","funder_id":"https://openalex.org/F4320334627","funder_display_name":"Engineering and Physical Sciences Research Council"},{"id":"https://openalex.org/G6419237010","display_name":null,"funder_award_id":"EP/L02277X/1","funder_id":"https://openalex.org/F4320334627","funder_display_name":"Engineering and Physical Sciences Research Council"},{"id":"https://openalex.org/G8597009950","display_name":null,"funder_award_id":"EP/N510129/1","funder_id":"https://openalex.org/F4320334627","funder_display_name":"Engineering and Physical Sciences Research Council"}],"funders":[{"id":"https://openalex.org/F4320334627","display_name":"Engineering and Physical Sciences Research Council","ror":"https://ror.org/0439y7842"}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W3167729385.pdf","grobid_xml":"https://content.openalex.org/works/W3167729385.grobid-xml"},"referenced_works_count":43,"referenced_works":["https://openalex.org/W14760367","https://openalex.org/W1567375724","https://openalex.org/W1591480890","https://openalex.org/W1980241039","https://openalex.org/W1985987493","https://openalex.org/W1988918299","https://openalex.org/W2077488147","https://openalex.org/W2095705004","https://openalex.org/W2099940443","https://openalex.org/W2160841769","https://openalex.org/W2166366767","https://openalex.org/W2217098601","https://openalex.org/W2278186031","https://openalex.org/W2296509296","https://openalex.org/W2335999708","https://openalex.org/W2476891002","https://openalex.org/W2535642622","https://openalex.org/W2587019100","https://openalex.org/W2736633391","https://openalex.org/W2767094836","https://openalex.org/W2770942607","https://openalex.org/W2789828921","https://openalex.org/W2870670057","https://openalex.org/W2889969930","https://openalex.org/W2929803724","https://openalex.org/W2963932686","https://openalex.org/W2997442262","https://openalex.org/W2998038410","https://openalex.org/W3016411415","https://openalex.org/W3024012711","https://openalex.org/W3049461974","https://openalex.org/W3086419524","https://openalex.org/W3100503250","https://openalex.org/W3105780912","https://openalex.org/W3116274835","https://openalex.org/W3134327643","https://openalex.org/W3160272793","https://openalex.org/W3160455160","https://openalex.org/W3185617097","https://openalex.org/W6674330103","https://openalex.org/W6794920435","https://openalex.org/W6927331436","https://openalex.org/W6929373306"],"related_works":["https://openalex.org/W2806741695","https://openalex.org/W4290647774","https://openalex.org/W3189286258","https://openalex.org/W3207797160","https://openalex.org/W3210364259","https://openalex.org/W4300558037","https://openalex.org/W2667207928","https://openalex.org/W2912112202","https://openalex.org/W4377864969","https://openalex.org/W3120251014"],"abstract_inverted_index":{"Anomaly-based":[0],"intrusion":[1,37],"detection":[2,21,38],"methods":[3,39,64],"aim":[4],"to":[5,19,41,59,66,100,175,196,202],"combat":[6],"the":[7,20,33,77,198,218,239],"increasing":[8],"rate":[9,201],"of":[10,22,145,209,221,236],"zero-day":[11],"attacks,":[12,154,212],"however,":[13],"their":[14,60],"success":[15],"is":[16,97,173,214],"currently":[17],"restricted":[18],"high-volume":[23],"attacks":[24,103,123],"using":[25],"aggregated":[26],"traffic":[27,156,162],"features.":[28],"Recent":[29],"evaluations":[30],"show":[31,186],"that":[32,96,148,170,227],"current":[34,181],"anomaly-based":[35],"network":[36,106,116,152],"fail":[40],"reliably":[42],"detect":[43,67,101],"remote":[44],"access":[45,68,153,211],"attacks.":[46],"These":[47],"are":[48,194],"smaller":[49],"in":[50,115],"volume":[51],"and":[52,75,84,131,161],"often":[53],"only":[54],"stand":[55],"out":[56,208],"when":[57,128],"compared":[58],"surroundings.":[61],"Currently,":[62],"anomaly":[63,89],"try":[65],"attack":[69],"events":[70],"mainly":[71],"as":[72,104,118,136],"point":[73],"anomalies":[74],"neglect":[76],"context":[78],"they":[79],"appear":[80],"in.":[81],"We":[82,139,168,185,224],"present":[83],"examine":[85],"a":[86,158,164,176,190],"contextual":[87,105,137],"bidirectional":[88],"model":[90,109],"(CBAM)":[91],"based":[92],"on":[93,142],"deep":[94,191],"LSTM-networks":[95],"specifically":[98],"designed":[99],"such":[102],"anomalies.":[107,138],"The":[108],"efficiently":[110],"learns":[111],"short-term":[112,228],"sequential":[113],"patterns":[114,127],"flows":[117],"conditional":[119],"event":[120],"probabilities.":[121],"Access":[122],"frequently":[124],"break":[125],"these":[126],"exploiting":[129],"vulnerabilities,":[130],"can":[132],"thus":[133],"be":[134],"detected":[135],"evaluated":[140],"CBAM":[141,240],"an":[143],"assembly":[144,172],"three":[146],"datasets":[147],"provide":[149],"both":[150],"representative":[151],"real-life":[155],"over":[157,233],"long":[159,234],"timespan,":[160],"from":[163],"real-world":[165],"red-team":[166],"attack.":[167],"contend":[169],"this":[171],"closer":[174],"potential":[177],"deployment":[178],"environment":[179],"than":[180,217],"NIDS":[182],"benchmark":[183],"datasets.":[184],"that,":[187],"by":[188],"building":[189],"model,":[192],"we":[193],"able":[195],"reduce":[197],"false":[199],"positive":[200],"0.16%":[203],"while":[204],"effectively":[205],"detecting":[206],"six":[207],"seven":[210],"which":[213],"significantly":[215],"lower":[216],"operational":[219],"range":[220],"other":[222],"methods.":[223],"further":[225],"demonstrate":[226],"flow":[229],"structures":[230],"remain":[231],"stable":[232],"periods":[235],"time,":[237],"making":[238],"robust":[241],"against":[242],"concept":[243],"drift.":[244]},"counts_by_year":[{"year":2026,"cited_by_count":2},{"year":2025,"cited_by_count":4},{"year":2024,"cited_by_count":6},{"year":2023,"cited_by_count":3},{"year":2022,"cited_by_count":5}],"updated_date":"2026-04-18T07:56:08.524223","created_date":"2021-06-22T00:00:00"}