{"id":"https://openalex.org/W2149182595","doi":"https://doi.org/10.3390/fi2040662","title":"Improving Anomaly Detection for Text-Based Protocols by Exploiting Message Structures","display_name":"Improving Anomaly Detection for Text-Based Protocols by Exploiting Message Structures","publication_year":2010,"publication_date":"2010-12-21","ids":{"openalex":"https://openalex.org/W2149182595","doi":"https://doi.org/10.3390/fi2040662","mag":"2149182595"},"language":"en","primary_location":{"id":"doi:10.3390/fi2040662","is_oa":true,"landing_page_url":"https://doi.org/10.3390/fi2040662","pdf_url":"https://www.mdpi.com/1999-5903/2/4/662/pdf?version=1292931273","source":{"id":"https://openalex.org/S34838331","display_name":"Future Internet","issn_l":"1999-5903","issn":["1999-5903"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Future Internet","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://www.mdpi.com/1999-5903/2/4/662/pdf?version=1292931273","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5090377846","display_name":"Martin G\u00fcthle","orcid":null},"institutions":[{"id":"https://openalex.org/I100066346","display_name":"University of Stuttgart","ror":"https://ror.org/04vnq7t77","country_code":"DE","type":"education","lineage":["https://openalex.org/I100066346"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Martin G\u00fcthle","raw_affiliation_strings":["Institute of Communication Networks and Computer Engineering (IKR), University of Stuttgart, Germany"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Institute of Communication Networks and Computer Engineering (IKR), University of Stuttgart, Germany","institution_ids":["https://openalex.org/I100066346"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5083345287","display_name":"Jochen K\u00f6gel","orcid":"https://orcid.org/0000-0003-4700-8264"},"institutions":[{"id":"https://openalex.org/I100066346","display_name":"University of Stuttgart","ror":"https://ror.org/04vnq7t77","country_code":"DE","type":"education","lineage":["https://openalex.org/I100066346"]}],"countries":["DE"],"is_corresponding":true,"raw_author_name":"Jochen K\u00f6gel","raw_affiliation_strings":["Institute of Communication Networks and Computer Engineering (IKR), University of Stuttgart, Germany"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Institute of Communication Networks and Computer Engineering (IKR), University of Stuttgart, Germany","institution_ids":["https://openalex.org/I100066346"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5070095009","display_name":"Stefan Wahl","orcid":"https://orcid.org/0000-0002-6747-5225"},"institutions":[{"id":"https://openalex.org/I1322087612","display_name":"Alcatel Lucent (Germany)","ror":"https://ror.org/00c5mwp75","country_code":"DE","type":"company","lineage":["https://openalex.org/I1322087612"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Stefan Wahl","raw_affiliation_strings":["Bell-Labs Germany, Alcatel-Lucent Deutschland AG, Stuttgart, Germany"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Bell-Labs Germany, Alcatel-Lucent Deutschland AG, Stuttgart, Germany","institution_ids":["https://openalex.org/I1322087612"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5056503043","display_name":"Matthias Kaschub","orcid":null},"institutions":[{"id":"https://openalex.org/I100066346","display_name":"University of Stuttgart","ror":"https://ror.org/04vnq7t77","country_code":"DE","type":"education","lineage":["https://openalex.org/I100066346"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Matthias Kaschub","raw_affiliation_strings":["Institute of Communication Networks and Computer Engineering (IKR), University of Stuttgart, Germany"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Institute of Communication Networks and Computer Engineering (IKR), University of Stuttgart, Germany","institution_ids":["https://openalex.org/I100066346"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5103709448","display_name":"Christian M. Mueller","orcid":null},"institutions":[{"id":"https://openalex.org/I100066346","display_name":"University of Stuttgart","ror":"https://ror.org/04vnq7t77","country_code":"DE","type":"education","lineage":["https://openalex.org/I100066346"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Christian M. Mueller","raw_affiliation_strings":["Institute of Communication Networks and Computer Engineering (IKR), University of Stuttgart, Germany"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Institute of Communication Networks and Computer Engineering (IKR), University of Stuttgart, Germany","institution_ids":["https://openalex.org/I100066346"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5083345287"],"corresponding_institution_ids":["https://openalex.org/I100066346"],"apc_list":{"value":1400,"currency":"CHF","value_usd":1515},"apc_paid":{"value":1400,"currency":"CHF","value_usd":1515},"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.21354207,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"2","issue":"4","first_page":"662","last_page":"669"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.998199999332428,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9980999827384949,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.9187660813331604},{"id":"https://openalex.org/keywords/support-vector-machine","display_name":"Support vector machine","score":0.7025848627090454},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.6198486089706421},{"id":"https://openalex.org/keywords/session","display_name":"Session (web analytics)","score":0.5809465050697327},{"id":"https://openalex.org/keywords/throughput","display_name":"Throughput","score":0.525299608707428},{"id":"https://openalex.org/keywords/protocol","display_name":"Protocol (science)","score":0.5186852216720581},{"id":"https://openalex.org/keywords/feature-vector","display_name":"Feature vector","score":0.5055108070373535},{"id":"https://openalex.org/keywords/reduction","display_name":"Reduction (mathematics)","score":0.47590741515159607},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.47075918316841125},{"id":"https://openalex.org/keywords/matching","display_name":"Matching (statistics)","score":0.45052558183670044},{"id":"https://openalex.org/keywords/extension","display_name":"Extension (predicate logic)","score":0.4496158957481384},{"id":"https://openalex.org/keywords/feature","display_name":"Feature (linguistics)","score":0.43208467960357666},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.3714676797389984},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.37105894088745117},{"id":"https://openalex.org/keywords/pattern-recognition","display_name":"Pattern recognition (psychology)","score":0.3460719585418701},{"id":"https://openalex.org/keywords/wireless","display_name":"Wireless","score":0.09305831789970398}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.9187660813331604},{"id":"https://openalex.org/C12267149","wikidata":"https://www.wikidata.org/wiki/Q282453","display_name":"Support vector machine","level":2,"score":0.7025848627090454},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.6198486089706421},{"id":"https://openalex.org/C2779182362","wikidata":"https://www.wikidata.org/wiki/Q17126187","display_name":"Session (web analytics)","level":2,"score":0.5809465050697327},{"id":"https://openalex.org/C157764524","wikidata":"https://www.wikidata.org/wiki/Q1383412","display_name":"Throughput","level":3,"score":0.525299608707428},{"id":"https://openalex.org/C2780385302","wikidata":"https://www.wikidata.org/wiki/Q367158","display_name":"Protocol (science)","level":3,"score":0.5186852216720581},{"id":"https://openalex.org/C83665646","wikidata":"https://www.wikidata.org/wiki/Q42139305","display_name":"Feature vector","level":2,"score":0.5055108070373535},{"id":"https://openalex.org/C111335779","wikidata":"https://www.wikidata.org/wiki/Q3454686","display_name":"Reduction (mathematics)","level":2,"score":0.47590741515159607},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.47075918316841125},{"id":"https://openalex.org/C165064840","wikidata":"https://www.wikidata.org/wiki/Q1321061","display_name":"Matching (statistics)","level":2,"score":0.45052558183670044},{"id":"https://openalex.org/C2778029271","wikidata":"https://www.wikidata.org/wiki/Q5421931","display_name":"Extension (predicate logic)","level":2,"score":0.4496158957481384},{"id":"https://openalex.org/C2776401178","wikidata":"https://www.wikidata.org/wiki/Q12050496","display_name":"Feature (linguistics)","level":2,"score":0.43208467960357666},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.3714676797389984},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.37105894088745117},{"id":"https://openalex.org/C153180895","wikidata":"https://www.wikidata.org/wiki/Q7148389","display_name":"Pattern recognition (psychology)","level":2,"score":0.3460719585418701},{"id":"https://openalex.org/C555944384","wikidata":"https://www.wikidata.org/wiki/Q249","display_name":"Wireless","level":2,"score":0.09305831789970398},{"id":"https://openalex.org/C71924100","wikidata":"https://www.wikidata.org/wiki/Q11190","display_name":"Medicine","level":0,"score":0.0},{"id":"https://openalex.org/C204787440","wikidata":"https://www.wikidata.org/wiki/Q188504","display_name":"Alternative medicine","level":2,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0},{"id":"https://openalex.org/C41895202","wikidata":"https://www.wikidata.org/wiki/Q8162","display_name":"Linguistics","level":1,"score":0.0},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.0},{"id":"https://openalex.org/C105795698","wikidata":"https://www.wikidata.org/wiki/Q12483","display_name":"Statistics","level":1,"score":0.0},{"id":"https://openalex.org/C2524010","wikidata":"https://www.wikidata.org/wiki/Q8087","display_name":"Geometry","level":1,"score":0.0},{"id":"https://openalex.org/C142724271","wikidata":"https://www.wikidata.org/wiki/Q7208","display_name":"Pathology","level":1,"score":0.0},{"id":"https://openalex.org/C76155785","wikidata":"https://www.wikidata.org/wiki/Q418","display_name":"Telecommunications","level":1,"score":0.0},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0}],"mesh":[],"locations_count":4,"locations":[{"id":"doi:10.3390/fi2040662","is_oa":true,"landing_page_url":"https://doi.org/10.3390/fi2040662","pdf_url":"https://www.mdpi.com/1999-5903/2/4/662/pdf?version=1292931273","source":{"id":"https://openalex.org/S34838331","display_name":"Future Internet","issn_l":"1999-5903","issn":["1999-5903"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Future Internet","raw_type":"journal-article"},{"id":"pmh:oai:RePEc:gam:jftint:v:2:y:2010:i:4:p:662-669:d:10655","is_oa":false,"landing_page_url":"https://www.mdpi.com/1999-5903/2/4/662/","pdf_url":null,"source":{"id":"https://openalex.org/S4306401271","display_name":"RePEc: Research Papers in Economics","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I77793887","host_organization_name":"Federal Reserve Bank of St. Louis","host_organization_lineage":["https://openalex.org/I77793887"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},{"id":"pmh:oai:doaj.org/article:567431a3bb3847f0aed0cb45afb9c712","is_oa":false,"landing_page_url":"https://doaj.org/article/567431a3bb3847f0aed0cb45afb9c712","pdf_url":null,"source":{"id":"https://openalex.org/S4306401280","display_name":"DOAJ (DOAJ: Directory of Open Access Journals)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Future Internet, Vol 2, Iss 4, Pp 662-669 (2010)","raw_type":"article"},{"id":"pmh:oai:mdpi.com:/1999-5903/2/4/662/","is_oa":true,"landing_page_url":"https://dx.doi.org/10.3390/fi2040662","pdf_url":null,"source":{"id":"https://openalex.org/S4306400947","display_name":"MDPI (MDPI AG)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I4210097602","host_organization_name":"Multidisciplinary Digital Publishing Institute (Switzerland)","host_organization_lineage":["https://openalex.org/I4210097602"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Future Internet","raw_type":"Text"}],"best_oa_location":{"id":"doi:10.3390/fi2040662","is_oa":true,"landing_page_url":"https://doi.org/10.3390/fi2040662","pdf_url":"https://www.mdpi.com/1999-5903/2/4/662/pdf?version=1292931273","source":{"id":"https://openalex.org/S34838331","display_name":"Future Internet","issn_l":"1999-5903","issn":["1999-5903"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Future Internet","raw_type":"journal-article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.6499999761581421,"display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":6,"referenced_works":["https://openalex.org/W1519361431","https://openalex.org/W1864928074","https://openalex.org/W2100294832","https://openalex.org/W2133990480","https://openalex.org/W2153635508","https://openalex.org/W4242138061"],"related_works":["https://openalex.org/W2075768550","https://openalex.org/W3022218857","https://openalex.org/W2369178846","https://openalex.org/W2082716031","https://openalex.org/W2370289839","https://openalex.org/W2933494595","https://openalex.org/W4313347705","https://openalex.org/W2090763504","https://openalex.org/W1568049691","https://openalex.org/W1590096425"],"abstract_inverted_index":{"Service":[0],"platforms":[1],"using":[2],"text-based":[3],"protocols":[4],"need":[5],"to":[6,19,32,51],"be":[7,17],"protected":[8],"against":[9],"attacks.":[10,24],"Machine-learning":[11],"algorithms":[12,41],"with":[13,83],"pattern":[14],"matching":[15],"can":[16],"used":[18,58],"detect":[20],"even":[21],"previously":[22],"unknown":[23],"In":[25],"this":[26],"paper,":[27],"we":[28,77],"present":[29],"an":[30],"extension":[31],"known":[33],"Support":[34],"Vector":[35],"Machine":[36],"(SVM)":[37],"based":[38],"anomaly":[39],"detection":[40],"for":[42,59],"the":[43,53,65,72],"Session":[44],"Initiation":[45],"Protocol":[46],"(SIP).":[47],"Our":[48],"contribution":[49],"is":[50],"extend":[52],"amount":[54],"of":[55,67],"different":[56],"features":[57],"classification":[60],"(feature":[61],"space)":[62],"by":[63],"exploiting":[64],"structure":[66],"SIP":[68],"messages,":[69],"which":[70],"reduces":[71],"false":[73],"positive":[74],"rate.":[75],"Additionally,":[76],"show":[78],"how":[79],"combining":[80],"our":[81],"approach":[82],"attribute":[84],"reduction":[85],"significantly":[86],"improves":[87],"throughput.":[88]},"counts_by_year":[],"updated_date":"2026-05-21T06:26:12.895304","created_date":"2016-06-24T00:00:00"}