{"id":"https://openalex.org/W3211532247","doi":"https://doi.org/10.3390/s21227464","title":"Applying MMD Data Mining to Match Network Traffic for Stepping-Stone Intrusion Detection","display_name":"Applying MMD Data Mining to Match Network Traffic for Stepping-Stone Intrusion Detection","publication_year":2021,"publication_date":"2021-11-10","ids":{"openalex":"https://openalex.org/W3211532247","doi":"https://doi.org/10.3390/s21227464","mag":"3211532247","pmid":"https://pubmed.ncbi.nlm.nih.gov/34833539"},"language":"en","primary_location":{"id":"doi:10.3390/s21227464","is_oa":true,"landing_page_url":"https://doi.org/10.3390/s21227464","pdf_url":"https://www.mdpi.com/1424-8220/21/22/7464/pdf?version=1636679365","source":{"id":"https://openalex.org/S101949793","display_name":"Sensors","issn_l":"1424-8220","issn":["1424-8220"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Sensors","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj","pubmed"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://www.mdpi.com/1424-8220/21/22/7464/pdf?version=1636679365","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5088671813","display_name":"Jianhua Yang","orcid":"https://orcid.org/0000-0003-2745-8524"},"institutions":[{"id":"https://openalex.org/I199172307","display_name":"Columbus State University","ror":"https://ror.org/002nf6z37","country_code":"US","type":"education","lineage":["https://openalex.org/I199172307"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Jianhua Yang","raw_affiliation_strings":["TSYS School of Computer Science, Columbus State University, Columbus, GA 31907, USA"],"affiliations":[{"raw_affiliation_string":"TSYS School of Computer Science, Columbus State University, Columbus, GA 31907, USA","institution_ids":["https://openalex.org/I199172307"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5100331165","display_name":"Lixin Wang","orcid":"https://orcid.org/0000-0003-0968-1247"},"institutions":[{"id":"https://openalex.org/I199172307","display_name":"Columbus State University","ror":"https://ror.org/002nf6z37","country_code":"US","type":"education","lineage":["https://openalex.org/I199172307"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Lixin Wang","raw_affiliation_strings":["TSYS School of Computer Science, Columbus State University, Columbus, GA 31907, USA"],"affiliations":[{"raw_affiliation_string":"TSYS School of Computer Science, Columbus State University, Columbus, GA 31907, USA","institution_ids":["https://openalex.org/I199172307"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5088671813"],"corresponding_institution_ids":["https://openalex.org/I199172307"],"apc_list":{"value":2400,"currency":"CHF","value_usd":2598},"apc_paid":{"value":2400,"currency":"CHF","value_usd":2598},"fwci":0.6401,"has_fulltext":true,"cited_by_count":4,"citation_normalized_percentile":{"value":0.72022267,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":97},"biblio":{"volume":"21","issue":"22","first_page":"7464","last_page":"7464"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10138","display_name":"Network Traffic and Congestion Control","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7790095806121826},{"id":"https://openalex.org/keywords/network-packet","display_name":"Network packet","score":0.7691780924797058},{"id":"https://openalex.org/keywords/deep-packet-inspection","display_name":"Deep packet inspection","score":0.5778924822807312},{"id":"https://openalex.org/keywords/matching","display_name":"Matching (statistics)","score":0.5763545036315918},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.5403464436531067},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.5119038820266724},{"id":"https://openalex.org/keywords/algorithm","display_name":"Algorithm","score":0.5038129687309265},{"id":"https://openalex.org/keywords/real-time-computing","display_name":"Real-time computing","score":0.4833221435546875},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.4769945740699768},{"id":"https://openalex.org/keywords/blossom-algorithm","display_name":"Blossom algorithm","score":0.4395269751548767},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.333151638507843},{"id":"https://openalex.org/keywords/mathematics","display_name":"Mathematics","score":0.1031290590763092}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7790095806121826},{"id":"https://openalex.org/C158379750","wikidata":"https://www.wikidata.org/wiki/Q214111","display_name":"Network packet","level":2,"score":0.7691780924797058},{"id":"https://openalex.org/C204679922","wikidata":"https://www.wikidata.org/wiki/Q734252","display_name":"Deep packet inspection","level":3,"score":0.5778924822807312},{"id":"https://openalex.org/C165064840","wikidata":"https://www.wikidata.org/wiki/Q1321061","display_name":"Matching (statistics)","level":2,"score":0.5763545036315918},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.5403464436531067},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.5119038820266724},{"id":"https://openalex.org/C11413529","wikidata":"https://www.wikidata.org/wiki/Q8366","display_name":"Algorithm","level":1,"score":0.5038129687309265},{"id":"https://openalex.org/C79403827","wikidata":"https://www.wikidata.org/wiki/Q3988","display_name":"Real-time computing","level":1,"score":0.4833221435546875},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.4769945740699768},{"id":"https://openalex.org/C61455927","wikidata":"https://www.wikidata.org/wiki/Q1030529","display_name":"Blossom algorithm","level":3,"score":0.4395269751548767},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.333151638507843},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.1031290590763092},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C151730666","wikidata":"https://www.wikidata.org/wiki/Q7205","display_name":"Paleontology","level":1,"score":0.0},{"id":"https://openalex.org/C105795698","wikidata":"https://www.wikidata.org/wiki/Q12483","display_name":"Statistics","level":1,"score":0.0}],"mesh":[{"descriptor_ui":"D000465","descriptor_name":"Algorithms","qualifier_ui":null,"qualifier_name":null,"is_major_topic":true},{"descriptor_ui":"D000465","descriptor_name":"Algorithms","qualifier_ui":null,"qualifier_name":null,"is_major_topic":true},{"descriptor_ui":"D000465","descriptor_name":"Algorithms","qualifier_ui":null,"qualifier_name":null,"is_major_topic":true},{"descriptor_ui":"D057225","descriptor_name":"Data Mining","qualifier_ui":null,"qualifier_name":null,"is_major_topic":true},{"descriptor_ui":"D057225","descriptor_name":"Data Mining","qualifier_ui":null,"qualifier_name":null,"is_major_topic":true},{"descriptor_ui":"D057225","descriptor_name":"Data Mining","qualifier_ui":null,"qualifier_name":null,"is_major_topic":true}],"locations_count":5,"locations":[{"id":"doi:10.3390/s21227464","is_oa":true,"landing_page_url":"https://doi.org/10.3390/s21227464","pdf_url":"https://www.mdpi.com/1424-8220/21/22/7464/pdf?version=1636679365","source":{"id":"https://openalex.org/S101949793","display_name":"Sensors","issn_l":"1424-8220","issn":["1424-8220"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Sensors","raw_type":"journal-article"},{"id":"pmid:34833539","is_oa":false,"landing_page_url":"https://pubmed.ncbi.nlm.nih.gov/34833539","pdf_url":null,"source":{"id":"https://openalex.org/S4306525036","display_name":"PubMed","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I1299303238","host_organization_name":"National Institutes of Health","host_organization_lineage":["https://openalex.org/I1299303238"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Sensors (Basel, Switzerland)","raw_type":null},{"id":"pmh:oai:doaj.org/article:75312d70c4874db4bbaed122063ca072","is_oa":true,"landing_page_url":"https://doaj.org/article/75312d70c4874db4bbaed122063ca072","pdf_url":null,"source":{"id":"https://openalex.org/S112646816","display_name":"SHILAP Revista de lepidopterolog\u00eda","issn_l":"0300-5267","issn":["0300-5267","2340-4078"],"is_oa":true,"is_in_doaj":true,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by-sa","license_id":"https://openalex.org/licenses/cc-by-sa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Sensors, Vol 21, Iss 22, p 7464 (2021)","raw_type":"article"},{"id":"pmh:oai:mdpi.com:/1424-8220/21/22/7464/","is_oa":true,"landing_page_url":"https://dx.doi.org/10.3390/s21227464","pdf_url":null,"source":{"id":"https://openalex.org/S4306400947","display_name":"MDPI (MDPI AG)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I4210097602","host_organization_name":"Multidisciplinary Digital Publishing Institute (Switzerland)","host_organization_lineage":["https://openalex.org/I4210097602"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Sensors; Volume 21; Issue 22; Pages: 7464","raw_type":"Text"},{"id":"pmh:oai:pubmedcentral.nih.gov:8618504","is_oa":true,"landing_page_url":"https://www.ncbi.nlm.nih.gov/pmc/articles/8618504","pdf_url":null,"source":{"id":"https://openalex.org/S2764455111","display_name":"PubMed Central","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I1299303238","host_organization_name":"National Institutes of Health","host_organization_lineage":["https://openalex.org/I1299303238"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Sensors (Basel)","raw_type":"Text"}],"best_oa_location":{"id":"doi:10.3390/s21227464","is_oa":true,"landing_page_url":"https://doi.org/10.3390/s21227464","pdf_url":"https://www.mdpi.com/1424-8220/21/22/7464/pdf?version=1636679365","source":{"id":"https://openalex.org/S101949793","display_name":"Sensors","issn_l":"1424-8220","issn":["1424-8220"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Sensors","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G6851414390","display_name":null,"funder_award_id":"H98230-20-1-0293","funder_id":"https://openalex.org/F4320311089","funder_display_name":"National Security Agency"},{"id":"https://openalex.org/G7845798442","display_name":null,"funder_award_id":"H98230","funder_id":"https://openalex.org/F4320311089","funder_display_name":"National Security Agency"}],"funders":[{"id":"https://openalex.org/F4320311089","display_name":"National Security Agency","ror":"https://ror.org/0047bvr32"},{"id":"https://openalex.org/F4320312452","display_name":"Columbus State University","ror":"https://ror.org/002nf6z37"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W3211532247.pdf","grobid_xml":"https://content.openalex.org/works/W3211532247.grobid-xml"},"referenced_works_count":25,"referenced_works":["https://openalex.org/W1565896516","https://openalex.org/W1583799543","https://openalex.org/W1992236076","https://openalex.org/W2061673020","https://openalex.org/W2062062441","https://openalex.org/W2099829430","https://openalex.org/W2123821837","https://openalex.org/W2128945468","https://openalex.org/W2131712672","https://openalex.org/W2146132533","https://openalex.org/W2146486112","https://openalex.org/W2148275477","https://openalex.org/W2406005008","https://openalex.org/W2884143800","https://openalex.org/W3034692595","https://openalex.org/W3107748604","https://openalex.org/W3117170236","https://openalex.org/W3155567503","https://openalex.org/W3193217401","https://openalex.org/W3203971627","https://openalex.org/W3206112169","https://openalex.org/W4237313411","https://openalex.org/W4292478130","https://openalex.org/W6605166902","https://openalex.org/W6799823685"],"related_works":["https://openalex.org/W2171331105","https://openalex.org/W2362975861","https://openalex.org/W1592682627","https://openalex.org/W2290243676","https://openalex.org/W2385361142","https://openalex.org/W4295762832","https://openalex.org/W2103432623","https://openalex.org/W2366714142","https://openalex.org/W2277362400","https://openalex.org/W2023784850"],"abstract_inverted_index":{"A":[0],"long":[1],"interactive":[2],"TCP":[3,113],"connection":[4,23,44,61,94],"chain":[5,30,95],"has":[6],"been":[7],"widely":[8],"used":[9],"by":[10,33,211],"attackers":[11],"to":[12,48,96,111,224],"launch":[13],"their":[14],"attacks":[15],"and":[16,56,66,84,115,152],"thus":[17],"avoid":[18],"detection.":[19,228],"The":[20,156,175,196],"longer":[21],"a":[22,43,60,76,93,120],"chain,":[24,62],"the":[25,27,29,40,50,53,64,80,86,90,98,101,125,133,166,170,180,185,189,204,213,218],"higher":[26],"probability":[28],"is":[31,68,173,222],"exploited":[32],"attackers.":[34],"Round-trip":[35],"Time":[36],"(RTT)":[37],"can":[38,192,202],"represent":[39,97],"length":[41,99],"of":[42,82,88,92,100,139,169,179,206],"chain.":[45,102],"In":[46,70],"order":[47],"obtain":[49],"RTTs":[51,83,91],"from":[52,119,159,184],"sniffed":[54],"Send":[55,114],"Echo":[57,116],"packets":[58,117],"in":[59,137],"matching":[63],"Sends":[65],"Echoes":[67],"required.":[69],"this":[71],"paper,":[72],"we":[73,104],"first":[74],"model":[75],"network":[77],"traffic":[78],"as":[79],"collection":[81],"present":[85],"rationale":[87],"using":[89],"Second,":[103],"propose":[105],"applying":[106],"MMD":[107,126,171,181,197],"data":[108,127,198],"mining":[109,128,199],"algorithm":[110,130,151,172,182,201],"match":[112],"collected":[118],"connection.":[121],"We":[122],"found":[123],"that":[124,165],"packet-matching":[129,135,140,153,167,177,200,208,215],"outperforms":[131],"all":[132,212],"existing":[134,214],"algorithms":[136,216],"terms":[138],"rate":[141,178,209],"including":[142,217],"sequence":[143],"number-based":[144],"algorithm,":[145],"Yang's":[146],"approach,":[147],"Step-function,":[148],"Packet-matching":[149],"conservative":[150],"greedy":[154],"algorithm.":[155,220],"experimental":[157],"results":[158],"our":[160],"local":[161],"area":[162],"networks":[163],"showed":[164],"accuracy":[168],"100%.":[174],"average":[176],"obtained":[183],"experiments":[186],"conducted":[187],"under":[188],"Internet":[190],"context":[191],"reach":[193],"around":[194],"94%.":[195],"fix":[203],"issue":[205],"low":[207],"faced":[210],"state-of-the-art":[219],"It":[221],"applicable":[223],"network-based":[225],"stepping-stone":[226],"intrusion":[227]},"counts_by_year":[{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":3}],"updated_date":"2026-04-10T15:06:20.359241","created_date":"2025-10-10T00:00:00"}