乐胖代购免代理版

{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,5,23]],"date-time":"2024-05-23T06:35:32Z","timestamp":1716446132539},"reference-count":47,"publisher":"Wiley","issue":"3","license":[{"start":{"date-parts":[[2021,8,13]],"date-time":"2021-08-13T00:00:00Z","timestamp":1628812800000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/onlinelibrary.wiley.com\/termsAndConditions#vor"}],"content-domain":{"domain":["onlinelibrary.wiley.com"],"crossmark-restriction":true},"short-container-title":["Concurrency and Computation"],"published-print":{"date-parts":[[2022,2]]},"abstract":"Summary<\/jats:title>Late detection of security breaches increases the risk of irreparable damages and limits any mitigation attempts. We propose a fast and accurate threat detection and prevention architecture that combines the advantages of real\u2010time streaming with batch processing over a historical database. We create a dataset by capturing both legitimate and malicious traffic and propose two ways of combining packets into flows, one considering a time window and the other analyzing the first few packets of each flow per period. We also investigate the effectiveness of our proposal on real\u2010world network traces obtained from a significant Brazilian network operator providing broadband Internet to their customers. We implement and evaluate three classification algorithms and two anomaly detection methods. The results show an accuracy higher than 95% and an excellent trade\u2010off between attack detection and false\u2010positive rates. We further propose an improved scheme based on software defined networks that automatically prevents threats by analyzing only the first few packets of a flow. The proposal promptly and efficiently blocks threats, is robust, and can scale up, even when the attacker employs spoofed IP.<\/jats:p>","DOI":"10.1002\/cpe.6561","type":"journal-article","created":{"date-parts":[[2021,8,13]],"date-time":"2021-08-13T09:18:23Z","timestamp":1628846303000},"update-policy":"http:\/\/dx.doi.org\/10.1002\/crossmark_policy","source":"Crossref","is-referenced-by-count":3,"title":["A fast and accurate threat detection and prevention architecture using stream processing"],"prefix":"10.1002","volume":"34","author":[{"ORCID":"http:\/\/orcid.org\/0000-0002-1544-2333","authenticated-orcid":false,"given":"Antonio G. Pastana","family":"Lobato","sequence":"first","affiliation":[{"name":"GTA\/COPPE\/UFRJ Universidade Federal do Rio de Janeiro Rio de Janeiro Brazil"}]},{"ORCID":"http:\/\/orcid.org\/0000-0002-4170-4341","authenticated-orcid":false,"given":"Martin","family":"Andreoni Lopez","sequence":"additional","affiliation":[{"name":"GTA\/COPPE\/UFRJ Universidade Federal do Rio de Janeiro Rio de Janeiro Brazil"},{"name":"Laboratoire d'Informatique de Paris 6, CNRS Sorbonne Universit\u00e9 Paris France"}]},{"ORCID":"http:\/\/orcid.org\/0000-0002-5142-9750","authenticated-orcid":false,"given":"Alvaro A.","family":"Cardenas","sequence":"additional","affiliation":[{"name":"Department of Computer Science and Engineering University of California, Santa Cruz Santa Cruz, CA USA"}]},{"ORCID":"http:\/\/orcid.org\/0000-0002-6642-4100","authenticated-orcid":false,"given":"Otto Carlos M. B.","family":"Duarte","sequence":"additional","affiliation":[{"name":"GTA\/COPPE\/UFRJ Universidade Federal do Rio de Janeiro Rio de Janeiro Brazil"}]},{"ORCID":"http:\/\/orcid.org\/0000-0003-4147-7270","authenticated-orcid":false,"given":"Guy","family":"Pujolle","sequence":"additional","affiliation":[{"name":"Laboratoire d'Informatique de Paris 6, CNRS Sorbonne Universit\u00e9 Paris France"}]}],"member":"311","published-online":{"date-parts":[[2021,8,13]]},"reference":[{"key":"e_1_2_10_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/2627534.2627557"},{"key":"e_1_2_10_3_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2013.138"},{"key":"e_1_2_10_4_1","doi-asserted-by":"publisher","DOI":"10.1109\/icc.2011.5963443"},{"key":"e_1_2_10_5_1","first-page":"1","article-title":"Detection and trace back of low and high volume of distributed denial\u2010of\u2010service attack based on statistical measures","author":"Thangavel S","year":"2019","journal-title":"Concurr Comput Pract Exper"},{"key":"e_1_2_10_6_1","volume-title":"Kaspersky DDoS Intelligence Report for Q1 2016","author":"Kaspersky","year":"2016"},{"key":"e_1_2_10_7_1","doi-asserted-by":"publisher","DOI":"10.1002\/cpe.5114"},{"key":"e_1_2_10_8_1","doi-asserted-by":"publisher","DOI":"10.1109\/SURV.2013.100213.00143"},{"key":"e_1_2_10_9_1","doi-asserted-by":"publisher","DOI":"10.1016\/S1353-4858(15)30026-X"},{"key":"e_1_2_10_10_1","doi-asserted-by":"publisher","DOI":"10.1109\/icc.2011.5962652"},{"key":"e_1_2_10_11_1","doi-asserted-by":"publisher","DOI":"10.1109\/LCN.2007.15"},{"key":"e_1_2_10_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2015.2494502"},{"key":"e_1_2_10_13_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2015.12.004"},{"key":"e_1_2_10_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/1090191.1080118"},{"key":"e_1_2_10_15_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2015.11.024"},{"key":"e_1_2_10_16_1","doi-asserted-by":"publisher","DOI":"10.1002\/cpe.3061"},{"key":"e_1_2_10_17_1","doi-asserted-by":"crossref","unstructured":"RingbergH SouleA RexfordJ DiotC.Sensitivity of PCA for traffic anomaly detection. Paper presented at: ACM SIGMETRICS San Diego CA USA; 2007:109\u2010120.","DOI":"10.1145\/1269899.1254895"},{"key":"e_1_2_10_18_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.comcom.2016.12.007"},{"key":"e_1_2_10_19_1","doi-asserted-by":"crossref","first-page":"e5013","DOI":"10.1002\/cpe.5013","article-title":"Real\u2010time anomaly detection using parallelized intrusion detection architecture for streaming data","volume":"32","author":"Chellammal P","year":"2020","journal-title":"Concurr Comput Pract Exper"},{"key":"e_1_2_10_20_1","doi-asserted-by":"publisher","DOI":"10.1002\/cpe.3633"},{"key":"e_1_2_10_21_1","doi-asserted-by":"publisher","DOI":"10.1002\/cpe.3955"},{"key":"e_1_2_10_22_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.comcom.2016.12.001"},{"key":"e_1_2_10_23_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.ins.2014.03.066"},{"key":"e_1_2_10_24_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2018.09.051"},{"key":"e_1_2_10_25_1","doi-asserted-by":"publisher","DOI":"10.1002\/cpe.5189"},{"key":"e_1_2_10_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/BigData47090.2019.9006337"},{"key":"e_1_2_10_27_1","doi-asserted-by":"publisher","DOI":"10.1002\/cpe.5344"},{"key":"e_1_2_10_28_1","doi-asserted-by":"crossref","unstructured":"CardenasAA BarasJS&SeamonKA framework for the evaluation of intrusion detection systems. Paper presented at: IEEE Symposium on Security and Privacy (SP'06) Oakland California USA; 2006:15\u201077.","DOI":"10.1109\/SP.2006.2"},{"key":"e_1_2_10_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/312129.312212"},{"key":"e_1_2_10_30_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.comcom.2011.07.001"},{"key":"e_1_2_10_31_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2006.05.003"},{"key":"e_1_2_10_32_1","doi-asserted-by":"publisher","DOI":"10.1007\/s12243-016-0506-y"},{"key":"e_1_2_10_33_1","doi-asserted-by":"crossref","unstructured":"Andreoni LopezM DuarteOCMB.Providing elasticity to intrusion detection systems in virtualized software defined networks. Paper presented at: IEEE International Conference on Communications (ICC'15) London England UK; 2015:7120\u20107125.","DOI":"10.1109\/ICC.2015.7249462"},{"key":"e_1_2_10_34_1","doi-asserted-by":"crossref","unstructured":"Andreoni LopezM.A Monitoring and Threat Detection System Using Stream Processing as a Virtual Function for Big Data. PhD thesis. Universidade Fedral do Rio de Janeiro and Sorbonne Universit\u00e9;2018.","DOI":"10.5753\/sbrc_estendido.2019.7789"},{"key":"e_1_2_10_35_1","doi-asserted-by":"publisher","DOI":"10.1109\/MNET.2015.7113225"},{"key":"e_1_2_10_36_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.comcom.2018.03.008"},{"key":"e_1_2_10_37_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2018.11.005"},{"key":"e_1_2_10_38_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICC.2018.8422622"},{"key":"e_1_2_10_39_1","doi-asserted-by":"crossref","unstructured":"RychlyM KodaP&SmrzPScheduling decisions in stream processing on heterogeneous clusters. Paper presented at: Eighth International Conference on Complex Intelligent and Software Intensive Systems (CISIS) Birmingham City University Birmingham UK; 2014:614\u2010619.","DOI":"10.1109\/CISIS.2014.94"},{"key":"e_1_2_10_40_1","volume-title":"Big Data: Principles and Best Practices of Scalable Realtime Data Systems","author":"Marz N","year":"2013"},{"key":"e_1_2_10_41_1","doi-asserted-by":"crossref","unstructured":"Andreoni LopezM LobatoA DuarteOCMB.A performance comparison of open\u2010source stream processing platforms. Paper presented at: IEEE GLOBECOM Washington USA; 2016:1\u20106.","DOI":"10.1109\/GLOCOM.2016.7841533"},{"key":"e_1_2_10_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/1871437.1871535"},{"key":"e_1_2_10_43_1","first-page":"12","volume-title":"Proceedings of DARPA Information Survivability Conference and Exposition. DISCEX'00","author":"Lippmann RP","year":"2000"},{"key":"e_1_2_10_44_1","doi-asserted-by":"publisher","DOI":"10.1109\/CISDA.2009.5356528"},{"key":"e_1_2_10_45_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.25"},{"key":"e_1_2_10_46_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2014.05.011"},{"key":"e_1_2_10_47_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2018.2805680"},{"key":"e_1_2_10_48_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.bjp.2014.01.002"}],"container-title":["Concurrency and Computation: Practice and Experience"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/onlinelibrary.wiley.com\/doi\/pdf\/10.1002\/cpe.6561","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/onlinelibrary.wiley.com\/doi\/full-xml\/10.1002\/cpe.6561","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/onlinelibrary.wiley.com\/doi\/pdf\/10.1002\/cpe.6561","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,11,7]],"date-time":"2023-11-07T10:06:51Z","timestamp":1699351611000},"score":1,"resource":{"primary":{"URL":"https:\/\/onlinelibrary.wiley.com\/doi\/10.1002\/cpe.6561"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,8,13]]},"references-count":47,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2022,2]]}},"alternative-id":["10.1002\/cpe.6561"],"URL":"https:\/\/doi.org\/10.1002\/cpe.6561","archive":["Portico"],"relation":{},"ISSN":["1532-0626","1532-0634"],"issn-type":[{"value":"1532-0626","type":"print"},{"value":"1532-0634","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,8,13]]},"assertion":[{"value":"2020-07-02","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2021-07-20","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2021-08-13","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}