{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,14]],"date-time":"2026-03-14T05:59:14Z","timestamp":1773467954835,"version":"3.50.1"},"reference-count":26,"publisher":"IEEE","license":[{"start":{"date-parts":[[2025,10,16]],"date-time":"2025-10-16T00:00:00Z","timestamp":1760572800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2025,10,16]],"date-time":"2025-10-16T00:00:00Z","timestamp":1760572800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025,10,16]]},"DOI":"10.1109\/iccp68926.2025.11427124","type":"proceedings-article","created":{"date-parts":[[2026,3,13]],"date-time":"2026-03-13T19:51:37Z","timestamp":1773431497000},"page":"1-8","source":"Crossref","is-referenced-by-count":0,"title":["Detecting Anomalies in Distributed RPC Traffic with Isolation Forests"],"prefix":"10.1109","author":[{"given":"Muntea","family":"Andrei-Marius","sequence":"first","affiliation":[{"name":"Technical University of Cluj-Napoca, Bitdefender,Cluj-Napoca,Romania"}]},{"given":"Portase","family":"Radu-Marian","sequence":"additional","affiliation":[{"name":"Technical University of Cluj-Napoca, Bitdefender,Cluj-Napoca,Romania"}]},{"given":"Sebestyen-Pal","family":"Gheorghe","sequence":"additional","affiliation":[{"name":"Technical University of Cluj-Napoca,Cluj-Napoca,Romania"}]}],"member":"263","reference":[{"key":"ref2","article-title":"Msrpc-to-attack: A repository mapping msrpc protocols to mitre att&ck","author":"Jhnson","year":"2025","journal-title":"GitHub repository"},{"key":"ref3","article-title":"Mitre att&ck\u00ae: A knowledge base of adversary tactics and techniques","year":"2025"},{"key":"ref4","article-title":"Impacket","year":"2024","journal-title":"A collection of Python classes for working with network protocols; supports MSRPC v5 over TCP and SMB"},{"key":"ref5","article-title":"rpc-anomaly-lab: Detecting anomalies in distributed rpc traffic with isolation forests","author":"Andrei-Marius","year":"2025","journal-title":"GitHub repository"},{"key":"ref6","article-title":"Introducing rpc investigator","author":"LeMasters","year":"2023","journal-title":"Trail of Bits blog post."},{"key":"ref7","article-title":"Rpcview: A free tool to explore and decompile microsoft rpc interfaces","year":"2023","journal-title":"silverf0x"},{"key":"ref8","article-title":"Windowsrpcclients: A collection of c# rpc clients","author":"Forshaw","year":"2023","journal-title":"Repository presenting a list of RPC interfaces extracted from Windows 7 up to Windows 10 21H1"},{"key":"ref9","article-title":"Bzar: A set of zeek scripts to detect att&ck techniques","author":"ATT&CK","year":"2023","journal-title":"GitHub repository."},{"key":"ref10","volume-title":"ALPC Logger"},{"key":"ref11","first-page":"2025","article-title":"Wireshark","year":"2025","journal-title":"Wireshark Foundation"},{"key":"ref12","article-title":"Lateral movement detection using user behavioral analysis","author":"Kushwaha","year":"2022"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1016\/j.comcom.2020.10.013"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1371\/journal.pone.0263423"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1016\/j.hcc.2022.100050"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1109\/CISDA.2009.5356528"},{"key":"ref17","article-title":"Comprehensive, Multi-Source Cyber-Security Events Dataset","volume-title":"Release of anonymized enterprise network event logs, 58 days","author":"Kent","year":"2015"},{"key":"ref18","volume-title":"Mastering Microsoft Windows Server 2003 R2","author":"Minasi","year":"2006"},{"key":"ref19","first-page":"2025","article-title":"Elasticsearch","year":"2025","journal-title":"Elastic"},{"key":"ref20","article-title":"Ghosts: Generic hart operations simulation traffic","year":"2021"},{"key":"ref21","article-title":"Brace for impacket","author":"Babinski","year":"2023","journal-title":"Impacket ranked second most used malicious toolkit in 2023"},{"key":"ref22","article-title":"Psexec","year":"2025","journal-title":"Sysinternals tool for remote command execution via Service Control Manager (svcctl)"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1109\/ICDM.2008.17"},{"key":"ref24","article-title":"pandas-dev\/pandas: Pandas","year":"2020","journal-title":"The pandas development team"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.48550\/arXiv.1201.0490"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1145\/342009.335388"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2024.104190"}],"event":{"name":"2025 IEEE 21st International Conference on Intelligent Computer Communication and Processing (ICCP)","location":"Cluj-Napoca, Romania","start":{"date-parts":[[2025,10,16]]},"end":{"date-parts":[[2025,10,18]]}},"container-title":["2025 IEEE 21st International Conference on Intelligent Computer Communication and Processing (ICCP)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/11427093\/11427059\/11427124.pdf?arnumber=11427124","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,3,14]],"date-time":"2026-03-14T05:08:33Z","timestamp":1773464913000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11427124\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,10,16]]},"references-count":26,"URL":"https:\/\/doi.org\/10.1109\/iccp68926.2025.11427124","relation":{},"subject":[],"published":{"date-parts":[[2025,10,16]]}}}