{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,12]],"date-time":"2026-02-12T09:58:53Z","timestamp":1770890333809,"version":"3.50.1"},"reference-count":58,"publisher":"IEEE","license":[{"start":{"date-parts":[[2025,5,12]],"date-time":"2025-05-12T00:00:00Z","timestamp":1747008000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2025,5,12]],"date-time":"2025-05-12T00:00:00Z","timestamp":1747008000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025,5,12]]},"DOI":"10.1109\/noms57970.2025.11073723","type":"proceedings-article","created":{"date-parts":[[2025,7,15]],"date-time":"2025-07-15T17:40:26Z","timestamp":1752601226000},"page":"1-6","source":"Crossref","is-referenced-by-count":4,"title":["Advancing Network Monitoring with Packet-Level Records and Selective Flow Aggregation"],"prefix":"10.1109","author":[{"given":"Ina Berenice","family":"Fink","sequence":"first","affiliation":[{"name":"Communication and Distributed Systems, RWTH Aachen University,Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ike","family":"Kunze","sequence":"additional","affiliation":[{"name":"Communication and Distributed Systems, RWTH Aachen University,Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Pascal","family":"Hein","sequence":"additional","affiliation":[{"name":"Communication and Distributed Systems, RWTH Aachen University,Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jan","family":"Pennekamp","sequence":"additional","affiliation":[{"name":"Communication and Distributed Systems, RWTH Aachen University,Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Benjamin","family":"Standaert","sequence":"additional","affiliation":[{"name":"Washington University in St. Louis,Missouri,United States"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Klaus","family":"Wehrle","sequence":"additional","affiliation":[{"name":"Communication and Distributed Systems, RWTH Aachen University,Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jan","family":"R\u00fcth","sequence":"additional","affiliation":[{"name":"Communication and Distributed Systems, RWTH Aachen University,Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1109\/noms54207.2022.9789848"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.6028\/nist.sp.800-86"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1109\/MC.2012.252"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1109\/65.283931"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1109\/TNSM.2020.3034278"},{"key":"ref6","article-title":"Scaling Hardware Accelerated Network Monitoring to Concurrent and Dynamic Queries With *Flow","volume-title":"ATC","author":"Sonchack","year":"2018"},{"key":"ref7","volume-title":"Russia\u2019s war on Ukraine: Timeline of cyber-attacks","year":"2022"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2021.102248"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1109\/SURV.2010.032210.00054"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2014.2321898"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1109\/noms.2018.8406247"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-30633-4_11"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1109\/NCA51143.2020.9306732"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1109\/CNSM.2013.6727841"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1145\/3485983.3494861"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-90019-9_23"},{"key":"ref17","article-title":"Time-based Anomaly Detection using Autoen-coder","volume-title":"CNSM","author":"Salahuddin","year":"2020"},{"key":"ref18","author":"Yang","year":"2020","journal-title":"Feature Extraction for Novelty Detection in Network Traffic"},{"key":"ref19","volume-title":"nfdump","author":"Haag","year":"2015"},{"key":"ref20","volume-title":"Prototype Implementation of HybridMon","author":"Fink","year":"2025"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1016\/j.fsidi.2019.200892"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.17487\/rfc3954"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.17487\/rfc7011"},{"key":"ref24","article-title":"More Netflow Tools for Performance and Security","volume-title":"LISA","author":"Gates","year":"2004"},{"key":"ref25","volume-title":"nProbe","year":"2015"},{"issue":"11","key":"ref26","article-title":"Deep Packet Inspection for Intrusion Detection Systems: A Survey","volume":"24","author":"AbuHmed","year":"2007","journal-title":"Journal of the Korean Institute of Communication Sciences"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1145\/863955.863966"},{"key":"ref28","article-title":"Ourmon and Network Monitoring Performance","volume-title":"USENIX ATC","author":"Binkley","year":"2005"},{"key":"ref29","article-title":"Application-Aware Flow Monitoring","volume-title":"IM","author":"Velan","year":"2019"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-26362-5_7"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1145\/3230543.3230555"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1145\/3387514.3406214"},{"key":"ref33","article-title":"Dynamic Scheduling of Approximate Telemetry Queries","volume-title":"NSDI","author":"Misa","year":"2022"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1109\/noms56928.2023.10154335"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1109\/TNET.2024.3448244"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1109\/TNSM.2023.3301839"},{"key":"ref37","article-title":"A comprehensive p4-based monitoring framework for 14s leveraging in-band network telemetry","author":"Nguyen","year":"2023","journal-title":"NOMS"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1145\/2934872.2934906"},{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1109\/TNSM.2021.3058653"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2023.110162"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1109\/VTCFall.2019.8891487"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1145\/3190508.3190558"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1109\/LCN.2016.88"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1109\/HPSR52026.2021.9481849"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2021.24067"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.3390\/fi15110368"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1109\/noms.2016.7502895"},{"key":"ref48","article-title":"YAF: Yet Another Flowmeter","volume-title":"LISA","author":"Inacio","year":"2010"},{"key":"ref49","volume-title":"Intel\u00ae Tofino\u2122 Programmable Ethernet Switch ASIC","author":"Corporation","year":"2020"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1109\/ICNP.2018.00047"},{"key":"ref51","volume-title":"IP Flow Information Export (IPFIX) Entities","year":"2007"},{"key":"ref52","volume-title":"The CAIDA UCSD Anonymized Internet Traces 2011 _ DirA 20110607\u2013235600 UTC","year":"2011"},{"key":"ref53","volume-title":"The CAIDA UCSD Anonymized Internet Traces 2011 - DirB 20151217\u2013133400 UTC","year":"2011"},{"key":"ref54","volume-title":"The CAIDA UCSD Anonymized Internet Traces 2015 - DirA 20151217\u2013133400 UTC","year":"2015"},{"key":"ref55","volume-title":"The CAIDA UCSD Anonymized Internet Traces 2018 - DirA 20180816\u2013135200 UTC","year":"2018"},{"key":"ref56","volume-title":"Flowmon Probe","year":"2009"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.1145\/3419394.3423666"},{"key":"ref58","volume-title":"Vulnerabilities show why STARTTLS should be avoided if possible","author":"B\u00f6ck","year":"2021"}],"event":{"name":"NOMS 2025-2025 IEEE Network Operations and Management Symposium","location":"Honolulu, HI, USA","start":{"date-parts":[[2025,5,12]]},"end":{"date-parts":[[2025,5,16]]}},"container-title":["NOMS 2025-2025 IEEE Network Operations and Management Symposium"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/11073532\/11073571\/11073723.pdf?arnumber=11073723","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,16]],"date-time":"2025-07-16T05:38:22Z","timestamp":1752644302000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11073723\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,5,12]]},"references-count":58,"URL":"https:\/\/doi.org\/10.1109\/noms57970.2025.11073723","relation":{},"subject":[],"published":{"date-parts":[[2025,5,12]]}}}