{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,13]],"date-time":"2026-01-13T15:25:20Z","timestamp":1768317920117,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":57,"publisher":"ACM","license":[{"start":{"date-parts":[[2017,11,28]],"date-time":"2017-11-28T00:00:00Z","timestamp":1511827200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2017,11,28]]},"DOI":"10.1145\/3143361.3143399","type":"proceedings-article","created":{"date-parts":[[2017,11,22]],"date-time":"2017-11-22T16:30:38Z","timestamp":1511368238000},"page":"134-146","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":8,"title":["Jaal"],"prefix":"10.1145","author":[{"given":"Azeem","family":"Aqil","sequence":"first","affiliation":[{"name":"UC Riverside"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Karim","family":"Khalil","sequence":"additional","affiliation":[{"name":"UC Riverside"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ahmed O.F.","family":"Atya","sequence":"additional","affiliation":[{"name":"UC Riverside"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Evangelos E.","family":"Papalexakis","sequence":"additional","affiliation":[{"name":"UC Riverside"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Srikanth V.","family":"Krishnamurthy","sequence":"additional","affiliation":[{"name":"UC Riverside"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Trent","family":"Jaeger","sequence":"additional","affiliation":[{"name":"The Pennsylvania State University"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"K. K.","family":"Ramakrishnan","sequence":"additional","affiliation":[{"name":"UC Riverside"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Paul","family":"Yu","sequence":"additional","affiliation":[{"name":"U.S. Army Research Laboratory"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ananthram","family":"Swami","sequence":"additional","affiliation":[{"name":"U.S. Army Research Laboratory"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2017,11,28]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"2001. Strategies to Reduce False Positives and False Negatives in NIDS. https:\/\/www.symantec.com\/connect\/articles\/strategies-reduce-false-positives-and-false-negatives-nids. (2001).  2001. Strategies to Reduce False Positives and False Negatives in NIDS. https:\/\/www.symantec.com\/connect\/articles\/strategies-reduce-false-positives-and-false-negatives-nids. (2001)."},{"key":"e_1_3_2_1_2_1","unstructured":"2012. Sockstress Tools & Source Code. https:\/\/defuse.ca\/sockstress.htm. (2012).  2012. Sockstress Tools & Source Code. https:\/\/defuse.ca\/sockstress.htm. (2012)."},{"key":"e_1_3_2_1_3_1","volume-title":"The Expanding Role of Service Providers in DDoS Mitigation. https:\/\/resources.arbornetworks.com\/i\/481939-the-expanding-role-of-service-providers-in-ddos-mitigation?hubItemID=55526068. (2015). {Online","year":"2017","unstructured":"2015. The Expanding Role of Service Providers in DDoS Mitigation. https:\/\/resources.arbornetworks.com\/i\/481939-the-expanding-role-of-service-providers-in-ddos-mitigation?hubItemID=55526068. (2015). {Online ; accessed 23- Jan- 2017 }. 2015. The Expanding Role of Service Providers in DDoS Mitigation. https:\/\/resources.arbornetworks.com\/i\/481939-the-expanding-role-of-service-providers-in-ddos-mitigation?hubItemID=55526068. (2015). {Online; accessed 23-Jan-2017}."},{"key":"e_1_3_2_1_4_1","volume-title":"The Biggest Data Breaches","year":"2016","unstructured":"2016. The Biggest Data Breaches in 2016 , So Far . https:\/\/www.identityforce.com\/blog\/2016-data-breaches. (2016). {Online; accessed 10-Jan-2017}. 2016. The Biggest Data Breaches in 2016, So Far. https:\/\/www.identityforce.com\/blog\/2016-data-breaches. (2016). {Online; accessed 10-Jan-2017}."},{"key":"e_1_3_2_1_5_1","unstructured":"2016. How the Dyn DDoS attack unfolded. http:\/\/www.networkworld.com\/article\/3134057\/security\/how-the-dyn-ddos-attack-unfolded.html. (2016).  2016. How the Dyn DDoS attack unfolded. http:\/\/www.networkworld.com\/article\/3134057\/security\/how-the-dyn-ddos-attack-unfolded.html. (2016)."},{"key":"e_1_3_2_1_6_1","unstructured":"2016. jgamblin\/Mirai-Source-Code. https:\/\/github.com\/jgamblin\/Mirai-Source-Code. (2016).  2016. jgamblin\/Mirai-Source-Code. https:\/\/github.com\/jgamblin\/Mirai-Source-Code. (2016)."},{"key":"e_1_3_2_1_7_1","unstructured":"2016. KrebsOnSecurity Hit With Record DDoS. https:\/\/krebsonsecurity.com\/2016\/09\/krebsonsecurity-hit-with-record-ddos\/. (2016).  2016. KrebsOnSecurity Hit With Record DDoS. https:\/\/krebsonsecurity.com\/2016\/09\/krebsonsecurity-hit-with-record-ddos\/. (2016)."},{"key":"e_1_3_2_1_8_1","unstructured":"2016. Large DDoS attacks cause outages at Twitter Spotify and other sites. https:\/\/techcrunch.com\/2016\/10\/21\/many-sites-including-twitter-and-spotify-suffering-outage\/. (2016).  2016. Large DDoS attacks cause outages at Twitter Spotify and other sites. https:\/\/techcrunch.com\/2016\/10\/21\/many-sites-including-twitter-and-spotify-suffering-outage\/. (2016)."},{"key":"e_1_3_2_1_9_1","unstructured":"2016. Lessons From the Dyn DDoS Attack. https:\/\/www.schneier.com\/blog\/archives\/2016\/11\/lessons_from_th_5.html. (2016).  2016. Lessons From the Dyn DDoS Attack. https:\/\/www.schneier.com\/blog\/archives\/2016\/11\/lessons_from_th_5.html. (2016)."},{"key":"e_1_3_2_1_10_1","unstructured":"2016. Mirai IoT Botnet Description and DDoS Attack Mitigation. https:\/\/www.arbornetworks.com\/blog\/asert\/mirai-iot-botnet-description-ddos-attack-mitigation\/. (2016).  2016. Mirai IoT Botnet Description and DDoS Attack Mitigation. https:\/\/www.arbornetworks.com\/blog\/asert\/mirai-iot-botnet-description-ddos-attack-mitigation\/. (2016)."},{"key":"e_1_3_2_1_11_1","unstructured":"2016. Mirai: what you need to know about the botnet behind recent major DDoS attacks. https:\/\/www.symantec.com\/connect\/blogs\/mirai-what-you-need-know-about-botnet-behind-recent-major-ddos-attacks. (2016).  2016. Mirai: what you need to know about the botnet behind recent major DDoS attacks. https:\/\/www.symantec.com\/connect\/blogs\/mirai-what-you-need-know-about-botnet-behind-recent-major-ddos-attacks. (2016)."},{"key":"e_1_3_2_1_12_1","unstructured":"2016. Someone Is Learning How to Take Down the Internet. https:\/\/www.schneier.com\/blog\/archives\/2016\/09\/someone_is_lear.html. (2016).  2016. Someone Is Learning How to Take Down the Internet. https:\/\/www.schneier.com\/blog\/archives\/2016\/09\/someone_is_lear.html. (2016)."},{"key":"e_1_3_2_1_13_1","unstructured":"2016. Top 7 types of network attacks. http:\/\/www.calyptix.com\/top-threats\/top-7-network-attack-types-2016\/. (2016).  2016. Top 7 types of network attacks. http:\/\/www.calyptix.com\/top-threats\/top-7-network-attack-types-2016\/. (2016)."},{"key":"e_1_3_2_1_14_1","unstructured":"2017. Cyber-Hunting at Scale (CHASE). https:\/\/www.fbo.gov\/index?s=opportunity&mode=form&id=a6b09e0661902c71a9c3205db0ff55d&tab=core&_cview=1. (2017).  2017. Cyber-Hunting at Scale (CHASE). https:\/\/www.fbo.gov\/index?s=opportunity&mode=form&id=a6b09e0661902c71a9c3205db0ff55d&tab=core&_cview=1. (2017)."},{"key":"e_1_3_2_1_15_1","unstructured":"2017. MAWI Working Group Traffic Archive. http:\/\/mawi.wide.ad.jp\/mawi\/. (2017).  2017. MAWI Working Group Traffic Archive. http:\/\/mawi.wide.ad.jp\/mawi\/. (2017)."},{"key":"e_1_3_2_1_16_1","unstructured":"2017. Nmap: the Network Mapper. https:\/\/nmap.org. (2017).  2017. Nmap: the Network Mapper. https:\/\/nmap.org. (2017)."},{"key":"e_1_3_2_1_17_1","unstructured":"2017. Rule Doc Search. https:\/\/snort.org\/rule-docs. (2017).  2017. Rule Doc Search. https:\/\/snort.org\/rule-docs. (2017)."},{"key":"e_1_3_2_1_18_1","unstructured":"2017. Ryu SDN Framework. https:\/\/osrg.github.io\/ryu\/. (2017).  2017. Ryu SDN Framework. https:\/\/osrg.github.io\/ryu\/. (2017)."},{"key":"e_1_3_2_1_19_1","first-page":"1","year":"2017","unstructured":"2017 . Sid 1 - 19559 . https:\/\/www.snort.org\/rule_docs\/1-19559. (2017). 2017. Sid 1-19559. https:\/\/www.snort.org\/rule_docs\/1-19559. (2017).","journal-title":"Sid"},{"key":"e_1_3_2_1_20_1","first-page":"3","year":"2017","unstructured":"2017 . Sid 3 - 16294 . https:\/\/www.snort.org\/rule_docs\/3-16294. (2017). 2017. Sid 3-16294. https:\/\/www.snort.org\/rule_docs\/3-16294. (2017).","journal-title":"Sid"},{"key":"e_1_3_2_1_21_1","unstructured":"2017. Snort. https:\/\/www.snort.org. (2017).  2017. Snort. https:\/\/www.snort.org. (2017)."},{"key":"e_1_3_2_1_22_1","unstructured":"2017. Snort Users Manual. https:\/\/www.snort.org\/documents\/snort-users-manual. (2017).  2017. Snort Users Manual. https:\/\/www.snort.org\/documents\/snort-users-manual. (2017)."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10107-003-0436-0"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10994-009-5103-0"},{"key":"e_1_3_2_1_25_1","unstructured":"Manos Antonakakis Tim April Michael Bailey Matt Bernhard Elie Bursztein Jaime Cochran Zakir Durumeric J Alex Halderman Luca Invernizzi Michalis Kallitsis etal 2017. Understanding the Mirai Botnet. (2017).  Manos Antonakakis Tim April Michael Bailey Matt Bernhard Elie Bursztein Jaime Cochran Zakir Durumeric J Alex Halderman Luca Invernizzi Michalis Kallitsis et al. 2017. Understanding the Mirai Botnet. (2017)."},{"key":"e_1_3_2_1_26_1","volume-title":"Proceedings of the eighteenth annual ACM-SIAM symposium on Discrete algorithms. Society for Industrial and Applied Mathematics, 1027--1035","author":"Arthur David","year":"2007","unstructured":"David Arthur and Sergei Vassilvitskii . 2007 . k-means++: The advantages of careful seeding . In Proceedings of the eighteenth annual ACM-SIAM symposium on Discrete algorithms. Society for Industrial and Applied Mathematics, 1027--1035 . David Arthur and Sergei Vassilvitskii. 2007. k-means++: The advantages of careful seeding. In Proceedings of the eighteenth annual ACM-SIAM symposium on Discrete algorithms. Society for Industrial and Applied Mathematics, 1027--1035."},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1016\/0304-3975(94)90153-8"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1006\/jagm.1995.0799"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/146585.146588"},{"key":"e_1_3_2_1_30_1","volume-title":"IFIP Networking Conference","author":"Braun Lothar","year":"2013","unstructured":"Lothar Braun , Cornelius Diekmann , Nils Kammenhuber , and Georg Carle . 2013 . Adaptive load-aware sampling for network monitoring on multicore commodity hardware . In IFIP Networking Conference , 2013. IEEE, 1--9. Lothar Braun, Cornelius Diekmann, Nils Kammenhuber, and Georg Carle. 2013. Adaptive load-aware sampling for network monitoring on multicore commodity hardware. In IFIP Networking Conference, 2013. IEEE, 1--9."},{"key":"e_1_3_2_1_31_1","volume-title":"An assessment of the DARPA IDS Evaluation Dataset using Snort. UCDAVIS department of Computer Science 1","author":"Terry Brugger S","year":"2007","unstructured":"S Terry Brugger and Jedidiah Chow . 2007. An assessment of the DARPA IDS Evaluation Dataset using Snort. UCDAVIS department of Computer Science 1 , 2007 (2007), 22. S Terry Brugger and Jedidiah Chow. 2007. An assessment of the DARPA IDS Evaluation Dataset using Snort. UCDAVIS department of Computer Science 1, 2007 (2007), 22."},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICEBE.2013.26"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1016\/S1353-4858(16)30095-2"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1109\/NOMS.2014.6838227"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/1314690.1314696"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1007\/BF02288367"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/1030194.1015495"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/2413176.2413218"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1109\/INFOCOM.2008.14"},{"key":"e_1_3_2_1_40_1","volume-title":"Principal component analysis","author":"Jolliffe Ian","unstructured":"Ian Jolliffe . 2002. Principal component analysis . Wiley Online Library . Ian Jolliffe. 2002. Principal component analysis. Wiley Online Library."},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1109\/INFCOM.2007.305"},{"key":"e_1_3_2_1_42_1","volume-title":"Open Source IDS High Performance Shootout. White Paper","author":"Khalil George","unstructured":"George Khalil . 2015. Open Source IDS High Performance Shootout. White Paper . SANS Institute . George Khalil. 2015. Open Source IDS High Performance Shootout. White Paper. SANS Institute."},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1145\/948205.948236"},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/2934872.2934906"},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIT.1982.1056489"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/1177080.1177102"},{"key":"e_1_3_2_1_47_1","volume-title":"Proceedings of RAID","volume":"2001","author":"Patton Samuel","year":"2001","unstructured":"Samuel Patton , William Yurcik , and David Doss . 2001 . An Achilles\u00e2\u0102Ź heel in signature-based IDS: Squealing false positives in SNORT . In Proceedings of RAID , Vol. 2001 . Samuel Patton, William Yurcik, and David Doss. 2001. An Achilles\u00e2\u0102Ź heel in signature-based IDS: Squealing false positives in SNORT. In Proceedings of RAID, Vol. 2001."},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1016\/S1389-1286(99)00112-7"},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1145\/1452520.1452551"},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.5555\/1039834.1039864"},{"key":"e_1_3_2_1_51_1","volume-title":"Data mining and knowledge discovery handbook","author":"Rokach Lior","unstructured":"Lior Rokach and Oded Maimon . 2005. Web Mining . In Data mining and knowledge discovery handbook . Springer , 321--352. Lior Rokach and Oded Maimon. 2005. Web Mining. In Data mining and knowledge discovery handbook. Springer, 321--352."},{"key":"e_1_3_2_1_52_1","first-page":"233","article-title":"CSAMP: A System for Network-Wide Flow Monitoring","volume":"8","author":"Sekar Vyas","year":"2008","unstructured":"Vyas Sekar , Michael K Reiter , Walter Willinger , Hui Zhang , Ramana Rao Kompella , and David G Andersen . 2008 . CSAMP: A System for Network-Wide Flow Monitoring . In NSDI , Vol. 8. 233 -- 246 . Vyas Sekar, Michael K Reiter, Walter Willinger, Hui Zhang, Ramana Rao Kompella, and David G Andersen. 2008. CSAMP: A System for Network-Wide Flow Monitoring. In NSDI, Vol. 8. 233--246.","journal-title":"NSDI"},{"key":"e_1_3_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1145\/1879141.1879186"},{"key":"e_1_3_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1145\/2627566.2627579"},{"key":"e_1_3_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1145\/964725.633039"},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1145\/3147.3165"},{"key":"e_1_3_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.1109\/INFCOM.2007.207"}],"event":{"name":"CoNEXT '17: The 13th International Conference on emerging Networking EXperiments and Technologies","location":"Incheon Republic of Korea","acronym":"CoNEXT '17","sponsor":["SIGCOMM ACM Special Interest Group on Data Communication"]},"container-title":["Proceedings of the 13th International Conference on emerging Networking EXperiments and Technologies"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3143361.3143399","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3143361.3143399","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T02:13:21Z","timestamp":1750212801000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3143361.3143399"}},"subtitle":["Towards Network Intrusion Detection at ISP Scale"],"short-title":[],"issued":{"date-parts":[[2017,11,28]]},"references-count":57,"alternative-id":["10.1145\/3143361.3143399","10.1145\/3143361"],"URL":"https:\/\/doi.org\/10.1145\/3143361.3143399","relation":{},"subject":[],"published":{"date-parts":[[2017,11,28]]},"assertion":[{"value":"2017-11-28","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}