{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,2,21]],"date-time":"2025-02-21T14:43:55Z","timestamp":1740149035447,"version":"3.37.3"},"reference-count":18,"publisher":"Wiley","license":[{"start":{"date-parts":[[2019,2,6]],"date-time":"2019-02-06T00:00:00Z","timestamp":1549411200000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"OP VVV","award":["CZ.02.1.01\/0.0\/0.0\/16_019\/0000765"],"award-info":[{"award-number":["CZ.02.1.01\/0.0\/0.0\/16_019\/0000765"]}]},{"name":"CESNET","award":["CZ.02.1.01\/0.0\/0.0\/16_019\/0000765"],"award-info":[{"award-number":["CZ.02.1.01\/0.0\/0.0\/16_019\/0000765"]}]},{"name":"CERIT Scientific Cloud","award":["CZ.02.1.01\/0.0\/0.0\/16_019\/0000765"],"award-info":[{"award-number":["CZ.02.1.01\/0.0\/0.0\/16_019\/0000765"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Security and Communication Networks"],"published-print":{"date-parts":[[2019,2,6]]},"abstract":"<jats:p>To perform sophisticated traffic analysis, such as intrusion detection, network monitoring tools firstly need to extract higher-level information from lower-level data by reconstructing events and activities from as primitive information as individual network packets or traffic flows. Aggregating communication data into meaningful entities is an open problem and existing, typically clustering-based, solutions are often highly suboptimal, producing results that may misinterpret the extracted information and consequently miss many network events. We propose a novel method for the extraction of various predefined types of network events from raw network flow data. The new method is based on analysis of computational properties of the event types as prescribed by their attributes in a given descriptive language. The corresponding events are then extracted with a supreme recall as compared to a respective event extraction part of an in-production intrusion detection system Camnep.<\/jats:p>","DOI":"10.1155\/2019\/8954914","type":"journal-article","created":{"date-parts":[[2019,2,6]],"date-time":"2019-02-06T18:31:43Z","timestamp":1549477903000},"page":"1-18","source":"Crossref","is-referenced-by-count":4,"title":["Efficient Extraction of Network Event Types from NetFlows"],"prefix":"10.1155","volume":"2019","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-6964-4232","authenticated-orcid":true,"given":"Gustav","family":"Sourek","sequence":"first","affiliation":[{"name":"Department of Computer Science, Czech Technical University, Czech Republic"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Filip","family":"Zelezny","sequence":"additional","affiliation":[{"name":"Department of Computer Science, Czech Technical University, Czech Republic"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"311","reference":[{"key":"3","doi-asserted-by":"publisher","DOI":"10.1145\/1090191.1080119"},{"key":"4","doi-asserted-by":"publisher","DOI":"10.1145\/1129582.1129589"},{"key":"7","doi-asserted-by":"publisher","DOI":"10.1109\/SURV.2008.080406"},{"key":"10","first-page":"205","volume":"3015","year":"2004","journal-title":"Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics): Preface"},{"volume-title":"Learning intrusion detection: supervised or unsupervised?","year":"2005","key":"15"},{"journal-title":"Europian conference in Artificial Intelligence","year":"2012","key":"17"},{"key":"18","doi-asserted-by":"publisher","DOI":"10.1109\/MIS.2009.42"},{"key":"21","doi-asserted-by":"publisher","DOI":"10.1145\/382912.382923"},{"journal-title":"Progress in informatics, special issue: the future of software engineering for security and privacy","year":"2008","key":"22"},{"journal-title":"US Defense Technical Information Center","year":"2012","key":"23"},{"key":"24","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-20034-7_9"},{"journal-title":"Security and Privacy in Communication Networks","year":"2013","key":"25"},{"journal-title":"Advances in Neural Information Processing Systems","year":"2002","key":"26"},{"year":"2009","key":"27"},{"year":"1993","key":"28"},{"journal-title":"International Journal of Web Applications","year":"2009","key":"29"},{"key":"30","doi-asserted-by":"publisher","DOI":"10.1145\/2455.2461"},{"key":"31","doi-asserted-by":"publisher","DOI":"10.1287\/mnsc.30.6.765"}],"container-title":["Security and Communication Networks"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/downloads.hindawi.com\/journals\/scn\/2019\/8954914.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/downloads.hindawi.com\/journals\/scn\/2019\/8954914.xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/downloads.hindawi.com\/journals\/scn\/2019\/8954914.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,3,24]],"date-time":"2019-03-24T19:30:52Z","timestamp":1553455852000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.hindawi.com\/journals\/scn\/2019\/8954914\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,2,6]]},"references-count":18,"alternative-id":["8954914","8954914"],"URL":"https:\/\/doi.org\/10.1155\/2019\/8954914","relation":{},"ISSN":["1939-0114","1939-0122"],"issn-type":[{"type":"print","value":"1939-0114"},{"type":"electronic","value":"1939-0122"}],"subject":[],"published":{"date-parts":[[2019,2,6]]}}}