FNF: Flow-net based fingerprinting and its applications

Relationships among events in conventional system and network logs are not explicitly recorded and can only be determined from examining ancillary attributes of the events, such as, time stamps and event identifiers, or sometimes the semantics of the event attributes with some learning algorithms. T...

Full description

Saved in:
Bibliographic Details
Published inComputers & security Vol. 75; pp. 167 - 181
Main Authors Fu, Bo, Xiao, Yang, Chen, Hui
Format Journal Article
LanguageEnglish
Published Amsterdam Elsevier Ltd 01.06.2018
Elsevier Sequoia S.A
Subjects
Algorithms
Anomalies
Behavior
Computer networks
Computer systems
Computing time
Fingerprint
Fingerprinting
Fingerprints
Flow-net
Intrusion detection
Intrusion detection systems
IP (Internet Protocol)
Logging
Machine learning
Network security
Semantics
Studies
TCP/IP (protocol)
Logging
Fingerprint
Computer systems
Computer networks
Intrusion detection
Flow-net
Online AccessGet full text

Cover

Abstract Relationships among events in conventional system and network logs are not explicitly recorded and can only be determined from examining ancillary attributes of the events, such as, time stamps and event identifiers, or sometimes the semantics of the event attributes with some learning algorithms. The accuracy of the event relations is subject to the design of the algorithms, the experience of the users of the algorithms, and the completeness and accuracy of the attributes and the semantics. On the other hand, a flow-net based logging approach builds comprehensive system and network logs in the forms of direct acyclic graph. Specifically, it records both flows of events and intersections of the flows, and the flows capture relations among the events explicitly in real time and allow tracking the events and analyzing event relation efficiently. Taking advantage of flow-net based logs, we propose a flow-net based fingerprinting (FNF) scheme to capture system or network behaviors, and design a fingerprint lookup algorithm to solve the fingerprint matching problem, i.e., to determine whether a flow-net log contains the behavior characterized by some behavior fingerprints. To demonstrate the effectiveness of the flow-net based fingerprinting scheme, we conduct evaluation experiments where we apply the FNF to detecting a few known malicious behaviors in TCP/IP networks. The evaluation results demonstrate that FNF has superior computational efficiency to those based on conventional logging schemes.
AbstractList Relationships among events in conventional system and network logs are not explicitly recorded and can only be determined from examining ancillary attributes of the events, such as, time stamps and event identifiers, or sometimes the semantics of the event attributes with some learning algorithms. The accuracy of the event relations is subject to the design of the algorithms, the experience of the users of the algorithms, and the completeness and accuracy of the attributes and the semantics. On the other hand, a flow-net based logging approach builds comprehensive system and network logs in the forms of direct acyclic graph. Specifically, it records both flows of events and intersections of the flows, and the flows capture relations among the events explicitly in real time and allow tracking the events and analyzing event relation efficiently. Taking advantage of flow-net based logs, we propose a flow-net based fingerprinting (FNF) scheme to capture system or network behaviors, and design a fingerprint lookup algorithm to solve the fingerprint matching problem, i.e., to determine whether a flow-net log contains the behavior characterized by some behavior fingerprints. To demonstrate the effectiveness of the flow-net based fingerprinting scheme, we conduct evaluation experiments where we apply the FNF to detecting a few known malicious behaviors in TCP/IP networks. The evaluation results demonstrate that FNF has superior computational efficiency to those based on conventional logging schemes.
Author Fu, Bo
Xiao, Yang
Chen, Hui
Author_xml – sequence: 1
  givenname: Bo
  surname: Fu
  fullname: Fu, Bo
  email: bfu1@ua.edu
  organization: Cisco Systems, Inc., 170 West Tasman Dr., San Jose, CA 95134, USA
– sequence: 2
  givenname: Yang
  orcidid: 0000-0001-8549-6794
  surname: Xiao
  fullname: Xiao, Yang
  email: yangxiao@ieee.org
  organization: Department of Computer Science, The University of Alabama, Box 870290, Tuscaloosa, AL 35487-0290, USA
– sequence: 3
  givenname: Hui
  surname: Chen
  fullname: Chen, Hui
  email: huichen@ieee.org
  organization: Department of Computer and Information Science, Brooklyn College of the City University of New York, 2900 Bedford Avenue, Brooklyn, NY 11210, USA
BookMark eNp9kM1OxCAURokZE2dGX8BVE9etQH-gxo2ZWDWZ6EbXhNKLoalQgdH49jKOKxeuuIvv3Mt3VmhhnQWEzgkuCCbN5VgoF6CgmPAC0wLj-ggtCWc0byjmC7RMIZZXuOInaBXCiDFhDedLxLrH7irrJveZW4hZLwMMmTb2FfzsjY1pyqQdMhNDJud5MkpG42w4RcdaTgHOft81eulunzf3-fbp7mFzs81VSXnMgSjcDqBZWTdVI2tSMdz0lLaa80qX0JcUa0I09IBL2kvGQVPF2qGvasZZX67RxWHv7N37DkIUo9t5m06KVKyqGtq0JKXoIaW8C8GDFunzb9J_CYLFXpAYxV6Q2AsSmIokKEH8D6RM_GkXvTTT_-j1AYVU_cOAF0EZsAoG40FFMTjzH_4Njq-CCw
CitedBy_id crossref_primary_10_1109_ACCESS_2019_2937637
crossref_primary_10_1109_JIOT_2024_3436645
Cites_doi 10.1145/1348713.1348716
10.1007/s11277-014-1604-7
10.1080/23335777.2016.1244562
10.1016/j.neucom.2016.05.020
10.1109/CC.2016.7559076
10.1109/TIFS.2017.2705620
10.1109/TPAMI.2004.75
10.1504/IJSNET.2009.028022
10.1109/TNNLS.2016.2527796
10.1145/321921.321925
10.1145/545186.545187
10.1002/sec.348
10.1016/j.comnet.2015.06.011
10.1109/TNNLS.2014.2342533
10.1504/IJSNET.2017.085761
10.1109/32.372146
10.1504/IJSNET.2013.053722
10.1109/TNNLS.2016.2544779
10.1504/IJSNET.2016.074270
10.1080/23335777.2017.1386717
10.1002/dac.853
10.1504/IJSN.2016.075074
10.1109/MWC.2007.4396943
10.1186/1471-2105-14-S7-S13
10.1109/MNET.2009.5274919
10.1109/TIFS.2016.2601065
10.1109/CC.2016.7559082
10.1109/TKDE.2004.47
10.1504/IJSNET.2017.083410
10.1109/TVT.2007.901875
10.1016/j.camwa.2010.01.002
ContentType Journal Article
Copyright 2018 Elsevier Ltd
Copyright Elsevier Sequoia S.A. Jun 2018
Copyright_xml – notice: 2018 Elsevier Ltd
– notice: Copyright Elsevier Sequoia S.A. Jun 2018
DBID AAYXX
CITATION
7SC
8FD
JQ2
K7.
L7M
L~C
L~D
DOI 10.1016/j.cose.2018.02.005
DatabaseName CrossRef
Computer and Information Systems Abstracts
Technology Research Database
ProQuest Computer Science Collection
ProQuest Criminal Justice (Alumni)
Advanced Technologies Database with Aerospace
Computer and Information Systems Abstracts – Academic
Computer and Information Systems Abstracts Professional
DatabaseTitle CrossRef
ProQuest Criminal Justice (Alumni)
Technology Research Database
Computer and Information Systems Abstracts – Academic
ProQuest Computer Science Collection
Computer and Information Systems Abstracts
Advanced Technologies Database with Aerospace
Computer and Information Systems Abstracts Professional
DatabaseTitleList ProQuest Criminal Justice (Alumni)
DeliveryMethod fulltext_linktorsrc
Discipline Computer Science
EISSN 1872-6208
EndPage 181
ExternalDocumentID 10_1016_j_cose_2018_02_005
S0167404818300877
GroupedDBID --K
--M
-~X
.DC
.~1
0R~
1B1
1RT
1~.
1~5
29F
4.4
457
4G.
5GY
5VS
7-5
71M
8P~
9JN
AACTN
AAEDT
AAEDW
AAIAV
AAIKJ
AAKOC
AALRI
AAOAW
AAQFI
AAQXK
AAXUO
AAYFN
ABBOA
ABFSI
ABMAC
ABXDB
ABYKQ
ACDAQ
ACGFO
ACGFS
ACNNM
ACRLP
ACZNC
ADBBV
ADEZE
ADHUB
ADJOM
ADMUD
AEBSH
AEKER
AENEX
AFFNX
AFKWA
AFTJW
AGHFR
AGUBO
AGYEJ
AHHHB
AHZHX
AIALX
AIEXJ
AIKHN
AITUG
AJBFU
AJOXV
ALMA_UNASSIGNED_HOLDINGS
AMFUW
AMRAJ
AOUOD
ASPBG
AVWKF
AXJTR
AZFZN
BKOJK
BKOMP
BLXMC
CS3
DU5
E.L
EBS
EFJIC
EFLBG
EJD
EO8
EO9
EP2
EP3
FDB
FEDTE
FGOYB
FIRID
FNPLU
FYGXN
G-2
G-Q
GBLVA
GBOLZ
HLX
HLZ
HVGLF
HZ~
IHE
J1W
KOM
LG8
LG9
M41
MO0
MS~
N9A
O-L
O9-
OAUVE
OZT
P-8
P-9
P2P
PC.
PQQKQ
Q38
R2-
RIG
RNS
ROL
RPZ
RXW
SBC
SBM
SDF
SDG
SDP
SES
SEW
SPC
SPCBC
SSV
SSZ
T5K
TAE
TN5
TWZ
WH7
WUQ
XJE
XPP
XSW
YK3
ZMT
~G-
AATTM
AAXKI
AAYWO
AAYXX
ABJNI
ABWVN
ACRPL
ACVFH
ADCNI
ADNMO
AEIPS
AEUPX
AFJKZ
AFPUW
AFXIZ
AGCQF
AGQPQ
AGRNS
AIGII
AIIUN
AKBMS
AKRWK
AKYEP
ANKPU
APXCP
BNPGV
CITATION
SSH
7SC
8FD
EFKBS
JQ2
K7.
L7M
L~C
L~D
ID FETCH-LOGICAL-c328t-e1c09def735646a514706b229f884f3eb320f11febe032ba78ef2c79db45787b3
IEDL.DBID .~1
ISSN 0167-4048
IngestDate Mon Jul 14 08:20:29 EDT 2025
Thu Apr 24 22:53:41 EDT 2025
Tue Jul 01 03:48:15 EDT 2025
Fri Feb 23 02:33:36 EST 2024
IsPeerReviewed true
IsScholarly true
Keywords Logging
Fingerprint
Computer systems
Computer networks
Intrusion detection
Flow-net
Language English
LinkModel DirectLink
MergedId FETCHMERGED-LOGICAL-c328t-e1c09def735646a514706b229f884f3eb320f11febe032ba78ef2c79db45787b3
Notes ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ORCID 0000-0001-8549-6794
PQID 2084462691
PQPubID 46289
PageCount 15
ParticipantIDs proquest_journals_2084462691
crossref_primary_10_1016_j_cose_2018_02_005
crossref_citationtrail_10_1016_j_cose_2018_02_005
elsevier_sciencedirect_doi_10_1016_j_cose_2018_02_005
ProviderPackageCode CITATION
AAYXX
PublicationCentury 2000
PublicationDate June 2018
2018-06-00
20180601
PublicationDateYYYYMMDD 2018-06-01
PublicationDate_xml – month: 06
  year: 2018
  text: June 2018
PublicationDecade 2010
PublicationPlace Amsterdam
PublicationPlace_xml – name: Amsterdam
PublicationTitle Computers & security
PublicationYear 2018
Publisher Elsevier Ltd
Elsevier Sequoia S.A
Publisher_xml – name: Elsevier Ltd
– name: Elsevier Sequoia S.A
References Ansari, Vakili (bib0010) 2017; 24
Ma, Wang, Tang, Cao, Tian, Al-Dhelaan (bib0120) 2016; 207
Yuan, Sun, Lv (bib0240) 2016; 13
Sun, Ahmed, Sun, Qian, Xiao (bib0185) 2016; 20
Jamil (bib0085) 2011
Cook (bib0020) 1971
Lim, Jones (bib0105) 2008
Sebring, Shellhouse, Hanna, Whitehurst (bib0155) 1988
Wang, Shi, Cui (bib0225) 2013; 13
Shirey (bib0165) 2000
Marinova-Boncheva (bib0125) 2007; 58
Teng, Chen, Lu (bib0195) 1990
Das, Popa, Ballal, Lewis (bib0030) 2009; 6
Cordella (bib0025) 2004; 26
Xiao (bib0230) 2009; 23
Teng, Chen, Lu (bib0200) 1990
Fu, Xiao (bib0045) 2014
Fu, Xiao (bib0055) 2015; 89
Jones, Sielken (bib0090) 2000
Zhou, Wang, Wu, Yang, Sun (bib0250) 2017; 12
Bonnici, Giugno (bib0015) 2013; 14
Scarfone, Mell (bib0150) 2007; 800
Gu, Sheng (bib0065) 2016; 28
van der Aalst, Weijters, Maruster (bib0220) 2004; 16
Ma, Zhang, Cao, Shen, Tang, Tian (bib0115) 2015; 70
Gu, Sheng, Tay, Romano, Li (bib0070) 2015; 26
Ullmann (bib0210) 1976; 23
Rong, Ma, Tang, Cao (bib0145) 2017
Jow, Xiao, Han (bib0095) 2017; 23
Takahashi, Xiao, Zhang, Chatzimisios, Chen (bib0190) 2010; 60
Thamilarasu (bib0205) 2016; 11
Qu, Keeney, Robitzsch, Zaman, Wang (bib0135) 2016; 13
Du, Wang (bib0035) 2008; 8
Roesch (bib0140) 1999; vol. 99
Xiao, Meng, Takahashi (bib0235) 2012; 5
Sun, Wu, Xiao, Wang (bib0180) 2007; 20
Fu, Xiao (bib0050) 2014; 75
Lee, Squicciarini, Bertino (bib0100) 2009
Ilgun, Kemmerer, Porras (bib0080) 1995; 21
Shen, Shen, Chen, Huang, Susilo (bib0160) 2017; 12
Yucelen, Haddad, Feron (bib0245) 2016; 2
Fu, Xiao (bib0040) 2010
Liu, Ghosal, Jiang, Sarkar (bib0110) 2017; 3
Sun, Osborne, Xiao, Guizani (bib0175) 2007; Oct.
Fu, Xiao, Che (bib0060) 2017
Ullmann (bib0215) 2011; 15
Gu, Sun, Sheng (bib0075) 2017; 28
Michael, Ghosh (bib0130) 2002; 5
Sun, Xiao, Wang (bib0170) 2007; 56
Du (10.1016/j.cose.2018.02.005_bib0035) 2008; 8
Teng (10.1016/j.cose.2018.02.005_bib0200) 1990
Fu (10.1016/j.cose.2018.02.005_bib0045) 2014
Sun (10.1016/j.cose.2018.02.005_bib0180) 2007; 20
Bonnici (10.1016/j.cose.2018.02.005_bib0015) 2013; 14
Fu (10.1016/j.cose.2018.02.005_bib0055) 2015; 89
Teng (10.1016/j.cose.2018.02.005_bib0195) 1990
Xiao (10.1016/j.cose.2018.02.005_bib0235) 2012; 5
Gu (10.1016/j.cose.2018.02.005_bib0070) 2015; 26
Gu (10.1016/j.cose.2018.02.005_bib0065) 2016; 28
Ma (10.1016/j.cose.2018.02.005_bib0120) 2016; 207
Sun (10.1016/j.cose.2018.02.005_bib0175) 2007; Oct.
Rong (10.1016/j.cose.2018.02.005_bib0145) 2017
Liu (10.1016/j.cose.2018.02.005_bib0110) 2017; 3
Michael (10.1016/j.cose.2018.02.005_bib0130) 2002; 5
Shirey (10.1016/j.cose.2018.02.005_bib0165) 2000
Qu (10.1016/j.cose.2018.02.005_bib0135) 2016; 13
Scarfone (10.1016/j.cose.2018.02.005_bib0150) 2007; 800
Jamil (10.1016/j.cose.2018.02.005_bib0085) 2011
Shen (10.1016/j.cose.2018.02.005_bib0160) 2017; 12
Ullmann (10.1016/j.cose.2018.02.005_bib0215) 2011; 15
Thamilarasu (10.1016/j.cose.2018.02.005_bib0205) 2016; 11
Fu (10.1016/j.cose.2018.02.005_bib0040) 2010
Fu (10.1016/j.cose.2018.02.005_bib0060) 2017
Jow (10.1016/j.cose.2018.02.005_bib0095) 2017; 23
Sun (10.1016/j.cose.2018.02.005_bib0185) 2016; 20
Ilgun (10.1016/j.cose.2018.02.005_bib0080) 1995; 21
Das (10.1016/j.cose.2018.02.005_bib0030) 2009; 6
Wang (10.1016/j.cose.2018.02.005_bib0225) 2013; 13
Fu (10.1016/j.cose.2018.02.005_bib0050) 2014; 75
Zhou (10.1016/j.cose.2018.02.005_bib0250) 2017; 12
Yuan (10.1016/j.cose.2018.02.005_bib0240) 2016; 13
Sun (10.1016/j.cose.2018.02.005_bib0170) 2007; 56
van der Aalst (10.1016/j.cose.2018.02.005_bib0220) 2004; 16
Sebring (10.1016/j.cose.2018.02.005_bib0155) 1988
Yucelen (10.1016/j.cose.2018.02.005_bib0245) 2016; 2
Ansari (10.1016/j.cose.2018.02.005_bib0010) 2017; 24
Cordella (10.1016/j.cose.2018.02.005_bib0025) 2004; 26
Takahashi (10.1016/j.cose.2018.02.005_bib0190) 2010; 60
Roesch (10.1016/j.cose.2018.02.005_bib0140) 1999; vol. 99
Jones (10.1016/j.cose.2018.02.005_bib0090) 2000
Marinova-Boncheva (10.1016/j.cose.2018.02.005_bib0125) 2007; 58
Cook (10.1016/j.cose.2018.02.005_bib0020) 1971
Ma (10.1016/j.cose.2018.02.005_bib0115) 2015; 70
Gu (10.1016/j.cose.2018.02.005_bib0075) 2017; 28
Ullmann (10.1016/j.cose.2018.02.005_bib0210) 1976; 23
Lee (10.1016/j.cose.2018.02.005_bib0100) 2009
Lim (10.1016/j.cose.2018.02.005_bib0105) 2008
Xiao (10.1016/j.cose.2018.02.005_bib0230) 2009; 23
References_xml – volume: vol. 99
  start-page: 229
  year: 1999
  end-page: 238
  ident: bib0140
  article-title: Snort: lightweight intrusion detection for networks
  publication-title: Lisa
– start-page: 145
  year: 2009
  end-page: 154
  ident: bib0100
  article-title: The design and evaluation of accountable grid computing system
  publication-title: 2009 29th IEEE international conference on distributed computing systems
– volume: 6
  start-page: 13
  year: 2009
  end-page: 27
  ident: bib0030
  article-title: Data-logging and supervisory control in wireless sensor networks
  publication-title: Int J Sens Netw
– year: 2000
  ident: bib0165
  publication-title: Internet security glossary, RFC 2828
– volume: 56
  start-page: 3912
  year: 2007
  end-page: 3923
  ident: bib0170
  article-title: Detection of fraudulent usage in wireless networks
  publication-title: IEEE Trans Veh Technol
– volume: 5
  start-page: 29
  year: 2012
  end-page: 49
  ident: bib0235
  article-title: Accountability using flow-net: design, implementation, and performance evaluation
  publication-title: Secur Commun Netw
– volume: 5
  start-page: 203
  year: 2002
  end-page: 237
  ident: bib0130
  article-title: Simple, state-based approaches to program-based anomaly detection
  publication-title: ACM Trans Inf Syst Secur
– volume: 70
  start-page: 1336
  year: 2015
  end-page: 1344
  ident: bib0115
  article-title: KDVEM: a k-degree anonymity with vertex and edge modification algorithm
  publication-title: Computing
– volume: 21
  start-page: 181
  year: 1995
  end-page: 199
  ident: bib0080
  article-title: State transition analysis: a rule-based intrusion detection approach
  publication-title: IEEE Trans Softw Eng
– volume: 26
  start-page: 1367
  year: 2004
  end-page: 13722
  ident: bib0025
  article-title: A (sub)graph isomorphism algorithm for matching large graphs
  publication-title: IEEE Trans Pattern Anal Mach Intell
– volume: 23
  start-page: 30
  year: 2009
  end-page: 37
  ident: bib0230
  article-title: Flow-net methodology for accountability in wireless networks
  publication-title: IEEE Netw
– volume: 23
  start-page: 170
  year: 2017
  end-page: 186
  ident: bib0095
  article-title: A survey of intrusion detection systems in smart grid
  publication-title: Int J Sens Netw
– start-page: 151
  year: 1971
  end-page: 158
  ident: bib0020
  article-title: The complexity of theorem-proving procedures
  publication-title: Proceedings of the third annual ACM Symposium on Theory of Computing, STOC '71
– volume: 8
  start-page: 1
  year: 2008
  end-page: 24
  ident: bib0035
  article-title: SEED: a suite of instructional laboratories for computer security education
  publication-title: J Educ Resour Comput
– volume: 24
  start-page: 149
  year: 2017
  end-page: 159
  ident: bib0010
  article-title: Detection of clone node attack in mobile wireless sensor network with optimised cost function
  publication-title: Int J Sens Netw
– volume: 15
  year: 2011
  ident: bib0215
  article-title: Bit-vector algorithms for binary constraint satisfaction and subgraph isomorphism
  publication-title: J Exp Algorithm
– volume: 89
  start-page: 44
  year: 2015
  end-page: 58
  ident: bib0055
  article-title: A multi-resolution accountable logging and its applications
  publication-title: Comput Netw
– volume: 12
  start-page: 48
  year: 2017
  end-page: 63
  ident: bib0250
  article-title: Effective and efficient global context verification for image copy detection
  publication-title: IEEE Trans Inform Forensic Secur
– start-page: 74
  year: 1988
  end-page: 81
  ident: bib0155
  article-title: Expert systems in intrusion detection: a case study
  publication-title: 11th National Computer Security Conference, National Institute of Standards and Technology/National Computer Security Center
– start-page: 683
  year: 2014
  end-page: 687
  ident: bib0045
  article-title: A multi-resolution flow-net methodology for accountable logging and its application in TCP/IP networks
  publication-title: 2014 IEEE International Conference on Communications (ICC)
– volume: 28
  start-page: 1241
  year: 2016
  end-page: 1248
  ident: bib0065
  article-title: A robust regularization path algorithm for v-support vector classification
  publication-title: IEEE Trans Neural Netw Learn Syst
– volume: 11
  start-page: 82
  year: 2016
  end-page: 93
  ident: bib0205
  article-title: iDetect: an intelligent intrusion detection system for wireless body area networks
  publication-title: Int J Secur Netw
– start-page: 1058
  year: 2011
  end-page: 1063
  ident: bib0085
  article-title: Computing subgraph isomorphic queries using structural unification and minimum graph structures
  publication-title: 26th ACM symposium on applied computing
– volume: 2
  start-page: 24
  year: 2016
  end-page: 521
  ident: bib0245
  article-title: Adaptive control architectures for mitigating sensor attacks in cyber-physical systems
  publication-title: Cyber Phys Syst
– year: 2000
  ident: bib0090
  article-title: Computer system intrusion detection: a survey
– volume: 58
  start-page: 23
  year: 2007
  end-page: 30
  ident: bib0125
  article-title: A short survey of intrusion detection systems
  publication-title: Prob Eng Cybernet Robot
– volume: 12
  start-page: 2402
  year: 2017
  end-page: 2415
  ident: bib0160
  article-title: An efficient public auditing protocol with novel dynamic structure for cloud data
  publication-title: IEEE Trans Inform Forensic Secur
– volume: 16
  start-page: 1128
  year: 2004
  end-page: 1142
  ident: bib0220
  article-title: Workflow mining: discovering process models from event logs
  publication-title: IEEE Trans Knowl Data Eng
– start-page: 459
  year: 2008
  end-page: 465
  ident: bib0105
  article-title: Network anomaly detection system: The state of art of network behaviour analysis
  publication-title: 2008 International Conference on Convergence and Hybrid Information Technology
– volume: 14
  start-page: S13
  year: 2013
  ident: bib0015
  article-title: A subgraph isomorphism algorithm and its application to biochemical data
  publication-title: BMC Bioinformatics
– volume: 20
  start-page: 695
  year: 2007
  end-page: 721
  ident: bib0180
  article-title: Integration of mobility and intrusion detection for wireless ad hoc networks
  publication-title: Int J Commun Syst
– volume: 13
  start-page: 108
  year: 2016
  end-page: 116
  ident: bib0135
  article-title: Multilevel pattern mining architecture for automatic network monitoring in heterogeneous wireless communication networks
  publication-title: China Commun
– volume: 75
  start-page: 1715
  year: 2014
  end-page: 1746
  ident: bib0050
  article-title: Accountability and q-accountable logging in wireless networks
  publication-title: Wireless Pers Commun
– volume: 28
  start-page: 1646
  year: 2017
  end-page: 1656
  ident: bib0075
  article-title: Structural minimax probability machine
  publication-title: IEEE Trans Neural Netw Learn Syst
– year: 1990
  ident: bib0195
  article-title: Adaptive real-time anomaly detection using inductively generated sequential patterns
  publication-title: 1990 IEEE Computer Society Symposium on Research in Security and Privacy
– volume: 26
  start-page: 1403
  year: 2015
  end-page: 1416
  ident: bib0070
  article-title: Incremental support vector learning for ordinal regression
  publication-title: IEEE Trans Neural Netw Learn Syst
– volume: 13
  start-page: 85
  year: 2013
  end-page: 93
  ident: bib0225
  article-title: EasiSec: a soc security coprocessor based on fingerprint-based key management for WSN
  publication-title: Int J Sens Netw
– volume: Oct.
  start-page: 56
  year: 2007
  end-page: 63
  ident: bib0175
  article-title: Intrusion detection techniques in mobile ad hoc and wireless sensor networks
  publication-title: IEEE Wireless Commun Mag
– volume: 3
  start-page: 66
  year: 2017
  end-page: 102
  ident: bib0110
  article-title: An unsupervised anomaly detection approach using energy-based spatiotemporal graphical modeling
  publication-title: Cyber Phys Syst
– volume: 60
  start-page: 307
  year: 2010
  end-page: 318
  ident: bib0190
  article-title: IEEE 802.11 user fingerprinting and its applications for intrusion detection
  publication-title: Comput Math Appl
– volume: 13
  start-page: 60
  year: 2016
  end-page: 65
  ident: bib0240
  article-title: Fingerprint liveness detection based on multi-scale LPQ and PCA
  publication-title: China Commun
– volume: 23
  start-page: 31
  year: 1976
  end-page: 42
  ident: bib0210
  article-title: An algorithm for subgraph isomorphism
  publication-title: J ACM
– volume: 207
  start-page: 488
  year: 2016
  end-page: 500
  ident: bib0120
  article-title: LED: a fast overlapping communities detection algorithm based on structural clustering
  publication-title: Neurocomputing
– volume: 800
  start-page: 94
  year: 2007
  ident: bib0150
  article-title: Guide to intrusion detection and prevention systems (IDPS)
  publication-title: NIST Spec Publ
– year: 1990
  ident: bib0200
  article-title: Security audit trail analysis using inductively generated predictive rules
  publication-title: Sixth Conference on Artificial Intelligence Applications, 5–9 May
– year: 2017
  ident: bib0145
  article-title: A novel subgraph k
  publication-title: Soft Comput
– start-page: 1
  year: 2010
  end-page: 5
  ident: bib0040
  article-title: An implementation scheme of flow-net and its applications on detecting attacks in wireless networks
  publication-title: 2010 IEEE Global Telecommunications Conference (GLOBECOM 2010), 6–10 Dec. 2010
– start-page: 459
  year: 2017
  end-page: 465
  ident: bib0060
  article-title: FNF: flow-net based fingerprinting
  publication-title: Proceedings of The ACM Turing 50th celebration conference – China, ACM TUR-C 2017, SIGSAC China: security, audit and control
– volume: 20
  start-page: 26
  year: 2016
  end-page: 36
  ident: bib0185
  article-title: Water quality monitoring using STORM 3 data loggers and a wireless sensor network
  publication-title: Int J Sens Netw
– volume: 8
  start-page: 1
  issue: 1
  year: 2008
  ident: 10.1016/j.cose.2018.02.005_bib0035
  article-title: SEED: a suite of instructional laboratories for computer security education
  publication-title: J Educ Resour Comput
  doi: 10.1145/1348713.1348716
– year: 2000
  ident: 10.1016/j.cose.2018.02.005_bib0165
– volume: 75
  start-page: 1715
  issue: 3
  year: 2014
  ident: 10.1016/j.cose.2018.02.005_bib0050
  article-title: Accountability and q-accountable logging in wireless networks
  publication-title: Wireless Pers Commun
  doi: 10.1007/s11277-014-1604-7
– volume: 2
  start-page: 24
  issue: 1–4
  year: 2016
  ident: 10.1016/j.cose.2018.02.005_bib0245
  article-title: Adaptive control architectures for mitigating sensor attacks in cyber-physical systems
  publication-title: Cyber Phys Syst
  doi: 10.1080/23335777.2016.1244562
– volume: 207
  start-page: 488
  year: 2016
  ident: 10.1016/j.cose.2018.02.005_bib0120
  article-title: LED: a fast overlapping communities detection algorithm based on structural clustering
  publication-title: Neurocomputing
  doi: 10.1016/j.neucom.2016.05.020
– volume: 13
  start-page: 60
  issue: 7
  year: 2016
  ident: 10.1016/j.cose.2018.02.005_bib0240
  article-title: Fingerprint liveness detection based on multi-scale LPQ and PCA
  publication-title: China Commun
  doi: 10.1109/CC.2016.7559076
– year: 2000
  ident: 10.1016/j.cose.2018.02.005_bib0090
– volume: 12
  start-page: 2402
  issue: 10
  year: 2017
  ident: 10.1016/j.cose.2018.02.005_bib0160
  article-title: An efficient public auditing protocol with novel dynamic structure for cloud data
  publication-title: IEEE Trans Inform Forensic Secur
  doi: 10.1109/TIFS.2017.2705620
– volume: 70
  start-page: 1336
  issue: 6
  year: 2015
  ident: 10.1016/j.cose.2018.02.005_bib0115
  article-title: KDVEM: a k-degree anonymity with vertex and edge modification algorithm
  publication-title: Computing
– start-page: 151
  year: 1971
  ident: 10.1016/j.cose.2018.02.005_bib0020
  article-title: The complexity of theorem-proving procedures
– volume: 26
  start-page: 1367
  issue: 10
  year: 2004
  ident: 10.1016/j.cose.2018.02.005_bib0025
  article-title: A (sub)graph isomorphism algorithm for matching large graphs
  publication-title: IEEE Trans Pattern Anal Mach Intell
  doi: 10.1109/TPAMI.2004.75
– volume: 15
  issue: 1
  year: 2011
  ident: 10.1016/j.cose.2018.02.005_bib0215
  article-title: Bit-vector algorithms for binary constraint satisfaction and subgraph isomorphism
  publication-title: J Exp Algorithm
– volume: 6
  start-page: 13
  issue: 1
  year: 2009
  ident: 10.1016/j.cose.2018.02.005_bib0030
  article-title: Data-logging and supervisory control in wireless sensor networks
  publication-title: Int J Sens Netw
  doi: 10.1504/IJSNET.2009.028022
– volume: 28
  start-page: 1241
  year: 2016
  ident: 10.1016/j.cose.2018.02.005_bib0065
  article-title: A robust regularization path algorithm for v-support vector classification
  publication-title: IEEE Trans Neural Netw Learn Syst
  doi: 10.1109/TNNLS.2016.2527796
– volume: 23
  start-page: 31
  issue: 1
  year: 1976
  ident: 10.1016/j.cose.2018.02.005_bib0210
  article-title: An algorithm for subgraph isomorphism
  publication-title: J ACM
  doi: 10.1145/321921.321925
– volume: 5
  start-page: 203
  issue: 3
  year: 2002
  ident: 10.1016/j.cose.2018.02.005_bib0130
  article-title: Simple, state-based approaches to program-based anomaly detection
  publication-title: ACM Trans Inf Syst Secur
  doi: 10.1145/545186.545187
– volume: 5
  start-page: 29
  issue: 1
  year: 2012
  ident: 10.1016/j.cose.2018.02.005_bib0235
  article-title: Accountability using flow-net: design, implementation, and performance evaluation
  publication-title: Secur Commun Netw
  doi: 10.1002/sec.348
– volume: 89
  start-page: 44
  year: 2015
  ident: 10.1016/j.cose.2018.02.005_bib0055
  article-title: A multi-resolution accountable logging and its applications
  publication-title: Comput Netw
  doi: 10.1016/j.comnet.2015.06.011
– volume: 26
  start-page: 1403
  issue: 7
  year: 2015
  ident: 10.1016/j.cose.2018.02.005_bib0070
  article-title: Incremental support vector learning for ordinal regression
  publication-title: IEEE Trans Neural Netw Learn Syst
  doi: 10.1109/TNNLS.2014.2342533
– volume: vol. 99
  start-page: 229
  year: 1999
  ident: 10.1016/j.cose.2018.02.005_bib0140
  article-title: Snort: lightweight intrusion detection for networks
– volume: 24
  start-page: 149
  issue: 3
  year: 2017
  ident: 10.1016/j.cose.2018.02.005_bib0010
  article-title: Detection of clone node attack in mobile wireless sensor network with optimised cost function
  publication-title: Int J Sens Netw
  doi: 10.1504/IJSNET.2017.085761
– volume: 21
  start-page: 181
  issue: 3
  year: 1995
  ident: 10.1016/j.cose.2018.02.005_bib0080
  article-title: State transition analysis: a rule-based intrusion detection approach
  publication-title: IEEE Trans Softw Eng
  doi: 10.1109/32.372146
– year: 1990
  ident: 10.1016/j.cose.2018.02.005_bib0200
  article-title: Security audit trail analysis using inductively generated predictive rules
– volume: 800
  start-page: 94
  issue: 2007
  year: 2007
  ident: 10.1016/j.cose.2018.02.005_bib0150
  article-title: Guide to intrusion detection and prevention systems (IDPS)
  publication-title: NIST Spec Publ
– volume: 13
  start-page: 85
  issue: 2
  year: 2013
  ident: 10.1016/j.cose.2018.02.005_bib0225
  article-title: EasiSec: a soc security coprocessor based on fingerprint-based key management for WSN
  publication-title: Int J Sens Netw
  doi: 10.1504/IJSNET.2013.053722
– volume: 28
  start-page: 1646
  issue: 7
  year: 2017
  ident: 10.1016/j.cose.2018.02.005_bib0075
  article-title: Structural minimax probability machine
  publication-title: IEEE Trans Neural Netw Learn Syst
  doi: 10.1109/TNNLS.2016.2544779
– start-page: 74
  year: 1988
  ident: 10.1016/j.cose.2018.02.005_bib0155
  article-title: Expert systems in intrusion detection: a case study
– volume: 20
  start-page: 26
  issue: 1
  year: 2016
  ident: 10.1016/j.cose.2018.02.005_bib0185
  article-title: Water quality monitoring using STORM 3 data loggers and a wireless sensor network
  publication-title: Int J Sens Netw
  doi: 10.1504/IJSNET.2016.074270
– start-page: 683
  year: 2014
  ident: 10.1016/j.cose.2018.02.005_bib0045
  article-title: A multi-resolution flow-net methodology for accountable logging and its application in TCP/IP networks
– volume: 3
  start-page: 66
  issue: 1–4
  year: 2017
  ident: 10.1016/j.cose.2018.02.005_bib0110
  article-title: An unsupervised anomaly detection approach using energy-based spatiotemporal graphical modeling
  publication-title: Cyber Phys Syst
  doi: 10.1080/23335777.2017.1386717
– start-page: 1
  year: 2010
  ident: 10.1016/j.cose.2018.02.005_bib0040
  article-title: An implementation scheme of flow-net and its applications on detecting attacks in wireless networks
– volume: 20
  start-page: 695
  issue: 6
  year: 2007
  ident: 10.1016/j.cose.2018.02.005_bib0180
  article-title: Integration of mobility and intrusion detection for wireless ad hoc networks
  publication-title: Int J Commun Syst
  doi: 10.1002/dac.853
– volume: 11
  start-page: 82
  issue: 1/2
  year: 2016
  ident: 10.1016/j.cose.2018.02.005_bib0205
  article-title: iDetect: an intelligent intrusion detection system for wireless body area networks
  publication-title: Int J Secur Netw
  doi: 10.1504/IJSN.2016.075074
– start-page: 459
  year: 2017
  ident: 10.1016/j.cose.2018.02.005_bib0060
  article-title: FNF: flow-net based fingerprinting
– start-page: 145
  year: 2009
  ident: 10.1016/j.cose.2018.02.005_bib0100
  article-title: The design and evaluation of accountable grid computing system
– year: 1990
  ident: 10.1016/j.cose.2018.02.005_bib0195
  article-title: Adaptive real-time anomaly detection using inductively generated sequential patterns
– volume: Oct.
  start-page: 56
  year: 2007
  ident: 10.1016/j.cose.2018.02.005_bib0175
  article-title: Intrusion detection techniques in mobile ad hoc and wireless sensor networks
  publication-title: IEEE Wireless Commun Mag
  doi: 10.1109/MWC.2007.4396943
– start-page: 1058
  year: 2011
  ident: 10.1016/j.cose.2018.02.005_bib0085
  article-title: Computing subgraph isomorphic queries using structural unification and minimum graph structures
– start-page: 459
  year: 2008
  ident: 10.1016/j.cose.2018.02.005_bib0105
  article-title: Network anomaly detection system: The state of art of network behaviour analysis
– volume: 14
  start-page: S13
  issue: Suppl. 7
  year: 2013
  ident: 10.1016/j.cose.2018.02.005_bib0015
  article-title: A subgraph isomorphism algorithm and its application to biochemical data
  publication-title: BMC Bioinformatics
  doi: 10.1186/1471-2105-14-S7-S13
– volume: 23
  start-page: 30
  issue: 5
  year: 2009
  ident: 10.1016/j.cose.2018.02.005_bib0230
  article-title: Flow-net methodology for accountability in wireless networks
  publication-title: IEEE Netw
  doi: 10.1109/MNET.2009.5274919
– volume: 12
  start-page: 48
  issue: 1
  year: 2017
  ident: 10.1016/j.cose.2018.02.005_bib0250
  article-title: Effective and efficient global context verification for image copy detection
  publication-title: IEEE Trans Inform Forensic Secur
  doi: 10.1109/TIFS.2016.2601065
– volume: 13
  start-page: 108
  issue: 7
  year: 2016
  ident: 10.1016/j.cose.2018.02.005_bib0135
  article-title: Multilevel pattern mining architecture for automatic network monitoring in heterogeneous wireless communication networks
  publication-title: China Commun
  doi: 10.1109/CC.2016.7559082
– volume: 16
  start-page: 1128
  issue: 9
  year: 2004
  ident: 10.1016/j.cose.2018.02.005_bib0220
  article-title: Workflow mining: discovering process models from event logs
  publication-title: IEEE Trans Knowl Data Eng
  doi: 10.1109/TKDE.2004.47
– volume: 23
  start-page: 170
  issue: 3
  year: 2017
  ident: 10.1016/j.cose.2018.02.005_bib0095
  article-title: A survey of intrusion detection systems in smart grid
  publication-title: Int J Sens Netw
  doi: 10.1504/IJSNET.2017.083410
– volume: 56
  start-page: 3912
  issue: 6
  year: 2007
  ident: 10.1016/j.cose.2018.02.005_bib0170
  article-title: Detection of fraudulent usage in wireless networks
  publication-title: IEEE Trans Veh Technol
  doi: 10.1109/TVT.2007.901875
– volume: 58
  start-page: 23
  year: 2007
  ident: 10.1016/j.cose.2018.02.005_bib0125
  article-title: A short survey of intrusion detection systems
  publication-title: Prob Eng Cybernet Robot
– year: 2017
  ident: 10.1016/j.cose.2018.02.005_bib0145
  article-title: A novel subgraph k+ -isomorphism method in social network based on graph similarity detection
  publication-title: Soft Comput
– volume: 60
  start-page: 307
  issue: 2
  year: 2010
  ident: 10.1016/j.cose.2018.02.005_bib0190
  article-title: IEEE 802.11 user fingerprinting and its applications for intrusion detection
  publication-title: Comput Math Appl
  doi: 10.1016/j.camwa.2010.01.002
SSID ssj0017688
Score 2.2196765
Snippet Relationships among events in conventional system and network logs are not explicitly recorded and can only be determined from examining ancillary attributes...
SourceID proquest
crossref
elsevier
SourceType Aggregation Database
Enrichment Source
Index Database
Publisher
StartPage 167
SubjectTerms Algorithms
Anomalies
Behavior
Computer networks
Computer systems
Computing time
Fingerprint
Fingerprinting
Fingerprints
Flow-net
Intrusion detection
Intrusion detection systems
IP (Internet Protocol)
Logging
Machine learning
Network security
Semantics
Studies
TCP/IP (protocol)
Title FNF: Flow-net based fingerprinting and its applications
URI https://dx.doi.org/10.1016/j.cose.2018.02.005
https://www.proquest.com/docview/2084462691
Volume 75
hasFullText 1
inHoldings 1
isFullTextHit
isPrint
link http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwnV09T8MwELWqsrDwjSiUygMbCk1sx7HZqoqogOgClbpZiWNLRVWKIIiN344vcSpAogNjEjuK7nx375x3Z4QunIOjOc1IwI1xCUpMbJDHmgYO2QsHmE2cS6gdfpjyyYzdzeN5B43bWhigVXrf3_j02lv7O0MvzeHLYjF8rAn00O5EUGisBhXljCWwyq8-1zSPyMFpse7v7Ub7wpmG4wWccKB3iaZvZ_xXcPrlpuvYk-6hHQ8a8aj5rn3UMeUB2m0PZMDePg9Rkk7Ta5wuVx9BaSoMEarAtt64g_07YDjjrCzwonrD3_9cH6FZevM0ngT-ZIRAUyKqwEQ6lIWxCY0545kDPUnIc0KkFYJZ6hJkEtoosk5DISV5lghjiU5kkTOw0Jweo265Ks0Jwpxl0rKMaZe4MB4WtfIKFmpppNFE91DUikRp3zYcTq9YqpYf9qxAjArEqEKinBh76HI956VpmrFxdNxKWv1QvXJefeO8fqsW5Q3vzT0XLsElXEan_3ztGdqGq4YO1kfd6vXdnDvgUeWDemUN0Nbo9n4y_QKfNdWZ
linkProvider Elsevier
linkToHtml http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwnV07T8MwELZKGWDhjShPD2woNLEdx2ZDFVGB0oVW6mbFji0VVWlFg9j47diJUwESDKyxHUV3ufOd_d13AFxaB4clzlBAtbYJSoxMIGOFAxvZMxsw61hyVzv8NKT9MXmYxJMW6DW1MA5W6X1_7dMrb-2fdL00u4vptPtcAegd3QnDjlgtWQPrxJqva2Nw_bHCeUQ2nmYrgm873VfO1CAvBwp3-C5WE3fGv-1OP_x0tfmkO2DLR43wtv6wXdDSxR7YbjoyQG-g-yBJh-kNTGfz96DQJXRbVA5NdXLnDvAcxBlmRQ6n5RJ-vbo-AOP0btTrB741QqAwYmWgIxXyXJsEx5TQzEY9SUglQtwwRgy2GTIKTRQZq6IQI5klTBukEp5L4kxU4kPQLuaFPgKQkowbkhFlMxdCw7zSXk5CxTXXCqkOiBqRCOV5w137iploAGIvwolRODGKEAkrxg64Wq1Z1KwZf86OG0mLb7oX1q3_ue60UYvwlre048xmuIjy6Pifr70AG_3R00AM7oePJ2DTjdTYsFPQLl_f9JmNQkp5Xv1ln6gZ1yc
openUrl ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=FNF%3A+Flow-net+based+fingerprinting+and+its+applications&rft.jtitle=Computers+%26+security&rft.au=Fu%2C+Bo&rft.au=Xiao%2C+Yang&rft.au=Chen%2C+Hui&rft.date=2018-06-01&rft.issn=0167-4048&rft.volume=75&rft.spage=167&rft.epage=181&rft_id=info:doi/10.1016%2Fj.cose.2018.02.005&rft.externalDBID=n%2Fa&rft.externalDocID=10_1016_j_cose_2018_02_005
thumbnail_l http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=0167-4048&client=summon
thumbnail_m http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=0167-4048&client=summon
thumbnail_s http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=0167-4048&client=summon