{"id":"https://openalex.org/W7125415390","doi":"https://doi.org/10.1007/s10207-025-01182-1","title":"Machine Learning for Lateral Movement Detection using Sysmon Logs: An Empirical Comparison of Imbalanced and Resampled Data","display_name":"Machine Learning for Lateral Movement Detection using Sysmon Logs: An Empirical Comparison of Imbalanced and Resampled Data","publication_year":2026,"publication_date":"2026-01-22","ids":{"openalex":"https://openalex.org/W7125415390","doi":"https://doi.org/10.1007/s10207-025-01182-1"},"language":"en","primary_location":{"id":"doi:10.1007/s10207-025-01182-1","is_oa":false,"landing_page_url":"https://doi.org/10.1007/s10207-025-01182-1","pdf_url":null,"source":{"id":"https://openalex.org/S164062316","display_name":"International Journal of Information Security","issn_l":"1615-5262","issn":["1615-5262","1615-5270"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"International Journal of Information Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5080222322","display_name":"Christos Smiliotopoulos","orcid":"https://orcid.org/0000-0001-7530-7152"},"institutions":[{"id":"https://openalex.org/I98805295","display_name":"University of the Aegean","ror":"https://ror.org/03zsp3p94","country_code":"GR","type":"education","lineage":["https://openalex.org/I98805295"]}],"countries":["GR"],"is_corresponding":true,"raw_author_name":"Christos Smiliotopoulos","raw_affiliation_strings":["Department of Information & Communication Systems Engineering, University of the Aegean, Karlovasi, Samos, 83200, Greece"],"affiliations":[{"raw_affiliation_string":"Department of Information & Communication Systems Engineering, University of the Aegean, Karlovasi, Samos, 83200, Greece","institution_ids":["https://openalex.org/I98805295"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5047345306","display_name":"Georgios Kambourakis","orcid":"https://orcid.org/0000-0001-6348-5031"},"institutions":[{"id":"https://openalex.org/I98805295","display_name":"University of the Aegean","ror":"https://ror.org/03zsp3p94","country_code":"GR","type":"education","lineage":["https://openalex.org/I98805295"]}],"countries":["GR"],"is_corresponding":false,"raw_author_name":"Georgios Kambourakis","raw_affiliation_strings":["Department of Information & Communication Systems Engineering, University of the Aegean, Karlovasi, Samos, 83200, Greece"],"affiliations":[{"raw_affiliation_string":"Department of Information & Communication Systems Engineering, University of the Aegean, Karlovasi, Samos, 83200, Greece","institution_ids":["https://openalex.org/I98805295"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5080222322"],"corresponding_institution_ids":["https://openalex.org/I98805295"],"apc_list":{"value":2590,"currency":"EUR","value_usd":3190},"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.22997523,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"25","issue":"1","first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.27720001339912415,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.27720001339912415,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.2061000019311905,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.08129999786615372,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/benchmark","display_name":"Benchmark (surveying)","score":0.6412000060081482},{"id":"https://openalex.org/keywords/resampling","display_name":"Resampling","score":0.6392999887466431},{"id":"https://openalex.org/keywords/leverage","display_name":"Leverage (statistics)","score":0.632099986076355},{"id":"https://openalex.org/keywords/deep-learning","display_name":"Deep learning","score":0.4934000074863434},{"id":"https://openalex.org/keywords/artificial-neural-network","display_name":"Artificial neural network","score":0.44040000438690186},{"id":"https://openalex.org/keywords/domain","display_name":"Domain (mathematical analysis)","score":0.41530001163482666},{"id":"https://openalex.org/keywords/subject-matter-expert","display_name":"Subject-matter expert","score":0.4009999930858612},{"id":"https://openalex.org/keywords/focus","display_name":"Focus (optics)","score":0.39579999446868896},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.3919999897480011}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8379999995231628},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.7300000190734863},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.7124999761581421},{"id":"https://openalex.org/C185798385","wikidata":"https://www.wikidata.org/wiki/Q1161707","display_name":"Benchmark (surveying)","level":2,"score":0.6412000060081482},{"id":"https://openalex.org/C150921843","wikidata":"https://www.wikidata.org/wiki/Q1170431","display_name":"Resampling","level":2,"score":0.6392999887466431},{"id":"https://openalex.org/C153083717","wikidata":"https://www.wikidata.org/wiki/Q6535263","display_name":"Leverage (statistics)","level":2,"score":0.632099986076355},{"id":"https://openalex.org/C108583219","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep learning","level":2,"score":0.4934000074863434},{"id":"https://openalex.org/C50644808","wikidata":"https://www.wikidata.org/wiki/Q192776","display_name":"Artificial neural network","level":2,"score":0.44040000438690186},{"id":"https://openalex.org/C36503486","wikidata":"https://www.wikidata.org/wiki/Q11235244","display_name":"Domain (mathematical analysis)","level":2,"score":0.41530001163482666},{"id":"https://openalex.org/C105002631","wikidata":"https://www.wikidata.org/wiki/Q4833645","display_name":"Subject-matter expert","level":3,"score":0.4009999930858612},{"id":"https://openalex.org/C192209626","wikidata":"https://www.wikidata.org/wiki/Q190909","display_name":"Focus (optics)","level":2,"score":0.39579999446868896},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.3919999897480011},{"id":"https://openalex.org/C95922358","wikidata":"https://www.wikidata.org/wiki/Q5432725","display_name":"False positive rate","level":2,"score":0.3720000088214874},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.36329999566078186},{"id":"https://openalex.org/C136389625","wikidata":"https://www.wikidata.org/wiki/Q334384","display_name":"Supervised learning","level":3,"score":0.3499000072479248},{"id":"https://openalex.org/C120936955","wikidata":"https://www.wikidata.org/wiki/Q2155640","display_name":"Empirical research","level":2,"score":0.3379000127315521},{"id":"https://openalex.org/C198531522","wikidata":"https://www.wikidata.org/wiki/Q485146","display_name":"Sample (material)","level":2,"score":0.3361000120639801},{"id":"https://openalex.org/C169258074","wikidata":"https://www.wikidata.org/wiki/Q245748","display_name":"Random forest","level":2,"score":0.3089999854564667},{"id":"https://openalex.org/C99138194","wikidata":"https://www.wikidata.org/wiki/Q183427","display_name":"Hash function","level":2,"score":0.29899999499320984},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.2976999878883362},{"id":"https://openalex.org/C2984842247","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep neural networks","level":3,"score":0.2847000062465668},{"id":"https://openalex.org/C55166926","wikidata":"https://www.wikidata.org/wiki/Q2892946","display_name":"Oracle","level":2,"score":0.2800999879837036},{"id":"https://openalex.org/C182590292","wikidata":"https://www.wikidata.org/wiki/Q989632","display_name":"Network security","level":2,"score":0.2651999890804291},{"id":"https://openalex.org/C178489894","wikidata":"https://www.wikidata.org/wiki/Q8789","display_name":"Cryptography","level":2,"score":0.26089999079704285},{"id":"https://openalex.org/C110083411","wikidata":"https://www.wikidata.org/wiki/Q1744628","display_name":"Statistical classification","level":2,"score":0.2606000006198883},{"id":"https://openalex.org/C52622490","wikidata":"https://www.wikidata.org/wiki/Q1026626","display_name":"Feature extraction","level":2,"score":0.26010000705718994}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1007/s10207-025-01182-1","is_oa":false,"landing_page_url":"https://doi.org/10.1007/s10207-025-01182-1","pdf_url":null,"source":{"id":"https://openalex.org/S164062316","display_name":"International Journal of Information Security","issn_l":"1615-5262","issn":["1615-5262","1615-5270"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"International Journal of Information Security","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.46050727367401123,"display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":115,"referenced_works":["https://openalex.org/W172260869","https://openalex.org/W1597021536","https://openalex.org/W1931354685","https://openalex.org/W1966716734","https://openalex.org/W1976526581","https://openalex.org/W1993220166","https://openalex.org/W2031163547","https://openalex.org/W2065028222","https://openalex.org/W2096451472","https://openalex.org/W2106971389","https://openalex.org/W2155653793","https://openalex.org/W2169064301","https://openalex.org/W2296509296","https://openalex.org/W2302058010","https://openalex.org/W2467141537","https://openalex.org/W2476891002","https://openalex.org/W2531566199","https://openalex.org/W2562319768","https://openalex.org/W2746170296","https://openalex.org/W2766503369","https://openalex.org/W2766640141","https://openalex.org/W2772832743","https://openalex.org/W2787072112","https://openalex.org/W2804964061","https://openalex.org/W2843669218","https://openalex.org/W2897761334","https://openalex.org/W2903362744","https://openalex.org/W2903942159","https://openalex.org/W2908063670","https://openalex.org/W2908473175","https://openalex.org/W2925289689","https://openalex.org/W2926962417","https://openalex.org/W2938523278","https://openalex.org/W2940734441","https://openalex.org/W2953448948","https://openalex.org/W2971644666","https://openalex.org/W2982441385","https://openalex.org/W2990772077","https://openalex.org/W3010456454","https://openalex.org/W3021503072","https://openalex.org/W3022218140","https://openalex.org/W3022604549","https://openalex.org/W3036673316","https://openalex.org/W3094213939","https://openalex.org/W3096129012","https://openalex.org/W3105087971","https://openalex.org/W3113693716","https://openalex.org/W3123353479","https://openalex.org/W3123408856","https://openalex.org/W3126752450","https://openalex.org/W3127076682","https://openalex.org/W3132842072","https://openalex.org/W3133235094","https://openalex.org/W3134374200","https://openalex.org/W3137097829","https://openalex.org/W3153493802","https://openalex.org/W3183530150","https://openalex.org/W3183862858","https://openalex.org/W3190847932","https://openalex.org/W3205028703","https://openalex.org/W3215523385","https://openalex.org/W4200304719","https://openalex.org/W4205334018","https://openalex.org/W4205599972","https://openalex.org/W4206518223","https://openalex.org/W4210890996","https://openalex.org/W4211187780","https://openalex.org/W4214909745","https://openalex.org/W4224290795","https://openalex.org/W4226213111","https://openalex.org/W4283643189","https://openalex.org/W4285055378","https://openalex.org/W4285145603","https://openalex.org/W4285184946","https://openalex.org/W4288720746","https://openalex.org/W4289334733","https://openalex.org/W4310398036","https://openalex.org/W4310580320","https://openalex.org/W4312222414","https://openalex.org/W4313201183","https://openalex.org/W4313654696","https://openalex.org/W4319788371","https://openalex.org/W4321240473","https://openalex.org/W4378574390","https://openalex.org/W4379158023","https://openalex.org/W4379878829","https://openalex.org/W4383315329","https://openalex.org/W4384823681","https://openalex.org/W4385376957","https://openalex.org/W4385557349","https://openalex.org/W4387773371","https://openalex.org/W4391381817","https://openalex.org/W4391557813","https://openalex.org/W4391849119","https://openalex.org/W4392949721","https://openalex.org/W4393028950","https://openalex.org/W4393665469","https://openalex.org/W4395044222","https://openalex.org/W4399332138","https://openalex.org/W4399493008","https://openalex.org/W4399939939","https://openalex.org/W4400594200","https://openalex.org/W4403060299","https://openalex.org/W4404095140","https://openalex.org/W4405613780","https://openalex.org/W4406248158","https://openalex.org/W4409353933","https://openalex.org/W4410170938","https://openalex.org/W4411098853","https://openalex.org/W4412611493","https://openalex.org/W4414588268","https://openalex.org/W6888517835","https://openalex.org/W6907191969","https://openalex.org/W6958206590","https://openalex.org/W6963469208"],"related_works":[],"abstract_inverted_index":null,"counts_by_year":[],"updated_date":"2026-01-24T23:23:39.755997","created_date":"2026-01-23T00:00:00"}