{"id":"https://openalex.org/W3006705339","doi":"https://doi.org/10.1109/bigdata47090.2019.9005988","title":"An Ensemble Approach for Suspicious Traffic Detection from High Recall Network Alerts","display_name":"An Ensemble Approach for Suspicious Traffic Detection from High Recall Network Alerts","publication_year":2019,"publication_date":"2019-12-01","ids":{"openalex":"https://openalex.org/W3006705339","doi":"https://doi.org/10.1109/bigdata47090.2019.9005988","mag":"3006705339"},"language":"en","primary_location":{"id":"doi:10.1109/bigdata47090.2019.9005988","is_oa":false,"landing_page_url":"https://doi.org/10.1109/bigdata47090.2019.9005988","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2019 IEEE International Conference on Big Data (Big Data)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5105068598","display_name":"Peilin Wu","orcid":"https://orcid.org/0009-0008-9225-787X"},"institutions":[{"id":"https://openalex.org/I183067930","display_name":"Shanghai Jiao Tong University","ror":"https://ror.org/0220qvk04","country_code":"CN","type":"education","lineage":["https://openalex.org/I183067930"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Peilin Wu","raw_affiliation_strings":["Department of Computer Science and Engineering, Shanghai Jiao Tong University, Shanghai, China"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science and Engineering, Shanghai Jiao Tong University, Shanghai, China","institution_ids":["https://openalex.org/I183067930"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100753065","display_name":"Jinlei Li","orcid":"https://orcid.org/0000-0002-2744-7609"},"institutions":[{"id":"https://openalex.org/I183067930","display_name":"Shanghai Jiao Tong University","ror":"https://ror.org/0220qvk04","country_code":"CN","type":"education","lineage":["https://openalex.org/I183067930"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Jinlei Li","raw_affiliation_strings":["Department of Computer Science and Engineering, Shanghai Jiao Tong University, Shanghai, China"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science and Engineering, Shanghai Jiao Tong University, Shanghai, China","institution_ids":["https://openalex.org/I183067930"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5076583947","display_name":"Yan Meng","orcid":"https://orcid.org/0000-0001-5445-0347"},"institutions":[{"id":"https://openalex.org/I183067930","display_name":"Shanghai Jiao Tong University","ror":"https://ror.org/0220qvk04","country_code":"CN","type":"education","lineage":["https://openalex.org/I183067930"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yan Meng","raw_affiliation_strings":["Department of Computer Science and Engineering, Shanghai Jiao Tong University, Shanghai, China"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science and Engineering, Shanghai Jiao Tong University, Shanghai, China","institution_ids":["https://openalex.org/I183067930"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5039106671","display_name":"Haojin Zhu","orcid":"https://orcid.org/0000-0001-5079-4556"},"institutions":[{"id":"https://openalex.org/I183067930","display_name":"Shanghai Jiao Tong University","ror":"https://ror.org/0220qvk04","country_code":"CN","type":"education","lineage":["https://openalex.org/I183067930"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Haojin Zhu","raw_affiliation_strings":["Department of Computer Science and Engineering, Shanghai Jiao Tong University, Shanghai, China"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science and Engineering, Shanghai Jiao Tong University, Shanghai, China","institution_ids":["https://openalex.org/I183067930"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5105068598"],"corresponding_institution_ids":["https://openalex.org/I183067930"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.23329393,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"5937","last_page":"5944"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8339479565620422},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.5776803493499756},{"id":"https://openalex.org/keywords/precision-and-recall","display_name":"Precision and recall","score":0.5612920522689819},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.4705289602279663},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.4667133688926697},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.4658921957015991},{"id":"https://openalex.org/keywords/generalization","display_name":"Generalization","score":0.4647684693336487},{"id":"https://openalex.org/keywords/set","display_name":"Set (abstract data type)","score":0.4546606242656708},{"id":"https://openalex.org/keywords/ensemble-learning","display_name":"Ensemble learning","score":0.4354253113269806},{"id":"https://openalex.org/keywords/metric","display_name":"Metric (unit)","score":0.4235590696334839},{"id":"https://openalex.org/keywords/workflow","display_name":"Workflow","score":0.4225434958934784},{"id":"https://openalex.org/keywords/outlier","display_name":"Outlier","score":0.412987619638443},{"id":"https://openalex.org/keywords/database","display_name":"Database","score":0.14657101035118103}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8339479565620422},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.5776803493499756},{"id":"https://openalex.org/C81669768","wikidata":"https://www.wikidata.org/wiki/Q2359161","display_name":"Precision and recall","level":2,"score":0.5612920522689819},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.4705289602279663},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.4667133688926697},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.4658921957015991},{"id":"https://openalex.org/C177148314","wikidata":"https://www.wikidata.org/wiki/Q170084","display_name":"Generalization","level":2,"score":0.4647684693336487},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.4546606242656708},{"id":"https://openalex.org/C45942800","wikidata":"https://www.wikidata.org/wiki/Q245652","display_name":"Ensemble learning","level":2,"score":0.4354253113269806},{"id":"https://openalex.org/C176217482","wikidata":"https://www.wikidata.org/wiki/Q860554","display_name":"Metric (unit)","level":2,"score":0.4235590696334839},{"id":"https://openalex.org/C177212765","wikidata":"https://www.wikidata.org/wiki/Q627335","display_name":"Workflow","level":2,"score":0.4225434958934784},{"id":"https://openalex.org/C79337645","wikidata":"https://www.wikidata.org/wiki/Q779824","display_name":"Outlier","level":2,"score":0.412987619638443},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.14657101035118103},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0},{"id":"https://openalex.org/C134306372","wikidata":"https://www.wikidata.org/wiki/Q7754","display_name":"Mathematical analysis","level":1,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0},{"id":"https://openalex.org/C21547014","wikidata":"https://www.wikidata.org/wiki/Q1423657","display_name":"Operations management","level":1,"score":0.0},{"id":"https://openalex.org/C162324750","wikidata":"https://www.wikidata.org/wiki/Q8134","display_name":"Economics","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/bigdata47090.2019.9005988","is_oa":false,"landing_page_url":"https://doi.org/10.1109/bigdata47090.2019.9005988","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2019 IEEE International Conference on Big Data (Big Data)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":45,"referenced_works":["https://openalex.org/W139675679","https://openalex.org/W273955616","https://openalex.org/W332597898","https://openalex.org/W1576442155","https://openalex.org/W1591261915","https://openalex.org/W1678356000","https://openalex.org/W1775823180","https://openalex.org/W1880262756","https://openalex.org/W1993220166","https://openalex.org/W1994410331","https://openalex.org/W1999318832","https://openalex.org/W2015452969","https://openalex.org/W2039157918","https://openalex.org/W2104933073","https://openalex.org/W2108564850","https://openalex.org/W2120416238","https://openalex.org/W2128240246","https://openalex.org/W2132791018","https://openalex.org/W2148143831","https://openalex.org/W2164330572","https://openalex.org/W2232142723","https://openalex.org/W2295598076","https://openalex.org/W2481071203","https://openalex.org/W2755121186","https://openalex.org/W2767094836","https://openalex.org/W2768348081","https://openalex.org/W2783287794","https://openalex.org/W2912934387","https://openalex.org/W2963877897","https://openalex.org/W2964022491","https://openalex.org/W2969841870","https://openalex.org/W3008365266","https://openalex.org/W3102476541","https://openalex.org/W3124818708","https://openalex.org/W3155649056","https://openalex.org/W4235456164","https://openalex.org/W6610017368","https://openalex.org/W6634357899","https://openalex.org/W6637404493","https://openalex.org/W6638237922","https://openalex.org/W6639619044","https://openalex.org/W6675634716","https://openalex.org/W6679745481","https://openalex.org/W6745609711","https://openalex.org/W6750729320"],"related_works":["https://openalex.org/W1981780420","https://openalex.org/W2182707996","https://openalex.org/W45233828","https://openalex.org/W2964988449","https://openalex.org/W2499612753","https://openalex.org/W3111802945","https://openalex.org/W2946096271","https://openalex.org/W2295423552","https://openalex.org/W1598471830","https://openalex.org/W3107369729"],"abstract_inverted_index":{"Web":[0],"services":[1],"from":[2,130,146],"large-scale":[3],"systems":[4,13,85],"are":[5,14,99],"prevalent":[6],"all":[7],"over":[8],"the":[9,41,56,71,94,106,162,203,213],"world.":[10],"However,":[11],"these":[12],"naturally":[15],"vulnerable":[16],"and":[17,64,164,172],"incline":[18],"to":[19,77,89,105,123,141,160,176],"be":[20,78,87,121],"intruded":[21],"by":[22,39,193],"adversaries":[23],"for":[24,101,180],"illegal":[25],"benefits.":[26],"To":[27,69],"detect":[28],"anomalous":[29],"events,":[30],"previous":[31],"works":[32,53],"focus":[33],"on":[34,47,187,212],"inspecting":[35],"raw":[36],"system":[37,67,91],"logs":[38,74,95],"identifying":[40],"outliers":[42],"in":[43],"workflows":[44],"or":[45],"relying":[46],"machine":[48],"learning":[49],"methods.":[50],"Though":[51],"those":[52],"successfully":[54],"identify":[55],"anomalies,":[57],"their":[58],"models":[59,179],"use":[60,167],"large":[61],"training":[62],"set":[63],"process":[65],"whole":[66,214],"logs.":[68,92],"reduce":[70],"quantity":[72],"of":[73,109,152,205],"that":[75,96],"need":[76],"processed,":[79],"high":[80],"recall":[81],"suspicious":[82,126,144,188],"network":[83,110,127,189],"alert":[84],"can":[86],"applied":[88],"preprocess":[90],"Only":[93],"trigger":[97],"alerts":[98,112,129,145,190],"retrieved":[100],"further":[102],"usage.":[103],"Due":[104],"universally":[107],"usage":[108],"traffic":[111,128],"among":[113],"Security":[114],"Operations":[115],"Center,":[116],"anomalies":[117],"detection":[118],"problems":[119],"could":[120],"transformed":[122],"classify":[124],"truly":[125,143],"false":[131,147],"alerts.":[132,148],"In":[133],"this":[134],"work,":[135],"we":[136,183],"propose":[137],"an":[138],"ensemble":[139,178],"model":[140,150,209],"distinguish":[142],"Our":[149],"consists":[151],"two":[153],"sub-models":[154],"with":[155],"different":[156],"feature":[157],"extraction":[158],"strategies":[159],"ensure":[161],"diversity":[163],"generalization.":[165],"We":[166],"decision":[168],"tree":[169],"based":[170],"boosters":[171],"deep":[173],"neural":[174],"networks":[175],"build":[177],"classification.":[181],"Finally,":[182],"evaluate":[184],"our":[185,208],"approach":[186],"dataset":[191],"provided":[192],"2019":[194],"IEEE":[195],"BigData":[196],"Cup:":[197],"Suspicious":[198],"Network":[199],"Event":[200],"Recognition.":[201],"Under":[202],"metric":[204],"AUC":[206],"scores,":[207],"achieves":[210],"0.9068":[211],"testing":[215],"set.":[216]},"counts_by_year":[],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}