{"id":"https://openalex.org/W4406458870","doi":"https://doi.org/10.1109/bigdata62323.2024.10825261","title":"CIA-EBE: Class Imbalance-Aware Event-Based Embedding for SOC Log Screening","display_name":"CIA-EBE: Class Imbalance-Aware Event-Based Embedding for SOC Log Screening","publication_year":2024,"publication_date":"2024-12-15","ids":{"openalex":"https://openalex.org/W4406458870","doi":"https://doi.org/10.1109/bigdata62323.2024.10825261"},"language":"en","primary_location":{"id":"doi:10.1109/bigdata62323.2024.10825261","is_oa":false,"landing_page_url":"https://doi.org/10.1109/bigdata62323.2024.10825261","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2024 IEEE International Conference on Big Data (BigData)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5016453346","display_name":"Samuel Ndichu","orcid":null},"institutions":[{"id":"https://openalex.org/I90023481","display_name":"National Institute of Information and Communications Technology","ror":"https://ror.org/016bgq349","country_code":"JP","type":"facility","lineage":["https://openalex.org/I90023481"]}],"countries":["JP"],"is_corresponding":true,"raw_author_name":"Samuel Ndichu","raw_affiliation_strings":["National Institute of Information and Communications Technology,Tokyo,Japan"],"affiliations":[{"raw_affiliation_string":"National Institute of Information and Communications Technology,Tokyo,Japan","institution_ids":["https://openalex.org/I90023481"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5014860606","display_name":"Tao Ban","orcid":"https://orcid.org/0000-0002-9616-3212"},"institutions":[{"id":"https://openalex.org/I90023481","display_name":"National Institute of Information and Communications Technology","ror":"https://ror.org/016bgq349","country_code":"JP","type":"facility","lineage":["https://openalex.org/I90023481"]}],"countries":["JP"],"is_corresponding":false,"raw_author_name":"Tao Ban","raw_affiliation_strings":["National Institute of Information and Communications Technology,Tokyo,Japan"],"affiliations":[{"raw_affiliation_string":"National Institute of Information and Communications Technology,Tokyo,Japan","institution_ids":["https://openalex.org/I90023481"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5029032117","display_name":"Takeshi Takahashi","orcid":"https://orcid.org/0000-0002-6477-7770"},"institutions":[{"id":"https://openalex.org/I90023481","display_name":"National Institute of Information and Communications Technology","ror":"https://ror.org/016bgq349","country_code":"JP","type":"facility","lineage":["https://openalex.org/I90023481"]}],"countries":["JP"],"is_corresponding":false,"raw_author_name":"Takeshi Takahashi","raw_affiliation_strings":["National Institute of Information and Communications Technology,Tokyo,Japan"],"affiliations":[{"raw_affiliation_string":"National Institute of Information and Communications Technology,Tokyo,Japan","institution_ids":["https://openalex.org/I90023481"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5038230397","display_name":"Takahiro Kasama","orcid":null},"institutions":[{"id":"https://openalex.org/I90023481","display_name":"National Institute of Information and Communications Technology","ror":"https://ror.org/016bgq349","country_code":"JP","type":"facility","lineage":["https://openalex.org/I90023481"]}],"countries":["JP"],"is_corresponding":false,"raw_author_name":"Takahiro Kasama","raw_affiliation_strings":["National Institute of Information and Communications Technology,Tokyo,Japan"],"affiliations":[{"raw_affiliation_string":"National Institute of Information and Communications Technology,Tokyo,Japan","institution_ids":["https://openalex.org/I90023481"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5016453346"],"corresponding_institution_ids":["https://openalex.org/I90023481"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.2999207,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"2653","last_page":"2662"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9991000294685364,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9991000294685364,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9988999962806702,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9965000152587891,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/class","display_name":"Class (philosophy)","score":0.6792331337928772},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6379423141479492},{"id":"https://openalex.org/keywords/event","display_name":"Event (particle physics)","score":0.5536999702453613},{"id":"https://openalex.org/keywords/embedding","display_name":"Embedding","score":0.49821901321411133},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.24762016534805298}],"concepts":[{"id":"https://openalex.org/C2777212361","wikidata":"https://www.wikidata.org/wiki/Q5127848","display_name":"Class (philosophy)","level":2,"score":0.6792331337928772},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6379423141479492},{"id":"https://openalex.org/C2779662365","wikidata":"https://www.wikidata.org/wiki/Q5416694","display_name":"Event (particle physics)","level":2,"score":0.5536999702453613},{"id":"https://openalex.org/C41608201","wikidata":"https://www.wikidata.org/wiki/Q980509","display_name":"Embedding","level":2,"score":0.49821901321411133},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.24762016534805298},{"id":"https://openalex.org/C62520636","wikidata":"https://www.wikidata.org/wiki/Q944","display_name":"Quantum mechanics","level":1,"score":0.0},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/bigdata62323.2024.10825261","is_oa":false,"landing_page_url":"https://doi.org/10.1109/bigdata62323.2024.10825261","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2024 IEEE International Conference on Big Data (BigData)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[{"id":"https://openalex.org/F4320325628","display_name":"Ministry of Internal Affairs and Communications","ror":"https://ror.org/00vs1pz50"},{"id":"https://openalex.org/F4320337504","display_name":"Research and Development","ror":"https://ror.org/027s68j25"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":47,"referenced_works":["https://openalex.org/W1966809779","https://openalex.org/W2119821739","https://openalex.org/W2122111042","https://openalex.org/W2148143831","https://openalex.org/W2149706766","https://openalex.org/W2187089797","https://openalex.org/W2295598076","https://openalex.org/W2783741806","https://openalex.org/W2913414826","https://openalex.org/W2963514026","https://openalex.org/W3011040471","https://openalex.org/W3026150618","https://openalex.org/W3047383742","https://openalex.org/W3116162237","https://openalex.org/W3118220620","https://openalex.org/W3119693685","https://openalex.org/W3124281509","https://openalex.org/W3142044733","https://openalex.org/W3158777740","https://openalex.org/W3162740817","https://openalex.org/W3208665740","https://openalex.org/W4205559658","https://openalex.org/W4214699222","https://openalex.org/W4226076142","https://openalex.org/W4280520332","https://openalex.org/W4283650315","https://openalex.org/W4297984369","https://openalex.org/W4312739050","https://openalex.org/W4315699905","https://openalex.org/W4381569470","https://openalex.org/W4385299056","https://openalex.org/W4387011098","https://openalex.org/W4387298163","https://openalex.org/W4389633842","https://openalex.org/W4389692502","https://openalex.org/W4392151675","https://openalex.org/W4400762160","https://openalex.org/W4400977459","https://openalex.org/W4401798873","https://openalex.org/W4402393692","https://openalex.org/W4402673612","https://openalex.org/W4403021791","https://openalex.org/W6636510571","https://openalex.org/W6637096788","https://openalex.org/W6679775712","https://openalex.org/W6682691769","https://openalex.org/W7000447106"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2899084033","https://openalex.org/W2748952813","https://openalex.org/W2081900870","https://openalex.org/W2390279801","https://openalex.org/W4391913857","https://openalex.org/W2358668433","https://openalex.org/W4396701345","https://openalex.org/W2376932109","https://openalex.org/W2001405890"],"abstract_inverted_index":{"Security":[0],"Operations":[1],"Centers":[2],"(SOCs)":[3],"face":[4],"significant":[5],"challenges":[6],"in":[7],"processing":[8],"large":[9],"volumes":[10],"of":[11,77,140,147,158],"event":[12],"logs.":[13],"Traditional":[14],"log":[15,58,149],"screening":[16,59,150],"methods":[17],"frequently":[18],"suffer":[19],"from":[20,83],"high":[21],"false":[22],"positive":[23],"rates":[24],"(FPR)":[25],"and":[26,86,96,105,126,134,156],"struggle":[27],"to":[28,55,152],"identify":[29],"subtle,":[30],"evolving":[31],"threats":[32],"such":[33,120],"as":[34,121],"reconnaissance":[35],"attacks,":[36],"which":[37],"often":[38],"precede":[39],"more":[40],"severe":[41],"intrusions.":[42],"This":[43,142],"paper":[44],"introduces":[45],"a":[46,80],"novel":[47],"Class":[48],"Imbalance-Aware":[49],"Event-Based":[50],"Embedding":[51,125],"(CIA-EBE)":[52],"approach":[53],"designed":[54],"enhance":[56,153],"SOC":[57,159],"by":[60],"transforming":[61],"individual":[62],"security":[63],"events":[64],"into":[65],"dense":[66],"vector":[67],"representations":[68],"while":[69],"emphasizing":[70],"minority-class":[71],"events.":[72],"We":[73],"evaluate":[74],"the":[75,109,130,138,145,154],"effectiveness":[76],"CIA-EBE":[78,101],"using":[79,114],"dataset":[81],"derived":[82],"Zeek":[84],"logs":[85],"compare":[87],"its":[88],"performance":[89],"against":[90],"conventional":[91],"embedding":[92],"techniques":[93,119],"like":[94],"Word2Vec":[95],"Doc2Vec":[97],"across":[98],"multiple":[99],"classifiers.":[100],"achieved":[102],"0%":[103],"FPR":[104],"100%":[106],"recall":[107],"with":[108,163],"Support":[110],"Vector":[111],"Machine":[112],"classifier":[113],"stratified":[115],"5-fold":[116],"cross-validation.":[117],"Visualization":[118],"t-distributed":[122],"Stochastic":[123],"Neighbor":[124],"hierarchical":[127],"clustering":[128],"validated":[129],"separation":[131],"between":[132],"attack":[133],"benign":[135],"events,":[136],"demonstrating":[137],"robustness":[139],"CIA-EBE.":[141],"study":[143],"illustrates":[144],"potential":[146],"AI-driven":[148],"approaches":[151],"accuracy":[155],"efficiency":[157],"operations,":[160],"equipping":[161],"analysts":[162],"improved":[164],"tools":[165],"for":[166],"early":[167],"cyber":[168],"threat":[169],"detection.":[170]},"counts_by_year":[],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}