{"id":"https://openalex.org/W2569399994","doi":"https://doi.org/10.1109/cist.2016.7805031","title":"Handling alerts for intrusion detection system using stateful pattern matching","display_name":"Handling alerts for intrusion detection system using stateful pattern matching","publication_year":2016,"publication_date":"2016-10-01","ids":{"openalex":"https://openalex.org/W2569399994","doi":"https://doi.org/10.1109/cist.2016.7805031","mag":"2569399994"},"language":"en","primary_location":{"id":"doi:10.1109/cist.2016.7805031","is_oa":false,"landing_page_url":"https://doi.org/10.1109/cist.2016.7805031","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2016 4th IEEE International Colloquium on Information Science and Technology (CiSt)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5045372841","display_name":"El Mostapha Chakir","orcid":"https://orcid.org/0000-0001-7944-6344"},"institutions":[{"id":"https://openalex.org/I4210145365","display_name":"Universit\u00e9 Hassan 1er","ror":"https://ror.org/03cdvht47","country_code":"MA","type":"education","lineage":["https://openalex.org/I4210145365"]}],"countries":["MA"],"is_corresponding":true,"raw_author_name":"El Mostapha Chakir","raw_affiliation_strings":["Mobility and Modeling IR2M, University Hassan First Settat, Morocco"],"affiliations":[{"raw_affiliation_string":"Mobility and Modeling IR2M, University Hassan First Settat, Morocco","institution_ids":["https://openalex.org/I4210145365"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5025179075","display_name":"Youness Idrissi Khamlichi","orcid":null},"institutions":[{"id":"https://openalex.org/I81605866","display_name":"Sidi Mohamed Ben Abdellah University","ror":"https://ror.org/04efg9a07","country_code":"MA","type":"education","lineage":["https://openalex.org/I81605866"]}],"countries":["MA"],"is_corresponding":false,"raw_author_name":"Youness Idrissi Khamlichi","raw_affiliation_strings":["Mobility and Modeling IR2M, University Sidi Mohamed Ben Abdellah FES, Morocco"],"affiliations":[{"raw_affiliation_string":"Mobility and Modeling IR2M, University Sidi Mohamed Ben Abdellah FES, Morocco","institution_ids":["https://openalex.org/I81605866"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5073432430","display_name":"Mohamed Moughit","orcid":"https://orcid.org/0000-0003-0453-351X"},"institutions":[{"id":"https://openalex.org/I81605866","display_name":"Sidi Mohamed Ben Abdellah University","ror":"https://ror.org/04efg9a07","country_code":"MA","type":"education","lineage":["https://openalex.org/I81605866"]}],"countries":["MA"],"is_corresponding":false,"raw_author_name":"Mohamed Moughit","raw_affiliation_strings":["Mobility and Modeling IR2M, University Sidi Mohamed Ben Abdellah FES, Morocco"],"affiliations":[{"raw_affiliation_string":"Mobility and Modeling IR2M, University Sidi Mohamed Ben Abdellah FES, Morocco","institution_ids":["https://openalex.org/I81605866"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5045372841"],"corresponding_institution_ids":["https://openalex.org/I4210145365"],"apc_list":null,"apc_paid":null,"fwci":2.0268,"has_fulltext":false,"cited_by_count":9,"citation_normalized_percentile":{"value":0.88656271,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":98},"biblio":{"volume":"11","issue":null,"first_page":"139","last_page":"144"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9987999796867371,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.998199999332428,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.8567183017730713},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8536137342453003},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.5811254978179932},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.5213119387626648},{"id":"https://openalex.org/keywords/stateful-firewall","display_name":"Stateful firewall","score":0.4843667447566986},{"id":"https://openalex.org/keywords/matching","display_name":"Matching (statistics)","score":0.47532251477241516},{"id":"https://openalex.org/keywords/anomaly-based-intrusion-detection-system","display_name":"Anomaly-based intrusion detection system","score":0.47264307737350464},{"id":"https://openalex.org/keywords/attack-patterns","display_name":"Attack patterns","score":0.4461732506752014},{"id":"https://openalex.org/keywords/pattern-matching","display_name":"Pattern matching","score":0.4404100477695465},{"id":"https://openalex.org/keywords/misuse-detection","display_name":"Misuse detection","score":0.43766412138938904},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.3834753632545471},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.33748114109039307},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.3183307647705078}],"concepts":[{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.8567183017730713},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8536137342453003},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.5811254978179932},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.5213119387626648},{"id":"https://openalex.org/C22927095","wikidata":"https://www.wikidata.org/wiki/Q1784206","display_name":"Stateful firewall","level":3,"score":0.4843667447566986},{"id":"https://openalex.org/C165064840","wikidata":"https://www.wikidata.org/wiki/Q1321061","display_name":"Matching (statistics)","level":2,"score":0.47532251477241516},{"id":"https://openalex.org/C137524506","wikidata":"https://www.wikidata.org/wiki/Q2247688","display_name":"Anomaly-based intrusion detection system","level":3,"score":0.47264307737350464},{"id":"https://openalex.org/C2780741293","wikidata":"https://www.wikidata.org/wiki/Q4818019","display_name":"Attack patterns","level":3,"score":0.4461732506752014},{"id":"https://openalex.org/C68859911","wikidata":"https://www.wikidata.org/wiki/Q1503724","display_name":"Pattern matching","level":2,"score":0.4404100477695465},{"id":"https://openalex.org/C2776973144","wikidata":"https://www.wikidata.org/wiki/Q6880649","display_name":"Misuse detection","level":4,"score":0.43766412138938904},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3834753632545471},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.33748114109039307},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.3183307647705078},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0},{"id":"https://openalex.org/C158379750","wikidata":"https://www.wikidata.org/wiki/Q214111","display_name":"Network packet","level":2,"score":0.0},{"id":"https://openalex.org/C105795698","wikidata":"https://www.wikidata.org/wiki/Q12483","display_name":"Statistics","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/cist.2016.7805031","is_oa":false,"landing_page_url":"https://doi.org/10.1109/cist.2016.7805031","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2016 4th IEEE International Colloquium on Information Science and Technology (CiSt)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":27,"referenced_works":["https://openalex.org/W1576154654","https://openalex.org/W1601789105","https://openalex.org/W1962980066","https://openalex.org/W1991830413","https://openalex.org/W1999448603","https://openalex.org/W2000975802","https://openalex.org/W2078780684","https://openalex.org/W2146341912","https://openalex.org/W2161830378","https://openalex.org/W2162761309","https://openalex.org/W2167421717","https://openalex.org/W2170701348","https://openalex.org/W2186855930","https://openalex.org/W2188727410","https://openalex.org/W2410065246","https://openalex.org/W2613359208","https://openalex.org/W3005805959","https://openalex.org/W3215873204","https://openalex.org/W4251199811","https://openalex.org/W6616887881","https://openalex.org/W6634785387","https://openalex.org/W6635743040","https://openalex.org/W6670273682","https://openalex.org/W6685333406","https://openalex.org/W6687068662","https://openalex.org/W6687300718","https://openalex.org/W6737760903"],"related_works":["https://openalex.org/W2106474518","https://openalex.org/W2369534771","https://openalex.org/W3036013726","https://openalex.org/W2337148208","https://openalex.org/W2369225823","https://openalex.org/W2111890927","https://openalex.org/W1600113531","https://openalex.org/W2476296253","https://openalex.org/W2166199068","https://openalex.org/W2035106801"],"abstract_inverted_index":{"Over":[0],"the":[1,76,80,84,96,123,152,174,183],"years,":[2],"network":[3,17,20],"intrusion":[4,21,49],"detection":[5,22,50],"systems":[6,23,51],"have":[7,41],"evolved":[8],"to":[9,25,33,47,75,95,103,116,121,125,187],"handle":[10,122],"varying":[11],"types":[12,56],"of":[13,57,61,65,79,83,98,110],"threats.":[14],"These":[15],"days,":[16],"managers":[18],"expect":[19],"(IDS)":[24],"detect":[26],"attacks":[27,131],"and":[28,45,128,135,160,166,190],"include":[29],"anomaly-awareness,":[30],"in":[31,101,113],"addition":[32],"handling":[34],"older":[35],"threats":[36],"that":[37,150],"haven't":[38],"disappeared.":[39],"Researchers":[40],"proposed":[42,156],"different":[43,55],"methods":[44,100],"algorithms":[46],"improve":[48],"(IDS).":[52],"There":[53],"are":[54,63],"these":[58,89,106],"systems,":[59],"most":[60],"them":[62,127],"capable":[64],"detecting":[66],"many":[67,99],"attacks,":[68],"but":[69],"cannot":[70],"provide":[71],"a":[72,118,142,170],"clear":[73],"idea":[74],"analyst":[77],"because":[78],"huge":[81],"number":[82],"false":[85,133,193],"alerts":[86,134,159,189,194],"generated":[87],"by":[88],"systems.":[90],"This":[91],"weakness":[92],"has":[93],"led":[94],"emergence":[97],"which":[102],"deal":[104],"with":[105,169],"alerts.":[107],"The":[108,155],"aim":[109],"conducted":[111],"research":[112],"thisfield":[114],"is":[115,185],"propose":[117],"new":[119,143],"technique":[120],"alerts,":[124,163],"reduce":[126],"distinguish":[129],"real":[130],"from":[132],"low":[136,164],"importance":[137,165],"events.":[138],"In":[139],"this":[140],"paper":[141],"alert":[144],"classification":[145],"algorithm":[146,157],"for":[147],"IDS":[148],"proposed,":[149],"uses":[151],"Pattern":[153],"Matching.":[154],"reduces":[158],"distinguishes":[161],"serious":[162],"irrelevant":[167],"one":[168],"high":[171],"performance.":[172],"By":[173],"experimental":[175],"results":[176],"on":[177],"DARPA":[178],"KDD":[179],"cup":[180],"99":[181],"Dataset":[182],"system":[184],"able":[186],"classify":[188],"causes":[191],"reducing":[192],"considerably.":[195]},"counts_by_year":[{"year":2021,"cited_by_count":2},{"year":2019,"cited_by_count":2},{"year":2018,"cited_by_count":1},{"year":2017,"cited_by_count":4}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}