{"id":"https://openalex.org/W4301358380","doi":"https://doi.org/10.1109/csr54599.2022.9850307","title":"Ensemble of Random and Isolation Forests for Graph-Based Intrusion Detection in Containers","display_name":"Ensemble of Random and Isolation Forests for Graph-Based Intrusion Detection in Containers","publication_year":2022,"publication_date":"2022-07-27","ids":{"openalex":"https://openalex.org/W4301358380","doi":"https://doi.org/10.1109/csr54599.2022.9850307"},"language":"en","primary_location":{"id":"doi:10.1109/csr54599.2022.9850307","is_oa":false,"landing_page_url":"https://doi.org/10.1109/csr54599.2022.9850307","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2022 IEEE International Conference on Cyber Security and Resilience (CSR)","raw_type":"proceedings-article"},"type":"preprint","indexed_in":["arxiv","crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://arxiv.org/pdf/2306.14750","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5072710110","display_name":"Alfonso Iacovazzi","orcid":"https://orcid.org/0000-0001-6116-164X"},"institutions":[{"id":"https://openalex.org/I2800664555","display_name":"RISE Research Institutes of Sweden","ror":"https://ror.org/03nnxqz81","country_code":"SE","type":"other","lineage":["https://openalex.org/I2800664555"]}],"countries":["SE"],"is_corresponding":true,"raw_author_name":"Alfonso Iacovazzi","raw_affiliation_strings":["RISE Research Institutes of Sweden,Stockholm,Sweden","RISE Research Institutes of Sweden, Stockholm, Sweden"],"affiliations":[{"raw_affiliation_string":"RISE Research Institutes of Sweden,Stockholm,Sweden","institution_ids":["https://openalex.org/I2800664555"]},{"raw_affiliation_string":"RISE Research Institutes of Sweden, Stockholm, Sweden","institution_ids":["https://openalex.org/I2800664555"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5001344842","display_name":"Shahid Raza","orcid":"https://orcid.org/0000-0001-8192-0893"},"institutions":[{"id":"https://openalex.org/I2800664555","display_name":"RISE Research Institutes of Sweden","ror":"https://ror.org/03nnxqz81","country_code":"SE","type":"other","lineage":["https://openalex.org/I2800664555"]}],"countries":["SE"],"is_corresponding":false,"raw_author_name":"Shahid Raza","raw_affiliation_strings":["RISE Research Institutes of Sweden,Stockholm,Sweden","RISE Research Institutes of Sweden, Stockholm, Sweden"],"affiliations":[{"raw_affiliation_string":"RISE Research Institutes of Sweden,Stockholm,Sweden","institution_ids":["https://openalex.org/I2800664555"]},{"raw_affiliation_string":"RISE Research Institutes of Sweden, Stockholm, Sweden","institution_ids":["https://openalex.org/I2800664555"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5072710110"],"corresponding_institution_ids":["https://openalex.org/I2800664555"],"apc_list":null,"apc_paid":null,"fwci":1.2843,"has_fulltext":true,"cited_by_count":9,"citation_normalized_percentile":{"value":0.81232206,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":94,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"30","last_page":"37"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9986000061035156,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9983000159263611,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/random-forest","display_name":"Random forest","score":0.7512834072113037},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7509159445762634},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.6974914073944092},{"id":"https://openalex.org/keywords/false-positive-paradox","display_name":"False positive paradox","score":0.6324692964553833},{"id":"https://openalex.org/keywords/ensemble-learning","display_name":"Ensemble learning","score":0.6107208132743835},{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.5414924025535583},{"id":"https://openalex.org/keywords/kernel","display_name":"Kernel (algebra)","score":0.5272794365882874},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.49524298310279846},{"id":"https://openalex.org/keywords/isolation","display_name":"Isolation (microbiology)","score":0.4789334237575531},{"id":"https://openalex.org/keywords/container","display_name":"Container (type theory)","score":0.42913055419921875},{"id":"https://openalex.org/keywords/system-call","display_name":"System call","score":0.42892682552337646},{"id":"https://openalex.org/keywords/graph","display_name":"Graph","score":0.4243539869785309},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.36577609181404114},{"id":"https://openalex.org/keywords/pattern-recognition","display_name":"Pattern recognition (psychology)","score":0.3590910732746124},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.34309902787208557},{"id":"https://openalex.org/keywords/theoretical-computer-science","display_name":"Theoretical computer science","score":0.2194356918334961},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.12236517667770386},{"id":"https://openalex.org/keywords/mathematics","display_name":"Mathematics","score":0.11826211214065552},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.09023687243461609}],"concepts":[{"id":"https://openalex.org/C169258074","wikidata":"https://www.wikidata.org/wiki/Q245748","display_name":"Random forest","level":2,"score":0.7512834072113037},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7509159445762634},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.6974914073944092},{"id":"https://openalex.org/C64869954","wikidata":"https://www.wikidata.org/wiki/Q1859747","display_name":"False positive paradox","level":2,"score":0.6324692964553833},{"id":"https://openalex.org/C45942800","wikidata":"https://www.wikidata.org/wiki/Q245652","display_name":"Ensemble learning","level":2,"score":0.6107208132743835},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.5414924025535583},{"id":"https://openalex.org/C74193536","wikidata":"https://www.wikidata.org/wiki/Q574844","display_name":"Kernel (algebra)","level":2,"score":0.5272794365882874},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.49524298310279846},{"id":"https://openalex.org/C2775941552","wikidata":"https://www.wikidata.org/wiki/Q25212305","display_name":"Isolation (microbiology)","level":2,"score":0.4789334237575531},{"id":"https://openalex.org/C2781018962","wikidata":"https://www.wikidata.org/wiki/Q5164884","display_name":"Container (type theory)","level":2,"score":0.42913055419921875},{"id":"https://openalex.org/C2778579508","wikidata":"https://www.wikidata.org/wiki/Q722192","display_name":"System call","level":2,"score":0.42892682552337646},{"id":"https://openalex.org/C132525143","wikidata":"https://www.wikidata.org/wiki/Q141488","display_name":"Graph","level":2,"score":0.4243539869785309},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.36577609181404114},{"id":"https://openalex.org/C153180895","wikidata":"https://www.wikidata.org/wiki/Q7148389","display_name":"Pattern recognition (psychology)","level":2,"score":0.3590910732746124},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.34309902787208557},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.2194356918334961},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.12236517667770386},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.11826211214065552},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.09023687243461609},{"id":"https://openalex.org/C89423630","wikidata":"https://www.wikidata.org/wiki/Q7193","display_name":"Microbiology","level":1,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C114614502","wikidata":"https://www.wikidata.org/wiki/Q76592","display_name":"Combinatorics","level":1,"score":0.0},{"id":"https://openalex.org/C78519656","wikidata":"https://www.wikidata.org/wiki/Q101333","display_name":"Mechanical engineering","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/csr54599.2022.9850307","is_oa":false,"landing_page_url":"https://doi.org/10.1109/csr54599.2022.9850307","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2022 IEEE International Conference on Cyber Security and Resilience (CSR)","raw_type":"proceedings-article"},{"id":"pmh:oai:arXiv.org:2306.14750","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2306.14750","pdf_url":"https://arxiv.org/pdf/2306.14750","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"}],"best_oa_location":{"id":"pmh:oai:arXiv.org:2306.14750","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2306.14750","pdf_url":"https://arxiv.org/pdf/2306.14750","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/15","score":0.7699999809265137,"display_name":"Life in Land"}],"awards":[{"id":"https://openalex.org/G1357117299","display_name":null,"funder_award_id":"101020259","funder_id":"https://openalex.org/F4320332999","funder_display_name":"Horizon 2020 Framework Programme"},{"id":"https://openalex.org/G3418842755","display_name":null,"funder_award_id":"830927","funder_id":"https://openalex.org/F4320332999","funder_display_name":"Horizon 2020 Framework Programme"},{"id":"https://openalex.org/G7331901853","display_name":null,"funder_award_id":"EU H2020","funder_id":"https://openalex.org/F4320332999","funder_display_name":"Horizon 2020 Framework Programme"}],"funders":[{"id":"https://openalex.org/F4320332999","display_name":"Horizon 2020 Framework Programme","ror":"https://ror.org/00k4n6c32"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4301358380.pdf","grobid_xml":"https://content.openalex.org/works/W4301358380.grobid-xml"},"referenced_works_count":35,"referenced_works":["https://openalex.org/W433644524","https://openalex.org/W1488038755","https://openalex.org/W1545915796","https://openalex.org/W1941427975","https://openalex.org/W1975415766","https://openalex.org/W2023953679","https://openalex.org/W2047350783","https://openalex.org/W2087347434","https://openalex.org/W2101916222","https://openalex.org/W2105497548","https://openalex.org/W2113242816","https://openalex.org/W2153919695","https://openalex.org/W2173213060","https://openalex.org/W2184107019","https://openalex.org/W2239647876","https://openalex.org/W2296335794","https://openalex.org/W2296719434","https://openalex.org/W2416989529","https://openalex.org/W2738336658","https://openalex.org/W2782735691","https://openalex.org/W2803303416","https://openalex.org/W2805759893","https://openalex.org/W2807656656","https://openalex.org/W2885766119","https://openalex.org/W2896179526","https://openalex.org/W2900713154","https://openalex.org/W2911505293","https://openalex.org/W3092118421","https://openalex.org/W3137796910","https://openalex.org/W3176721776","https://openalex.org/W4254182148","https://openalex.org/W6675613107","https://openalex.org/W6697144307","https://openalex.org/W6751555526","https://openalex.org/W6751855928"],"related_works":["https://openalex.org/W1969635302","https://openalex.org/W2183313954","https://openalex.org/W3152476155","https://openalex.org/W2376046849","https://openalex.org/W3146948916","https://openalex.org/W1973375107","https://openalex.org/W2148459958","https://openalex.org/W2380456765","https://openalex.org/W2979275584","https://openalex.org/W2613170208"],"abstract_inverted_index":{"We":[0,82],"propose":[1],"a":[2,59,66,84,89],"novel":[3],"solution":[4,25,97],"combining":[5],"supervised":[6],"and":[7,33,61,111,122],"unsupervised":[8],"machine":[9],"learning":[10],"models":[11],"for":[12],"intrusion":[13],"detection":[14,120],"at":[15,45],"kernel":[16,49],"level":[17],"in":[18,88,92,108,126],"cloud":[19,109],"containers.":[20],"In":[21],"particular,":[22],"the":[23,46,70,79,99,127],"proposed":[24],"is":[26,74],"built":[27],"over":[28],"an":[29],"ensemble":[30,80],"of":[31,39,53,69,86],"random":[32],"isolation":[34],"forests":[35],"trained":[36],"on":[37],"sequences":[38],"system":[40,54],"calls":[41,55],"that":[42,104,115],"are":[43,56],"collected":[44],"hosting":[47],"machine's":[48],"level.":[50],"The":[51],"sequence":[52],"translated":[57],"into":[58],"weighted":[60],"directed":[62],"graph":[63],"to":[64,78,94],"obtain":[65],"compact":[67],"description":[68],"container":[71],"behavior,":[72],"which":[73],"given":[75],"as":[76],"input":[77],"model.":[81],"executed":[83],"set":[85],"experiments":[87],"controlled":[90],"environment":[91],"order":[93],"test":[95],"our":[96,112],"against":[98],"two":[100],"most":[101],"common":[102],"threats":[103],"have":[105],"been":[106],"identified":[107],"containers,":[110],"results":[113],"show":[114],"we":[116],"can":[117],"achieve":[118],"high":[119],"rates":[121],"low":[123],"false":[124],"positives":[125],"tested":[128],"attacks.":[129]},"counts_by_year":[{"year":2025,"cited_by_count":3},{"year":2024,"cited_by_count":2},{"year":2023,"cited_by_count":4}],"updated_date":"2026-04-10T15:06:20.359241","created_date":"2025-10-10T00:00:00"}