{"id":"https://openalex.org/W3195845342","doi":"https://doi.org/10.1109/ecai52376.2021.9515120","title":"Cyber Attacks Detection Using Open Source ELK Stack","display_name":"Cyber Attacks Detection Using Open Source ELK Stack","publication_year":2021,"publication_date":"2021-07-01","ids":{"openalex":"https://openalex.org/W3195845342","doi":"https://doi.org/10.1109/ecai52376.2021.9515120","mag":"3195845342"},"language":"en","primary_location":{"id":"doi:10.1109/ecai52376.2021.9515120","is_oa":false,"landing_page_url":"https://doi.org/10.1109/ecai52376.2021.9515120","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2021 13th International Conference on Electronics, Computers and Artificial Intelligence (ECAI)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5066159463","display_name":"R\u0103zvan Stoleriu","orcid":null},"institutions":[{"id":"https://openalex.org/I2802885015","display_name":"Military Technical Academy","ror":"https://ror.org/01tqmsq19","country_code":"RO","type":"education","lineage":["https://openalex.org/I2802885015"]}],"countries":["RO"],"is_corresponding":true,"raw_author_name":"Razvan Stoleriu","raw_affiliation_strings":["\u201cFerdinand I\u201d Military Technical Academy, Bucharest, Romania","\"Ferdinand I\" Military Technical Academy, Bucharest, Romania"],"affiliations":[{"raw_affiliation_string":"\u201cFerdinand I\u201d Military Technical Academy, Bucharest, Romania","institution_ids":["https://openalex.org/I2802885015"]},{"raw_affiliation_string":"\"Ferdinand I\" Military Technical Academy, Bucharest, Romania","institution_ids":["https://openalex.org/I2802885015"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5055423302","display_name":"Alin Puncioiu","orcid":null},"institutions":[{"id":"https://openalex.org/I2802885015","display_name":"Military Technical Academy","ror":"https://ror.org/01tqmsq19","country_code":"RO","type":"education","lineage":["https://openalex.org/I2802885015"]}],"countries":["RO"],"is_corresponding":false,"raw_author_name":"Alin Puncioiu","raw_affiliation_strings":["\u201cFerdinand I\u201d Military Technical Academy, Bucharest, Romania","\"Ferdinand I\" Military Technical Academy, Bucharest, Romania"],"affiliations":[{"raw_affiliation_string":"\u201cFerdinand I\u201d Military Technical Academy, Bucharest, Romania","institution_ids":["https://openalex.org/I2802885015"]},{"raw_affiliation_string":"\"Ferdinand I\" Military Technical Academy, Bucharest, Romania","institution_ids":["https://openalex.org/I2802885015"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5083782864","display_name":"Ion Bica","orcid":"https://orcid.org/0000-0002-0890-4376"},"institutions":[{"id":"https://openalex.org/I2802885015","display_name":"Military Technical Academy","ror":"https://ror.org/01tqmsq19","country_code":"RO","type":"education","lineage":["https://openalex.org/I2802885015"]}],"countries":["RO"],"is_corresponding":false,"raw_author_name":"Ion Bica","raw_affiliation_strings":["\u201cFerdinand I\u201d Military Technical Academy, Bucharest, Romania","\"Ferdinand I\" Military Technical Academy, Bucharest, Romania"],"affiliations":[{"raw_affiliation_string":"\u201cFerdinand I\u201d Military Technical Academy, Bucharest, Romania","institution_ids":["https://openalex.org/I2802885015"]},{"raw_affiliation_string":"\"Ferdinand I\" Military Technical Academy, Bucharest, Romania","institution_ids":["https://openalex.org/I2802885015"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5066159463"],"corresponding_institution_ids":["https://openalex.org/I2802885015"],"apc_list":null,"apc_paid":null,"fwci":1.8337,"has_fulltext":false,"cited_by_count":15,"citation_normalized_percentile":{"value":0.85929861,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":96,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"6"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9957000017166138,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.991100013256073,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8183009028434753},{"id":"https://openalex.org/keywords/geolocation","display_name":"Geolocation","score":0.687543511390686},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.5335937738418579},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5120239853858948},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.264593243598938}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8183009028434753},{"id":"https://openalex.org/C22041718","wikidata":"https://www.wikidata.org/wiki/Q638949","display_name":"Geolocation","level":2,"score":0.687543511390686},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.5335937738418579},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5120239853858948},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.264593243598938}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/ecai52376.2021.9515120","is_oa":false,"landing_page_url":"https://doi.org/10.1109/ecai52376.2021.9515120","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2021 13th International Conference on Electronics, Computers and Artificial Intelligence (ECAI)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.46000000834465027,"id":"https://metadata.un.org/sdg/9","display_name":"Industry, innovation and infrastructure"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":2,"referenced_works":["https://openalex.org/W2978008403","https://openalex.org/W6768500618"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2899084033","https://openalex.org/W2748952813","https://openalex.org/W2163194970","https://openalex.org/W3105229732","https://openalex.org/W2799094075","https://openalex.org/W2892370851","https://openalex.org/W2187946387","https://openalex.org/W2052024186","https://openalex.org/W4390237811"],"abstract_inverted_index":{"Nowadays,":[0],"when":[1],"computer":[2],"technology":[3,133],"plays":[4],"an":[5,147,173],"important":[6],"role":[7],"in":[8,221,258,266],"our":[9],"lives,":[10],"attackers":[11,36],"develop":[12],"new":[13,114],"techniques":[14,95,179],"and":[15,76,96,105,120,123,153,159,243],"tools":[16],"that":[17,32],"target":[18],"these":[19,41,85],"systems.":[20],"Over":[21],"time,":[22],"there":[23],"were":[24,186,261],"hundreds":[25],"of":[26,44,57,93,169,203,226,247,254],"papers":[27],"written":[28],"with":[29,129,196,214,230,251],"security":[30,132],"methods":[31],"help":[33,253],"to":[34,47,78,84,118,172,239,263],"detect":[35],"inside":[37],"corporate":[38],"environments.":[39],"Unfortunately,":[40],"days":[42],"many":[43],"them":[45],"seem":[46],"be":[48,79],"obsolete":[49],"or":[50,67],"at":[51,156],"least":[52],"not":[53,70],"so":[54],"efficient":[55],"because":[56],"few":[58],"simple":[59],"reasons:":[60],"their":[61],"focus":[62],"was":[63],"on":[64],"either":[65],"network":[66,158,212,268],"endpoint":[68,160],"security,":[69],"both,":[71],"they":[72],"are":[73],"very":[74],"simplistic":[75],"easy":[77],"by":[80,109],"passed.":[81],"In":[82,162],"response":[83],"deficiencies,":[86],"a":[87,91,102,106,130,167],"combined":[88],"implementation":[89],"using":[90,178,188],"mix":[92],"proactive":[94],"threat":[97],"anticipation":[98],"mechanisms":[99],"would":[100],"bring":[101],"fast":[103],"detection":[104,152],"rapid":[107],"response,":[108],"leveraging":[110],"automation":[111],"technologies.":[112],"This":[113],"approach":[115],"is":[116],"applicable":[117],"small":[119],"mid-size":[121],"enterprises":[122],"includes":[124],"the":[125,157,181,189,201,211,218,224,227,231,252,267],"ELK":[126,190,228],"stack":[127,229],"integrated":[128,194],"robust":[131],"stack,":[134],"as":[135,137],"well":[136],"different":[138],"open-source":[139],"Threat":[140,176],"Intelligence":[141],"platforms.":[142],"Thus,":[143],"we":[144,165,208,260],"put":[145],"together":[146],"exhaustive":[148],"system":[149],"for":[150,198,245],"cyber-attacks":[151],"analysis":[154],"both":[155],"level.":[161],"this":[163],"paper,":[164],"achieved":[166],"series":[168],"attacks":[170],"specific":[171],"Advanced":[174],"Persistent":[175],"(APT),":[177],"from":[180],"MITRE":[182],"ATT&CK":[183],"matrix,":[184],"which":[185],"detected":[187],"stack.":[191],"We":[192],"have":[193,209],"Elasticsearch":[195],"VirusTotal":[197],"automatically":[199],"querying":[200],"hashes":[202],"some":[204],"malicious":[205],"files.":[206],"Besides,":[207],"enriched":[210],"logs":[213],"geolocation":[215],"information":[216,233],"through":[217],"GeoIP":[219],"processor":[220],"Logstash.":[222],"Moreover,":[223],"integration":[225],"malware":[232],"sharing":[234],"platform":[235],"(MISP)":[236],"allowed":[237],"us":[238],"perform":[240],"real-time":[241],"searches":[242],"enrichments":[244],"indicators":[246],"compromise":[248],"(IOCs).":[249],"Lastly,":[250],"Machine":[255],"Learning":[256],"algorithms":[257],"Elasticsearch,":[259],"able":[262],"identify":[264],"anomalies":[265],"traffic":[269],"(DNS/HTTP":[270],"data":[271],"exfiltration).":[272]},"counts_by_year":[{"year":2025,"cited_by_count":3},{"year":2024,"cited_by_count":6},{"year":2023,"cited_by_count":6}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}