{"id":"https://openalex.org/W7141257961","doi":"https://doi.org/10.1109/icce67443.2026.11449910","title":"ALERT: A Closed-Loop SOC Agent for Web and API Security with CVE-Based Intelligence and Adaptive Anomaly Detection","display_name":"ALERT: A Closed-Loop SOC Agent for Web and API Security with CVE-Based Intelligence and Adaptive Anomaly Detection","publication_year":2026,"publication_date":"2026-02-03","ids":{"openalex":"https://openalex.org/W7141257961","doi":"https://doi.org/10.1109/icce67443.2026.11449910"},"language":null,"primary_location":{"id":"doi:10.1109/icce67443.2026.11449910","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icce67443.2026.11449910","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2026 IEEE International Conference on Consumer Electronics (ICCE)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5123027329","display_name":"Thirawat Sooksomstarn","orcid":null},"institutions":[{"id":"https://openalex.org/I204291657","display_name":"Hosei University","ror":"https://ror.org/00bx6dj65","country_code":"JP","type":"education","lineage":["https://openalex.org/I204291657"]}],"countries":["JP"],"is_corresponding":true,"raw_author_name":"Thirawat Sooksomstarn","raw_affiliation_strings":["Hosei University,Grad. School of Science and Engineering,Dept. of Applied Informatics,Tokyo,Japan"],"affiliations":[{"raw_affiliation_string":"Hosei University,Grad. School of Science and Engineering,Dept. of Applied Informatics,Tokyo,Japan","institution_ids":["https://openalex.org/I204291657"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5130751375","display_name":"Qian Wu","orcid":null},"institutions":[{"id":"https://openalex.org/I204291657","display_name":"Hosei University","ror":"https://ror.org/00bx6dj65","country_code":"JP","type":"education","lineage":["https://openalex.org/I204291657"]}],"countries":["JP"],"is_corresponding":false,"raw_author_name":"Qian Wu","raw_affiliation_strings":["Hosei University,Research Center for Computing and Multimedia Studies,Tokyo,Japan"],"affiliations":[{"raw_affiliation_string":"Hosei University,Research Center for Computing and Multimedia Studies,Tokyo,Japan","institution_ids":["https://openalex.org/I204291657"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5130740777","display_name":"Atsushi Kanai","orcid":null},"institutions":[{"id":"https://openalex.org/I204291657","display_name":"Hosei University","ror":"https://ror.org/00bx6dj65","country_code":"JP","type":"education","lineage":["https://openalex.org/I204291657"]}],"countries":["JP"],"is_corresponding":false,"raw_author_name":"Atsushi Kanai","raw_affiliation_strings":["Hosei University,Grad. School of Science and Engineering,Dept. of Applied Informatics,Tokyo,Japan"],"affiliations":[{"raw_affiliation_string":"Hosei University,Grad. School of Science and Engineering,Dept. of Applied Informatics,Tokyo,Japan","institution_ids":["https://openalex.org/I204291657"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5123027329"],"corresponding_institution_ids":["https://openalex.org/I204291657"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.93703148,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"6"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.311599999666214,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.311599999666214,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.2572999894618988,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12203","display_name":"Mobile Agent-Based Network Management","score":0.09160000085830688,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.5623000264167786},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.35280001163482666},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.31060001254081726},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.25940001010894775}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.663100004196167},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.5623000264167786},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.35280001163482666},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3165999948978424},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.31060001254081726},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.28839999437332153},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.25940001010894775},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.25870001316070557},{"id":"https://openalex.org/C118643609","wikidata":"https://www.wikidata.org/wiki/Q189210","display_name":"Web application","level":2,"score":0.25769999623298645},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.24979999661445618}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/icce67443.2026.11449910","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icce67443.2026.11449910","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2026 IEEE International Conference on Consumer Electronics (ICCE)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":10,"referenced_works":["https://openalex.org/W2149684865","https://openalex.org/W2295598076","https://openalex.org/W2296719434","https://openalex.org/W4361289962","https://openalex.org/W4393158805","https://openalex.org/W4396542442","https://openalex.org/W4400762160","https://openalex.org/W4409581796","https://openalex.org/W4411538180","https://openalex.org/W7130652904"],"related_works":[],"abstract_inverted_index":{"Web":[0],"and":[1,21,44,58,76,84,103,106,136,157,167,176],"Application":[2],"Programming":[3],"Interface":[4],"(API)":[5],"services":[6],"are":[7],"central":[8],"to":[9,16,163],"modern":[10],"digital":[11],"infrastructure":[12],"but":[13],"remain":[14],"vulnerable":[15],"injection":[17],"attacks,":[18],"authentication":[19],"bypasses,":[20],"zero-day":[22],"exploits.":[23],"Traditional":[24],"Security":[25],"Operations":[26],"Center":[27],"(SOC)":[28],"tools":[29],"rely":[30],"on":[31,119],"static,":[32],"signature-based":[33],"pipelines":[34],"that":[35,72],"generate":[36],"high":[37],"false":[38,149],"positives,":[39],"struggle":[40],"with":[41,68],"concept":[42],"drift,":[43],"provide":[45],"limited":[46],"decision":[47,92],"support.":[48],"This":[49],"paper":[50],"presents":[51],"ALERT":[52,94],"(Agentic":[53],"Learning":[54],"for":[55,155],"Event-driven":[56],"Response":[57],"Threat":[59],"Detection),":[60],"a":[61,69,90,120,128,132],"lightweight,":[62],"GPU-free":[63],"(CPU-only),":[64],"closed-loop":[65],"SOC":[66,178],"agent":[67],"human-in-the-loop":[70],"(HITL)":[71],"integrates":[73],"Common":[74],"Vulnerabilities":[75],"Exposures":[77],"(CVE)":[78],"severity":[79],"prediction,":[80],"log":[81],"anomaly":[82],"detection,":[83],"Language":[85],"Model":[86],"(LLM)-assisted":[87],"semantics":[88],"into":[89],"cost-sensitive":[91],"framework.":[93],"ingests":[95],"multimodal":[96],"inputs,":[97],"including":[98],"vulnerability":[99],"feeds,":[100],"runtime":[101],"logs,":[102],"analyst":[104],"annotations,":[105],"dynamically":[107],"adjusts":[108],"responses":[109],"(ALLOW,":[110],"MONITOR,":[111],"or":[112],"BLOCK)":[113],"through":[114],"online":[115],"policy":[116],"adaptation.":[117],"Evaluation":[118],"synthetic":[121],"dataset":[122],"of":[123,130,134,139,144,169],"10,000":[124],"Apache-style":[125],"logs":[126],"achieved":[127],"precision":[129],"0.991,":[131],"recall":[133],"0.983,":[135],"an":[137],"F1-score":[138],"0.987,":[140],"detecting":[141],"100":[142],"percent":[143],"critical":[145],"threats":[146],"while":[147],"keeping":[148],"positives":[150],"below":[151],"0.5":[152],"percent.":[153],"Designed":[154],"scalability":[156],"transparency,":[158],"ALERT\u2019s":[159],"modular":[160],"architecture":[161],"generalizes":[162],"Cyber-Physical":[164],"Systems":[165],"(CPS)":[166],"Internet":[168],"Things":[170],"(IoT)":[171],"telemetry,":[172],"supporting":[173],"practical,":[174],"adaptive,":[175],"explainable":[177],"automation.":[179]},"counts_by_year":[],"updated_date":"2026-03-29T06:01:01.467347","created_date":"2026-03-28T00:00:00"}