{"id":"https://openalex.org/W2130503087","doi":"https://doi.org/10.1109/inm.2011.5990587","title":"A next generation entropy based framework for alert detection in system logs","display_name":"A next generation entropy based framework for alert detection in system logs","publication_year":2011,"publication_date":"2011-05-01","ids":{"openalex":"https://openalex.org/W2130503087","doi":"https://doi.org/10.1109/inm.2011.5990587","mag":"2130503087"},"language":"en","primary_location":{"id":"doi:10.1109/inm.2011.5990587","is_oa":false,"landing_page_url":"https://doi.org/10.1109/inm.2011.5990587","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"12th IFIP/IEEE International Symposium on Integrated Network Management (IM 2011) and Workshops","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5021322019","display_name":"Adetokunbo Makanju","orcid":null},"institutions":[{"id":"https://openalex.org/I129902397","display_name":"Dalhousie University","ror":"https://ror.org/01e6qks80","country_code":"CA","type":"education","lineage":["https://openalex.org/I129902397"]}],"countries":["CA"],"is_corresponding":true,"raw_author_name":"Adetokunbo Makanju","raw_affiliation_strings":["Faculty of Computer Science, Dalhousie University, Halifax, NS, Canada","Faculty of Computer Science, Dalhousie University, Halifax, Nova Scotia, Canada B3H 1W5"],"affiliations":[{"raw_affiliation_string":"Faculty of Computer Science, Dalhousie University, Halifax, NS, Canada","institution_ids":["https://openalex.org/I129902397"]},{"raw_affiliation_string":"Faculty of Computer Science, Dalhousie University, Halifax, Nova Scotia, Canada B3H 1W5","institution_ids":["https://openalex.org/I129902397"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5008462534","display_name":"A. Nur Zincir\u2010Heywood","orcid":"https://orcid.org/0000-0003-2796-7265"},"institutions":[{"id":"https://openalex.org/I129902397","display_name":"Dalhousie University","ror":"https://ror.org/01e6qks80","country_code":"CA","type":"education","lineage":["https://openalex.org/I129902397"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"A. Nur Zincir-Heywood","raw_affiliation_strings":["Faculty of Computer Science, Dalhousie University, Halifax, NS, Canada","Faculty of Computer Science, Dalhousie University, Halifax, Nova Scotia, Canada B3H 1W5"],"affiliations":[{"raw_affiliation_string":"Faculty of Computer Science, Dalhousie University, Halifax, NS, Canada","institution_ids":["https://openalex.org/I129902397"]},{"raw_affiliation_string":"Faculty of Computer Science, Dalhousie University, Halifax, Nova Scotia, Canada B3H 1W5","institution_ids":["https://openalex.org/I129902397"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5013989913","display_name":"Evangelos Milios","orcid":"https://orcid.org/0000-0001-5549-4675"},"institutions":[{"id":"https://openalex.org/I129902397","display_name":"Dalhousie University","ror":"https://ror.org/01e6qks80","country_code":"CA","type":"education","lineage":["https://openalex.org/I129902397"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Evangelos E. Milios","raw_affiliation_strings":["Faculty of Computer Science, Dalhousie University, Halifax, NS, Canada","Faculty of Computer Science, Dalhousie University, Halifax, Nova Scotia, Canada B3H 1W5"],"affiliations":[{"raw_affiliation_string":"Faculty of Computer Science, Dalhousie University, Halifax, NS, Canada","institution_ids":["https://openalex.org/I129902397"]},{"raw_affiliation_string":"Faculty of Computer Science, Dalhousie University, Halifax, Nova Scotia, Canada B3H 1W5","institution_ids":["https://openalex.org/I129902397"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5021322019"],"corresponding_institution_ids":["https://openalex.org/I129902397"],"apc_list":null,"apc_paid":null,"fwci":0.7002,"has_fulltext":false,"cited_by_count":3,"citation_normalized_percentile":{"value":0.73852579,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":94},"biblio":{"volume":null,"issue":null,"first_page":"626","last_page":"629"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9987000226974487,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9952999949455261,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.7887957096099854},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6749982833862305},{"id":"https://openalex.org/keywords/entropy","display_name":"Entropy (arrow of time)","score":0.6347672939300537},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.6291215419769287},{"id":"https://openalex.org/keywords/false-positive-rate","display_name":"False positive rate","score":0.5146423578262329},{"id":"https://openalex.org/keywords/cluster","display_name":"Cluster (spacecraft)","score":0.41213545203208923},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.2964574992656708}],"concepts":[{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.7887957096099854},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6749982833862305},{"id":"https://openalex.org/C106301342","wikidata":"https://www.wikidata.org/wiki/Q4117933","display_name":"Entropy (arrow of time)","level":2,"score":0.6347672939300537},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.6291215419769287},{"id":"https://openalex.org/C95922358","wikidata":"https://www.wikidata.org/wiki/Q5432725","display_name":"False positive rate","level":2,"score":0.5146423578262329},{"id":"https://openalex.org/C164866538","wikidata":"https://www.wikidata.org/wiki/Q367351","display_name":"Cluster (spacecraft)","level":2,"score":0.41213545203208923},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.2964574992656708},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0},{"id":"https://openalex.org/C62520636","wikidata":"https://www.wikidata.org/wiki/Q944","display_name":"Quantum mechanics","level":1,"score":0.0},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/inm.2011.5990587","is_oa":false,"landing_page_url":"https://doi.org/10.1109/inm.2011.5990587","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"12th IFIP/IEEE International Symposium on Integrated Network Management (IM 2011) and Workshops","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","score":0.4399999976158142,"id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[{"id":"https://openalex.org/F4320338291","display_name":"Sandia National Laboratories","ror":"https://ror.org/01apwpt12"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":24,"referenced_works":["https://openalex.org/W35047313","https://openalex.org/W1539745582","https://openalex.org/W1901980408","https://openalex.org/W1990911977","https://openalex.org/W2009153287","https://openalex.org/W2023364339","https://openalex.org/W2039157918","https://openalex.org/W2098695822","https://openalex.org/W2107263349","https://openalex.org/W2115056012","https://openalex.org/W2118020653","https://openalex.org/W2118887058","https://openalex.org/W2121122863","https://openalex.org/W2130503087","https://openalex.org/W2136159049","https://openalex.org/W2145864256","https://openalex.org/W2160100693","https://openalex.org/W2162832213","https://openalex.org/W2167338201","https://openalex.org/W2965068715","https://openalex.org/W4242430590","https://openalex.org/W4256691599","https://openalex.org/W6656166701","https://openalex.org/W6679375946"],"related_works":["https://openalex.org/W2105642232","https://openalex.org/W3197833032","https://openalex.org/W4386081464","https://openalex.org/W3207332793","https://openalex.org/W2499612753","https://openalex.org/W3113278055","https://openalex.org/W2750709484","https://openalex.org/W4283582846","https://openalex.org/W2062826214","https://openalex.org/W2997814891"],"abstract_inverted_index":{"Recent":[0],"research":[1,26],"efforts":[2],"have":[3],"highlighted":[4],"the":[5,12,29,47,50,61,67,86,104,112],"capability":[6],"of":[7,15,31,52,60,88,114],"entropy":[8,33,93],"based":[9,34,94],"approaches":[10,35],"in":[11,17,41],"automatic":[13],"discovery":[14],"alerts":[16,90],"system":[18],"logs.":[19],"In":[20],"this":[21,25],"work,":[22],"we":[23],"extend":[24,46],"to":[27,65,72],"present":[28],"evaluations":[30],"three":[32],"on":[36],"new":[37],"datasets":[38],"not":[39],"utilized":[40],"previous":[42],"papers.":[43],"We":[44],"also":[45],"approach":[48,62,95],"with":[49],"introduction":[51],"a":[53],"Cluster":[54,105],"Membership":[55,106],"Anomaly":[56,107],"score.":[57],"This":[58],"extension":[59],"is":[63],"intended":[64],"reduce":[66],"false":[68,81,115],"positive":[69,82,116],"rates":[70,83],"required":[71,84],"detect":[73],"all":[74,89],"alerts.":[75],"Previous":[76],"work":[77],"has":[78,109],"shown":[79],"that":[80,103],"for":[85,91,111],"detection":[87],"an":[92],"could":[96],"be":[97],"very":[98],"high.":[99],"The":[100],"results":[101],"show":[102],"score":[108],"value":[110],"reduction":[113],"rates.":[117]},"counts_by_year":[{"year":2017,"cited_by_count":1},{"year":2013,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}