{"id":"https://openalex.org/W3010933375","doi":"https://doi.org/10.1109/milcom47813.2019.9020860","title":"Analyzing Root Causes of Intrusion Detection False-Negatives: Methodology and Case Study","display_name":"Analyzing Root Causes of Intrusion Detection False-Negatives: Methodology and Case Study","publication_year":2019,"publication_date":"2019-11-01","ids":{"openalex":"https://openalex.org/W3010933375","doi":"https://doi.org/10.1109/milcom47813.2019.9020860","mag":"3010933375"},"language":"en","primary_location":{"id":"doi:10.1109/milcom47813.2019.9020860","is_oa":false,"landing_page_url":"https://doi.org/10.1109/milcom47813.2019.9020860","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"MILCOM 2019 - 2019 IEEE Military Communications Conference (MILCOM)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5039550928","display_name":"Eric Ficke","orcid":"https://orcid.org/0000-0002-3762-6475"},"institutions":[{"id":"https://openalex.org/I45438204","display_name":"The University of Texas at San Antonio","ror":"https://ror.org/01kd65564","country_code":"US","type":"education","lineage":["https://openalex.org/I45438204"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Eric Ficke","raw_affiliation_strings":["Department of Computer Science, University of Texas at San Antonio"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, University of Texas at San Antonio","institution_ids":["https://openalex.org/I45438204"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5018311064","display_name":"Kristin M. Schweitzer","orcid":"https://orcid.org/0000-0002-6767-4080"},"institutions":[{"id":"https://openalex.org/I166416128","display_name":"DEVCOM Army Research Laboratory","ror":"https://ror.org/011hc8f90","country_code":"US","type":"government","lineage":["https://openalex.org/I1304082316","https://openalex.org/I1330347796","https://openalex.org/I166416128","https://openalex.org/I2802705668","https://openalex.org/I4210154437"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Kristin M. Schweitzer","raw_affiliation_strings":["U.S. Army Research Laboratory South-Cyber"],"affiliations":[{"raw_affiliation_string":"U.S. Army Research Laboratory South-Cyber","institution_ids":["https://openalex.org/I166416128"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5043706691","display_name":"Raymond M. Bateman","orcid":"https://orcid.org/0000-0002-2949-5145"},"institutions":[{"id":"https://openalex.org/I166416128","display_name":"DEVCOM Army Research Laboratory","ror":"https://ror.org/011hc8f90","country_code":"US","type":"government","lineage":["https://openalex.org/I1304082316","https://openalex.org/I1330347796","https://openalex.org/I166416128","https://openalex.org/I2802705668","https://openalex.org/I4210154437"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Raymond M. Bateman","raw_affiliation_strings":["U.S. Army Research Laboratory South-Cyber"],"affiliations":[{"raw_affiliation_string":"U.S. Army Research Laboratory South-Cyber","institution_ids":["https://openalex.org/I166416128"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5019179799","display_name":"Shouhuai Xu","orcid":"https://orcid.org/0000-0001-8034-0942"},"institutions":[{"id":"https://openalex.org/I45438204","display_name":"The University of Texas at San Antonio","ror":"https://ror.org/01kd65564","country_code":"US","type":"education","lineage":["https://openalex.org/I45438204"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Shouhuai Xu","raw_affiliation_strings":["Department of Computer Science, University of Texas at San Antonio"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, University of Texas at San Antonio","institution_ids":["https://openalex.org/I45438204"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5039550928"],"corresponding_institution_ids":["https://openalex.org/I45438204"],"apc_list":null,"apc_paid":null,"fwci":0.8842,"has_fulltext":false,"cited_by_count":9,"citation_normalized_percentile":{"value":0.78028559,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":97},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"6"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9973999857902527,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.710665762424469},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6794402599334717},{"id":"https://openalex.org/keywords/root","display_name":"Root (linguistics)","score":0.5674710869789124},{"id":"https://openalex.org/keywords/root-cause-analysis","display_name":"Root cause analysis","score":0.43732383847236633},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.40444496273994446},{"id":"https://openalex.org/keywords/reliability-engineering","display_name":"Reliability engineering","score":0.13210594654083252},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.1053711473941803}],"concepts":[{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.710665762424469},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6794402599334717},{"id":"https://openalex.org/C171078966","wikidata":"https://www.wikidata.org/wiki/Q111029","display_name":"Root (linguistics)","level":2,"score":0.5674710869789124},{"id":"https://openalex.org/C130963320","wikidata":"https://www.wikidata.org/wiki/Q1401207","display_name":"Root cause analysis","level":2,"score":0.43732383847236633},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.40444496273994446},{"id":"https://openalex.org/C200601418","wikidata":"https://www.wikidata.org/wiki/Q2193887","display_name":"Reliability engineering","level":1,"score":0.13210594654083252},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.1053711473941803},{"id":"https://openalex.org/C41895202","wikidata":"https://www.wikidata.org/wiki/Q8162","display_name":"Linguistics","level":1,"score":0.0},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/milcom47813.2019.9020860","is_oa":false,"landing_page_url":"https://doi.org/10.1109/milcom47813.2019.9020860","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"MILCOM 2019 - 2019 IEEE Military Communications Conference (MILCOM)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16","score":0.6899999976158142}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":23,"referenced_works":["https://openalex.org/W1985987493","https://openalex.org/W2012649175","https://openalex.org/W2030101848","https://openalex.org/W2031163547","https://openalex.org/W2040564948","https://openalex.org/W2073967765","https://openalex.org/W2081290035","https://openalex.org/W2104692292","https://openalex.org/W2160841769","https://openalex.org/W2170186274","https://openalex.org/W2260798440","https://openalex.org/W2296181180","https://openalex.org/W2564147261","https://openalex.org/W2583132862","https://openalex.org/W2807656656","https://openalex.org/W2908154599","https://openalex.org/W2914051825","https://openalex.org/W2941527469","https://openalex.org/W2946688610","https://openalex.org/W2950204666","https://openalex.org/W2963615142","https://openalex.org/W4282975758","https://openalex.org/W6763631378"],"related_works":["https://openalex.org/W2030594396","https://openalex.org/W4255366506","https://openalex.org/W3015720271","https://openalex.org/W2373866020","https://openalex.org/W2366221835","https://openalex.org/W2161830378","https://openalex.org/W2090638693","https://openalex.org/W1543729366","https://openalex.org/W2011227688","https://openalex.org/W4309130551"],"abstract_inverted_index":{"Intrusion":[0],"Detection":[1],"Systems":[2],"(IDSs)":[3],"are":[4],"a":[5,38,62,74,81],"necessary":[6],"cyber":[7,85],"defense":[8],"mechanism.":[9],"Unfortunately,":[10],"their":[11,31],"capability":[12],"has":[13],"fallen":[14],"behind":[15],"that":[16,51],"of":[17,26,30,45,56,69,84],"attackers.":[18],"This":[19],"motivates":[20],"us":[21,91],"to":[22,92],"improve":[23],"our":[24],"understanding":[25],"the":[27,42,54,66],"root":[28,67],"causes":[29,68],"false-negatives.":[32],"In":[33],"this":[34],"paper":[35],"we":[36,60],"make":[37],"first":[39],"step":[40],"towards":[41],"ultimate":[43],"goal":[44],"drawing":[46],"useful":[47,94],"insights":[48],"and":[49,72,80],"principles":[50],"can":[52],"guide":[53],"design":[55],"next-generation":[57],"IDSs.":[58],"Specifically,":[59],"propose":[61],"methodology":[63],"for":[64],"analyzing":[65],"IDS":[70],"false-negatives":[71],"conduct":[73],"case":[75,88],"study":[76,89],"based":[77],"on":[78],"Snort":[79],"real-world":[82],"dataset":[83],"attacks.":[86],"The":[87],"allows":[90],"draw":[93],"insights.":[95]},"counts_by_year":[{"year":2025,"cited_by_count":3},{"year":2024,"cited_by_count":1},{"year":2022,"cited_by_count":1},{"year":2021,"cited_by_count":1},{"year":2020,"cited_by_count":3}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}