{"id":"https://openalex.org/W4404316985","doi":"https://doi.org/10.1109/tse.2024.3497588","title":"A Context-Aware Clustering Approach for Assisting Operators in Classifying Security Alerts","display_name":"A Context-Aware Clustering Approach for Assisting Operators in Classifying Security Alerts","publication_year":2024,"publication_date":"2024-11-13","ids":{"openalex":"https://openalex.org/W4404316985","doi":"https://doi.org/10.1109/tse.2024.3497588"},"language":"en","primary_location":{"id":"doi:10.1109/tse.2024.3497588","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tse.2024.3497588","pdf_url":null,"source":{"id":"https://openalex.org/S8351582","display_name":"IEEE Transactions on Software Engineering","issn_l":"0098-5589","issn":["0098-5589","1939-3520","2326-3881"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Software Engineering","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5058045835","display_name":"Yu Liu","orcid":"https://orcid.org/0000-0002-5518-8464"},"institutions":[{"id":"https://openalex.org/I37796252","display_name":"Beijing University of Technology","ror":"https://ror.org/037b1pp87","country_code":"CN","type":"education","lineage":["https://openalex.org/I37796252"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Yu Liu","raw_affiliation_strings":["Faculty of Information Technology, Beijing University of Technology, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Faculty of Information Technology, Beijing University of Technology, Beijing, China","institution_ids":["https://openalex.org/I37796252"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100359041","display_name":"Tong Li","orcid":"https://orcid.org/0000-0002-8881-0037"},"institutions":[{"id":"https://openalex.org/I37796252","display_name":"Beijing University of Technology","ror":"https://ror.org/037b1pp87","country_code":"CN","type":"education","lineage":["https://openalex.org/I37796252"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Tong Li","raw_affiliation_strings":["Faculty of Information Technology, Beijing University of Technology, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Faculty of Information Technology, Beijing University of Technology, Beijing, China","institution_ids":["https://openalex.org/I37796252"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5003367512","display_name":"Runzi Zhang","orcid":"https://orcid.org/0000-0003-2929-2484"},"institutions":[{"id":"https://openalex.org/I110630785","display_name":"NSK (United States)","ror":"https://ror.org/027qba521","country_code":"US","type":"company","lineage":["https://openalex.org/I110630785","https://openalex.org/I4210157453"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Runzi Zhang","raw_affiliation_strings":["NSFOCUS Technologies Group Company Ltd., Beijing, China"],"affiliations":[{"raw_affiliation_string":"NSFOCUS Technologies Group Company Ltd., Beijing, China","institution_ids":["https://openalex.org/I110630785"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5036517619","display_name":"Zhao Jin","orcid":"https://orcid.org/0009-0002-6539-797X"},"institutions":[{"id":"https://openalex.org/I37796252","display_name":"Beijing University of Technology","ror":"https://ror.org/037b1pp87","country_code":"CN","type":"education","lineage":["https://openalex.org/I37796252"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Zhao Jin","raw_affiliation_strings":["Faculty of Information Technology, Beijing University of Technology, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Faculty of Information Technology, Beijing University of Technology, Beijing, China","institution_ids":["https://openalex.org/I37796252"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5057457451","display_name":"Mingkai Tong","orcid":"https://orcid.org/0009-0000-7477-2925"},"institutions":[{"id":"https://openalex.org/I110630785","display_name":"NSK (United States)","ror":"https://ror.org/027qba521","country_code":"US","type":"company","lineage":["https://openalex.org/I110630785","https://openalex.org/I4210157453"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Mingkai Tong","raw_affiliation_strings":["NSFOCUS Technologies Group Company Ltd., Beijing, China"],"affiliations":[{"raw_affiliation_string":"NSFOCUS Technologies Group Company Ltd., Beijing, China","institution_ids":["https://openalex.org/I110630785"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5115883252","display_name":"Wenmao Liu","orcid":"https://orcid.org/0009-0000-2046-5305"},"institutions":[{"id":"https://openalex.org/I110630785","display_name":"NSK (United States)","ror":"https://ror.org/027qba521","country_code":"US","type":"company","lineage":["https://openalex.org/I110630785","https://openalex.org/I4210157453"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Wenmao Liu","raw_affiliation_strings":["NSFOCUS Technologies Group Company Ltd., Beijing, China"],"affiliations":[{"raw_affiliation_string":"NSFOCUS Technologies Group Company Ltd., Beijing, China","institution_ids":["https://openalex.org/I110630785"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5009726984","display_name":"Yiting Wang","orcid":"https://orcid.org/0000-0001-9536-7339"},"institutions":[{"id":"https://openalex.org/I37796252","display_name":"Beijing University of Technology","ror":"https://ror.org/037b1pp87","country_code":"CN","type":"education","lineage":["https://openalex.org/I37796252"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yiting Wang","raw_affiliation_strings":["Faculty of Information Technology, Beijing University of Technology, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Faculty of Information Technology, Beijing University of Technology, Beijing, China","institution_ids":["https://openalex.org/I37796252"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5115602239","display_name":"Zhen Yang","orcid":"https://orcid.org/0000-0002-6058-0217"},"institutions":[{"id":"https://openalex.org/I37796252","display_name":"Beijing University of Technology","ror":"https://ror.org/037b1pp87","country_code":"CN","type":"education","lineage":["https://openalex.org/I37796252"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Zhen Yang","raw_affiliation_strings":["Faculty of Information Technology, Beijing University of Technology, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Faculty of Information Technology, Beijing University of Technology, Beijing, China","institution_ids":["https://openalex.org/I37796252"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":8,"corresponding_author_ids":["https://openalex.org/A5058045835"],"corresponding_institution_ids":["https://openalex.org/I37796252"],"apc_list":null,"apc_paid":null,"fwci":1.0404,"has_fulltext":false,"cited_by_count":3,"citation_normalized_percentile":{"value":0.79376473,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":99},"biblio":{"volume":"51","issue":"1","first_page":"153","last_page":"171"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12761","display_name":"Data Stream Mining Techniques","score":0.9980999827384949,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8964184522628784},{"id":"https://openalex.org/keywords/cluster-analysis","display_name":"Cluster analysis","score":0.7225323915481567},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.6170687675476074},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.4347858726978302},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.3929659128189087},{"id":"https://openalex.org/keywords/data-science","display_name":"Data science","score":0.3646105229854584},{"id":"https://openalex.org/keywords/information-retrieval","display_name":"Information retrieval","score":0.3284919857978821},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.21318036317825317}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8964184522628784},{"id":"https://openalex.org/C73555534","wikidata":"https://www.wikidata.org/wiki/Q622825","display_name":"Cluster analysis","level":2,"score":0.7225323915481567},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.6170687675476074},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.4347858726978302},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.3929659128189087},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.3646105229854584},{"id":"https://openalex.org/C23123220","wikidata":"https://www.wikidata.org/wiki/Q816826","display_name":"Information retrieval","level":1,"score":0.3284919857978821},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.21318036317825317},{"id":"https://openalex.org/C151730666","wikidata":"https://www.wikidata.org/wiki/Q7205","display_name":"Paleontology","level":1,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tse.2024.3497588","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tse.2024.3497588","pdf_url":null,"source":{"id":"https://openalex.org/S8351582","display_name":"IEEE Transactions on Software Engineering","issn_l":"0098-5589","issn":["0098-5589","1939-3520","2326-3881"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Software Engineering","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G2428307698","display_name":null,"funder_award_id":"2022YFB3103100","funder_id":"https://openalex.org/F4320335777","funder_display_name":"National Key Research and Development Program of China"},{"id":"https://openalex.org/G446943515","display_name":null,"funder_award_id":"Z211100002121150","funder_id":"https://openalex.org/F4320334978","funder_display_name":"Beijing Nova Program"},{"id":"https://openalex.org/G5520585865","display_name":null,"funder_award_id":"KM202110005025","funder_id":"https://openalex.org/F4320321572","funder_display_name":"Beijing Municipal Commission of Education"},{"id":"https://openalex.org/G7948515016","display_name":null,"funder_award_id":"92167102","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G8297500790","display_name":null,"funder_award_id":"Z200002","funder_id":"https://openalex.org/F4320334977","funder_display_name":"Beijing Municipal Natural Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"},{"id":"https://openalex.org/F4320321572","display_name":"Beijing Municipal Commission of Education","ror":"https://ror.org/04bpn6s66"},{"id":"https://openalex.org/F4320334977","display_name":"Beijing Municipal Natural Science Foundation","ror":null},{"id":"https://openalex.org/F4320334978","display_name":"Beijing Nova Program","ror":"https://ror.org/034k14f91"},{"id":"https://openalex.org/F4320335777","display_name":"National Key Research and Development Program of China","ror":null}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":39,"referenced_works":["https://openalex.org/W103340358","https://openalex.org/W1614298861","https://openalex.org/W1888005072","https://openalex.org/W1999228492","https://openalex.org/W2075010670","https://openalex.org/W2080668808","https://openalex.org/W2086707647","https://openalex.org/W2154851992","https://openalex.org/W2160642098","https://openalex.org/W2187089797","https://openalex.org/W2743104969","https://openalex.org/W2767094836","https://openalex.org/W2891432086","https://openalex.org/W2947745012","https://openalex.org/W2962756421","https://openalex.org/W2966492225","https://openalex.org/W2986291326","https://openalex.org/W2998714163","https://openalex.org/W2999178765","https://openalex.org/W3034708216","https://openalex.org/W3047059392","https://openalex.org/W3047409962","https://openalex.org/W3104097132","https://openalex.org/W3197929891","https://openalex.org/W3211484264","https://openalex.org/W4214699222","https://openalex.org/W4232606520","https://openalex.org/W4284670033","https://openalex.org/W4291213652","https://openalex.org/W4294170691","https://openalex.org/W4294658714","https://openalex.org/W4391486513","https://openalex.org/W6602066945","https://openalex.org/W6636510571","https://openalex.org/W6637131181","https://openalex.org/W6680970901","https://openalex.org/W6763172785","https://openalex.org/W7000447106","https://openalex.org/W7010241782"],"related_works":["https://openalex.org/W4298130764","https://openalex.org/W2804364458","https://openalex.org/W2132641928","https://openalex.org/W4310225030","https://openalex.org/W2090259340","https://openalex.org/W1926736923","https://openalex.org/W2158836806","https://openalex.org/W2393816671","https://openalex.org/W2083665254","https://openalex.org/W2942177010"],"abstract_inverted_index":{"Modern":[0],"software":[1,6],"has":[2],"evolved":[3],"from":[4,288],"delivering":[5],"products":[7],"to":[8,15,37,43,58,66,76,91,120,139,162,169,205,245],"web":[9],"services":[10],"and":[11,40,194,240,296],"applications,":[12],"which":[13,35,110,147],"need":[14,204],"be":[16,38],"protected":[17],"by":[18,262],"security":[19,28,143,174,179,201],"operation":[20],"centers":[21],"(SOC)":[22],"against":[23],"ubiquitous":[24],"cyber":[25],"attacks.":[26],"Numerous":[27],"alerts":[29,63,117,180,212],"are":[30],"continuously":[31],"generated":[32],"every":[33],"day,":[34],"have":[36,55],"efficiently":[39],"correctly":[41],"processed":[42],"identify":[44,122],"potential":[45],"threats.":[46],"Many":[47],"AIOps":[48],"(artificial":[49],"intelligence":[50],"for":[51,105],"IT":[52],"operations)":[53],"approaches":[54],"been":[56],"proposed":[57],"(semi-)automate":[59],"the":[60,77,113,127,171,187,190,195,222,229,243,258,272,278],"inspection":[61],"of":[62,83,129,160,173,192,197,211,224,231,260,274,282],"so":[64],"as":[65,70,72],"reduce":[67,257],"manual":[68,84],"effort":[69],"much":[71],"possible.":[73],"However,":[74],"due":[75],"ever-complicating":[78],"attacks,":[79],"a":[80,101,135,158,208,246],"significant":[81],"amount":[82],"work":[85],"is":[86,293],"still":[87],"required":[88],"in":[89,118,298],"practice":[90],"ensure":[92],"correct":[93],"analysis":[94],"results.":[95],"In":[96,267],"this":[97],"paper,":[98],"we":[99,132,148,155,234,269],"propose":[100],"Context-Aware":[102],"cLustering":[103],"approach":[104,244,255],"cLassifying":[106],"sEcurity":[107],"alErts":[108],"(CALLEE),":[109],"fully":[111],"exploits":[112],"rich":[114],"relationships":[115],"among":[116,142],"order":[119],"precisely":[121],"similar":[123],"alerts,":[124,144],"significantly":[125],"reducing":[126,217],"workload":[128,219,259],"SOC.":[130],"Specifically,":[131],"first":[133],"design":[134,157],"core":[136],"conceptual":[137],"model":[138],"capture":[140],"connections":[141],"based":[145,181],"on":[146,182],"establish":[149],"corresponding":[150],"heterogeneous":[151],"information":[152],"networks.":[153],"Next,":[154],"systematically":[156],"set":[159],"meta-paths":[161],"profile":[163],"typical":[164],"alert":[165,225,248],"scenarios":[166],"precisely,":[167],"contributing":[168],"obtaining":[170],"representation":[172],"alerts.":[175],"We":[176],"then":[177],"cluster":[178],"their":[183,218],"contextual":[184],"similarities,":[185],"considering":[186],"tradeoff":[188],"between":[189],"number":[191,210],"clusters":[193],"homogeneity":[196],"each":[198,214],"cluster.":[199],"Finally,":[200],"operators":[202],"only":[203],"manually":[206],"inspect":[207],"limited":[209],"within":[213],"cluster,":[215],"pragmatically":[216,241,294],"while":[220],"ensuring":[221],"accuracy":[223],"classification.":[226],"To":[227],"evaluate":[228],"effectiveness":[230],"our":[232,237,254,275,283],"approach,":[233],"collaborate":[235],"with":[236,277],"industrial":[238,284,299],"partner":[239],"apply":[242],"real":[247,279],"dataset.":[249],"The":[250,286],"results":[251],"show":[252],"that":[253,291],"can":[256],"SOC":[261],"99.76%,":[263],"outperforming":[264],"baseline":[265],"approaches.":[266],"addition,":[268],"further":[270],"investigate":[271],"integration":[273],"proposal":[276],"business":[280],"scenario":[281],"partner.":[285],"feedback":[287],"practitioners":[289],"shows":[290],"CALLEE":[292],"applicable":[295],"helpful":[297],"settings.":[300]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":1}],"updated_date":"2026-04-02T15:55:50.835912","created_date":"2025-10-10T00:00:00"}