{"id":"https://openalex.org/W2550670348","doi":"https://doi.org/10.1109/vizsec.2016.7739579","title":"Understanding the context of network traffic alerts","display_name":"Understanding the context of network traffic alerts","publication_year":2016,"publication_date":"2016-10-01","ids":{"openalex":"https://openalex.org/W2550670348","doi":"https://doi.org/10.1109/vizsec.2016.7739579","mag":"2550670348"},"language":"en","primary_location":{"id":"doi:10.1109/vizsec.2016.7739579","is_oa":false,"landing_page_url":"https://doi.org/10.1109/vizsec.2016.7739579","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2016 IEEE Symposium on Visualization for Cyber Security (VizSec)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5013797659","display_name":"Bram C.M. Cappers","orcid":"https://orcid.org/0009-0003-4568-5568"},"institutions":[{"id":"https://openalex.org/I83019370","display_name":"Eindhoven University of Technology","ror":"https://ror.org/02c2kyt77","country_code":"NL","type":"education","lineage":["https://openalex.org/I83019370"]}],"countries":["NL"],"is_corresponding":true,"raw_author_name":"Bram C. M. Cappers","raw_affiliation_strings":["Department of Mathematics and Computer Science, Eindhoven University of Technology, The Netherlands"],"affiliations":[{"raw_affiliation_string":"Department of Mathematics and Computer Science, Eindhoven University of Technology, The Netherlands","institution_ids":["https://openalex.org/I83019370"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5051025031","display_name":"Jarke J. van Wijk","orcid":"https://orcid.org/0000-0002-5128-976X"},"institutions":[{"id":"https://openalex.org/I83019370","display_name":"Eindhoven University of Technology","ror":"https://ror.org/02c2kyt77","country_code":"NL","type":"education","lineage":["https://openalex.org/I83019370"]}],"countries":["NL"],"is_corresponding":false,"raw_author_name":"Jarke J. van Wijk","raw_affiliation_strings":["Department of Mathematics and Computer Science, Eindhoven University of Technology, The Netherlands"],"affiliations":[{"raw_affiliation_string":"Department of Mathematics and Computer Science, Eindhoven University of Technology, The Netherlands","institution_ids":["https://openalex.org/I83019370"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5013797659"],"corresponding_institution_ids":["https://openalex.org/I83019370"],"apc_list":null,"apc_paid":null,"fwci":2.1963,"has_fulltext":false,"cited_by_count":24,"citation_normalized_percentile":{"value":0.92091252,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"8"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10799","display_name":"Data Visualization and Analytics","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1707","display_name":"Computer Vision and Pattern Recognition"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10799","display_name":"Data Visualization and Analytics","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1707","display_name":"Computer Vision and Pattern Recognition"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11439","display_name":"Video Analysis and Summarization","score":0.9955000281333923,"subfield":{"id":"https://openalex.org/subfields/1707","display_name":"Computer Vision and Pattern Recognition"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8230630159378052},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.6628352403640747},{"id":"https://openalex.org/keywords/visual-analytics","display_name":"Visual analytics","score":0.6068591475486755},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.5853396058082581},{"id":"https://openalex.org/keywords/visualization","display_name":"Visualization","score":0.5794798731803894},{"id":"https://openalex.org/keywords/deep-packet-inspection","display_name":"Deep packet inspection","score":0.5553836822509766},{"id":"https://openalex.org/keywords/network-forensics","display_name":"Network forensics","score":0.5242710113525391},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.5111396908760071},{"id":"https://openalex.org/keywords/network-packet","display_name":"Network packet","score":0.46586039662361145},{"id":"https://openalex.org/keywords/botnet","display_name":"Botnet","score":0.4598051607608795},{"id":"https://openalex.org/keywords/attack-patterns","display_name":"Attack patterns","score":0.4473603367805481},{"id":"https://openalex.org/keywords/analytics","display_name":"Analytics","score":0.44035574793815613},{"id":"https://openalex.org/keywords/domain","display_name":"Domain (mathematical analysis)","score":0.4173489212989807},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.3934200704097748},{"id":"https://openalex.org/keywords/data-science","display_name":"Data science","score":0.34405356645584106},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.3186035752296448},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.20909377932548523},{"id":"https://openalex.org/keywords/digital-forensics","display_name":"Digital forensics","score":0.2002856731414795},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.17851042747497559}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8230630159378052},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.6628352403640747},{"id":"https://openalex.org/C59732488","wikidata":"https://www.wikidata.org/wiki/Q2528440","display_name":"Visual analytics","level":3,"score":0.6068591475486755},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.5853396058082581},{"id":"https://openalex.org/C36464697","wikidata":"https://www.wikidata.org/wiki/Q451553","display_name":"Visualization","level":2,"score":0.5794798731803894},{"id":"https://openalex.org/C204679922","wikidata":"https://www.wikidata.org/wiki/Q734252","display_name":"Deep packet inspection","level":3,"score":0.5553836822509766},{"id":"https://openalex.org/C50747538","wikidata":"https://www.wikidata.org/wiki/Q7001032","display_name":"Network forensics","level":3,"score":0.5242710113525391},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.5111396908760071},{"id":"https://openalex.org/C158379750","wikidata":"https://www.wikidata.org/wiki/Q214111","display_name":"Network packet","level":2,"score":0.46586039662361145},{"id":"https://openalex.org/C22735295","wikidata":"https://www.wikidata.org/wiki/Q317671","display_name":"Botnet","level":3,"score":0.4598051607608795},{"id":"https://openalex.org/C2780741293","wikidata":"https://www.wikidata.org/wiki/Q4818019","display_name":"Attack patterns","level":3,"score":0.4473603367805481},{"id":"https://openalex.org/C79158427","wikidata":"https://www.wikidata.org/wiki/Q485396","display_name":"Analytics","level":2,"score":0.44035574793815613},{"id":"https://openalex.org/C36503486","wikidata":"https://www.wikidata.org/wiki/Q11235244","display_name":"Domain (mathematical analysis)","level":2,"score":0.4173489212989807},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3934200704097748},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.34405356645584106},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.3186035752296448},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.20909377932548523},{"id":"https://openalex.org/C84418412","wikidata":"https://www.wikidata.org/wiki/Q3246940","display_name":"Digital forensics","level":2,"score":0.2002856731414795},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.17851042747497559},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0},{"id":"https://openalex.org/C151730666","wikidata":"https://www.wikidata.org/wiki/Q7205","display_name":"Paleontology","level":1,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C134306372","wikidata":"https://www.wikidata.org/wiki/Q7754","display_name":"Mathematical analysis","level":1,"score":0.0}],"mesh":[],"locations_count":5,"locations":[{"id":"doi:10.1109/vizsec.2016.7739579","is_oa":false,"landing_page_url":"https://doi.org/10.1109/vizsec.2016.7739579","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2016 IEEE Symposium on Visualization for Cyber Security (VizSec)","raw_type":"proceedings-article"},{"id":"pmh:oai:pure.tue.nl:openaire_cris_publications/14d68d79-7672-46e9-a0cb-f3edb2827666","is_oa":false,"landing_page_url":"https://research.tue.nl/en/publications/14d68d79-7672-46e9-a0cb-f3edb2827666","pdf_url":null,"source":{"id":"https://openalex.org/S4406922641","display_name":"TU/e Research Portal","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Cappers, B C M & van Wijk, J J 2016, Understanding the context of network traffic alerts. in D M Best, D Staheli, N Prigent, S Engle & L Harrison (eds), 2016 IEEE Symposium on Visualization for Cyber Security (VizSec), 24 October 2016, Baltimore, Maryland., 5, Institute of Electrical and Electronics Engineers, Piscataway, pp. 1-8. https://doi.org/10.1109/VIZSEC.2016.7739579","raw_type":"info:eu-repo/semantics/publishedVersion"},{"id":"pmh:oai:library.tue.nl:856960","is_oa":false,"landing_page_url":"http://repository.tue.nl/856960","pdf_url":null,"source":{"id":"https://openalex.org/S4406923046","display_name":"TU/e Research Portal (Eindhoven University of Technology)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":""},{"id":"pmh:oai:library.tue.nl:884380","is_oa":false,"landing_page_url":"http://repository.tue.nl/884380","pdf_url":null,"source":{"id":"https://openalex.org/S4406923046","display_name":"TU/e Research Portal (Eindhoven University of Technology)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":""},{"id":"pmh:tue:oai:pure.tue.nl:publications/14d68d79-7672-46e9-a0cb-f3edb2827666","is_oa":false,"landing_page_url":"https://research.tue.nl/nl/publications/14d68d79-7672-46e9-a0cb-f3edb2827666","pdf_url":null,"source":{"id":"https://openalex.org/S4306401843","display_name":"Data Archiving and Networked Services (DANS)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I1322597698","host_organization_name":"Royal Netherlands Academy of Arts and Sciences","host_organization_lineage":["https://openalex.org/I1322597698"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"2016 IEEE Symposium on Visualization for Cyber Security (VizSec), 24 October 2016, Baltimore, Maryland, 1 - 8","raw_type":"info:eu-repo/semantics/conferencepaper"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/9","display_name":"Industry, innovation and infrastructure","score":0.6200000047683716}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":35,"referenced_works":["https://openalex.org/W1494756088","https://openalex.org/W1530215515","https://openalex.org/W1552584884","https://openalex.org/W1596291969","https://openalex.org/W1922573661","https://openalex.org/W1943462367","https://openalex.org/W1966320996","https://openalex.org/W2003852082","https://openalex.org/W2006407062","https://openalex.org/W2011493390","https://openalex.org/W2019669975","https://openalex.org/W2020929023","https://openalex.org/W2024838825","https://openalex.org/W2025864648","https://openalex.org/W2028219489","https://openalex.org/W2048376129","https://openalex.org/W2054515823","https://openalex.org/W2063329049","https://openalex.org/W2105552354","https://openalex.org/W2122653500","https://openalex.org/W2126536832","https://openalex.org/W2132068130","https://openalex.org/W2149706766","https://openalex.org/W2153463096","https://openalex.org/W2158275940","https://openalex.org/W2161265013","https://openalex.org/W2482623328","https://openalex.org/W2494465889","https://openalex.org/W2577848626","https://openalex.org/W2798788768","https://openalex.org/W2914997028","https://openalex.org/W3216240862","https://openalex.org/W4210997624","https://openalex.org/W4236137412","https://openalex.org/W6732245671"],"related_works":["https://openalex.org/W4286718853","https://openalex.org/W2398634398","https://openalex.org/W2082456656","https://openalex.org/W3008603700","https://openalex.org/W4226328070","https://openalex.org/W4242896091","https://openalex.org/W2131880356","https://openalex.org/W2294007831","https://openalex.org/W4231626199","https://openalex.org/W2034965211"],"abstract_inverted_index":{"For":[0],"the":[1,23,30,43,79,95,147,156,163,166],"protection":[2],"of":[3,25,32,45,81,97,110,131,165],"critical":[4],"infrastructures":[5],"against":[6],"complex":[7],"virus":[8],"attacks,":[9],"automated":[10],"network":[11,26,98],"traffic":[12,99],"analysis":[13,109],"and":[14,129,138,150,174],"deep":[15],"packet":[16],"inspection":[17],"are":[18,54,68,115],"unavoidable.":[19],"However,":[20],"even":[21],"with":[22,70],"use":[24],"intrusion":[27,157],"detection":[28,158],"systems,":[29],"number":[31],"alerts":[33,73,153],"is":[34,64],"still":[35],"too":[36],"large":[37,121],"to":[38,117,142,155],"analyze":[39],"manually.":[40],"In":[41,84,104],"addition,":[42],"discovery":[44],"domain-specific":[46],"multi":[47],"stage":[48],"viruses":[49],"(e.g.,":[50],"Advanced":[51],"Persistent":[52],"Threats)":[53],"typically":[55],"not":[56],"captured":[57],"by":[58,168],"a":[59],"single":[60],"alert.":[61],"The":[62],"result":[63],"that":[65],"security":[66],"experts":[67,114,141],"overloaded":[69],"low-level":[71],"technical":[72],"where":[74],"they":[75],"must":[76],"look":[77],"for":[78,94],"presence":[80],"an":[82,89],"APT.":[83],"this":[85],"paper":[86],"we":[87,161],"propose":[88],"alert-oriented":[90],"visual":[91],"analytics":[92],"approach":[93,106,167],"exploration":[96,126],"content":[100],"in":[101,120],"multiple":[102],"contexts.":[103],"our":[105],"CoNTA":[107],"(Contextual":[108],"Network":[111],"Traffic":[112],"Alerts),":[113],"supported":[116],"discover":[118],"threats":[119],"alert":[122,148],"collections":[123],"through":[124],"interactive":[125],"using":[127],"selections":[128],"attributes":[130],"interest.":[132],"Tight":[133],"integration":[134],"between":[135],"machine":[136],"learning":[137],"visualization":[139],"enables":[140],"quickly":[143],"drill":[144],"down":[145],"into":[146],"collection":[149],"report":[151],"false":[152],"back":[154],"system.":[159],"Finally,":[160],"show":[162],"effectiveness":[164],"applying":[169],"it":[170],"on":[171],"real":[172],"world":[173],"artificial":[175],"data":[176],"sets.":[177]},"counts_by_year":[{"year":2024,"cited_by_count":2},{"year":2023,"cited_by_count":2},{"year":2022,"cited_by_count":2},{"year":2021,"cited_by_count":1},{"year":2020,"cited_by_count":4},{"year":2019,"cited_by_count":2},{"year":2018,"cited_by_count":6},{"year":2017,"cited_by_count":5}],"updated_date":"2026-04-04T16:13:02.066488","created_date":"2025-10-10T00:00:00"}