{"id":"https://openalex.org/W2944277663","doi":"https://doi.org/10.1109/vizsec.2018.8709231","title":"Building a Machine Learning Model for the SOC, by the Input from the SOC, and Analyzing it for the SOC","display_name":"Building a Machine Learning Model for the SOC, by the Input from the SOC, and Analyzing it for the SOC","publication_year":2018,"publication_date":"2018-10-01","ids":{"openalex":"https://openalex.org/W2944277663","doi":"https://doi.org/10.1109/vizsec.2018.8709231","mag":"2944277663"},"language":"en","primary_location":{"id":"doi:10.1109/vizsec.2018.8709231","is_oa":false,"landing_page_url":"https://doi.org/10.1109/vizsec.2018.8709231","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2018 IEEE Symposium on Visualization for Cyber Security (VizSec)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5104050325","display_name":"Awalin Sopan","orcid":null},"institutions":[{"id":"https://openalex.org/I4210128452","display_name":"FireEye (United States)","ror":"https://ror.org/03dnqre85","country_code":"US","type":"company","lineage":["https://openalex.org/I4210128452"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Awalin Sopan","raw_affiliation_strings":["FireEye, Inc"],"affiliations":[{"raw_affiliation_string":"FireEye, Inc","institution_ids":["https://openalex.org/I4210128452"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5084700831","display_name":"Matthew Berninger","orcid":null},"institutions":[{"id":"https://openalex.org/I4210128452","display_name":"FireEye (United States)","ror":"https://ror.org/03dnqre85","country_code":"US","type":"company","lineage":["https://openalex.org/I4210128452"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Matthew Berninger","raw_affiliation_strings":["FireEye, Inc"],"affiliations":[{"raw_affiliation_string":"FireEye, Inc","institution_ids":["https://openalex.org/I4210128452"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5057767590","display_name":"Murali Mulakaluri","orcid":null},"institutions":[{"id":"https://openalex.org/I4210128452","display_name":"FireEye (United States)","ror":"https://ror.org/03dnqre85","country_code":"US","type":"company","lineage":["https://openalex.org/I4210128452"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Murali Mulakaluri","raw_affiliation_strings":["FireEye, Inc"],"affiliations":[{"raw_affiliation_string":"FireEye, Inc","institution_ids":["https://openalex.org/I4210128452"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5030022032","display_name":"Raj Katakam","orcid":null},"institutions":[{"id":"https://openalex.org/I4210128452","display_name":"FireEye (United States)","ror":"https://ror.org/03dnqre85","country_code":"US","type":"company","lineage":["https://openalex.org/I4210128452"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Raj Katakam","raw_affiliation_strings":["FireEye, Inc"],"affiliations":[{"raw_affiliation_string":"FireEye, Inc","institution_ids":["https://openalex.org/I4210128452"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5104050325"],"corresponding_institution_ids":["https://openalex.org/I4210128452"],"apc_list":null,"apc_paid":null,"fwci":1.4763,"has_fulltext":false,"cited_by_count":22,"citation_normalized_percentile":{"value":0.84994527,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":94,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"8"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9983999729156494,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8142343163490295},{"id":"https://openalex.org/keywords/workflow","display_name":"Workflow","score":0.6320084929466248},{"id":"https://openalex.org/keywords/dashboard","display_name":"Dashboard","score":0.6198378205299377},{"id":"https://openalex.org/keywords/workload","display_name":"Workload","score":0.6003780364990234},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.5192118287086487},{"id":"https://openalex.org/keywords/visualization","display_name":"Visualization","score":0.4812771677970886},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.4749757647514343},{"id":"https://openalex.org/keywords/analytics","display_name":"Analytics","score":0.44532763957977295},{"id":"https://openalex.org/keywords/visual-analytics","display_name":"Visual analytics","score":0.4451097548007965},{"id":"https://openalex.org/keywords/decision-support-system","display_name":"Decision support system","score":0.43447232246398926},{"id":"https://openalex.org/keywords/granularity","display_name":"Granularity","score":0.42824530601501465},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.4169897735118866},{"id":"https://openalex.org/keywords/data-science","display_name":"Data science","score":0.3614121079444885},{"id":"https://openalex.org/keywords/database","display_name":"Database","score":0.18502777814865112}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8142343163490295},{"id":"https://openalex.org/C177212765","wikidata":"https://www.wikidata.org/wiki/Q627335","display_name":"Workflow","level":2,"score":0.6320084929466248},{"id":"https://openalex.org/C33499554","wikidata":"https://www.wikidata.org/wiki/Q1417134","display_name":"Dashboard","level":2,"score":0.6198378205299377},{"id":"https://openalex.org/C2778476105","wikidata":"https://www.wikidata.org/wiki/Q628539","display_name":"Workload","level":2,"score":0.6003780364990234},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.5192118287086487},{"id":"https://openalex.org/C36464697","wikidata":"https://www.wikidata.org/wiki/Q451553","display_name":"Visualization","level":2,"score":0.4812771677970886},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.4749757647514343},{"id":"https://openalex.org/C79158427","wikidata":"https://www.wikidata.org/wiki/Q485396","display_name":"Analytics","level":2,"score":0.44532763957977295},{"id":"https://openalex.org/C59732488","wikidata":"https://www.wikidata.org/wiki/Q2528440","display_name":"Visual analytics","level":3,"score":0.4451097548007965},{"id":"https://openalex.org/C107327155","wikidata":"https://www.wikidata.org/wiki/Q330268","display_name":"Decision support system","level":2,"score":0.43447232246398926},{"id":"https://openalex.org/C177774035","wikidata":"https://www.wikidata.org/wiki/Q1246948","display_name":"Granularity","level":2,"score":0.42824530601501465},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.4169897735118866},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.3614121079444885},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.18502777814865112},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/vizsec.2018.8709231","is_oa":false,"landing_page_url":"https://doi.org/10.1109/vizsec.2018.8709231","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2018 IEEE Symposium on Visualization for Cyber Security (VizSec)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.7699999809265137,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":16,"referenced_works":["https://openalex.org/W4081608","https://openalex.org/W2158698691","https://openalex.org/W2169178923","https://openalex.org/W2169820470","https://openalex.org/W2282821441","https://openalex.org/W2342408547","https://openalex.org/W2394669110","https://openalex.org/W2510750606","https://openalex.org/W2550670348","https://openalex.org/W2753713840","https://openalex.org/W2764327709","https://openalex.org/W2962700793","https://openalex.org/W2963795072","https://openalex.org/W2978195003","https://openalex.org/W2981278614","https://openalex.org/W6684773713"],"related_works":["https://openalex.org/W2931688134","https://openalex.org/W2377919138","https://openalex.org/W2378857091","https://openalex.org/W4286750062","https://openalex.org/W2901307568","https://openalex.org/W2973053048","https://openalex.org/W2062940763","https://openalex.org/W2186032312","https://openalex.org/W2937343495","https://openalex.org/W4360833258"],"abstract_inverted_index":{"This":[0,54],"work":[1],"demonstrates":[2],"an":[3,88],"ongoing":[4],"effort":[5,66],"to":[6,26,61,67,94,116,121,131,153],"employ":[7],"and":[8,65,90,119,127,135,159,185],"explain":[9],"machine":[10,42,165],"learning":[11,43,166],"model":[12,44,114,126,134,138,167,171,180],"predictions":[13],"for":[14,37,87],"classifying":[15],"alerts":[16,39,156],"in":[17,45,181],"Security":[18],"Operations":[19],"Centers":[20],"(SOC).":[21],"Our":[22,170],"ultimate":[23],"goal":[24],"is":[25],"reduce":[27],"analyst":[28],"workload":[29],"by":[30],"automating":[31],"the":[32,41,52,85,91,112,117,125,133,137,140,179,190],"process":[33],"of":[34,72,101,108],"decision":[35,176],"making":[36],"investigating":[38,102],"using":[40],"cases":[46,71],"where":[47],"we":[48,79],"can":[49],"completely":[50],"trust":[51,132],"model.":[53,191],"way,":[55],"SOC":[56],"analysts":[57,96,149],"will":[58,150],"be":[59,151],"able":[60,152],"focus":[62],"their":[63,98],"time":[64],"investigate":[68],"more":[69,157,187],"complex":[70],"security":[73,95,104,148],"alerts.":[74,105],"To":[75],"achieve":[76],"this":[77],"goal,":[78],"developed":[80],"a":[81,164],"system":[82,110],"that":[83],"shows":[84],"prediction":[86,92,145],"alert":[89],"explanation":[93,146],"during":[97],"daily":[99],"workflow":[100],"individual":[103],"Another":[106],"part":[107],"our":[109,144],"presents":[111],"aggregated":[113],"analytics":[115],"managers":[118],"stakeholders":[120],"help":[122],"them":[123],"understand":[124],"decide,":[128],"on":[129],"when":[130],"let":[136],"make":[139],"final":[141],"decision.":[142],"Using":[143],"visualization,":[147],"classify":[154],"oncoming":[155],"efficiently":[158],"gain":[160,186],"insight":[161],"into":[162],"how":[163],"generates":[168],"predictions.":[169],"performance":[172],"analysis":[173],"dashboard":[174],"helps":[175],"makers":[177],"analyze":[178],"signature":[182],"level":[183],"granularity":[184],"insights":[188],"about":[189]},"counts_by_year":[{"year":2025,"cited_by_count":4},{"year":2024,"cited_by_count":4},{"year":2023,"cited_by_count":4},{"year":2022,"cited_by_count":2},{"year":2021,"cited_by_count":3},{"year":2020,"cited_by_count":5}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}