{"id":"https://openalex.org/W4205462435","doi":"https://doi.org/10.1109/bigdata52589.2021.9671956","title":"A Machine Learning Approach to Detection of Critical Alerts from Imbalanced Multi-Appliance Threat Alert Logs","display_name":"A Machine Learning Approach to Detection of Critical Alerts from Imbalanced Multi-Appliance Threat Alert Logs","publication_year":2021,"publication_date":"2021-12-15","ids":{"openalex":"https://openalex.org/W4205462435","doi":"https://doi.org/10.1109/bigdata52589.2021.9671956"},"language":"en","primary_location":{"id":"doi:10.1109/bigdata52589.2021.9671956","is_oa":false,"landing_page_url":"https://doi.org/10.1109/bigdata52589.2021.9671956","pdf_url":null,"source":{"id":"https://openalex.org/S4363607718","display_name":"2021 IEEE International Conference on Big Data (Big Data)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2021 IEEE International Conference on Big Data (Big Data)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5016453346","display_name":"Samuel Ndichu","orcid":null},"institutions":[{"id":"https://openalex.org/I90023481","display_name":"National Institute of Information and Communications Technology","ror":"https://ror.org/016bgq349","country_code":"JP","type":"facility","lineage":["https://openalex.org/I90023481"]}],"countries":["JP"],"is_corresponding":true,"raw_author_name":"Samuel Ndichu","raw_affiliation_strings":["National Institute of Information and Communications Technology, Tokyo, Japan"],"affiliations":[{"raw_affiliation_string":"National Institute of Information and Communications Technology, Tokyo, Japan","institution_ids":["https://openalex.org/I90023481"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5014860606","display_name":"Tao Ban","orcid":"https://orcid.org/0000-0002-9616-3212"},"institutions":[{"id":"https://openalex.org/I90023481","display_name":"National Institute of Information and Communications Technology","ror":"https://ror.org/016bgq349","country_code":"JP","type":"facility","lineage":["https://openalex.org/I90023481"]}],"countries":["JP"],"is_corresponding":false,"raw_author_name":"Tao Ban","raw_affiliation_strings":["National Institute of Information and Communications Technology, Tokyo, Japan"],"affiliations":[{"raw_affiliation_string":"National Institute of Information and Communications Technology, Tokyo, Japan","institution_ids":["https://openalex.org/I90023481"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5029032117","display_name":"Takeshi Takahashi","orcid":"https://orcid.org/0000-0002-6477-7770"},"institutions":[{"id":"https://openalex.org/I90023481","display_name":"National Institute of Information and Communications Technology","ror":"https://ror.org/016bgq349","country_code":"JP","type":"facility","lineage":["https://openalex.org/I90023481"]}],"countries":["JP"],"is_corresponding":false,"raw_author_name":"Takeshi Takahashi","raw_affiliation_strings":["National Institute of Information and Communications Technology, Tokyo, Japan"],"affiliations":[{"raw_affiliation_string":"National Institute of Information and Communications Technology, Tokyo, Japan","institution_ids":["https://openalex.org/I90023481"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5071687365","display_name":"Daisuke Inoue","orcid":"https://orcid.org/0000-0002-4373-0834"},"institutions":[{"id":"https://openalex.org/I90023481","display_name":"National Institute of Information and Communications Technology","ror":"https://ror.org/016bgq349","country_code":"JP","type":"facility","lineage":["https://openalex.org/I90023481"]}],"countries":["JP"],"is_corresponding":false,"raw_author_name":"Daisuke Inoue","raw_affiliation_strings":["National Institute of Information and Communications Technology, Tokyo, Japan"],"affiliations":[{"raw_affiliation_string":"National Institute of Information and Communications Technology, Tokyo, Japan","institution_ids":["https://openalex.org/I90023481"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5016453346"],"corresponding_institution_ids":["https://openalex.org/I90023481"],"apc_list":null,"apc_paid":null,"fwci":1.7592,"has_fulltext":false,"cited_by_count":18,"citation_normalized_percentile":{"value":0.87988409,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":94,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"2119","last_page":"2127"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9979000091552734,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7919867038726807},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.6772220134735107},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.6743366122245789},{"id":"https://openalex.org/keywords/support-vector-machine","display_name":"Support vector machine","score":0.5973941087722778},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.5967209339141846},{"id":"https://openalex.org/keywords/decision-tree","display_name":"Decision tree","score":0.5932570099830627},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.5182266235351562},{"id":"https://openalex.org/keywords/class","display_name":"Class (philosophy)","score":0.49399715662002563},{"id":"https://openalex.org/keywords/oversampling","display_name":"Oversampling","score":0.4886765778064728},{"id":"https://openalex.org/keywords/random-forest","display_name":"Random forest","score":0.46723705530166626},{"id":"https://openalex.org/keywords/attack-patterns","display_name":"Attack patterns","score":0.4322323799133301},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.4004892408847809},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.3626682758331299}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7919867038726807},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.6772220134735107},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.6743366122245789},{"id":"https://openalex.org/C12267149","wikidata":"https://www.wikidata.org/wiki/Q282453","display_name":"Support vector machine","level":2,"score":0.5973941087722778},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.5967209339141846},{"id":"https://openalex.org/C84525736","wikidata":"https://www.wikidata.org/wiki/Q831366","display_name":"Decision tree","level":2,"score":0.5932570099830627},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.5182266235351562},{"id":"https://openalex.org/C2777212361","wikidata":"https://www.wikidata.org/wiki/Q5127848","display_name":"Class (philosophy)","level":2,"score":0.49399715662002563},{"id":"https://openalex.org/C197323446","wikidata":"https://www.wikidata.org/wiki/Q331222","display_name":"Oversampling","level":3,"score":0.4886765778064728},{"id":"https://openalex.org/C169258074","wikidata":"https://www.wikidata.org/wiki/Q245748","display_name":"Random forest","level":2,"score":0.46723705530166626},{"id":"https://openalex.org/C2780741293","wikidata":"https://www.wikidata.org/wiki/Q4818019","display_name":"Attack patterns","level":3,"score":0.4322323799133301},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.4004892408847809},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3626682758331299},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.0},{"id":"https://openalex.org/C2776257435","wikidata":"https://www.wikidata.org/wiki/Q1576430","display_name":"Bandwidth (computing)","level":2,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/bigdata52589.2021.9671956","is_oa":false,"landing_page_url":"https://doi.org/10.1109/bigdata52589.2021.9671956","pdf_url":null,"source":{"id":"https://openalex.org/S4363607718","display_name":"2021 IEEE International Conference on Big Data (Big Data)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2021 IEEE International Conference on Big Data (Big Data)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[{"id":"https://openalex.org/F4320337504","display_name":"Research and Development","ror":"https://ror.org/027s68j25"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":28,"referenced_works":["https://openalex.org/W85350352","https://openalex.org/W429766147","https://openalex.org/W1591261915","https://openalex.org/W1728842521","https://openalex.org/W1976526581","https://openalex.org/W1994410331","https://openalex.org/W2101234009","https://openalex.org/W2107686700","https://openalex.org/W2137029138","https://openalex.org/W2148143831","https://openalex.org/W2153635508","https://openalex.org/W2168508521","https://openalex.org/W2187089797","https://openalex.org/W2772356386","https://openalex.org/W2790557990","https://openalex.org/W2885157095","https://openalex.org/W2897662483","https://openalex.org/W2950901422","https://openalex.org/W2998714163","https://openalex.org/W3011302839","https://openalex.org/W3016038045","https://openalex.org/W3108481873","https://openalex.org/W3198775197","https://openalex.org/W4235988989","https://openalex.org/W4243367342","https://openalex.org/W6603460400","https://openalex.org/W6637572315","https://openalex.org/W6675354045"],"related_works":["https://openalex.org/W2903618681","https://openalex.org/W3172259201","https://openalex.org/W3184937791","https://openalex.org/W4366990902","https://openalex.org/W4317732970","https://openalex.org/W4388550696","https://openalex.org/W4321636153","https://openalex.org/W2122022187","https://openalex.org/W4313289487","https://openalex.org/W2115529843"],"abstract_inverted_index":{"The":[0],"extraordinary":[1],"number":[2,218],"of":[3,37,59,219,226],"alerts":[4,68,82,105,221],"generated":[5],"by":[6],"network":[7],"intrusion":[8],"detection":[9],"systems":[10,25],"(NIDS)":[11],"can":[12,47,87,208],"desensitize":[13],"security":[14,81,128,134,140,200],"analysts":[15],"tasked":[16],"with":[17,52],"incident":[18],"response.":[19],"Security":[20],"information":[21],"and":[22,43,66,131,154,158,183,188,222],"event":[23],"management":[24],"(SIEMs)":[26],"perform":[27],"some":[28],"rudimentary":[29],"automation":[30],"but":[31],"cannot":[32],"replicate":[33],"the":[34,57,60,84,100,103,122,133,147,165,185,193,205,211,217],"decision-making":[35],"process":[36,137],"a":[38,71,75,89,117,224],"skilled":[39],"analyst.":[40],"Machine":[41],"learning":[42],"artificial":[44],"intelligence":[45],"(AI)":[46],"detect":[48],"patterns":[49],"in":[50,111,126,139,228],"data":[51,62,130,197],"appropriate":[53],"training.":[54],"In":[55,192],"practice,":[56],"majority":[58,85],"alert":[61,129,135,196],"comprises":[63],"false":[64,104,160],"alerts,":[65],"true":[67,178],"form":[69],"only":[70],"small":[72],"proportion.":[73],"Consequently,":[74],"naive":[76],"engine":[77],"that":[78,204],"classifies":[79],"all":[80],"into":[83],"class":[86,101,123],"yield":[88],"superficial":[90],"high":[91],"accuracy":[92],"close":[93],"to":[94,120,152,174],"100%.":[95],"Without":[96],"any":[97],"correction":[98],"for":[99,213],"imbalance,":[102],"will":[106],"dominate":[107],"algorithmic":[108],"predictions":[109],"resulting":[110],"poor":[112],"generalization":[113],"performance.":[114],"We":[115,144],"propose":[116],"machine-learning":[118],"approach":[119],"address":[121],"imbalance":[124],"problem":[125],"multi-appliance":[127],"automate":[132],"analysis":[136],"performed":[138],"operations":[141],"centers":[142],"(SOCs).":[143],"first":[145],"used":[146],"neighborhood":[148],"cleaning":[149],"rule":[150],"(NCR)":[151],"identify":[153],"remove":[155],"ambiguous,":[156],"noisy,":[157],"redundant":[159],"alerts.":[161,179],"Then,":[162],"we":[163,181,202],"applied":[164],"support":[166],"vector":[167],"machine":[168],"synthetic":[169,176],"minority":[170],"oversampling":[171],"technique":[172],"(SVMSMOTE)":[173],"generate":[175],"training":[177],"Finally,":[180],"fit":[182],"evaluated":[184],"decision":[186],"tree":[187],"random":[189],"forest":[190],"classifiers.":[191],"experiments,":[194],"using":[195],"from":[198],"eight":[199],"appliances,":[201],"demonstrated":[203],"proposed":[206],"method":[207],"significantly":[209],"reduce":[210],"need":[212],"manual":[214],"auditing,":[215],"decreasing":[216],"uninspected":[220],"achieving":[223],"performance":[225],"99.524%":[227],"recall.":[229]},"counts_by_year":[{"year":2025,"cited_by_count":4},{"year":2024,"cited_by_count":8},{"year":2023,"cited_by_count":4},{"year":2022,"cited_by_count":2}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}