{"id":"https://openalex.org/W2002547931","doi":"https://doi.org/10.1145/1368310.1368332","title":"Principled reasoning and practical applications of alert fusion in intrusion detection systems","display_name":"Principled reasoning and practical applications of alert fusion in intrusion detection systems","publication_year":2008,"publication_date":"2008-03-18","ids":{"openalex":"https://openalex.org/W2002547931","doi":"https://doi.org/10.1145/1368310.1368332","mag":"2002547931"},"language":"en","primary_location":{"id":"doi:10.1145/1368310.1368332","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1368310.1368332","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2008 ACM symposium on Information, computer and communications security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5058852421","display_name":"Guofei Gu","orcid":"https://orcid.org/0000-0003-0630-741X"},"institutions":[{"id":"https://openalex.org/I130701444","display_name":"Georgia Institute of Technology","ror":"https://ror.org/01zkghx44","country_code":"US","type":"education","lineage":["https://openalex.org/I130701444"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Guofei Gu","raw_affiliation_strings":["Georgia Institute of Technology, Atlanta, GA","Georgia Institute of Technology Atlanta, GA"],"affiliations":[{"raw_affiliation_string":"Georgia Institute of Technology, Atlanta, GA","institution_ids":["https://openalex.org/I130701444"]},{"raw_affiliation_string":"Georgia Institute of Technology Atlanta, GA","institution_ids":["https://openalex.org/I130701444"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5016892225","display_name":"\u00c1lvaro A. C\u00e1rdenas","orcid":"https://orcid.org/0000-0002-5142-9750"},"institutions":[{"id":"https://openalex.org/I95457486","display_name":"University of California, Berkeley","ror":"https://ror.org/01an7q238","country_code":"US","type":"education","lineage":["https://openalex.org/I95457486"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Alvaro A. C\u00e1rdenas","raw_affiliation_strings":["University of California, Berkeley, CA","University of California: Berkeley, CA#TAB#"],"affiliations":[{"raw_affiliation_string":"University of California, Berkeley, CA","institution_ids":["https://openalex.org/I95457486"]},{"raw_affiliation_string":"University of California: Berkeley, CA#TAB#","institution_ids":["https://openalex.org/I95457486"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5047140382","display_name":"Wenke Lee","orcid":"https://orcid.org/0000-0003-2761-1277"},"institutions":[{"id":"https://openalex.org/I130701444","display_name":"Georgia Institute of Technology","ror":"https://ror.org/01zkghx44","country_code":"US","type":"education","lineage":["https://openalex.org/I130701444"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Wenke Lee","raw_affiliation_strings":["Georgia Institute of Technology, Atlanta, GA","Georgia Institute of Technology Atlanta, GA"],"affiliations":[{"raw_affiliation_string":"Georgia Institute of Technology, Atlanta, GA","institution_ids":["https://openalex.org/I130701444"]},{"raw_affiliation_string":"Georgia Institute of Technology Atlanta, GA","institution_ids":["https://openalex.org/I130701444"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5058852421"],"corresponding_institution_ids":["https://openalex.org/I130701444"],"apc_list":null,"apc_paid":null,"fwci":6.4798,"has_fulltext":false,"cited_by_count":46,"citation_normalized_percentile":{"value":0.96616541,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"136","last_page":"147"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9968000054359436,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11303","display_name":"Bayesian Modeling and Causal Inference","score":0.9781000018119812,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7804043889045715},{"id":"https://openalex.org/keywords/voting","display_name":"Voting","score":0.7153144478797913},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.681205689907074},{"id":"https://openalex.org/keywords/majority-rule","display_name":"Majority rule","score":0.6806585192680359},{"id":"https://openalex.org/keywords/sensor-fusion","display_name":"Sensor fusion","score":0.602041482925415},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.5438306331634521},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.5166111588478088},{"id":"https://openalex.org/keywords/intrusion","display_name":"Intrusion","score":0.47260740399360657},{"id":"https://openalex.org/keywords/interpretation","display_name":"Interpretation (philosophy)","score":0.470276415348053},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.4531640112400055},{"id":"https://openalex.org/keywords/fusion","display_name":"Fusion","score":0.44574323296546936}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7804043889045715},{"id":"https://openalex.org/C520049643","wikidata":"https://www.wikidata.org/wiki/Q189760","display_name":"Voting","level":3,"score":0.7153144478797913},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.681205689907074},{"id":"https://openalex.org/C153668964","wikidata":"https://www.wikidata.org/wiki/Q27636","display_name":"Majority rule","level":2,"score":0.6806585192680359},{"id":"https://openalex.org/C33954974","wikidata":"https://www.wikidata.org/wiki/Q486494","display_name":"Sensor fusion","level":2,"score":0.602041482925415},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.5438306331634521},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.5166111588478088},{"id":"https://openalex.org/C158251709","wikidata":"https://www.wikidata.org/wiki/Q354025","display_name":"Intrusion","level":2,"score":0.47260740399360657},{"id":"https://openalex.org/C527412718","wikidata":"https://www.wikidata.org/wiki/Q855395","display_name":"Interpretation (philosophy)","level":2,"score":0.470276415348053},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.4531640112400055},{"id":"https://openalex.org/C158525013","wikidata":"https://www.wikidata.org/wiki/Q2593739","display_name":"Fusion","level":2,"score":0.44574323296546936},{"id":"https://openalex.org/C41895202","wikidata":"https://www.wikidata.org/wiki/Q8162","display_name":"Linguistics","level":1,"score":0.0},{"id":"https://openalex.org/C17409809","wikidata":"https://www.wikidata.org/wiki/Q161764","display_name":"Geochemistry","level":1,"score":0.0},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0},{"id":"https://openalex.org/C127313418","wikidata":"https://www.wikidata.org/wiki/Q1069","display_name":"Geology","level":0,"score":0.0},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0},{"id":"https://openalex.org/C94625758","wikidata":"https://www.wikidata.org/wiki/Q7163","display_name":"Politics","level":2,"score":0.0},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/1368310.1368332","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1368310.1368332","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2008 ACM symposium on Information, computer and communications security","raw_type":"proceedings-article"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.126.6162","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.126.6162","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://www-static.cc.gatech.edu/~guofei/paper/Gu_asiaccs08_idsFusion.pdf","raw_type":"text"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","score":0.7900000214576721,"id":"https://metadata.un.org/sdg/16"}],"awards":[{"id":"https://openalex.org/G1311524523","display_name":null,"funder_award_id":"W911NF0510139","funder_id":"https://openalex.org/F4320338281","funder_display_name":"Army Research Office"},{"id":"https://openalex.org/G2468220973","display_name":null,"funder_award_id":"CCR-0133629CCF-0424422","funder_id":"https://openalex.org/F4320337387","funder_display_name":"Division of Computing and Communication Foundations"},{"id":"https://openalex.org/G6166159835","display_name":null,"funder_award_id":"CCR-0133629CCF-0424422","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"},{"id":"https://openalex.org/F4320337387","display_name":"Division of Computing and Communication Foundations","ror":"https://ror.org/01mng8331"},{"id":"https://openalex.org/F4320338281","display_name":"Army Research Office","ror":"https://ror.org/05epdh915"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":53,"referenced_works":["https://openalex.org/W6091113","https://openalex.org/W28412257","https://openalex.org/W1480376833","https://openalex.org/W1495304983","https://openalex.org/W1518811650","https://openalex.org/W1525038591","https://openalex.org/W1534477342","https://openalex.org/W1539745582","https://openalex.org/W1549716092","https://openalex.org/W1580049798","https://openalex.org/W1591480890","https://openalex.org/W1674877186","https://openalex.org/W1729765288","https://openalex.org/W1746680969","https://openalex.org/W1755360231","https://openalex.org/W1794828807","https://openalex.org/W1800991598","https://openalex.org/W1952056635","https://openalex.org/W1972062587","https://openalex.org/W1988918299","https://openalex.org/W2008651162","https://openalex.org/W2043314203","https://openalex.org/W2048465382","https://openalex.org/W2085305295","https://openalex.org/W2098266409","https://openalex.org/W2103378897","https://openalex.org/W2104593144","https://openalex.org/W2109431881","https://openalex.org/W2110523863","https://openalex.org/W2112076978","https://openalex.org/W2116065364","https://openalex.org/W2124868070","https://openalex.org/W2132029108","https://openalex.org/W2132581322","https://openalex.org/W2141200504","https://openalex.org/W2147146321","https://openalex.org/W2152449272","https://openalex.org/W2153635508","https://openalex.org/W2156909104","https://openalex.org/W2162240407","https://openalex.org/W2162275200","https://openalex.org/W2163277533","https://openalex.org/W2164568552","https://openalex.org/W2166603077","https://openalex.org/W2167287136","https://openalex.org/W2169768310","https://openalex.org/W2471373840","https://openalex.org/W2487087946","https://openalex.org/W2789305555","https://openalex.org/W2912934387","https://openalex.org/W2993330478","https://openalex.org/W4241433670","https://openalex.org/W4251448448"],"related_works":["https://openalex.org/W2357468538","https://openalex.org/W1577110157","https://openalex.org/W2133389611","https://openalex.org/W3121841074","https://openalex.org/W2055572829","https://openalex.org/W3036613766","https://openalex.org/W1894159578","https://openalex.org/W2807400035","https://openalex.org/W4297796115","https://openalex.org/W3125086856"],"abstract_inverted_index":{"It":[0],"is":[1,113],"generally":[2],"believed":[3],"that":[4,110],"by":[5],"combining":[6],"several":[7,105],"diverse":[8],"intrusion":[9],"detectors":[10,56],"(i.e.,":[11],"forming":[12],"an":[13,33],"IDS":[14,34],"ensemble),":[15],"we":[16,39,108],"may":[17],"achieve":[18],"better":[19],"performance.":[20,63],"However,":[21],"there":[22],"has":[23],"been":[24],"very":[25],"little":[26],"work":[27],"on":[28,51,72,92,104],"analyzing":[29],"the":[30,41,52,61,73],"effectiveness":[31],"of":[32],"ensemble.":[35],"In":[36],"this":[37],"paper,":[38],"study":[40],"following":[42],"problem:":[43],"how":[44],"to":[45,59],"make":[46],"a":[47,66],"good":[48],"fusion":[49,69,121],"decision":[50],"alerts":[53],"from":[54,82],"multiple":[55,102],"in":[57],"order":[58],"improve":[60],"final":[62],"We":[64,78],"propose":[65],"decision-theoretic":[67],"alert":[68],"technique":[70,112],"based":[71,91],"likelihood":[74],"ratio":[75],"test":[76],"(LRT).":[77],"report":[79],"our":[80,111],"experience":[81],"empirical":[83],"studies,":[84],"and":[85,99,116,129],"formally":[86],"analyze":[87],"its":[88],"practical":[89],"interpretation":[90],"ROC":[93],"curve":[94],"analysis.":[95],"Through":[96],"theoretical":[97],"reasoning":[98],"experiments":[100],"using":[101],"IDSs":[103],"data":[106],"sets,":[107],"show":[109],"more":[114],"flexible":[115],"also":[117],"outperforms":[118],"other":[119],"existing":[120],"techniques":[122],"such":[123],"as":[124],"AND,":[125],"OR,":[126],"majority":[127],"voting,":[128],"weighted":[130],"voting.":[131]},"counts_by_year":[{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":1},{"year":2022,"cited_by_count":2},{"year":2021,"cited_by_count":1},{"year":2020,"cited_by_count":4},{"year":2019,"cited_by_count":1},{"year":2018,"cited_by_count":7},{"year":2017,"cited_by_count":2},{"year":2016,"cited_by_count":3},{"year":2014,"cited_by_count":3},{"year":2013,"cited_by_count":2},{"year":2012,"cited_by_count":2}],"updated_date":"2026-04-05T17:49:38.594831","created_date":"2025-10-10T00:00:00"}