{"id":"https://openalex.org/W2132948040","doi":"https://doi.org/10.1145/2713579.2713582","title":"Predicting Cyber Security Incidents Using Feature-Based Characterization of Network-Level Malicious Activities","display_name":"Predicting Cyber Security Incidents Using Feature-Based Characterization of Network-Level Malicious Activities","publication_year":2015,"publication_date":"2015-02-23","ids":{"openalex":"https://openalex.org/W2132948040","doi":"https://doi.org/10.1145/2713579.2713582","mag":"2132948040"},"language":"en","primary_location":{"id":"doi:10.1145/2713579.2713582","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2713579.2713582","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2015 ACM International Workshop on International Workshop on Security and Privacy Analytics","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5100604915","display_name":"Yang Liu","orcid":"https://orcid.org/0000-0003-4478-9974"},"institutions":[{"id":"https://openalex.org/I27837315","display_name":"University of Michigan\u2013Ann Arbor","ror":"https://ror.org/00jmfr291","country_code":"US","type":"education","lineage":["https://openalex.org/I27837315"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Yang Liu","raw_affiliation_strings":["University of Michigan, Ann Arbor, Ann Arbor, MI, USA"],"affiliations":[{"raw_affiliation_string":"University of Michigan, Ann Arbor, Ann Arbor, MI, USA","institution_ids":["https://openalex.org/I27837315"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5103189495","display_name":"Jing Zhang","orcid":"https://orcid.org/0000-0002-2785-7456"},"institutions":[{"id":"https://openalex.org/I27837315","display_name":"University of Michigan\u2013Ann Arbor","ror":"https://ror.org/00jmfr291","country_code":"US","type":"education","lineage":["https://openalex.org/I27837315"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Jing Zhang","raw_affiliation_strings":["University of Michigan, Ann Arbor, Ann Arbor, MI, USA"],"affiliations":[{"raw_affiliation_string":"University of Michigan, Ann Arbor, Ann Arbor, MI, USA","institution_ids":["https://openalex.org/I27837315"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5068512201","display_name":"Armin Sarabi","orcid":"https://orcid.org/0000-0002-1431-7434"},"institutions":[{"id":"https://openalex.org/I27837315","display_name":"University of Michigan\u2013Ann Arbor","ror":"https://ror.org/00jmfr291","country_code":"US","type":"education","lineage":["https://openalex.org/I27837315"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Armin Sarabi","raw_affiliation_strings":["University of Michigan, Ann Arbor, Ann Arbor, MI, USA"],"affiliations":[{"raw_affiliation_string":"University of Michigan, Ann Arbor, Ann Arbor, MI, USA","institution_ids":["https://openalex.org/I27837315"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101967011","display_name":"Mingyan Liu","orcid":"https://orcid.org/0000-0003-3295-9200"},"institutions":[{"id":"https://openalex.org/I27837315","display_name":"University of Michigan\u2013Ann Arbor","ror":"https://ror.org/00jmfr291","country_code":"US","type":"education","lineage":["https://openalex.org/I27837315"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Mingyan Liu","raw_affiliation_strings":["University of Michigan, Ann Arbor, Ann Arbor, MI, USA"],"affiliations":[{"raw_affiliation_string":"University of Michigan, Ann Arbor, Ann Arbor, MI, USA","institution_ids":["https://openalex.org/I27837315"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5070977368","display_name":"Manish Karir","orcid":null},"institutions":[{"id":"https://openalex.org/I4210164112","display_name":"dMetrics (United States)","ror":"https://ror.org/05s1j9511","country_code":"US","type":"company","lineage":["https://openalex.org/I4210164112"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Manish Karir","raw_affiliation_strings":["QuadMetrics, Inc, Ann Arbor, MI, USA"],"affiliations":[{"raw_affiliation_string":"QuadMetrics, Inc, Ann Arbor, MI, USA","institution_ids":["https://openalex.org/I4210164112"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5045573429","display_name":"Michael Bailey","orcid":"https://orcid.org/0009-0004-8425-993X"},"institutions":[{"id":"https://openalex.org/I157725225","display_name":"University of Illinois Urbana-Champaign","ror":"https://ror.org/047426m28","country_code":"US","type":"education","lineage":["https://openalex.org/I157725225"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Michael Bailey","raw_affiliation_strings":["University of Illinois at Urbana-Champaign, Champaign, IL, USA","University of Illinois at Urbana-Champaign, Champaign, IL, USA;"],"affiliations":[{"raw_affiliation_string":"University of Illinois at Urbana-Champaign, Champaign, IL, USA","institution_ids":["https://openalex.org/I157725225"]},{"raw_affiliation_string":"University of Illinois at Urbana-Champaign, Champaign, IL, USA;","institution_ids":["https://openalex.org/I157725225"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5100604915"],"corresponding_institution_ids":["https://openalex.org/I27837315"],"apc_list":null,"apc_paid":null,"fwci":1.6641,"has_fulltext":false,"cited_by_count":30,"citation_normalized_percentile":{"value":0.86099169,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"3","last_page":"9"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10064","display_name":"Complex Network Analysis Techniques","score":0.9988999962806702,"subfield":{"id":"https://openalex.org/subfields/3109","display_name":"Statistical and Nonlinear Physics"},"field":{"id":"https://openalex.org/fields/31","display_name":"Physics and Astronomy"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10917","display_name":"Smart Grid Security and Resilience","score":0.9944999814033508,"subfield":{"id":"https://openalex.org/subfields/2207","display_name":"Control and Systems Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7832639217376709},{"id":"https://openalex.org/keywords/support-vector-machine","display_name":"Support vector machine","score":0.6057473421096802},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.5298383235931396},{"id":"https://openalex.org/keywords/set","display_name":"Set (abstract data type)","score":0.4924252927303314},{"id":"https://openalex.org/keywords/population","display_name":"Population","score":0.4910707473754883},{"id":"https://openalex.org/keywords/feature-selection","display_name":"Feature selection","score":0.4771972596645355},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.4698435664176941},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.45212697982788086},{"id":"https://openalex.org/keywords/reputation","display_name":"Reputation","score":0.4433525800704956},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.42901840806007385},{"id":"https://openalex.org/keywords/feature","display_name":"Feature (linguistics)","score":0.4146444499492645},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.373749703168869}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7832639217376709},{"id":"https://openalex.org/C12267149","wikidata":"https://www.wikidata.org/wiki/Q282453","display_name":"Support vector machine","level":2,"score":0.6057473421096802},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.5298383235931396},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.4924252927303314},{"id":"https://openalex.org/C2908647359","wikidata":"https://www.wikidata.org/wiki/Q2625603","display_name":"Population","level":2,"score":0.4910707473754883},{"id":"https://openalex.org/C148483581","wikidata":"https://www.wikidata.org/wiki/Q446488","display_name":"Feature selection","level":2,"score":0.4771972596645355},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.4698435664176941},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.45212697982788086},{"id":"https://openalex.org/C48798503","wikidata":"https://www.wikidata.org/wiki/Q877546","display_name":"Reputation","level":2,"score":0.4433525800704956},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.42901840806007385},{"id":"https://openalex.org/C2776401178","wikidata":"https://www.wikidata.org/wiki/Q12050496","display_name":"Feature (linguistics)","level":2,"score":0.4146444499492645},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.373749703168869},{"id":"https://openalex.org/C36289849","wikidata":"https://www.wikidata.org/wiki/Q34749","display_name":"Social science","level":1,"score":0.0},{"id":"https://openalex.org/C144024400","wikidata":"https://www.wikidata.org/wiki/Q21201","display_name":"Sociology","level":0,"score":0.0},{"id":"https://openalex.org/C41895202","wikidata":"https://www.wikidata.org/wiki/Q8162","display_name":"Linguistics","level":1,"score":0.0},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0},{"id":"https://openalex.org/C149923435","wikidata":"https://www.wikidata.org/wiki/Q37732","display_name":"Demography","level":1,"score":0.0},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/2713579.2713582","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2713579.2713582","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2015 ACM International Workshop on International Workshop on Security and Privacy Analytics","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions","score":0.6000000238418579}],"awards":[],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":4,"referenced_works":["https://openalex.org/W1663973292","https://openalex.org/W1681269575","https://openalex.org/W2096273775","https://openalex.org/W2594639291"],"related_works":["https://openalex.org/W4392337488","https://openalex.org/W2102271161","https://openalex.org/W4313425421","https://openalex.org/W4388714791","https://openalex.org/W2361883455","https://openalex.org/W2952832228","https://openalex.org/W2909324362","https://openalex.org/W2372868951","https://openalex.org/W4386564352","https://openalex.org/W2952668426"],"abstract_inverted_index":{"This":[0],"study":[1],"offers":[2],"a":[3,60,78,87,121,135,139,159,165,233,253,257],"first":[4,153],"step":[5],"toward":[6],"understanding":[7],"the":[8,83,148,155,171,181,189,194,208,213,223],"extent":[9],"to":[10,16,231],"which":[11,51],"we":[12,113,152,245],"may":[13,52,54],"be":[14,23],"able":[15],"predict":[17],"cyber":[18],"security":[19,142],"incidents":[20],"(which":[21],"can":[22,246],"of":[24,26,50,82,86,123,141,167,173,183,197,215,256],"one":[25],"many":[27],"types)":[28],"by":[29],"applying":[30],"machine":[31,236],"learning":[32],"techniques":[33],"and":[34,47,89,95,103,137,162,192],"using":[35],"externally":[36],"observed":[37],"malicious":[38,74,224],"activities":[39,75],"associated":[40],"with":[41],"network":[42,79,88],"entities,":[43],"including":[44],"spamming,":[45],"phishing,":[46],"scanning,":[48],"each":[49],"or":[53,64],"not":[55],"have":[56],"direct":[57],"bearing":[58],"on":[59],"specific":[61],"attack":[62],"mechanism":[63],"incident":[65,143,190],"type.":[66],"Our":[67,240],"hypothesis":[68],"is":[69,93],"that":[70,96,169,244],"when":[71],"viewed":[72],"collectively,":[73],"originating":[76],"from":[77,188,193],"are":[80,228],"indicative":[81],"general":[84,195],"cleanness":[85],"how":[90],"well":[91],"it":[92],"run,":[94],"furthermore,":[97],"collectively":[98],"they":[99],"exhibit":[100],"fairly":[101],"stable":[102],"thus":[104],"predictive":[105],"behavior":[106,218],"over":[107,132,146,252],"time.":[108],"To":[109],"test":[110],"this":[111,118,174],"hypothesis,":[112],"utilize":[114],"two":[115,209],"datasets":[116],"in":[117,205,222],"study:":[119],"(1)":[120],"collection":[122],"commonly":[124],"used":[125,230],"IP":[126],"address-based/host":[127],"reputation":[128],"blacklists":[129],"(RBLs)":[130],"collected":[131,145],"more":[133],"than":[134],"year,":[136],"(2)":[138],"set":[140,166],"reports":[144],"roughly":[147],"same":[149],"period.":[150],"Specifically,":[151],"aggregate":[154],"RBL":[156],"data":[157],"at":[158],"prefix":[160],"level":[161],"then":[163,229],"introduce":[164],"features":[168,227],"capture":[170],"dynamics":[172],"aggregated":[175],"temporal":[176],"process.":[177],"A":[178],"comparison":[179],"between":[180,207],"distribution":[182],"these":[184],"feature":[185],"values":[186],"taken":[187],"dataset":[191],"population":[196],"prefixes":[198],"shows":[199],"distinct":[200],"differences,":[201],"suggesting":[202],"their":[203],"value":[204],"distinguishing":[206],"while":[210],"also":[211],"highlighting":[212],"importance":[214],"capturing":[216],"dynamic":[217],"(second":[219],"order":[220],"statistics)":[221],"activities.":[225],"These":[226],"train":[232],"support":[234],"vector":[235],"(SVM)":[237],"for":[238],"prediction.":[239],"preliminary":[241],"results":[242],"show":[243],"achieve":[247],"reasonably":[248],"good":[249],"prediction":[250],"performance":[251],"forecasting":[254],"window":[255],"few":[258],"months.":[259]},"counts_by_year":[{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":5},{"year":2022,"cited_by_count":6},{"year":2021,"cited_by_count":4},{"year":2020,"cited_by_count":1},{"year":2019,"cited_by_count":6},{"year":2018,"cited_by_count":2},{"year":2017,"cited_by_count":2},{"year":2015,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}