{"id":"https://openalex.org/W2338128881","doi":"https://doi.org/10.1145/2898375.2898399","title":"Optimal thresholds for intrusion detection systems","display_name":"Optimal thresholds for intrusion detection systems","publication_year":2016,"publication_date":"2016-04-14","ids":{"openalex":"https://openalex.org/W2338128881","doi":"https://doi.org/10.1145/2898375.2898399","mag":"2338128881"},"language":"en","primary_location":{"id":"doi:10.1145/2898375.2898399","is_oa":true,"landing_page_url":"https://doi.org/10.1145/2898375.2898399","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/2898375.2898399","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the Symposium and Bootcamp on the Science of Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/2898375.2898399","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5049435924","display_name":"\u00c1ron L\u00e1szka","orcid":"https://orcid.org/0000-0001-7400-2357"},"institutions":[{"id":"https://openalex.org/I95457486","display_name":"University of California, Berkeley","ror":"https://ror.org/01an7q238","country_code":"US","type":"education","lineage":["https://openalex.org/I95457486"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Aron Laszka","raw_affiliation_strings":["University of California, Berkeley"],"affiliations":[{"raw_affiliation_string":"University of California, Berkeley","institution_ids":["https://openalex.org/I95457486"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5041744190","display_name":"Waseem Abbas","orcid":"https://orcid.org/0000-0002-9013-1463"},"institutions":[{"id":"https://openalex.org/I200719446","display_name":"Vanderbilt University","ror":"https://ror.org/02vm5rt34","country_code":"US","type":"education","lineage":["https://openalex.org/I200719446"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Waseem Abbas","raw_affiliation_strings":["Vanderbilt University"],"affiliations":[{"raw_affiliation_string":"Vanderbilt University","institution_ids":["https://openalex.org/I200719446"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5103101043","display_name":"S. Shankar Sastry","orcid":null},"institutions":[{"id":"https://openalex.org/I95457486","display_name":"University of California, Berkeley","ror":"https://ror.org/01an7q238","country_code":"US","type":"education","lineage":["https://openalex.org/I95457486"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"S. Shankar Sastry","raw_affiliation_strings":["University of California, Berkeley"],"affiliations":[{"raw_affiliation_string":"University of California, Berkeley","institution_ids":["https://openalex.org/I95457486"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5038669899","display_name":"Yevgeniy Vorobeychik","orcid":"https://orcid.org/0000-0003-2471-5345"},"institutions":[{"id":"https://openalex.org/I200719446","display_name":"Vanderbilt University","ror":"https://ror.org/02vm5rt34","country_code":"US","type":"education","lineage":["https://openalex.org/I200719446"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Yevgeniy Vorobeychik","raw_affiliation_strings":["Vanderbilt University"],"affiliations":[{"raw_affiliation_string":"Vanderbilt University","institution_ids":["https://openalex.org/I200719446"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5023397404","display_name":"Xenofon Koutsoukos","orcid":"https://orcid.org/0000-0002-0923-6293"},"institutions":[{"id":"https://openalex.org/I200719446","display_name":"Vanderbilt University","ror":"https://ror.org/02vm5rt34","country_code":"US","type":"education","lineage":["https://openalex.org/I200719446"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Xenofon Koutsoukos","raw_affiliation_strings":["Vanderbilt University"],"affiliations":[{"raw_affiliation_string":"Vanderbilt University","institution_ids":["https://openalex.org/I200719446"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5049435924"],"corresponding_institution_ids":["https://openalex.org/I95457486"],"apc_list":null,"apc_paid":null,"fwci":4.725,"has_fulltext":true,"cited_by_count":32,"citation_normalized_percentile":{"value":0.95153094,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":94,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"72","last_page":"81"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10917","display_name":"Smart Grid Security and Resilience","score":0.9987000226974487,"subfield":{"id":"https://openalex.org/subfields/2207","display_name":"Control and Systems Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9983000159263611,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.8720030784606934},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7560219168663025},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.7153202891349792},{"id":"https://openalex.org/keywords/focus","display_name":"Focus (optics)","score":0.5281733870506287},{"id":"https://openalex.org/keywords/intrusion","display_name":"Intrusion","score":0.5279452204704285},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.5048163533210754},{"id":"https://openalex.org/keywords/intrusion-prevention-system","display_name":"Intrusion prevention system","score":0.41676050424575806},{"id":"https://openalex.org/keywords/anomaly-based-intrusion-detection-system","display_name":"Anomaly-based intrusion detection system","score":0.4137406051158905}],"concepts":[{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.8720030784606934},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7560219168663025},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.7153202891349792},{"id":"https://openalex.org/C192209626","wikidata":"https://www.wikidata.org/wiki/Q190909","display_name":"Focus (optics)","level":2,"score":0.5281733870506287},{"id":"https://openalex.org/C158251709","wikidata":"https://www.wikidata.org/wiki/Q354025","display_name":"Intrusion","level":2,"score":0.5279452204704285},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.5048163533210754},{"id":"https://openalex.org/C27061796","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion prevention system","level":3,"score":0.41676050424575806},{"id":"https://openalex.org/C137524506","wikidata":"https://www.wikidata.org/wiki/Q2247688","display_name":"Anomaly-based intrusion detection system","level":3,"score":0.4137406051158905},{"id":"https://openalex.org/C127313418","wikidata":"https://www.wikidata.org/wiki/Q1069","display_name":"Geology","level":0,"score":0.0},{"id":"https://openalex.org/C120665830","wikidata":"https://www.wikidata.org/wiki/Q14620","display_name":"Optics","level":1,"score":0.0},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0},{"id":"https://openalex.org/C17409809","wikidata":"https://www.wikidata.org/wiki/Q161764","display_name":"Geochemistry","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/2898375.2898399","is_oa":true,"landing_page_url":"https://doi.org/10.1145/2898375.2898399","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/2898375.2898399","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the Symposium and Bootcamp on the Science of Security","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/2898375.2898399","is_oa":true,"landing_page_url":"https://doi.org/10.1145/2898375.2898399","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/2898375.2898399","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the Symposium and Bootcamp on the Science of Security","raw_type":"proceedings-article"},"sustainable_development_goals":[{"score":0.550000011920929,"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16"}],"awards":[{"id":"https://openalex.org/G1299527921","display_name":null,"funder_award_id":"N00014-15-1-2621","funder_id":"https://openalex.org/F4320337345","funder_display_name":"Office of Naval Research"},{"id":"https://openalex.org/G2025953833","display_name":null,"funder_award_id":"CNS-1238959, CNS-1238962, CNS-1239054, CNS-1239166","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G2256232009","display_name":null,"funder_award_id":"CNS-1239054","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G2853312554","display_name":"CPS: Frontiers: Collaborative Research: Foundations of Resilient CybEr-Physical Systems (FORCES)","funder_award_id":"1238962","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G3000207412","display_name":null,"funder_award_id":"FA8750-14-2-0180","funder_id":"https://openalex.org/F4320338294","funder_display_name":"Air Force Research Laboratory"},{"id":"https://openalex.org/G3366966419","display_name":null,"funder_award_id":"W911NF-16-1","funder_id":"https://openalex.org/F4320338281","funder_display_name":"Army Research Office"},{"id":"https://openalex.org/G3574400649","display_name":null,"funder_award_id":"CNS-1239166, CNS-1239166","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G371206825","display_name":null,"funder_award_id":"CNS-1238","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G4149680450","display_name":null,"funder_award_id":"CNS-1239166","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G4573643932","display_name":null,"funder_award_id":"1526860","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G4670170340","display_name":null,"funder_award_id":"W911NF-16-1-0069","funder_id":"https://openalex.org/F4320338281","funder_display_name":"Army Research Office"},{"id":"https://openalex.org/G5921281487","display_name":null,"funder_award_id":"number","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G657448715","display_name":null,"funder_award_id":"W911NF-16-1-","funder_id":"https://openalex.org/F4320338281","funder_display_name":"Army Research Office"},{"id":"https://openalex.org/G671298569","display_name":null,"funder_award_id":"8750-14-2-0180","funder_id":"https://openalex.org/F4320338294","funder_display_name":"Air Force Research Laboratory"},{"id":"https://openalex.org/G7452299184","display_name":null,"funder_award_id":"W911NF","funder_id":"https://openalex.org/F4320338281","funder_display_name":"Army Research Office"},{"id":"https://openalex.org/G7489832056","display_name":null,"funder_award_id":"1239054","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G7755306388","display_name":null,"funder_award_id":"1239166","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G7931865478","display_name":null,"funder_award_id":"4-15-1-","funder_id":"https://openalex.org/F4320337345","funder_display_name":"Office of Naval Research"},{"id":"https://openalex.org/G8305956998","display_name":null,"funder_award_id":"CNS-1238962","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G848032724","display_name":null,"funder_award_id":"Science","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G8876996369","display_name":null,"funder_award_id":"N00014","funder_id":"https://openalex.org/F4320337345","funder_display_name":"Office of Naval Research"},{"id":"https://openalex.org/G8998121839","display_name":null,"funder_award_id":"911NF","funder_id":"https://openalex.org/F4320338281","funder_display_name":"Army Research Office"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"},{"id":"https://openalex.org/F4320332178","display_name":"National Institute of Standards and Technology","ror":"https://ror.org/05xpvk416"},{"id":"https://openalex.org/F4320337345","display_name":"Office of Naval Research","ror":"https://ror.org/00rk2pe57"},{"id":"https://openalex.org/F4320338281","display_name":"Army Research Office","ror":"https://ror.org/05epdh915"},{"id":"https://openalex.org/F4320338291","display_name":"Sandia National Laboratories","ror":"https://ror.org/01apwpt12"},{"id":"https://openalex.org/F4320338294","display_name":"Air Force Research Laboratory","ror":"https://ror.org/02e2egq70"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W2338128881.pdf","grobid_xml":"https://content.openalex.org/works/W2338128881.grobid-xml"},"referenced_works_count":19,"referenced_works":["https://openalex.org/W1045446471","https://openalex.org/W1517532457","https://openalex.org/W1525862211","https://openalex.org/W1909137272","https://openalex.org/W1941427975","https://openalex.org/W1981738628","https://openalex.org/W1981887010","https://openalex.org/W2047408737","https://openalex.org/W2139263187","https://openalex.org/W2143842190","https://openalex.org/W2156593712","https://openalex.org/W2167240430","https://openalex.org/W2169685348","https://openalex.org/W2179494254","https://openalex.org/W2195906484","https://openalex.org/W2241862190","https://openalex.org/W2565355925","https://openalex.org/W3102219781","https://openalex.org/W3130529786"],"related_works":["https://openalex.org/W2357468538","https://openalex.org/W2362800560","https://openalex.org/W4300599821","https://openalex.org/W2355007334","https://openalex.org/W1496376327","https://openalex.org/W2133389611","https://openalex.org/W2383127772","https://openalex.org/W2348767155","https://openalex.org/W2374614522","https://openalex.org/W1937493481"],"abstract_inverted_index":{"In":[0],"recent":[1],"years,":[2],"we":[3],"have":[4,17,25,57,135,165],"seen":[5],"a":[6,80,92,112,124,170],"number":[7,114],"of":[8,15,53,67,115,150,187,202],"successful":[9],"attacks":[10,98],"against":[11,169],"high-profile":[12],"targets,":[13],"some":[14],"which":[16,110],"even":[18,38],"caused":[19],"severe":[20],"physical":[21],"damage.":[22],"These":[23],"examples":[24],"shown":[26],"us":[27],"that":[28,40],"resourceful":[29],"and":[30,96,144,183,198],"determined":[31],"attackers":[32],"can":[33,78,174],"penetrate":[34],"virtually":[35],"any":[36],"system,":[37,109],"those":[39],"are":[41],"secured":[42],"by":[43],"the":[44,51,64,138,148,158,185,200],"\"air-gap.\"":[45],"Consequently,":[46],"in":[47,83,157,178],"order":[48,179],"to":[49,58,94,129,136,166,180],"minimize":[50,184],"impact":[52],"stealthy":[54],"attacks,":[55],"defenders":[56,91,134],"focus":[59],"not":[60],"only":[61],"on":[62,71,123],"strengthening":[63],"first":[65],"lines":[66],"defense":[68],"but":[69],"also":[70],"deploying":[72],"effective":[73],"intrusion-detection":[74,108],"systems.":[75],"Intrusion-detection":[76],"systems":[77,87,153,164,177],"play":[79],"key":[81],"role":[82],"protecting":[84],"sensitive":[85],"computer":[86,163,176],"since":[88,126],"they":[89,100],"give":[90],"chance":[93],"detect":[95],"mitigate":[97],"before":[99],"could":[101],"cause":[102],"substantial":[103],"losses.":[104],"However,":[105],"an":[106,194],"over-sensitive":[107],"produces":[111],"large":[113],"false":[116],"alarms,":[117],"imposes":[118],"prohibitively":[119],"high":[120],"operational":[121],"costs":[122],"defender":[125],"alarms":[127],"need":[128],"be":[130,167],"manually":[131],"investigated.":[132],"Thus,":[133],"strike":[137],"right":[139],"balance":[140],"between":[141],"maximizing":[142],"security":[143,196],"minimizing":[145],"costs.":[146],"Optimizing":[147],"sensitivity":[149],"intrusion":[151,205],"detection":[152,206],"is":[154],"especially":[155],"challenging":[156],"case":[159],"when":[160],"multiple":[161],"inter-dependent":[162],"defended":[168],"strategic":[171],"attacker,":[172],"who":[173],"target":[175],"maximize":[181],"losses":[182],"probability":[186],"detection.":[188],"We":[189],"model":[190],"this":[191],"scenario":[192],"as":[193],"attacker-defender":[195],"game":[197],"study":[199],"problem":[201],"finding":[203],"optimal":[204],"thresholds.":[207]},"counts_by_year":[{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":2},{"year":2023,"cited_by_count":3},{"year":2022,"cited_by_count":2},{"year":2021,"cited_by_count":4},{"year":2020,"cited_by_count":3},{"year":2019,"cited_by_count":4},{"year":2018,"cited_by_count":6},{"year":2017,"cited_by_count":4},{"year":2016,"cited_by_count":2}],"updated_date":"2026-04-10T15:06:20.359241","created_date":"2025-10-10T00:00:00"}