{"id":"https://openalex.org/W3095234215","doi":"https://doi.org/10.1145/3386250","title":"Predictive Cyber Situational Awareness and Personalized Blacklisting","display_name":"Predictive Cyber Situational Awareness and Personalized Blacklisting","publication_year":2020,"publication_date":"2020-08-15","ids":{"openalex":"https://openalex.org/W3095234215","doi":"https://doi.org/10.1145/3386250","mag":"3095234215"},"language":"en","primary_location":{"id":"doi:10.1145/3386250","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3386250","pdf_url":null,"source":{"id":"https://openalex.org/S4210170305","display_name":"ACM Transactions on Management Information Systems","issn_l":"2158-656X","issn":["2158-656X","2158-6578"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Management Information Systems","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://is.muni.cz/publication/1631616","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5048751886","display_name":"Martin Hus\u00e1k","orcid":"https://orcid.org/0000-0001-7249-9881"},"institutions":[{"id":"https://openalex.org/I21449261","display_name":"Masaryk University","ror":"https://ror.org/02j46qs45","country_code":"CZ","type":"education","lineage":["https://openalex.org/I21449261"]}],"countries":["CZ"],"is_corresponding":true,"raw_author_name":"Martin Hus\u00e1k","raw_affiliation_strings":["Masaryk University, Brno, Czech Republic"],"raw_orcid":"https://orcid.org/0000-0001-7249-9881","affiliations":[{"raw_affiliation_string":"Masaryk University, Brno, Czech Republic","institution_ids":["https://openalex.org/I21449261"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5084905344","display_name":"Tom\u00e1\u0161 Bajto\u0161","orcid":"https://orcid.org/0000-0001-8618-3642"},"institutions":[{"id":"https://openalex.org/I204881574","display_name":"University of Pavol Jozef \u0160af\u00e1rik","ror":"https://ror.org/039965637","country_code":"SK","type":"education","lineage":["https://openalex.org/I204881574"]}],"countries":["SK"],"is_corresponding":false,"raw_author_name":"Tom\u00e1\u0161 Bajto\u0161","raw_affiliation_strings":["Pavol Jozef \u0160af\u00e1rik University in Ko\u0161ice, Slovakia"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Pavol Jozef \u0160af\u00e1rik University in Ko\u0161ice, Slovakia","institution_ids":["https://openalex.org/I204881574"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5079350942","display_name":"Jaroslav Ka\u0161par","orcid":null},"institutions":[{"id":"https://openalex.org/I21449261","display_name":"Masaryk University","ror":"https://ror.org/02j46qs45","country_code":"CZ","type":"education","lineage":["https://openalex.org/I21449261"]}],"countries":["CZ"],"is_corresponding":false,"raw_author_name":"Jaroslav Ka\u0161par","raw_affiliation_strings":["Masaryk University, Czech Republic"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Masaryk University, Czech Republic","institution_ids":["https://openalex.org/I21449261"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5039079298","display_name":"Elias Bou\u2010Harb","orcid":"https://orcid.org/0000-0001-8040-4635"},"institutions":[{"id":"https://openalex.org/I45438204","display_name":"The University of Texas at San Antonio","ror":"https://ror.org/01kd65564","country_code":"US","type":"education","lineage":["https://openalex.org/I45438204"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Elias Bou-Harb","raw_affiliation_strings":["University of Texas at San Antonio, San Antonio"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Texas at San Antonio, San Antonio","institution_ids":["https://openalex.org/I45438204"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5014330271","display_name":"Pavel \u010celeda","orcid":"https://orcid.org/0000-0002-3338-2856"},"institutions":[{"id":"https://openalex.org/I21449261","display_name":"Masaryk University","ror":"https://ror.org/02j46qs45","country_code":"CZ","type":"education","lineage":["https://openalex.org/I21449261"]}],"countries":["CZ"],"is_corresponding":false,"raw_author_name":"Pavel \u010celeda","raw_affiliation_strings":["Masaryk University, Czech Republic"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Masaryk University, Czech Republic","institution_ids":["https://openalex.org/I21449261"]}]}],"institutions":[],"countries_distinct_count":3,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5048751886"],"corresponding_institution_ids":["https://openalex.org/I21449261"],"apc_list":null,"apc_paid":null,"fwci":2.9154,"has_fulltext":false,"cited_by_count":33,"citation_normalized_percentile":{"value":0.914772,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":94,"max":99},"biblio":{"volume":"11","issue":"4","first_page":"1","last_page":"16"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9966999888420105,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9965999722480774,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/blacklist","display_name":"Blacklist","score":0.9056168794631958},{"id":"https://openalex.org/keywords/blacklisting","display_name":"Blacklisting","score":0.8368239402770996},{"id":"https://openalex.org/keywords/situation-awareness","display_name":"Situation awareness","score":0.830872654914856},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7201697826385498},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.5327862501144409},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5091394782066345},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.49025896191596985},{"id":"https://openalex.org/keywords/data-science","display_name":"Data science","score":0.3909358084201813},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.12298029661178589}],"concepts":[{"id":"https://openalex.org/C2781345505","wikidata":"https://www.wikidata.org/wiki/Q2535979","display_name":"Blacklist","level":2,"score":0.9056168794631958},{"id":"https://openalex.org/C2779797433","wikidata":"https://www.wikidata.org/wiki/Q632959","display_name":"Blacklisting","level":2,"score":0.8368239402770996},{"id":"https://openalex.org/C145804949","wikidata":"https://www.wikidata.org/wiki/Q478123","display_name":"Situation awareness","level":2,"score":0.830872654914856},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7201697826385498},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.5327862501144409},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5091394782066345},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.49025896191596985},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.3909358084201813},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.12298029661178589},{"id":"https://openalex.org/C146978453","wikidata":"https://www.wikidata.org/wiki/Q3798668","display_name":"Aerospace engineering","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3386250","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3386250","pdf_url":null,"source":{"id":"https://openalex.org/S4210170305","display_name":"ACM Transactions on Management Information Systems","issn_l":"2158-656X","issn":["2158-656X","2158-6578"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Management Information Systems","raw_type":"journal-article"},{"id":"pmh:oai:is.muni.cz:1631616","is_oa":true,"landing_page_url":"https://is.muni.cz/publication/1631616","pdf_url":null,"source":{"id":"https://openalex.org/S4306400102","display_name":"Ve\u0159ejn\u00e9 slu\u017eby Informa\u010dn\u00edho syst\u00e9mu (Masarykiana Brunensis Universitas)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"ACM Transactions on Management Information Systems","raw_type":"info:eu-repo/semantics/article"}],"best_oa_location":{"id":"pmh:oai:is.muni.cz:1631616","is_oa":true,"landing_page_url":"https://is.muni.cz/publication/1631616","pdf_url":null,"source":{"id":"https://openalex.org/S4306400102","display_name":"Ve\u0159ejn\u00e9 slu\u017eby Informa\u010dn\u00edho syst\u00e9mu (Masarykiana Brunensis Universitas)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"ACM Transactions on Management Information Systems","raw_type":"info:eu-repo/semantics/article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions","score":0.550000011920929}],"awards":[{"id":"https://openalex.org/G1337030511","display_name":null,"funder_award_id":".02.1.01/0.0/0.0/16_019/0000822","funder_id":"https://openalex.org/F4320335322","funder_display_name":"European Regional Development Fund"},{"id":"https://openalex.org/G176604203","display_name":null,"funder_award_id":"02.1.01/0.0/0.0","funder_id":"https://openalex.org/F4320335322","funder_display_name":"European Regional Development Fund"},{"id":"https://openalex.org/G291036901","display_name":null,"funder_award_id":"CZ.02","funder_id":"https://openalex.org/F4320335322","funder_display_name":"European Regional Development Fund"},{"id":"https://openalex.org/G3490171961","display_name":null,"funder_award_id":"CZ.02.1.01","funder_id":"https://openalex.org/F4320335322","funder_display_name":"European Regional Development Fund"},{"id":"https://openalex.org/G4516802456","display_name":null,"funder_award_id":"1907821","funder_id":"https://openalex.org/F4320337377","funder_display_name":"Office of Advanced Cyberinfrastructure"},{"id":"https://openalex.org/G5538133283","display_name":null,"funder_award_id":"1907821","funder_id":"https://openalex.org/F4320309856","funder_display_name":"National Youth Science Foundation"},{"id":"https://openalex.org/G5916014575","display_name":null,"funder_award_id":"CZ.02.1.01/0.0/0.0","funder_id":"https://openalex.org/F4320335322","funder_display_name":"European Regional Development Fund"},{"id":"https://openalex.org/G6594491356","display_name":null,"funder_award_id":"CZ.02.1.01/0.0/0.0/","funder_id":"https://openalex.org/F4320335322","funder_display_name":"European Regional Development Fund"},{"id":"https://openalex.org/G7336671859","display_name":null,"funder_award_id":"CZ.02.1.01/0.0/0.0/16_019/0000822","funder_id":"https://openalex.org/F4320335322","funder_display_name":"European Regional Development Fund"},{"id":"https://openalex.org/G7363506711","display_name":null,"funder_award_id":"/16_019","funder_id":"https://openalex.org/F4320335322","funder_display_name":"European Regional Development Fund"},{"id":"https://openalex.org/G7749427453","display_name":null,"funder_award_id":"No.CZ.02.1.01/0.0/0.0/16_019/0000822","funder_id":"https://openalex.org/F4320335322","funder_display_name":"European Regional Development Fund"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"},{"id":"https://openalex.org/F4320309856","display_name":"National Youth Science Foundation","ror":"https://ror.org/054yz2f06"},{"id":"https://openalex.org/F4320313838","display_name":"International Visegrad Fund","ror":"https://ror.org/04e3ssz85"},{"id":"https://openalex.org/F4320335322","display_name":"European Regional Development Fund","ror":"https://ror.org/00k4n6c32"},{"id":"https://openalex.org/F4320337377","display_name":"Office of Advanced Cyberinfrastructure","ror":"https://ror.org/04nh1dc89"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":36,"referenced_works":["https://openalex.org/W63131150","https://openalex.org/W1024175129","https://openalex.org/W1420268584","https://openalex.org/W1495304983","https://openalex.org/W1772700132","https://openalex.org/W1987553702","https://openalex.org/W2004044843","https://openalex.org/W2036830045","https://openalex.org/W2050885659","https://openalex.org/W2119972750","https://openalex.org/W2128064123","https://openalex.org/W2146948159","https://openalex.org/W2152449272","https://openalex.org/W2156026066","https://openalex.org/W2163277533","https://openalex.org/W2166559705","https://openalex.org/W2232948873","https://openalex.org/W2246402135","https://openalex.org/W2256845964","https://openalex.org/W2342408547","https://openalex.org/W2360114527","https://openalex.org/W2466206609","https://openalex.org/W2507635762","https://openalex.org/W2543289462","https://openalex.org/W2594016977","https://openalex.org/W2743455435","https://openalex.org/W2773235317","https://openalex.org/W2889511488","https://openalex.org/W2892859754","https://openalex.org/W2894592169","https://openalex.org/W2921941248","https://openalex.org/W2952479443","https://openalex.org/W2968342184","https://openalex.org/W3003205915","https://openalex.org/W4243966150","https://openalex.org/W4299301436"],"related_works":["https://openalex.org/W2407525029","https://openalex.org/W2155719111","https://openalex.org/W2012575532","https://openalex.org/W3095234215","https://openalex.org/W2366221835","https://openalex.org/W784603328","https://openalex.org/W2149092448","https://openalex.org/W2113854174","https://openalex.org/W2149250358","https://openalex.org/W2732453673"],"abstract_inverted_index":{"Cybersecurity":[0],"adopts":[1],"data":[2,65,134],"mining":[3,110],"for":[4,18,39,44],"its":[5,182],"ability":[6],"to":[7,117,124,152,186],"extract":[8],"concealed":[9],"and":[10,28,42,100,177],"indistinct":[11],"patterns":[12,27],"in":[13,34,71,91,95,189,193],"the":[14,19,31,36,40,45,52,62,72,109,130,133,136,168,174],"data,":[15,176],"such":[16],"as":[17],"needs":[20],"of":[21,47,54,64,74,82,111,132,145,147,155,159,161,170,173,181],"alert":[22,97],"correlation.":[23],"Inferring":[24],"common":[25],"attack":[26],"rules":[29,113],"from":[30,86,135],"alerts":[32,85,146,160],"helps":[33],"understanding":[35],"threat":[37],"landscape":[38],"defenders":[41],"allows":[43],"realization":[46],"cyber":[48],"situational":[49],"awareness,":[50],"including":[51],"projection":[53],"ongoing":[55],"attacks.":[56],"In":[57],"this":[58],"article,":[59],"we":[60,115,122],"explore":[61],"use":[63,116],"mining,":[66,70],"namely":[67],"sequential":[68,112],"rule":[69],"analysis":[73],"intrusion":[75,88],"detection":[76,89],"alerts.":[77],"We":[78,107],"employed":[79],"a":[80,126,142,156],"dataset":[81],"12":[83],"million":[84],"34":[87],"systems":[90],"3":[92],"organizations":[93],"gathered":[94],"an":[96],"sharing":[98,137],"platform,":[99],"processed":[101],"it":[102],"using":[103],"our":[104],"analytical":[105],"framework.":[106],"execute":[108],"that":[114,149],"predict":[118],"security":[119],"events,":[120],"which":[121],"utilize":[123],"create":[125],"predictive":[127,165],"blacklist.":[128],"Thus,":[129],"recipients":[131],"platform":[138],"will":[139],"receive":[140],"only":[141,171],"small":[143],"number":[144,158],"events":[148],"are":[150,184],"likely":[151],"occur":[153],"instead":[154],"large":[157],"past":[162],"events.":[163],"The":[164],"blacklist":[166],"has":[167],"size":[169],"3%":[172],"raw":[175],"more":[178],"than":[179],"60%":[180],"entries":[183],"shown":[185],"be":[187],"successful":[188],"performing":[190],"accurate":[191],"predictions":[192],"operational,":[194],"real-world":[195],"settings.":[196]},"counts_by_year":[{"year":2026,"cited_by_count":2},{"year":2025,"cited_by_count":6},{"year":2024,"cited_by_count":7},{"year":2023,"cited_by_count":8},{"year":2022,"cited_by_count":3},{"year":2021,"cited_by_count":5},{"year":2020,"cited_by_count":2}],"updated_date":"2026-05-21T06:26:12.895304","created_date":"2025-10-10T00:00:00"}