{"id":"https://openalex.org/W4293234321","doi":"https://doi.org/10.1145/3510547.3517924","title":"A Framework for Automatic Labeling of Log Datasets from Model-driven Testbeds for HIDS Evaluation","display_name":"A Framework for Automatic Labeling of Log Datasets from Model-driven Testbeds for HIDS Evaluation","publication_year":2022,"publication_date":"2022-04-18","ids":{"openalex":"https://openalex.org/W4293234321","doi":"https://doi.org/10.1145/3510547.3517924"},"language":"en","primary_location":{"id":"doi:10.1145/3510547.3517924","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3510547.3517924","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3510547.3517924","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2022 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3510547.3517924","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5072210863","display_name":"Max Landauer","orcid":"https://orcid.org/0000-0003-3813-3151"},"institutions":[{"id":"https://openalex.org/I132118926","display_name":"Austrian Institute of Technology","ror":"https://ror.org/04knbh022","country_code":"AT","type":"facility","lineage":["https://openalex.org/I132118926"]}],"countries":["AT"],"is_corresponding":true,"raw_author_name":"Max Landauer","raw_affiliation_strings":["Austrian Institute of Technology, Vienna, Austria"],"affiliations":[{"raw_affiliation_string":"Austrian Institute of Technology, Vienna, Austria","institution_ids":["https://openalex.org/I132118926"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5046959670","display_name":"Maximilian Frank","orcid":"https://orcid.org/0000-0002-8140-3519"},"institutions":[{"id":"https://openalex.org/I132118926","display_name":"Austrian Institute of Technology","ror":"https://ror.org/04knbh022","country_code":"AT","type":"facility","lineage":["https://openalex.org/I132118926"]}],"countries":["AT"],"is_corresponding":false,"raw_author_name":"Maximilian Frank","raw_affiliation_strings":["Austrian Institute of Technology, Vienna, Austria"],"affiliations":[{"raw_affiliation_string":"Austrian Institute of Technology, Vienna, Austria","institution_ids":["https://openalex.org/I132118926"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5088439816","display_name":"Florian Skopik","orcid":"https://orcid.org/0000-0002-1922-7892"},"institutions":[{"id":"https://openalex.org/I132118926","display_name":"Austrian Institute of Technology","ror":"https://ror.org/04knbh022","country_code":"AT","type":"facility","lineage":["https://openalex.org/I132118926"]}],"countries":["AT"],"is_corresponding":false,"raw_author_name":"Florian Skopik","raw_affiliation_strings":["Austrian Institute of Technology, Vienna, Austria"],"affiliations":[{"raw_affiliation_string":"Austrian Institute of Technology, Vienna, Austria","institution_ids":["https://openalex.org/I132118926"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5090203198","display_name":"Wolfgang Hotwagner","orcid":"https://orcid.org/0000-0002-2127-4997"},"institutions":[{"id":"https://openalex.org/I132118926","display_name":"Austrian Institute of Technology","ror":"https://ror.org/04knbh022","country_code":"AT","type":"facility","lineage":["https://openalex.org/I132118926"]}],"countries":["AT"],"is_corresponding":false,"raw_author_name":"Wolfgang Hotwagner","raw_affiliation_strings":["Austrian Institute of Technology, Vienna, Austria"],"affiliations":[{"raw_affiliation_string":"Austrian Institute of Technology, Vienna, Austria","institution_ids":["https://openalex.org/I132118926"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5029942543","display_name":"Markus Wurzenberger","orcid":"https://orcid.org/0000-0003-3259-6972"},"institutions":[{"id":"https://openalex.org/I132118926","display_name":"Austrian Institute of Technology","ror":"https://ror.org/04knbh022","country_code":"AT","type":"facility","lineage":["https://openalex.org/I132118926"]}],"countries":["AT"],"is_corresponding":false,"raw_author_name":"Markus Wurzenberger","raw_affiliation_strings":["Austrian Institute of Technology, Vienna, Austria"],"affiliations":[{"raw_affiliation_string":"Austrian Institute of Technology, Vienna, Austria","institution_ids":["https://openalex.org/I132118926"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5057690103","display_name":"Andreas Rauber","orcid":"https://orcid.org/0000-0002-9272-6225"},"institutions":[{"id":"https://openalex.org/I145847075","display_name":"TU Wien","ror":"https://ror.org/04d836q62","country_code":"AT","type":"education","lineage":["https://openalex.org/I145847075"]}],"countries":["AT"],"is_corresponding":false,"raw_author_name":"Andreas Rauber","raw_affiliation_strings":["Vienna University of Technology, Vienna, Austria"],"affiliations":[{"raw_affiliation_string":"Vienna University of Technology, Vienna, Austria","institution_ids":["https://openalex.org/I145847075"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5072210863"],"corresponding_institution_ids":["https://openalex.org/I132118926"],"apc_list":null,"apc_paid":null,"fwci":0.8562,"has_fulltext":true,"cited_by_count":6,"citation_normalized_percentile":{"value":0.74861832,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"77","last_page":"86"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12326","display_name":"Network Packet Processing and Optimization","score":0.994700014591217,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8878154754638672},{"id":"https://openalex.org/keywords/benchmark","display_name":"Benchmark (surveying)","score":0.6141239404678345},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.599402666091919},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.5904298424720764},{"id":"https://openalex.org/keywords/identifier","display_name":"Identifier","score":0.5416868329048157},{"id":"https://openalex.org/keywords/parameterized-complexity","display_name":"Parameterized complexity","score":0.4776636064052582}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8878154754638672},{"id":"https://openalex.org/C185798385","wikidata":"https://www.wikidata.org/wiki/Q1161707","display_name":"Benchmark (surveying)","level":2,"score":0.6141239404678345},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.599402666091919},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.5904298424720764},{"id":"https://openalex.org/C154504017","wikidata":"https://www.wikidata.org/wiki/Q853614","display_name":"Identifier","level":2,"score":0.5416868329048157},{"id":"https://openalex.org/C165464430","wikidata":"https://www.wikidata.org/wiki/Q1570441","display_name":"Parameterized complexity","level":2,"score":0.4776636064052582},{"id":"https://openalex.org/C13280743","wikidata":"https://www.wikidata.org/wiki/Q131089","display_name":"Geodesy","level":1,"score":0.0},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0},{"id":"https://openalex.org/C205649164","wikidata":"https://www.wikidata.org/wiki/Q1071","display_name":"Geography","level":0,"score":0.0},{"id":"https://openalex.org/C11413529","wikidata":"https://www.wikidata.org/wiki/Q8366","display_name":"Algorithm","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3510547.3517924","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3510547.3517924","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3510547.3517924","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2022 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3510547.3517924","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3510547.3517924","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3510547.3517924","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2022 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems","raw_type":"proceedings-article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/9","score":0.6299999952316284,"display_name":"Industry, innovation and infrastructure"}],"awards":[{"id":"https://openalex.org/G5190488160","display_name":null,"funder_award_id":"833456","funder_id":"https://openalex.org/F4320332999","funder_display_name":"Horizon 2020 Framework Programme"},{"id":"https://openalex.org/G7331901853","display_name":null,"funder_award_id":"EU H2020","funder_id":"https://openalex.org/F4320332999","funder_display_name":"Horizon 2020 Framework Programme"}],"funders":[{"id":"https://openalex.org/F4320332999","display_name":"Horizon 2020 Framework Programme","ror":"https://ror.org/00k4n6c32"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4293234321.pdf","grobid_xml":"https://content.openalex.org/works/W4293234321.grobid-xml"},"referenced_works_count":20,"referenced_works":["https://openalex.org/W1971508603","https://openalex.org/W1981738628","https://openalex.org/W2031163547","https://openalex.org/W2077488147","https://openalex.org/W2089647250","https://openalex.org/W2107263349","https://openalex.org/W2145399176","https://openalex.org/W2158116940","https://openalex.org/W2597441556","https://openalex.org/W2770942607","https://openalex.org/W2789828921","https://openalex.org/W2886752452","https://openalex.org/W2894542239","https://openalex.org/W2924689635","https://openalex.org/W2934798124","https://openalex.org/W2958285686","https://openalex.org/W2963999143","https://openalex.org/W2972478609","https://openalex.org/W2983279969","https://openalex.org/W3102029110"],"related_works":["https://openalex.org/W2051058708","https://openalex.org/W1494268238","https://openalex.org/W154868527","https://openalex.org/W1983207144","https://openalex.org/W2490706771","https://openalex.org/W2480116122","https://openalex.org/W2364419519","https://openalex.org/W2360767377","https://openalex.org/W2017948608","https://openalex.org/W2360951146"],"abstract_inverted_index":{"Intrusion":[0],"detection":[1,11],"systems":[2],"are":[3,19,81,124,184],"essential":[4],"for":[5,59,134,146,156],"network":[6],"security.":[7],"To":[8],"verify":[9],"their":[10,88],"capabilities":[12],"and":[13,28,48,80,128],"facilitate":[14],"comparison,":[15],"benchmark":[16],"log":[17,96,171,193],"datasets":[18,38,61],"used":[20,133],"to":[21,56,66,126,165,186,190],"measure":[22],"evaluation":[23,174],"metrics":[24],"such":[25,78,120],"as":[26,85,121],"accuracy":[27],"false":[29],"alarm":[30],"rates.":[31],"Thereby,":[32],"it":[33,52],"is":[34,53,98],"necessary":[35,185],"that":[36,45,107,141,180],"these":[37,117],"come":[39],"with":[40,159],"a":[41,139],"correct":[42],"ground":[43],"truth":[44],"differentiates":[46],"normal":[47],"attacker":[49,70],"behavior.":[50],"While":[51],"relatively":[54],"straightforward":[55],"generate":[57],"labels":[58,189],"network-based":[60],"by":[62,87],"selecting":[63],"events":[64],"according":[65],"IP":[67,122],"addresses":[68,123],"of":[69,175],"hosts,":[71],"system":[72,170,192],"logs":[73],"do":[74],"not":[75],"necessarily":[76],"involve":[77],"identifiers":[79],"possibly":[82],"only":[83,181],"recognizable":[84],"malicious":[86],"combined":[89],"occurrences.":[90],"Even":[91],"more":[92],"problems":[93],"emerge":[94],"when":[95],"data":[97],"collected":[99],"in":[100,113],"model-driven":[101,147],"testbeds,":[102,118],"i.e.,":[103],"automatically":[104],"generated":[105],"networks":[106],"simulate":[108],"differently":[109],"parameterized":[110],"attack":[111,196],"scenarios":[112],"diverse":[114],"infrastructures.":[115],"In":[116,149],"parameters":[119],"subject":[125],"change":[127],"thus":[129,137],"cannot":[130],"simply":[131],"be":[132],"matching.":[135],"We":[136],"propose":[138],"framework":[140],"integrates":[142],"template-based":[143],"labeling":[144],"rules":[145,183],"testbeds.":[148],"this":[150],"paper":[151],"we":[152],"describe":[153],"the":[154],"syntax":[155],"rule":[157],"templates":[158],"different":[160],"query":[161],"types":[162],"specifically":[163],"designed":[164],"match":[166],"sequential":[167],"or":[168],"interrelated":[169],"events.":[172],"An":[173],"our":[176],"open-source":[177],"implementation":[178],"shows":[179],"27":[182],"assign":[187],"15":[188],"8":[191],"files":[194],"containing":[195],"manifestations.":[197]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":4},{"year":2022,"cited_by_count":1}],"updated_date":"2026-04-10T15:06:20.359241","created_date":"2025-10-10T00:00:00"}