{"id":"https://openalex.org/W4220983750","doi":"https://doi.org/10.1145/3510581","title":"Dealing with Security Alert Flooding: Using Machine Learning for Domain-independent Alert Aggregation","display_name":"Dealing with Security Alert Flooding: Using Machine Learning for Domain-independent Alert Aggregation","publication_year":2022,"publication_date":"2022-03-29","ids":{"openalex":"https://openalex.org/W4220983750","doi":"https://doi.org/10.1145/3510581"},"language":"en","primary_location":{"id":"doi:10.1145/3510581","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3510581","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3510581","source":{"id":"https://openalex.org/S4210174050","display_name":"ACM Transactions on Privacy and Security","issn_l":"2471-2566","issn":["2471-2566","2471-2574"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Privacy and Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"bronze","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3510581","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5072210863","display_name":"Max Landauer","orcid":"https://orcid.org/0000-0003-3813-3151"},"institutions":[{"id":"https://openalex.org/I132118926","display_name":"Austrian Institute of Technology","ror":"https://ror.org/04knbh022","country_code":"AT","type":"facility","lineage":["https://openalex.org/I132118926"]}],"countries":["AT"],"is_corresponding":true,"raw_author_name":"Max Landauer","raw_affiliation_strings":["Austrian Institute of Technology, Vienna, Austria"],"affiliations":[{"raw_affiliation_string":"Austrian Institute of Technology, Vienna, Austria","institution_ids":["https://openalex.org/I132118926"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5088439816","display_name":"Florian Skopik","orcid":"https://orcid.org/0000-0002-1922-7892"},"institutions":[{"id":"https://openalex.org/I132118926","display_name":"Austrian Institute of Technology","ror":"https://ror.org/04knbh022","country_code":"AT","type":"facility","lineage":["https://openalex.org/I132118926"]}],"countries":["AT"],"is_corresponding":false,"raw_author_name":"Florian Skopik","raw_affiliation_strings":["Austrian Institute of Technology, Vienna, Austria"],"affiliations":[{"raw_affiliation_string":"Austrian Institute of Technology, Vienna, Austria","institution_ids":["https://openalex.org/I132118926"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5029942543","display_name":"Markus Wurzenberger","orcid":"https://orcid.org/0000-0003-3259-6972"},"institutions":[{"id":"https://openalex.org/I132118926","display_name":"Austrian Institute of Technology","ror":"https://ror.org/04knbh022","country_code":"AT","type":"facility","lineage":["https://openalex.org/I132118926"]}],"countries":["AT"],"is_corresponding":false,"raw_author_name":"Markus Wurzenberger","raw_affiliation_strings":["Austrian Institute of Technology, Vienna, Austria"],"affiliations":[{"raw_affiliation_string":"Austrian Institute of Technology, Vienna, Austria","institution_ids":["https://openalex.org/I132118926"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5057690103","display_name":"Andreas Rauber","orcid":"https://orcid.org/0000-0002-9272-6225"},"institutions":[{"id":"https://openalex.org/I145847075","display_name":"TU Wien","ror":"https://ror.org/04d836q62","country_code":"AT","type":"education","lineage":["https://openalex.org/I145847075"]}],"countries":["AT"],"is_corresponding":false,"raw_author_name":"Andreas Rauber","raw_affiliation_strings":["Vienna University of Technology, Vienna, Austria"],"affiliations":[{"raw_affiliation_string":"Vienna University of Technology, Vienna, Austria","institution_ids":["https://openalex.org/I145847075"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5072210863"],"corresponding_institution_ids":["https://openalex.org/I132118926"],"apc_list":null,"apc_paid":null,"fwci":4.281,"has_fulltext":true,"cited_by_count":33,"citation_normalized_percentile":{"value":0.94345587,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":98,"max":100},"biblio":{"volume":"25","issue":"3","first_page":"1","last_page":"36"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9991000294685364,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9983999729156494,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8557665348052979},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.6889227628707886},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.5588313937187195},{"id":"https://openalex.org/keywords/flooding","display_name":"Flooding (psychology)","score":0.5539238452911377},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.5373128652572632},{"id":"https://openalex.org/keywords/domain","display_name":"Domain (mathematical analysis)","score":0.49309203028678894},{"id":"https://openalex.org/keywords/host","display_name":"Host (biology)","score":0.47490227222442627},{"id":"https://openalex.org/keywords/similarity","display_name":"Similarity (geometry)","score":0.4690582752227783},{"id":"https://openalex.org/keywords/attack-patterns","display_name":"Attack patterns","score":0.41708460450172424},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.4093397855758667},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.33027034997940063},{"id":"https://openalex.org/keywords/image","display_name":"Image (mathematics)","score":0.10692459344863892}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8557665348052979},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.6889227628707886},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.5588313937187195},{"id":"https://openalex.org/C186594467","wikidata":"https://www.wikidata.org/wiki/Q1429176","display_name":"Flooding (psychology)","level":2,"score":0.5539238452911377},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.5373128652572632},{"id":"https://openalex.org/C36503486","wikidata":"https://www.wikidata.org/wiki/Q11235244","display_name":"Domain (mathematical analysis)","level":2,"score":0.49309203028678894},{"id":"https://openalex.org/C126831891","wikidata":"https://www.wikidata.org/wiki/Q221673","display_name":"Host (biology)","level":2,"score":0.47490227222442627},{"id":"https://openalex.org/C103278499","wikidata":"https://www.wikidata.org/wiki/Q254465","display_name":"Similarity (geometry)","level":3,"score":0.4690582752227783},{"id":"https://openalex.org/C2780741293","wikidata":"https://www.wikidata.org/wiki/Q4818019","display_name":"Attack patterns","level":3,"score":0.41708460450172424},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.4093397855758667},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.33027034997940063},{"id":"https://openalex.org/C115961682","wikidata":"https://www.wikidata.org/wiki/Q860623","display_name":"Image (mathematics)","level":2,"score":0.10692459344863892},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C542102704","wikidata":"https://www.wikidata.org/wiki/Q183257","display_name":"Psychotherapist","level":1,"score":0.0},{"id":"https://openalex.org/C134306372","wikidata":"https://www.wikidata.org/wiki/Q7754","display_name":"Mathematical analysis","level":1,"score":0.0},{"id":"https://openalex.org/C18903297","wikidata":"https://www.wikidata.org/wiki/Q7150","display_name":"Ecology","level":1,"score":0.0},{"id":"https://openalex.org/C15744967","wikidata":"https://www.wikidata.org/wiki/Q9418","display_name":"Psychology","level":0,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3510581","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3510581","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3510581","source":{"id":"https://openalex.org/S4210174050","display_name":"ACM Transactions on Privacy and Security","issn_l":"2471-2566","issn":["2471-2566","2471-2574"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Privacy and Security","raw_type":"journal-article"}],"best_oa_location":{"id":"doi:10.1145/3510581","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3510581","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3510581","source":{"id":"https://openalex.org/S4210174050","display_name":"ACM Transactions on Privacy and Security","issn_l":"2471-2566","issn":["2471-2566","2471-2574"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Privacy and Security","raw_type":"journal-article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/9","display_name":"Industry, innovation and infrastructure","score":0.6000000238418579}],"awards":[{"id":"https://openalex.org/G5190488160","display_name":null,"funder_award_id":"833456","funder_id":"https://openalex.org/F4320332999","funder_display_name":"Horizon 2020 Framework Programme"},{"id":"https://openalex.org/G7331901853","display_name":null,"funder_award_id":"EU H2020","funder_id":"https://openalex.org/F4320332999","funder_display_name":"Horizon 2020 Framework Programme"}],"funders":[{"id":"https://openalex.org/F4320332999","display_name":"Horizon 2020 Framework Programme","ror":"https://ror.org/00k4n6c32"}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4220983750.pdf","grobid_xml":"https://content.openalex.org/works/W4220983750.grobid-xml"},"referenced_works_count":38,"referenced_works":["https://openalex.org/W351141490","https://openalex.org/W1963543573","https://openalex.org/W1987553702","https://openalex.org/W2001496424","https://openalex.org/W2004731826","https://openalex.org/W2046304221","https://openalex.org/W2073104631","https://openalex.org/W2090638693","https://openalex.org/W2095438446","https://openalex.org/W2099836119","https://openalex.org/W2108867737","https://openalex.org/W2113777721","https://openalex.org/W2128064123","https://openalex.org/W2128116119","https://openalex.org/W2129391529","https://openalex.org/W2141200504","https://openalex.org/W2152449272","https://openalex.org/W2161830378","https://openalex.org/W2163277533","https://openalex.org/W2172122080","https://openalex.org/W2319824271","https://openalex.org/W2398830079","https://openalex.org/W2479531384","https://openalex.org/W2518081282","https://openalex.org/W2559137209","https://openalex.org/W2560810941","https://openalex.org/W2588942002","https://openalex.org/W2594016977","https://openalex.org/W2772704452","https://openalex.org/W2792581684","https://openalex.org/W2907851756","https://openalex.org/W2946170942","https://openalex.org/W2968342184","https://openalex.org/W3008445684","https://openalex.org/W3011139431","https://openalex.org/W3102029110","https://openalex.org/W3102653287","https://openalex.org/W4246495001"],"related_works":["https://openalex.org/W2039543756","https://openalex.org/W2357468538","https://openalex.org/W1577110157","https://openalex.org/W2386325437","https://openalex.org/W2353043494","https://openalex.org/W2355007334","https://openalex.org/W2390009783","https://openalex.org/W2168341697","https://openalex.org/W4366978761","https://openalex.org/W1983685006"],"abstract_inverted_index":{"Intrusion":[0],"Detection":[1],"Systems":[2],"(IDS)":[3],"secure":[4],"all":[5],"kinds":[6],"of":[7,13,24,71,128,136,146,150,172],"IT":[8],"infrastructures":[9],"through":[10],"automatic":[11],"detection":[12],"malicious":[14],"activities.":[15],"Unfortunately,":[16],"they":[17],"are":[18],"known":[19],"to":[20,165],"produce":[21],"large":[22],"numbers":[23],"alerts":[25,77,110],"that":[26,63,83,132,141],"often":[27],"become":[28],"overwhelming":[29],"for":[30,39,76,107,125,153],"manual":[31],"analysis.":[32],"Therefore,":[33],"aggregation":[34,73,98],"methods":[35,74],"have":[36],"been":[37],"developed":[38],"filtering,":[40],"grouping,":[41],"and":[42,104,111,118,161,176],"correlating":[43],"alerts.":[44,138],"However,":[45],"existing":[46,72],"techniques":[47,119],"either":[48],"rely":[49],"on":[50,115],"manually":[51],"defined":[52],"attack":[53,163],"scenarios":[54],"or":[55,80],"require":[56],"specific":[57],"alert":[58,97,112,130,151],"formats,":[59],"such":[60,86],"as":[61],"IDMEF":[62],"include":[64],"IP":[65],"addresses.":[66],"This":[67],"makes":[68],"the":[69,126,148,166],"application":[70],"infeasible":[75],"from":[78],"host-based":[79],"anomaly-based":[81],"IDSs":[82],"frequently":[84],"lack":[85],"network-related":[87],"data.":[88],"In":[89],"this":[90],"paper,":[91],"we":[92,120],"therefore":[93],"present":[94],"a":[95],"domain-independent":[96],"technique.":[99],"We":[100],"introduce":[101],"similarity":[102],"measures":[103],"merging":[105],"strategies":[106],"arbitrary":[108],"semi-structured":[109],"groups.":[113],"Based":[114],"these":[116],"metrics":[117],"propose":[121],"an":[122],"incremental":[123],"procedure":[124],"generation":[127],"abstract":[129],"patterns":[131],"enable":[133],"continuous":[134],"classification":[135],"incoming":[137],"Evaluations":[139],"show":[140],"our":[142],"approach":[143],"is":[144],"capable":[145],"reducing":[147],"number":[149],"groups":[152,167],"human":[154],"review":[155],"by":[156],"around":[157],"\\(":[158,173,182],"80\\%":[159,174],"\\)":[160,175,184],"assigning":[162],"classifiers":[164],"with":[168],"true":[169],"positive":[170,178],"rates":[171,179],"false":[177],"lower":[180],"than":[181],"5\\%":[183],".":[185]},"counts_by_year":[{"year":2026,"cited_by_count":3},{"year":2025,"cited_by_count":7},{"year":2024,"cited_by_count":10},{"year":2023,"cited_by_count":7},{"year":2022,"cited_by_count":6}],"updated_date":"2026-04-10T15:06:20.359241","created_date":"2025-10-10T00:00:00"}