{"id":"https://openalex.org/W4401359853","doi":"https://doi.org/10.1145/3675741.3675748","title":"Introducing a New Alert Data Set for Multi-Step Attack Analysis","display_name":"Introducing a New Alert Data Set for Multi-Step Attack Analysis","publication_year":2024,"publication_date":"2024-08-06","ids":{"openalex":"https://openalex.org/W4401359853","doi":"https://doi.org/10.1145/3675741.3675748"},"language":"en","primary_location":{"id":"doi:10.1145/3675741.3675748","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3675741.3675748","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 17th Cyber Security Experimentation and Test Workshop","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.1145/3675741.3675748","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5072210863","display_name":"Max Landauer","orcid":"https://orcid.org/0000-0003-3813-3151"},"institutions":[{"id":"https://openalex.org/I132118926","display_name":"Austrian Institute of Technology","ror":"https://ror.org/04knbh022","country_code":"AT","type":"facility","lineage":["https://openalex.org/I132118926"]}],"countries":["AT"],"is_corresponding":true,"raw_author_name":"Max Landauer","raw_affiliation_strings":["AIT Austrian Institute of Technology, Austria"],"raw_orcid":"https://orcid.org/0000-0003-3813-3151","affiliations":[{"raw_affiliation_string":"AIT Austrian Institute of Technology, Austria","institution_ids":["https://openalex.org/I132118926"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5088439816","display_name":"Florian Skopik","orcid":"https://orcid.org/0000-0002-1922-7892"},"institutions":[{"id":"https://openalex.org/I132118926","display_name":"Austrian Institute of Technology","ror":"https://ror.org/04knbh022","country_code":"AT","type":"facility","lineage":["https://openalex.org/I132118926"]}],"countries":["AT"],"is_corresponding":false,"raw_author_name":"Florian Skopik","raw_affiliation_strings":["AIT Austrian Institute of Technology, Austria"],"raw_orcid":"https://orcid.org/0000-0002-1922-7892","affiliations":[{"raw_affiliation_string":"AIT Austrian Institute of Technology, Austria","institution_ids":["https://openalex.org/I132118926"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5029942543","display_name":"Markus Wurzenberger","orcid":"https://orcid.org/0000-0003-3259-6972"},"institutions":[{"id":"https://openalex.org/I132118926","display_name":"Austrian Institute of Technology","ror":"https://ror.org/04knbh022","country_code":"AT","type":"facility","lineage":["https://openalex.org/I132118926"]}],"countries":["AT"],"is_corresponding":false,"raw_author_name":"Markus Wurzenberger","raw_affiliation_strings":["AIT Austrian Institute of Technology, Austria"],"raw_orcid":"https://orcid.org/0000-0003-3259-6972","affiliations":[{"raw_affiliation_string":"AIT Austrian Institute of Technology, Austria","institution_ids":["https://openalex.org/I132118926"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5072210863"],"corresponding_institution_ids":["https://openalex.org/I132118926"],"apc_list":null,"apc_paid":null,"fwci":4.0368,"has_fulltext":false,"cited_by_count":12,"citation_normalized_percentile":{"value":0.9440155,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":94,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"41","last_page":"53"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9972000122070312,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7463324069976807},{"id":"https://openalex.org/keywords/set","display_name":"Set (abstract data type)","score":0.5200259685516357},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.35371875762939453},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.09106960892677307}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7463324069976807},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.5200259685516357},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.35371875762939453},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.09106960892677307}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3675741.3675748","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3675741.3675748","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 17th Cyber Security Experimentation and Test Workshop","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3675741.3675748","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3675741.3675748","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 17th Cyber Security Experimentation and Test Workshop","raw_type":"proceedings-article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/13","display_name":"Climate action","score":0.5199999809265137}],"awards":[{"id":"https://openalex.org/G3877967289","display_name":null,"funder_award_id":"101121403","funder_id":"https://openalex.org/F4320318377","funder_display_name":"European Defence Fund"},{"id":"https://openalex.org/G7708131309","display_name":null,"funder_award_id":"101103385","funder_id":"https://openalex.org/F4320318377","funder_display_name":"European Defence Fund"}],"funders":[{"id":"https://openalex.org/F4320318377","display_name":"European Defence Fund","ror":null}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":23,"referenced_works":["https://openalex.org/W1738203895","https://openalex.org/W2031163547","https://openalex.org/W2077137143","https://openalex.org/W2152449272","https://openalex.org/W2404532944","https://openalex.org/W2789828921","https://openalex.org/W2792581684","https://openalex.org/W2892859754","https://openalex.org/W2907851756","https://openalex.org/W2914028805","https://openalex.org/W2958285686","https://openalex.org/W3010216764","https://openalex.org/W3098102491","https://openalex.org/W3098108741","https://openalex.org/W3102029110","https://openalex.org/W3128456605","https://openalex.org/W3133138345","https://openalex.org/W3201894803","https://openalex.org/W4220983750","https://openalex.org/W4225596160","https://openalex.org/W4225608293","https://openalex.org/W4293057307","https://openalex.org/W4304147676"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2899084033","https://openalex.org/W2748952813","https://openalex.org/W2390279801","https://openalex.org/W4391913857","https://openalex.org/W2358668433","https://openalex.org/W4396701345","https://openalex.org/W2376932109","https://openalex.org/W2001405890","https://openalex.org/W4396696052"],"abstract_inverted_index":{"Intrusion":[0],"detection":[1],"systems":[2],"(IDS)":[3],"reinforce":[4],"cyber":[5],"defense":[6],"by":[7],"autonomously":[8],"monitoring":[9,153],"various":[10],"data":[11,94,112,122,136,145,174],"sources":[12],"for":[13,22,78,104,181],"traces":[14],"of":[15,89,127,156,164,172],"attacks.":[16],"However,":[17],"IDSs":[18,152],"are":[19,30,96,114],"also":[20],"infamous":[21],"frequently":[23],"raising":[24],"false":[25],"positives":[26],"and":[27,56,64,81],"alerts":[28,63,148],"that":[29,124,138],"difficult":[31],"to":[32,46,54,120],"interpret":[33],"without":[34],"context.":[35],"This":[36],"results":[37],"in":[38],"high":[39],"workloads":[40],"on":[41,72],"security":[42],"operators":[43],"who":[44],"need":[45],"manually":[47],"verify":[48],"all":[49],"reported":[50],"alerts,":[51,84],"often":[52,118],"leading":[53],"fatigue":[55],"incorrect":[57],"decisions.":[58],"To":[59,168],"generate":[60],"more":[61],"meaningful":[62],"alleviate":[65],"these":[66],"issues,":[67],"the":[68,170],"research":[69],"domain":[70],"focused":[71],"multi-step":[73,158],"attack":[74,90,159,182],"analysis":[75],"proposes":[76],"approaches":[77],"filtering,":[79],"clustering,":[80],"correlating":[82],"IDS":[83,105],"as":[85,87,160,162],"well":[86,161],"generation":[88],"graphs.":[91],"Unfortunately,":[92],"existing":[93],"sets":[95,113,123],"outdated,":[97],"unreliable,":[98],"narrowly":[99],"focused,":[100],"or":[101],"only":[102],"suitable":[103,110],"evaluation.":[106],"Since":[107],"hardly":[108],"any":[109],"benchmark":[111],"publicly":[115],"available,":[116],"researchers":[117],"resort":[119],"private":[121],"prevent":[125],"reproducibility":[126],"evaluations.":[128],"We":[129],"thus":[130],"propose":[131],"AIT-ADS,":[132],"a":[133,157],"new":[134],"alert":[135],"set":[137,146],"we":[139,176],"publish":[140],"alongside":[141],"this":[142],"paper.":[143],"The":[144],"contains":[147],"from":[149],"three":[150],"distinct":[151],"eight":[154],"executions":[155],"simulations":[163],"normal":[165],"user":[166],"behavior.":[167],"illustrate":[169],"potential":[171],"our":[173],"set,":[175],"experiment":[177],"with":[178],"open-source":[179],"tools":[180],"graph":[183],"extraction.":[184]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":9},{"year":2024,"cited_by_count":2}],"updated_date":"2025-12-21T01:58:51.020947","created_date":"2025-10-10T00:00:00"}