{"id":"https://openalex.org/W2972913341","doi":"https://doi.org/10.3390/jsan8030046","title":"OSSEC IDS Extension to Improve Log Analysis and Override False Positive or Negative Detections","display_name":"OSSEC IDS Extension to Improve Log Analysis and Override False Positive or Negative Detections","publication_year":2019,"publication_date":"2019-09-13","ids":{"openalex":"https://openalex.org/W2972913341","doi":"https://doi.org/10.3390/jsan8030046","mag":"2972913341"},"language":"en","primary_location":{"id":"doi:10.3390/jsan8030046","is_oa":true,"landing_page_url":"https://doi.org/10.3390/jsan8030046","pdf_url":"https://www.mdpi.com/2224-2708/8/3/46/pdf?version=1568358883","source":{"id":"https://openalex.org/S2736633529","display_name":"Journal of Sensor and Actuator Networks","issn_l":"2224-2708","issn":["2224-2708"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Sensor and Actuator Networks","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://www.mdpi.com/2224-2708/8/3/46/pdf?version=1568358883","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5086268500","display_name":"Diogo Teixeira","orcid":"https://orcid.org/0000-0002-9487-8572"},"institutions":[{"id":"https://openalex.org/I192341844","display_name":"Polytechnic Institute of Viana do Castelo","ror":"https://ror.org/03w6kry90","country_code":"PT","type":"education","lineage":["https://openalex.org/I192341844"]}],"countries":["PT"],"is_corresponding":false,"raw_author_name":"Diogo Teixeira","raw_affiliation_strings":["Instituto Polit\u00e9cnico de Viana do Castelo, 4900-347 Viana do Castelo, Portugal"],"raw_orcid":"https://orcid.org/0000-0002-9487-8572","affiliations":[{"raw_affiliation_string":"Instituto Polit\u00e9cnico de Viana do Castelo, 4900-347 Viana do Castelo, Portugal","institution_ids":["https://openalex.org/I192341844"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5028878581","display_name":"Leonardo Assun\u00e7\u00e3o","orcid":"https://orcid.org/0000-0002-5490-9098"},"institutions":[{"id":"https://openalex.org/I192341844","display_name":"Polytechnic Institute of Viana do Castelo","ror":"https://ror.org/03w6kry90","country_code":"PT","type":"education","lineage":["https://openalex.org/I192341844"]}],"countries":["PT"],"is_corresponding":false,"raw_author_name":"Leonardo Assun\u00e7\u00e3o","raw_affiliation_strings":["Instituto Polit\u00e9cnico de Viana do Castelo, 4900-347 Viana do Castelo, Portugal"],"raw_orcid":"https://orcid.org/0000-0002-5490-9098","affiliations":[{"raw_affiliation_string":"Instituto Polit\u00e9cnico de Viana do Castelo, 4900-347 Viana do Castelo, Portugal","institution_ids":["https://openalex.org/I192341844"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5047438044","display_name":"Teresa Pereira","orcid":"https://orcid.org/0000-0002-5845-4086"},"institutions":[{"id":"https://openalex.org/I192341844","display_name":"Polytechnic Institute of Viana do Castelo","ror":"https://ror.org/03w6kry90","country_code":"PT","type":"education","lineage":["https://openalex.org/I192341844"]},{"id":"https://openalex.org/I99682543","display_name":"University of Minho","ror":"https://ror.org/037wpkx04","country_code":"PT","type":"education","lineage":["https://openalex.org/I99682543"]}],"countries":["PT"],"is_corresponding":false,"raw_author_name":"Teresa Pereira","raw_affiliation_strings":["Instituto Polit\u00e9cnico de Viana do Castelo, 4900-347 Viana do Castelo and Centro Algoritmi, Universidade do Minho, 4800-058 Guimar\u00e3es, Portugal"],"raw_orcid":"https://orcid.org/0000-0002-5845-4086","affiliations":[{"raw_affiliation_string":"Instituto Polit\u00e9cnico de Viana do Castelo, 4900-347 Viana do Castelo and Centro Algoritmi, Universidade do Minho, 4800-058 Guimar\u00e3es, Portugal","institution_ids":["https://openalex.org/I192341844","https://openalex.org/I99682543"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5078162941","display_name":"Silvestre Malta","orcid":"https://orcid.org/0000-0002-5274-3733"},"institutions":[{"id":"https://openalex.org/I192341844","display_name":"Polytechnic Institute of Viana do Castelo","ror":"https://ror.org/03w6kry90","country_code":"PT","type":"education","lineage":["https://openalex.org/I192341844"]},{"id":"https://openalex.org/I6289922","display_name":"Universidade de Vigo","ror":"https://ror.org/05rdf8595","country_code":"ES","type":"education","lineage":["https://openalex.org/I6289922"]}],"countries":["ES","PT"],"is_corresponding":false,"raw_author_name":"Silvestre Malta","raw_affiliation_strings":["Instituto Polit\u00e9cnico de Viana do Castelo, 4900-347 Viana do Castelo, Portugal and atlanTTic, Universidade de Vigo, E36310 Vigo, Spain"],"raw_orcid":"https://orcid.org/0000-0002-5274-3733","affiliations":[{"raw_affiliation_string":"Instituto Polit\u00e9cnico de Viana do Castelo, 4900-347 Viana do Castelo, Portugal and atlanTTic, Universidade de Vigo, E36310 Vigo, Spain","institution_ids":["https://openalex.org/I192341844","https://openalex.org/I6289922"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5083326114","display_name":"Pedro Pinto","orcid":"https://orcid.org/0000-0003-1856-6101"},"institutions":[{"id":"https://openalex.org/I192341844","display_name":"Polytechnic Institute of Viana do Castelo","ror":"https://ror.org/03w6kry90","country_code":"PT","type":"education","lineage":["https://openalex.org/I192341844"]},{"id":"https://openalex.org/I4210166615","display_name":"INESC TEC","ror":"https://ror.org/05fa8ka61","country_code":"PT","type":"nonprofit","lineage":["https://openalex.org/I4210125590","https://openalex.org/I4210166615"]}],"countries":["PT"],"is_corresponding":true,"raw_author_name":"Pedro Pinto","raw_affiliation_strings":["Instituto Polit\u00e9cnico de Viana do Castelo, 4900-347 Viana do Castelo, ISMAI, and INESC TEC, 4200-465 Porto, Portugal"],"raw_orcid":"https://orcid.org/0000-0003-1856-6101","affiliations":[{"raw_affiliation_string":"Instituto Polit\u00e9cnico de Viana do Castelo, 4900-347 Viana do Castelo, ISMAI, and INESC TEC, 4200-465 Porto, Portugal","institution_ids":["https://openalex.org/I192341844","https://openalex.org/I4210166615"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5083326114"],"corresponding_institution_ids":["https://openalex.org/I192341844","https://openalex.org/I4210166615"],"apc_list":{"value":1600,"currency":"CHF","value_usd":1732},"apc_paid":{"value":1600,"currency":"CHF","value_usd":1732},"fwci":1.3007,"has_fulltext":false,"cited_by_count":16,"citation_normalized_percentile":{"value":0.82600495,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":98},"biblio":{"volume":"8","issue":"3","first_page":"46","last_page":"46"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9990000128746033,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9988999962806702,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.853650689125061},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.6571807861328125},{"id":"https://openalex.org/keywords/blocking","display_name":"Blocking (statistics)","score":0.612022340297699},{"id":"https://openalex.org/keywords/set","display_name":"Set (abstract data type)","score":0.5821326971054077},{"id":"https://openalex.org/keywords/block","display_name":"Block (permutation group theory)","score":0.5485837459564209},{"id":"https://openalex.org/keywords/event","display_name":"Event (particle physics)","score":0.5442233085632324},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5128441452980042},{"id":"https://openalex.org/keywords/extension","display_name":"Extension (predicate logic)","score":0.4678422212600708},{"id":"https://openalex.org/keywords/host","display_name":"Host (biology)","score":0.44485563039779663},{"id":"https://openalex.org/keywords/system-administrator","display_name":"System administrator","score":0.43216216564178467},{"id":"https://openalex.org/keywords/action","display_name":"Action (physics)","score":0.4237283766269684},{"id":"https://openalex.org/keywords/intrusion","display_name":"Intrusion","score":0.41758063435554504},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.33818021416664124},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.22113066911697388}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.853650689125061},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.6571807861328125},{"id":"https://openalex.org/C144745244","wikidata":"https://www.wikidata.org/wiki/Q4927286","display_name":"Blocking (statistics)","level":2,"score":0.612022340297699},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.5821326971054077},{"id":"https://openalex.org/C2777210771","wikidata":"https://www.wikidata.org/wiki/Q4927124","display_name":"Block (permutation group theory)","level":2,"score":0.5485837459564209},{"id":"https://openalex.org/C2779662365","wikidata":"https://www.wikidata.org/wiki/Q5416694","display_name":"Event (particle physics)","level":2,"score":0.5442233085632324},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5128441452980042},{"id":"https://openalex.org/C2778029271","wikidata":"https://www.wikidata.org/wiki/Q5421931","display_name":"Extension (predicate logic)","level":2,"score":0.4678422212600708},{"id":"https://openalex.org/C126831891","wikidata":"https://www.wikidata.org/wiki/Q221673","display_name":"Host (biology)","level":2,"score":0.44485563039779663},{"id":"https://openalex.org/C2780814629","wikidata":"https://www.wikidata.org/wiki/Q327353","display_name":"System administrator","level":2,"score":0.43216216564178467},{"id":"https://openalex.org/C2780791683","wikidata":"https://www.wikidata.org/wiki/Q846785","display_name":"Action (physics)","level":2,"score":0.4237283766269684},{"id":"https://openalex.org/C158251709","wikidata":"https://www.wikidata.org/wiki/Q354025","display_name":"Intrusion","level":2,"score":0.41758063435554504},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.33818021416664124},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.22113066911697388},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C127313418","wikidata":"https://www.wikidata.org/wiki/Q1069","display_name":"Geology","level":0,"score":0.0},{"id":"https://openalex.org/C2524010","wikidata":"https://www.wikidata.org/wiki/Q8087","display_name":"Geometry","level":1,"score":0.0},{"id":"https://openalex.org/C62520636","wikidata":"https://www.wikidata.org/wiki/Q944","display_name":"Quantum mechanics","level":1,"score":0.0},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0},{"id":"https://openalex.org/C17409809","wikidata":"https://www.wikidata.org/wiki/Q161764","display_name":"Geochemistry","level":1,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0},{"id":"https://openalex.org/C18903297","wikidata":"https://www.wikidata.org/wiki/Q7150","display_name":"Ecology","level":1,"score":0.0}],"mesh":[],"locations_count":4,"locations":[{"id":"doi:10.3390/jsan8030046","is_oa":true,"landing_page_url":"https://doi.org/10.3390/jsan8030046","pdf_url":"https://www.mdpi.com/2224-2708/8/3/46/pdf?version=1568358883","source":{"id":"https://openalex.org/S2736633529","display_name":"Journal of Sensor and Actuator Networks","issn_l":"2224-2708","issn":["2224-2708"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Sensor and Actuator Networks","raw_type":"journal-article"},{"id":"pmh:oai:doaj.org/article:ce87c8fa7d64455f8d44e9458574720a","is_oa":false,"landing_page_url":"https://doaj.org/article/ce87c8fa7d64455f8d44e9458574720a","pdf_url":null,"source":{"id":"https://openalex.org/S4306401280","display_name":"DOAJ (DOAJ: Directory of Open Access Journals)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Journal of Sensor and Actuator Networks, Vol 8, Iss 3, p 46 (2019)","raw_type":"article"},{"id":"pmh:oai:mdpi.com:/2224-2708/8/3/46/","is_oa":true,"landing_page_url":"http://dx.doi.org/10.3390/jsan8030046","pdf_url":null,"source":{"id":"https://openalex.org/S4306400947","display_name":"MDPI (MDPI AG)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I4210097602","host_organization_name":"Multidisciplinary Digital Publishing Institute (Switzerland)","host_organization_lineage":["https://openalex.org/I4210097602"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Journal of Sensor and Actuator Networks","raw_type":"Text"},{"id":"pmh:oai:repositorium.sdum.uminho.pt:1822/89777","is_oa":true,"landing_page_url":"https://hdl.handle.net/1822/89777","pdf_url":null,"source":{"id":"https://openalex.org/S4306400354","display_name":"Reposit\u00f3riUM (Universidade do Minho)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I99682543","host_organization_name":"University of Minho","host_organization_lineage":["https://openalex.org/I99682543"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"journal article"}],"best_oa_location":{"id":"doi:10.3390/jsan8030046","is_oa":true,"landing_page_url":"https://doi.org/10.3390/jsan8030046","pdf_url":"https://www.mdpi.com/2224-2708/8/3/46/pdf?version=1568358883","source":{"id":"https://openalex.org/S2736633529","display_name":"Journal of Sensor and Actuator Networks","issn_l":"2224-2708","issn":["2224-2708"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Sensor and Actuator Networks","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":9,"referenced_works":["https://openalex.org/W1505844724","https://openalex.org/W1665205069","https://openalex.org/W1972208906","https://openalex.org/W1990089904","https://openalex.org/W1996575854","https://openalex.org/W2118516194","https://openalex.org/W2766293960","https://openalex.org/W2901660366","https://openalex.org/W6678003282"],"related_works":["https://openalex.org/W2392835431","https://openalex.org/W2075768550","https://openalex.org/W1965371215","https://openalex.org/W2126932387","https://openalex.org/W3022218857","https://openalex.org/W1842396145","https://openalex.org/W2353762239","https://openalex.org/W1981261802","https://openalex.org/W2133389611","https://openalex.org/W3128428864"],"abstract_inverted_index":{"Intrusion":[0,32],"Detection":[1,33],"Systems":[2],"(IDS)":[3],"are":[4,17,74],"used":[5],"to":[6,51,81,101,136,141,160,166,206,236,247],"prevent":[7],"attacks":[8],"by":[9,133,153,214,240],"detecting":[10],"potential":[11,146],"harmful":[12,147],"intrusion":[13],"attempts.":[14],"Currently,":[15],"there":[16],"a":[18,52,69,85,187,222],"set":[19],"of":[20,43,108,199,250],"available":[21],"Open":[22,29],"Source":[23,30],"IDS":[24],"with":[25],"different":[26],"characteristics.":[27],"The":[28,243],"Host-based":[31],"System":[34],"(OSSEC)":[35],"supports":[36],"multiple":[37],"features":[38],"and":[39,47,56,104,123,180,217,225,252],"its":[40],"implementation":[41],"consists":[42],"Agents":[44,78],"that":[45,54,208],"collect":[46],"send":[48],"event":[49,111],"logs":[50,220],"Manager":[53],"analyzes":[55],"tests":[57],"them":[58],"against":[59],"specific":[60,70],"rules.":[61],"In":[62,113],"the":[63,77,95,109,210],"Manager,":[64],"if":[65],"certain":[66],"events":[67],"match":[68],"rule,":[71],"predefined":[72],"actions":[73,169,238],"triggered":[75,125,239],"in":[76,139,158,174,221,234],"such":[79],"as":[80],"block":[82],"or":[83,120,145,197,230],"unblock":[84],"particular":[86],"IP":[87,131,148,232],"address.":[88],"However,":[89],"once":[90],"an":[91,204],"action":[92],"is":[93,98],"triggered,":[94],"systems":[96],"administrator":[97,211],"not":[99,150],"able":[100],"centrally":[102],"check":[103],"obtain":[105],"detailed":[106],"information":[107],"past":[110],"logs.":[112],"addition,":[114],"OSSEC":[115,134,154,168,193,207,260],"may":[116],"assume":[117],"false":[118,241],"positive":[119],"negative":[121],"detections":[122],"their":[124],"actions:":[126],"previously":[127,151],"harmless":[128],"but":[129],"blocked":[130,152,157],"addresses":[132,149,233],"have":[135,186],"be":[137,156,171],"unblocked":[138],"order":[140,159,235],"reestablish":[142],"normal":[143],"operation":[144],"should":[155],"increase":[161,248],"protection":[162],"levels.":[163],"These":[164],"operations":[165],"override":[167,237],"must":[170],"manually":[172],"performed":[173],"every":[175],"Agent,":[176],"thus":[177],"requiring":[178],"time":[179,251],"human":[181,253],"resources.":[182],"Both":[183],"these":[184],"limitations":[185],"higher":[188],"impact":[189],"on":[190],"large":[191,258],"scale":[192,259],"deployments":[194],"assuming":[195],"tens":[196],"hundreds":[198],"Agents.":[200],"This":[201],"paper":[202],"proposes":[203],"extension":[205,245],"improves":[209],"analysis":[212],"capability":[213],"maintaining,":[215],"organizing":[216],"presenting":[218],"Agent":[219],"central":[223],"point,":[224],"it":[226],"allows":[227],"for":[228],"blocking":[229],"unblocking":[231],"detections.":[242],"proposed":[244],"aims":[246],"efficiency":[249],"resources":[254],"management,":[255],"mainly":[256],"considering":[257],"deployments.":[261]},"counts_by_year":[{"year":2024,"cited_by_count":5},{"year":2023,"cited_by_count":4},{"year":2022,"cited_by_count":6},{"year":2020,"cited_by_count":1}],"updated_date":"2026-05-21T09:19:25.381259","created_date":"2025-10-10T00:00:00"}