{"id":"https://openalex.org/W4282563637","doi":"https://doi.org/10.3390/s22124417","title":"Frequency-Based Representation of Massive Alerts and Combination of Indicators by Heterogeneous Intrusion Detection Systems for Anomaly Detection","display_name":"Frequency-Based Representation of Massive Alerts and Combination of Indicators by Heterogeneous Intrusion Detection Systems for Anomaly Detection","publication_year":2022,"publication_date":"2022-06-10","ids":{"openalex":"https://openalex.org/W4282563637","doi":"https://doi.org/10.3390/s22124417","pmid":"https://pubmed.ncbi.nlm.nih.gov/35746198"},"language":"en","primary_location":{"id":"doi:10.3390/s22124417","is_oa":true,"landing_page_url":"https://doi.org/10.3390/s22124417","pdf_url":"https://www.mdpi.com/1424-8220/22/12/4417/pdf?version=1655126811","source":{"id":"https://openalex.org/S101949793","display_name":"Sensors","issn_l":"1424-8220","issn":["1424-8220"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Sensors","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj","pubmed"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://www.mdpi.com/1424-8220/22/12/4417/pdf?version=1655126811","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5101901332","display_name":"Hyunjae Park","orcid":"https://orcid.org/0009-0009-5931-2328"},"institutions":[{"id":"https://openalex.org/I57664883","display_name":"Ajou University","ror":"https://ror.org/03tzb2h73","country_code":"KR","type":"education","lineage":["https://openalex.org/I57664883"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Hyunjae Park","raw_affiliation_strings":["Department of Computer Engineering, Ajou University, Suwon 16499, Korea"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Computer Engineering, Ajou University, Suwon 16499, Korea","institution_ids":["https://openalex.org/I57664883"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5050640061","display_name":"Young\u2010June Choi","orcid":"https://orcid.org/0000-0003-2240-0892"},"institutions":[{"id":"https://openalex.org/I57664883","display_name":"Ajou University","ror":"https://ror.org/03tzb2h73","country_code":"KR","type":"education","lineage":["https://openalex.org/I57664883"]}],"countries":["KR"],"is_corresponding":true,"raw_author_name":"Young-June Choi","raw_affiliation_strings":["Department of Artificial Intelligence, Ajou University, Suwon 16499, Korea"],"raw_orcid":"https://orcid.org/0000-0003-2240-0892","affiliations":[{"raw_affiliation_string":"Department of Artificial Intelligence, Ajou University, Suwon 16499, Korea","institution_ids":["https://openalex.org/I57664883"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5050640061"],"corresponding_institution_ids":["https://openalex.org/I57664883"],"apc_list":{"value":2400,"currency":"CHF","value_usd":2598},"apc_paid":{"value":2400,"currency":"CHF","value_usd":2598},"fwci":0.4279,"has_fulltext":true,"cited_by_count":3,"citation_normalized_percentile":{"value":0.62656736,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":91,"max":96},"biblio":{"volume":"22","issue":"12","first_page":"4417","last_page":"4417"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9976999759674072,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8017200231552124},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.6918630599975586},{"id":"https://openalex.org/keywords/situation-awareness","display_name":"Situation awareness","score":0.6720706820487976},{"id":"https://openalex.org/keywords/categorical-variable","display_name":"Categorical variable","score":0.6641849279403687},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.6373711824417114},{"id":"https://openalex.org/keywords/testbed","display_name":"Testbed","score":0.5676524639129639},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.5598294734954834},{"id":"https://openalex.org/keywords/situation-analysis","display_name":"Situation analysis","score":0.5451741218566895},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.509185254573822},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.5043033361434937},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.437531977891922},{"id":"https://openalex.org/keywords/attack-patterns","display_name":"Attack patterns","score":0.42576587200164795},{"id":"https://openalex.org/keywords/focus","display_name":"Focus (optics)","score":0.41966724395751953},{"id":"https://openalex.org/keywords/representation","display_name":"Representation (politics)","score":0.41214078664779663},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.30776646733283997},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.10235849022865295}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8017200231552124},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.6918630599975586},{"id":"https://openalex.org/C145804949","wikidata":"https://www.wikidata.org/wiki/Q478123","display_name":"Situation awareness","level":2,"score":0.6720706820487976},{"id":"https://openalex.org/C5274069","wikidata":"https://www.wikidata.org/wiki/Q2285707","display_name":"Categorical variable","level":2,"score":0.6641849279403687},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.6373711824417114},{"id":"https://openalex.org/C31395832","wikidata":"https://www.wikidata.org/wiki/Q1318674","display_name":"Testbed","level":2,"score":0.5676524639129639},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.5598294734954834},{"id":"https://openalex.org/C14911803","wikidata":"https://www.wikidata.org/wiki/Q7532148","display_name":"Situation analysis","level":2,"score":0.5451741218566895},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.509185254573822},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.5043033361434937},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.437531977891922},{"id":"https://openalex.org/C2780741293","wikidata":"https://www.wikidata.org/wiki/Q4818019","display_name":"Attack patterns","level":3,"score":0.42576587200164795},{"id":"https://openalex.org/C192209626","wikidata":"https://www.wikidata.org/wiki/Q190909","display_name":"Focus (optics)","level":2,"score":0.41966724395751953},{"id":"https://openalex.org/C2776359362","wikidata":"https://www.wikidata.org/wiki/Q2145286","display_name":"Representation (politics)","level":3,"score":0.41214078664779663},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.30776646733283997},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.10235849022865295},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0},{"id":"https://openalex.org/C146978453","wikidata":"https://www.wikidata.org/wiki/Q3798668","display_name":"Aerospace engineering","level":1,"score":0.0},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0},{"id":"https://openalex.org/C162853370","wikidata":"https://www.wikidata.org/wiki/Q39809","display_name":"Marketing","level":1,"score":0.0},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.0},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.0},{"id":"https://openalex.org/C120665830","wikidata":"https://www.wikidata.org/wiki/Q14620","display_name":"Optics","level":1,"score":0.0},{"id":"https://openalex.org/C94625758","wikidata":"https://www.wikidata.org/wiki/Q7163","display_name":"Politics","level":2,"score":0.0}],"mesh":[{"descriptor_ui":"D000069550","descriptor_name":"Machine Learning","qualifier_ui":null,"qualifier_name":null,"is_major_topic":false},{"descriptor_ui":"D000069550","descriptor_name":"Machine Learning","qualifier_ui":null,"qualifier_name":null,"is_major_topic":false},{"descriptor_ui":"D000069550","descriptor_name":"Machine Learning","qualifier_ui":null,"qualifier_name":null,"is_major_topic":false},{"descriptor_ui":"D000465","descriptor_name":"Algorithms","qualifier_ui":null,"qualifier_name":null,"is_major_topic":true},{"descriptor_ui":"D000465","descriptor_name":"Algorithms","qualifier_ui":null,"qualifier_name":null,"is_major_topic":true},{"descriptor_ui":"D000465","descriptor_name":"Algorithms","qualifier_ui":null,"qualifier_name":null,"is_major_topic":true},{"descriptor_ui":"D016494","descriptor_name":"Computer Security","qualifier_ui":null,"qualifier_name":null,"is_major_topic":true},{"descriptor_ui":"D016494","descriptor_name":"Computer Security","qualifier_ui":null,"qualifier_name":null,"is_major_topic":true},{"descriptor_ui":"D016494","descriptor_name":"Computer Security","qualifier_ui":null,"qualifier_name":null,"is_major_topic":true}],"locations_count":5,"locations":[{"id":"doi:10.3390/s22124417","is_oa":true,"landing_page_url":"https://doi.org/10.3390/s22124417","pdf_url":"https://www.mdpi.com/1424-8220/22/12/4417/pdf?version=1655126811","source":{"id":"https://openalex.org/S101949793","display_name":"Sensors","issn_l":"1424-8220","issn":["1424-8220"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Sensors","raw_type":"journal-article"},{"id":"pmid:35746198","is_oa":false,"landing_page_url":"https://pubmed.ncbi.nlm.nih.gov/35746198","pdf_url":null,"source":{"id":"https://openalex.org/S4306525036","display_name":"PubMed","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I1299303238","host_organization_name":"National Institutes of Health","host_organization_lineage":["https://openalex.org/I1299303238"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Sensors (Basel, Switzerland)","raw_type":null},{"id":"pmh:oai:doaj.org/article:7e25655f64c341b990ed9b84f1235976","is_oa":true,"landing_page_url":"https://doaj.org/article/7e25655f64c341b990ed9b84f1235976","pdf_url":null,"source":{"id":"https://openalex.org/S4306401280","display_name":"DOAJ (DOAJ: Directory of Open Access Journals)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by-sa","license_id":"https://openalex.org/licenses/cc-by-sa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Sensors, Vol 22, Iss 12, p 4417 (2022)","raw_type":"article"},{"id":"pmh:oai:mdpi.com:/1424-8220/22/12/4417/","is_oa":true,"landing_page_url":"https://dx.doi.org/10.3390/s22124417","pdf_url":null,"source":{"id":"https://openalex.org/S4306400947","display_name":"MDPI (MDPI AG)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I4210097602","host_organization_name":"Multidisciplinary Digital Publishing Institute (Switzerland)","host_organization_lineage":["https://openalex.org/I4210097602"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Sensors; Volume 22; Issue 12; Pages: 4417","raw_type":"Text"},{"id":"pmh:oai:pubmedcentral.nih.gov:9227287","is_oa":true,"landing_page_url":"https://www.ncbi.nlm.nih.gov/pmc/articles/9227287","pdf_url":null,"source":{"id":"https://openalex.org/S2764455111","display_name":"PubMed Central","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I1299303238","host_organization_name":"National Institutes of Health","host_organization_lineage":["https://openalex.org/I1299303238"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Sensors (Basel)","raw_type":"Text"}],"best_oa_location":{"id":"doi:10.3390/s22124417","is_oa":true,"landing_page_url":"https://doi.org/10.3390/s22124417","pdf_url":"https://www.mdpi.com/1424-8220/22/12/4417/pdf?version=1655126811","source":{"id":"https://openalex.org/S101949793","display_name":"Sensors","issn_l":"1424-8220","issn":["1424-8220"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Sensors","raw_type":"journal-article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/9","score":0.6399999856948853,"display_name":"Industry, innovation and infrastructure"}],"awards":[],"funders":[],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4282563637.pdf","grobid_xml":"https://content.openalex.org/works/W4282563637.grobid-xml"},"referenced_works_count":32,"referenced_works":["https://openalex.org/W351141490","https://openalex.org/W617862632","https://openalex.org/W898894848","https://openalex.org/W1499169139","https://openalex.org/W1596291969","https://openalex.org/W2009033060","https://openalex.org/W2065955975","https://openalex.org/W2073104631","https://openalex.org/W2073909744","https://openalex.org/W2110817709","https://openalex.org/W2155926039","https://openalex.org/W2161830378","https://openalex.org/W2164578556","https://openalex.org/W2295598076","https://openalex.org/W2342408547","https://openalex.org/W2606213502","https://openalex.org/W2789652994","https://openalex.org/W2887195793","https://openalex.org/W2888648656","https://openalex.org/W2895787631","https://openalex.org/W2899544492","https://openalex.org/W2907851756","https://openalex.org/W2969330742","https://openalex.org/W3045347230","https://openalex.org/W3092582874","https://openalex.org/W3216660278","https://openalex.org/W4256497308","https://openalex.org/W6633095192","https://openalex.org/W6668885027","https://openalex.org/W6736418005","https://openalex.org/W6738520201","https://openalex.org/W6837683758"],"related_works":["https://openalex.org/W95064529","https://openalex.org/W2031258546","https://openalex.org/W2148519335","https://openalex.org/W2371032752","https://openalex.org/W2160951215","https://openalex.org/W3193592231","https://openalex.org/W2143767096","https://openalex.org/W1601997479","https://openalex.org/W2909923498","https://openalex.org/W4382644910"],"abstract_inverted_index":{"Although":[0],"the":[1,13,17,40,67,71,134,149,152,164,167,220,233],"application":[2],"of":[3,7,15,19,49,70,96,126],"a":[4,29,46,85,101,120,137,206],"wide":[5],"range":[6],"sensors":[8],"has":[9],"been":[10],"generalized":[11],"through":[12,23],"development":[14],"technology,":[16],"processing":[18],"massive":[20,77],"alerts":[21,52,97],"generated":[22,92],"data":[24,189],"analysis":[25,175],"and":[26,106,154,199,204,232],"monitoring":[27],"remains":[28],"challenge.":[30],"This":[31],"problem":[32],"is":[33,91,107,119,129,171,235],"also":[34,61],"found":[35],"in":[36,151],"cyber":[37],"security":[38,145],"because":[39],"intrusion":[41,239],"detection":[42,240],"system":[43,153],"(IDS)":[44],"produces":[45],"tremendous":[47],"number":[48],"alerts.":[50],"Massive":[51],"not":[53],"only":[54],"significantly":[55],"increase":[56],"resources":[57],"for":[58,109,136,180],"analysis,":[59],"but":[60],"make":[62],"it":[63],"difficult":[64],"to":[65,75,115,147,174,176,195],"analyze":[66],"overall":[68],"situation":[69,135,150],"system.":[72],"In":[73,162],"order":[74],"handle":[76],"alerts,":[78,142],"we":[79,187,217],"propose":[80],"using":[81,127,202,237],"an":[82,191],"indicator":[83,90],"as":[84],"frequency-based":[86],"representation.":[87],"The":[88,124],"proposed":[89,221],"from":[93,166,190],"categorical":[94,168],"parameters":[95,169],"that":[98,130,158,219],"occur":[99],"within":[100],"unit":[102],"time":[103],"utilizing":[104],"frequency":[105],"used":[108],"situational":[110],"awareness":[111],"with":[112,226],"machine":[113,182,208],"learning":[114,209],"detect":[116,224],"whether":[117],"there":[118],"threat":[121],"or":[122],"not.":[123],"advantage":[125],"indicators":[128,203],"they":[131],"can":[132,223],"determine":[133],"period":[138],"without":[139],"analyzing":[140],"individual":[141],"which":[143,170],"helps":[144],"experts":[146],"recognize":[148],"focus":[155],"on":[156],"targets":[157],"require":[159],"in-depth":[160],"analysis.":[161],"addition,":[163],"conversion":[165],"highly":[172],"related":[173],"numeric":[177],"parameter":[178],"allows":[179],"applying":[181],"learning.":[183],"For":[184],"performance":[185,234],"evaluation,":[186],"collect":[188],"HAI":[192],"testbed":[193],"similar":[194],"real":[196],"critical":[197],"infrastructure":[198],"conduct":[200],"experiments":[201],"XGBoost,":[205],"classification":[207],"algorithm":[210],"against":[211],"five":[212],"famous":[213],"vulnerability":[214],"attacks.":[215],"Consequently,":[216],"show":[218],"method":[222],"attacks":[225],"more":[227],"than":[228],"90":[229],"percent":[230],"accuracy,":[231],"enhanced":[236],"heterogeneous":[238],"systems.":[241]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":2}],"updated_date":"2026-06-19T17:40:00.097472","created_date":"2022-06-14T00:00:00"}