{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,27]],"date-time":"2025-03-27T11:48:16Z","timestamp":1743076096503,"version":"3.40.3"},"publisher-location":"Cham","reference-count":40,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030179816"},{"type":"electronic","value":"9783030179823"}],"license":[{"start":{"date-parts":[[2019,1,1]],"date-time":"2019-01-01T00:00:00Z","timestamp":1546300800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2019]]},"DOI":"10.1007\/978-3-030-17982-3_14","type":"book-chapter","created":{"date-parts":[[2019,4,11]],"date-time":"2019-04-11T00:38:34Z","timestamp":1554943114000},"page":"173-184","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["AlertVision: Visualizing Security Alerts"],"prefix":"10.1007","author":[{"given":"Jina","family":"Hong","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"JinKi","family":"Lee","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"HyunKyu","family":"Lee","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"YoonHa","family":"Chang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"KwangHo","family":"Choi","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Sang Kil","family":"Cha","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2019,4,12]]},"reference":[{"key":"14_CR1","unstructured":"Barnum, S.: Standardizing cyber threat intelligence information with the structured threat information expression (STIX\u2122). Technical report, MITRE (2012)"},{"key":"14_CR2","unstructured":"Cha, S.K., Moraru, I., Jang, J., Truelove, J., Brumley, D., Andersen, D.G.: SplitScreen: enabling efficient, distributed malware detection, pp. 377\u2013390 (2010)"},{"key":"14_CR3","unstructured":"Coull, S., Branch, J., Szymanski, B., Breimer, E.: Intrusion detection: a bioinformatics approach. In: Proceedings of the Annual Computer Security Applications Conference, pp. 24\u201333 (2003)"},{"key":"14_CR4","first-page":"197","volume-title":"Lecture Notes in Computer Science","author":"Fr\u00e9d\u00e9ric Cuppens","year":"2000","unstructured":"Cuppens, F., Ortalo, R.: LAMBDA: a language to model a database for detection of attacks. In: Proceedings of the International Workshop on the Recent Advances in Intrusion Detection, pp. 197\u2013216 (2000)"},{"key":"14_CR5","doi-asserted-by":"crossref","unstructured":"Fenz, S., Ekelhart, A.: Formalizing information security knowledge. In: Proceedings of the International Symposium on Information, Computer, and Communications Security, pp. 183\u2013194 (2009)","DOI":"10.1145\/1533057.1533084"},{"key":"14_CR6","unstructured":"Forrest, S., Hofmeyr, S.A., Somayaji, A., Longstaff, T.A.: A sense of self for Unix processes. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 120\u2013128 (1996)"},{"issue":"11","key":"14_CR7","first-page":"1129","volume":"21","author":"TMJ Fruchterman","year":"1991","unstructured":"Fruchterman, T.M.J., Reingold, E.M.: Graph drawing by force-directed placement. Softw.: Pract. Exp. 21(11), 1129\u20131164 (1991)","journal-title":"Softw.: Pract. Exp."},{"issue":"3","key":"14_CR8","doi-asserted-by":"publisher","first-page":"705","DOI":"10.1016\/0022-2836(82)90398-9","volume":"162","author":"O Gotoh","year":"1982","unstructured":"Gotoh, O.: An improved algorithm for matching biological sequences. J. Mol. Biol. 162(3), 705\u2013708 (1982)","journal-title":"J. Mol. Biol."},{"key":"14_CR9","unstructured":"Gu, G., Perdisci, R., Zhang, J., Lee, W.: BotMiner: clustering analysis of network traffic for protocol- and structure-independent botnet detection. In: Proceedings of the USENIX Security Symposium, vol. 5, pp. 139\u2013154 (2008)"},{"key":"14_CR10","unstructured":"Heoh, S.T., Ma, K.L., Wu, S.F., Zhao, X.: Case study: interactive visualization for internet security. In: Proceedings of the IEEE Conference on Visualization, pp. 505\u2013508 (2002)"},{"issue":"3","key":"14_CR11","doi-asserted-by":"publisher","first-page":"337","DOI":"10.1016\/0196-8858(91)90017-D","volume":"12","author":"X Huang","year":"1991","unstructured":"Huang, X., Miller, W.: A time-efficient, linear-space local similarity algorithm. Adv. Appl. Math. 12(3), 337\u2013357 (1991)","journal-title":"Adv. Appl. Math."},{"key":"14_CR12","unstructured":"IBM: IBM X-Force threat intelligence. \n                      https:\/\/www.ibm.com\/security\/xforce"},{"key":"14_CR13","doi-asserted-by":"publisher","first-page":"489","DOI":"10.1016\/j.procs.2014.05.452","volume":"32","author":"M Jouini","year":"2014","unstructured":"Jouini, M., Rabai, L.B.A., Aissa, A.B.: Classification of security threats in information systems. Procedia Comput. Sci. 32, 489\u2013496 (2014)","journal-title":"Procedia Comput. Sci."},{"key":"14_CR14","unstructured":"Kapetanakis, S., Filippoupolitis, A., Loukas, G., Murayziq, T.S.A.: Profiling cyber attackers using case-based reasoning. In: Proceedings of the UK Workshop on Case-Based Reasoning (2014)"},{"key":"14_CR15","doi-asserted-by":"crossref","unstructured":"Kirat, D., Vigna, G.: MalGene: automatic extraction of malware analysis evasion signature. In: Proceedings of the ACM Conference on Computer and Communications Security, pp. 769\u2013780 (2015)","DOI":"10.1145\/2810103.2813642"},{"key":"14_CR16","doi-asserted-by":"crossref","unstructured":"Kotenko, I., Polubelova, O., Saenko, I., Doynikova, E.: The ontology of metrics for security evaluation and decision support in SIEM systems. In: Proceedings of the International Conference on Availability, Reliability and Security, pp. 638\u2013645 (2013)","DOI":"10.1109\/ARES.2013.84"},{"issue":"3","key":"14_CR17","doi-asserted-by":"publisher","first-page":"1659","DOI":"10.1016\/j.eswa.2007.01.040","volume":"34","author":"K Lee","year":"2008","unstructured":"Lee, K., Kim, J., Kwon, K.H., Han, Y., Kim, S.: DDoS attack detection method using cluster analysis. Expert Syst. Appl. 34(3), 1659\u20131665 (2008)","journal-title":"Expert Syst. Appl."},{"key":"14_CR18","unstructured":"Lee, W., Stolfo, S.J.: Data mining approaches for intrusion detection. In: Proceedings of the USENIX Security Symposium, pp. 79\u201393 (1998)"},{"key":"14_CR19","unstructured":"Livnat, Y., Agutter, J., Moon, S., Erbacher, R.F., Foresti, S.: A visualization paradigm for network intrusion detection. In: Proceedings of the Annual IEEE SMC Information Assurance Workshop, pp. 92\u201399 (2005)"},{"issue":"1","key":"14_CR20","doi-asserted-by":"publisher","first-page":"47","DOI":"10.1007\/s11416-016-0273-3","volume":"13","author":"R Luh","year":"2017","unstructured":"Luh, R., Marschalek, S., Kaiser, M., Janicke, H., Schrittwieser, S.: Semantics-aware detection of targeted attacks: a survey. J. Comput. Virol. Hacking Tech. 13(1), 47\u201385 (2017)","journal-title":"J. Comput. Virol. Hacking Tech."},{"key":"14_CR21","doi-asserted-by":"crossref","unstructured":"Luh, R., Schrittwieser, S., Marschalek, S.: TAON: an ontology-based approach to mitigating targeted attacks. In: Proceedings of the International Conference on Information Integration and Web-based Applications and Services, pp. 303\u2013312 (2016)","DOI":"10.1145\/3011141.3011157"},{"key":"14_CR22","doi-asserted-by":"crossref","unstructured":"McPherson, J., Ma, K.L., Krystosk, P., Bartoletti, T., Christensen, M.: PortVis: a tool for port-based detection of security events. In: Proceedings of the ACM Workshop on Visualization and Data Mining for Computer Security, pp. 73\u201381 (2004)","DOI":"10.1145\/1029208.1029220"},{"key":"14_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"183","DOI":"10.1007\/978-3-319-03584-0_14","volume-title":"Cyberspace Safety and Security","author":"SA Mirheidari","year":"2013","unstructured":"Mirheidari, S.A., Arshad, S., Jalili, R.: Alert correlation algorithms: a survey and taxonomy. In: Wang, G., Ray, I., Feng, D., Rajarajan, M. (eds.) CSS 2013. LNCS, vol. 8300, pp. 183\u2013197. Springer, Cham (2013). \n                      https:\/\/doi.org\/10.1007\/978-3-319-03584-0_14"},{"issue":"1","key":"14_CR24","doi-asserted-by":"publisher","first-page":"11","DOI":"10.1093\/bioinformatics\/4.1.11","volume":"4","author":"EW Myers","year":"1988","unstructured":"Myers, E.W., Miller, W.: Optimal alignments in linear space. Bioinformatics 4(1), 11\u201317 (1988)","journal-title":"Bioinformatics"},{"issue":"3","key":"14_CR25","doi-asserted-by":"publisher","first-page":"443","DOI":"10.1016\/0022-2836(70)90057-4","volume":"48","author":"SB Needleman","year":"1970","unstructured":"Needleman, S.B., Wunsch, C.D.: A general method applicable to the search for similarities in the amino acid sequence of two proteins. J. Mol. Biol. 48(3), 443\u2013453 (1970)","journal-title":"J. Mol. Biol."},{"issue":"1","key":"14_CR26","doi-asserted-by":"publisher","first-page":"321","DOI":"10.1186\/s12859-015-0744-4","volume":"16","author":"D Okada","year":"2015","unstructured":"Okada, D., Ino, F., Hagihara, K.: Accelerating the Smith-Waterman algorithm with interpair pruning and band optimization for the all-pairs comparison of base sequences. BMC Bioinform. 16(1), 321 (2015)","journal-title":"BMC Bioinform."},{"issue":"5","key":"14_CR27","doi-asserted-by":"publisher","first-page":"41","DOI":"10.1109\/MSP.2011.98","volume":"9","author":"P O\u2019Kane","year":"2011","unstructured":"O\u2019Kane, P., Sezer, S., McLaughlin, K.: Obfuscation: the hidden malware. IEEE Secur. Priv. 9(5), 41\u201347 (2011)","journal-title":"IEEE Secur. Priv."},{"issue":"5","key":"14_CR28","doi-asserted-by":"publisher","first-page":"1009","DOI":"10.1109\/TPDS.2012.194","volume":"24","author":"EF Oliveira Sandes de","year":"2013","unstructured":"de Oliveira Sandes, E.F., de Melo, A.C.M.A.: Retrieving Smith-Waterman alignments with optimizations for megabase biological sequences using GPU. IEEE Trans. Parallel Distrib. Syst. 24(5), 1009\u20131021 (2013)","journal-title":"IEEE Trans. Parallel Distrib. Syst."},{"key":"14_CR29","doi-asserted-by":"publisher","first-page":"35","DOI":"10.1016\/j.cose.2017.02.005","volume":"67","author":"S Qamar","year":"2017","unstructured":"Qamar, S., Anwar, Z., Rahman, M.A., Al-Shaer, E., Chu, B.T.: Data-driven analytics for cyber-threat intelligence and information sharing. Comput. Secur. 67, 35\u201358 (2017)","journal-title":"Comput. Secur."},{"key":"14_CR30","doi-asserted-by":"publisher","first-page":"206","DOI":"10.1016\/j.cose.2014.10.006","volume":"49","author":"AA Ramaki","year":"2015","unstructured":"Ramaki, A.A., Amini, M., Atani, R.E.: RTECA: real time episode correlation algorithm for multi-step attack scenarios detection. Comput. Secur. 49, 206\u2013219 (2015)","journal-title":"Comput. Secur."},{"issue":"5","key":"14_CR31","doi-asserted-by":"publisher","first-page":"1289","DOI":"10.1016\/j.comnet.2012.10.022","volume":"57","author":"S Salah","year":"2013","unstructured":"Salah, S., Maci\u00e1-Fern\u00e1ndez, G., D\u00edAz-Verdejo, J.E.: A model-based survey of alert correlation techniques. Comput. Netw. 57(5), 1289\u20131317 (2013)","journal-title":"Comput. Netw."},{"key":"14_CR32","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.cose.2014.12.003","volume":"50","author":"R Shittu","year":"2015","unstructured":"Shittu, R., Healing, A., Ghanea-Hercock, R., Bloomfield, R., Rajarajan, M.: Intrusion alert prioritisation and attack detection using post-correlation analysis. Comput. Secur. 50, 1\u201315 (2015)","journal-title":"Comput. Secur."},{"issue":"1","key":"14_CR33","doi-asserted-by":"publisher","first-page":"30","DOI":"10.1093\/comjnl\/16.1.30","volume":"16","author":"R Sibson","year":"1973","unstructured":"Sibson, R.: SLINK: an optimally efficient algorithm for the single-link cluster method. Comput. J. 16(1), 30\u201334 (1973)","journal-title":"Comput. J."},{"issue":"1","key":"14_CR34","doi-asserted-by":"publisher","first-page":"195","DOI":"10.1016\/0022-2836(81)90087-5","volume":"147","author":"T Smith","year":"1981","unstructured":"Smith, T., Waterman, M.: Identification of common molecular subsequences. J. Mol. Biol. 147(1), 195\u2013197 (1981)","journal-title":"J. Mol. Biol."},{"key":"14_CR35","doi-asserted-by":"crossref","unstructured":"Spring, J., Kern, S., Summers, A.: Global adversarial capability modeling. In: Proceedings of the IEEE eCrime Researchers Summit on Anti-phishing Working Group, pp. 1\u201321 (2015)","DOI":"10.1109\/ECRIME.2015.7120797"},{"key":"14_CR36","doi-asserted-by":"crossref","unstructured":"Strasburg, C., Basu, S., Wong, J.S.: S-MAIDS: a semantic model for automated tuning, correlation, and response selection in intrusion detection systems. In: Proceedings of the IEEE International Conference on Computer Software and Applications Conference, pp. 319\u2013328 (2013)","DOI":"10.1109\/COMPSAC.2013.57"},{"issue":"8","key":"14_CR37","doi-asserted-by":"publisher","first-page":"16","DOI":"10.1016\/S1353-4858(11)70086-1","volume":"2011","author":"C Tankard","year":"2011","unstructured":"Tankard, C.: Advanced persistent threats and how to monitor and deter them. Netw. Secur. 2011(8), 16\u201319 (2011)","journal-title":"Netw. Secur."},{"key":"14_CR38","first-page":"1","volume-title":"Lecture Notes in Computer Science","author":"James J. Treinen","year":"2006","unstructured":"Treinen, J.J., Thurimella, R.: A framework for the application of association rule mining in large intrusion detection infrastructures. In: Proceedings of the International Workshop on the Recent Advances in Intrusion Detection, pp. 1\u201318 (2006)"},{"issue":"8","key":"14_CR39","first-page":"720","volume":"4","author":"JEL Vergara de","year":"2009","unstructured":"de Vergara, J.E.L., V\u00e1zquez, E., Martin, A., Dubus, S., Lepareux, M.N.: Use of ontologies for the definition of alerts and policies in a network security platform. J. Netw. 4(8), 720\u2013733 (2009)","journal-title":"J. Netw."},{"issue":"1","key":"14_CR40","doi-asserted-by":"publisher","first-page":"124","DOI":"10.1016\/j.cose.2009.06.008","volume":"29","author":"CV Zhou","year":"2010","unstructured":"Zhou, C.V., Leckie, C., Karunasekera, S.: A survey of coordinated attacks and collaborative intrusion detection. Comput. Secur. 29(1), 124\u2013140 (2010)","journal-title":"Comput. Secur."}],"container-title":["Lecture Notes in Computer Science","Information Security Applications"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-17982-3_14","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,20]],"date-time":"2019-05-20T10:19:47Z","timestamp":1558347587000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-17982-3_14"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019]]},"ISBN":["9783030179816","9783030179823"],"references-count":40,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-17982-3_14","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2019]]},"assertion":[{"value":"12 April 2019","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"WISA","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Workshop on Information Security Applications","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Jeju Island","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Korea (Republic of)","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2018","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"23 August 2018","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"25 August 2018","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"19","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"wisa2018","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/www.wisa.or.kr\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"wisa18.hotcrp.com","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"44","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"11","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"11","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"25% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"2","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"2","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"No","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}}]}}