{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,27]],"date-time":"2025-10-27T16:25:14Z","timestamp":1761582314932,"version":"3.40.3"},"publisher-location":"Cham","reference-count":25,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783031459320"},{"type":"electronic","value":"9783031459337"}],"license":[{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2023]]},"DOI":"10.1007\/978-3-031-45933-7_14","type":"book-chapter","created":{"date-parts":[[2023,11,20]],"date-time":"2023-11-20T09:02:37Z","timestamp":1700470957000},"page":"225-243","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Real-Time Aggregation for\u00a0Massive Alerts Based on\u00a0Dynamic Attack Granularity Graph"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0009-0009-4049-0466","authenticated-orcid":false,"given":"Haiping","family":"Wang","sequence":"first","affiliation":[]},{"given":"Binbin","family":"Li","sequence":"additional","affiliation":[]},{"given":"Tianning","family":"Zang","sequence":"additional","affiliation":[]},{"given":"Yifei","family":"Yang","sequence":"additional","affiliation":[]},{"given":"Zisen","family":"Qi","sequence":"additional","affiliation":[]},{"given":"Siyu","family":"Jia","sequence":"additional","affiliation":[]},{"given":"Yu","family":"Ding","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2023,11,21]]},"reference":[{"issue":"4","key":"14_CR1","doi-asserted-by":"publisher","first-page":"1494","DOI":"10.3390\/s22041494","volume":"22","author":"H Albasheer","year":"2022","unstructured":"Albasheer, H., et al.: Cyber-attack prediction based on network intrusion detection systems for alert correlation techniques: a survey. Sensors 22(4), 1494 (2022). https:\/\/doi.org\/10.3390\/s22041494","journal-title":"Sensors"},{"key":"14_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"54","DOI":"10.1007\/3-540-45474-8_4","volume-title":"Recent Advances in Intrusion Detection","author":"A Valdes","year":"2001","unstructured":"Valdes, A., Skinner, K.: Probabilistic alert correlation. In: Lee, W., M\u00e9, L., Wespi, A. (eds.) RAID 2001. LNCS, vol. 2212, pp. 54\u201368. Springer, Heidelberg (2001). https:\/\/doi.org\/10.1007\/3-540-45474-8_4"},{"key":"14_CR3","doi-asserted-by":"publisher","first-page":"474","DOI":"10.1016\/j.cose.2017.11.021","volume":"73","author":"SC de Alvarenga","year":"2018","unstructured":"de Alvarenga, S.C., Barbon, S., Miani, R.S., Cukier, M., Zarpel\u00e3o, B.B.: Process mining and hierarchical clustering to help intrusion alert visualization. Comput. Secur. 73, 474\u2013491 (2018). https:\/\/doi.org\/10.1016\/j.cose.2017.11.021","journal-title":"Comput. Secur."},{"key":"14_CR4","unstructured":"Carbone, P., Katsifodimos, A., Ewen, S., Markl, V., Haridi, S., Tzoumas, K.: Apache flink: stream and batch processing in a single engine. IEEE Data Eng. Bull. 38(4), 28\u201338 (2015). http:\/\/sites.computer.org\/debull\/A15dec\/p28.pdf"},{"key":"14_CR5","doi-asserted-by":"publisher","unstructured":"Cheung, S., Lindqvist, U., Fong, M.W.: Modeling multistep cyber attacks for scenario recognition. In: 3rd DARPA Information Survivability Conference and Exposition (DISCEX-III 2003), Washington, DC, USA, 22\u201324 April 2003, pp. 284\u2013292. IEEE Computer Society (2003). https:\/\/doi.org\/10.1109\/DISCEX.2003.1194892","DOI":"10.1109\/DISCEX.2003.1194892"},{"key":"14_CR6","doi-asserted-by":"publisher","unstructured":"Cuppens, F.: Managing alerts in a multi-intrusion detection environment. In: 17th Annual Computer Security Applications Conference (ACSAC 2001), New Orleans, Louisiana, USA, 11\u201314 December 2001, pp. 22\u201331. IEEE Computer Society (2001). https:\/\/doi.org\/10.1109\/ACSAC.2001.991518","DOI":"10.1109\/ACSAC.2001.991518"},{"key":"14_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"85","DOI":"10.1007\/3-540-45474-8_6","volume-title":"Recent Advances in Intrusion Detection","author":"H Debar","year":"2001","unstructured":"Debar, H., Wespi, A.: Aggregation and correlation of intrusion-detection alerts. In: Lee, W., M\u00e9, L., Wespi, A. (eds.) RAID 2001. LNCS, vol. 2212, pp. 85\u2013103. Springer, Heidelberg (2001). https:\/\/doi.org\/10.1007\/3-540-45474-8_6"},{"key":"14_CR8","doi-asserted-by":"publisher","unstructured":"Fatma, H., Mohamed, L.: A two-stage technique to improve intrusion detection systems based on data mining algorithms. In: 2013 5th International Conference on Modeling, Simulation and Applied Optimization (ICMSAO), pp. 1\u20136 (2013). https:\/\/doi.org\/10.1109\/ICMSAO.2013.6552542","DOI":"10.1109\/ICMSAO.2013.6552542"},{"key":"14_CR9","doi-asserted-by":"publisher","unstructured":"Hus\u00e1k, M., Cerm\u00e1k, M., Lastovicka, M., Vykopal, J.: Exchanging security events: which and how many alerts can we aggregate? In: 2017 IFIP\/IEEE Symposium on Integrated Network and Service Management (IM), Lisbon, Portugal, 8\u201312 May 2017, pp. 604\u2013607. IEEE (2017). https:\/\/doi.org\/10.23919\/INM.2017.7987340","DOI":"10.23919\/INM.2017.7987340"},{"key":"14_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"715","DOI":"10.1007\/11760146_102","volume-title":"Intelligence and Security Informatics","author":"J-X Wang","year":"2006","unstructured":"Wang, J.-X., Wang, Z.-Y., Dai, K.: A PCA-LVQ model for intrusion alert analysis. In: Mehrotra, S., Zeng, D.D., Chen, H., Thuraisingham, B., Wang, F.-Y. (eds.) ISI 2006. LNCS, vol. 3975, pp. 715\u2013716. Springer, Heidelberg (2006). https:\/\/doi.org\/10.1007\/11760146_102"},{"key":"14_CR11","doi-asserted-by":"crossref","unstructured":"Julisch, K.: Mining alarm clusters to improve alarm handling efficiency. In: Seventeenth Annual Computer Security Applications Conference, pp. 12\u201321 (2001)","DOI":"10.1109\/ACSAC.2001.991517"},{"key":"14_CR12","doi-asserted-by":"publisher","first-page":"443","DOI":"10.1145\/950191.950192","volume":"6","author":"K Julisch","year":"2003","unstructured":"Julisch, K.: Info, claims: clustering intrusion detection alarms to support root cause analysis. ACM Trans. Inf. Syst. Secur. 6, 443\u2013471 (2003). https:\/\/doi.org\/10.1145\/950191.950192","journal-title":"ACM Trans. Inf. Syst. Secur."},{"key":"14_CR13","doi-asserted-by":"publisher","unstructured":"Kumar, M., Siddique, S., Noor, H.: Feature-based alert correlation in security systems using self organizing maps. In: Dasarathy, B.V. (ed.) Data Mining, Intrusion Detection, Information Security and Assurance, and Data Networks Security, Orlando, Florida, USA, 13 April 2009. SPIE Proceedings, vol. 7344, p. 734404. SPIE (2009). https:\/\/doi.org\/10.1117\/12.820000","DOI":"10.1117\/12.820000"},{"key":"14_CR14","doi-asserted-by":"publisher","unstructured":"Man, D., Yang, W., Wang, W., Xuan, S.: An alert aggregation algorithm based on iterative self-organization. Procedia Eng. 29, 3033\u20133038 (2012). https:\/\/doi.org\/10.1016\/j.proeng.2012.01.435. https:\/\/www.sciencedirect.com\/science\/article\/pii\/S1877705812004456. 2012 International Workshop on Information and Electronics Engineering","DOI":"10.1016\/j.proeng.2012.01.435"},{"key":"14_CR15","doi-asserted-by":"publisher","unstructured":"Mohamed, A.B., Idris, N.B., Shanmugum, B.: Alert correlation using a novel clustering approach. 2212(12747443), 720\u2013725 (2012). https:\/\/doi.org\/10.1109\/CSNT.2012.212","DOI":"10.1109\/CSNT.2012.212"},{"key":"14_CR16","doi-asserted-by":"publisher","unstructured":"Nandimath, J., Banerjee, E., Patil, A., Kakade, P., Vaidya, S.: Big data analysis using apache hadoop. In: IEEE 14th International Conference on Information Reuse & Integration, IRI 2013, San Francisco, CA, USA, 14\u201316 August 2013, pp. 700\u2013703. IEEE Computer Society (2013). https:\/\/doi.org\/10.1109\/IRI.2013.6642536","DOI":"10.1109\/IRI.2013.6642536"},{"key":"14_CR17","doi-asserted-by":"publisher","unstructured":"Noac\u2019h, P.L., Costan, A., Boug\u00e9, L.: A performance evaluation of Apache Kafka in support of big data streaming applications. In: Nie, J., et al. (eds.) 2017 IEEE International Conference on Big Data (IEEE BigData 2017), Boston, MA, USA, 11\u201314 December 2017, pp. 4803\u20134806. IEEE Computer Society (2017). https:\/\/doi.org\/10.1109\/BigData.2017.8258548","DOI":"10.1109\/BigData.2017.8258548"},{"issue":"10","key":"14_CR18","doi-asserted-by":"publisher","first-page":"1933","DOI":"10.1109\/JSAC.2014.2358834","volume":"32","author":"E Raftopoulos","year":"2014","unstructured":"Raftopoulos, E., Dimitropoulos, X.A.: IDS alert correlation in the wild with edge. IEEE J. Sel. Areas Commun. 32(10), 1933\u20131946 (2014). https:\/\/doi.org\/10.1109\/JSAC.2014.2358834","journal-title":"IEEE J. Sel. Areas Commun."},{"issue":"15","key":"14_CR19","doi-asserted-by":"publisher","first-page":"520","DOI":"10.1007\/s10489-012-0383-7","volume":"38","author":"S Benferhat","year":"2013","unstructured":"Benferhat, S., Boudjelida, A., Tabia, K., Drias, H.: An intrusion detection and alert correlation approach based on revising probabilistic classifiers using expert knowledge. Appl. Intell. 38(15), 520\u2013540 (2013). https:\/\/doi.org\/10.1007\/s10489-012-0383-7","journal-title":"Appl. Intell."},{"key":"14_CR20","unstructured":"Suricata: Suricata open source IDS (2020). https:\/\/suricata-ids.org\/"},{"issue":"2","key":"14_CR21","doi-asserted-by":"publisher","first-page":"210","DOI":"10.1007\/s10588-015-9182-0","volume":"21","author":"TK Tan","year":"2015","unstructured":"Tan, T.K., Darken, C.J.: Learning and prediction of relational time series. Comput. Math. Organ. Theory 21(2), 210\u2013241 (2015). https:\/\/doi.org\/10.1007\/s10588-015-9182-0","journal-title":"Comput. Math. Organ. Theory"},{"key":"14_CR22","doi-asserted-by":"publisher","unstructured":"Templeton, S.J., Levitt, K.E.: A requires\/provides model for computer attacks. In: Zurko, M.E., Greenwald, S.J. (eds.) Proceedings of the 2000 Workshop on New Security Paradigms, Ballycotton, Co., Cork, Ireland, 18\u201321 September 2000, pp. 31\u201338. ACM (2000). https:\/\/doi.org\/10.1145\/366173.366187","DOI":"10.1145\/366173.366187"},{"issue":"6","key":"14_CR23","doi-asserted-by":"publisher","first-page":"712","DOI":"10.1016\/j.cose.2010.02.001","volume":"29","author":"GC Tjhai","year":"2010","unstructured":"Tjhai, G.C., Furnell, S., Papadaki, M., Clarke, N.L.: A preliminary two-stage alarm correlation and filtering system using SOM neural network and k-means algorithm. Comput. Secur. 29(6), 712\u2013723 (2010)","journal-title":"Comput. Secur."},{"key":"14_CR24","doi-asserted-by":"publisher","unstructured":"Zhang, Y., Huang, S., Wang, Y.: IDS alert classification model construction using decision support techniques. In: 2012 International Conference on Computer Science and Electronics Engineering, vol. 1, pp. 301\u2013305 (2012). https:\/\/doi.org\/10.1109\/ICCSEE.2012.242","DOI":"10.1109\/ICCSEE.2012.242"},{"key":"14_CR25","doi-asserted-by":"publisher","unstructured":"Zhao, N., et al.: Understanding and handling alert storm for online service systems. In: Rothermel, G., Bae, D. (eds.) ICSE-SEIP 2020: 42nd International Conference on Software Engineering, Software Engineering in Practice, Seoul, South Korea, 27 June\u201319 July 2020, pp. 162\u2013171. ACM (2020). https:\/\/doi.org\/10.1145\/3377813.3381363","DOI":"10.1145\/3377813.3381363"}],"container-title":["Lecture Notes in Computer Science","Science of Cyber Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-45933-7_14","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,11,2]],"date-time":"2024-11-02T06:55:24Z","timestamp":1730530524000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-45933-7_14"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023]]},"ISBN":["9783031459320","9783031459337"],"references-count":25,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-45933-7_14","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2023]]},"assertion":[{"value":"21 November 2023","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"SciSec","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Science of Cyber Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Melbourne, VIC","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Australia","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2023","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"11 July 2023","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"14 July 2023","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"5","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"scisec2023","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/scisec.org\/index.html","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Easychair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"60","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"21","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"6","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"35% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"5","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"No","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}