{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,2]],"date-time":"2026-01-02T07:46:19Z","timestamp":1767339979903,"version":"3.40.3"},"publisher-location":"Cham","reference-count":40,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783031569494"},{"type":"electronic","value":"9783031569500"}],"license":[{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024]]},"DOI":"10.1007\/978-3-031-56950-0_21","type":"book-chapter","created":{"date-parts":[[2024,3,28]],"date-time":"2024-03-28T03:01:57Z","timestamp":1711594917000},"page":"244-255","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":6,"title":["Towards Hybrid NIDS: Combining Rule-Based SIEM with\u00a0AI-Based Intrusion Detectors"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-9243-7047","authenticated-orcid":false,"given":"Federica","family":"Uccello","sequence":"first","affiliation":[]},{"given":"Marek","family":"Pawlicki","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9327-0138","authenticated-orcid":false,"given":"Salvatore","family":"D\u2019Antonio","sequence":"additional","affiliation":[]},{"given":"Rafa\u0142","family":"Kozik","sequence":"additional","affiliation":[]},{"given":"Micha\u0142","family":"Chora\u015b","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2024,3,29]]},"reference":[{"issue":"8","key":"21_CR1","first-page":"939","volume":"71","author":"A Ahmad","year":"2020","unstructured":"Ahmad, A., Desouza, K.C., Maynard, S.B., Naseer, H., Baskerville, R.L.: How integration of cyber security management and incident response enables organizational learning. J. Am. Soc. Inf. Sci. 71(8), 939\u2013953 (2020)","journal-title":"J. Am. Soc. Inf. Sci."},{"key":"21_CR2","doi-asserted-by":"publisher","unstructured":"Akter, S., Uddin, M.R., Sajib, S., Lee, W.J.T., Michael, K., Hossain, M.A.: Reconceptualizing cybersecurity awareness capability in the data-driven digital economy. Ann. Oper. Res. 315, 1\u201326 (2022). https:\/\/doi.org\/10.1007\/s10479-022-04844-8","DOI":"10.1007\/s10479-022-04844-8"},{"key":"21_CR3","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2021.102435","volume":"110","author":"S Al","year":"2021","unstructured":"Al, S., Dener, M.: STL-HDL: a new hybrid network intrusion detection system for imbalanced dataset on big data environment. Comput. Secur. 110, 102435 (2021). https:\/\/doi.org\/10.1016\/j.cose.2021.102435","journal-title":"Comput. Secur."},{"issue":"6","key":"21_CR4","first-page":"6768","volume":"12","author":"H Alturkistani","year":"2022","unstructured":"Alturkistani, H., El-Affendi, M.A.: Optimizing cybersecurity incident response decisions using deep reinforcement learning. Int. J. Electr. Comput. Eng. 12(6), 6768 (2022)","journal-title":"Int. J. Electr. Comput. Eng."},{"key":"21_CR5","unstructured":"Ardagna, C., Corbiaux, S., Impe, K.V., Sfakianaki, A.: ENISA threat landscape (2022). https:\/\/www.enisa.europa.eu\/publications\/enisa-threat-landscape-2022"},{"issue":"11","key":"21_CR6","doi-asserted-by":"publisher","first-page":"6610","DOI":"10.3390\/app13116610","volume":"13","author":"T Ban","year":"2023","unstructured":"Ban, T., Takahashi, T., Ndichu, S., Inoue, D.: Breaking alert fatigue: Ai-assisted SIEM framework for effective incident response. Appl. Sci. 13(11), 6610 (2023)","journal-title":"Appl. Sci."},{"key":"21_CR7","doi-asserted-by":"publisher","first-page":"5","DOI":"10.1023\/A:1010933404324","volume":"45","author":"L Breiman","year":"2001","unstructured":"Breiman, L.: Random forests. Mach. Learn. 45, 5\u201332 (2001). https:\/\/doi.org\/10.1023\/A:1010933404324","journal-title":"Mach. Learn."},{"issue":"9","key":"21_CR8","doi-asserted-by":"publisher","first-page":"6","DOI":"10.1016\/S1353-4858(20)30104-5","volume":"2020","author":"M Campfield","year":"2020","unstructured":"Campfield, M.: The problem with (most) network detection and response. Netw. Secur. 2020(9), 6\u20139 (2020)","journal-title":"Netw. Secur."},{"key":"21_CR9","doi-asserted-by":"publisher","unstructured":"Coppolino, L., et al.: Detection of radio frequency interference in satellite ground segments. In: 2023 IEEE International Conference on Cyber Security and Resilience (CSR), pp. 648\u2013653 (2023). https:\/\/doi.org\/10.1109\/CSR57506.2023.10225005","DOI":"10.1109\/CSR57506.2023.10225005"},{"key":"21_CR10","doi-asserted-by":"crossref","unstructured":"Cucu, C., Cazacu, M.: Current technologies and trends in cybersecurity and the impact of artificial intelligence. In: The International Scientific Conference eLearning and Software for Education, vol.\u00a02, pp. 208\u2013214. \u201c Carol I\u201d National Defence University (2019)","DOI":"10.12753\/2066-026X-19-099"},{"key":"21_CR11","doi-asserted-by":"publisher","unstructured":"Dowling, J.F., Sellers, J.E.: Chapter 34 - security awareness. In: Davies, S.J., Fennelly, L.J. (eds.) The Professional Protection Officer (Second Edition), pp. 391\u2013396. Butterworth-Heinemann, Boston, second edn. (2020). https:\/\/doi.org\/10.1016\/B978-0-12-817748-8.00034-1, https:\/\/www.sciencedirect.com\/science\/article\/pii\/B9780128177488000341","DOI":"10.1016\/B978-0-12-817748-8.00034-1"},{"issue":"5","key":"21_CR12","doi-asserted-by":"publisher","first-page":"784","DOI":"10.1109\/JAS.2022.105548","volume":"9","author":"W Duo","year":"2022","unstructured":"Duo, W., Zhou, M., Abusorrah, A.: A survey of cyber attacks on cyber physical systems: recent advances and challenges. IEEE\/CAA J. Automatica Sin. 9(5), 784\u2013800 (2022). https:\/\/doi.org\/10.1109\/JAS.2022.105548","journal-title":"IEEE\/CAA J. Automatica Sin."},{"issue":"11","key":"21_CR13","doi-asserted-by":"publisher","first-page":"1422","DOI":"10.3897\/jucs.2020.075","volume":"26","author":"V Dutta","year":"2020","unstructured":"Dutta, V., Choras, M., Pawlicki, M., Kozik, R.: Detection of cyberattacks traces in IoT data. J. Univers. Comput. Sci. 26(11), 1422\u20131434 (2020)","journal-title":"J. Univers. Comput. Sci."},{"issue":"1\u20132","key":"21_CR14","doi-asserted-by":"publisher","first-page":"27","DOI":"10.1080\/23742917.2022.2058836","volume":"6","author":"A Esseghir","year":"2022","unstructured":"Esseghir, A., Kamoun, F., Hraiech, O.: AKER: an open-source security platform integrating ids and SIEM functions with encrypted traffic analytic capability. J. Cyber Secur. Technol. 6(1\u20132), 27\u201364 (2022)","journal-title":"J. Cyber Secur. Technol."},{"key":"21_CR15","doi-asserted-by":"crossref","unstructured":"Fakiha, B.S.: Effectiveness of security incident event management (SIEM) system for cyber security situation awareness. Indian J. Forensic Med. Toxicol. 14(4), 802\u2013808 (2020)","DOI":"10.37506\/ijfmt.v14i4.11587"},{"issue":"1","key":"21_CR16","doi-asserted-by":"publisher","first-page":"2037254","DOI":"10.1080\/08839514.2022.2037254","volume":"36","author":"B Guembe","year":"2022","unstructured":"Guembe, B., Azeta, A., Misra, S., Osamor, V.C., Fernandez-Sanz, L., Pospelova, V.: The emerging threat of AI-driven cyber attacks: a review. Appl. Artif. Intell. 36(1), 2037254 (2022)","journal-title":"Appl. Artif. Intell."},{"key":"21_CR17","doi-asserted-by":"crossref","unstructured":"Ho, T.K.: Random decision forests. In: Proceedings of 3rd International Conference on Document Analysis and Recognition, vol.\u00a01, pp. 278\u2013282. IEEE (1995)","DOI":"10.1109\/ICDAR.1995.598994"},{"key":"21_CR18","unstructured":"Jakub, P.: Russia\u2019s war on Ukraine: timeline of cyber-attacks (2022)"},{"issue":"12","key":"21_CR19","doi-asserted-by":"publisher","first-page":"9395","DOI":"10.1016\/j.aej.2022.02.063","volume":"61","author":"Y Kayode Saheed","year":"2022","unstructured":"Kayode Saheed, Y., Idris Abiodun, A., Misra, S., Kristiansen Holone, M., Colomo-Palacios, R.: A machine learning-based intrusion detection for detecting internet of things network attacks. Alex. Eng. J. 61(12), 9395\u20139409 (2022). https:\/\/doi.org\/10.1016\/j.aej.2022.02.063","journal-title":"Alex. Eng. J."},{"issue":"1","key":"21_CR20","doi-asserted-by":"publisher","first-page":"23","DOI":"10.37868\/sei.v3i1.124","volume":"3","author":"R Khader","year":"2021","unstructured":"Khader, R., Eleyan, D.: Survey of DoS\/DDoS attacks in IoT. Sustain. Eng. Innov. 3(1), 23\u201328 (2021)","journal-title":"Sustain. Eng. Innov."},{"key":"21_CR21","doi-asserted-by":"publisher","first-page":"51","DOI":"10.1016\/j.future.2022.02.011","volume":"132","author":"T Kim","year":"2022","unstructured":"Kim, T., Pak, W.: Real-time network intrusion detection using deferred decision and hybrid classifier. Futur. Gener. Comput. Syst. 132, 51\u201366 (2022). https:\/\/doi.org\/10.1016\/j.future.2022.02.011","journal-title":"Futur. Gener. Comput. Syst."},{"key":"21_CR22","doi-asserted-by":"publisher","first-page":"10754","DOI":"10.1109\/ACCESS.2022.3145002","volume":"10","author":"T Kim","year":"2022","unstructured":"Kim, T., Pak, W.: Robust network intrusion detection system based on machine-learning with early classification. IEEE Access 10, 10754\u201310767 (2022). https:\/\/doi.org\/10.1109\/ACCESS.2022.3145002","journal-title":"IEEE Access"},{"issue":"4","key":"21_CR23","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3460976","volume":"5","author":"MTR Laskar","year":"2021","unstructured":"Laskar, M.T.R., et al.: Extending isolation forest for anomaly detection in big data via k-means. ACM Trans. Cyber-Phys. Syst. (TCPS) 5(4), 1\u201326 (2021)","journal-title":"ACM Trans. Cyber-Phys. Syst. (TCPS)"},{"issue":"7553","key":"21_CR24","doi-asserted-by":"publisher","first-page":"436","DOI":"10.1038\/nature14539","volume":"521","author":"Y LeCun","year":"2015","unstructured":"LeCun, Y., Bengio, Y., Hinton, G.: Deep learning. Nature 521(7553), 436\u2013444 (2015)","journal-title":"Nature"},{"key":"21_CR25","doi-asserted-by":"publisher","first-page":"8176","DOI":"10.1016\/j.egyr.2021.08.126","volume":"7","author":"Y Li","year":"2021","unstructured":"Li, Y., Liu, Q.: A comprehensive review study of cyber-attacks and cyber security; emerging trends and recent developments. Energy Rep. 7, 8176\u20138186 (2021). https:\/\/doi.org\/10.1016\/j.egyr.2021.08.126","journal-title":"Energy Rep."},{"key":"21_CR26","doi-asserted-by":"publisher","unstructured":"Liu, F.T., Ting, K.M., Zhou, Z.H.: Isolation forest. In: 2008 Eighth IEEE International Conference on Data Mining, pp. 413\u2013422 (2008). https:\/\/doi.org\/10.1109\/ICDM.2008.17","DOI":"10.1109\/ICDM.2008.17"},{"issue":"13","key":"21_CR27","doi-asserted-by":"publisher","first-page":"4319","DOI":"10.3390\/s21134319","volume":"21","author":"ME Mihailescu","year":"2021","unstructured":"Mihailescu, M.E., et al.: The proposition and evaluation of the RoEduNet-SIMARGL2021 network intrusion detection dataset. Sensors 21(13), 4319 (2021)","journal-title":"Sensors"},{"key":"21_CR28","doi-asserted-by":"publisher","unstructured":"Narayana Rao, K., Venkata Rao, K., PVGD, P.R.: A hybrid intrusion detection system based on sparse autoencoder and deep neural network. Comput. Commun. 180, 77\u201388 (2021). https:\/\/doi.org\/10.1016\/j.comcom.2021.08.026, https:\/\/www.sciencedirect.com\/science\/article\/pii\/S0140366421003285","DOI":"10.1016\/j.comcom.2021.08.026"},{"key":"21_CR29","doi-asserted-by":"publisher","first-page":"1075","DOI":"10.1016\/j.neucom.2022.06.002","volume":"500","author":"M Pawlicki","year":"2022","unstructured":"Pawlicki, M., Kozik, R., Chora\u015b, M.: A survey on neural networks for (cyber-) security and (cyber-) security of neural networks. Neurocomputing 500, 1075\u20131087 (2022)","journal-title":"Neurocomputing"},{"key":"21_CR30","doi-asserted-by":"crossref","unstructured":"Pawlicki, M., Pawlicka, A., Kozik, R., Chora\u015b, M.: The survey and meta-analysis of the attacks, transgressions, countermeasures and security aspects common to the cloud, edge and IoT. Neurocomputing 551, 126533 (2023)","DOI":"10.1016\/j.neucom.2023.126533"},{"issue":"12","key":"21_CR31","first-page":"669","volume":"9","author":"Y Perwej","year":"2021","unstructured":"Perwej, Y., Abbas, S.Q., Dixit, J.P., Akhtar, N., Jaiswal, A.K.: A systematic literature review on the cyber security. Int. J. Sci. Res. Manag. 9(12), 669\u2013710 (2021)","journal-title":"Int. J. Sci. Res. Manag."},{"issue":"1","key":"21_CR32","doi-asserted-by":"publisher","first-page":"12","DOI":"10.22201\/icat.24486736e.2023.21.1.2166","volume":"21","author":"S Priyanka","year":"2023","unstructured":"Priyanka, S., Vijay Bhanu, S.: A survey on variants of dos attacks: issues and defense mechanisms. J. Appl. Res. Technol. 21(1), 12\u201316 (2023)","journal-title":"J. Appl. Res. Technol."},{"key":"21_CR33","unstructured":"Radoglou-Grammatikis, P.: Securecyber: an SDN-enabled SIEM for enhanced cybersecurity in the industrial internet of things. IEEE COMSOC MMTC Commun. - Front. 18(2), 16\u201321 (2023)"},{"issue":"6","key":"21_CR34","doi-asserted-by":"publisher","first-page":"386","DOI":"10.1037\/h0042519","volume":"65","author":"F Rosenblatt","year":"1958","unstructured":"Rosenblatt, F.: The perceptron: a probabilistic model for information storage and organization in the brain. Psychol. Rev. 65(6), 386 (1958)","journal-title":"Psychol. Rev."},{"issue":"6088","key":"21_CR35","doi-asserted-by":"publisher","first-page":"533","DOI":"10.1038\/323533a0","volume":"323","author":"DE Rumelhart","year":"1986","unstructured":"Rumelhart, D.E., Hinton, G.E., Williams, R.J.: Learning representations by back-propagating errors. Nature 323(6088), 533\u2013536 (1986)","journal-title":"Nature"},{"key":"21_CR36","doi-asserted-by":"crossref","unstructured":"Rumelhart, D.E., McClelland, J.L., PDP Research\u00a0Group, C.: Parallel Distributed Processing: Explorations in the Microstructure of Cognition, vol. 1: Foundations. MIT press (1986)","DOI":"10.7551\/mitpress\/5236.001.0001"},{"key":"21_CR37","first-page":"108","volume":"1","author":"I Sharafaldin","year":"2018","unstructured":"Sharafaldin, I., Lashkari, A.H., Ghorbani, A.A.: Toward generating a new intrusion detection dataset and intrusion traffic characterization. ICISSp 1, 108\u2013116 (2018)","journal-title":"ICISSp"},{"key":"21_CR38","first-page":"1","volume":"13","author":"M Sheeraz","year":"2023","unstructured":"Sheeraz, M., et al.: Effective security monitoring using efficient SIEM architecture. Hum. - Centric Comput. Inf. Sci 13, 1\u201318 (2023)","journal-title":"Hum. - Centric Comput. Inf. Sci"},{"issue":"04","key":"21_CR39","doi-asserted-by":"publisher","first-page":"190","DOI":"10.36548\/jismac.2020.4.002","volume":"2","author":"S Smys","year":"2020","unstructured":"Smys, S., Basar, A., Wang, H., et al.: Hybrid intrusion detection system for internet of things (IoT). J. ISMAC 2(04), 190\u2013199 (2020)","journal-title":"J. ISMAC"},{"issue":"1","key":"21_CR40","doi-asserted-by":"publisher","first-page":"88","DOI":"10.1108\/ICS-09-2021-0146","volume":"31","author":"A Tariq","year":"2022","unstructured":"Tariq, A., Manzoor, J., Aziz, M.A., Tariq, Z.U.A., Masood, A.: Open source SIEM solutions for an enterprise. Inform. Comput. Secur. 31(1), 88\u2013107 (2022)","journal-title":"Inform. Comput. Secur."}],"container-title":["Lecture Notes in Networks and Systems","Proceedings of the Second International Conference on Advances in Computing Research (ACR\u201924)"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-56950-0_21","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,11,15]],"date-time":"2024-11-15T04:22:56Z","timestamp":1731644576000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-56950-0_21"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024]]},"ISBN":["9783031569494","9783031569500"],"references-count":40,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-56950-0_21","relation":{},"ISSN":["2367-3370","2367-3389"],"issn-type":[{"type":"print","value":"2367-3370"},{"type":"electronic","value":"2367-3389"}],"subject":[],"published":{"date-parts":[[2024]]},"assertion":[{"value":"29 March 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ACR","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Advances in Computing Research","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Madrid","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Spain","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2024","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"3 June 2024","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"5 June 2024","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"acr2023a","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/iicser.org\/ACR24","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}