{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,5]],"date-time":"2026-04-05T00:47:22Z","timestamp":1775350042737,"version":"3.50.1"},"publisher-location":"Berlin, Heidelberg","reference-count":36,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783540231233","type":"print"},{"value":"9783540301431","type":"electronic"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2004]]},"DOI":"10.1007\/978-3-540-30143-1_6","type":"book-chapter","created":{"date-parts":[[2010,9,18]],"date-time":"2010-09-18T23:59:24Z","timestamp":1284854364000},"page":"102-124","source":"Crossref","is-referenced-by-count":104,"title":["Using Adaptive Alert Classification to Reduce False Positives in Intrusion Detection"],"prefix":"10.1007","author":[{"given":"Tadeusz","family":"Pietraszek","sequence":"first","affiliation":[]}],"member":"297","reference":[{"key":"6_CR1","unstructured":"Anderson, J.P.: Computer security threat monitoring and surveillance. Technical report, James P. Anderson Co. (1980)"},{"key":"6_CR2","doi-asserted-by":"crossref","unstructured":"Axelsson, S.: The base-rate fallacy and its implications for the intrusion detection. In: Proceedings of the 6th ACM conference on Computer and Communications Security, Kent Ridge Digital Labs, Singapore, pp. 1\u20137 (1999)","DOI":"10.1145\/319709.319710"},{"key":"6_CR3","unstructured":"Bloedorn, E., Hill, B., Christiansen, A., Skorupka, C., Talbot, L., Tivel, J.: Data Mining for Improving Intrusion Detection. Technical report, MITRE (2000)"},{"key":"6_CR4","first-page":"115","volume-title":"Proceedings of the 12th International Conference on Machine Learning","author":"W.W. Cohen","year":"1995","unstructured":"Cohen, W.W.: Fast effective rule induction. In: Prieditis, A., Russell, S. (eds.) Proceedings of the 12th International Conference on Machine Learning, Tahoe City, CA, pp. 115\u2013123. Morgan Kaufmann, San Francisco (1995)"},{"key":"6_CR5","doi-asserted-by":"crossref","unstructured":"Cuppens, F.: Managing alerts in multi-intrusion detection environment. In: Proceedings 17th Annual Computer Security Applications Conference, New Orleans, pp. 22\u201331 (2001)","DOI":"10.1109\/ACSAC.2001.991518"},{"key":"6_CR6","unstructured":"Dain, O., Cunningham, R.K.: Fusing a heterogeneous alert stream into scenarios. In: Proc. of the 2001 ACM Workshop on Data Mining for Security Application, Philadelphia, PA, pp. 1\u201313 (2001)"},{"key":"6_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"85","DOI":"10.1007\/3-540-45474-8_6","volume-title":"Recent Advances in Intrusion Detection","author":"H. Debar","year":"2001","unstructured":"Debar, H., Wespi, A.: Aggregation and correlation of intrusion-detection alerts. In: Lee, W., M\u00e9, L., Wespi, A. (eds.) RAID 2001. LNCS, vol.\u00a02212, pp. 85\u2013103. Springer, Heidelberg (2001)"},{"key":"6_CR8","doi-asserted-by":"publisher","first-page":"222","DOI":"10.1109\/TSE.1987.232894","volume":"SE-13","author":"D.E. Denning","year":"1987","unstructured":"Denning, D.E.: An intrusion detection model. IEEE Transactions on Software Engineering\u00a0SE-13, 222\u2013232 (1987)","journal-title":"IEEE Transactions on Software Engineering"},{"key":"6_CR9","doi-asserted-by":"crossref","unstructured":"Domingos, P.: Metacost: A General Method for Making Classifiers Cost-Sensitive. In: Proceedings of the Fifth ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, San Diego, California, pp. 155\u2013164 (1999)","DOI":"10.1145\/312129.312220"},{"key":"6_CR10","unstructured":"Fan, W.: Cost-Sensitive, Scalable and Adaptive Learning Using Ensemble-based Methods. PhD thesis, Columbia University (2001)"},{"key":"6_CR11","unstructured":"Fawcett, T.: ROC graphs: Note and practical considerations for researchers (HPL- 2003-4). Technical report, HP Laboratories (2003)"},{"key":"6_CR12","first-page":"215","volume":"13","author":"C. Giraud-Carrier","year":"2000","unstructured":"Giraud-Carrier, C.: A Note on the Utility of Incremental Learning. AI Communications\u00a013, 215\u2013223 (2000)","journal-title":"AI Communications"},{"key":"6_CR13","unstructured":"Hettich, S., Bay, S.D.: The UCI KDD Archive. Web page at \n                    \n                      http:\/\/kdd.ics.uci.edu\n                    \n                    \n                   (1999)"},{"key":"6_CR14","unstructured":"Jacobson, V., Leres, C., McCanne, S.: TCPDUMP public repository. Web page at \n                    \n                      http:\/\/www.tcpdump.org\/\n                    \n                    \n                   (2003)"},{"key":"6_CR15","unstructured":"Julisch, K.: Using Root Cause Analysis to Handle Intrusion Detection Alarms. PhD thesis, University of Dortmund (2003)"},{"key":"6_CR16","unstructured":"Lavra\u010d, N., D\u017eeroski, S.: Inductive Logic Programming: Techniques and Applications. Ellis Horwood (1994)"},{"key":"6_CR17","unstructured":"Lee, W.: A Data Mining Framework for Constructing Features and Models for Intrusion Detection Systems. PhD thesis, Columbia University (1999)"},{"key":"6_CR18","doi-asserted-by":"crossref","first-page":"5","DOI":"10.3233\/JCS-2002-101-202","volume":"10","author":"W. Lee","year":"2002","unstructured":"Lee, W., Fan, W., Miller, M., Stolfo, S.J., Zadok, E.: Toward cost-sensitive modeling for intrusion detection and response. Journal of Computer Security\u00a010, 5\u201322 (2002)","journal-title":"Journal of Computer Security"},{"key":"6_CR19","doi-asserted-by":"crossref","first-page":"579","DOI":"10.1016\/S1389-1286(00)00139-0","volume":"34","author":"R. Lippmann","year":"2000","unstructured":"Lippmann, R., Haines, J.W., Fried, D.J., Korba, J., Das, K.: The 1999 DARPA Off-Line Intrusion Detection Evaluation. Computer Networks: The International Journal of Computer and Telecommunications Networking\u00a034, 579\u2013595 (2000)","journal-title":"Computer Networks: The International Journal of Computer and Telecommunications Networking"},{"key":"6_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"307","DOI":"10.1007\/3-540-36084-0_17","volume-title":"Recent Advances in Intrusion Detection","author":"R. Lippmann","year":"2002","unstructured":"Lippmann, R., Webster, S., Stetson, D.: The effect of identifying vulnerabilities and patching software on the utility of network intrusion detection. In: Wespi, A., Vigna, G., Deri, L. (eds.) RAID 2002. LNCS, vol.\u00a02516, pp. 307\u2013326. Springer, Heidelberg (2002)"},{"key":"6_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"220","DOI":"10.1007\/978-3-540-45248-5_13","volume-title":"Recent Advances in Intrusion Detection","author":"M.V. Mahoney","year":"2003","unstructured":"Mahoney, M.V., Chan, P.K.: An Analysis of the 1999 DARPA\/Lincoln Laboratory Evaluation Data for Network Anomaly Detection. In: Vigna, G., Kr\u00fcgel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol.\u00a02820, pp. 220\u2013237. Springer, Heidelberg (2003)"},{"key":"6_CR22","series-title":"Lecture Notes in Artificial Intelligence","doi-asserted-by":"publisher","first-page":"16","DOI":"10.1007\/3-540-48050-1_4","volume-title":"Foundations of Intelligent Systems","author":"M.A. Maloof","year":"2002","unstructured":"Maloof, M.A., Michalski, R.S.: Incremental learning with partial instance memory. In: Hacid, M.-S., Ra\u015b, Z.W., Zighed, D.A., Kodratoff, Y. (eds.) ISMIS 2002. LNCS (LNAI), vol.\u00a02366, pp. 16\u201327. Springer, Heidelberg (2002)"},{"key":"6_CR23","doi-asserted-by":"crossref","first-page":"571","DOI":"10.1016\/S1389-1286(00)00138-9","volume":"34","author":"S. Manganaris","year":"2000","unstructured":"Manganaris, S., Christensen, M., Zerkle, D., Hermiz, K.: A Data Mining Analysis of RTID Alarms. Computer Networks: The International Journal of Computer and Telecommunications Networking\u00a034, 571\u2013577 (2000)","journal-title":"Computer Networks: The International Journal of Computer and Telecommunications Networking"},{"key":"6_CR24","first-page":"615","volume-title":"Proceedings of the 2002 ACM Symposium on Applied Computing","author":"J. Mar\u00eda","year":"2002","unstructured":"Mar\u00eda, J., Hidalgo, G.: Evaluating cost-sensitive unsolicited bulk email categorization. In: Proceedings of the 2002 ACM Symposium on Applied Computing, pp. 615\u2013620. Springer, Heidelberg (2002)"},{"key":"6_CR25","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"145","DOI":"10.1007\/3-540-39945-3_10","volume-title":"Recent Advances in Intrusion Detection","author":"J. McHugh","year":"2000","unstructured":"McHugh, J.: The 1998 Lincoln Laboratory IDS Evaluation. A critique. In: Debar, H., M\u00e9, L., Wu, S.F. (eds.) RAID 2000. LNCS, vol.\u00a01907, pp. 145\u2013161. Springer, Heidelberg (2000)"},{"key":"6_CR26","unstructured":"Michalski, R.: On the quasi-minimal solution of the general covering problem. In: Proceedings of the V International Symposium on Information Processing (FCIP 1969) (Switching Circuits), Yugoslavia, Bled, vol.\u00a0A3, pp. 125\u2013128 (1969)"},{"key":"6_CR27","unstructured":"Mitchel, T.M.: Machine Learning. Mc Graw Hill (1997)"},{"key":"6_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"115","DOI":"10.1007\/3-540-36084-0_7","volume-title":"Recent Advances in Intrusion Detection","author":"B. Morin","year":"2002","unstructured":"Morin, B., M\u00e9, L., Debar, H., Ducasse, M.: M2D2: A formal data model for IDS alert correlation. In: Wespi, A., Vigna, G., Deri, L. (eds.) RAID 2002. LNCS, vol.\u00a02516, pp. 115\u2013137. Springer, Heidelberg (2002)"},{"key":"6_CR29","doi-asserted-by":"publisher","first-page":"203","DOI":"10.1023\/A:1007601015854","volume":"42","author":"F. Provost","year":"2001","unstructured":"Provost, F., Fawcett, T.: Robust classification for impresice environments. Machine Learning Journal\u00a042, 203\u2013231 (2001)","journal-title":"Machine Learning Journal"},{"key":"6_CR30","volume-title":"C4.5: Programs for Machine Learning","author":"R. Quinlan","year":"1993","unstructured":"Quinlan, R.: C4.5: Programs for Machine Learning. Morgan Kaufman, San Francisco (1993)"},{"key":"6_CR31","unstructured":"Roesch, M.: SNORT. The Open Source Network Intrusion System. Web page at \n                    \n                      http:\/\/www.snort.org\n                    \n                    \n                   (1998\u20132003)"},{"key":"6_CR32","doi-asserted-by":"crossref","unstructured":"Sommer, R., Paxson, V.: Enhancing Byte-Level Network Intrusion Detection Signatures with Context. In: Proceedings of the 10th ACM conference on Computer and Communication Security, Washington, DC, pp. 262\u2013271 (2003)","DOI":"10.1145\/948109.948145"},{"key":"6_CR33","series-title":"Lecture Notes in Artificial Intelligence","doi-asserted-by":"publisher","first-page":"139","DOI":"10.1007\/BFb0094814","volume-title":"Principles of Data Mining and Knowledge Discovery","author":"K. Ting","year":"1998","unstructured":"Ting, K.: Inducing cost-sensitive trees via instance weighting. In: \u017bytkow, J.M. (ed.) PKDD 1998. LNCS (LNAI), vol.\u00a01510, pp. 139\u2013147. Springer, Heidelberg (1998)"},{"key":"6_CR34","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"54","DOI":"10.1007\/3-540-45474-8_4","volume-title":"Recent Advances in Intrusion Detection","author":"A. Valdes","year":"2001","unstructured":"Valdes, A., Skinner, K.: Probabilistic alert correlation. In: Lee, W., M\u00e9, L., Wespi, A. (eds.) RAID 2001. LNCS, vol.\u00a02212, pp. 54\u201368. Springer, Heidelberg (2001)"},{"key":"6_CR35","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"512","DOI":"10.1007\/3-540-45439-X_36","volume-title":"Information Security","author":"J. Wang","year":"2001","unstructured":"Wang, J., Lee, I.: Measuring false-positive by automated real-time correlated hacking behavior analysis. In: Davida, G.I., Frankel, Y. (eds.) ISC 2001. LNCS, vol.\u00a02200, p. 512. Springer, Heidelberg (2001)"},{"key":"6_CR36","volume-title":"Data Mining: Practical machine learning tools with Java implementations","author":"I.H. Witten","year":"2000","unstructured":"Witten, I.H., Frank, E.: Data Mining: Practical machine learning tools with Java implementations. Morgan Kaufmann, San Francisco (2000)"}],"container-title":["Lecture Notes in Computer Science","Recent Advances in Intrusion Detection"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-540-30143-1_6.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,5,3]],"date-time":"2021-05-03T03:52:23Z","timestamp":1620013943000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-540-30143-1_6"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2004]]},"ISBN":["9783540231233","9783540301431"],"references-count":36,"URL":"https:\/\/doi.org\/10.1007\/978-3-540-30143-1_6","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2004]]}}}