{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,20]],"date-time":"2026-02-20T08:11:17Z","timestamp":1771575077179,"version":"3.50.1"},"publisher-location":"Singapore","reference-count":31,"publisher":"Springer Nature Singapore","isbn-type":[{"value":"9789819568871","type":"print"},{"value":"9789819568888","type":"electronic"}],"license":[{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2026]]},"DOI":"10.1007\/978-981-95-6888-8_8","type":"book-chapter","created":{"date-parts":[[2026,2,20]],"date-time":"2026-02-20T07:37:11Z","timestamp":1771573031000},"page":"110-125","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["NetDetective: Dynamic Cyber Situational Awareness"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-3735-5193","authenticated-orcid":false,"given":"Ben B.","family":"Luo","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5084-0153","authenticated-orcid":false,"given":"Alexander J.","family":"Chambers","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1028-920X","authenticated-orcid":false,"given":"Hung X.","family":"Nguyen","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2026,2,20]]},"reference":[{"key":"8_CR1","unstructured":"Arkime Community: Arkime, Arkime. http:\/\/arkime.com"},{"key":"8_CR2","doi-asserted-by":"crossref","unstructured":"Barford, P., et al.: Cyber SA: situational awareness for cyber defense. Cyber Situational Awareness: Issues and Research (2010)","DOI":"10.1007\/978-1-4419-0140-8_1"},{"key":"8_CR3","unstructured":"Battelle Energy Alliance, Cybersecurity & Infrastructure Security Agency, Malcolm. https:\/\/malcolm.fyi\/"},{"key":"8_CR4","doi-asserted-by":"publisher","unstructured":"Bent\u00e9jac, C., Cs\u00f6rg\u0151, A., Mart\u00ednez-Mu\u00f1oz, G.: A comparative analysis of gradient boosting algorithms. Artif. Intell. Rev. 54(3), 1937\u20131967 (2021). https:\/\/doi.org\/10.1007\/s10462-020-09896-5","DOI":"10.1007\/s10462-020-09896-5"},{"key":"8_CR5","doi-asserted-by":"publisher","unstructured":"Center for Infrastructure Assurance and Security, University of Texas at San Antonio, NCCDC Logs, IMPACT ID: USC-LANDER\/NCCDC logs-20160422\/Rev8424. In collab. with ANT Lab, University of Southern California. IMPACT (2016). https:\/\/doi.org\/10.23721\/115\/1354744","DOI":"10.23721\/115\/1354744"},{"key":"8_CR6","unstructured":"CyberCX. Digital Forensics and Incident Response, CyberCX (2023). https:\/\/cybercx.com.au\/solutions\/digital-forensics-and-incident-response\/"},{"key":"8_CR7","unstructured":"Cybersecurity & Infrastructure Security Agency, Situational Awareness and Incident Response\u2014CISA (2024). https:\/\/www.cisa.gov\/resources-tools\/programs\/situational-awareness-and-incident-response"},{"key":"8_CR8","doi-asserted-by":"publisher","unstructured":"Du, F., Zhang, Y., Bao, X., Liu, B.: FENet: roles classification of IP addresses using connection patterns. In: 2019 IEEE 2nd International Conference on Information and Computer Technologies (ICICT), pp. 158\u2013164 (2019). https:\/\/doi.org\/10.1109\/INFOCT.2019.8711412","DOI":"10.1109\/INFOCT.2019.8711412"},{"issue":"1","key":"8_CR9","first-page":"3133","volume":"15","author":"M Fern\u00e1ndez-Delgado","year":"2014","unstructured":"Fern\u00e1ndez-Delgado, M., Cernadas, E., Barro, S., Amorim, D.: Do we need hundreds of classifiers to solve real world classification problems? J. Mach. Learn. Res. 15(1), 3133\u20133181 (2014)","journal-title":"J. Mach. Learn. Res."},{"key":"8_CR10","doi-asserted-by":"publisher","unstructured":"Ferrag, M.A., Maglaras, L., Moschoyiannis, S., Janicke, H.: Deep learning for cyber security intrusion detection: approaches, datasets, and comparative study. J. Inf. Secur. Appl. 50, 102419 (2020). https:\/\/doi.org\/10.1016\/j.jisa.2019.102419","DOI":"10.1016\/j.jisa.2019.102419"},{"key":"8_CR11","first-page":"507","volume":"35","author":"L Grinsztajn","year":"2022","unstructured":"Grinsztajn, L., Oyallon, E., Varoquaux, G.: Why do tree-based models still outperform deep learning on typical tabular data? Adv. Neural. Inf. Process. Syst. 35, 507\u2013520 (2022)","journal-title":"Adv. Neural. Inf. Process. Syst."},{"key":"8_CR12","unstructured":"Huawei. Situational Awareness - Huawei (2024). https:\/\/support.huawei.com\/enterprise\/en\/doc\/EDOC1100202622"},{"key":"8_CR13","doi-asserted-by":"publisher","unstructured":"Jirsik, T., Velan, P.: Host behavior in computer network: one-year study. IEEE Trans. Netw. Serv. Manage. 18(1), 822\u2013838 (2021). https:\/\/doi.org\/10.1109\/TNSM.2020.3036528","DOI":"10.1109\/TNSM.2020.3036528"},{"key":"8_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"186","DOI":"10.1007\/978-3-540-71617-4_19","volume-title":"Passive and Active Network Measurement","author":"T Karagiannis","year":"2007","unstructured":"Karagiannis, T., Papagiannaki, K., Taft, N., Faloutsos, M.: Profiling the end host. In: Uhlig, S., Papagiannaki, K., Bonaventure, O. (eds.) PAM 2007. LNCS, vol. 4427, pp. 186\u2013196. Springer, Heidelberg (2007). https:\/\/doi.org\/10.1007\/978-3-540-71617-4_19"},{"key":"8_CR15","doi-asserted-by":"publisher","unstructured":"Kilincer, I.F., Ertam, F., Sengur, A.: Machine learning methods for cyber security intrusion detection: datasets and comparative study. Comput. Netw. 188, 107840 (2021). https:\/\/doi.org\/10.1016\/j.comnet.2021.107840","DOI":"10.1016\/j.comnet.2021.107840"},{"key":"8_CR16","doi-asserted-by":"publisher","unstructured":"Li, B., Gunes, M.H., Bebis, G., Springer, J.: A supervised machine learning approach to classify host roles on line using sFlow. In: Proceedings of the First Edition Workshop on High Performance and Programmable Networking, HPPN 2013, pp. 53\u201360. Association for Computing Machinery, New York (2013). https:\/\/doi.org\/10.1145\/2465839.2465847","DOI":"10.1145\/2465839.2465847"},{"key":"8_CR17","doi-asserted-by":"publisher","unstructured":"Lyu, M., Habibi Gharakheili, H., Sivaraman, V.: Classifying and tracking enterprise assets via dual-grained network behavioral analysis. Comput. Netw. 218, 109387 (2022). https:\/\/doi.org\/10.1016\/j.comnet.2022.109387","DOI":"10.1016\/j.comnet.2022.109387"},{"key":"8_CR18","unstructured":"Mandiant. Cyber Incident Response Services\u2014Incident Remediation, Mandiant (2023). https:\/\/www.mandiant.com\/services\/incident-response\/incident-response-service"},{"key":"8_CR19","unstructured":"Mandiant. The Defender\u2019s Advantage: A Guide to Activating Cyber Defense (2021)"},{"issue":"29","key":"8_CR20","doi-asserted-by":"publisher","first-page":"861","DOI":"10.21105\/joss.00861","volume":"3","author":"L McInnes","year":"2018","unstructured":"McInnes, L., Healy, J., Saul, N., Grossberger, L.: UMAP: uniform manifold approximation and projection. J. Open Sour. Softw. 3(29), 861 (2018)","journal-title":"J. Open Sour. Softw."},{"key":"8_CR21","doi-asserted-by":"publisher","unstructured":"Millar, K., Cheng, A., Chew, H.G., Lim, C.-C.: Clustering network-connected devices using affiliation graphs. In: 2021 International Conference on Machine Learning and Cybernetics (ICMLC), pp. 1\u20137 (2021). https:\/\/doi.org\/10.1109\/ICMLC54886.2021.9737153","DOI":"10.1109\/ICMLC54886.2021.9737153"},{"key":"8_CR22","doi-asserted-by":"publisher","unstructured":"Moustafa, N.: A new distributed architecture for evaluating AI-based security systems at the edge: network $${\\rm TO}_{\\rm IoT}$$ datasets. Sustain. Cities Soc. 72, 102994 (2021). https:\/\/doi.org\/10.1016\/j.scs.2021.102994","DOI":"10.1016\/j.scs.2021.102994"},{"key":"8_CR23","unstructured":"NVIDIA. What Is XGBoost? NVIDIA Data Science Glossary. https:\/\/www.nvidia.com\/en-us\/glossary\/xgboost\/"},{"key":"8_CR24","first-page":"2825","volume":"12","author":"F Pedregosa","year":"2011","unstructured":"Pedregosa, F., et al.: Scikit-learn: machine learning in python. J. Mach. Learn. Res. 12, 2825\u20132830 (2011)","journal-title":"J. Mach. Learn. Res."},{"key":"8_CR25","unstructured":"Pomerleau, M.: Hand-to-hand combat on computer networks: how cyber threat hunters work. C4ISRNet (2021). https:\/\/www.c4isrnet.com\/cyber\/2021\/01\/29\/hand-to-hand-combat-on-computer-networks-how-cyber-threat-hunters-work\/"},{"key":"8_CR26","unstructured":"Schulz, A.E., Kotson, M.C., Zipkin, J.R.: Cyber network mission dependencies. Massachusetts Inst of Tech Lexington Lincoln Lab (2015)"},{"key":"8_CR27","doi-asserted-by":"publisher","unstructured":"Sharafaldin, I., Gharib, A., Lashkari, A.H., Ghorbani, A.A.: Towards a reliable intrusion detection benchmark dataset. JSN 2017(1), 177\u2013200 (2017). https:\/\/doi.org\/10.13052\/jsn2445-9739.2017.009","DOI":"10.13052\/jsn2445-9739.2017.009"},{"key":"8_CR28","unstructured":"Snyder, D., et al.: Wing-level mission assurance for a cyber-contested environment. RAND Corporation (2021)"},{"key":"8_CR29","unstructured":"XGBoost. Distributed (deep) machine learning community (2024)"},{"key":"8_CR30","doi-asserted-by":"publisher","unstructured":"Zhang, J., Feng, H., Liu, B., Zhao, D.: Survey of technology in network security situation awareness. Sensors 23(5), 2608 (2023). https:\/\/doi.org\/10.3390\/s23052608","DOI":"10.3390\/s23052608"},{"key":"8_CR31","doi-asserted-by":"publisher","unstructured":"Zola, F., Segurola-Gil, L., Bruse, J.L., Galar, M., Orduna-Urrutia, R.: Network traffic analysis through node behaviour classification: a graph-based approach with temporal dissection and data-level preprocessing. Comput. Secur. 115, 102632 (2022). https:\/\/doi.org\/10.1016\/j.cose.2022.102632","DOI":"10.1016\/j.cose.2022.102632"}],"container-title":["Communications in Computer and Information Science","Data Science and Machine Learning"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-981-95-6888-8_8","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,2,20]],"date-time":"2026-02-20T07:37:13Z","timestamp":1771573033000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-981-95-6888-8_8"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026]]},"ISBN":["9789819568871","9789819568888"],"references-count":31,"URL":"https:\/\/doi.org\/10.1007\/978-981-95-6888-8_8","relation":{},"ISSN":["1865-0929","1865-0937"],"issn-type":[{"value":"1865-0929","type":"print"},{"value":"1865-0937","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026]]},"assertion":[{"value":"20 February 2026","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"AusDM","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Australasian Conference on Data Science and Machine Learning","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Melbourne, VIC","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Australia","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2024","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"24 November 2024","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"26 November 2024","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"22","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"ausdm2024","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/ausdm24.ausdm.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}