{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,11]],"date-time":"2025-09-11T19:06:24Z","timestamp":1757617584596,"version":"3.44.0"},"publisher-location":"Singapore","reference-count":36,"publisher":"Springer Nature Singapore","isbn-type":[{"type":"print","value":"9789819624164"},{"type":"electronic","value":"9789819624171"}],"license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-981-96-2417-1_16","type":"book-chapter","created":{"date-parts":[[2025,3,3]],"date-time":"2025-03-03T09:52:44Z","timestamp":1740995564000},"page":"295-312","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["FAF-BM: An Approach for False Alerts Filtering Using BERT Model with Semi-supervised Active Learning"],"prefix":"10.1007","author":[{"given":"Dan","family":"Du","sequence":"first","affiliation":[]},{"given":"Yunpeng","family":"Li","sequence":"additional","affiliation":[]},{"given":"Yiyang","family":"Cao","sequence":"additional","affiliation":[]},{"given":"Yuling","family":"Liu","sequence":"additional","affiliation":[]},{"given":"Guozhu","family":"Meng","sequence":"additional","affiliation":[]},{"given":"Ning","family":"Li","sequence":"additional","affiliation":[]},{"given":"Dongxu","family":"Han","sequence":"additional","affiliation":[]},{"given":"Huamin","family":"Feng","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,3,4]]},"reference":[{"key":"16_CR1","doi-asserted-by":"crossref","unstructured":"Abouabdalla, O., El-Taj, H., Manasrah, A., Ramadass, S.: False positive reduction in intrusion detection system: a survey. In: 2009 2nd IEEE International Conference on Broadband Network & Multimedia Technology, pp. 463\u2013466. IEEE, Beijing, China (2009)","DOI":"10.1109\/ICBNMT.2009.5348536"},{"key":"16_CR2","doi-asserted-by":"crossref","unstructured":"Abu\u00a0Afza, A.J.M., Uddin, M.S.: Intrusion detection learning algorithm through network mining. In: 16th International Conference on Computer and Information Technology, pp. 490\u2013495. IEEE, Khulna (2014)","DOI":"10.1109\/ICCITechn.2014.6997324"},{"key":"16_CR3","unstructured":"Alahmadi, B.A., Axon, L., Martinovic, I.: 99% false positives: a qualitative study of soc analysts\u2019 perspectives on security alarms, pp. 2783\u20132800 (2022)"},{"key":"16_CR4","doi-asserted-by":"crossref","unstructured":"Almgren, M., Jonsson, E.: Using active learning in intrusion detection. In: Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004, pp. 88\u201398. IEEE, Pacific Grove, CA, USA (2004)","DOI":"10.1109\/CSFW.2004.1310734"},{"key":"16_CR5","doi-asserted-by":"crossref","unstructured":"Ban, T., Takahashi, T., Ndichu, E.A.: Breaking alert fatigue: AI-assisted SIEM framework for effective incident response. Appl. Sci. 13(11), 6610 (2023)","DOI":"10.3390\/app13116610"},{"key":"16_CR6","doi-asserted-by":"crossref","unstructured":"Behera, S.K., Dash, R.: Fine-tuning of a BERT-based uncased model for unbalanced text classification. In: Mohanty, M.N., Das, S. (eds.) Advances in Intelligent Computing and Communication, pp. 377\u2013384. Springer Nature, Singapore (2022)","DOI":"10.1007\/978-981-19-0825-5_40"},{"key":"16_CR7","series-title":"Lecture Notes in Computer Science (Lecture Notes in Artificial Intelligence)","doi-asserted-by":"publisher","first-page":"595","DOI":"10.1007\/978-3-642-14400-4_46","volume-title":"Advances in Data Mining. Applications and Theoretical Aspects","author":"C-Y Chiu","year":"2010","unstructured":"Chiu, C.-Y., Lee, Y.-J., Chang, C.-C., Luo, W.-Y., Huang, H.-C.: Semi-supervised learning for false alarm reduction. In: Perner, P. (ed.) ICDM 2010. LNCS (LNAI), vol. 6171, pp. 595\u2013605. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-14400-4_46"},{"key":"16_CR8","doi-asserted-by":"crossref","unstructured":"De\u00a0Alvarenga, S.C., Barbon, S., Miani, R.S., et\u00a0al., C.: Process mining and hierarchical clustering to help intrusion alert visualization. Comput. Secur. 73, 474\u2013491 (2018)","DOI":"10.1016\/j.cose.2017.11.021"},{"key":"16_CR9","unstructured":"Devlin, J., Chang, et\u00a0al.: BERT: pre-training of deep bidirectional transformers for language understanding. In: Proceedings of the 2019 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies, vol. 1 (Long and Short Papers), pp. 4171\u20134186. Association for Computational Linguistics, Minneapolis, Minnesota (2019)"},{"key":"16_CR10","doi-asserted-by":"crossref","unstructured":"Doak, J.E., Ingram, J., Shelburg, J., Johnson, J., Rohrer, B.R.: Active learning for alert triage. In: 2013 12th International Conference on Machine Learning and Applications, pp. 34\u201339. IEEE, Miami, FL, USA (2013)","DOI":"10.1109\/ICMLA.2013.102"},{"key":"16_CR11","doi-asserted-by":"crossref","unstructured":"Ede, T.V., et al.: DEEPCASE: semi-supervised contextual analysis of security events. In: 2022 IEEE Symposium on Security and Privacy (SP), pp. 522\u2013539. IEEE, San Francisco, CA, USA (2022)","DOI":"10.1109\/SP46214.2022.9833671"},{"key":"16_CR12","doi-asserted-by":"crossref","unstructured":"Fang, Y., et al.: EVA: Exploring the Limits of Masked Visual Representation Learning at Scale, pp. 19358\u201319369 (2023)","DOI":"10.1109\/CVPR52729.2023.01855"},{"key":"16_CR13","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.comcom.2014.04.012","volume":"49","author":"N Hubballi","year":"2014","unstructured":"Hubballi, N., Suryanarayanan, V.: False alarm minimization techniques in signature-based intrusion detection systems: a survey. Comput. Commun. 49, 1\u201317 (2014)","journal-title":"Comput. Commun."},{"key":"16_CR14","doi-asserted-by":"crossref","unstructured":"Jazzar, M., Jantan, A.B.: Using fuzzy cognitive maps to reduce false alerts in SOM-based intrusion detection sensors. In: 2008 Second Asia International Conference on Modelling & Simulation (AMS), pp. 1054\u20131060. IEEE (2008)","DOI":"10.1109\/AMS.2008.32"},{"issue":"4","key":"16_CR15","doi-asserted-by":"publisher","first-page":"3466","DOI":"10.1109\/TDSC.2022.3201582","volume":"20","author":"M Landauer","year":"2023","unstructured":"Landauer, M., Skopik, F., Frank, M., Hotwagner, W., Wurzenberger, M., Rauber, A.: Maintainable log datasets for evaluation of intrusion detection systems. IEEE Trans. Dependable Secure Comput. 20(4), 3466\u20133482 (2023)","journal-title":"IEEE Trans. Dependable Secure Comput."},{"key":"16_CR16","doi-asserted-by":"crossref","unstructured":"Landauer, M., Skopik, F., Wurzenberger, M.: Introducing a New Alert Data Set for Multi-Step Attack Analysis, August 2023. http:\/\/arxiv.org\/abs\/2308.12627","DOI":"10.1145\/3675741.3675748"},{"key":"16_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"114","DOI":"10.1007\/978-3-540-31815-6_10","volume-title":"Information Security Applications","author":"KH Law","year":"2005","unstructured":"Law, K.H., Kwok, L.F.: IDS false alarm filtering using KNN classifier. In: Lim, C.H., Yung, M. (eds.) WISA 2004. LNCS, vol. 3325, pp. 114\u2013121. Springer, Heidelberg (2005). https:\/\/doi.org\/10.1007\/978-3-540-31815-6_10"},{"key":"16_CR18","first-page":"1","volume":"2018","author":"G Li","year":"2018","unstructured":"Li, G., Yan, Z., Fu, Y., Chen, H.: Data fusion for network intrusion detection: a review. Secur. Commun. Netw. 2018, 1\u201316 (2018)","journal-title":"Secur. Commun. Netw."},{"key":"16_CR19","doi-asserted-by":"publisher","first-page":"286","DOI":"10.1016\/j.ins.2021.01.045","volume":"561","author":"H Li","year":"2021","unstructured":"Li, H., et al.: Learning adaptive criteria weights for active semi-supervised learning. Inf. Sci. 561, 286\u2013303 (2021)","journal-title":"Inf. Sci."},{"key":"16_CR20","doi-asserted-by":"crossref","unstructured":"Li, W., Meng, W., Luo, X., Kwok, L.F.: MVPSys : toward practical multi-view based false alarm reduction system in network intrusion detection. Comput. Secur. 60, 177\u2013192 (2016)","DOI":"10.1016\/j.cose.2016.04.007"},{"key":"16_CR21","doi-asserted-by":"crossref","unstructured":"Lin, Z., Akin, H., Rao, R., Hie, B., Zhu, E.A.: Evolutionary-scale prediction of atomic-level protein structure with a language model. Science 379(6637), 1123\u20131130 (2023)","DOI":"10.1126\/science.ade2574"},{"key":"16_CR22","doi-asserted-by":"crossref","unstructured":"Liu, J., Li, S., Zhang, R.: Algorithm of reducing the false positives in IDS based on correlation analysis. In: IOP Conference Series: Materials Science and Engineering, vol. 322, p. 062016 (2018)","DOI":"10.1088\/1757-899X\/322\/6\/062016"},{"key":"16_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"483","DOI":"10.1007\/978-3-642-35362-8_36","volume-title":"Cyberspace Safety and Security","author":"Y Meng","year":"2012","unstructured":"Meng, Y., Kwok, L.: Intrusion detection using disagreement-based semi-supervised learning: detection enhancement and false alarm reduction. In: Xiang, Y., Lopez, J., Kuo, C.-C.J., Zhou, W. (eds.) CSS 2012. LNCS, vol. 7672, pp. 483\u2013497. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-35362-8_36"},{"key":"16_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-642-38033-4_1","volume-title":"Information Security Practice and Experience","author":"Y Meng","year":"2013","unstructured":"Meng, Y., Kwok, L.-F.: Enhancing false alarm reduction using pool-based active learning in network intrusion detection. In: Deng, R.H., Feng, T. (eds.) ISPEC 2013. LNCS, vol. 7863, pp. 1\u201315. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-38033-4_1"},{"key":"16_CR25","doi-asserted-by":"publisher","first-page":"50","DOI":"10.1016\/j.comcom.2013.11.001","volume":"38","author":"Y Meng","year":"2014","unstructured":"Meng, Y., Kwok, L.F.: Adaptive non-critical alarm reduction using hash-based contextual signatures in intrusion detection. Comput. Commun. 38, 50\u201359 (2014)","journal-title":"Comput. Commun."},{"key":"16_CR26","unstructured":"MIT Lincoln Laboratory: Darpa lldos 1.0 (2000). https:\/\/www.ll.mit.edu\/r-d\/datasets\/2000-darpa-intrusion-detection-scenario-specific-datasets. Accessed 07 Apr 2024"},{"key":"16_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"102","DOI":"10.1007\/978-3-540-30143-1_6","volume-title":"Recent Advances in Intrusion Detection","author":"T Pietraszek","year":"2004","unstructured":"Pietraszek, T.: Using adaptive alert classification to reduce false positives in intrusion detection. In: Jonsson, E., Valdes, A., Almgren, M. (eds.) RAID 2004. LNCS, vol. 3224, pp. 102\u2013124. Springer, Heidelberg (2004). https:\/\/doi.org\/10.1007\/978-3-540-30143-1_6"},{"key":"16_CR28","unstructured":"Settles, B.: Active learning literature survey (2009)"},{"issue":"23","key":"16_CR29","doi-asserted-by":"publisher","first-page":"4755","DOI":"10.3390\/electronics12234755","volume":"12","author":"HG Shon","year":"2023","unstructured":"Shon, H.G., Lee, Y., Yoon, M.: Semi-supervised alert filtering for network security. Electronics 12(23), 4755 (2023)","journal-title":"Electronics"},{"issue":"4","key":"16_CR30","first-page":"820","volume":"11","author":"A Tharwat","year":"2023","unstructured":"Tharwat, A., Schenck, W.: A survey on active learning: state-of-the-art. Pract. Chall. Res. Dir. Math. 11(4), 820 (2023)","journal-title":"Pract. Chall. Res. Dir. Math."},{"key":"16_CR31","doi-asserted-by":"crossref","unstructured":"Vu, Q.H., Ruta, D., Cen, L.: Gradient boosting decision trees for cyber security threats detection based on network events logs. In: 2019 IEEE International Conference on Big Data, pp. 5921\u20135928. IEEE, Los Angeles, CA, USA (2019)","DOI":"10.1109\/BigData47090.2019.9006061"},{"key":"16_CR32","doi-asserted-by":"crossref","unstructured":"Wang, T., Zhang, C., Lu, Z., Du, D., Han, Y.: Identifying truly suspicious events and false alarms based on alert graph. In: 2019 IEEE International Conference on Big Data (Big Data), pp. 5929\u20135936. IEEE, Los Angeles, CA, USA (2019)","DOI":"10.1109\/BigData47090.2019.9006555"},{"key":"16_CR33","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2023.103583","volume":"137","author":"X Wang","year":"2023","unstructured":"Wang, X., Yang, X., Liang, X., Zhang, X., Zhang, W., Gong, X.: Combating alert fatigue with AlertPro: context-aware alert prioritization using reinforcement learning for multi-step attack detection. Comput. Secur. 137, 103583 (2023)","journal-title":"Comput. Secur."},{"key":"16_CR34","unstructured":"Wang, Y., Chen, H., Heng, Q., et\u00a0al.: FreeMatch: self-adaptive thresholding for semi-supervised learning (2023). http:\/\/arxiv.org\/abs\/2205.07246"},{"key":"16_CR35","unstructured":"Yuan, Z., et al.: DualTeacher: bridging coexistence of unlabelled classes for semi-supervised incremental object detection (2023). http:\/\/arxiv.org\/abs\/2401.05362"},{"key":"16_CR36","doi-asserted-by":"crossref","unstructured":"Zhao, X., Greenberg, J., An, Y., Hu, X.T.: Fine-tuning BERT model for materials named entity recognition. In: 2021 IEEE International Conference on Big Data (Big Data), pp. 3717\u20133720. IEEE, Orlando, FL, USA (2021)","DOI":"10.1109\/BigData52589.2021.9671697"}],"container-title":["Lecture Notes in Computer Science","Science of Cyber Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-981-96-2417-1_16","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,9,6]],"date-time":"2025-09-06T06:59:22Z","timestamp":1757141962000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-981-96-2417-1_16"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"ISBN":["9789819624164","9789819624171"],"references-count":36,"URL":"https:\/\/doi.org\/10.1007\/978-981-96-2417-1_16","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2025]]},"assertion":[{"value":"4 March 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"SciSec","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Science of Cyber Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Copenhagen","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Denmark","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2024","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"14 August 2024","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"16 August 2024","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"6","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"scisec2024","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/www.scisec.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}