{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,14]],"date-time":"2025-06-14T04:08:10Z","timestamp":1749874090031,"version":"3.41.0"},"publisher-location":"Singapore","reference-count":33,"publisher":"Springer Nature Singapore","isbn-type":[{"value":"9789819655656","type":"print"},{"value":"9789819655663","type":"electronic"}],"license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-981-96-5566-3_22","type":"book-chapter","created":{"date-parts":[[2025,6,13]],"date-time":"2025-06-13T20:22:54Z","timestamp":1749846174000},"page":"443-464","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Pre-trained Language Models for\u00a0Alert Aggregation: Limitations and\u00a0Opportunities"],"prefix":"10.1007","author":[{"given":"Wenwu","family":"Xu","sequence":"first","affiliation":[]},{"given":"Pengyi","family":"Wu","sequence":"additional","affiliation":[]},{"given":"Peng","family":"Wang","sequence":"additional","affiliation":[]},{"given":"GuoQiao","family":"Zhou","sequence":"additional","affiliation":[]},{"given":"Lidong","family":"Zhai","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,6,14]]},"reference":[{"key":"22_CR1","doi-asserted-by":"crossref","unstructured":"Ahmadinejad, S.H., Jalili, S.: Alert correlation using correlation probability estimation and time windows. In: 2009 International Conference on Computer Technology and Development, vol.\u00a02, pp. 170\u2013175. IEEE (2009)","DOI":"10.1109\/ICCTD.2009.22"},{"key":"22_CR2","doi-asserted-by":"publisher","first-page":"271","DOI":"10.1007\/s11416-008-0103-3","volume":"5","author":"SO Al-Mamory","year":"2009","unstructured":"Al-Mamory, S.O., Zhang, H.: Ids alerts correlation using grammar-based approach. J. Comput. Virol. 5, 271\u2013282 (2009)","journal-title":"J. Comput. Virol."},{"issue":"2","key":"22_CR3","first-page":"1","volume":"5","author":"FM Alserhani","year":"2016","unstructured":"Alserhani, F.M.: Alert correlation and aggregation techniques for reduction of security alerts and detection of multistage attack. Int. J. Adv. Stud. Comput. Sci. Eng. 5(2), 1 (2016)","journal-title":"Int. J. Adv. Stud. Comput. Sci. Eng."},{"key":"22_CR4","doi-asserted-by":"publisher","unstructured":"Chen, J., Wang, P., Wang, W.: Online summarizing alerts through semantic and behavior information. In: 2022 IEEE\/ACM 44th International Conference on Software Engineering (ICSE), pp. 1646\u20131657 (2022). https:\/\/doi.org\/10.1145\/3510003.3510055","DOI":"10.1145\/3510003.3510055"},{"issue":"5","key":"22_CR5","doi-asserted-by":"publisher","first-page":"1564","DOI":"10.1109\/LCOMM.2020.3048995","volume":"25","author":"Q Cheng","year":"2021","unstructured":"Cheng, Q., Wu, C., Zhou, S.: Discovering attack scenarios via intrusion alert correlation using graph convolutional networks. IEEE Commun. Lett. 25(5), 1564\u20131567 (2021)","journal-title":"IEEE Commun. Lett."},{"key":"22_CR6","doi-asserted-by":"crossref","unstructured":"Cuppens, F., Miege, A.: Alert correlation in a cooperative intrusion detection framework. In: Proceedings 2002 IEEE Symposium on Security and Privacy, pp. 202\u2013215. IEEE (2002)","DOI":"10.1109\/SECPRI.2002.1004372"},{"key":"22_CR7","unstructured":"Farhadi, H., AmirHaeri, M., Khansari, M.: Alert correlation and prediction using data mining and HMM. ISeCure 3(2) (2011)"},{"key":"22_CR8","doi-asserted-by":"crossref","unstructured":"Gao, J., Lanchantin, J., Soffa, M.L., Qi, Y.: Black-box generation of adversarial text sequences to evade deep learning classifiers. In: 2018 IEEE Security and Privacy Workshops (SPW), pp. 50\u201356. IEEE (2018)","DOI":"10.1109\/SPW.2018.00016"},{"issue":"5","key":"22_CR9","doi-asserted-by":"publisher","first-page":"822","DOI":"10.1002\/sec.1039","volume":"8","author":"M GhasemiGol","year":"2015","unstructured":"GhasemiGol, M., Ghaemi-Bafghi, A.: E-correlator: an entropy-based alert correlation system. Secur. Commun. Netw. 8(5), 822\u2013836 (2015)","journal-title":"Secur. Commun. Netw."},{"key":"22_CR10","doi-asserted-by":"crossref","unstructured":"Granadillo, G.G., El-Barbori, M., Debar, H.: New types of alert correlation for security information and event management systems. In: 2016 8th IFIP International Conference on New Technologies, Mobility and Security (NTMS), pp.\u00a01\u20137. IEEE (2016)","DOI":"10.1109\/NTMS.2016.7792462"},{"key":"22_CR11","doi-asserted-by":"crossref","unstructured":"Hostiadi, D.P., Susila, M.D., Huizen, R.R.: A new alert correlation model based on similarity approach. In: 2019 1st International Conference on Cybernetics and Intelligent System (ICORIS), vol.\u00a01, pp. 133\u2013137. IEEE (2019)","DOI":"10.1109\/ICORIS.2019.8874899"},{"key":"22_CR12","doi-asserted-by":"crossref","unstructured":"Jin, D., Jin, Z., Zhou, J.T., Szolovits, P.: Is BERT really robust? A strong baseline for natural language attack on text classification and entailment. In: Proceedings of the AAAI Conference on Artificial Intelligence, vol.\u00a034, pp. 8018\u20138025 (2020)","DOI":"10.1609\/aaai.v34i05.6311"},{"issue":"1","key":"22_CR13","first-page":"66","volume":"5","author":"P Kabiri","year":"2007","unstructured":"Kabiri, P., Ghorbani, A.A.: A rule-based temporal alert correlation system. Int. J. Netw. Secur. 5(1), 66\u201372 (2007)","journal-title":"Int. J. Netw. Secur."},{"key":"22_CR14","first-page":"1","volume":"2021","author":"H Kwon","year":"2021","unstructured":"Kwon, H., Lee, S.: Textual backdoor attack for the text classification system. Secur. Commun. Netw. 2021, 1\u201311 (2021)","journal-title":"Secur. Commun. Netw."},{"issue":"3","key":"22_CR15","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3510581","volume":"25","author":"M Landauer","year":"2022","unstructured":"Landauer, M., Skopik, F., Wurzenberger, M., Rauber, A.: Dealing with security alert flooding: using machine learning for domain-independent alert aggregation. ACM Trans. Privacy Secur. 25(3), 1\u201336 (2022)","journal-title":"ACM Trans. Privacy Secur."},{"key":"22_CR16","doi-asserted-by":"crossref","unstructured":"Lin, D., Raghu, R., Ramamurthy, V., Yu, J., Radhakrishnan, R., Fernandez, J.: Unveiling clusters of events for alert and incident management in large-scale enterprise it. In: Proceedings of the 20th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 1630\u20131639 (2014)","DOI":"10.1145\/2623330.2623360"},{"key":"22_CR17","doi-asserted-by":"crossref","unstructured":"Liu, J., Gu, L., Xu, G., Niu, X.: A correlation analysis method of network security events based on rough set theory. In: 2012 3rd IEEE International Conference on Network Infrastructure and Digital Content, pp. 517\u2013520. IEEE (2012)","DOI":"10.1109\/ICNIDC.2012.6418807"},{"key":"22_CR18","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2019.101661","volume":"89","author":"E Mahdavi","year":"2020","unstructured":"Mahdavi, E., Fanian, A., Amini, F.: A real-time alert correlation method based on code-books for intrusion detection systems. Comput. Secur. 89, 101661 (2020)","journal-title":"Comput. Secur."},{"key":"22_CR19","doi-asserted-by":"crossref","unstructured":"Marchetti, M., Colajanni, M., Manganiello, F.: Identification of correlated network intrusion alerts. In: 2011 Third International Workshop on Cyberspace Safety and Security (CSS), pp. 15\u201320. IEEE (2011)","DOI":"10.1109\/CSS.2011.6058565"},{"key":"22_CR20","doi-asserted-by":"crossref","unstructured":"Qi, F., Chen, Y., Zhang, X., Li, M., Liu, Z., Sun, M.: Mind the style of text! adversarial and backdoor attacks based on text style transfer. arXiv preprint arXiv:2110.07139 (2021)","DOI":"10.18653\/v1\/2021.emnlp-main.374"},{"key":"22_CR21","unstructured":"Qin, X., Lee, W.: Attack plan recognition and prediction using causal networks. In: 20th Annual Computer Security Applications Conference, pp. 370\u2013379. IEEE (2004)"},{"key":"22_CR22","unstructured":"Research, D.: 2020 state of secops and automation report (2020). https:\/\/www.sumologic.com\/brief\/state-of-secops\/"},{"key":"22_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"58","DOI":"10.1007\/978-3-642-21323-6_8","volume-title":"Computational Intelligence in Security for Information Systems","author":"S Roschke","year":"2011","unstructured":"Roschke, S., Cheng, F., Meinel, C.: A new alert correlation algorithm based on attack graph. In: Herrero, \u00c1., Corchado, E. (eds.) CISIS 2011. LNCS, vol. 6694, pp. 58\u201367. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-21323-6_8"},{"key":"22_CR24","doi-asserted-by":"crossref","unstructured":"Shen, L., et al.: Backdoor pre-trained models can transfer to all. arXiv preprint arXiv:2111.00197 (2021)","DOI":"10.1145\/3460120.3485370"},{"key":"22_CR25","doi-asserted-by":"crossref","unstructured":"Siraj, A., Vaughn, R.B.: Multi-level alert clustering for intrusion detection sensor data. In: NAFIPS 2005-2005 Annual Meeting of the North American Fuzzy Information Processing Society, pp. 748\u2013753. IEEE (2005)","DOI":"10.1109\/NAFIPS.2005.1548632"},{"key":"22_CR26","unstructured":"Su, J., Cao, J., Liu, W., Ou, Y.: Whitening sentence representations for better semantics and faster retrieval. arXiv preprint arXiv:2103.15316 (2021)"},{"key":"22_CR27","doi-asserted-by":"crossref","unstructured":"Vaarandi, R.: A stream clustering algorithm for classifying network ids alerts. In: 2021 IEEE International Conference on Cyber Security and Resilience (CSR), pp. 14\u201319. IEEE (2021)","DOI":"10.1109\/CSR51186.2021.9527926"},{"issue":"15","key":"22_CR28","doi-asserted-by":"publisher","first-page":"2917","DOI":"10.1016\/j.comcom.2006.04.001","volume":"29","author":"L Wang","year":"2006","unstructured":"Wang, L., Liu, A., Jajodia, S.: Using attack graphs for correlating, hypothesizing, and predicting intrusion alerts. Comput. Commun. 29(15), 2917\u20132933 (2006)","journal-title":"Comput. Commun."},{"key":"22_CR29","doi-asserted-by":"crossref","unstructured":"Zali, Z., Hashemi, M.R., Saidi, H.: Real-time attack scenario detection via intrusion detection alert correlation. In: 2012 9th International ISC Conference on Information Security and Cryptology, pp. 95\u2013102. IEEE (2012)","DOI":"10.1109\/ISCISC.2012.6408197"},{"key":"22_CR30","doi-asserted-by":"crossref","unstructured":"Zang, Y., et al.: Word-level textual adversarial attacking as combinatorial optimization. arXiv preprint arXiv:1910.12196 (2019)","DOI":"10.18653\/v1\/2020.acl-main.540"},{"key":"22_CR31","doi-asserted-by":"crossref","unstructured":"Zhao, N., et\u00a0al.: Understanding and handling alert storm for online service systems. In: Proceedings of the ACM\/IEEE 42nd International Conference on Software Engineering: Software Engineering in Practice, pp. 162\u2013171 (2020)","DOI":"10.1145\/3377813.3381363"},{"key":"22_CR32","doi-asserted-by":"publisher","first-page":"156","DOI":"10.4028\/www.scientific.net\/AMR.219-220.156","volume":"219","author":"QH Zheng","year":"2011","unstructured":"Zheng, Q.H., Xuan, Y.G., Hu, W.H.: An ids alert aggregation method based on clustering. Adv. Mater. Res. 219, 156\u2013159 (2011)","journal-title":"Adv. Mater. Res."},{"issue":"3","key":"22_CR33","first-page":"244","volume":"3","author":"B Zhu","year":"2006","unstructured":"Zhu, B., Ghorbani, A.A.: Alert correlation for extracting attack strategies. Int. J. Netw. Secur. 3(3), 244\u2013258 (2006)","journal-title":"Int. J. Netw. Secur."}],"container-title":["Lecture Notes in Computer Science","Information Security and Cryptology \u2013 ICISC 2024"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-981-96-5566-3_22","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,13]],"date-time":"2025-06-13T20:23:03Z","timestamp":1749846183000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-981-96-5566-3_22"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"ISBN":["9789819655656","9789819655663"],"references-count":33,"URL":"https:\/\/doi.org\/10.1007\/978-981-96-5566-3_22","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025]]},"assertion":[{"value":"14 June 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ICISC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Information Security and Cryptology","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Seoul","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Korea (Republic of)","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2024","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"20 November 2024","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"22 November 2024","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"27","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"icisc2024","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/www.icisc.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}