{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,3]],"date-time":"2025-12-03T14:26:40Z","timestamp":1764772000172,"version":"3.46.0"},"reference-count":40,"publisher":"Springer Science and Business Media LLC","issue":"16","license":[{"start":{"date-parts":[[2025,10,17]],"date-time":"2025-10-17T00:00:00Z","timestamp":1760659200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,10,17]],"date-time":"2025-10-17T00:00:00Z","timestamp":1760659200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Cluster Comput"],"published-print":{"date-parts":[[2025,12]]},"DOI":"10.1007\/s10586-025-05716-z","type":"journal-article","created":{"date-parts":[[2025,10,17]],"date-time":"2025-10-17T16:08:00Z","timestamp":1760717280000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["TBAC-IDS: enhancing intrusion detection with transformer-based alerts correlation"],"prefix":"10.1007","volume":"28","author":[{"given":"Abdelkader","family":"Bouguessa","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Sid Ahmed Mokhtar","family":"Mostefaoui","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Mohamed Amine","family":"Daoud","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Abdelkader","family":"Alem","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Said","family":"Mekroussi","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Moustafa","family":"Maasakri","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ahmed","family":"Hasan","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2025,10,17]]},"reference":[{"key":"5716_CR1","doi-asserted-by":"crossref","unstructured":"Daoud, M.A., Dahmani, Y., Ammar, S., Ouared, A.: Classifying of intrusion detection system configurations using machine learning techniques. In: 2021 International Conference on Information Systems and Advanced Technologies (ICISAT), pp. 1\u20136 (2021). IEEE","DOI":"10.1109\/ICISAT54145.2021.9678473"},{"key":"5716_CR2","doi-asserted-by":"publisher","DOI":"10.1016\/j.datak.2022.102130","volume":"144","author":"M Daoud","year":"2023","unstructured":"Daoud, M., Dahmani, Y., Bendaoud, M., Ouared, A., Ahmed, H.: Convolutional neural network-based high-precision and speed detection system on cidds-001. Data & Knowledge Engineering 144, 102130 (2023)","journal-title":"Data & Knowledge Engineering"},{"key":"5716_CR3","doi-asserted-by":"publisher","DOI":"10.1016\/j.cola.2024.101314","volume":"82","author":"MA Daoud","year":"2025","unstructured":"Daoud, M.A., Mostefaoui, S.A.M., Ouared, A., Meghazi, H.M., Mebarek, B., Bouguessa, A., Ahmed, H.: A comprehensive meta-analysis of efficiency and effectiveness in the detection community. Journal of Computer Languages 82, 101314 (2025)","journal-title":"Journal of Computer Languages"},{"key":"5716_CR4","doi-asserted-by":"crossref","unstructured":"Landauer, M., Skopik, F., Wurzenberger, M.: Introducing a new alert data set for multi-step attack analysis. In: Proceedings of the 17th Cyber Security Experimentation and Test Workshop, pp. 41\u201353 (2024)","DOI":"10.1145\/3675741.3675748"},{"key":"5716_CR5","doi-asserted-by":"crossref","unstructured":"Sen, \u00d6., Eze, C., Ulbig, A., Monti, A.: On holistic multi-step cyberattack detection via a graph-based correlation approach. In: 2022 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids (SmartGridComm), pp. 380\u2013386 (2022). IEEE","DOI":"10.1109\/SmartGridComm52983.2022.9961016"},{"issue":"2","key":"5716_CR6","first-page":"1","volume":"5","author":"FM Alserhani","year":"2016","unstructured":"Alserhani, F.M.: Alert correlation and aggregation techniques for reduction of security alerts and detection of multistage attack. International Journal of Advanced Studies in Computers, Science and Engineering 5(2), 1 (2016)","journal-title":"International Journal of Advanced Studies in Computers, Science and Engineering"},{"issue":"1","key":"5716_CR7","doi-asserted-by":"publisher","first-page":"68","DOI":"10.3390\/network4010004","volume":"4","author":"H Maosa","year":"2024","unstructured":"Maosa, H., Ouazzane, K., Ghanem, M.C.: A hierarchical security event correlation model for real-time threat detection and response. Network 4(1), 68\u201390 (2024)","journal-title":"Network"},{"key":"5716_CR8","doi-asserted-by":"crossref","unstructured":"Taha, A.E., Ghaffar, I.A., Eldin, A.M.B., Mahdi, H.M.: Agent based correlation model for intrusion detection alerts. In: 2010 IEEE International Conference on Intelligence and Security Informatics, pp. 89\u201394 (2010). IEEE","DOI":"10.1109\/ISI.2010.5484771"},{"key":"5716_CR9","doi-asserted-by":"publisher","first-page":"19","DOI":"10.1016\/j.jnca.2015.11.016","volume":"60","author":"M Ahmed","year":"2016","unstructured":"Ahmed, M., Mahmood, A.N., Hu, J.: A survey of network anomaly detection techniques. J. Netw. Comput. Appl. 60, 19\u201331 (2016)","journal-title":"J. Netw. Comput. Appl."},{"key":"5716_CR10","doi-asserted-by":"publisher","first-page":"17836","DOI":"10.1109\/ACCESS.2024.3359595","volume":"12","author":"A-A Maiga","year":"2024","unstructured":"Maiga, A.-A., Ataro, E., Githinji, S.: Intrusion detection with deep learning classifiers: A synergistic approach of probabilistic clustering and human expertise to reduce false alarms. IEEE Access 12, 17836\u201317858 (2024)","journal-title":"IEEE Access"},{"key":"5716_CR11","unstructured":"Vaswani, A.: Attention is all you need. Advances in Neural Information Processing Systems (2017)"},{"key":"5716_CR12","doi-asserted-by":"crossref","unstructured":"Allman, M., Paxson, V., Terrell, J.: A brief history of scanning. In: Proceedings of the 7th ACM SIGCOMM Conference on Internet Measurement, pp. 77\u201382 (2007)","DOI":"10.1145\/1298306.1298316"},{"key":"5716_CR13","doi-asserted-by":"crossref","first-page":"130","DOI":"10.1016\/j.specom.2014.10.005","volume":"66","author":"Spoofing and countermeasures for speaker verification","year":"2015","unstructured":"Spoofing and countermeasures for speaker verification: Wu, Z., Evans, N., Kinnunen, T., Yamagishi, J., Alegre, F., Li, H. A survey. speech communication 66, 130\u2013153 (2015)","journal-title":"A survey. speech communication"},{"issue":"1","key":"5716_CR14","first-page":"4568368","volume":"2019","author":"D Stiawan","year":"2019","unstructured":"Stiawan, D., Idris, M.Y., Malik, R.F., Nurmaini, S., Alsharif, N., Budiarto, R.: Investigating brute force attack patterns in iot network. Journal of Electrical and Computer Engineering 2019(1), 4568368 (2019)","journal-title":"Journal of Electrical and Computer Engineering"},{"key":"5716_CR15","unstructured":"Samonas, S., Coss, D.: The cia strikes back: Redefining confidentiality, integrity and availability in security. Journal of Information System Security 10(3) (2014)"},{"key":"5716_CR16","unstructured":"Hakeem, S.A.A., Kim, H.: Advancing intrusion detection in v2x networks: A comprehensive survey on machine learning, federated learning, and edge ai for v2x security. IEEE Transactions on Intelligent Transportation Systems (2025)"},{"issue":"8","key":"5716_CR17","doi-asserted-by":"publisher","first-page":"10021","DOI":"10.1007\/s13369-022-07412-1","volume":"48","author":"M Alkasassbeh","year":"2023","unstructured":"Alkasassbeh, M., Al-Haj Baddar, S.: Intrusion detection systems: A state-of-the-art taxonomy and survey. Arab. J. Sci. Eng. 48(8), 10021\u201310064 (2023)","journal-title":"Arab. J. Sci. Eng."},{"issue":"1","key":"5716_CR18","doi-asserted-by":"publisher","first-page":"31","DOI":"10.30880\/jscdm.2021.02.01.004","volume":"2","author":"AA Salih","year":"2021","unstructured":"Salih, A.A., Abdulazeez, A.M.: Evaluation of classification algorithms for intrusion detection system: A review. Journal of Soft Computing and Data Mining 2(1), 31\u201340 (2021)","journal-title":"Journal of Soft Computing and Data Mining"},{"issue":"2","key":"5716_CR19","doi-asserted-by":"publisher","first-page":"04015005","DOI":"10.1061\/(ASCE)CP.1943-5487.0000470","volume":"30","author":"J Wang","year":"2016","unstructured":"Wang, J., Razavi, S.N.: Low false alarm rate model for unsafe-proximity detection in construction. J. Comput. Civ. Eng. 30(2), 04015005 (2016)","journal-title":"J. Comput. Civ. Eng."},{"issue":"14","key":"5716_CR20","doi-asserted-by":"publisher","DOI":"10.3390\/app13148187","volume":"13","author":"D Bo\u017ei\u0107","year":"2023","unstructured":"Bo\u017ei\u0107, D., Runje, B., Lisjak, D., Kolar, D.: Metrics related to confusion matrix as tools for conformity assessment decisions. Applied Sciences 13(14), 8187 (2023)","journal-title":"Applied Sciences"},{"issue":"4","key":"5716_CR21","doi-asserted-by":"publisher","first-page":"1494","DOI":"10.3390\/s22041494","volume":"22","author":"H Albasheer","year":"2022","unstructured":"Albasheer, H., Md Siraj, M., Mubarakali, A., Elsier Tayfour, O., Salih, S., Hamdan, M., Khan, S., Zainal, A., Kamarudeen, S.: Cyber-attack prediction based on network intrusion detection systems for alert correlation techniques: a survey. Sensors 22(4), 1494 (2022)","journal-title":"Sensors"},{"key":"5716_CR22","doi-asserted-by":"crossref","unstructured":"Mirheidari, S.A., Arshad, S., Jalili, R.: Alert correlation algorithms: A survey and taxonomy. In: Cyberspace Safety and Security: 5th International Symposium, CSS 2013, Zhangjiajie, China, November 13-15, 2013, Proceedings 5, pp. 183\u2013197 (2013). Springer","DOI":"10.1007\/978-3-319-03584-0_14"},{"issue":"5","key":"5716_CR23","doi-asserted-by":"publisher","first-page":"1289","DOI":"10.1016\/j.comnet.2012.10.022","volume":"57","author":"S Salah","year":"2013","unstructured":"Salah, S., Maci\u00e1-Fern\u00e1ndez, G., D\u00edaz-Verdejo, J.E.: A model-based survey of alert correlation techniques. Computer Networks 57(5), 1289\u20131317 (2013)","journal-title":"Computer Networks"},{"issue":"2","key":"5716_CR24","first-page":"64","volume":"2","author":"G Spathoulas","year":"2013","unstructured":"Spathoulas, G., Katsikas, S.: Methods for post-processing of alerts in intrusion detection: A survey. International Journal of Information Security Science 2(2), 64\u201380 (2013)","journal-title":"International Journal of Information Security Science"},{"issue":"1","key":"5716_CR25","first-page":"66","volume":"5","author":"P Kabiri","year":"2007","unstructured":"Kabiri, P., Ghorbani, A.A.: A rule-based temporal alert correlation system. Int. J. Netw. Secur. 5(1), 66\u201372 (2007)","journal-title":"Int. J. Netw. Secur."},{"key":"5716_CR26","doi-asserted-by":"publisher","DOI":"10.32604\/iasc.2022.020598","author":"R Afzal","year":"2022","unstructured":"Afzal, R., Murugesan, R.K.: Rule-based anomaly detection model with stateful correlation enhancing mobile network security. Intelligent Automation & Soft Computing (2022). https:\/\/doi.org\/10.32604\/iasc.2022.020598","journal-title":"Intelligent Automation & Soft Computing"},{"issue":"4","key":"5716_CR27","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3701724","volume":"57","author":"AA Wardana","year":"2024","unstructured":"Wardana, A.A., Sukarno, P.: Taxonomy and survey of collaborative intrusion detection system using federated learning. ACM Comput. Surv. 57(4), 1\u201336 (2024)","journal-title":"ACM Comput. Surv."},{"key":"5716_CR28","doi-asserted-by":"crossref","unstructured":"Ning, P., Cui, Y., Reeves, D.S.: Constructing attack scenarios through correlation of intrusion alerts. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, pp. 245\u2013254 (2002)","DOI":"10.1145\/586110.586144"},{"key":"5716_CR29","doi-asserted-by":"crossref","unstructured":"Valdes, A., Skinner, K.: Probabilistic alert correlation. In: Recent Advances in Intrusion Detection: 4th International Symposium, RAID 2001 Davis, CA, USA, October 10\u201312, 2001 Proceedings 4, pp. 54\u201368 (2001). Springer","DOI":"10.1007\/3-540-45474-8_4"},{"key":"5716_CR30","doi-asserted-by":"publisher","first-page":"176","DOI":"10.1016\/j.cose.2013.03.005","volume":"37","author":"GP Spathoulas","year":"2013","unstructured":"Spathoulas, G.P., Katsikas, S.K.: Enhancing ids performance through comprehensive alert post-processing. Computers & security 37, 176\u2013196 (2013)","journal-title":"Computers & security"},{"issue":"3","key":"5716_CR31","doi-asserted-by":"publisher","first-page":"2063","DOI":"10.1109\/TII.2019.2946791","volume":"16","author":"W Liang","year":"2019","unstructured":"Liang, W., Li, K.-C., Long, J., Kui, X., Zomaya, A.Y.: An industrial network intrusion detection algorithm based on multifeature data clustering optimization model. IEEE Trans. Industr. Inf. 16(3), 2063\u20132071 (2019)","journal-title":"IEEE Trans. Industr. Inf."},{"key":"5716_CR32","doi-asserted-by":"publisher","DOI":"10.1049\/cmu2.12523","author":"AS Alfoudi","year":"2022","unstructured":"Alfoudi, A.S., Aziz, M.R., Alyasseri, Z.A.A., Alsaeedi, A.H., Nuiaa, R.R., Mohammed, M.A., Abdulkareem, K.H., Jaber, M.M.: Hyper clustering model for dynamic network intrusion detection. IET Communications (2022). https:\/\/doi.org\/10.1049\/cmu2.12523","journal-title":"IET Communications"},{"key":"5716_CR33","volume":"1757","author":"P Chen","year":"2021","unstructured":"Chen, P., Li, F., Wu, C., IOP Publishing: Research on intrusion detection method based on pearson correlation coefficient feature selection algorithm. Journal of Physics: Conference Series 1757, 012054 (2021)","journal-title":"Journal of Physics: Conference Series"},{"key":"5716_CR34","doi-asserted-by":"crossref","unstructured":"Ourston, D., Matzner, S., Stump, W., Hopkins, B.: Applications of hidden markov models to detecting multi-stage network attacks. In: 36th Annual Hawaii International Conference on System Sciences, 2003. Proceedings of The, p. 10 (2003). IEEE","DOI":"10.1109\/HICSS.2003.1174909"},{"issue":"5","key":"5716_CR35","doi-asserted-by":"publisher","first-page":"3546","DOI":"10.1109\/TDSC.2021.3101649","volume":"19","author":"J Yang","year":"2021","unstructured":"Yang, J., Zhang, Q., Jiang, X., Chen, S., Yang, F.: Poirot: Causal correlation aided semantic analysis for advanced persistent threat detection. IEEE Trans. Dependable Secure Comput. 19(5), 3546\u20133563 (2021)","journal-title":"IEEE Trans. Dependable Secure Comput."},{"key":"5716_CR36","doi-asserted-by":"crossref","unstructured":"Abdelkhalek, M., Govindarasu, M.: Ml-based alert correlation algorithms for der cyber situational awareness. In: 2024 IEEE Power & Energy Society Innovative Smart Grid Technologies Conference (ISGT), pp. 1\u20135 (2024). IEEE","DOI":"10.1109\/ISGT59692.2024.10454168"},{"key":"5716_CR37","doi-asserted-by":"publisher","DOI":"10.1016\/j.dib.2020.106530","volume":"33","author":"M Hus\u00e1k","year":"2020","unstructured":"Hus\u00e1k, M., \u017d\u00e1dn\u00edk, M., Barto\u0161, V., Sokol, P.: Dataset of intrusion detection alerts from a sharing platform. Data in Brief 33, 106530 (2020)","journal-title":"Data in Brief"},{"key":"5716_CR38","doi-asserted-by":"crossref","unstructured":"Zamani, H., Croft, W.B.: Estimating embedding vectors for queries. In: Proceedings of the 2016 ACM International Conference on the Theory of Information Retrieval, pp. 123\u2013132 (2016)","DOI":"10.1145\/2970398.2970403"},{"key":"5716_CR39","doi-asserted-by":"crossref","unstructured":"Yin, C., Zhang, Z.: A study of sentence similarity based on the all-minilm-l6-v2 model with \u201csame semantics, different structure\u201d after fine tuning. In: 2024 2nd International Conference on Image, Algorithms and Artificial Intelligence (ICIAAI 2024), pp. 677\u2013684 (2024). Atlantis Press","DOI":"10.2991\/978-94-6463-540-9_69"},{"key":"5716_CR40","unstructured":"Chollet, F., et al.: Keras: The python deep learning library. Astrophysics Source Code Library (2018)"}],"container-title":["Cluster Computing"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10586-025-05716-z.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10586-025-05716-z\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10586-025-05716-z.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,12,3]],"date-time":"2025-12-03T14:15:39Z","timestamp":1764771339000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10586-025-05716-z"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,10,17]]},"references-count":40,"journal-issue":{"issue":"16","published-print":{"date-parts":[[2025,12]]}},"alternative-id":["5716"],"URL":"https:\/\/doi.org\/10.1007\/s10586-025-05716-z","relation":{},"ISSN":["1386-7857","1573-7543"],"issn-type":[{"type":"print","value":"1386-7857"},{"type":"electronic","value":"1573-7543"}],"subject":[],"published":{"date-parts":[[2025,10,17]]},"assertion":[{"value":"21 February 2025","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"15 July 2025","order":2,"name":"revised","label":"Revised","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"3 August 2025","order":3,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"17 October 2025","order":4,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare no conflict of interest.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}}],"article-number":"1012"}}