{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,2]],"date-time":"2025-08-02T17:50:47Z","timestamp":1754157047309,"version":"3.41.2"},"reference-count":9,"publisher":"Emerald","issue":"5\/6","license":[{"start":{"date-parts":[[2011,6,14]],"date-time":"2011-06-14T00:00:00Z","timestamp":1308009600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2011,6,14]]},"abstract":"<jats:sec><jats:title content-type=\"abstract-heading\">Purpose<\/jats:title><jats:p>The purpose of this paper is to show how to ensure a real\u2010time precise aggregation processing of network security events without difficultly determined parameters.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-heading\">Design\/methodology\/approach<\/jats:title><jats:p>The aggregation method includes the choice of aggregation granularity, consistency of abstraction layer, the expression of all hyper security events (HSEs) of a node in cache, and aggregation algorithm based on classification, etc.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-heading\">Findings<\/jats:title><jats:p>The aggregation method is capable to provide a real\u2010time way for good HSEs for next correlation processing with weak and easy parameters to determine.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-heading\">Research limitations\/implications<\/jats:title><jats:p>The cost of space is not discussed in the method.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-heading\">Practical implications<\/jats:title><jats:p>The aggregation method is suitable for real\u2010time management of difficult issues to resolve massive security events.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-heading\">Originality\/value<\/jats:title><jats:p>Many ideas and concepts of the paper are proposed for the first time, such as the expression of all HSEs of a node in cache, weak queue length instead of the weak\u2010time window and so on.<\/jats:p><\/jats:sec>","DOI":"10.1108\/03684921111142467","type":"journal-article","created":{"date-parts":[[2011,7,30]],"date-time":"2011-07-30T07:04:44Z","timestamp":1312009484000},"page":"912-920","source":"Crossref","is-referenced-by-count":1,"title":["A novel real\u2010time aggregation method on network security events"],"prefix":"10.1108","volume":"40","author":[{"given":"Zhitang","family":"Li","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yangming","family":"Ma","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Li","family":"Wang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jie","family":"Lei","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jie","family":"Ma","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"140","reference":[{"key":"key2022021820235205400_b8","unstructured":"Debar, H. and Curry, D. (n.d.), \u201cThe intrusion detection message exchange format\u201d, available at: www.ietf.org\/internet\u2010drafts\/draft\u2010ietf\u2010idwg\u2010idmef\u2010xml\u201016.txt."},{"key":"key2022021820235205400_b1","doi-asserted-by":"crossref","unstructured":"Debar, H. and Wespi, A. (2001), \u201cAggregation and correlation of intrusion\u2010detection alerts\u201d, Recent Advances in Intrusion Detection, LNCS 2212, pp. 85\u2010103.","DOI":"10.1007\/3-540-45474-8_6"},{"key":"key2022021820235205400_b5","unstructured":"Kuang, T. and Xu, X. (2005), \u201cA mode of long\u2010distance cooperative learning based on intelligence agent\u201d, Advances in Systems Science and Applications, Vol. 5 No. 3, pp. 525\u201031."},{"key":"key2022021820235205400_b7","doi-asserted-by":"crossref","unstructured":"Ma, Y., Li, Z., Lei, J., Wang, L. and Li, D. (2007), \u201cThe global synthetical processing of network security events\u201d, Proceedings of the 4th International Conference on Fuzzy Systems and Knowledge Discovery (\u2009FSKD'07\u2009), Haikou, China.","DOI":"10.1109\/FSKD.2007.569"},{"key":"key2022021820235205400_b9","unstructured":"MIT Lincoln Lab. (2003), \u201c2000 DARPA intrusion detection scenario specific data sets\u201d, July, available at: www.ll.mit.edu\/IST\/ideval\/data\/2000\/2000_data_index.html."},{"key":"key2022021820235205400_b3","unstructured":"Roesch (n.d.), \u201cSourcefire. Realtime network awareness\u201d, available at: www.sourcefire.com\/products\/rna.html."},{"key":"key2022021820235205400_b6","unstructured":"Tao, L. and Fei, Q. (2003), \u201cThe holonic multi\u2010agent based cooperative distributed problem solving process\u201d, Advances in Systems Science and Applications, Vol. 3 No. 4, pp. 609\u201014."},{"key":"key2022021820235205400_b2","doi-asserted-by":"crossref","unstructured":"Valdes, K.S. (2001), \u201cProbabilistic alert correlation\u201d, Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection, Davis, CA.","DOI":"10.1007\/3-540-45474-8_4"},{"key":"key2022021820235205400_b4","unstructured":"Zhou, J., Feng, S., Jin, B., Luo, J. and Xu, L. (2005), \u201cAn agent\u2010based distributed authentication and audit architecture\u201d, Advances in Systems Science and Applications, Vol. 5 No. 1, pp. 160\u20107."}],"container-title":["Kybernetes"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/www.emeraldinsight.com\/doi\/full-xml\/10.1108\/03684921111142467","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/03684921111142467\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/03684921111142467\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,24]],"date-time":"2025-07-24T23:27:17Z","timestamp":1753399637000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/k\/article\/40\/5-6\/912-920\/446994"}},"subtitle":[],"editor":[{"given":"Yi","family":"Lin","sequence":"first","affiliation":[],"role":[{"role":"editor","vocabulary":"crossref"}]}],"short-title":[],"issued":{"date-parts":[[2011,6,14]]},"references-count":9,"journal-issue":{"issue":"5\/6","published-print":{"date-parts":[[2011,6,14]]}},"alternative-id":["10.1108\/03684921111142467"],"URL":"https:\/\/doi.org\/10.1108\/03684921111142467","relation":{},"ISSN":["0368-492X"],"issn-type":[{"type":"print","value":"0368-492X"}],"subject":[],"published":{"date-parts":[[2011,6,14]]}}}