{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,19]],"date-time":"2026-03-19T00:15:55Z","timestamp":1773879355234,"version":"3.50.1"},"reference-count":33,"publisher":"IEEE","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2014,9]]},"DOI":"10.1109\/lcn.2014.6925787","type":"proceedings-article","created":{"date-parts":[[2014,10,22]],"date-time":"2014-10-22T20:15:47Z","timestamp":1414008947000},"page":"322-330","source":"Crossref","is-referenced-by-count":9,"title":["OutMet: A new metric for prioritising intrusion alerts using correlation and outlier analysis"],"prefix":"10.1109","author":[{"given":"Riyanat","family":"Shittu","sequence":"first","affiliation":[]},{"given":"Alex","family":"Healing","sequence":"additional","affiliation":[]},{"given":"Robert","family":"Ghanea-Hercock","sequence":"additional","affiliation":[]},{"given":"Robin","family":"Bloomfield","sequence":"additional","affiliation":[]},{"given":"Rajarajan","family":"Muttukrishnan","sequence":"additional","affiliation":[]}],"member":"263","reference":[{"key":"19","author":"ning","year":"2001","journal-title":"Correlating Alerts Using Prerequisites of Intrusions"},{"key":"17","first-page":"1","article-title":"Fusing a heterogeneous alert stream into scenarios","author":"dain","year":"2001","journal-title":"Proceedings of the 2001 ACM Workshop on Data Mining for Security Applications"},{"key":"18","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2009.36"},{"key":"33","first-page":"160","volume":"15","author":"bateni","year":"2013","journal-title":"Using Artificial Immune System and Fuzzy Logi C for Alert Correlation"},{"key":"15","doi-asserted-by":"crossref","first-page":"353","DOI":"10.1007\/0-306-46998-7_25","article-title":"Adele: An attack description language for knowledge-based intrusion detection","author":"?edric michel","year":"2001","journal-title":"Trusted Information"},{"key":"16","doi-asserted-by":"crossref","first-page":"54","DOI":"10.1007\/3-540-45474-8_4","article-title":"Probabilistic alert correlation","author":"valdes","year":"2001","journal-title":"Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection"},{"key":"13","doi-asserted-by":"publisher","DOI":"10.1109\/DISCEX.2003.1194892"},{"key":"14","doi-asserted-by":"crossref","first-page":"71","DOI":"10.3233\/JCS-2002-101-204","article-title":"STATL: An attack language for state-based intrusion detection","volume":"10","author":"steven eckmann","year":"2002","journal-title":"Computers and Security Journal"},{"key":"11","article-title":"Practical ids alert correlation in the face of dynamic threats","author":"sundaramurthy","year":"2011","journal-title":"International Conference on Se Curity and Management (SAM'11"},{"key":"12","doi-asserted-by":"crossref","first-page":"197","DOI":"10.1007\/3-540-39945-3_13","article-title":"LAMBDA: A language to model a database for detection of attacks","author":"cuppens","year":"2000","journal-title":"Recent Advances in Intrusion Detection"},{"key":"21","author":"qin","year":"2005","journal-title":"A Probabilistic-Based Framework for INFOSEC Alert Correlation"},{"key":"20","doi-asserted-by":"crossref","first-page":"85","DOI":"10.1007\/3-540-45474-8_6","article-title":"Aggregation and correlation of intrusion-detection alerts","author":"debar","year":"2001","journal-title":"Recent Advances in Intrusion Detection"},{"key":"22","doi-asserted-by":"publisher","DOI":"10.1109\/ICCTD.2009.22"},{"key":"23","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-14215-4_9"},{"key":"24","doi-asserted-by":"publisher","DOI":"10.1109\/CSS.2011.6058565"},{"key":"25","doi-asserted-by":"publisher","DOI":"10.1007\/s10489-012-0383-7"},{"key":"26","doi-asserted-by":"publisher","DOI":"10.1145\/948134.948137"},{"key":"27","doi-asserted-by":"publisher","DOI":"10.1109\/TPAMI.1981.4767144"},{"key":"28","doi-asserted-by":"publisher","DOI":"10.1145\/342009.335388"},{"key":"29","first-page":"9","author":"bateni","year":"2013","journal-title":"Time Window Management for Alert Correlation Using Cont Ext Information and Classification"},{"key":"3","first-page":"1","volume":"2008","author":"hutchins","year":"2005","journal-title":"Intelligence-Driven Computer Network Defense Informed by Anal Ysis of Adversary Campaigns and Intrusion Kill Chains"},{"key":"2","doi-asserted-by":"publisher","DOI":"10.1145\/775094.775101"},{"key":"10","doi-asserted-by":"publisher","DOI":"10.1145\/2046684.2046694"},{"key":"1","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/319709.319710","article-title":"The base-rate fallacy and its implications for the difficulty of intrusion detection","author":"axelsson","year":"1999","journal-title":"Proceedings of the 6th ACM Conference on Computer and Communications Securit Y-CCS '99"},{"key":"7","doi-asserted-by":"publisher","DOI":"10.1002\/nem.804"},{"key":"30","author":"tekhov","year":"2009","journal-title":"Graph Edit Distance Project"},{"key":"6","doi-asserted-by":"publisher","DOI":"10.1109\/NOMS.2008.4575114"},{"key":"5","doi-asserted-by":"publisher","DOI":"10.1049\/cp.2012.1521"},{"key":"32","first-page":"231","volume":"9","author":"bateni","year":"2013","journal-title":"An Ais-inspired Architecture for Alert Correlation"},{"key":"4","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2012.10.022"},{"key":"31","doi-asserted-by":"publisher","DOI":"10.1109\/CIDM.2007.368917"},{"key":"9","first-page":"1","article-title":"Attack graphs for sensor placement , alert prioritization , and attack response","author":"noel","year":"2007","journal-title":"Cyberspace Research Workshop"},{"key":"8","doi-asserted-by":"crossref","first-page":"95","DOI":"10.1007\/3-540-36084-0_6","article-title":"A mission-impact-based approach to infosec alarm correlation","author":"porras","year":"2002","journal-title":"Recent Advances in Intrusion Det Ection"}],"event":{"name":"2014 IEEE 39th Conference on Local Computer Networks (LCN)","location":"Edmonton, AB","start":{"date-parts":[[2014,9,8]]},"end":{"date-parts":[[2014,9,11]]}},"container-title":["39th Annual IEEE Conference on Local Computer Networks"],"original-title":[],"link":[{"URL":"http:\/\/ieeexplore.ieee.org\/iel7\/6916486\/6925725\/06925787.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/6916486\/6925725\/06925787.pdf?arnumber=6925787","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,8,16]],"date-time":"2019-08-16T14:13:55Z","timestamp":1565964835000},"score":1,"resource":{"primary":{"URL":"http:\/\/ieeexplore.ieee.org\/document\/6925787\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2014,9]]},"references-count":33,"URL":"https:\/\/doi.org\/10.1109\/lcn.2014.6925787","relation":{},"subject":[],"published":{"date-parts":[[2014,9]]}}}