{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,15]],"date-time":"2026-03-15T16:58:43Z","timestamp":1773593923358,"version":"3.50.1"},"reference-count":33,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/legalcode"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Open J. Comput. Soc."],"published-print":{"date-parts":[[2025]]},"DOI":"10.1109\/ojcs.2025.3618157","type":"journal-article","created":{"date-parts":[[2025,10,6]],"date-time":"2025-10-06T17:40:42Z","timestamp":1759772442000},"page":"1751-1762","source":"Crossref","is-referenced-by-count":1,"title":["TF2ML: Threat Filtering With Two-Stage Machine Learning for Efficient Provenance-Aware Threat Detection and Response"],"prefix":"10.1109","volume":"6","author":[{"given":"Krittin","family":"Thirasak","sequence":"first","affiliation":[{"name":"Sirindhorn International Institute of Technology, Thammasat University, Bangkok, Thailand"}]},{"given":"Teerawat","family":"Chuaphanngam","sequence":"additional","affiliation":[{"name":"Sirindhorn International Institute of Technology, Thammasat University, Bangkok, Thailand"}]},{"given":"Danupat","family":"Chainarong","sequence":"additional","affiliation":[{"name":"Sirindhorn International Institute of Technology, Thammasat University, Bangkok, Thailand"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7156-184X","authenticated-orcid":false,"given":"Somchart","family":"Fugkeaw","sequence":"additional","affiliation":[{"name":"Sirindhorn International Institute of Technology, Thammasat University, Bangkok, Thailand"}]}],"member":"263","reference":[{"key":"ref1","article-title":"CVE - Common vulnerabilities and exposures (CVE)","year":"2019","journal-title":"MITRE.org."},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1109\/tii.2021.3091150"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1109\/tii.2020.3023430"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1109\/jiot.2020.3011726"},{"key":"ref5","article-title":"Apache SparkTM - Unified analytics engine for Big Data","year":"2024","journal-title":"Apache.org."},{"key":"ref6","article-title":"SNORT - Network intrusion detection & prevention system","year":"2024","journal-title":"Snort.org."},{"key":"ref7","first-page":"3149","article-title":"LightGBM: A highly efficient gradient boosting decision tree","volume-title":"Proc. 31st Int. Conf. Neural Inf. Process. Syst.","author":"Ke"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1109\/5.726791"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1109\/icce-berlin58801.2023.10375584"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1109\/trustcom50675.2020.00153"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1109\/access.2025.3530902"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1109\/icocics58778.2023.10277438"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1109\/icnc57223.2023.10074241"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1109\/csr61664.2024.10679394"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1109\/comst.2023.3299519"},{"key":"ref16","article-title":"MITRE ATT&CKTM","year":"2024","journal-title":"MITRE.org."},{"key":"ref17","article-title":"Apache kafka","year":"2024","journal-title":"Apache Kafka"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1109\/ijcnn.2008.4633969"},{"key":"ref19","article-title":"Applications  Research  Canadian Institute for Cybersecurity  UNB","year":"2024","journal-title":"UNB.ca"},{"key":"ref20","article-title":"Google colaboratory","year":"2024","journal-title":"Google.com"},{"key":"ref21","article-title":"scikit-learn: Machine learning in Python","year":"2024","journal-title":"Scikit-learn.org"},{"key":"ref22","article-title":"TensorFlow","year":"2024","journal-title":"TensorFlow.org"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.5220\/0006639801080116"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1016\/0169-7439(87)80084-9"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1007\/978-981-99-9811-1_36"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1016\/j.dajour.2023.100364"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1038\/s41598-024-78976-1"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1145\/3696427"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1145\/3707651"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1109\/tkde.2024.3474792"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1109\/access.2024.3493957"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1109\/access.2025.3533084"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1109\/tnsm.2025.3540753"}],"container-title":["IEEE Open Journal of the Computer Society"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/8782664\/10834807\/11193797.pdf?arnumber=11193797","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,14]],"date-time":"2025-11-14T18:52:12Z","timestamp":1763146332000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11193797\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"references-count":33,"URL":"https:\/\/doi.org\/10.1109\/ojcs.2025.3618157","relation":{},"ISSN":["2644-1268"],"issn-type":[{"value":"2644-1268","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025]]}}}