{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,5]],"date-time":"2026-06-05T04:27:31Z","timestamp":1780633651698,"version":"3.54.1"},"reference-count":45,"publisher":"IEEE","license":[{"start":{"date-parts":[[2022,5,1]],"date-time":"2022-05-01T00:00:00Z","timestamp":1651363200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-009"},{"start":{"date-parts":[[2022,5,1]],"date-time":"2022-05-01T00:00:00Z","timestamp":1651363200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-001"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2022,5]]},"DOI":"10.1109\/sp46214.2022.9833671","type":"proceedings-article","created":{"date-parts":[[2022,7,27]],"date-time":"2022-07-27T19:28:05Z","timestamp":1658950085000},"page":"522-539","source":"Crossref","is-referenced-by-count":65,"title":["DEEPCASE: Semi-Supervised Contextual Analysis of Security Events"],"prefix":"10.1109","author":[{"given":"Thijs van","family":"Ede","sequence":"first","affiliation":[{"name":"University of Twente"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Hojjat","family":"Aghakhani","sequence":"additional","affiliation":[{"name":"University of California,Santa Barbara"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Noah","family":"Spahn","sequence":"additional","affiliation":[{"name":"University of California,Santa Barbara"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Riccardo","family":"Bortolameotti","sequence":"additional","affiliation":[{"name":"ReaQta"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Marco","family":"Cova","sequence":"additional","affiliation":[{"name":"VMware, Inc."}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Andrea","family":"Continella","sequence":"additional","affiliation":[{"name":"University of Twente"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Maarten van","family":"Steen","sequence":"additional","affiliation":[{"name":"University of Twente"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Andreas","family":"Peter","sequence":"additional","affiliation":[{"name":"University of Twente"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Christopher","family":"Kruegel","sequence":"additional","affiliation":[{"name":"University of California,Santa Barbara"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Giovanni","family":"Vigna","sequence":"additional","affiliation":[{"name":"University of California,Santa Barbara"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"263","reference":[{"key":"ref13","year":"2018","journal-title":"The State of SOAR Report"},{"key":"ref35","first-page":"410","article-title":"V-measure: A conditional entropy-based external cluster evaluation measure","author":"rosenberg","year":"2007","journal-title":"Proceedings of the 2007 Joint Conference on Empirical Methods in Natural Language Processing and Computational Natural Language Learning (EMNLP-CoNLL)"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1109\/SECPRI.2002.1004372"},{"key":"ref34","first-page":"729","article-title":"TESSERACT: Eliminating experimental bias in malware classification across space and time","author":"pendlebury","year":"2019","journal-title":"28th USENIX Security Symposium"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363226"},{"key":"ref37","first-page":"905","article-title":"Attack2vec: Leveraging temporal word embeddings to understand the evolution of cyberattacks","author":"shen","year":"2019","journal-title":"28th USENIX Security Symposium"},{"key":"ref14","article-title":"Bert: Pre-training of deep bidirectional transformers for language understanding","author":"devlin","year":"2018","journal-title":"arXiv preprint arXiv 1810 04805"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243811"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00026"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363224"},{"key":"ref11","article-title":"Anticipating the Unknowns - Chief Information Security Officer (CISO) Benchmark Study","year":"2019","journal-title":"Technical Report"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1016\/S1389-1286(99)00112-7"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1145\/2076732.2076787"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1109\/TKDE.2009.191"},{"key":"ref2","article-title":"Human-guided machine learning for fast and accurate network alarm triage","author":"amershi","year":"2016","journal-title":"Proceedings of the Twenty-Second international joint conference on Artificial Intelligence (IJCAI)"},{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24310"},{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2016.308"},{"key":"ref17","article-title":"FlowPrint: Semi-Supervised Mobile-App Fingerprinting on Encrypted Network Traffic","author":"ede","year":"2020","journal-title":"Network and Distributed Systems Security Symposium (NDSS)"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243829"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134015"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1109\/IPCCC47392.2019.8958761"},{"key":"ref18","first-page":"226","article-title":"A density-based algorithm for discovering clusters in large spatial databases with noise","volume":"96","author":"ester","year":"1996","journal-title":"Proceedings of the ACM International Conference on Knowledge Discovery and Data Mining (KDD)"},{"key":"ref24","first-page":"469","article-title":"Detecting credential spearphishing in enterprise settings","author":"ho","year":"2017","journal-title":"26th USENIX Security Symposium"},{"key":"ref45","article-title":"Ten strategies of a world-class cybersecurity operations center","author":"zimmerman","year":"2014","journal-title":"Technical Report"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24270"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2016.50"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1162\/neco.1997.9.8.1735"},{"key":"ref42","first-page":"5998","article-title":"Attention is all you need","author":"vaswani","year":"2017","journal-title":"Advances in Neural Information Processing Systems (NIPS)"},{"key":"ref20","first-page":"315","article-title":"Deep sparse rectifier neural networks","author":"glorot","year":"2011","journal-title":"Proceedings of the Fourteenth International Conference on Artificial Intelligence and Statistics"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1145\/3359789.3359800"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1145\/1629575.1629587"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23349"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-66332-6_21"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24046"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3354239"},{"key":"ref27","article-title":"Attention is not explanation","author":"jain","year":"2019","journal-title":"arXiv preprint arXiv 1902 10869"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1214\/aoms\/1177729694"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.3115\/v1\/D14-1179"},{"key":"ref7","article-title":"Language models are few-shot learners","author":"brown","year":"2020","journal-title":"arXiv preprint arXiv 2005 14354"},{"key":"ref9","article-title":"Alarm reduction and correlation in intrusion detection systems","author":"chyssler","year":"2004","journal-title":"Detection of intrusions and malware & vulnerability assessment GI SIG SIDAR workshop DIMVA 2004 Gesellschaft fur Informatik ev"},{"key":"ref4","article-title":"Neural machine translation by jointly learning to align and translate","author":"bahdanau","year":"2014","journal-title":"arXiv preprint arXiv 1409 0473"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-36708-4_62"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1145\/3217871.3217872"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1145\/361002.361007"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.3115\/v1\/P14-1146"}],"event":{"name":"2022 IEEE Symposium on Security and Privacy (SP)","location":"San Francisco, CA, USA","start":{"date-parts":[[2022,5,22]]},"end":{"date-parts":[[2022,5,26]]}},"container-title":["2022 IEEE Symposium on Security and Privacy (SP)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/9833550\/9833558\/09833671.pdf?arnumber=9833671","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,11,8]],"date-time":"2023-11-08T23:15:14Z","timestamp":1699485314000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/9833671\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,5]]},"references-count":45,"URL":"https:\/\/doi.org\/10.1109\/sp46214.2022.9833671","relation":{},"subject":[],"published":{"date-parts":[[2022,5]]}}}