{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,15]],"date-time":"2026-05-15T02:36:50Z","timestamp":1778812610161,"version":"3.51.4"},"reference-count":34,"publisher":"Association for Computing Machinery (ACM)","issue":"4","license":[{"start":{"date-parts":[[2020,10,1]],"date-time":"2020-10-01T00:00:00Z","timestamp":1601510400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"National Science Foundation","award":["1526383 & 1742789"],"award-info":[{"award-number":["1526383 & 1742789"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Manage. Inf. Syst."],"published-print":{"date-parts":[[2020,12,31]]},"abstract":"<jats:p>\n            Many cyber attack actions can be observed, but the observables often exhibit intricate feature dependencies, non-homogeneity, and potentially rare yet critical samples. This work tests the ability to learn, model, and synthesize cyber intrusion alerts through Generative Adversarial Networks (GANs), which explore the feature space by reconciling between randomly generated samples and data that reflect a mixture of diverse attack behaviors without\n            <jats:italic>a priori<\/jats:italic>\n            knowledge. Through a comprehensive analysis using Jensen-Shannon Divergence, Conditional and Joint Entropy, and mode drops and additions, we show that the Wasserstein-GAN with Gradient Penalty and Mutual Information is more effective in learning to generate realistic alerts than models without Mutual Information constraints. We further show that the added Mutual Information constraint pushes the model to explore the feature space more thoroughly and increases the generation of low probability, yet critical, alert features. This research demonstrates the novel and promising application of unsupervised GANs to learn from limited yet diverse intrusion alerts to generate synthetic alerts that emulate critical dependencies, opening the door to proactive, data-driven cyber threat analyses.\n          <\/jats:p>","DOI":"10.1145\/3394503","type":"journal-article","created":{"date-parts":[[2020,8,15]],"date-time":"2020-08-15T13:19:38Z","timestamp":1597497578000},"page":"1-21","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":6,"title":["On the Variety and Veracity of Cyber Intrusion Alerts Synthesized by Generative Adversarial Networks"],"prefix":"10.1145","volume":"11","author":[{"given":"Christopher","family":"Sweet","sequence":"first","affiliation":[{"name":"Rochester Institute of Technology, Rochester NY, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Stephen","family":"Moskal","sequence":"additional","affiliation":[{"name":"Rochester Institute of Technology, Rochester NY, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Shanchieh Jay","family":"Yang","sequence":"additional","affiliation":[{"name":"Rochester Institute of Technology, Rochester NY, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2020,10]]},"reference":[{"key":"e_1_2_1_1_1","volume-title":"Proceedings of AAAI-19 Workshop on Engineering Dependable and Secure Machine Learning Systems. http:\/\/arxiv.org\/abs\/1812","author":"Amit Idan","year":"2019"},{"key":"e_1_2_1_2_1","volume-title":"Proceedings of the Blackhat Conference.","author":"Anderson Hyrum S.","year":"2017"},{"key":"e_1_2_1_3_1","volume-title":"Proceedings of the 34th International Conference on Machine Learning (ICML\u201917)","author":"Arjovsky Mart\u00edn","year":"2017"},{"key":"e_1_2_1_4_1","volume-title":"Proceedings of the International Conference on Machine Learning. http:\/\/arxiv.org\/abs\/1801","author":"Belghazi Ishmael"},{"key":"e_1_2_1_5_1","volume-title":"Proceedings of AAAI-19 Workshop on Engineering Dependable and Secure Machine Learning Systems. http:\/\/arxiv.org\/abs\/1811","author":"Bowles Christopher","year":"2018"},{"key":"e_1_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1609\/aaai.v32i1.11312"},{"key":"e_1_2_1_7_1","volume-title":"Deep Security: Cyber Security Threat Behavior Classification. Retrieved","author":"Faber Isaac","year":"2018"},{"key":"e_1_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2008.924605"},{"key":"e_1_2_1_9_1","volume-title":"Proceedings of ICML Time Series Workshop.","author":"Filonov Pavel","year":"2017"},{"key":"e_1_2_1_10_1","volume-title":"Proceedings of the NIPS Time Series Workshop.","author":"Filonov Pavel","year":"2016"},{"key":"e_1_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICASSP.2018.8462018"},{"key":"e_1_2_1_12_1","volume-title":"Proceedings of Advances in Neural Information Processing Systems 27","author":"Goodfellow Ian","year":"2014"},{"key":"e_1_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.5555\/3295222.3295327"},{"key":"e_1_2_1_14_1","doi-asserted-by":"crossref","unstructured":"Changhee Han Leonardo Rundo Ryosuke Araki Yujiro Furukawa Giancarlo Mauri Hideki Nakayama and Hideaki Hayashi. 2019. Infinite brain MR images: PGGAN-based data augmentation for tumor detection. arxiv:1903.12564.  Changhee Han Leonardo Rundo Ryosuke Araki Yujiro Furukawa Giancarlo Mauri Hideki Nakayama and Hideaki Hayashi. 2019. Infinite brain MR images: PGGAN-based data augmentation for tumor detection. arxiv:1903.12564.","DOI":"10.1007\/978-981-13-8950-4_27"},{"key":"e_1_2_1_15_1","volume-title":"Proceedings of the 2015 11th International Conference on Natural Computation (ICNC\u201915)","author":"Hu Liang","year":"2015"},{"key":"e_1_2_1_16_1","volume-title":"Proceedings of the AAAI Conference on Artificial Intelligence.","author":"Hu Weiwei","year":"2018"},{"key":"e_1_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2019.00453"},{"key":"e_1_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2017.19"},{"key":"e_1_2_1_19_1","volume-title":"IDSGAN: Generative adversarial networks for attack generation against intrusion detection. arxiv:1809.02077.","author":"Lin Zilong","year":"2018"},{"key":"e_1_2_1_20_1","unstructured":"Stephen Moskal and Shanchieh Jay Yang. 2020. Cyberattack action-intent-framework for mapping intrusion observables. arxiv:cs.CR\/2002.07838.  Stephen Moskal and Shanchieh Jay Yang. 2020. Cyberattack action-intent-framework for mapping intrusion observables. arxiv:cs.CR\/2002.07838."},{"key":"e_1_2_1_21_1","volume-title":"Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition (CVPR\u201919)","author":"Nielsen Christopher","year":"2019"},{"key":"e_1_2_1_22_1","series-title":"AFCEA\u201909: Critical Issues in C41 in Armed Forces Communications and Electronics Association Solutions Series.","volume-title":"Advanced vulnerability analysis and intrusion detection through predictive attack graphs","author":"Noel Steven"},{"key":"e_1_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2018.00237"},{"key":"e_1_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/DESEC.2018.8625145"},{"key":"e_1_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1109\/SPW.2018.00019"},{"key":"e_1_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243811"},{"key":"e_1_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2017.241"},{"key":"e_1_2_1_28_1","volume-title":"Proceedings of the AAAI Conference on Artificial Intelligence. https:\/\/aaai.org\/ocs\/index.php\/AAAI\/AAAI18\/paper\/view\/16508","author":"Su Hui","year":"2018"},{"key":"e_1_2_1_29_1","volume-title":"Synthesizing Cyber Intrusion Alerts Using Generative Adversarial Networks. Retrieved","author":"Sweet Christopher","year":"2020"},{"key":"e_1_2_1_30_1","volume-title":"Proceedings of the 2nd IEEE International Conference on Computational Intelligence for Security and Defense Applications (CISDA\u201909)","author":"Tavallaee Mahbod"},{"key":"e_1_2_1_31_1","volume-title":"et\u00a0al","author":"Touch Joe","year":"2018"},{"key":"e_1_2_1_32_1","volume-title":"Proceedings of the IEEE 2nd International Conference on Big Data Security on Cloud. 49--54","author":"Veeramachaneni Kalyan","year":"2016"},{"key":"e_1_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.4028\/www.scientific.net\/AMM.667.218"},{"key":"e_1_2_1_34_1","volume-title":"Proceedings of the 2017 IEEE International Conference on Computer Vision (ICCV -17)","author":"Zhu Jun-Yan"}],"container-title":["ACM Transactions on Management Information Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3394503","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3394503","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3394503","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T21:31:30Z","timestamp":1750195890000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3394503"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,10]]},"references-count":34,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2020,12,31]]}},"alternative-id":["10.1145\/3394503"],"URL":"https:\/\/doi.org\/10.1145\/3394503","relation":{},"ISSN":["2158-656X","2158-6578"],"issn-type":[{"value":"2158-656X","type":"print"},{"value":"2158-6578","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020,10]]},"assertion":[{"value":"2019-11-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2020-04-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2020-10-01","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}