{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,4]],"date-time":"2026-02-04T17:16:08Z","timestamp":1770225368515,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":37,"publisher":"ACM","license":[{"start":{"date-parts":[[2023,11,21]],"date-time":"2023-11-21T00:00:00Z","timestamp":1700524800000},"content-version":"vor","delay-in-days":6,"URL":"http:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100006602","name":"Air Force Research Laboratory","doi-asserted-by":"publisher","award":["FA8750-19-1-0152"],"award-info":[{"award-number":["FA8750-19-1-0152"]}],"id":[{"id":"10.13039\/100006602","id-type":"DOI","asserted-by":"publisher"}]},{"name":"CyberSec4Europe","award":["830929"],"award-info":[{"award-number":["830929"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,11,15]]},"DOI":"10.1145\/3576915.3616581","type":"proceedings-article","created":{"date-parts":[[2023,11,21]],"date-time":"2023-11-21T12:35:13Z","timestamp":1700570113000},"page":"2770-2784","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":16,"title":["Alert Alchemy: SOC Workflows and Decisions in the Management of NIDS Rules"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0008-8460-1466","authenticated-orcid":false,"given":"Mathew","family":"Vermeer","sequence":"first","affiliation":[{"name":"Delft University of Technology, Delft, Netherlands"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8831-6744","authenticated-orcid":false,"given":"Natalia","family":"Kadenko","sequence":"additional","affiliation":[{"name":"Delft University of Technology, Delft, Netherlands"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0338-2812","authenticated-orcid":false,"given":"Michel","family":"van Eeten","sequence":"additional","affiliation":[{"name":"Delft University of Technology, Delft, Netherlands"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4699-3007","authenticated-orcid":false,"given":"Carlos","family":"Ga\u00f1\u00e1n","sequence":"additional","affiliation":[{"name":"Delft University of Technology, Delft, Netherlands"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6667-0440","authenticated-orcid":false,"given":"Simon","family":"Parkin","sequence":"additional","affiliation":[{"name":"Delft University of Technology, Delft, Netherlands"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2023,11,21]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1080\/23742917.2019.1698178"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2020.102122"},{"key":"e_1_3_2_1_3_1","volume-title":"Proceedings of the 31st USENIX Security Symposium (USENIX Security). USENIX Association","author":"Alahmadi Bushra A.","year":"2022","unstructured":"Bushra A. Alahmadi, Louise Axon, and Ivan Martinovic. 2022. 99% False Positives: A Qualitative Study of SOC Analysts' Perspectives on Security Alarms. In Proceedings of the 31st USENIX Security Symposium (USENIX Security). USENIX Association, Boston, MA, 2783--2800. https:\/\/www.usenix.org\/conference\/ usenixsecurity22\/presentation\/alahmadi"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"crossref","unstructured":"Ali Sercan Basyurt Jennifer Fromm Philipp Kuehn Marc-Andr\u00e9 Kaufhold and Milad Mirbabaie. 2022. Help Wanted-Challenges in Data Collection Analysis and Communication of Cyber Threats in Security Operation Centers. (2022).","DOI":"10.1201\/9781003218555-5"},{"key":"e_1_3_2_1_5_1","volume-title":"Using thematic analysis in psychology. Qualitative research in psychology 3, 2","author":"Braun Virginia","year":"2006","unstructured":"Virginia Braun and Victoria Clarke. 2006. Using thematic analysis in psychology. Qualitative research in psychology 3, 2 (2006), 77--101."},{"key":"e_1_3_2_1_6_1","volume-title":"One size fits all? What counts as quality practice in (reflexive) thematic analysis? Qualitative research in psychology 18, 3","author":"Braun Virginia","year":"2021","unstructured":"Virginia Braun and Victoria Clarke. 2021. One size fits all? What counts as quality practice in (reflexive) thematic analysis? Qualitative research in psychology 18, 3 (2021), 328--352."},{"key":"e_1_3_2_1_7_1","unstructured":"Bricata. 2021. IDS is Dead! Long Live IDS! An Analyst Prediction from 2003 Remains Relevant. https:\/\/bricata.com\/blog\/ids-is-dead\/"},{"key":"e_1_3_2_1_8_1","unstructured":"Cisco. 2021. Snort - Network Intrusion Detection & Prevention System. https: \/\/www.snort.org\/"},{"key":"e_1_3_2_1_9_1","unstructured":"Cisco. 2021. Talos - Author of the Official Snort Rule Sets. https:\/\/www.snort. org\/talos"},{"key":"e_1_3_2_1_10_1","unstructured":"European Commission. 2021. Four eyes principle | CROS. https:\/\/ec.europa.eu\/ eurostat\/cros\/content\/four-eyes-principle_en"},{"key":"e_1_3_2_1_11_1","volume-title":"Common and best practices for security operations centers: Results of the 2019 SOC survey. SANS","author":"Crowley Chris","year":"2019","unstructured":"Chris Crowley and John Pescatore. 2019. Common and best practices for security operations centers: Results of the 2019 SOC survey. SANS, Bethesda, MD, USA, Tech. Rep (2019)."},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/BigData47090.2019.9006073"},{"key":"e_1_3_2_1_13_1","volume-title":"Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security","author":"Jacobs Arthur S.","unstructured":"Arthur S. Jacobs, Roman Beltiukov, Walter Willinger, Ronaldo A. Ferreira, Arpit Gupta, and Lisandro Z. Granville. 2022. AI\/ML for Network Security: The Emperor Has No Clothes. In Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security (Los Angeles, CA, USA) (CCS '22). Association for Computing Machinery, New York, NY, USA, 1537--1551. https:\/\/doi.org\/10.1145\/ 3548606.3560609"},{"key":"e_1_3_2_1_14_1","volume-title":"The Menlo Report: Ethical principles guiding information and communication technology research. Available at SSRN 2445102","author":"Kenneally Erin","year":"2012","unstructured":"Erin Kenneally and David Dittrich. 2012. The Menlo Report: Ethical principles guiding information and communication technology research. Available at SSRN 2445102 (2012)."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3354239"},{"key":"e_1_3_2_1_16_1","volume-title":"IS Management Handbook","author":"Mell P.","unstructured":"P. Mell. 2003. Understanding Intrusion Detection Systems. In IS Management Handbook. Auerbach Publications, 409--418."},{"key":"e_1_3_2_1_17_1","volume-title":"Kitsune: An Ensemble of Autoencoders for Online Network Intrusion Detection.","author":"Mirsky Y.","year":"2018","unstructured":"Y. Mirsky, T. Doitshman, Y. Elovici, and A. Shabtai. 2018. Kitsune: An Ensemble of Autoencoders for Online Network Intrusion Detection. (2018)."},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1109\/CyberSecPODS.2019.8885237"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/3274694.3274710"},{"key":"e_1_3_2_1_20_1","unstructured":"Ponemon Institute LLC. 2019. Improving the Effectiveness of the Security Operations Center. http:\/\/www.surfline.com\/surf-news\/maldives-surf-accesscontroversy- update_75296\/"},{"key":"e_1_3_2_1_21_1","unstructured":"The Zeek Project. 2020. The Zeek Network Security Monitor. https:\/\/zeek.org\/"},{"key":"e_1_3_2_1_22_1","unstructured":"Proofpoint. 2021. Emerging Threats Pro Ruleset | Proofpoint. https:\/\/www. proofpoint.com\/us\/threat-insight\/et-pro-ruleset"},{"key":"e_1_3_2_1_23_1","volume-title":"Proceedings of Blackhat 2017","author":"Sanders Hillary","year":"2017","unstructured":"Hillary Sanders and Joshua Saxe. 2017. Garbage in, garbage out: how purportedly great ML models can be screwed up by bad data. Proceedings of Blackhat 2017 (2017)."},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2018.2871744"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1109\/TETCI.2017.2772792"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.24251\/HICSS.2022.907"},{"key":"e_1_3_2_1_27_1","volume-title":"23rd Pacific Asia Conference on Information Systems (PACIS","author":"Siregar Sessika","year":"2019","unstructured":"Sessika Siregar and Kuo-Chung Chang. 2019. Cybersecurity agility: antecedents and effects on security incident management effectiveness. In 23rd Pacific Asia Conference on Information Systems (PACIS 2019). 8--12."},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/VIZSEC.2018.8709231"},{"key":"e_1_3_2_1_29_1","volume-title":"Proceedings of the 2013 IEEE Advance Computing Conference (IACC). IEEE, IEEE, 682--689","author":"Srivastav N.","unstructured":"N. Srivastav and R.K. Challa. 2013. Novel Intrusion Detection System Integrating Layered Framework with Neural Network. In Proceedings of the 2013 IEEE Advance Computing Conference (IACC). IEEE, IEEE, 682--689."},{"key":"e_1_3_2_1_30_1","volume-title":"Eleventh Symposium On Usable Privacy and Security (SOUPS","author":"Sundaramurthy Sathya Chandran","year":"2015","unstructured":"Sathya Chandran Sundaramurthy, Alexandru G Bardas, Jacob Case, Xinming Ou, Michael Wesch, John McHugh, and S Raj Rajagopalan. 2015. A human capital model for mitigating security analyst burnout. In Eleventh Symposium On Usable Privacy and Security (SOUPS 2015). 347--359."},{"key":"e_1_3_2_1_31_1","volume-title":"Twelfth Symposium on Usable Privacy and Security ({SOUPS}","author":"Sundaramurthy Sathya Chandran","year":"2016","unstructured":"Sathya Chandran Sundaramurthy, John McHugh, Xinming Ou, Michael Wesch, Alexandru G Bardas, and S Raj Rajagopalan. 2016. Turning contradictions into innovations or: How we learned to stop whining and improve security operations. In Twelfth Symposium on Usable Privacy and Security ({SOUPS} 2016). 237--251."},{"key":"e_1_3_2_1_32_1","unstructured":"Suricata. 2021. Suricata | Open Source IDS \/ IPS \/ NSM engine. https:\/\/suricataids. org\/"},{"key":"e_1_3_2_1_33_1","volume-title":"The black swan: The impact of the highly improbable","author":"Taleb Nassim Nicholas","unstructured":"Nassim Nicholas Taleb. 2007. The black swan: The impact of the highly improbable. Vol. 2. Random house."},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1109\/EDCC.2018.00031"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/3488932.3517412"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/1920261.1920279"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1109\/BigData47090.2019.9006555"}],"event":{"name":"CCS '23: ACM SIGSAC Conference on Computer and Communications Security","location":"Copenhagen Denmark","acronym":"CCS '23","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3576915.3616581","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3576915.3616581","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3576915.3616581","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,21]],"date-time":"2025-08-21T01:34:40Z","timestamp":1755740080000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3576915.3616581"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,11,15]]},"references-count":37,"alternative-id":["10.1145\/3576915.3616581","10.1145\/3576915"],"URL":"https:\/\/doi.org\/10.1145\/3576915.3616581","relation":{},"subject":[],"published":{"date-parts":[[2023,11,15]]},"assertion":[{"value":"2023-11-21","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}