{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,4]],"date-time":"2026-03-04T00:23:41Z","timestamp":1772583821986,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":61,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,4,8]],"date-time":"2024-04-08T00:00:00Z","timestamp":1712534400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,4,8]]},"DOI":"10.1145\/3605098.3635981","type":"proceedings-article","created":{"date-parts":[[2024,5,21]],"date-time":"2024-05-21T17:59:16Z","timestamp":1716314356000},"page":"1385-1394","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":4,"title":["Finding Harmony in the Noise: Blending Security Alerts for Attack Detection"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0004-6152-4374","authenticated-orcid":false,"given":"Tom-Martijn","family":"Roelofs","sequence":"first","affiliation":[{"name":"ING Bank, Amsterdam, Netherlands"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7878-2514","authenticated-orcid":false,"given":"Eduardo","family":"Barbaro","sequence":"additional","affiliation":[{"name":"ING Bank, Amsterdam, Netherlands"},{"name":"TU Delft, Delft, Netherlands"}]},{"ORCID":"https:\/\/orcid.org\/0009-0002-4651-5854","authenticated-orcid":false,"given":"Svetlana","family":"Pekarskikh","sequence":"additional","affiliation":[{"name":"ING Bank, Amsterdam, Netherlands"}]},{"ORCID":"https:\/\/orcid.org\/0009-0009-0741-4592","authenticated-orcid":false,"given":"Katarzyna","family":"Orzechowska","sequence":"additional","affiliation":[{"name":"ING Bank, Katowice, Poland"}]},{"ORCID":"https:\/\/orcid.org\/0009-0002-4202-5057","authenticated-orcid":false,"given":"Marta","family":"Kwapie\u0144","sequence":"additional","affiliation":[{"name":"ING Bank, Katowice, Poland"}]},{"ORCID":"https:\/\/orcid.org\/0009-0002-3010-2000","authenticated-orcid":false,"given":"Jakub","family":"Tyrlik","sequence":"additional","affiliation":[{"name":"ING Bank, Katowice, Poland"}]},{"ORCID":"https:\/\/orcid.org\/0009-0004-6572-9131","authenticated-orcid":false,"given":"Dinu","family":"Smadu","sequence":"additional","affiliation":[{"name":"ING Bank, Amsterdam, Netherlands"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0338-2812","authenticated-orcid":false,"given":"Michel","family":"Van Eeten","sequence":"additional","affiliation":[{"name":"TU Delft, Delft, Netherlands"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9116-0728","authenticated-orcid":false,"given":"Yury","family":"Zhauniarovich","sequence":"additional","affiliation":[{"name":"TU Delft, Delft, Netherlands"}]}],"member":"320","published-online":{"date-parts":[[2024,5,21]]},"reference":[{"key":"e_1_3_2_1_1_1","first-page":"8887","article-title":"Collection mechanism and reduction of IDS alert","volume":"975","author":"Al-Saedi K.H.","year":"2012","unstructured":"K.H. Al-Saedi, S. Ramadass, A. Almomani, S. Manickam, and W. Alsalihy. 2012. Collection mechanism and reduction of IDS alert. International Journal of Computer Applications 975 (2012), 8887.","journal-title":"International Journal of Computer Applications"},{"key":"e_1_3_2_1_2_1","volume-title":"False Positives: A Qualitative Study of SOC Analysts' Perspectives on Security Alarms. In USENIX Security. 2783--2800.","author":"Alahmadi B.","year":"2022","unstructured":"B. Alahmadi, L. Axon, and I. Martinovic. 2022. 99% False Positives: A Qualitative Study of SOC Analysts' Perspectives on Security Alarms. In USENIX Security. 2783--2800."},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"crossref","unstructured":"E. Alpaydin. 2014. Introduction to Machine Learning (3 ed.).","DOI":"10.1016\/B978-0-12-800953-6.00001-3"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.3233\/DS-190027"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"crossref","unstructured":"S. Boughorbel F. Jarray and M. El-Anbari. 2017. Optimal classifier for imbalanced data using Matthews Correlation Coefficient metric. PLOS ONE 12 6 (06 2017) 1--17.","DOI":"10.1371\/journal.pone.0177678"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10586-020-03203-1"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2015.2494502"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1061\/(ASCE)WR.1943-5452.0001007"},{"key":"e_1_3_2_1_9_1","volume-title":"International Conference on Communications and Intelligence Information Security. 215--219","author":"Chang J.","unstructured":"J. Chang, J. Yu, and Y. Pei. 2010. MS2IFS: A Multiple Source-Based Security Information Fusion System. In International Conference on Communications and Intelligence Information Security. 215--219."},{"key":"e_1_3_2_1_10_1","volume-title":"SMOTE: Synthetic Minority Over-sampling Technique. J. Artif. Intell. Res. (JAIR) 16 (06","author":"Chawla N.","year":"2002","unstructured":"N. Chawla, K. Bowyer, L. Hall, and W. Kegelmeyer. 2002. SMOTE: Synthetic Minority Over-sampling Technique. J. Artif. Intell. Res. (JAIR) 16 (06 2002), 321--357."},{"key":"e_1_3_2_1_11_1","volume-title":"Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. 785--794","author":"Chen T.","unstructured":"T. Chen and C. Guestrin. 2016. XGBoost: A Scalable Tree Boosting System. In Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. 785--794."},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2022.3161636"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"crossref","unstructured":"D. Chicco and G. Jurman. 2020. The advantages of the Matthews correlation coefficient (MCC) over F1 score and accuracy in binary classification evaluation. BMC Genomics 21 (01 2020).","DOI":"10.1186\/s12864-019-6413-7"},{"key":"e_1_3_2_1_14_1","volume-title":"IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises. 229--234","author":"Chyssler T.","unstructured":"T. Chyssler, S. Nadjm-Tehrani, S. Burschka, and K. Burbeck. 2004. Alarm reduction and correlation in defence of IP networks. In IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises. 229--234."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2019.09.005"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSG.2020.2965797"},{"key":"e_1_3_2_1_17_1","volume-title":"IEEE Symposium on Security and Privacy. 202--215","author":"Cuppens F.","unstructured":"F. Cuppens and A. Miege. 2002. Alert correlation in a cooperative intrusion detection framework. In IEEE Symposium on Security and Privacy. 202--215."},{"key":"e_1_3_2_1_18_1","unstructured":"A. Delplace S. Hermoso and K. Anandita. 2020. Cyber Attack Detection thanks to Machine Learning Algorithms. https:\/\/arxiv.org\/abs\/2001.06309"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"crossref","unstructured":"M. Esmaili R. Safavi-Naini and J. Pieprzyk. 1996. Evidential reasoning in network intrusion detection systems. In Information Security and Privacy. 253--265.","DOI":"10.1007\/BFb0023304"},{"key":"e_1_3_2_1_20_1","first-page":"1","article-title":"SMOTE for Learning from Imbalanced Data: Progress and Challenges, Marking the 15-Year Anniversary","volume":"61","author":"Fern\u00e1ndez A.","year":"2018","unstructured":"A. Fern\u00e1ndez, S. Garc\u00eda, F. Herrera, and N.V. Chawla. 2018. SMOTE for Learning from Imbalanced Data: Progress and Challenges, Marking the 15-Year Anniversary. J. Artif. Int. Res. 61, 1 (jan 2018), 863--905.","journal-title":"J. Artif. Int. Res."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1214\/aos\/1013203451"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"crossref","unstructured":"G. Gonz\u00e1lez-Granadillo S. Gonz\u00e1lez-Zarzosa and R. Diaz. 2021. Security Information and Event Management (SIEM): Analysis Trends and Usage in Critical Infrastructures. Sensors 21 14 (2021).","DOI":"10.3390\/s21144759"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"crossref","unstructured":"J.L. Guerra C. Catania and E. Veas. 2022. Datasets Are Not Enough: Challenges in Labeling Network Traffic. Comput. Secur. 120 (sep 2022).","DOI":"10.1016\/j.cose.2022.102810"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/TKDE.2008.239"},{"key":"e_1_3_2_1_25_1","volume-title":"IEEE\/IFIP International Conference on Dependable Systems and Networks. 479--490","author":"Hu X.","unstructured":"X. Hu, J. Jang, M.P. Stoecklin, T. Wang, D.L. Schales, D. Kirat, and J.R. Rao. 2016. BAYWATCH: Robust Beaconing Detection to Identify Infected Hosts in Large-Scale Enterprise Networks. In IEEE\/IFIP International Conference on Dependable Systems and Networks. 479--490."},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.comcom.2014.04.012"},{"key":"e_1_3_2_1_27_1","unstructured":"O. Hughes. 2022. Cybersecurity burnout is real. And it's going to be a problem for all of us. Retrieved 12.07.2022 from https:\/\/www.zdnet.com\/article\/cybersecurity-burnout-is-real-and-its-going-to-be-a-problem-for-all-of-us\/"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"crossref","unstructured":"B. Jia Y. Tian D. Zhao X. Wang C. Li W. Niu E. Tong and J. Liu. 2021. Bidirectional RNN-Based Few-Shot Training for Detecting Multi-stage Attack. In Information Security and Cryptology. 37--52.","DOI":"10.1007\/978-3-030-71852-7_3"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2020.101984"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2920326"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2022.3168976"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/3510581"},{"key":"e_1_3_2_1_33_1","volume-title":"SIERRA: Ranking Anomalous Activities in Enterprise Networks. In IEEE European Symposium on Security and Privacy. 44--59","author":"Lee J.","unstructured":"J. Lee, F. Tang, P. Thet, D. Yeoh, M. Rybczynski, and D. Divakaran. 2022. SIERRA: Ranking Anomalous Activities in Enterprise Networks. In IEEE European Symposium on Security and Privacy. 44--59."},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"crossref","unstructured":"D. Levshun and I. Kotenko. 2023. A survey on artificial intelligence techniques for security event correlation: models challenges and opportunities. Artificial Intelligence Review (2023) 1--44.","DOI":"10.21203\/rs.3.rs-1975426\/v1"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"crossref","unstructured":"S. Li Q. Zhang X. Wu W. Han Z. Tian and S. Yu. 2021. Attribution Classification Method of APT Malware in IoT Using Machine Learning Techniques. Sec. and Commun. Netw. (jan 2021) 12 pages.","DOI":"10.1155\/2021\/9396141"},{"key":"e_1_3_2_1_37_1","volume-title":"Network IDS Duplicate Alarm Reduction Using Improved SNM Algorithm. In IEEE International Conference on Image, Vision and Computing. 767--774","author":"Lu X.","unstructured":"X. Lu, X. Du, and W. Wang. 2018. Network IDS Duplicate Alarm Reduction Using Improved SNM Algorithm. In IEEE International Conference on Image, Vision and Computing. 767--774."},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1016\/0005-2795(75)90109-9"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1007\/BF02295996"},{"key":"e_1_3_2_1_40_1","unstructured":"Mitre. [n. d.]. The MITRE's ATT&CK framework. Retrieved 04.07.2022 from https:\/\/attack.mitre.org\/"},{"key":"e_1_3_2_1_41_1","volume-title":"Rule-based distributed intrusion detection. Ph. D. Dissertation","author":"Mounji A.","unstructured":"A. Mounji. 1997. Rule-based distributed intrusion detection. Ph. D. Dissertation. Institute d'Informatique, University of Namur, Belgium."},{"key":"e_1_3_2_1_42_1","volume-title":"Artificial intelligence and cyber security - face to face with cyber-attack - A Maltese case of risk management. ECOFORUM 9","author":"Mo\u015fteanu N.R.","year":"2020","unstructured":"N.R. Mo\u015fteanu. 2020. Artificial intelligence and cyber security - face to face with cyber-attack - A Maltese case of risk management. ECOFORUM 9 (2020). Issue 2."},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"crossref","unstructured":"M. Musser and A. Garriott. 2021. Machine Learning and Cybersecurity: Hype and Reality. Technical Report. Center for Security and Emerging Technology. https:\/\/cset.georgetown.edu\/publication\/machine-learning-and-cybersecurity\/","DOI":"10.51593\/2020CA004"},{"key":"e_1_3_2_1_44_1","volume-title":"SoK: Explainable Machine Learning for Computer Security Applications. In IEEE European Symposium on Security and Privacy. 221--240","author":"Nadeem A.","unstructured":"A. Nadeem, D. Vos, C. Cao, L. Pajola, S. Dieck, R. Baumgartner, and S. Verwer. 2023. SoK: Explainable Machine Learning for Computer Security Applications. In IEEE European Symposium on Security and Privacy. 221--240."},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2018.03.001"},{"key":"e_1_3_2_1_46_1","volume-title":"2018 IEEE Wireless Communications and Networking Conference (WCNC). 1--6.","author":"Nguyen K.K.","unstructured":"K.K. Nguyen, D.T. Hoang, D. Niyato, P. Wang, D. Nguyen, and E. Dutkiewicz. 2018. Cyberattack detection in mobile cloud computing: A deep learning approach. In 2018 IEEE Wireless Communications and Networking Conference (WCNC). 1--6."},{"key":"e_1_3_2_1_47_1","unstructured":"D. Nielsen. 2016. Tree Boosting With XGBoost. Why Does XGBoost Win \"Every\" Machine Learning Competition? Master's thesis. NTNU."},{"key":"e_1_3_2_1_48_1","volume-title":"SILU: Strategy Involving Large-scale Unlabeled Logs for Improving Malware Detector. In IEEE Symposium on Computers and Communications. 1--7.","author":"Nishiyama T.","unstructured":"T. Nishiyama, A. Kumagai, K. Kamiya, and K. Takahashi. 2020. SILU: Strategy Involving Large-scale Unlabeled Logs for Improving Malware Detector. In IEEE Symposium on Computers and Communications. 1--7."},{"key":"e_1_3_2_1_49_1","volume-title":"MADE: Security Analytics for Enterprise Threat Detection. In Annual Computer Security Applications Conference. 124--136","author":"Oprea A.","unstructured":"A. Oprea, Z. Li, R. Norris, and K. Bowers. 2018. MADE: Security Analytics for Enterprise Threat Detection. In Annual Computer Security Applications Conference. 124--136."},{"key":"e_1_3_2_1_50_1","unstructured":"F. Pendlebury F. Pierazzi R. Jordaney J. Kinder and L. Cavallaro. 2019. TESSER-ACT: Eliminating Experimental Bias in Malware Classification across Space and Time. In USENIX Security. 729--746."},{"key":"e_1_3_2_1_51_1","unstructured":"Positive Technologies. 2021. Cybercriminals Can Penetrate 93% of Local Company Networks and Trigger 71% of Events Deemed 'Unacceptable' For Their Businesses. https:\/\/www.ptsecurity.com\/ww-en\/about\/news\/positive-technologies-cybercriminals-can-penetrate-93-of-local-company-networks-and-trigger-71-of-events-deemed-unacceptable-for-their-businesses\/"},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.14257\/ijsia.2014.8.1.23"},{"key":"e_1_3_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2020.2980942"},{"key":"e_1_3_2_1_54_1","first-page":"12","article-title":"Unbalanced Data","volume":"05","author":"Rosenberg D.","year":"2022","unstructured":"D. Rosenberg. 2022. Unbalanced Data? Stop Using ROC-AUC and Use AUPRC Instead. Retrieved 05.12.2022 from https:\/\/towardsdatascience.com\/imbalanced-data-stop-using-roc-auc-and-use-auprc-instead-46af4910a494","journal-title":"Stop Using ROC-AUC and Use AUPRC Instead. Retrieved"},{"key":"e_1_3_2_1_55_1","volume-title":"Notes on the N-Person Game - I: Characteristic-Point Solutions of the Four-Person Game","author":"Shapley L.S.","unstructured":"L.S. Shapley. 1951. Notes on the N-Person Game - I: Characteristic-Point Solutions of the Four-Person Game. RAND Corporation."},{"key":"e_1_3_2_1_56_1","volume-title":"Tiresias: Predicting Security Events Through Deep Learning. In ACM SIGSAC Conference on Computer and Communications Security. 592--605","author":"Shen Y.","unstructured":"Y. Shen, E. Mariconti, P.A. Vervier, and G. Stringhini. 2018. Tiresias: Predicting Security Events Through Deep Learning. In ACM SIGSAC Conference on Computer and Communications Security. 592--605."},{"key":"e_1_3_2_1_57_1","volume-title":"Outside the Closed World: On Using Machine Learning for Network Intrusion Detection. In IEEE Symposium on Security and Privacy. 305--316","author":"Sommer R.","unstructured":"R. Sommer and V. Paxson. 2010. Outside the Closed World: On Using Machine Learning for Network Intrusion Detection. In IEEE Symposium on Security and Privacy. 305--316."},{"key":"e_1_3_2_1_58_1","doi-asserted-by":"crossref","unstructured":"M.R. Stytz D.E. Lichtblau and S.B. Banks. 2005. Toward Using Intelligent Agents to Detect Assess and Counter Cyberattacks in a Network-Centric Environment. Technical Report. Institute for Defense Analyses.","DOI":"10.21236\/ADA464134"},{"key":"e_1_3_2_1_59_1","volume-title":"Symposium On Usable Privacy and Security. 347--359","author":"Sundaramurthy S.C.","unstructured":"S.C. Sundaramurthy, A.G. Bardas, J. Case, X. Ou, M. Wesch, J. McHugh, and S.R. Rajagopalan. 2015. A Human Capital Model for Mitigating Security Analyst Burnout. In Symposium On Usable Privacy and Security. 347--359."},{"key":"e_1_3_2_1_60_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2019.01.051"},{"key":"e_1_3_2_1_61_1","volume-title":"DEEPCASE: Semi-Supervised Contextual Analysis of Security Events. In IEEE Symposium on Security and Privacy. 522--539","author":"van Ede T.","unstructured":"T. van Ede, H. Aghakhani, N. Spahn, R. Bortolameotti, M. Cova, A. Continella, M. van Steen, A. Peter, C. Kruegel, and G. Vigna. 2022. DEEPCASE: Semi-Supervised Contextual Analysis of Security Events. In IEEE Symposium on Security and Privacy. 522--539."},{"key":"e_1_3_2_1_62_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2895334"}],"event":{"name":"SAC '24: 39th ACM\/SIGAPP Symposium on Applied Computing","location":"Avila Spain","acronym":"SAC '24","sponsor":["SIGAPP ACM Special Interest Group on Applied Computing"]},"container-title":["Proceedings of the 39th ACM\/SIGAPP Symposium on Applied Computing"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3605098.3635981","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3605098.3635981","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T16:36:15Z","timestamp":1750178175000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3605098.3635981"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,4,8]]},"references-count":61,"alternative-id":["10.1145\/3605098.3635981","10.1145\/3605098"],"URL":"https:\/\/doi.org\/10.1145\/3605098.3635981","relation":{},"subject":[],"published":{"date-parts":[[2024,4,8]]},"assertion":[{"value":"2024-05-21","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}