{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,5]],"date-time":"2026-05-05T16:20:44Z","timestamp":1777998044406,"version":"3.51.4"},"reference-count":90,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2015,2,27]],"date-time":"2015-02-27T00:00:00Z","timestamp":1424995200000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by\/4.0"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Journal of Big Data"],"published-print":{"date-parts":[[2015,12]]},"DOI":"10.1186\/s40537-015-0013-4","type":"journal-article","created":{"date-parts":[[2015,2,26]],"date-time":"2015-02-26T13:02:28Z","timestamp":1424955748000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":227,"title":["Intrusion detection and Big Heterogeneous Data: a Survey"],"prefix":"10.1186","volume":"2","author":[{"given":"Richard","family":"Zuech","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Taghi M","family":"Khoshgoftaar","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Randall","family":"Wald","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2015,2,27]]},"reference":[{"key":"13_CR1","doi-asserted-by":"crossref","first-page":"431","DOI":"10.1109\/BigData.Congress.2013.71","volume-title":"Big Data (BigData Congress), 2013 IEEE International Congress On","author":"M Nassar","year":"2013","unstructured":"Nassar M, al Bouna B, Malluhi Q: Secure outsourcing of network flow data analysis. In Big Data (BigData Congress), 2013 IEEE International Congress On. IEEE, Santa Clara, CA, USA; 2013:431\u2013432. 10.1109\/BigData.Congress.2013.71"},{"key":"13_CR2","volume-title":"Big Data Analytics for Security Intelligence","author":"Group BDW","year":"2013","unstructured":"Group BDW (2013) Big Data Analytics for Security Intelligence. Accessed 2015\u20131-10. https:\/\/downloads.cloudsecurityalliance.org\/initiatives\/bdwg\/Big_Data_Analytics_for_Security_Intelligence.pdf"},{"key":"13_CR3","volume-title":"A Case Study In Security Big Data Analysis","author":"E Chickowski","year":"2012","unstructured":"Chickowski E (2012) A Case Study In Security Big Data Analysis. . a-case-study-in-security-big-data-analysis\/d\/d-id\/1137299?. Accessed 2015\u20131-10. http:\/\/www.darkreading.com\/analytics\/security-monitoring"},{"key":"13_CR4","volume-title":"Moving Beyond SIEM For Strong Security Analytics","author":"E Chickowski","year":"2013","unstructured":"Chickowski E (2013) Moving Beyond SIEM For Strong Security Analytics. . 1141069?. Accessed 2015\u20131-10. http:\/\/www.darkreading.com\/moving-beyond-siem-for-strong-security-analytics\/d\/d-id"},{"key":"13_CR5","volume-title":"Big Data: Cyber Security\u2019s Silver Bullet? Intel Makes the Case","author":"K Marko","year":"2014","unstructured":"Marko K (2014) Big Data: Cyber Security\u2019s Silver Bullet? Intel Makes the Case. . Accessed 2015\u20131-10. http:\/\/www.forbes.com\/sites\/kurtmarko\/2014\/11\/09\/big-data-cyber-security\/ Accessed 2015-1-10."},{"key":"13_CR6","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1109\/IREP.2013.6629368","volume-title":"Bulk Power System Dynamics and Control - IX Optimization, Security and Control of the Emerging Power Grid (IREP), 2013 IREP Symposium","author":"M Kezunovic","year":"2013","unstructured":"Kezunovic M, Xie L, Grijalva S: The role of big data in improving power system operation and protection. In Bulk Power System Dynamics and Control - IX Optimization, Security and Control of the Emerging Power Grid (IREP), 2013 IREP Symposium. IEEE, Rethymno, Greece; 2013:1\u20139. 10.1109\/IREP.2013.6629368"},{"key":"13_CR7","volume-title":"Managing big data for smart grids and smart meters","author":"I Software","year":"2013","unstructured":"Software I (2013) Managing big data for smart grids and smart meters. . and_smart_meters.pdf. Accessed 2015\u20131-10. http:\/\/www-935.ibm.com\/services\/multimedia\/Managing_big_data_for_smart_grids Accessed 2015-1-10."},{"issue":"1","key":"13_CR8","doi-asserted-by":"crossref","first-page":"42","DOI":"10.1016\/j.jnca.2012.05.003","volume":"36","author":"C Modi","year":"2013","unstructured":"Modi C, Patel D, Borisaniya B, Patel H, Patel A, Rajarajan M: A survey of intrusion detection techniques in cloud. J Netw Comput Appl 2013,36(1):42\u201357. 10.1016\/j.jnca.2012.05.003","journal-title":"J Netw Comput Appl"},{"issue":"1","key":"13_CR9","doi-asserted-by":"crossref","first-page":"124","DOI":"10.1016\/j.cose.2009.06.008","volume":"29","author":"CV Zhou","year":"2010","unstructured":"Zhou CV, Leckie C, Karunasekera S: A survey of coordinated attacks and collaborative intrusion detection. Comput Secur 2010,29(1):124\u2013140. 10.1016\/j.cose.2009.06.008","journal-title":"Comput Secur"},{"key":"13_CR10","volume-title":"3d data management: Controlling data volume, velocity and variety","author":"D Laney","year":"2001","unstructured":"Laney D (2001) 3d data management: Controlling data volume, velocity and variety. Technical Report 949, META Group (now Gartner). http:\/\/blogs.gartner.com\/doug-laney\/files\/2012\/01\/ad949\u20133D-Data-Management-Controlling-Data-Volume-Velocity-and-Variety.pdf"},{"key":"13_CR11","volume-title":"Harness the power of big data The IBM big data platform","author":"P Zikopoulos","year":"2012","unstructured":"Zikopoulos P, Parasuraman K, Deutsch T, Giles J, Corrigan D: Harness the power of big data The IBM big data platform. McGraw Hill Professional, New York, NY; 2012."},{"key":"13_CR12","first-page":"1","volume-title":"Proceedings of the 17th national computer security conference. Vol. 10","author":"J Frank","year":"1994","unstructured":"Frank J: Artificial intelligence and intrusion detection: current and future directions. In Proceedings of the 17th national computer security conference. Vol. 10. Citeseer, Baltimore, MD, USA; 1994:1\u201312."},{"key":"13_CR13","volume-title":"Defense in depth. Technical report, National Security Agency","author":"Information Assurance Solutions Group","year":"2015","unstructured":"Information Assurance Solutions Group (2015) Defense in depth. Technical report, National Security Agency. . Accessed 2015\u20131-10. http:\/\/www.nsa.gov\/ia\/_files\/support\/defenseindepth.pdf Accessed 2015-1-10."},{"issue":"2","key":"13_CR14","doi-asserted-by":"crossref","first-page":"222","DOI":"10.1109\/TSE.1987.232894","volume":"SE-13","author":"DE Denning","year":"1987","unstructured":"Denning DE: An intrusion-detection model. Softw Eng IEEE Trans 1987,SE-13(2):222\u2013232. doi:10.1109\/TSE.1987.232894 doi:10.1109\/TSE.1987.232894 10.1109\/TSE.1987.232894","journal-title":"Softw Eng IEEE Trans"},{"key":"13_CR15","volume-title":"Snort, Home Page","author":"Sourcefire","year":"2015","unstructured":"Sourcefire (2015) Snort, Home Page. . Accessed 2015\u20131-10. http:\/\/www.snort.org\/ Accessed 2015-1-10."},{"key":"13_CR16","first-page":"229","volume-title":"LISA. Vol. 99","author":"M Roesch","year":"1999","unstructured":"Roesch M: Snort: Lightweight intrusion detection for networks. In LISA. Vol. 99. USENIX, Seattle, WA, USA; 1999:229\u2013238."},{"key":"13_CR17","volume-title":"The economic impact of cybercrime and cyber espionage","author":"Center for Strategic and International Studies","year":"2013","unstructured":"Center for Strategic and International Studies (2013) The economic impact of cybercrime and cyber espionage. Technical report. McAfee . http:\/\/www.mcafee.com\/us\/resources\/reports\/rp-economic-impact-cybercrime.pdf"},{"key":"13_CR18","volume-title":"2013 data breach investigations report.","author":"Verizon RISK Team","year":"2013","unstructured":"Verizon RISK Team (2013) 2013 data breach investigations report. Technical report. Verizon . http:\/\/www.verizonenterprise.com\/resources\/reports\/rp_data-breach-investigations-report-2013_en_xg.pdf"},{"key":"13_CR19","volume-title":"2012 cost of cyber crime study","author":"Ponemon Institute LLC","year":"2012","unstructured":"Ponemon Institute LLC (2012) 2012 cost of cyber crime study: United states. Technical report. Ponemon Institute . http:\/\/www.ponemon.org\/local\/upload\/file\/2012_US_Cost_of_Cyber_Crime_Study_FINAL6%20.pdf"},{"key":"13_CR20","doi-asserted-by":"crossref","first-page":"366","DOI":"10.1145\/775047.775101","volume-title":"Proceedings of the Eighth ACM SIGKDD International Conference on Knowledge Discovery and Data Mining","author":"K Julisch","year":"2002","unstructured":"Julisch K, Dacier M: Mining intrusion detection alarms for actionable knowledge. In Proceedings of the Eighth ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. ACM, Edmonton, Alberta, Canada; 2002:366\u2013375. 10.1145\/775047.775101"},{"key":"13_CR21","doi-asserted-by":"crossref","first-page":"65","DOI":"10.1007\/978-0-387-77265-3_4","volume":"38","author":"D Xu","year":"2008","unstructured":"Xu D, Ning P: Correlation analysis of intrusion alerts. Intrusion Detect Syst 2008, 38: 65\u201392. 10.1007\/978-0-387-77265-3_4","journal-title":"Intrusion Detect Syst"},{"key":"13_CR22","first-page":"1","volume-title":"Southeastcon, 2012 Proceedings of IEEE","author":"S Suthaharan","year":"2012","unstructured":"Suthaharan S, Panchagnula T: Relevance feature selection with data cleaning for intrusion detection system. In Southeastcon, 2012 Proceedings of IEEE. IEEE, Orlando, FL, USA; 2012:1\u20136."},{"key":"13_CR23","doi-asserted-by":"crossref","first-page":"67","DOI":"10.1145\/2295136.2295148","volume-title":"Proceedings of the 17th ACM Symposium on Access Control Models and Technologies. SACMAT \u201912","author":"R Bhatti","year":"2012","unstructured":"Bhatti R, LaSalle R, Bird R, Grance T, Bertino E: Emerging trends around big data analytics and security: Panel. In Proceedings of the 17th ACM Symposium on Access Control Models and Technologies. SACMAT \u201912. ACM, New York, NY, USA; 2012:67\u201368. doi:10.1145\/2295136.2295148. http:\/\/doi.acm.org\/10.1145\/2295136.2295148 doi:10.1145\/2295136.2295148."},{"key":"13_CR24","volume-title":"Defining Big Data Security Analytics. Networking Nuggets and Security Snippets (Blog).","author":"J Oltsik","year":"2013","unstructured":"Oltsik J (2013) Defining Big Data Security Analytics. Networking Nuggets and Security Snippets (Blog). . Accessed 2014\u20135-23. http:\/\/www.networkworld.com\/community\/blog\/defining-big-data-security-analytics Accessed 2014-5-23."},{"key":"13_CR25","doi-asserted-by":"crossref","first-page":"305","DOI":"10.1109\/SP.2010.25","volume-title":"Security and Privacy (SP), 2010 IEEE Symposium On","author":"R Sommer","year":"2010","unstructured":"Sommer R, Paxson V: Outside the closed world: On using machine learning for network intrusion detection. In Security and Privacy (SP), 2010 IEEE Symposium On. IEEE, Oakland, CA, USA; 2010:305\u2013316. 10.1109\/SP.2010.25"},{"key":"13_CR26","first-page":"35","volume-title":"NDSS. Vol. 7","author":"SE Coull","year":"2007","unstructured":"Coull SE, Wright CV, Monrose F, Collins MP, Reiter MK: Playing devil\u2019s advocate: Inferring sensitive information from anonymized network traces. In NDSS. Vol. 7. Internet Society, San Diego, CA, USA; 2007:35\u201347."},{"issue":"8","key":"13_CR27","first-page":"75","volume":"5","author":"C Azad","year":"2013","unstructured":"Azad C, Jha VK: Data mining in intrusion detection: a comparative study of methods, types and data sets. Int J Inf Technol Comput Sci 2013,5(8):75\u201390.","journal-title":"Int J Inf Technol Comput Sci"},{"issue":"4","key":"13_CR28","doi-asserted-by":"crossref","first-page":"262","DOI":"10.1145\/382912.382923","volume":"3","author":"J McHugh","year":"2000","unstructured":"McHugh J: Testing intrusion detection systems: a critique of the 1998 and 1999 darpa intrusion detection system evaluations as performed by lincoln laboratory. ACM Trans Inf Syst Secur 2000,3(4):262\u2013294. 10.1145\/382912.382923","journal-title":"ACM Trans Inf Syst Secur"},{"key":"13_CR29","doi-asserted-by":"crossref","first-page":"220","DOI":"10.1007\/978-3-540-45248-5_13","volume-title":"Recent advances in intrusion detection","author":"MV Mahoney","year":"2003","unstructured":"Mahoney MV, Chan PK: An analysis of the 1999 darpa\/lincoln laboratory evaluation data for network anomaly detection. In Recent advances in intrusion detection. Springer, Berlin Heidelberg; 2003:220\u2013237. 10.1007\/978-3-540-45248-5_13"},{"issue":"1","key":"13_CR30","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1016\/j.asoc.2009.06.019","volume":"10","author":"SX Wu","year":"2010","unstructured":"Wu SX, Banzhaf W: The use of computational intelligence in intrusion detection systems: A review. Appl Soft Comput 2010,10(1):1\u201335. 10.1016\/j.asoc.2009.06.019","journal-title":"Appl Soft Comput"},{"issue":"3","key":"13_CR31","doi-asserted-by":"crossref","first-page":"357","DOI":"10.1016\/j.cose.2011.12.012","volume":"31","author":"A Shiravi","year":"2012","unstructured":"Shiravi A, Shiravi H, Tavallaee M, Ghorbani AA: Toward developing a systematic approach to generate benchmark datasets for intrusion detection. Comput Secur 2012,31(3):357\u2013374. doi:10.1016\/j.cose.2011.12.012","journal-title":"Comput Secur"},{"key":"13_CR32","first-page":"8","volume-title":"Proceedings of the 6th International COnference. Co-NEXT \u201910","author":"R Fontugne","year":"2010","unstructured":"Fontugne R, Borgnat P, Abry P, Fukuda K: Mawilab: Combining diverse anomaly detectors for automated anomaly labeling and performance benchmarking. Proceedings of the 6th International COnference. Co-NEXT \u201910 ACM, New York, NY, USA; 2010, 8\u20131812. doi:10.1145\/1921168.1921179. [ http:\/\/doi.acm.org\/10.1145\/1921168.1921179 ] http:\/\/doi.acm.org\/10.1145\/1921168.1921179"},{"key":"13_CR33","volume-title":"Cyber Research Center \u2013 DataSets","author":"United States Marine Academy \u2013 West Point","year":"2015","unstructured":"United States Marine Academy \u2013 West Point (2015) Cyber Research Center \u2013 DataSets. . Accessed 2015\u20131-10. http:\/\/www.usma.edu\/crc\/SitePages\/DataSets.aspx Accessed 2015-1-10."},{"key":"13_CR34","volume-title":"Reports \u2013 Internet Security | SANS ISC","author":"Internet Storm Center","year":"2015","unstructured":"Internet Storm Center (2015) Reports \u2013 Internet Security SANS ISC. . Accessed 2015\u20131-10. https:\/\/isc.sans.edu\/reports.html Accessed 2015-1-10."},{"key":"13_CR35","doi-asserted-by":"crossref","first-page":"29","DOI":"10.1145\/1978672.1978676","volume-title":"Proceedings of the First Workshop on Building Analysis Datasets and Gathering Experience Returns for Security","author":"J Song","year":"2011","unstructured":"Song J, Takakura H, Okabe Y, Eto M, Inoue D, Nakao K: Statistical analysis of honeypot data and building of kyoto 2006+ dataset for nids evaluation. In Proceedings of the First Workshop on Building Analysis Datasets and Gathering Experience Returns for Security. ACM, Salzburg, Austria; 2011:29\u201336. 10.1145\/1978672.1978676"},{"issue":"4","key":"13_CR36","doi-asserted-by":"crossref","first-page":"99","DOI":"10.1145\/332051.332079","volume":"43","author":"T Bass","year":"2000","unstructured":"Bass T: Intrusion detection systems and multisensor data fusion. Commun ACM 2000,43(4):99\u2013105. 10.1145\/332051.332079","journal-title":"Commun ACM"},{"key":"13_CR37","doi-asserted-by":"crossref","first-page":"352","DOI":"10.1109\/IMSCCS.2007.15","volume-title":"Computer and Computational Sciences, 2007. IMSCCS 2007. Second International Multi-Symposiums On","author":"H Wang","year":"2007","unstructured":"Wang H, Liu X, Lai J, Liang Y: Network security situation awareness based on heterogeneous multi-sensor data fusion and neural network. In Computer and Computational Sciences, 2007. IMSCCS 2007. Second International Multi-Symposiums On. IEEE, Iowa City, IA, USA; 2007:352\u2013359. 10.1109\/IMSCCS.2007.15"},{"issue":"9","key":"13_CR38","doi-asserted-by":"crossref","first-page":"2373","DOI":"10.1016\/j.patcog.2006.12.009","volume":"40","author":"C-H Tsang","year":"2007","unstructured":"Tsang C-H, Kwong S, Wang H: Genetic-fuzzy rule mining approach and evaluation of feature selection techniques for anomaly intrusion detection. Pattern Recognit 2007,40(9):2373\u20132391. 10.1016\/j.patcog.2006.12.009","journal-title":"Pattern Recognit"},{"issue":"4","key":"13_CR39","doi-asserted-by":"crossref","first-page":"295","DOI":"10.1016\/j.cose.2004.09.008","volume":"24","author":"S Chebrolu","year":"2005","unstructured":"Chebrolu S, Abraham A, Thomas JP: Feature deduction and ensemble design of intrusion detection systems. Comput Secur 2005,24(4):295\u2013307. 10.1016\/j.cose.2004.09.008","journal-title":"Comput Secur"},{"key":"13_CR40","first-page":"153","volume-title":"Information Security and Cryptology. Lecture Notes in Computer Science. Vol. 4318","author":"Y Chen","year":"2006","unstructured":"Chen Y, Li Y, Cheng X-Q, Guo L: Survey and taxonomy of feature selection algorithms in intrusion detection system. In Information Security and Cryptology. Lecture Notes in Computer Science. Vol. 4318. Edited by: Lipmaa H, Yung M, Lin D. Springer, Berlin Heidelberg; 2006:153\u2013167."},{"issue":"2","key":"13_CR41","first-page":"49","volume":"2","author":"A Elngar","year":"2013","unstructured":"Elngar A, Mohamed D, Ghaleb F: A real-time anomaly network intrusion detection system with high accuracy. Inf Sci Lett Int J 2013,2(2):49\u201356.","journal-title":"Inf Sci Lett Int J"},{"key":"13_CR42","unstructured":"The Apache Software Foundation (2015) Welcome to Apache Hadoop!. http:\/\/hadoop.apache.org\/. Accessed 2015-1-10., The Apache Software Foundation (2015) Welcome to Apache Hadoop!. . Accessed 2015\u20131-10. http:\/\/hadoop.apache.org\/ Accessed 2015-1-10."},{"key":"13_CR43","volume-title":"Big Data Analytics Workshop, in Conjunction with ACM Sigmetrics","author":"S Suthaharan","year":"2013","unstructured":"Suthaharan S: Big data classification: problems and challenges in network intrusion prediction with machine learning. In Big Data Analytics Workshop, in Conjunction with ACM Sigmetrics. ACM, Pittsburgh, PA, USA; 2013."},{"key":"13_CR44","volume-title":"ACM Sigmetrics 2013 (Big Data Analytics Workshop)","author":"J Whitworth","year":"2013","unstructured":"Whitworth J, Suthaharan S: Security problems and challenges in a machine learning-based hybrid big data processing network systems. In ACM Sigmetrics 2013 (Big Data Analytics Workshop). ACM, Pittsburgh, PA, USA; 2013."},{"key":"13_CR45","doi-asserted-by":"crossref","first-page":"766","DOI":"10.1109\/NBiS.2012.139","volume-title":"Network-Based Information Systems (NBiS), 2012 15th international conference on","author":"H Jeong","year":"2012","unstructured":"Jeong H, Hyun W, Lim J, You I: Anomaly teletraffic intrusion detection systems on hadoop-based platforms: A survey of some problems and solutions. In Network-Based Information Systems (NBiS), 2012 15th international conference on. IEEE, Melbourne, Australia; 2012:766\u2013770. 10.1109\/NBiS.2012.139"},{"issue":"1","key":"13_CR46","doi-asserted-by":"crossref","first-page":"5","DOI":"10.1145\/2427036.2427038","volume":"43","author":"Y Lee","year":"2013","unstructured":"Lee Y, Lee Y: Toward scalable internet traffic measurement and analysis with hadoop. ACM SIGCOMM Comput Commun Rev 2013,43(1):5\u201313. 10.1145\/2427036.2427038","journal-title":"ACM SIGCOMM Comput Commun Rev"},{"issue":"3","key":"13_CR47","first-page":"2685","volume":"5","author":"J Cheon","year":"2013","unstructured":"Cheon J, Choe T-Y: Distributed processing of snort alert log using hadoop. Int J Eng Technol(0975\u20134024) 2013,5(3):2685\u20132690.","journal-title":"Int J Eng Technol(0975-4024)"},{"key":"13_CR48","volume-title":"Dalhousie Computer Science In-house Conference (DCSI)","author":"S VeetiL","year":"2013","unstructured":"VeetiL S, Gao Q: A real-time intrusion detection system by integrating hadoop and naive bayes classification. In Dalhousie Computer Science In-house Conference (DCSI). Dalhousie University, Halifax, Canada; 2013."},{"key":"13_CR49","volume-title":"IRIS National Symposium","author":"T Bass","year":"1999","unstructured":"Bass T: Multisensor data fusion for next generation distributed intrusion detection systems. In IRIS National Symposium. IRIS National Symposium, Laurel, MD, USA; 1999."},{"key":"13_CR50","first-page":"1","volume-title":"Computer Engineering and Technology (ICCET), 2010 2nd international conference on. Vol. 1","author":"F Lan","year":"2010","unstructured":"Lan F, Chunlei W, Guoqing M: A framework for network security situation awareness based on knowledge discovery. In Computer Engineering and Technology (ICCET), 2010 2nd international conference on. Vol. 1. IEEE, Chengdu, China; 2010:1\u2013226."},{"key":"13_CR51","doi-asserted-by":"crossref","DOI":"10.1007\/978-3-642-27222-6","volume-title":"Data fusion: concepts and ideas","author":"HB Mitchell","year":"2012","unstructured":"Mitchell HB: Data fusion: concepts and ideas. Springer, New York, NY; 2012."},{"issue":"1","key":"13_CR52","doi-asserted-by":"crossref","first-page":"6","DOI":"10.1109\/5.554205","volume":"85","author":"DL Hall","year":"1997","unstructured":"Hall DL, Llinas J: An introduction to multisensor data fusion. Proc IEEE 1997,85(1):6\u201323. 10.1109\/5.554205","journal-title":"Proc IEEE"},{"key":"13_CR53","first-page":"1","volume-title":"Engineering Systems Management and Its Applications (ICESMA), 2010 second international conference on","author":"B Fessi","year":"2010","unstructured":"Fessi B, Benabdallah S, Hamdi M, Rekhis S, Boudriga N: Data collection for information security system. In Engineering Systems Management and Its Applications (ICESMA), 2010 second international conference on. IEEE, Sharjah, United Arab Emirates; 2010:1\u20138."},{"issue":"1","key":"13_CR54","doi-asserted-by":"crossref","first-page":"30","DOI":"10.1016\/j.cose.2008.03.004","volume":"27","author":"A Karim Ganame","year":"2008","unstructured":"Karim Ganame A, Bourgeois J, Bidou R, Spies F: A global security architecture for intrusion detection on computer networks. Comput Secur 2008,27(1):30\u201347. 10.1016\/j.cose.2008.03.004","journal-title":"Comput Secur"},{"key":"13_CR55","volume-title":"Proceedings of CollSec: Usenix Workshop on Collaborative Methods for security and privacy","author":"R Bye","year":"2010","unstructured":"Bye R, Camtepe SA, Albayrak S: Collaborative intrusion detection framework: characteristics, adversarial opportunities and countermeasures. In Proceedings of CollSec: Usenix Workshop on Collaborative Methods for security and privacy. USENIX, Washington, DC, USA; 2010."},{"key":"13_CR56","doi-asserted-by":"crossref","first-page":"31","DOI":"10.1109\/SASOW.2012.15","volume-title":"Self-Adaptive and Self-Organizing Systems Workshops (SASOW), 2012 IEEE sixth international conference on","author":"K Bartos","year":"2012","unstructured":"Bartos K, Rehak M: Self-organized mechanism for distributed setup of multiple heterogeneous intrusion detection systems. In Self-Adaptive and Self-Organizing Systems Workshops (SASOW), 2012 IEEE sixth international conference on. IEEE, Lyon, France; 2012:31\u201338. 10.1109\/SASOW.2012.15"},{"key":"13_CR57","first-page":"340","volume-title":"2010 IEEE International Conference on Wireless Communications, Networking and Information Security","author":"H Cai","year":"2010","unstructured":"Cai H, Wu N: Design and implementation of a dids. In 2010 IEEE International Conference on Wireless Communications, Networking and Information Security. IEEE, Beijing, China; 2010:340\u2013342."},{"issue":"5","key":"13_CR58","doi-asserted-by":"crossref","first-page":"1106","DOI":"10.1016\/j.jnca.2009.02.010","volume":"32","author":"C Vincent Zhou","year":"2009","unstructured":"Vincent Zhou C, Leckie C, Karunasekera S: Decentralized multi-dimensional alert correlation for collaborative intrusion detection. J Netw Comput Appl 2009,32(5):1106\u20131123. 10.1016\/j.jnca.2009.02.010","journal-title":"J Netw Comput Appl"},{"key":"13_CR59","doi-asserted-by":"crossref","first-page":"107","DOI":"10.1109\/IMF.2011.15","volume-title":"IT Security Incident Management and IT Forensics (IMF), 2011 Sixth International Conference On","author":"S Metzger","year":"2011","unstructured":"Metzger S, Hommel W, Reiser H: Integrated security incident management\u2013concepts and real-world experiences. In IT Security Incident Management and IT Forensics (IMF), 2011 Sixth International Conference On. IEEE, Stuttgart, Germany; 2011:107\u2013121. 10.1109\/IMF.2011.15"},{"key":"13_CR60","unstructured":"Williams A (2007) The Future of SIEM \u2013 The market will begin to diverge. http:\/\/techbuddha.wordpress.com\/2007\/01\/01\/the-future-of-siem-\\%E2\\%80\\%93-the-market-will-begin-to-diverge\/., Williams A (2007) The Future of SIEM \u2013 The market will begin to diverge. . http:\/\/techbuddha.wordpress.com\/2007\/01\/01\/the-future-of-siem-%E2%80%93-the-market-will-begin-to-diverge\/ Williams A (2007) The Future of SIEM \u2013 The market will begin to diverge. ."},{"key":"13_CR61","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1109\/ISSA.2010.5588654","volume-title":"Information Security for South Africa (ISSA), 2010","author":"NB Anuar","year":"2010","unstructured":"Anuar NB, Papadaki M, Furnell S, Clarke N: An investigation and survey of response options for intrusion response systems (irss). In Information Security for South Africa (ISSA), 2010. IEEE, Johannesburg, South Africa; 2010:1\u20138. 10.1109\/ISSA.2010.5588654"},{"key":"13_CR62","volume-title":"security information and event management (SIEM).","author":"M Rouse","year":"2012","unstructured":"Rouse M (2012) security information and event management (SIEM). . http:\/\/searchsecurity.techtarget.com\/definition\/security-information-and-event-management-SIEM"},{"key":"13_CR63","volume-title":"Gartner security report: McAfee up","author":"E Messmer","year":"2013","unstructured":"Messmer E (2013) Gartner security report: McAfee up, Trend Micro down. . http:\/\/www.networkworld.com\/news\/2013\/053013-gartner-security-survey-270297.html Messmer E (2013) Gartner security report: McAfee up, Trend Micro down. ."},{"key":"13_CR64","unstructured":"Mosaic Security ResearchLog Management & Security Information and Event Management (SIEM) Software Guide Mosaic Security Research. . Accessed 2014\u20135-23. http:\/\/mosaicsecurity.com\/categories\/85-log-management-security-information-and-event-management Accessed 2014-5-23."},{"issue":"1","key":"13_CR65","doi-asserted-by":"crossref","first-page":"55","DOI":"10.1109\/MSP.2011.153","volume":"10","author":"I Aguirre","year":"2012","unstructured":"Aguirre I, Alonso S: Improving the automation of security information management: A collaborative approach. Secur Privacy IEEE 2012,10(1):55\u201359. 10.1109\/MSP.2011.153","journal-title":"Secur Privacy IEEE"},{"key":"13_CR66","doi-asserted-by":"crossref","first-page":"761","DOI":"10.1109\/GreenCom.2012.125","volume-title":"Green Computing and Communications (GreenCom), 2012 IEEE international conference on","author":"I Kotenko","year":"2012","unstructured":"Kotenko I, Polubelova O, Saenko I: The ontological approach for siem data repository implementation. In Green Computing and Communications (GreenCom), 2012 IEEE international conference on. IEEE, Besancon, France; 2012:761\u2013766. 10.1109\/GreenCom.2012.125"},{"key":"13_CR67","volume-title":"Critical capabilities for security information and event management technology","author":"M Nicolett","year":"2011","unstructured":"Nicolett M, Kavanagh KM (2011) Critical capabilities for security information and event management technology. Gartner Report."},{"key":"13_CR68","first-page":"9","volume-title":"Managing security: the security content automation protocol","author":"S Radack","year":"2011","unstructured":"Radack S, Kuhn R (2011) Managing security: the security content automation protocol In: IT Professional. IEEE 9(13):9\u201311."},{"key":"13_CR69","volume-title":"Canonical situation data format: the common base event v1.1.1. IBM Corporation.","author":"D Ogle","year":"2002","unstructured":"Ogle D, Kreger H, Salahshour A, Cornpropst J, Labadie E, Chessell M, Horn B, Gerken J, Schoech J, Wamboldt M (2002) Canonical situation data format: the common base event v1.1.1. IBM Corporation. . Accessed 2015\u20131-10. http:\/\/xml.coverpages.org\/IBMCommonBaseEventV111.pdf Accessed 2015-1-10."},{"key":"13_CR70","volume-title":"Common Information Model (CIM)","author":"Distributed Management Task Force Inc","year":"2014","unstructured":"Distributed Management Task Force Inc (2014) Common Information Model (CIM). . Accessed 2014\u20135-23. http:\/\/dmtf.org\/standards\/cim Accessed 2014-5-23."},{"key":"13_CR71","volume-title":"Triple store evaluation analysis report","author":"Revelytix Inc","year":"2010","unstructured":"Revelytix Inc. (2010) Triple store evaluation analysis report. Technical report, Revelytix. . http:\/\/www.algebraixdata.com\/wp-content\/uploads\/2014\/02\/Revelytix-Triplestore-Evaluation-Analysis-Results.pdf"},{"key":"13_CR72","doi-asserted-by":"crossref","first-page":"94","DOI":"10.1109\/GreenCom.2012.24","volume-title":"Green Computing and Communications (GreenCom), 2012 IEEE international conference on","author":"I Kotenko","year":"2012","unstructured":"Kotenko I, Chechulin A: Common framework for attack modeling and security evaluation in siem systems. In Green Computing and Communications (GreenCom), 2012 IEEE international conference on. IEEE, Besancon, France; 2012:94\u2013101. 10.1109\/GreenCom.2012.24"},{"key":"13_CR73","doi-asserted-by":"crossref","first-page":"87","DOI":"10.1007\/978-3-642-30823-9_7","volume-title":"Distributed applications and interoperable systems","author":"D Kreutz","year":"2012","unstructured":"Kreutz D, Casimiro A, Pasin M: A trustworthy and resilient event broker for monitoring cloud infrastructures. In Distributed applications and interoperable systems. Springer, Berlin Heidelberg; 2012:87\u201395. 10.1007\/978-3-642-30823-9_7"},{"key":"13_CR74","unstructured":"Splunk Inc.Operational Intelligence, Log Management, Application Management, Enterprise Security and Compliance Splunk. . Accessed 2014\u20135-23. http:\/\/www.splunk.com\/ Accessed 2014-5-23."},{"key":"13_CR75","first-page":"127","volume-title":"Computational Problem-Solving (ICCP), 2012 international conference on","author":"Y Li","year":"2012","unstructured":"Li Y, Liu Y, Zhang H: Cross-boundary enterprise security monitoring. In Computational Problem-Solving (ICCP), 2012 international conference on. IEEE, Leshan, China; 2012:127\u2013136."},{"key":"13_CR76","volume-title":"2012 planning guide: Security and risk management.","author":"D Blum","year":"2011","unstructured":"Blum D, Schacter P, Maiwald E, Krikken R, Henry T, de Boer M, Chuvakin A (2011) 2012 planning guide: Security and risk management. Technical Report G00224667 Gartner, Inc."},{"issue":"5","key":"13_CR77","first-page":"480","volume":"4","author":"D Sitaram","year":"2013","unstructured":"Sitaram D, Sharma M, Zain M, Sastry A, Todi R: Intrusion detection system for high volume and high velocity packet streams: A clustering approach. Int J Innovation Manag Technol 2013,4(5):480\u2013485.","journal-title":"Int J Innovation Manag Technol"},{"key":"13_CR78","volume-title":"packetloop\/packetpig","author":"G Kaszuba","year":"2013","unstructured":"Kaszuba G (2013) packetloop\/packetpig.GitHub.0 . https:\/\/github.com\/packetloop\/packetpig Kaszuba G (2013) packetloop\/packetpig.GitHub.0 ."},{"key":"13_CR79","doi-asserted-by":"crossref","first-page":"199","DOI":"10.1145\/2523649.2523670","volume-title":"Proceedings of the 29th Annual Computer Security Applications Conference","author":"T-F Yen","year":"2013","unstructured":"Yen T-F, Oprea A, Onarlioglu K, Leetham T, Robertson W, Juels A, Kirda E: Beehive: large-scale log analysis for detecting suspicious activity in enterprise networks. In Proceedings of the 29th Annual Computer Security Applications Conference. ACM, New Orleans, LA, USA; 2013:199\u2013208. 10.1145\/2523649.2523670"},{"key":"13_CR80","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1109\/HICSS.2011.288","volume-title":"System Sciences (HICSS), 2011 44th Hawaii International Conference on","author":"J Myers","year":"2011","unstructured":"Myers J, Grimaila MR, Mills RF: Log-based distributed security event detection using simple event correlator. In System Sciences (HICSS), 2011 44th Hawaii International Conference on. IEEE, Kauai, HI, USA; 2011:1\u20137. 10.1109\/HICSS.2011.288"},{"issue":"3","key":"13_CR81","doi-asserted-by":"crossref","first-page":"49","DOI":"10.1109\/MSP.2011.67","volume":"9","author":"R Langner","year":"2011","unstructured":"Langner R: Stuxnet: Dissecting a cyberwarfare weapon. Secur Privacy IEEE 2011,9(3):49\u201351. 10.1109\/MSP.2011.67","journal-title":"Secur Privacy IEEE"},{"key":"13_CR82","first-page":"1","volume-title":"System Sciences, 2009. HICSS\u201909. 42nd Hawaii international conference on","author":"A Valdes","year":"2009","unstructured":"Valdes A, Cheung S: Intrusion monitoring in process control systems. In System Sciences, 2009. HICSS\u201909. 42nd Hawaii international conference on. IEEE, Waikoloa, Big Island, HI, USA; 2009:1\u20137."},{"key":"13_CR83","volume-title":"Detection and Analysis of Threats to the Energy Sector (DATES).","author":"SRI International","year":"2014","unstructured":"SRI International (2014) Detection and Analysis of Threats to the Energy Sector (DATES). . Accessed 2014\u20135-23. http:\/\/www.csl.sri.com\/projects\/dates\/ Accessed 2014-5-23."},{"key":"13_CR84","series-title":"Technical report, SRI International","doi-asserted-by":"crossref","DOI":"10.2172\/1010661","volume-title":"Detection and analysis of threats to the energy sector: Dates.","author":"A Valdes","year":"2010","unstructured":"Valdes A (2010) Detection and analysis of threats to the energy sector: Dates. Technical report, SRI International."},{"key":"13_CR85","first-page":"45","volume":"20","author":"X-b XU","year":"2013","unstructured":"XU X-b, YANG Z-q, XIU J-p, LIU C: A big data acquisition engine based on rule engine. J China Universities Posts Telecommunications 2013, 20: 45\u201349. 10.1016\/S1005-8885(13)60250-2","journal-title":"J China Universities Posts Telecommunications"},{"key":"13_CR86","volume-title":"Improving roi on big data through formal security and efficiency risk management for interoperating ot and it systems","author":"PD Ray","year":"2012","unstructured":"Ray PD, Reed C, Gray J, Agarwal A, Seth S (2012) Improving roi on big data through formal security and efficiency risk management for interoperating ot and it systems In: Grid-Interop Forum 2012, Irving, Texas, USA."},{"key":"13_CR87","doi-asserted-by":"crossref","first-page":"108","DOI":"10.1109\/DBKDA.2009.26","volume-title":"Advances in databases, knowledge, and data applications, 2009. DBKDA\u201909. First international conference on","author":"R Gabriel","year":"2009","unstructured":"Gabriel R, Hoppe T, Pastwa A, Sowa S: Analyzing malware log data to support security information and event management: Some research results. In Advances in databases, knowledge, and data applications, 2009. DBKDA\u201909. First international conference on. IEEE, Cancun, Mexico; 2009:108\u2013113. 10.1109\/DBKDA.2009.26"},{"key":"13_CR88","doi-asserted-by":"crossref","first-page":"328","DOI":"10.1109\/NSS.2010.38","volume-title":"Network and System Security (NSS), 2010 4th International conference on","author":"R Hunt","year":"2010","unstructured":"Hunt R, Slay J: The design of real-time adaptive forensically sound secure critical infrastructure. In Network and System Security (NSS), 2010 4th International conference on. IEEE, Melbourne, Australia; 2010:328\u2013333. 10.1109\/NSS.2010.38"},{"key":"13_CR89","doi-asserted-by":"crossref","first-page":"5","DOI":"10.1145\/2382416.2382422","volume-title":"Proceedings of the 2012 ACM workshop on building analysis datasets and gathering experience returns for security","author":"SC Sundaramurthy","year":"2012","unstructured":"Sundaramurthy SC, Bhatt S, Eisenbarth MR: Examining intrusion prevention system events from worldwide networks. In Proceedings of the 2012 ACM workshop on building analysis datasets and gathering experience returns for security. ACM, Raleigh, NC, USA; 2012:5\u201312."},{"key":"13_CR90","doi-asserted-by":"crossref","first-page":"24","DOI":"10.1109\/NSS.2010.26","volume-title":"Network and System Security (NSS), 2010 4th international conference on","author":"S Roschke","year":"2010","unstructured":"Roschke S, Cheng F, Meinel C: A flexible and efficient alert correlation platform for distributed ids. In Network and System Security (NSS), 2010 4th international conference on. IEEE, Melbourne, Australia; 2010:24\u201331. 10.1109\/NSS.2010.26"}],"container-title":["Journal of Big Data"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1186\/s40537-015-0013-4.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1186\/s40537-015-0013-4\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1186\/s40537-015-0013-4","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,4,30]],"date-time":"2022-04-30T21:37:42Z","timestamp":1651354662000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.journalofbigdata.com\/content\/2\/1\/3"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015,2,27]]},"references-count":90,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2015,12]]}},"alternative-id":["13"],"URL":"https:\/\/doi.org\/10.1186\/s40537-015-0013-4","relation":{},"ISSN":["2196-1115"],"issn-type":[{"value":"2196-1115","type":"electronic"}],"subject":[],"published":{"date-parts":[[2015,2,27]]},"article-number":"3"}}