How to apply the data set to SAGE? #1
Description
First of all, I would like to express my gratitude to the author for sharing the open-source data, which allows us to reproduce and study the alert data. :)
In your paper "Introducing a New Alert Data Set for Multi-Step Attack Analysis," I noticed that you utilized SAGE[1] for the analysis of the Alert DataSet. However, upon reading the section 4.1.1 Alert Pre-Processing in the paper SAGE[1], I found that the input for SAGE[1] requires the inclusion of six elements, namely <sIP; dIP; sPort; dPort; ts; sign>. Yet, in our Alert DataSet, I did not see any information regarding <dIP; dIP; sPort; dPort>. I would like to inquire how you managed to input this Alert DataSet into SAGE to extract the attack graph? If possible, could you provide the source code and the method for reproduction? I am looking forward to your reply and appreciate your assistance. If email communication is possible, my email address is: 936332553@qq.com
[1] Azqa Nadeem, Sicco Verwer, Stephen Moskal, and Shanchieh Jay Yang. 2021. Alert-driven attack graph generation using s-pdfa. IEEE Transactions on Dependable and Secure Computing 19, 2 (2021), 731–746.