“…In particular, some approaches [3,20] quantify alerts with respect to their anomaly level, allowing security officers to focus on the most abnormal cases. Other approaches [21,22] aim to provide an estimation of the damage caused by data leakages on the basis of the sensitivity and amount of leaked information, allowing security administrators to focus on the most severe data breaches. These approaches, however, only provide a "partial view" on the criticality of alerts, which may lead to a ranking that does not reflect their actual criticality level.…”