{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,28]],"date-time":"2025-03-28T08:33:12Z","timestamp":1743150792503,"version":"3.40.3"},"publisher-location":"Boston, MA","reference-count":45,"publisher":"Springer US","isbn-type":[{"type":"print","value":"9781441971326"},{"type":"electronic","value":"9781441971333"}],"license":[{"start":{"date-parts":[[2010,1,1]],"date-time":"2010-01-01T00:00:00Z","timestamp":1262304000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2010,1,1]],"date-time":"2010-01-01T00:00:00Z","timestamp":1262304000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2010]]},"DOI":"10.1007\/978-1-4419-7133-3_10","type":"book-chapter","created":{"date-parts":[[2010,7,27]],"date-time":"2010-07-27T18:09:37Z","timestamp":1280254177000},"page":"219-244","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":5,"title":["Insider Threat Specification as a Threat Mitigation Technique"],"prefix":"10.1007","author":[{"given":"George","family":"Magklaras","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Steven","family":"Furnell","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2010,7,28]]},"reference":[{"key":"10_CR1","unstructured":"Accessdata inc. web portal, available at http:\/\/www.accessdata.com, last accessed in march 2010."},{"issue":"2","key":"10_CR2","doi-asserted-by":"publisher","first-page":"63","DOI":"10.1145\/1113034.1113070","volume":"49","author":"F. Adelstein","year":"2006","unstructured":"Adelstein, F.: Live forensics: diagnosing your system without killing it first. Communications of the ACM 49(2), 63-66 (2006). DOI http:\/\/doi.acm.org\/10.1145\/1113034.1113070.","journal-title":"Communications of the ACM"},{"key":"10_CR3","volume-title":"Intrusion detection: an introduction to Internet surveillance, correlation, traps, trace back, and response, 1st ed edn","author":"E.G. Amoroso","year":"1999","unstructured":"Amoroso, E.G.: Intrusion detection: an introduction to Internet surveillance, correlation, traps, trace back, and response, 1st ed edn. Intrusion.Net Books, Sparta, NJ (1999)"},{"key":"10_CR4","volume-title":"The design of the UNIX operating system","author":"M.J. Bach","year":"1986","unstructured":"Bach, M.J.: The design of the UNIX operating system. Prentice-Hall, Inc., Upper Saddle River, NJ, USA (1986)"},{"key":"10_CR5","unstructured":"Bishop, M., Gollmann, D., Hunker, J., Probst, C.: Countering insider threats. In: Dagstuhl Seminar 08302, Dagstuhl Seminar Proceedings, p. 18 pp. Leibnitz Center for Informatics (2008)"},{"key":"10_CR6","doi-asserted-by":"publisher","DOI":"10.1201\/9781420046601","volume-title":"Insider Computer Fraud; An Indepth Framework for Detecting and Defending Against Insider IT Attacks","author":"K. Brancik","year":"2007","unstructured":"Brancik, K.: Insider Computer Fraud; An Indepth Framework for Detecting and Defending Against Insider IT Attacks. Auerbach Publications, Boston, MA, USA (2007)"},{"key":"10_CR7","doi-asserted-by":"crossref","unstructured":"Caelli, W., Longley, D., Shain, M.: Information Security Handbook. Stockton Press (1991)","DOI":"10.1007\/978-1-349-12209-7_11"},{"key":"10_CR8","unstructured":"Cappelli, D., Moore, A., Shimeall, T., R., T.: Common sense guide to prevention and detection of insider threats. Tech. rep., Common Sense Guide to Prevention and Detection of Insider Threats (2006). Available at http:\/\/www.cert.org\/archive\/pdf\/ CommonSenseInsiderThreatsV2.1-1-070118.pdf, last accessed March 2010."},{"issue":"2","key":"10_CR9","doi-asserted-by":"publisher","first-page":"56","DOI":"10.1145\/1113034.1113069","volume":"49","author":"B.D. Carrier","year":"2006","unstructured":"Carrier, B.D.: Risks of live digital forensic analysis. Communications of the ACM 49(2), 56-61 (2006)","journal-title":"Communications of the ACM"},{"key":"10_CR10","unstructured":"The common intrusion detection framework (CIDF). Available at http:\/\/gost.isi. edu\/cidf, last accessed in March 2010."},{"key":"10_CR11","doi-asserted-by":"crossref","unstructured":"Consel, C.: From a program family to a domain-specific language. In: Domain-Specific Program Generation, International Seminar, Dagstuhl Castle, Germany, March 23-28, 2003, pp. 19-29 (2003)","DOI":"10.1007\/978-3-540-25935-0_2"},{"key":"10_CR12","volume-title":"Some representational limitations of the common intrusion specification language. Tech. rep., Laboratory for Computer Science","author":"J. Doyle","year":"1999","unstructured":"Doyle, J.: Some representational limitations of the common intrusion specification language. Tech. rep., Laboratory for Computer Science, Massachusets Institute for Technology, Cambridge MA (1999)"},{"key":"10_CR13","unstructured":"Feiertag, R., Kahn, C., Porras, P., Schnackenberg, D., Staniford-Chen, S., Tung, B.: A Common Intrusion Specification Language (CISL) (1999). Available from http:\/\/gost.isi.edu\/cidf\/drafts\/language.txt, last accessed in March 2010."},{"key":"10_CR14","unstructured":"Frykholm, N.: Countermeasures against buffer overflow attacks. Tech. rep., RSA Laboratories (2000)"},{"key":"10_CR15","unstructured":"Furnell, S., Magklaras, G., Papadaki, M., Dowland, P.: A generic taxonomy forintrusion specification and response. In: Proceedings of Euromedia 2001, pp. 125-131 (2001)"},{"key":"10_CR16","doi-asserted-by":"crossref","unstructured":"Furnell, S., Papadaki, M., Magklaras, G., Alayed, A.: Security vulnerabilities and system intrusions - the need for automatic response frameworks. In: Proceedings of the IFIP TC11 WG11.1\/WG11.2 Eigth Annual Working Conference on Advances in Information Security anagement & Small Systems Security, pp. 87-98. Kluwer, B.V., Deventer, The Netherlands (2001)","DOI":"10.1007\/0-306-47007-1_7"},{"key":"10_CR17","unstructured":"G., M., S., F.: The insider misuse threat survey: investigating it misuse from legitimate users. In: Proceedings of the 5th Australian Information Warfare & Security Conference, pp. 42-51"},{"key":"10_CR18","doi-asserted-by":"crossref","unstructured":"G., M., S., F.: A preliminary model of end user sophistication for insider threat prediction in it systems. Computers & Security 24(5), 371-380 (2005)","DOI":"10.1016\/j.cose.2004.10.003"},{"key":"10_CR19","unstructured":"Guidance software inc. web portal, available at http:\/\/www.guidancesoftware.com, last accessed in march 2010."},{"issue":"2","key":"10_CR20","doi-asserted-by":"publisher","first-page":"30","DOI":"10.1109\/MSP.2009.43","volume":"7","author":"B. Hay","year":"2009","unstructured":"Hay, B., Bishop, M., Nance, K.L.: Live analysis: Progress and challenges. IEEE Security & Privacy 7(2), 30-37 (2009)","journal-title":"IEEE Security & Privacy"},{"key":"10_CR21","unstructured":"M., F.: Language workbenches: The killer-app for domain specific languages? Available from http:\/\/martinfowler.com\/articles\/languageWorkbench.html, last accessed in March 2010."},{"key":"10_CR22","unstructured":"Magklaras, G.: An architecture for insider misuse threat prediction in it systems. Master\u2019s thesis, School of Computing, Communications and Electronics, University of Plymouth, UK"},{"issue":"4","key":"10_CR23","doi-asserted-by":"publisher","first-page":"361","DOI":"10.1108\/09685220610690826","volume":"14","author":"G. Magklaras","year":"2006","unstructured":"Magklaras, G., Furnell, S., Brooke, P.J.: Towards an insider threat prediction specification language. Information Management & Computer Security 14(4), 361-381 (2006)","journal-title":"Information Management & Computer Security"},{"key":"10_CR24","unstructured":"McAuliffe, W.: Firms shop around for net law jurisdictions (2001). Available at http:\/\/news.zdnet.co.uk\/itmanagement\/0,1000000308,2085983,00.htm, last visited March 2010."},{"key":"10_CR25","unstructured":"Microsoft Corp.: The computer online forensic evidence extractor (cofee). Available online at http:\/\/www.microsoft.com\/industry\/government\/solutions\/cofee, last accessed March 2010."},{"key":"10_CR26","doi-asserted-by":"crossref","unstructured":"Moore, D., Voelker, G.M., Savage, S.: Inferring internet denial-of-service activity. In: SSYM\u201901: Proceedings of the 10th conference on USENIX Security Symposium. USENIX Association, Berkeley, CA, USA (2001)","DOI":"10.21236\/ADA400003"},{"key":"10_CR27","unstructured":"The insider threat to us government information systems. Tech. rep., U.S. National Security Telecommunications And Information Systems Security Committee (1999). Available http: \/\/www.cnss.gov\/Assets\/pdf\/nstissam\\_infosec\\_ 1-9 9.pdf, last accessed March 2010."},{"key":"10_CR28","doi-asserted-by":"publisher","first-page":"23","DOI":"10.1109\/2.660187","volume":"31","author":"J.K. Ousterhout","year":"1998","unstructured":"Ousterhout, J.K.: Scripting: Higher-level programming for the 21st century. Computer 31, 23-30 (1998). DOI http:\/\/doi.ieeecomputersociety.org\/10.1109\/2.660187","journal-title":"Computer"},{"issue":"4","key":"10_CR29","doi-asserted-by":"publisher","first-page":"197","DOI":"10.1016\/j.diin.2006.10.001","volume":"3","author":"N.L. Petroni","year":"2006","unstructured":"Petroni, N.L., Aaron, J., Timothy, W., William, F., Arbaugh, A.: Fatkit: A framework for the extraction and analysis of digital forensic data from volatile system memory. Digital Investigation 3(4), 197-210(2006)","journal-title":"Digital Investigation"},{"key":"10_CR30","volume-title":"Security in Computing","author":"C.P. Pfleeger","year":"2006","unstructured":"Pfleeger, C.P., Pfleeger, S.L.: Security in Computing (4th Edition). Prentice Hall PTR, Upper Saddle River, NJ, USA (2006)","edition":"4th"},{"key":"10_CR31","doi-asserted-by":"crossref","unstructured":"Postel, J., Reynolds, J.: TELNET Protocol Specification, Request For Comments (RFC) 854. IETF Network Working Group (1983)","DOI":"10.17487\/rfc0854"},{"issue":"2","key":"10_CR32","first-page":"29","volume":"17","author":"R. Power","year":"2001","unstructured":"Power, R.: 2001 csi\/fbi computer crime and security survey. Computer Security Journal 17(2), 29-51 (2001)","journal-title":"Computer Security Journal"},{"key":"10_CR33","unstructured":"Raymond, E.: The Art of UNIX Programming. Addison-Wesley Professional (2003)"},{"key":"10_CR34","volume-title":"Advanced Windows","author":"J. Richter","year":"1997","unstructured":"Richter, J.: Advanced Windows. Microsoft Press, Redmond, Washington, USA (1997)"},{"issue":"6","key":"10_CR35","doi-asserted-by":"publisher","first-page":"526","DOI":"10.1016\/S0167-4048(02)01009-X","volume":"21","author":"E.E. Schultz","year":"2002","unstructured":"Schultz, E.E.: A framework for understanding and predicting insider attacks. Computers & Security 21(6), 526-531 (2002)","journal-title":"Computers & Security"},{"key":"10_CR36","volume-title":"Multimedia information networking","author":"N.K. Sharda","year":"1998","unstructured":"Sharda, N.K.: Multimedia information networking. Prentice-Hall, Inc., Upper Saddle River, NJ, USA (1998)"},{"key":"10_CR37","unstructured":"Shaw, E., Ruby, K., Post, J.: The insider threat to information systems. Security Awareness Bulletin 98(2) (1998)"},{"key":"10_CR38","volume-title":"Software engineering","author":"I. Sommerville","year":"1995","unstructured":"Sommerville, I.: Software engineering (5th ed.). Addison Wesley Longman Publishing Co., Inc., Redwood City, CA, USA (1995)","edition":"5th"},{"issue":"1","key":"10_CR39","doi-asserted-by":"publisher","first-page":"91","DOI":"10.1016\/S0164-1212(00)00089-3","volume":"56","author":"D. Spinellis","year":"2001","unstructured":"Spinellis, D.: Notable design patterns for domain-specific languages. Journal of Systems and Software 56(1), 91-99 (2001)","journal-title":"Journal of Systems and Software"},{"issue":"1-2","key":"10_CR40","doi-asserted-by":"crossref","first-page":"159","DOI":"10.3233\/JCS-2002-101-207","volume":"10","author":"D. Spinellis","year":"2002","unstructured":"Spinellis, D., Gritzalis, D.: Panoptis: intrusion detection using a domain-specific language. Journal of Computer Security 10(1-2), 159-176 (2002)","journal-title":"Journal of Computer Security"},{"key":"10_CR41","unstructured":"T., A., I., K., E., S.: Use of a taxonomy of security faults. Tech. Rep. TR-96-051, COAST Laboratory, Department of Computer Sciences, Purdue University (1996)"},{"key":"10_CR42","unstructured":"Tugular, T.: A preliminary structural approach to insider computer misuse incidents. In: Proceedings of the EICAR Conference 2000, pp. 105-125. European Institute for Computer An- tivirus Research (EICAR) (2000)"},{"key":"10_CR43","unstructured":"Wood, B.: An insider threat model for adversary simulation. In: Proceedings of the Workshop on Research on Mitigating the Insider Threat to Information Systems (2000)"},{"key":"10_CR44","unstructured":"Ylonen, T.: The SSH (Secure Shell) Remote Login Protocol, Internet Draft. IETF Network Working Group (1995). Available http:\/\/www.free.lp.se\/fish\/rfc.txt, last accessed March, 2010."},{"key":"10_CR45","volume-title":"Linux firewalls","author":"R. Ziegler","year":"2002","unstructured":"Ziegler, R.: Linux firewalls. New Riders Publishing, Indianapolis, IN, USA (2002)"}],"container-title":["Advances in Information Security","Insider Threats in Cyber Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-1-4419-7133-3_10","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,1,23]],"date-time":"2023-01-23T21:01:26Z","timestamp":1674507686000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-1-4419-7133-3_10"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2010]]},"ISBN":["9781441971326","9781441971333"],"references-count":45,"URL":"https:\/\/doi.org\/10.1007\/978-1-4419-7133-3_10","relation":{},"ISSN":["1568-2633"],"issn-type":[{"type":"print","value":"1568-2633"}],"subject":[],"published":{"date-parts":[[2010]]},"assertion":[{"value":"28 July 2010","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}}]}}