{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,24]],"date-time":"2026-02-24T01:00:42Z","timestamp":1771894842599,"version":"3.50.1"},"publisher-location":"Cham","reference-count":31,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030015534","type":"print"},{"value":"9783030015541","type":"electronic"}],"license":[{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018]]},"DOI":"10.1007\/978-3-030-01554-1_23","type":"book-chapter","created":{"date-parts":[[2018,9,25]],"date-time":"2018-09-25T11:47:56Z","timestamp":1537876076000},"page":"398-417","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":5,"title":["Towards Scientific Incident Response"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-9356-219X","authenticated-orcid":false,"given":"Jonathan M.","family":"Spring","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"David","family":"Pym","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2018,9,26]]},"reference":[{"key":"23_CR1","doi-asserted-by":"crossref","unstructured":"Alberts, C., Dorofee, A., Killcrece, G., Ruefle, R., Zajicek, M.: Defining incident management processes for CSIRTS: a work in progress. Technical report. CMU\/SEI-2004-TR-015, Software Engineering Institute, CMU 2004 (2004)","DOI":"10.21236\/ADA453378"},{"key":"23_CR2","unstructured":"Bergman, M., Paavola, S.: \u2018Abduction\u2019: Term in The Commens Dictionary: Peirce\u2019s Terms in His Own Words. New Edition, 14 July 2016. http:\/\/www.commens.org\/dictionary\/term\/abduction"},{"key":"23_CR3","unstructured":"Brotherston, J., Villard, J.: Sub-classical Boolean bunched logics and the meaning of par. In: Proceedings of CSL, vol. 24, pp. 325\u2013342. LIPIcs (2015)"},{"issue":"6","key":"23_CR4","doi-asserted-by":"publisher","first-page":"26:1","DOI":"10.1145\/2049697.2049700","volume":"58","author":"C Calcagno","year":"2011","unstructured":"Calcagno, C., Distefano, D., O\u2019Hearn, P.W., Yang, H.: Compositional shape analysis by means of bi-abduction. J. ACM 58(6), 26:1\u201326:66 (2011)","journal-title":"J. ACM"},{"key":"23_CR5","unstructured":"Caltagirone, S., Pendergast, A., Betz, C.: The diamond model of intrusion analysis. Technical report, Center for Cyber Intelligence Analysis and Threat Research (2013). http:\/\/www.threatconnect.com\/methodology\/diamond_model_of_intrusion_analysis"},{"key":"23_CR6","volume-title":"Digital Evidence and Computer Crime: Forensic Science, Computers, and The Internet","author":"E Casey","year":"2000","unstructured":"Casey, E.: Digital Evidence and Computer Crime: Forensic Science, Computers, and The Internet. Academic press, Cambridge (2000)"},{"key":"23_CR7","doi-asserted-by":"publisher","DOI":"10.7208\/chicago\/9780226139500.001.0001","volume-title":"The Intelligibility of Nature: How Science Makes Sense of the World","author":"P Dear","year":"2006","unstructured":"Dear, P.: The Intelligibility of Nature: How Science Makes Sense of the World. University of Chicago Press, Chicago (2006)"},{"issue":"06","key":"23_CR8","doi-asserted-by":"publisher","first-page":"1033","DOI":"10.1017\/S0960129505004858","volume":"15","author":"D Galmiche","year":"2005","unstructured":"Galmiche, D., M\u00e9ry, D., Pym, D.: The semantics of BI and resource tableaux. Math. Struct. Comp. Sci. 15(06), 1033\u20131088 (2005)","journal-title":"Math. Struct. Comp. Sci."},{"key":"23_CR9","unstructured":"Henderson, L.: The problem of induction. In: Zalta, E.N. (ed.) The Stanford Encyclopedia of Philosophy. Metaphysics Research Lab, Stanford University, Summer 2018 edn. (2018)"},{"key":"23_CR10","unstructured":"Heuer, R.J.: Psychology of Intelligence Analysis. US Central Intelligence Agency (1999)"},{"key":"23_CR11","unstructured":"Horneman, A.: How to think like an analyst, 17 July 2017. https:\/\/insights.sei.cmu.edu\/sei_blog\/2017\/07\/how-to-think-like-an-analyst.html"},{"key":"23_CR12","first-page":"80","volume":"1","author":"EM Hutchins","year":"2011","unstructured":"Hutchins, E.M., Cloppert, M.J., Amin, R.M.: Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains. Lead. Issues Inform. Warfare Secur. Res. 1, 80 (2011)","journal-title":"Lead. Issues Inform. Warfare Secur. Res."},{"key":"23_CR13","doi-asserted-by":"publisher","unstructured":"Ishtiaq, S.S., O\u2019Hearn, P.W.: BI as an assertion language for mutable data structures. In: Principles of Programming Languages, pp. 14\u201326. ACM, London (2001). https:\/\/doi.org\/10.1145\/360204.375719","DOI":"10.1145\/360204.375719"},{"key":"23_CR14","doi-asserted-by":"crossref","unstructured":"Kent, K., Chevalier, S., Grance, T., Dang, H.: Guide to integrating forensic techniques into incident response. Technical report, SP 800\u201386, National Institute of Standards and Technology, August 2006","DOI":"10.6028\/NIST.SP.800-86"},{"key":"23_CR15","doi-asserted-by":"crossref","unstructured":"Lamport, L.: What good is temporal logic? In: Mason, R. (ed.) IFIP Congress, pp. 657\u2013668. Elsevier (1983)","DOI":"10.1145\/2402.322398"},{"key":"23_CR16","volume-title":"Specifying Systems: The TLA+ Language and Tools for Hardware and Software Engineers","author":"L Lamport","year":"2002","unstructured":"Lamport, L.: Specifying Systems: The TLA+ Language and Tools for Hardware and Software Engineers. Wesley, Boston (2002)"},{"key":"23_CR17","doi-asserted-by":"publisher","DOI":"10.1007\/978-1-4612-0931-7","volume-title":"The Temporal Logic of Reactive and Concurrent Systems","author":"Z Manna","year":"1992","unstructured":"Manna, Z., Pnueli, A.: The Temporal Logic of Reactive and Concurrent Systems. Springer, New York (1992). https:\/\/doi.org\/10.1007\/978-1-4612-0931-7"},{"key":"23_CR18","doi-asserted-by":"crossref","unstructured":"O\u2019Hearn, P.W.: From categorical logic to Facebook engineering. In: Logic in Computer Science (LICS), pp. 17\u201320. IEEE (2015)","DOI":"10.1109\/LICS.2015.11"},{"issue":"2","key":"23_CR19","doi-asserted-by":"publisher","first-page":"215","DOI":"10.2307\/421090","volume":"5","author":"PW O\u2019Hearn","year":"1999","unstructured":"O\u2019Hearn, P.W., Pym, D.J.: The logic of bunched implications. Bull. Symbolic Logic 5(2), 215\u2013244 (1999)","journal-title":"Bull. Symbolic Logic"},{"key":"23_CR20","unstructured":"Ou, X., Govindavajhala, S., Appel, A.W.: MulVAL: a logic-based network security analyzer. In: USENIX Security Symposium, pp. 113\u2013128 (2005)"},{"key":"23_CR21","unstructured":"von Plato, J.: The development of proof theory. In: Zalta, E.N. (ed.) The Stanford Encyclopedia of Philosophy. Metaphysics Research Lab, Stanford University, Winter 2016 edn. (2016)"},{"key":"23_CR22","doi-asserted-by":"publisher","unstructured":"Pym, D., Spring, J.M., O\u2019Hearn, P.: Why separation logic works. Philosophy and Technology (2018). https:\/\/doi.org\/10.1007\/s13347-018-0312-8","DOI":"10.1007\/s13347-018-0312-8"},{"issue":"1","key":"23_CR23","doi-asserted-by":"publisher","first-page":"257","DOI":"10.1016\/j.tcs.2003.11.020","volume":"315","author":"DJ Pym","year":"2004","unstructured":"Pym, D.J., O\u2019Hearn, P.W., Yang, H.: Possible worlds and resources: the semantics of BI. Theor. Comput. Sci. 315(1), 257\u2013305 (2004)","journal-title":"Theor. Comput. Sci."},{"key":"23_CR24","doi-asserted-by":"crossref","unstructured":"Reynolds, J.C.: Separation logic: a logic for shared mutable data structures. In: Logic in Computer Science, pp. 55\u201374. IEEE (2002)","DOI":"10.1109\/LICS.2002.1029817"},{"key":"23_CR25","unstructured":"Roesch, M.: Snort: lightweight intrusion detection for networks. In: Large Installation Systems Admin, pp. 229\u2013238. USENIX, Seattle, November 1999"},{"key":"23_CR26","doi-asserted-by":"crossref","unstructured":"Shirey, R.: Internet Security Glossary, Version 2. RFC 4949, August 2007","DOI":"10.17487\/rfc4949"},{"issue":"3","key":"23_CR27","first-page":"185","volume":"3","author":"JM Spring","year":"2017","unstructured":"Spring, J.M., Hatleback, E.: Thinking about intrusion kill chains as mechanisms. J. Cybersecur. 3(3), 185\u2013197 (2017)","journal-title":"J. Cybersecur."},{"key":"23_CR28","unstructured":"Spring, J.M., Illari, P.: Review of human decision-making during incident analysis. Under review (2018)"},{"key":"23_CR29","doi-asserted-by":"crossref","unstructured":"Spring, J.M., Moore, T., Pym, D.: Practicing a science of security: a philosophy of science perspective. In: New Security Paradigms Workshop, Santa Cruz, 1\u20134 October 2017","DOI":"10.1145\/3171533.3171540"},{"key":"23_CR30","volume-title":"The Cuckoo\u2019s Egg: Tracking a Spy Through the Maze of Computer Espionage","author":"C Stoll","year":"1989","unstructured":"Stoll, C.: The Cuckoo\u2019s Egg: Tracking a Spy Through the Maze of Computer Espionage. Pan Books, London (1989)"},{"key":"23_CR31","doi-asserted-by":"publisher","DOI":"10.1017\/CBO9780511973031","volume-title":"Security and Game Theory: Algorithms, Deployed Systems, Lessons Learned","author":"M Tambe","year":"2011","unstructured":"Tambe, M.: Security and Game Theory: Algorithms, Deployed Systems, Lessons Learned. Cambridge University Press, Cambridge (2011)"}],"container-title":["Lecture Notes in Computer Science","Decision and Game Theory for Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-01554-1_23","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,20]],"date-time":"2025-08-20T00:17:30Z","timestamp":1755649050000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-01554-1_23"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018]]},"ISBN":["9783030015534","9783030015541"],"references-count":31,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-01554-1_23","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018]]},"assertion":[{"value":"26 September 2018","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"GameSec","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Decision and Game Theory for Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Seattle, WA","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"USA","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2018","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"29 October 2018","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"31 October 2018","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"9","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"gamesec2018","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/www.gamesec-conf.org","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"44","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"28","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"8","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"64% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"4","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"4","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"No","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Three of the full papers and two of the short papers were submitted to a special track on Adversarial AI.","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}