{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,2]],"date-time":"2026-02-02T21:57:01Z","timestamp":1770069421924,"version":"3.49.0"},"publisher-location":"Cham","reference-count":23,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030046477","type":"print"},{"value":"9783030046484","type":"electronic"}],"license":[{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018]]},"DOI":"10.1007\/978-3-030-04648-4_42","type":"book-chapter","created":{"date-parts":[[2018,11,17]],"date-time":"2018-11-17T00:53:52Z","timestamp":1542416032000},"page":"498-509","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":13,"title":["A Novel Method for Detecting APT Attacks by Using OODA Loop and Black Swan Theory"],"prefix":"10.1007","author":[{"given":"Tero","family":"Bodstr\u00f6m","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Timo","family":"H\u00e4m\u00e4l\u00e4inen","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2018,11,18]]},"reference":[{"key":"42_CR1","doi-asserted-by":"publisher","unstructured":"Brogi, G., Tong, V.V.T.: TerminAPTor: highlighting Advanced Persistent Threats through information flow tracking. In: 2016 8th IFIP International Conference on New Technologies, Mobility and Security (NTMS) (2016). https:\/\/doi.org\/10.1109\/NTMS.2016.7792480","DOI":"10.1109\/NTMS.2016.7792480"},{"key":"42_CR2","doi-asserted-by":"publisher","unstructured":"Vukalovi\u0107, J., Delija, D.: Advanced Persistent Threats - detection and defense. In: 2015 38th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO), pp. 1324\u20131330 (2015). https:\/\/doi.org\/10.1109\/MIPRO.2015.7160480","DOI":"10.1109\/MIPRO.2015.7160480"},{"key":"42_CR3","doi-asserted-by":"publisher","unstructured":"Chandran, S., Hrudya, P., Poornachandran, P.: An efficient classification model for detecting Advanced Persistent Threat. In: 2015 International Conference on Advances in Computing, Communications and Informatics (ICACCI), pp. 2001\u20132009 (2015). https:\/\/doi.org\/10.1109\/ICACCI.2015.7275911","DOI":"10.1109\/ICACCI.2015.7275911"},{"key":"42_CR4","doi-asserted-by":"publisher","unstructured":"Settanni, G., Shovgenya, Y., Skopik, F., Graf, R., Wurzenberger, M., Fiedler, R.: Acquiring cyber threat intelligence through security information correlation. In: 2017 3rd IEEE International Conference on Cybernetics (CYBCONF) (2017). https:\/\/doi.org\/10.1109\/CYBConf.2017.7985754","DOI":"10.1109\/CYBConf.2017.7985754"},{"key":"42_CR5","doi-asserted-by":"publisher","unstructured":"Hu, P., Li, H., Fu, H., Cansever, D., Mohapatra, P.: Dynamic defense strategy against Advanced Persistent Threat with insiders. In: 2015 IEEE Conference on Computer Communications (INFOCOM), pp. 747\u2013755 (2015). https:\/\/doi.org\/10.1109\/INFOCOM.2015.7218444","DOI":"10.1109\/INFOCOM.2015.7218444"},{"key":"42_CR6","doi-asserted-by":"publisher","unstructured":"Ussath, M., Jaeger, D., Cheng, F.: Advanced Persistent Threats: behind the scenes. In: 2016 Annual Conference on Information Science and Systems (CISS) (2016). https:\/\/doi.org\/10.1109\/CISS.2016.7460498","DOI":"10.1109\/CISS.2016.7460498"},{"key":"42_CR7","doi-asserted-by":"publisher","unstructured":"Messaoud, B., Guennoun, K., Wahbi, M., Sadik, M.: Advanced Persistent Threat: new analysis driven by life cycle phases and their challenges. In: 2016 International Conference on Advanced Communication Systems and Information Security (ACOSIS) (2016). https:\/\/doi.org\/10.1109\/ACOSIS.2016.7843932","DOI":"10.1109\/ACOSIS.2016.7843932"},{"key":"42_CR8","doi-asserted-by":"publisher","unstructured":"Bhatt, P., Yano, E.T., Gustavsson, P.M.: Towards a framework to detect multi-stage Advanced Persistent Threats attacks. In: 2014 IEEE 8th International Symposium on Service Oriented System Engineering, pp. 390\u2013395 (2014). https:\/\/doi.org\/10.1109\/SOSE.2014.53","DOI":"10.1109\/SOSE.2014.53"},{"key":"42_CR9","doi-asserted-by":"publisher","unstructured":"Vance, A.: Flow based analysis of Advanced Persistent Threats detecting targeted attacks in cloud computing. In: 2014 First International Scientific-Practical Conference Problems of Infocommunications Science and Technology, pp. 173\u2013176 (2014). https:\/\/doi.org\/10.1109\/INFOCOMMST.2014.6992342","DOI":"10.1109\/INFOCOMMST.2014.6992342"},{"issue":"11","key":"42_CR10","doi-asserted-by":"publisher","first-page":"2512","DOI":"10.1109\/TMC.2018.2814052","volume":"17","author":"Liang Xiao","year":"2018","unstructured":"Xiao, L., Xu, D., Mandayam, N.B., Poor, H.V.: Attacker-centric view of a detection game against Advanced Persistent Threats. In: IEEE Transactions on Mobile Computing (2018). https:\/\/doi.org\/10.1109\/TMC.2018.2814052","journal-title":"IEEE Transactions on Mobile Computing"},{"key":"42_CR11","doi-asserted-by":"publisher","unstructured":"Eidle, D., Ni, S.Y., DeCusatis, C., Sager, A.: Autonomic security for zero trust networks. In: 2017 IEEE 8th Annual Ubiquitous Computing, Electronics and Mobile Communication Conference (UEMCON) (2017). https:\/\/doi.org\/10.1109\/UEMCON.2017.8249053","DOI":"10.1109\/UEMCON.2017.8249053"},{"key":"42_CR12","doi-asserted-by":"publisher","first-page":"13958","DOI":"10.1109\/ACCESS.2018.2814481","volume":"6","author":"Q Zhu","year":"2018","unstructured":"Zhu, Q., Rass, S.: On multi-phase and multi-stage game-theoretic modeling of Advanced Persistent Threats. IEEE Access 6, 13958\u201313971 (2018). https:\/\/doi.org\/10.1109\/ACCESS.2018.2814481","journal-title":"IEEE Access"},{"key":"42_CR13","unstructured":"Taleb, N.: The Black Swan: The Impact of the Highly Improbable. Random House, New York (2007)"},{"key":"42_CR14","doi-asserted-by":"publisher","unstructured":"Zeng, Z., Zio, E.: Modelling unexpected failures with a hierarchical Bayesian model. In: 2017 2nd International Conference on System Reliability and Safety (ICSRS), pp. 135\u2013139 (2017). https:\/\/doi.org\/10.1109\/ICSRS.2017.8272809","DOI":"10.1109\/ICSRS.2017.8272809"},{"key":"42_CR15","doi-asserted-by":"publisher","unstructured":"Arney, C., et al..: Using rare event modeling & networking to build scenarios and forecast the future. In: 2013 IEEE 2nd Network Science Workshop (NSW), pp. 29\u201364 (2013). https:\/\/doi.org\/10.1109\/NSW.2013.6609191","DOI":"10.1109\/NSW.2013.6609191"},{"key":"42_CR16","doi-asserted-by":"publisher","unstructured":"R\u00e9vay, M., L\u00ed\u0161ka, M.: OODA loop in command & control systems. In: 2017 Communication and Information Technologies (KIT) (2017). https:\/\/doi.org\/10.23919\/KIT.2017.8109463","DOI":"10.23919\/KIT.2017.8109463"},{"key":"42_CR17","doi-asserted-by":"publisher","unstructured":"Dapeng, G., Jianming, H., Yuhu, Guoqian, X., Nainiang, Z.: Research on combat SD model based on OODA loop. In: 2015 2nd International Conference on Information Science and Control Engineering, pp. 884\u2013888 (2015). https:\/\/doi.org\/10.1109\/ICISCE.2015.201","DOI":"10.1109\/ICISCE.2015.201"},{"key":"42_CR18","doi-asserted-by":"publisher","unstructured":"Ma, L., Zhang, M., Zhou, Z.: The OODA loop robustness evaluation based on OSOS combat network. In: 2014 International Conference on Information and Communications Technologies (ICT 2014) (2014). https:\/\/doi.org\/10.1049\/cp.2014.0583","DOI":"10.1049\/cp.2014.0583"},{"key":"42_CR19","unstructured":"Blasch, E.P., Breton, R., Valin, P., Bosse, E.: User information fusion decision making analysis with the C-OODA model. In: 14th International Conference on Information Fusion (2011)"},{"key":"42_CR20","doi-asserted-by":"crossref","unstructured":"Fusano, A., Sato, H., Namatame, A.: Study of multi-agent based combat simulation for grouped OODA loop. In: SICE Annual Conference 2011, pp. 131\u2013136 (2011)","DOI":"10.1109\/UKSIM.2011.54"},{"key":"42_CR21","unstructured":"Bilar, D., Saltaformaggio, B.: Using a novel behavioral stimuli-response framework to defend against adversarial cyberspace participants. In: 2011 3rd International Conference on Cyber Conflict (2011)"},{"key":"42_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"89","DOI":"10.1007\/978-3-030-01168-0_9","volume-title":"Internet of Things, Smart Spaces, and Next Generation Networks and Systems","author":"T Bodstr\u00f6m","year":"2018","unstructured":"Bodstr\u00f6m, T., H\u00e4m\u00e4l\u00e4inen, T.: State of the art literature review on network anomaly detection. In: Galinina, O., Andreev, S., Balandin, S., Koucheryavy, Y. (eds.) NEW2AN\/ruSMART 2018. LNCS, vol. 11118, pp. 89\u2013101. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-030-01168-0_9"},{"key":"42_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"64","DOI":"10.1007\/978-3-030-01168-0_7","volume-title":"Internet of Things, Smart Spaces, and Next Generation Networks and Systems","author":"T Bodstr\u00f6m","year":"2018","unstructured":"Bodstr\u00f6m, T., H\u00e4m\u00e4l\u00e4inen, T.: State of the art literature review on network anomaly detection with deep learning. In: Galinina, O., Andreev, S., Balandin, S., Koucheryavy, Y. (eds.) NEW2AN\/ruSMART 2018. LNCS, vol. 11118, pp. 64\u201376. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-030-01168-0_7"}],"container-title":["Lecture Notes in Computer Science","Computational Data and Social Networks"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-04648-4_42","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,11,3]],"date-time":"2019-11-03T02:03:40Z","timestamp":1572746620000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-04648-4_42"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018]]},"ISBN":["9783030046477","9783030046484"],"references-count":23,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-04648-4_42","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018]]},"assertion":[{"value":"CSoNet","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Computational Social Networks","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Shanghai","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"China","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2018","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"18 December 2018","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"20 December 2018","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"7","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"csonet2018","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/optnetsci.cise.ufl.edu\/CSoNet\/index.html","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"106","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"44","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"42% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"7","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"No","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}}]}}