{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,1]],"date-time":"2025-10-01T15:22:57Z","timestamp":1759332177284},"publisher-location":"Cham","reference-count":25,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030312763"},{"type":"electronic","value":"9783030312770"}],"license":[{"start":{"date-parts":[[2019,1,1]],"date-time":"2019-01-01T00:00:00Z","timestamp":1546300800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2019]]},"DOI":"10.1007\/978-3-030-31277-0_16","type":"book-chapter","created":{"date-parts":[[2019,9,13]],"date-time":"2019-09-13T08:02:53Z","timestamp":1568361773000},"page":"250-266","update-policy":"http:\/\/dx.doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":4,"title":["Efficient Security Policy Management Using Suspicious Rules Through Access Log Analysis"],"prefix":"10.1007","author":[{"given":"Maryem","family":"Ait El Hadj","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ahmed","family":"Khoumsi","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yahya","family":"Benkaouz","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Mohammed","family":"Erradi","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2019,9,14]]},"reference":[{"issue":"3","key":"16_CR1","first-page":"189","volume":"17","author":"M Ayache","year":"2016","unstructured":"Ayache, M., Erradi, M., Khoumsi, A., Freisleben, B.: Analysis and verification of XACML policies in a medical cloud environment. Scalable Comput. Pract. Experience 17(3), 189\u2013206 (2016)","journal-title":"Scalable Comput. Pract. Experience"},{"issue":"3","key":"16_CR2","doi-asserted-by":"publisher","first-page":"497","DOI":"10.1007\/s11277-015-3128-1","volume":"94","author":"J Breier","year":"2017","unstructured":"Breier, J., Brani\u0161ov\u00e1, J.: A dynamic rule creation based anomaly detection method for identifying security breaches in log records. Wireless Pers. Commun. 94(3), 497\u2013511 (2017). \n                      https:\/\/doi.org\/10.1007\/s11277-015-3128-1","journal-title":"Wireless Pers. Commun."},{"issue":"1","key":"16_CR3","doi-asserted-by":"publisher","first-page":"200","DOI":"10.1016\/j.eswa.2012.07.021","volume":"40","author":"ME Celebi","year":"2013","unstructured":"Celebi, M.E., Kingravi, H.A., Vela, P.A.: A comparative study of efficient initialization methods for the k-means clustering algorithm. Expert Syst. Appl. 40(1), 200\u2013210 (2013)","journal-title":"Expert Syst. Appl."},{"key":"16_CR4","doi-asserted-by":"crossref","unstructured":"Du, M., Li, F., Zheng, G., Srikumar, V.: DeepLog: anomaly detection and diagnosis from system logs through deep learning. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 1285\u20131298 (2017)","DOI":"10.1145\/3133956.3134015"},{"key":"16_CR5","unstructured":"Dunlop, N., Indulska, J., Raymond, K.: Dynamic conflict detection in policy-based management systems. In: Proceedings Sixth International Enterprise Distributed Object Computing Conference, 2002, EDOC 2002, IEEE, pp. 15\u201326 (2002)"},{"key":"16_CR6","doi-asserted-by":"crossref","unstructured":"Gu, Z., Pei, K., Wang, Q., Si, L., Zhang, X., Xu, D.: LEAPS: detecting camouflaged attacks with statistical learning guided by program analysis. In: 2015 45th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN), IEEE, pp. 57\u201368 (2015)","DOI":"10.1109\/DSN.2015.34"},{"key":"16_CR7","unstructured":"Guo, S.: Analysis and Evaluation of Similarity Metrics in Collaborative Filtering Recommender System. Master\u2019s thesis, Lapland University of Applied Sciences (2014)"},{"key":"16_CR8","doi-asserted-by":"crossref","unstructured":"He, P., Zhu, J., Zheng, Z., Lyu, M.R.: Drain: an online log parsing approach with fixed depth tree. In: 2017 IEEE International Conference on Web Services (ICWS), IEEE, pp. 33\u201340 (2017)","DOI":"10.1109\/ICWS.2017.13"},{"issue":"4","key":"16_CR9","doi-asserted-by":"publisher","first-page":"1643","DOI":"10.1109\/TSG.2013.2294473","volume":"5","author":"J Hong","year":"2014","unstructured":"Hong, J., Liu, C.C., Govindarasu, M.: Integrated anomaly detection for cyber security of the substations. IEEE Trans. Smart Grid 5(4), 1643\u20131653 (2014)","journal-title":"IEEE Trans. Smart Grid"},{"issue":"6","key":"16_CR10","doi-asserted-by":"publisher","first-page":"341","DOI":"10.1109\/TDSC.2013.18","volume":"10","author":"H Hu","year":"2013","unstructured":"Hu, H., Ahn, G.J., Kulkarni, K.: Discovery and resolution of anomalies in web access control policies. IEEE Trans. Dependable Secure Comput. 10(6), 341\u2013354 (2013)","journal-title":"IEEE Trans. Dependable Secure Comput."},{"key":"16_CR11","doi-asserted-by":"crossref","unstructured":"Kent, K., Souppaya, M.: Guide to computer security log management. NIST special publication 92 (2006)","DOI":"10.6028\/NIST.SP.800-92"},{"issue":"1","key":"16_CR12","first-page":"51","volume":"30","author":"A Khoumsi","year":"2016","unstructured":"Khoumsi, A., Erradi, M., Krombi, W.: A formal basis for the design and analysis of firewall security policies. J. King Saud Univ. Comput. Inf. Sci. 30(1), 51\u201366 (2016)","journal-title":"J. King Saud Univ. Comput. Inf. Sci."},{"issue":"3","key":"16_CR13","doi-asserted-by":"publisher","first-page":"231","DOI":"10.1002\/widm.30","volume":"1","author":"HP Kriegel","year":"2011","unstructured":"Kriegel, H.P., Kr\u00f6ger, P., Sander, J., Zimek, A.: Density-based clustering. Wiley Interdisc. Rev. Data Min. Knowl. Discov. 1(3), 231\u2013240 (2011)","journal-title":"Wiley Interdisc. Rev. Data Min. Knowl. Discov."},{"key":"16_CR14","doi-asserted-by":"crossref","unstructured":"Lin, Q., Zhang, H., Lou, J.G., Zhang, Y., Chen, X.: Log clustering based problem identification for online service systems. In: Proceedings of the 38th International Conference on Software Engineering Companion, ACM, pp. 102\u2013111 (2016)","DOI":"10.1145\/2889160.2889232"},{"key":"16_CR15","unstructured":"Lou, J.G., Fu, Q., Yang, S., Xu, Y., Li, J.: Mining invariants from console logs for system problem detection. In: USENIX Annual Technical Conference (2010)"},{"key":"16_CR16","unstructured":"Nagaraj, K., Killian, C., Neville, J.: Structured comparative analysis of systems logs to diagnose performance problems. In: Proceedings of the 9th USENIX Conference on Networked Systems Design and Implementation, USENIX Association, p. 26 (2012)"},{"key":"16_CR17","doi-asserted-by":"crossref","unstructured":"Sapegin, A., Jaeger, D., Azodi, A., Gawron, M., Cheng, F., Meinel, C.: Hierarchical object log format for normalisation of security events. In: 9th International Conference on Information Assurance and Security, IEEE, pp. 25\u201330 (2013)","DOI":"10.1109\/ISIAS.2013.6947748"},{"key":"16_CR18","doi-asserted-by":"crossref","unstructured":"Shang, W., Nagappan, M., Hassan, A.E., Jiang, Z.M.: Understanding log lines using development knowledge. In: 2014 IEEE International Conference on Software Maintenance and Evolution (ICSME), IEEE, pp. 21\u201330 (2014)","DOI":"10.1109\/ICSME.2014.24"},{"key":"16_CR19","doi-asserted-by":"crossref","unstructured":"St-Martin, M., Felty, A.P.: A verified algorithm for detecting conflicts in XACML access control rules. In: Proceedings of the 5th ACM SIGPLAN Conference on Certified Programs and Proofs, ACM, pp. 166\u2013175 (2016)","DOI":"10.1145\/2854065.2854079"},{"key":"16_CR20","doi-asserted-by":"publisher","first-page":"76","DOI":"10.1016\/j.diin.2017.05.001","volume":"21","author":"H Studiawan","year":"2017","unstructured":"Studiawan, H., Payne, C., Sohel, F.: Graph clustering and anomaly detection of access control log for forensic purposes. Digit. Invest. 21, 76\u201387 (2017)","journal-title":"Digit. Invest."},{"issue":"5","key":"16_CR21","doi-asserted-by":"publisher","first-page":"533","DOI":"10.1109\/TDSC.2014.2369048","volume":"12","author":"Z Xu","year":"2015","unstructured":"Xu, Z., Stoller, S.D.: Mining attribute-based access control policies. IEEE Trans. Dependable Secure Comput. 12(5), 533\u2013545 (2015)","journal-title":"IEEE Trans. Dependable Secure Comput."},{"key":"16_CR22","doi-asserted-by":"crossref","unstructured":"Yagoub, I., Khan, M.A., Jiyun, L.: IT equipment monitoring and analyzing system for forecasting and detecting anomalies in log files utilizing machine learning techniques. In: 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems (icABCD), IEEE, pp. 1\u20136 (2018)","DOI":"10.1109\/ICABCD.2018.8465400"},{"key":"16_CR23","first-page":"293","volume":"12","author":"D Yuan","year":"2012","unstructured":"Yuan, D., et al.: Be conservative: enhancing failure diagnosis with proactive logging. OSDI 12, 293\u2013306 (2012)","journal-title":"OSDI"},{"key":"16_CR24","doi-asserted-by":"crossref","unstructured":"Yuan, E., Tong, J.: Attributed based access control (ABAC) for web services. In: IEEE International Conference on Web Services (ICWS 2005), IEEE (2005)","DOI":"10.1109\/ICWS.2005.25"},{"key":"16_CR25","doi-asserted-by":"crossref","unstructured":"Zhu, J., He, P., Fu, Q., Zhang, H., Lyu, M.R., Zhang, D.: Learning to log: helping developers make informed logging decisions. In: Proceedings of the 37th International Conference on Software Engineering, IEEE Press, vol. 1, pp. 415\u2013425 (2015)","DOI":"10.1109\/ICSE.2015.60"}],"container-title":["Lecture Notes in Computer Science","Networked Systems"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-31277-0_16","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,9,13]],"date-time":"2019-09-13T08:06:57Z","timestamp":1568362017000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-31277-0_16"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019]]},"ISBN":["9783030312763","9783030312770"],"references-count":25,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-31277-0_16","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2019]]},"assertion":[{"value":"14 September 2019","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"NETYS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Networked Systems","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Marrakech","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Morocco","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2019","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"19 June 2019","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"21 June 2019","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"7","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"netys2019","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/netys.net\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"60","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"23","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"4","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"38% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"2.91","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3.68","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"No","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}