{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,2]],"date-time":"2026-01-02T07:33:53Z","timestamp":1767339233253,"version":"3.40.3"},"publisher-location":"Cham","reference-count":34,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030332457"},{"type":"electronic","value":"9783030332464"}],"license":[{"start":{"date-parts":[[2019,1,1]],"date-time":"2019-01-01T00:00:00Z","timestamp":1546300800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2019]]},"DOI":"10.1007\/978-3-030-33246-4_22","type":"book-chapter","created":{"date-parts":[[2019,10,30]],"date-time":"2019-10-30T17:47:02Z","timestamp":1572457622000},"page":"326-344","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":12,"title":["Triage of IoT Attacks Through Process Mining"],"prefix":"10.1007","author":[{"given":"Simone","family":"Coltellese","sequence":"first","affiliation":[]},{"given":"Fabrizio","family":"Maria Maggi","sequence":"additional","affiliation":[]},{"given":"Andrea","family":"Marrella","sequence":"additional","affiliation":[]},{"given":"Luca","family":"Massarelli","sequence":"additional","affiliation":[]},{"given":"Leonardo","family":"Querzoni","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2019,10,11]]},"reference":[{"key":"22_CR1","unstructured":"Cowrie. https:\/\/github.com\/cowrie\/cowrie"},{"key":"22_CR2","unstructured":"The ddos that didn\u2019t break the camel\u2019s vac. https:\/\/goo.gl\/p9kUCy (2017)"},{"issue":"01","key":"22_CR3","doi-asserted-by":"publisher","first-page":"21","DOI":"10.1142\/S0218126698000043","volume":"8","author":"WMP Aalst van der","year":"1998","unstructured":"van der Aalst, W.M.P.: The application of Petri nets to workflow management. J. Circ. Syst. Comput. 8(01), 21\u201366 (1998)","journal-title":"J. Circ. Syst. Comput."},{"key":"22_CR4","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/978-3-662-49851-4_1","volume-title":"Process Mining","author":"WMP van der Aalst","year":"2016","unstructured":"van der Aalst, W.M.P.: Data science in action. Process Mining, pp. 3\u201323. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-49851-4_1"},{"issue":"3","key":"22_CR5","doi-asserted-by":"publisher","first-page":"90","DOI":"10.1109\/MC.2010.61","volume":"43","author":"WMP Aalst van","year":"2010","unstructured":"van Aalst, W.M.P., van Hee, K.M., van Werf, J.M., Verdonk, M.: Auditing 2.0: using process mining to support tomorrow\u2019s auditor. Computer 43(3), 90\u201393 (2010)","journal-title":"Computer"},{"key":"22_CR6","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1016\/j.entcs.2004.10.013","volume":"121","author":"WMP Aalst van der","year":"2005","unstructured":"van der Aalst, W.M.P., Alves de Medeiros, A.K.: Process mining and security: detecting anomalous process executions and checking process conformance. Electron. Notes Theor. Comput. Sci. 121, 3\u201321 (2005)","journal-title":"Electron. Notes Theor. Comput. Sci."},{"key":"22_CR7","doi-asserted-by":"crossref","unstructured":"Accorsi, R., Stocker, T.: On the exploitation of process mining for security audits: the conformance checking case. In: SAC 2012, pp. 1709\u20131716 (2012)","DOI":"10.1145\/2245276.2232051"},{"key":"22_CR8","doi-asserted-by":"crossref","unstructured":"Accorsi, R., Stocker, T., M\u00fcller, G.: On the exploitation of process mining for security audits: the process discovery case. In: SAC 2013, pp. 1462\u20131468 (2013)","DOI":"10.1145\/2480362.2480634"},{"key":"22_CR9","doi-asserted-by":"crossref","unstructured":"Adriansyah, A., Sidorova, N., van Dongen, B.F.: Cost-based fitness in conformance checking. In: ACSD 2011 (2011)","DOI":"10.1109\/ACSD.2011.19"},{"key":"22_CR10","unstructured":"de Alvarenga, S.C., Zarpel, B., Miani, R.: Discovering attack strategies using process mining. In: AICT 2015, pp. 119\u2013125 (2015)"},{"key":"22_CR11","unstructured":"Angrishi, K.: Turning internet of things (iot) into internet of vulnerabilities (iov): Iot botnets. Technical report. arXiv preprint arXiv:1702.03681 (2017)"},{"key":"22_CR12","unstructured":"Antonakakis, M., et al.: Understanding the mirai botnet. In: 26th USENIX Security Symposium, pp. 1093\u20131110 (2017)"},{"issue":"4","key":"22_CR13","first-page":"686","volume":"31","author":"A Augusto","year":"2018","unstructured":"Augusto, A., et al.: Automated discovery of process models from event logs: review and benchmark. IEEE TKDE 31(4), 686\u2013705 (2018)","journal-title":"IEEE TKDE"},{"issue":"3","key":"22_CR14","first-page":"1","volume":"18","author":"ML Bernardi","year":"2018","unstructured":"Bernardi, M.L., Cimitile, M., Distante, D., Martinelli, F., Mercaldo, F.: Dynamic malware detection and phylogeny analysis using process mining. Int. J. Inf. Secur. 18(3), 1\u201328 (2018)","journal-title":"Int. J. Inf. Secur."},{"key":"22_CR15","doi-asserted-by":"publisher","first-page":"76","DOI":"10.1109\/MC.2017.62","volume":"2","author":"E Bertino","year":"2017","unstructured":"Bertino, E., Islam, N.: Botnets and internet of things security. IEEE Comput. 2, 76\u201379 (2017)","journal-title":"IEEE Comput."},{"key":"22_CR16","unstructured":"Burattin, A.: Applicability of process mining techniques in business environments. Ph.D. thesis, University of Bologna, Italy (2013)"},{"issue":"6","key":"22_CR17","doi-asserted-by":"publisher","first-page":"833","DOI":"10.1109\/TSC.2015.2459703","volume":"8","author":"A Burattin","year":"2015","unstructured":"Burattin, A., Cimitile, M., Maggi, F.M., Sperduti, A.: Online discovery of declarative process models from event streams. IEEE Trans. Serv. Comp. 8(6), 833\u2013846 (2015)","journal-title":"IEEE Trans. Serv. Comp."},{"key":"22_CR18","doi-asserted-by":"publisher","first-page":"113","DOI":"10.1016\/j.eswa.2017.11.032","volume":"95","author":"A Calleja","year":"2018","unstructured":"Calleja, A., Mart\u00edn, A., Men\u00e9ndez, H.D., Tapiador, J., Clark, D.: Picking on the family: disrupting android malware triage by forcing misclassification. Expert Syst. Appl. 95, 113\u2013126 (2018)","journal-title":"Expert Syst. Appl."},{"key":"22_CR19","doi-asserted-by":"crossref","unstructured":"Cozzi, E., Graziano, M., Fratantonio, Y., Balzarotti, D.: Understanding linux malware. In: 39th IEEE Symposium on Security and Privacy (SP), pp. 161\u2013175 (2018)","DOI":"10.1109\/SP.2018.00054"},{"key":"22_CR20","doi-asserted-by":"crossref","unstructured":"De Giacomo, G., Maggi, F.M., Marrella, A., Patrizi, F.: On the disruptive effectiveness of automated planning for LTLf-based trace alignment. In: AAAI 2017, pp. 3555\u20133561 (2017)","DOI":"10.1609\/aaai.v31i1.11020"},{"key":"22_CR21","doi-asserted-by":"crossref","unstructured":"van Dongen, B.F.: Efficiently computing alignments. In: BPM 2018 (2018)","DOI":"10.1007\/978-3-319-98648-7_12"},{"key":"22_CR22","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-56509-4","volume-title":"Fundamentals of Business Process Management","author":"M Dumas","year":"2013","unstructured":"Dumas, M., La Rosa, M., Mendling, J., Reijers, H.A., et al.: Fundamentals of Business Process Management, vol. 1. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-662-56509-4"},{"key":"22_CR23","doi-asserted-by":"crossref","unstructured":"Hossain, M.M., Fotouhi, M., Hasan, R.: Towards an analysis of security issues, challenges, and open problems in the internet of things. In: SERVICES 2015 (2015)","DOI":"10.1109\/SERVICES.2015.12"},{"key":"22_CR24","doi-asserted-by":"crossref","unstructured":"Huang, L., Joseph, A.D., Nelson, B., Rubinstein, B.I., Tygar, J.: Adversarial machine learning. In: AISEC 2011, pp. 43\u201358 (2011)","DOI":"10.1145\/2046684.2046692"},{"key":"22_CR25","doi-asserted-by":"crossref","unstructured":"Jang, J., Brumley, D., Venkataraman, S.: Bitshred: feature hashing malware for scalable triage and semantic analysis. In: CCS 2011, pp. 309\u2013320 (2011)","DOI":"10.1145\/2046707.2046742"},{"issue":"1","key":"22_CR26","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.accinf.2012.06.015","volume":"14","author":"M Jans","year":"2013","unstructured":"Jans, M., Alles, M., Vasarhelyi, M.: The case for process mining in auditing: sources of value added and areas of application. Int. J. Acc. Inf. Syst. 14(1), 1\u201320 (2013)","journal-title":"Int. J. Acc. Inf. Syst."},{"key":"22_CR27","doi-asserted-by":"crossref","unstructured":"Kirat, D., Nataraj, L., Vigna, G., Manjunath, B.: Sigmal: a static signal processing based malware triage. In: ACSAC 2013, pp. 89\u201398 (2013)","DOI":"10.1145\/2523649.2523682"},{"key":"22_CR28","doi-asserted-by":"publisher","first-page":"162","DOI":"10.1016\/j.eswa.2017.03.047","volume":"82","author":"M Leoni de","year":"2017","unstructured":"de Leoni, M., Marrella, A.: Aligning real process executions and prescriptive process models through automated planning. Expert Syst. Appl. 82, 162\u2013183 (2017)","journal-title":"Expert Syst. Appl."},{"key":"22_CR29","doi-asserted-by":"publisher","first-page":"94","DOI":"10.1007\/978-3-642-41030-7_7","volume-title":"On the Move to Meaningful Internet Systems: OTM 2013 Conferences","author":"Fabrizio Maria Maggi","year":"2013","unstructured":"Maggi, F.M., Burattin, A., Cimitile, M., Sperduti, A.: Online process discovery to detect concept drifts in ltl-based declarative process models. In: CoopIS 2013 (2013)"},{"key":"22_CR30","doi-asserted-by":"crossref","unstructured":"Maggi, F.M., Di Francescomarino, C., Dumas, M., Ghidini, C.: Predictive monitoring of business processes. In: CAiSE 2014, pp. 457\u2013472 (2014)","DOI":"10.1007\/978-3-319-07881-6_31"},{"key":"22_CR31","doi-asserted-by":"crossref","unstructured":"Marzano, A., et al.: The evolution of Bashlite and Mirai IoT Botnets. In: ISCC 2018, pp. 813\u2013818 (2018)","DOI":"10.1109\/ISCC.2018.8538636"},{"key":"22_CR32","unstructured":"Shen, Y., Stringhini, G.: Attack2vec: Leveraging temporal word embeddings to understand the evolution of cyberattacks. In: 28th Usenix Security Symposium (2019)"},{"key":"22_CR33","unstructured":"The OSWAP Fundation: OWASP Internet of Things Project. https:\/\/tinyurl.com\/yc3plqr9 (2014)"},{"issue":"2","key":"22_CR34","doi-asserted-by":"publisher","first-page":"151","DOI":"10.3233\/ICA-2003-10205","volume":"10","author":"AJMM Weijters","year":"2003","unstructured":"Weijters, A.J.M.M., van der Aalst, W.M.P.: Rediscovering workflow models from event-based data using little thumb. Int. Comp.-Aided Eng. 10(2), 151\u2013162 (2003)","journal-title":"Int. Comp.-Aided Eng."}],"container-title":["Lecture Notes in Computer Science","On the Move to Meaningful Internet Systems: OTM 2019 Conferences"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-33246-4_22","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,10,3]],"date-time":"2022-10-03T00:37:23Z","timestamp":1664757443000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-33246-4_22"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019]]},"ISBN":["9783030332457","9783030332464"],"references-count":34,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-33246-4_22","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2019]]},"assertion":[{"value":"11 October 2019","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"OTM","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"OTM Confederated International Conferences \"On the Move to Meaningful Internet Systems\"","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Rhodes","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Greece","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2019","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"21 October 2019","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"25 October 2019","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"otm2019","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/www.otmconferences.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}