{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,28]],"date-time":"2025-03-28T01:06:58Z","timestamp":1743124018455,"version":"3.40.3"},"publisher-location":"Cham","reference-count":12,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030346461"},{"type":"electronic","value":"9783030346478"}],"license":[{"start":{"date-parts":[[2019,1,1]],"date-time":"2019-01-01T00:00:00Z","timestamp":1546300800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2019,1,1]],"date-time":"2019-01-01T00:00:00Z","timestamp":1546300800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2019]]},"DOI":"10.1007\/978-3-030-34647-8_13","type":"book-chapter","created":{"date-parts":[[2019,11,18]],"date-time":"2019-11-18T16:02:52Z","timestamp":1574092972000},"page":"253-268","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Data-Driven Field Mapping of Security Logs for Integrated Monitoring"],"prefix":"10.1007","author":[{"given":"Seungoh","family":"Choi","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yesol","family":"Kim","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jeong-Han","family":"Yun","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Byung-Gil","family":"Min","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Hyoung-Chun","family":"Kim","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2019,11,19]]},"reference":[{"key":"13_CR1","unstructured":"ArcSight, Common Event Format, Revision 15, ArcSight Technical Note, Cupertino, California, 2009"},{"key":"13_CR2","doi-asserted-by":"crossref","unstructured":"J. Caballero, P. Poosankam, C. Kreibich and D. Song, Dispatcher: Enabling active botnet infiltration using automatic protocol reverse-engineering, Proceedings of the Sixteenth ACM Conference on Computer and Communications Security, pp. 621\u2013364, 2009","DOI":"10.1145\/1653662.1653737"},{"issue":"2","key":"13_CR3","doi-asserted-by":"publisher","first-page":"451","DOI":"10.1016\/j.comnet.2012.08.003","volume":"57","author":"Juan Caballero","year":"2013","unstructured":"J. Caballero and D. Song, Automatic protocol reverse-engineering: Message format extraction and field semantics inference, Computer Networks, vol. 57(2), pp. 451\u2013474, 2013","journal-title":"Computer Networks"},{"key":"13_CR4","doi-asserted-by":"crossref","unstructured":"J. Caballero, H. Yin, Z. Liang and D. Song, Polyglot: Automatic extraction of protocol message format using dynamic binary analysis, Proceedings of the Fourteenth ACM Conference on Computer and Communications Security, pp. 317\u2013329, 2007","DOI":"10.1145\/1315245.1315286"},{"key":"13_CR5","unstructured":"Cisco Systems, Cisco Intrusion Detection Event Exchange (CIDEE) Specification, San Jose, California (www.cisco.com\/c\/en\/us\/td\/docs\/security\/ips\/specs\/CIDEE_Specification.html), 2009"},{"key":"13_CR6","doi-asserted-by":"crossref","unstructured":"H. Debar, D. Curry and B. Feinstein, The Intrusion Detection Message Exchange Format (IDMEF), RFC 4765, 2007","DOI":"10.17487\/rfc4765"},{"key":"13_CR7","unstructured":"International Business Machines, IBM QRadar: Log Event Extension Format (LEEF), Version 2, Armonk, New York (www.ibm.com\/support\/knowledgecenter\/SS42VS_DSM\/b_Leef_format_guide.pdf), 2016"},{"key":"13_CR8","unstructured":"H. Li, B. Zhang, B. Shuai, J. Wang and C. Tang, Automatic protocol feature word construction based on machine learning, Proceedings of the IEEE International Conference on Progress in Informatics and Computing, pp. 93\u201397, 2015"},{"key":"13_CR9","unstructured":"National Cybersecurity and Communications Integration Center, ICS-CERT \u2013 Year in Review, Department of Homeland Security, Washington, DC (ics-cert.us-cert.gov\/Year-Review-2016), 2016"},{"issue":"2","key":"13_CR10","doi-asserted-by":"publisher","first-page":"436","DOI":"10.1016\/j.comnet.2012.06.021","volume":"57","author":"Aditya K. Sood","year":"2013","unstructured":"A. Sood, R. Enbody and R. Bansal, Dissecting SpyEye \u2013 Understanding the design of third generation botnets, Computer Networks, vol. 57(2), pp. 436\u2013450, 2013","journal-title":"Computer Networks"},{"key":"13_CR11","unstructured":"The CEE Board, Common Event Expression, MITRE, McLean, Virginia (cee.mitre.org\/docs\/Common\\_Event\\_Expression\\_White\\_Paper\\_June\\_2008.pdf), 2008"},{"key":"13_CR12","doi-asserted-by":"crossref","unstructured":"Z. Wang, X. Jiang, W. Cui, X. Wang and M. Grace, ReFormat: Automatic reverse engineering of encrypted messages, Proceedings of the Fourteenth European Conference on Research in Computer Security, pp. 200\u2013215, 2009","DOI":"10.1007\/978-3-642-04444-1_13"}],"container-title":["IFIP Advances in Information and Communication Technology","Critical Infrastructure Protection XIII"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-34647-8_13","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,11,18]],"date-time":"2023-11-18T01:05:44Z","timestamp":1700269544000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-34647-8_13"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019]]},"ISBN":["9783030346461","9783030346478"],"references-count":12,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-34647-8_13","relation":{},"ISSN":["1868-4238","1868-422X"],"issn-type":[{"type":"print","value":"1868-4238"},{"type":"electronic","value":"1868-422X"}],"subject":[],"published":{"date-parts":[[2019]]},"assertion":[{"value":"19 November 2019","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ICCIP","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Critical Infrastructure Protection","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Arlington, VA","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"USA","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2019","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"11 March 2019","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"12 March 2019","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"13","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"iccip2019","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/www.ifip1110.org\/Conferences\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"n\/a","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"34","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"16","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"47% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"n\/a","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}