{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,6]],"date-time":"2026-04-06T07:21:28Z","timestamp":1775460088223,"version":"3.50.1"},"publisher-location":"Cham","reference-count":22,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030365981","type":"print"},{"value":"9783030365998","type":"electronic"}],"license":[{"start":{"date-parts":[[2019,1,1]],"date-time":"2019-01-01T00:00:00Z","timestamp":1546300800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2019]]},"DOI":"10.1007\/978-3-030-36599-8_10","type":"book-chapter","created":{"date-parts":[[2019,12,3]],"date-time":"2019-12-03T13:03:45Z","timestamp":1575378225000},"page":"115-125","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["An Ontology Based Approach for Data Leakage Prevention Against Advanced Persistent Threats"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-9050-2343","authenticated-orcid":false,"given":"Emrah","family":"Kaya","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9985-5268","authenticated-orcid":false,"given":"\u0130brahim","family":"\u00d6z\u00e7elik","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8064-2905","authenticated-orcid":false,"given":"\u00d6zg\u00fc","family":"Can","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2019,12,4]]},"reference":[{"key":"10_CR1","doi-asserted-by":"publisher","unstructured":"More, S., Matthews, M., Joshi, A., Finin, T.: A knowledge-based approach to intrusion detection modeling. In: IEEE Symposium on Security and Privacy Workshops, pp. 75\u201381. IEEE, San Francisco (2012). \nhttps:\/\/doi.org\/10.1109\/SPW.2012.26","DOI":"10.1109\/SPW.2012.26"},{"key":"10_CR2","unstructured":"Rashid, A., et al.: Detecting and Preventing Data Exfiltration. Lancaster University, Academic Centre of Excellence in Cyber Security Research, Security Lancaster Report (2013)"},{"key":"10_CR3","unstructured":"Kafka, F.: ESET\u2019s guide to deobfuscating and devirtualizing FinFisher (2018). \nhttps:\/\/www.eset.com\/me\/whitepapers\/wp-finfisher\/\n\n. Accessed 30 June 2019"},{"key":"10_CR4","doi-asserted-by":"publisher","unstructured":"Canfora, G., Medvet, E., Mercaldo, F., Visaggio, C.A.: Detecting android malware using sequences of system calls. In: Proceedings of the 3rd International Workshop on Software Development Lifecycle for Mobile, pp. 13\u201320. ACM, Bergamo (2015). \nhttps:\/\/doi.org\/10.1145\/2804345.2804349","DOI":"10.1145\/2804345.2804349"},{"issue":"17","key":"10_CR5","first-page":"12","volume":"43","author":"C Ravi","year":"2012","unstructured":"Ravi, C., Manoharan, R.: Malware detection using windows Api sequence and machine learning (0975\u20138887). Int. J. Comput. Appl. 43(17), 12\u201316 (2012)","journal-title":"Int. J. Comput. Appl."},{"key":"10_CR6","doi-asserted-by":"publisher","first-page":"137","DOI":"10.1016\/j.jnca.2016.01.008","volume":"62","author":"S Alneyadi","year":"2016","unstructured":"Alneyadi, S., Sithirasenan, E., Muthukkumarasamy, V.: A survey on data leakage prevention systems. J. Network Comput. Appl. 62, 137\u2013152 (2016)","journal-title":"J. Network Comput. Appl."},{"key":"10_CR7","doi-asserted-by":"publisher","DOI":"10.1007\/978-1-4614-2053-8","volume-title":"A Survey of Data Leakage Detection and Prevention Solutions","author":"A Shabtai","year":"2012","unstructured":"Shabtai, A., Rokach, L., Elovici, Y.: A Survey of Data Leakage Detection and Prevention Solutions, 1st edn. Springer-Verlag, New York (2012). \nhttps:\/\/doi.org\/10.1007\/978-1-4614-2053-8","edition":"1"},{"key":"10_CR8","doi-asserted-by":"publisher","unstructured":"Choi, J., Choi, C., Lynn, H.M., Kim, P.: Ontology based APT attack behavior analysis in cloud computing. In: 10th International Conference on Broadband and Wireless Computing, Communication and Applications (BWCCA), pp. 375\u2013379. IEEE, Krakow (2015). \nhttps:\/\/doi.org\/10.1109\/BWCCA.2015.69","DOI":"10.1109\/BWCCA.2015.69"},{"key":"10_CR9","doi-asserted-by":"publisher","unstructured":"Woo, S., On, J., Lee, M.: Behavior ontology: a framework to detect attack patterns for security. In: 27th International Conference on Advanced Information Networking and Applications Workshops (WAINA), pp. 738\u2013743. IEEE, Barcelona (2013). \nhttps:\/\/doi.org\/10.1109\/WAINA.2013.42","DOI":"10.1109\/WAINA.2013.42"},{"key":"10_CR10","unstructured":"Zhu, Y.: Attack pattern ontology: a common language for cyber security information sharing. Master Thesis, TUDelft - Delft University of Technology (2015)"},{"issue":"1","key":"10_CR11","doi-asserted-by":"publisher","first-page":"29","DOI":"10.3233\/AO-160163","volume":"11","author":"A Gr\u00e8gio","year":"2016","unstructured":"Gr\u00e8gio, A., Bonacin, R., De Marchi, A.C., Nabuco, O.F., De Geus, P.L.: An ontology of suspicious software behavior. Appl. Ontology 11(1), 29\u201349 (2016)","journal-title":"Appl. Ontology"},{"issue":"3","key":"10_CR12","doi-asserted-by":"publisher","first-page":"251","DOI":"10.1007\/s11416-008-0086-0","volume":"4","author":"G Jacob","year":"2008","unstructured":"Jacob, G., Debar, H., Filiol, E.: Behavioral detection of malware: from a survey towards an established taxonomy. J. Comput. Virol. 4(3), 251\u2013266 (2008)","journal-title":"J. Comput. Virol."},{"key":"10_CR13","unstructured":"V\u00e4is\u00e4nen, T., Trinberg, L., Pissanidis, N.: I accidentally malware - what should I do. is this dangerous? Overcoming inevitable risks of electronic communication. NATO Cooperative Cyber Defence Centre of Excellence, Tallinn, Estonia (2016)"},{"key":"10_CR14","series-title":"Advances in Information Security","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-11391-3","volume-title":"Cyber Defense and Situational Awareness","year":"2014","unstructured":"Kott, A., Wang, C., Erbacher, R.F. (eds.): Cyber Defense and Situational Awareness. ADIS, vol. 62. Springer, Cham (2014). \nhttps:\/\/doi.org\/10.1007\/978-3-319-11391-3"},{"issue":"8","key":"10_CR15","doi-asserted-by":"publisher","first-page":"4543","DOI":"10.1007\/s11227-016-1850-4","volume":"75","author":"S Singh","year":"2016","unstructured":"Singh, S., Sharma, P.K., Moon, S.Y., Moon, D., Park, J.H.: A comprehensive study on APT attacks and countermeasures for future networks and communications: challenges and solutions. J. Supercomputing 75(8), 4543\u20134574 (2016)","journal-title":"J. Supercomputing"},{"key":"10_CR16","doi-asserted-by":"crossref","unstructured":"Milajerdi, S.M., Gjomemo, R., Eshete, B., Sekar, R., Venkatakrishnan, V.N.: HOLMES: real-time APT detection through correlation of suspicious information flows. In: The 40th IEEE Symposium on Security and Privacy, pp. 447\u2013462. IEEE, San Fransisco (2019)","DOI":"10.1109\/SP.2019.00026"},{"issue":"4","key":"10_CR17","doi-asserted-by":"publisher","first-page":"557","DOI":"10.1016\/j.cose.2012.01.008","volume":"31","author":"J Blasco","year":"2012","unstructured":"Blasco, J., Hernandez-Castro, J.C., Tapiador, J.E., Ribagorda, A.: Bypassing information leakage protection with trusted applications. Comput. Secur. 31(4), 557\u2013568 (2012)","journal-title":"Comput. Secur."},{"key":"10_CR18","doi-asserted-by":"publisher","unstructured":"Mustafa, T.: Malicious data leak prevention and purposeful evasion attacks: an approach to Advanced Persistent Threat (APT) management. In: Saudi International Electronics, Communications and Photonics Conference, pp. 1\u20135. IEEE, Fira (2013). \nhttps:\/\/doi.org\/10.1109\/SIECPC.2013.6551028","DOI":"10.1109\/SIECPC.2013.6551028"},{"issue":"7","key":"10_CR19","doi-asserted-by":"publisher","first-page":"2881","DOI":"10.1007\/s11227-015-1604-8","volume":"73","author":"D Moon","year":"2017","unstructured":"Moon, D., Im, H., Kim, I., Park, J.H.: DTB-IDS: an intrusion detection system based on decision tree using behavior analysis for preventing APT attacks. J. Supercomputing 73(7), 2881\u20132895 (2017)","journal-title":"J. Supercomputing"},{"key":"10_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"271","DOI":"10.1007\/978-3-319-49445-6_15","volume-title":"Security, Privacy, and Applied Cryptography Engineering","author":"S Gupta","year":"2016","unstructured":"Gupta, S., Sharma, H., Kaur, S.: Malware characterization using windows API call sequences. In: Carlet, C., Hasan, M.A., Saraswat, V. (eds.) SPACE 2016. LNCS, vol. 10076, pp. 271\u2013280. Springer, Cham (2016). \nhttps:\/\/doi.org\/10.1007\/978-3-319-49445-6_15"},{"key":"10_CR21","unstructured":"Drummond, N., et al.: Putting OWL in order: Patterns for sequences in OWL. In: 2nd OWL Experiences and Directions Workshop (OWLED), Athens, Georgia, USA (2006)"},{"key":"10_CR22","doi-asserted-by":"publisher","unstructured":"Canzanese, R., Mancoridis, S., Kam, M.: System call-based detection of malicious processes. In: International Conference on Software Quality, Reliability and Security, pp. 119\u2013124. IEEE, Vancouver (2015). \nhttps:\/\/doi.org\/10.1109\/QRS.2015.26","DOI":"10.1109\/QRS.2015.26"}],"container-title":["Communications in Computer and Information Science","Metadata and Semantic Research"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-36599-8_10","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,12,3]],"date-time":"2019-12-03T13:05:21Z","timestamp":1575378321000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-36599-8_10"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019]]},"ISBN":["9783030365981","9783030365998"],"references-count":22,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-36599-8_10","relation":{},"ISSN":["1865-0929","1865-0937"],"issn-type":[{"value":"1865-0929","type":"print"},{"value":"1865-0937","type":"electronic"}],"subject":[],"published":{"date-parts":[[2019]]},"assertion":[{"value":"4 December 2019","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"MTSR","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Research Conference on Metadata and Semantics Research","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Rome","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Italy","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2019","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"28 October 2019","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"31 October 2019","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"mtsr2019","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}