{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,11]],"date-time":"2024-09-11T13:41:32Z","timestamp":1726062092392},"publisher-location":"Cham","reference-count":17,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030369378"},{"type":"electronic","value":"9783030369385"}],"license":[{"start":{"date-parts":[[2019,1,1]],"date-time":"2019-01-01T00:00:00Z","timestamp":1546300800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2019]]},"DOI":"10.1007\/978-3-030-36938-5_4","type":"book-chapter","created":{"date-parts":[[2019,12,10]],"date-time":"2019-12-10T00:04:11Z","timestamp":1575936251000},"page":"53-73","update-policy":"http:\/\/dx.doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":9,"title":["A Graph Database-Based Approach to Analyze Network Log Files"],"prefix":"10.1007","author":[{"given":"Lars","family":"Diederichsen","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Kim-Kwang Raymond","family":"Choo","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Nhien-An","family":"Le-Khac","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2019,12,10]]},"reference":[{"key":"4_CR1","unstructured":"Bejtlich, R.: The practice of network security monitoring: understanding incident detection and response. No Starch Press (2013)"},{"key":"4_CR2","unstructured":"MIT Lincoln Laboratory. DARPA Intrusion Detection Evaluation. \nhttp:\/\/www.ll.mit.edu\/ideval\/data\/1999data.html\n\n. Accessed 4 June 2017"},{"key":"4_CR3","unstructured":"National CyberWatch Center. MACCDC\u2014Home of National CyberWatch Mid Atlantic CCDC (2017). \nhttps:\/\/www.maccdc.org\n\n. Accessed 27 July 2017"},{"key":"4_CR4","unstructured":"Neise, P.: Intrusion Detection Through Relationship Analysis. SANS Institute InfoSec Reading Room (2016). \nhttps:\/\/www.sans.org\/reading-room\/whitepapers\/detection\/intrusion-detection-relationship-analysis-37352\n\n. Accessed 18 March 2017"},{"key":"4_CR5","unstructured":"Neo4j. Neo4j, the world\u2019s leading graph database. \nhttps:\/\/neo4j.com\/\n\n. Accessed 21 Aug 2017"},{"key":"4_CR6","unstructured":"Netresec. PCAP files from the US National CyberWatch Mid-Atlantic Collegiate Cyber Defense Competition (MACCDC) (2017). \nhttps:\/\/www.netresec.com\/?page=MACCDC\n\n. Accessed 20 Apr 2017"},{"issue":"23","key":"4_CR7","doi-asserted-by":"publisher","first-page":"2435","DOI":"10.1016\/S1389-1286(99)00112-7","volume":"31","author":"V Paxson","year":"1999","unstructured":"Paxson, V.: Bro: a system for detecting network intruders in real-time. Comput. Netw. 31(23), 2435\u20132463 (1999)","journal-title":"Comput. Netw."},{"key":"4_CR8","unstructured":"Py2neo. The py2neo v3 Handbook. \nhttp:\/\/py2neo.org\/v3\/\n\n. Accessed 11 Mar 2017"},{"key":"4_CR9","volume-title":"Graph Databases - New Opportunities for Connected Data","author":"I Robinson","year":"2015","unstructured":"Robinson, I., Webber, J., Eirfrem, E.: Graph Databases - New Opportunities for Connected Data, 2nd edn. O\u2019Reilly Media Inc., Sebastpol (2015)","edition":"2"},{"key":"4_CR10","unstructured":"Sanders, C., Smith, J.: Applied Network Security Monitoring: Collection, Detection, and Analysis. Elsevier (2013)"},{"key":"4_CR11","unstructured":"Roesch, M.: Snort: lightweight intrusion detection for networks. In: Lisa, vol. 99, no. 1, pp. 229\u2013238, November 1999"},{"key":"4_CR12","unstructured":"Snort - Network Intrusion Detection & Prevention System. \nhttp:\/\/www.snort.org\/\n\n. Accessed 21 Aug 2017"},{"key":"4_CR13","unstructured":"Suricata. Suricata\u2014Open Source IDS\/IPS\/NSM engine. \nhttps:\/\/suricata-ids.org\/\n\n. Accessed 21 Aug 2017"},{"key":"4_CR14","unstructured":"Zeek.org. The Zeek Network Security Monitor. \nhttps:\/\/www.bro.org\n\n. Accessed 15 Jan 2019"},{"key":"4_CR15","unstructured":"Schindler, T.: Anomaly detection in log data using graph databases and machine learning to defend advanced persistent threats. In: Gesellschaft f\u00fcr Informatik e.V. (Hrsg.) Informatik 2017. Lecture Notes in Informatics (LNI). Gesellschaft f\u00fcr Informatik, Bonn (2017)"},{"key":"4_CR16","unstructured":"Uetz, R., Benthin, L., Hemminghaus, C., Krebs, S., Yilmaz, T.: BREACH: a framework for the simulation of cyber attacks on company\u2019s networks. In: Digital Forensics Research Conference Europe (Poster) (2017)"},{"issue":"3","key":"4_CR17","first-page":"535","volume":"81","author":"S Djanali","year":"2015","unstructured":"Djanali, S., et al.: Coro: graph-based automatic intrusion detection system signature generator for evoting protection. J. Theor. Appl. Inf. Technol. 81(3), 535\u2013546 (2015)","journal-title":"J. Theor. Appl. Inf. Technol."}],"container-title":["Lecture Notes in Computer Science","Network and System Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-36938-5_4","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,12,10]],"date-time":"2019-12-10T00:04:20Z","timestamp":1575936260000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-36938-5_4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019]]},"ISBN":["9783030369378","9783030369385"],"references-count":17,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-36938-5_4","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2019]]},"assertion":[{"value":"10 December 2019","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"NSS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Network and System Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Sapporo","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Japan","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2019","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"15 December 2019","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"18 December 2019","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"13","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"nss2019","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/nsclab.org\/nss2019\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"89","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"36","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"7","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"40% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"2.8","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"7","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}