{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,1]],"date-time":"2026-02-01T05:56:32Z","timestamp":1769925392976,"version":"3.49.0"},"publisher-location":"Cham","reference-count":19,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030582005","type":"print"},{"value":"9783030582012","type":"electronic"}],"license":[{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020]]},"DOI":"10.1007\/978-3-030-58201-2_17","type":"book-chapter","created":{"date-parts":[[2020,9,13]],"date-time":"2020-09-13T23:02:29Z","timestamp":1600038149000},"page":"248-262","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":20,"title":["Zeek-Osquery: Host-Network Correlation for Advanced Monitoring and Intrusion Detection"],"prefix":"10.1007","author":[{"given":"Steffen","family":"Haas","sequence":"first","affiliation":[]},{"given":"Robin","family":"Sommer","sequence":"additional","affiliation":[]},{"given":"Mathias","family":"Fischer","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2020,9,14]]},"reference":[{"key":"17_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"22","DOI":"10.1007\/3-540-45474-8_2","volume-title":"Recent Advances in Intrusion Detection","author":"M Almgren","year":"2001","unstructured":"Almgren, M., Lindqvist, U.: Application-integrated data collection for security monitoring. In: Lee, W., M\u00e9, L., Wespi, A. (eds.) RAID 2001. LNCS, vol. 2212, pp. 22\u201336. Springer, Heidelberg (2001). https:\/\/doi.org\/10.1007\/3-540-45474-8_2"},{"key":"17_CR2","unstructured":"Bates, A., Tian, D., Butler, K.R.B., Moyer, T.: Trustworthy whole-system provenance for the Linux Kernel. In: Proceedings of the 24th USENIX Conference on Security Symposium, pp. 319\u2013334. USENIX Association (2015)"},{"issue":"5","key":"17_CR3","doi-asserted-by":"publisher","first-page":"35","DOI":"10.1109\/MSP.2014.103","volume":"12","author":"S Bhatt","year":"2014","unstructured":"Bhatt, S., Manadhata, P.K., Zomlot, L.: The operational role of security information and event management systems. IEEE Secur. Priv. 12(5), 35\u201341 (2014). https:\/\/doi.org\/10.1109\/MSP.2014.103","journal-title":"IEEE Secur. Priv."},{"issue":"3","key":"17_CR4","doi-asserted-by":"publisher","first-page":"25","DOI":"10.1109\/MSP.2005.63","volume":"3","author":"M Cai","year":"2005","unstructured":"Cai, M., Hwang, K., Kwok, Y.K., Song, S., Chen, Y.: Collaborative internet worm containment. IEEE Secur. Priv. 3(3), 25\u201333 (2005). https:\/\/doi.org\/10.1109\/MSP.2005.63","journal-title":"IEEE Secur. Priv."},{"key":"17_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"206","DOI":"10.1007\/11506881_13","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"H Dreger","year":"2005","unstructured":"Dreger, H., Kreibich, C., Paxson, V., Sommer, R.: Enhancing the accuracy of network-based intrusion detection with host-based context. In: Julisch, K., Kruegel, C. (eds.) DIMVA 2005. LNCS, vol. 3548, pp. 206\u2013221. Springer, Heidelberg (2005). https:\/\/doi.org\/10.1007\/11506881_13"},{"key":"17_CR6","unstructured":"Facebook: osquery | Easily ask questions about your Linux, Windows, and macOS infrastructure. https:\/\/osquery.io\/. Accessed 21 Feb 2020"},{"key":"17_CR7","doi-asserted-by":"publisher","first-page":"35","DOI":"10.1016\/j.cose.2014.09.006","volume":"48","author":"I Friedberg","year":"2015","unstructured":"Friedberg, I., Skopik, F., Settanni, G., Fiedler, R.: Combating advanced persistent threats: from network event correlation to incident detection. Comput. Secur. 48, 35\u201357 (2015). https:\/\/doi.org\/10.1016\/j.cose.2014.09.006","journal-title":"Comput. Secur."},{"key":"17_CR8","doi-asserted-by":"publisher","unstructured":"King, S.T., Chen, P.M.: Backtracking intrusions. In: Proceedings of the Nineteenth ACM Symposium on Operating Systems Principles, pp. 223\u2013236 (2003). https:\/\/doi.org\/10.1145\/945445.945467","DOI":"10.1145\/945445.945467"},{"key":"17_CR9","unstructured":"King, S.T., Mao, Z.M., Lucchetti, D.G., Chen, P.M.: Enriching intrusion alerts through multi-host causality. In: Proceedings of the Network and Distributed System Security Symposium. The Internet Society (2005)"},{"key":"17_CR10","doi-asserted-by":"publisher","unstructured":"Liu, M., Xue, Z., Xu, X., Zhong, C., Chen, J.: Host-based intrusion detection system with system calls: review and future trends. ACM Comput. Surv. (CSUR) 51(5) (2018). https:\/\/doi.org\/10.1145\/3214304","DOI":"10.1145\/3214304"},{"key":"17_CR11","unstructured":"Ma, S., Zhang, X., Xu, D.: ProTracer: Tt and distributed system security symposium. The Internet Society (2016)"},{"issue":"23","key":"17_CR12","doi-asserted-by":"publisher","first-page":"2435","DOI":"10.1016\/S1389-1286(99)00112-7","volume":"31","author":"V Paxson","year":"1999","unstructured":"Paxson, V.: Bro: a system for detecting network intruders in real-time. Comput. Netw. 31(23), 2435\u20132463 (1999). https:\/\/doi.org\/10.1016\/S1389-1286(99)00112-7","journal-title":"Comput. Netw."},{"key":"17_CR13","doi-asserted-by":"publisher","first-page":"811","DOI":"10.1016\/j.future.2019.05.032","volume":"100","author":"J Shin","year":"2019","unstructured":"Shin, J., Choi, S.H., Liu, P., Choi, Y.H.: Unsupervised multi-stage attack detection framework without details on single-stage attacks. Future Gener. Comput. Syst. 100, 811\u2013825 (2019). https:\/\/doi.org\/10.1016\/j.future.2019.05.032","journal-title":"Future Gener. Comput. Syst."},{"key":"17_CR14","unstructured":"Snapp, S.R., et al.: DIDS (distributed intrusion detection system) - motivation, architecture, and an early prototype. In: Proceedings of the 14th National Computer Security Conference, vol. 1, pp. 167\u2013176 (1991)"},{"key":"17_CR15","doi-asserted-by":"publisher","unstructured":"Sommer, R., Paxson, V.: Enhancing byte-level network intrusion detection signatures with context. In: Proceedings of the 10th ACM Conference on Computer and Communications Security, pp. 262\u2013271 (2003). https:\/\/doi.org\/10.1145\/948109.948145","DOI":"10.1145\/948109.948145"},{"key":"17_CR16","doi-asserted-by":"publisher","unstructured":"Sun, X., Dai, J., Liu, P., Singhal, A., Yen, J.: Towards probabilistic identification of zero-day attack paths. In: 2016 IEEE Conference on Communications and Network Security (CNS), pp. 64\u201372 (2016). https:\/\/doi.org\/10.1109\/CNS.2016.7860471","DOI":"10.1109\/CNS.2016.7860471"},{"key":"17_CR17","doi-asserted-by":"publisher","unstructured":"Vasilomanolakis, E., Karuppayah, S., M\u00fchlh\u00e4user, M., Fischer, M.: Taxonomy and survey of collaborative intrusion detection. ACM Comput. Surv. (CSUR) 47(4) (2015). https:\/\/doi.org\/10.1145\/2716260","DOI":"10.1145\/2716260"},{"key":"17_CR18","doi-asserted-by":"publisher","unstructured":"Wang, L., Yang, J.: A research survey in stepping-stone intrusion detection. EURASIP J. Wirele. Commun. Netw. 2018(1) (2018). https:\/\/doi.org\/10.1186\/s13638-018-1303-2","DOI":"10.1186\/s13638-018-1303-2"},{"key":"17_CR19","doi-asserted-by":"publisher","unstructured":"Wilkens, F., Haas, S., Kaaser, D., Kling, P., Fischer, M.: Towards efficient reconstruction of attacker lateral movement. In: Proceedings of the 14th International Conference on Availability, Reliability and Security. ACM, New York (2019). https:\/\/doi.org\/10.1145\/3339252.3339254","DOI":"10.1145\/3339252.3339254"}],"container-title":["IFIP Advances in Information and Communication Technology","ICT Systems Security and Privacy Protection"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-58201-2_17","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,9,14]],"date-time":"2024-09-14T00:08:18Z","timestamp":1726272498000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-58201-2_17"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020]]},"ISBN":["9783030582005","9783030582012"],"references-count":19,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-58201-2_17","relation":{},"ISSN":["1868-4238","1868-422X"],"issn-type":[{"value":"1868-4238","type":"print"},{"value":"1868-422X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020]]},"assertion":[{"value":"14 September 2020","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"SEC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"IFIP International Conference on ICT Systems Security and Privacy Protection","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Maribor","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Slovenia","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2020","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"21 September 2020","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"23 September 2020","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"35","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"sec2020","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/sec2020.um.si\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"149","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"29","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"19% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3.88","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"5.14","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"The conference was held virtually due to the COVID-19 pandemic.","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}