{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,11]],"date-time":"2025-09-11T22:50:20Z","timestamp":1757631020647,"version":"3.44.0"},"publisher-location":"Cham","reference-count":28,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030589509"},{"type":"electronic","value":"9783030589516"}],"license":[{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020]]},"DOI":"10.1007\/978-3-030-58951-6_9","type":"book-chapter","created":{"date-parts":[[2020,9,11]],"date-time":"2020-09-11T09:07:40Z","timestamp":1599815260000},"page":"174-192","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":4,"title":["Distributed Detection of APTs: Consensus vs. Clustering"],"prefix":"10.1007","author":[{"given":"Juan E.","family":"Rubio","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Cristina","family":"Alcaraz","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ruben","family":"Rios","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Rodrigo","family":"Roman","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Javier","family":"Lopez","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2020,9,12]]},"reference":[{"key":"9_CR1","doi-asserted-by":"publisher","unstructured":"Khan, A., Turowski, K.: A survey of current challenges in manufacturing industry and preparation for industry 4.0. In: Proceedings of the First International Scientific Conference \u201cIntelligent Information Technologies for Industry\u201d (IITI 2016), pp. 15\u201326. Springer (2016). https:\/\/doi.org\/10.1007\/978-3-319-33609-1_2","DOI":"10.1007\/978-3-319-33609-1_2"},{"issue":"8","key":"9_CR2","doi-asserted-by":"publisher","first-page":"4543","DOI":"10.1007\/s11227-016-1850-4","volume":"75","author":"S Singh","year":"2016","unstructured":"Singh, S., Sharma, P.K., Moon, S.Y., Moon, D., Park, J.H.: A comprehensive study on APT attacks and countermeasures for future networks and communications: challenges and solutions. J. Supercomput. 75(8), 4543\u20134574 (2016). https:\/\/doi.org\/10.1007\/s11227-016-1850-4","journal-title":"J. Supercomput."},{"key":"9_CR3","doi-asserted-by":"publisher","first-page":"26","DOI":"10.1016\/j.cose.2017.08.005","volume":"72","author":"A Lemay","year":"2018","unstructured":"Lemay, A., Calvet, J., Menet, F., Fernandez, J.M.: Survey of publicly available reports on advanced persistent threat actors. Comput. Secur. 72, 26\u201359 (2018)","journal-title":"Comput. Secur."},{"issue":"4","key":"9_CR4","doi-asserted-by":"publisher","first-page":"55","DOI":"10.1145\/2542049","volume":"46","author":"R Mitchell","year":"2014","unstructured":"Mitchell, R., Chen, I.-R.: A survey of intrusion detection techniques for cyber-physical systems. ACM Comput. Surv. (CSUR) 46(4), 55 (2014)","journal-title":"ACM Comput. Surv. (CSUR)"},{"issue":"5","key":"9_CR5","doi-asserted-by":"publisher","first-page":"521","DOI":"10.3233\/JCS-191293","volume":"27","author":"JE Rubio","year":"2019","unstructured":"Rubio, J.E., Roman, R., Alcaraz, C., Zhang, Y.: Tracking APTs in industrial ecosystems: a proof of concept. J. Comput. Secur. 27(5), 521\u2013546 (2019)","journal-title":"J. Comput. Secur."},{"key":"9_CR6","series-title":"Communications in Computer and Information Science","doi-asserted-by":"publisher","first-page":"342","DOI":"10.1007\/978-981-13-2384-3_32","volume-title":"Intelligent Computing and Internet of Things","author":"P Zeng","year":"2018","unstructured":"Zeng, P., Zhou, P.: Intrusion detection in SCADA system: a survey. In: Li, K., Fei, M., Du, D., Yang, Z., Yang, D. (eds.) ICSEE\/IMIOT -2018. CCIS, vol. 924, pp. 342\u2013351. Springer, Singapore (2018). https:\/\/doi.org\/10.1007\/978-981-13-2384-3_32"},{"key":"9_CR7","doi-asserted-by":"publisher","unstructured":"Rubio J.E., Roman R., Lopez J.: Analysis of cybersecurity threats in industry 4.0: the case of intrusion detection. In: The 12th International Conference on Critical Information Infrastructures Security, volume Lecture Notes in Computer Science, vol. 10707, pp. 119\u2013130. Springer, August 2018. https:\/\/doi.org\/10.1007\/978-3-319-99843-5_11","DOI":"10.1007\/978-3-319-99843-5_11"},{"key":"9_CR8","doi-asserted-by":"crossref","unstructured":"Sekar, R., et al.: Specification-based anomaly detection: a new approach for detecting network intrusions. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, pp. 265\u2013274. ACM (2002)","DOI":"10.1145\/586110.586146"},{"key":"9_CR9","doi-asserted-by":"crossref","unstructured":"Lin, H., Slagell, A., Kalbarczyk, Z., Sauer, P.W., Iyer, R.K.: Semantic security analysis of SCADA networks to detect malicious control commands in power grids. In: Proceedings of the First ACM Workshop on Smart Energy Grid Security, pp. 29\u201334. ACM (2013)","DOI":"10.1145\/2516930.2516947"},{"key":"9_CR10","doi-asserted-by":"publisher","first-page":"101561","DOI":"10.1016\/j.cose.2019.06.015","volume":"87","author":"JE Rubio","year":"2019","unstructured":"Rubio, J.E., Alcaraz, C., Roman, R., Lopez, J.: Current cyber-defense trends in industrial control systems. Comput. Secur. J. 87, 101561 (2019)","journal-title":"Comput. Secur. J."},{"key":"9_CR11","doi-asserted-by":"publisher","first-page":"32910","DOI":"10.1109\/ACCESS.2018.2844794","volume":"6","author":"N Moustafa","year":"2018","unstructured":"Moustafa, N., Adi, E., Turnbull, B., Hu, J.: A new threat intelligence scheme for safeguarding industry 4.0 systems. IEEE Access 6, 32910\u201332924 (2018)","journal-title":"IEEE Access"},{"key":"9_CR12","doi-asserted-by":"crossref","unstructured":"Chhetri, S.R., Rashid, N., Faezi, S., Al Faruque, M.A.: Security trends and advances in manufacturing systems in the era of industry 4.0. In: 2017 IEEE\/ACM International Conference on Computer-Aided Design (ICCAD), pp. 1039\u20131046. IEEE (2017)","DOI":"10.1109\/ICCAD.2017.8203896"},{"key":"9_CR13","doi-asserted-by":"crossref","unstructured":"Vance, A.: Flow based analysis of advanced persistent threats detecting targeted attacks in cloud computing. In: 2014 First International Scientific-Practical Conference Problems of Infocommunications Science and Technology, pp. 173\u2013176. IEEE (2014)","DOI":"10.1109\/INFOCOMMST.2014.6992342"},{"key":"9_CR14","doi-asserted-by":"crossref","unstructured":"Brogi, G., Tong, V.V.T.: Terminaptor: highlighting advanced persistent threats through information flow tracking. In: 2016 8th IFIP International Conference on New Technologies, Mobility and Security (NTMS), pp. 1\u20135. IEEE (2016)","DOI":"10.1109\/NTMS.2016.7792480"},{"key":"9_CR15","doi-asserted-by":"publisher","first-page":"349","DOI":"10.1016\/j.future.2018.06.055","volume":"89","author":"I Ghafir","year":"2018","unstructured":"Ghafir, I., et al.: Detection of advanced persistent threat using machine-learning correlation analysis. Future Gener. Comput. Syst. 89, 349\u2013359 (2018)","journal-title":"Future Gener. Comput. Syst."},{"key":"9_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"263","DOI":"10.1007\/978-3-030-29962-0_13","volume-title":"Computer Security \u2013 ESORICS 2019","author":"JE Rubio","year":"2019","unstructured":"Rubio, J.E., Manulis, M., Alcaraz, C., Lopez, J.: Enhancing security and dependability of industrial networks with opinion dynamics. In: Sako, K., Schneider, S., Ryan, P.Y.A. (eds.) ESORICS 2019. LNCS, vol. 11736, pp. 263\u2013280. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-29962-0_13"},{"key":"9_CR17","doi-asserted-by":"crossref","unstructured":"Lee, S., Shon, T.: Open source intelligence base cyber threat inspection framework for critical infrastructures. In: 2016 Future Technologies Conference (FTC), pp. 1030\u20131033. IEEE (2016)","DOI":"10.1109\/FTC.2016.7821730"},{"key":"9_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"402","DOI":"10.1007\/978-3-319-66399-9_22","volume-title":"Computer Security \u2013 ESORICS 2017","author":"JE Rubio","year":"2017","unstructured":"Rubio, J.E., Alcaraz, C., Lopez, J.: Preventing advanced persistent threats in complex control networks. In: Foley, S.N., Gollmann, D., Snekkenes, E. (eds.) ESORICS 2017. LNCS, vol. 10493, pp. 402\u2013418. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-66399-9_22"},{"key":"9_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"555","DOI":"10.1007\/978-3-319-99073-6_27","volume-title":"Computer Security","author":"JE Rubio","year":"2018","unstructured":"Rubio, J.E., Roman, R., Alcaraz, C., Zhang, Y.: Tracking advanced persistent threats in critical infrastructures through opinion dynamics. In: Lopez, J., Zhou, J., Soriano, M. (eds.) ESORICS 2018. LNCS, vol. 11098, pp. 555\u2013574. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-99073-6_27"},{"key":"9_CR20","doi-asserted-by":"publisher","first-page":"3745","DOI":"10.1109\/TII.2018.2826226","volume":"14","author":"J Lopez","year":"2018","unstructured":"Lopez, J., Rubio, J.E., Alcaraz, C.: A resilient architecture for the smart grid. IEEE Trans. Ind. Inform. 14, 3745\u20133753 (2018)","journal-title":"IEEE Trans. Ind. Inform."},{"key":"9_CR21","doi-asserted-by":"crossref","unstructured":"Rubio, J.E., Roman, R., Lopez, J.: Integration of a threat traceability solution in the industrial Internet of Things. IEEE Trans. Ind. Inform. (2020). In Press","DOI":"10.1109\/TII.2020.2976747"},{"issue":"3","key":"9_CR22","doi-asserted-by":"publisher","first-page":"645","DOI":"10.1109\/TNN.2005.845141","volume":"16","author":"X Rui","year":"2005","unstructured":"Rui, X., Wunsch, D.: Survey of clustering algorithms. IEEE Trans. Neural Netw. 16(3), 645\u2013678 (2005)","journal-title":"IEEE Trans. Neural Netw."},{"key":"9_CR23","doi-asserted-by":"crossref","unstructured":"Pham, D.T., Dimov, S.S., Nguyen, C.D.: Selection of k in k-means clustering. Proc. Inst. Mech. Eng. Part C: J. Mech. Eng. Sci. 219(1), 103\u2013119 (2005)","DOI":"10.1243\/095440605X8298"},{"key":"9_CR24","unstructured":"Pelleg, D., Moore, A.W., et al.: X-means: extending k-means with efficient estimation of the number of clusters. In: Icml, vol. 1, pp. 727\u2013734 (2000)"},{"key":"9_CR25","unstructured":"Bilmes, J., Vahdat, A., Hsu, W., Im, E.J.: Empirical observations of probabilistic heuristics for the clustering problem. Technical Report TR-97-018, International Computer Science Institute (1997)"},{"issue":"1","key":"9_CR26","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1080\/03610927408827101","volume":"3","author":"T Cali\u0144ski","year":"1974","unstructured":"Cali\u0144ski, T., Harabasz, J.: A dendrite method for cluster analysis. Commun. Stat.-Theory Methods 3(1), 1\u201327 (1974)","journal-title":"Commun. Stat.-Theory Methods"},{"key":"9_CR27","first-page":"577","volume":"1","author":"K Wagstaff","year":"2001","unstructured":"Wagstaff, K., Cardie, C., Rogers, S., Schr\u00f6dl, S., et al.: Constrained k-means clustering with background knowledge. Icml 1, 577\u2013584 (2001)","journal-title":"Icml"},{"issue":"1","key":"9_CR28","doi-asserted-by":"publisher","first-page":"27","DOI":"10.1016\/j.cosrev.2007.05.001","volume":"1","author":"SE Schaeffer","year":"2007","unstructured":"Schaeffer, S.E.: Graph clustering. Comput. Sci. Rev. 1(1), 27\u201364 (2007)","journal-title":"Comput. Sci. Rev."}],"container-title":["Lecture Notes in Computer Science","Computer Security \u2013 ESORICS 2020"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-58951-6_9","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,9,10]],"date-time":"2025-09-10T22:02:25Z","timestamp":1757541745000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-58951-6_9"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020]]},"ISBN":["9783030589509","9783030589516"],"references-count":28,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-58951-6_9","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2020]]},"assertion":[{"value":"12 September 2020","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ESORICS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"European Symposium on Research in Computer Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Guildford","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"United Kingdom","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2020","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"14 September 2020","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"18 September 2020","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"25","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"esorics2020","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/esorics2020.sccs.surrey.ac.uk\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"366","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"72","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"20% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3,16","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"9,1","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"The conference was held virtually due to the COVID-10 pandemic.","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}