{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,26]],"date-time":"2025-03-26T00:59:05Z","timestamp":1742950745478,"version":"3.40.3"},"publisher-location":"Cham","reference-count":37,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030622299"},{"type":"electronic","value":"9783030622305"}],"license":[{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020]]},"DOI":"10.1007\/978-3-030-62230-5_1","type":"book-chapter","created":{"date-parts":[[2020,11,7]],"date-time":"2020-11-07T10:03:04Z","timestamp":1604743384000},"page":"3-23","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Causal Model Extraction from Attack Trees to Attribute Malicious Insider Attacks"],"prefix":"10.1007","author":[{"given":"Amjad","family":"Ibrahim","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Simon","family":"Rehwald","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Antoine","family":"Scemama","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Florian","family":"Andres","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Alexander","family":"Pretschner","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2020,11,8]]},"reference":[{"key":"1_CR1","series-title":"IFIP \u2013 The International Federation for Information Processing","doi-asserted-by":"publisher","first-page":"557","DOI":"10.1007\/978-0-387-09699-5_36","volume-title":"Proceedings of The Ifip Tc 11 23rd International Information Security Conference","author":"Q Althebyan","year":"2008","unstructured":"Althebyan, Q., Panda, B.: A knowledge-based Bayesian model for analyzing a system after an insider attack. In: Jajodia, S., Samarati, P., Cimato, S. (eds.) SEC 2008. ITIFIP, vol. 278, pp. 557\u2013571. Springer, Boston, MA (2008). https:\/\/doi.org\/10.1007\/978-0-387-09699-5_36"},{"key":"1_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"210","DOI":"10.1007\/978-3-662-54455-6_10","volume-title":"Principles of Security and Trust","author":"Z Aslanyan","year":"2017","unstructured":"Aslanyan, Z., Nielson, F.: Model checking exact cost for attack scenarios. In: Maffei, M., Ryan, M. (eds.) POST 2017. LNCS, vol. 10204, pp. 210\u2013231. Springer, Heidelberg (2017). https:\/\/doi.org\/10.1007\/978-3-662-54455-6_10"},{"key":"1_CR3","doi-asserted-by":"crossref","unstructured":"Chen, B., Pearl, J.: Graphical tools for linear structural equation modeling. Tech. rep., DTIC Document (2014)","DOI":"10.21236\/ADA609131"},{"key":"1_CR4","unstructured":"Chinchani, R., Iyer, A., Ngo, H.Q., Upadhyaya, S.: Towards a theory of insider threat assessment. In: Proceedings of International Conference on Dependable Systems and Networks, 2005, DSN 2005, pp. 108\u2013117. IEEE (2005)"},{"key":"1_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"159","DOI":"10.1007\/978-3-319-43425-4_10","volume-title":"Quantitative Evaluation of Systems","author":"O Gadyatskaya","year":"2016","unstructured":"Gadyatskaya, O., Jhawar, R., Kordy, P., Lounis, K., Mauw, S., Trujillo-Rasua, R.: Attack trees for practical security assessment: ranking of attack scenarios with ADTool 2.0. In: Agha, G., Van Houdt, B. (eds.) QEST 2016. LNCS, vol. 9826, pp. 159\u2013162. Springer, Cham (2016). https:\/\/doi.org\/10.1007\/978-3-319-43425-4_10"},{"key":"1_CR6","unstructured":"Halpern, J.Y.: A modification of the Halpern-pearl definition of causality. In: Proceedings of the Twenty-Fourth International Joint Conference on Artificial Intelligence, IJCAI 2015 (2015)"},{"key":"1_CR7","doi-asserted-by":"publisher","DOI":"10.7551\/mitpress\/10809.001.0001","volume-title":"Actual Causality","author":"JY Halpern","year":"2016","unstructured":"Halpern, J.Y.: Actual Causality. MIT Press, Cambridge (2016)"},{"issue":"1\u20132","key":"1_CR8","doi-asserted-by":"publisher","first-page":"57","DOI":"10.3233\/FI-2017-1531","volume":"153","author":"R Horne","year":"2017","unstructured":"Horne, R., Mauw, S., Tiu, A.: Semantics for specialising attack trees based on linear logic. Fundamenta Informaticae 153(1\u20132), 57\u201386 (2017)","journal-title":"Fundamenta Informaticae"},{"key":"1_CR9","unstructured":"Hunker, J., Hutchinson, B., Margulies, J.: Role and challenges for sufficient cyber-attack attribution. Institute for Information Infrastructure Protection (2008)"},{"key":"1_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"211","DOI":"10.1007\/978-3-030-20652-9_14","volume-title":"NASA Formal Methods","author":"A Ibrahim","year":"2019","unstructured":"Ibrahim, A., Kacianka, S., Pretschner, A., Hartsell, C., Karsai, G.: Practical causal models for cyber-physical systems. In: Badger, J.M., Rozier, K.Y. (eds.) NFM 2019. LNCS, vol. 11460, pp. 211\u2013227. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-20652-9_14"},{"key":"1_CR11","unstructured":"Ibrahim, A., Klesel, T., Zibaei, E., Kacianka, S., Pretschner, A.: Actual causality canvas: a general framework for explanation-based socio-technical constructs. In: ECAI 2020, the 24th European Conference on Artificial Intelligence. Frontiers in Artificial Intelligence and Applications. IOS Press (2020)"},{"key":"1_CR12","first-page":"241","volume":"53","author":"A Ibrahim","year":"2019","unstructured":"Ibrahim, A., Rehwald, S., Pretschner, A.: Efficient checking of actual causality with sat solving. Eng. Secur. Dependable Softw. Syst. 53, 241 (2019)","journal-title":"Eng. Secur. Dependable Softw. Syst."},{"key":"1_CR13","unstructured":"Institute, P.: 2015 cost of cyber crime study: global (2015)"},{"key":"1_CR14","doi-asserted-by":"publisher","first-page":"17","DOI":"10.4204\/EPTCS.308.2","volume":"308","author":"S Kacianka","year":"2019","unstructured":"Kacianka, S., Ibrahim, A., Pretschner, A., Trende, A., L\u00fcdtke, A.: Extending causal models from machines into humans. Electron. Proc. Theor. Comput. Sci. 308, 17\u201331 (2019)","journal-title":"Electron. Proc. Theor. Comput. Sci."},{"issue":"3","key":"1_CR15","doi-asserted-by":"publisher","first-page":"168","DOI":"10.1504\/IJSN.2017.084391","volume":"12","author":"LL Ko","year":"2017","unstructured":"Ko, L.L., Divakaran, D.M., Liau, Y.S., Thing, V.L.: Insider threat detection and its future directions. Int. J. Secur. Netw. 12(3), 168\u2013187 (2017)","journal-title":"Int. J. Secur. Netw."},{"key":"1_CR16","doi-asserted-by":"crossref","unstructured":"Kordy, B., Kordy, P., Mauw, S., Schweitzer, P.: ADTool: security analysis with attack-defense trees. In: Quantitative Evaluation of Systems - 10th International Conference, QEST, pp. 173\u2013176 (2013)","DOI":"10.1007\/978-3-642-40196-1_15"},{"key":"1_CR17","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.cosrev.2014.07.001","volume":"13","author":"B Kordy","year":"2014","unstructured":"Kordy, B., Pi\u00e8tre-Cambac\u00e9d\u00e8s, L., Schweitzer, P.: Dag-based attack and defense modeling: don\u2019t miss the forest for the attack trees. Comput. Sci. Rev. 13, 1\u201338 (2014)","journal-title":"Comput. Sci. Rev."},{"key":"1_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"156","DOI":"10.1007\/978-3-319-22975-1_11","volume-title":"Formal Modeling and Analysis of Timed Systems","author":"R Kumar","year":"2015","unstructured":"Kumar, R., Ruijters, E., Stoelinga, M.: Quantitative attack tree analysis via priced timed automata. In: Sankaranarayanan, S., Vicario, E. (eds.) FORMATS 2015. LNCS, vol. 9268, pp. 156\u2013171. Springer, Cham (2015). https:\/\/doi.org\/10.1007\/978-3-319-22975-1_11"},{"key":"1_CR19","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-24270-0_6","volume-title":"From Probabilistic Counterexamples via Causality to Fault Trees","author":"M Kuntz","year":"2011","unstructured":"Kuntz, M., Leitner-Fischer, F., Leue, S.: From Probabilistic Counterexamples via Causality to Fault Trees. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-24270-0_6"},{"issue":"4","key":"1_CR20","doi-asserted-by":"publisher","first-page":"418","DOI":"10.1007\/BF00262950","volume":"2","author":"D Lewis","year":"1973","unstructured":"Lewis, D.: Counterfactuals and comparative possibility. J. Philos. Logic 2(4), 418\u2013446 (1973). https:\/\/doi.org\/10.1007\/BF00262950","journal-title":"J. Philos. Logic"},{"key":"1_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"186","DOI":"10.1007\/11734727_17","volume-title":"Information Security and Cryptology - ICISC 2005","author":"S Mauw","year":"2006","unstructured":"Mauw, S., Oostdijk, M.: Foundations of attack trees. In: Won, D.H., Kim, S. (eds.) ICISC 2005. LNCS, vol. 3935, pp. 186\u2013198. Springer, Heidelberg (2006). https:\/\/doi.org\/10.1007\/11734727_17"},{"key":"1_CR22","doi-asserted-by":"crossref","unstructured":"Nicholson, A., Janicke, H., Watson, T.: An initial investigation into attribution in SCADA systems. In: ICS-CSR (2013)","DOI":"10.14236\/ewic\/ICSCSR2013.7"},{"key":"1_CR23","doi-asserted-by":"publisher","DOI":"10.1017\/CBO9780511803161","volume-title":"Causality","author":"J Pearl","year":"2009","unstructured":"Pearl, J.: Causality. Cambridge University Press, Cambridge (2009)"},{"key":"1_CR24","unstructured":"Phyo, A., Furnell, S.: A detection-oriented classification of insider it misuse. In: Third Security Conference (2004)"},{"key":"1_CR25","series-title":"IFIP \u2014 The International Federation for Information Processing","doi-asserted-by":"publisher","first-page":"331","DOI":"10.1007\/978-0-387-73742-3_23","volume-title":"Advances in Digital Forensics III","author":"N Poolsapassit","year":"2007","unstructured":"Poolsapassit, N., Ray, I.: Investigating computer attacks using attack trees. In: Craiger, P., Shenoi, S. (eds.) DigitalForensics 2007. ITIFIP, vol. 242, pp. 331\u2013343. Springer, New York (2007). https:\/\/doi.org\/10.1007\/978-0-387-73742-3_23"},{"key":"1_CR26","unstructured":"Qin, X., Lee, W.: Attack plan recognition and prediction using causal networks. In: 20th Annual Computer Security Applications Conference. IEEE (2004)"},{"key":"1_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"231","DOI":"10.1007\/11555827_14","volume-title":"Computer Security \u2013 ESORICS 2005","author":"I Ray","year":"2005","unstructured":"Ray, I., Poolsapassit, N.: Using attack trees to identify malicious attacks from authorized insiders. In: di Vimercati, S.C., Syverson, P., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 231\u2013246. Springer, Heidelberg (2005). https:\/\/doi.org\/10.1007\/11555827_14"},{"key":"1_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"61","DOI":"10.1007\/978-3-642-04342-0_4","volume-title":"Recent Advances in Intrusion Detection","author":"M Reh\u00e1k","year":"2009","unstructured":"Reh\u00e1k, M., et al.: Runtime monitoring and dynamic reconfiguration for intrusion detection systems. In: Kirda, E., Jha, S., Balzarotti, D. (eds.) RAID 2009. LNCS, vol. 5758, pp. 61\u201380. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-642-04342-0_4"},{"key":"1_CR29","unstructured":"Research, I.X.F.: 2016 cyber security intelligence index (2016)"},{"issue":"3","key":"1_CR30","first-page":"1","volume":"2","author":"R Rowlingson","year":"2004","unstructured":"Rowlingson, R.: A ten step process for forensic readiness. Int. J. Digit. Evid. 2(3), 1\u201328 (2004)","journal-title":"Int. J. Digit. Evid."},{"key":"1_CR31","doi-asserted-by":"publisher","unstructured":"Salem, M.B., Hershkop, S., Stolfo, S.J.: A survey of insider attack detection research. In: Stolfo, S.J., Bellovin, S.M., Keromytis, A.D., Hershkop, S., Smith, S.W., Sinclair, S. (eds.) Insider Attack and Cyber Security. Advances in Information Security, vol. 39. Springer, Boston (2008). https:\/\/doi.org\/10.1007\/978-0-387-77322-3_5","DOI":"10.1007\/978-0-387-77322-3_5"},{"issue":"12","key":"1_CR32","first-page":"21","volume":"24","author":"B Schneier","year":"1999","unstructured":"Schneier, B.: Attack trees. Dr. Dobb\u2019s J. 24(12), 21\u201329 (1999)","journal-title":"Dr. Dobb\u2019s J."},{"issue":"15","key":"1_CR33","doi-asserted-by":"publisher","first-page":"2886","DOI":"10.1002\/sec.1485","volume":"9","author":"JA Shamsi","year":"2016","unstructured":"Shamsi, J.A., Zeadally, S., Sheikh, F., Flowers, A.: Attribution in cyberspace: techniques and legal implications. Secur. Commun. Netw. 9(15), 2886\u20132900 (2016)","journal-title":"Secur. Commun. Netw."},{"key":"1_CR34","unstructured":"Tan, J.: Forensic readiness. Cambridge, MA:@ Stake, pp. 1\u201323 (2001)"},{"issue":"4","key":"1_CR35","first-page":"4","volume":"7","author":"M Tu","year":"2012","unstructured":"Tu, M., Xu, D., Butler, E., Schwartz, A.: Forensic evidence identification and modeling for attacks against a simulated online business information system. J. Digit. Forensic Secur. Law 7(4), 4 (2012)","journal-title":"J. Digit. Forensic Secur. Law"},{"issue":"6","key":"1_CR36","doi-asserted-by":"publisher","first-page":"82","DOI":"10.1145\/1349026.1349043","volume":"51","author":"DJ Weitzner","year":"2008","unstructured":"Weitzner, D.J., Abelson, H., Berners-Lee, T., Feigenbaum, J., Hendler, J., Sussman, G.J.: Information accountability. Commun. ACM 51(6), 82\u201387 (2008)","journal-title":"Commun. ACM"},{"key":"1_CR37","doi-asserted-by":"crossref","unstructured":"Wheeler, D.A., Larsen, G.N.: Techniques for cyber attack attribution. Tech. rep., Institute for Defense Analyses Alexandria VA (2003)","DOI":"10.21236\/ADA468859"}],"container-title":["Lecture Notes in Computer Science","Graphical Models for Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-62230-5_1","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,4,24]],"date-time":"2021-04-24T22:27:58Z","timestamp":1619303278000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-62230-5_1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020]]},"ISBN":["9783030622299","9783030622305"],"references-count":37,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-62230-5_1","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2020]]},"assertion":[{"value":"8 November 2020","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"GraMSec","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Workshop on Graphical Models for Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Boston, MA","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"USA","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2020","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"22 June 2020","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"22 June 2020","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"7","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"gramsec2020","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.gramsec.uni.lu\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"14","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"7","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"50% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"4","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"2","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"The workshop was held virtually due to the COVID-19 pandemic","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}