{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,29]],"date-time":"2025-10-29T13:43:09Z","timestamp":1761745389010,"version":"3.40.3"},"publisher-location":"Cham","reference-count":19,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030718510"},{"type":"electronic","value":"9783030718527"}],"license":[{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021]]},"DOI":"10.1007\/978-3-030-71852-7_3","type":"book-chapter","created":{"date-parts":[[2021,3,12]],"date-time":"2021-03-12T07:02:45Z","timestamp":1615532565000},"page":"37-52","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":5,"title":["Bidirectional RNN-Based Few-Shot Training for Detecting Multi-stage Attack"],"prefix":"10.1007","author":[{"given":"Bowei","family":"Jia","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yunzhe","family":"Tian","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Di","family":"Zhao","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Xiaojin","family":"Wang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Chenyang","family":"Li","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Wenjia","family":"Niu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Endong","family":"Tong","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jiqiang","family":"Liu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2021,3,13]]},"reference":[{"issue":"18","key":"3_CR1","doi-asserted-by":"publisher","first-page":"6042","DOI":"10.1002\/sec.1756","volume":"9","author":"A Ahmadian Ramaki","year":"2016","unstructured":"Ahmadian Ramaki, A., Rasoolzadegan, A.: Causal knowledge analysis for detecting and modeling multi-step attacks. Secur. Commun. Netw. 9(18), 6042\u20136065 (2016)","journal-title":"Secur. Commun. Netw."},{"key":"3_CR2","doi-asserted-by":"publisher","first-page":"474","DOI":"10.1016\/j.cose.2017.11.021","volume":"73","author":"SC De Alvarenga","year":"2018","unstructured":"De Alvarenga, S.C., Barbon, S., Jr., Miani, R.S., et al.: Process mining and hierarchical clustering to help intrusion alert visualization. Comput. Secur. 73, 474\u2013491 (2018)","journal-title":"Comput. Secur."},{"key":"3_CR3","doi-asserted-by":"publisher","first-page":"119","DOI":"10.1016\/j.eswa.2018.04.030","volume":"108","author":"M Barzegar","year":"2018","unstructured":"Barzegar, M., Shajari, M.: Attack scenario reconstruction using intrusion semantics. Expert Syst. Appl. 108, 119\u2013133 (2018)","journal-title":"Expert Syst. Appl."},{"key":"3_CR4","doi-asserted-by":"crossref","unstructured":"Bhatt, P., Yano, E.T., Gustavsson, P.: Towards a framework to detect multi-stage advanced persistent threats attacks. In: 2014 IEEE 8th International Symposium on Service Oriented System Engineering, pp. 390\u2013395. IEEE (2014)","DOI":"10.1109\/SOSE.2014.53"},{"key":"3_CR5","doi-asserted-by":"crossref","unstructured":"Bhuyan, M.H., Bhattacharyya, D.K., Kalita, J.K.: Information metrics for low-rate DDoS attack detection: a comparative evaluation. In: 2014 Seventh International Conference on Contemporary Computing (IC3), pp. 80\u201384. IEEE (2014)","DOI":"10.1109\/IC3.2014.6897151"},{"key":"3_CR6","doi-asserted-by":"crossref","unstructured":"Chowdhury, M.M.U., Hammond, F., Konowicz, G., et al.: A few-shot deep learning approach for improved intrusion detection. In: 2017 IEEE 8th Annual Ubiquitous Computing, Electronics and Mobile Communication Conference (UEMCON), pp. 456\u2013462. IEEE (2017)","DOI":"10.1109\/UEMCON.2017.8249084"},{"issue":"3.24","key":"3_CR7","first-page":"479","volume":"7","author":"R Panigrahi","year":"2018","unstructured":"Panigrahi, R., Borah, S.: A detailed analysis of CICIDS2017 dataset for designing intrusion detection systems. Int. J. Eng. Technol. 7(3.24), 479\u2013482 (2018)","journal-title":"Int. J. Eng. Technol."},{"key":"3_CR8","doi-asserted-by":"crossref","unstructured":"Haas, S., Fischer, M.: GAC: graph-based alert correlation for the detection of distributed multi-step attacks. In: Proceedings of the 33rd Annual ACM Symposium on Applied Computing, pp. 979\u2013988 (2018)","DOI":"10.1145\/3167132.3167239"},{"key":"3_CR9","doi-asserted-by":"publisher","first-page":"39","DOI":"10.1016\/j.ijcip.2015.08.003","volume":"11","author":"A Hahn","year":"2015","unstructured":"Hahn, A., Thomas, R.K., Lozano, I., et al.: A multi-layered and kill-chain based security analysis framework for cyber-physical systems. Int. J. Crit. Infrastruct. Prot. 11, 39\u201350 (2015)","journal-title":"Int. J. Crit. Infrastruct. Prot."},{"issue":"5","key":"3_CR10","doi-asserted-by":"publisher","first-page":"14","DOI":"10.1109\/MIS.2013.105","volume":"29","author":"D He","year":"2013","unstructured":"He, D., Chan, S., Zhang, Y., et al.: How effective are the prevailing attack-defense models for cybersecurity anyway? IEEE Intell. Syst. 29(5), 14\u201321 (2013)","journal-title":"IEEE Intell. Syst."},{"issue":"1","key":"3_CR11","doi-asserted-by":"publisher","first-page":"134","DOI":"10.1109\/TDSC.2017.2751478","volume":"17","author":"P Holgado","year":"2017","unstructured":"Holgado, P., Villagr\u00e1, V.A., Vazquez, L.: Real-time multistep attack prediction based on hidden markov models. IEEE Trans. Dependable Secure Comput. 17(1), 134\u2013147 (2017)","journal-title":"IEEE Trans. Dependable Secure Comput."},{"key":"3_CR12","doi-asserted-by":"crossref","unstructured":"Katipally, R., Yang, L., Liu, A.: Attacker behavior analysis in multi-stage attack detection system. In: Proceedings of the Seventh Annual Workshop on Cyber Security and Information Intelligence Research, p. 1 (2011)","DOI":"10.1145\/2179298.2179369"},{"issue":"3","key":"3_CR13","doi-asserted-by":"publisher","first-page":"1659","DOI":"10.1016\/j.eswa.2007.01.040","volume":"34","author":"K Lee","year":"2008","unstructured":"Lee, K., Kim, J., Kwon, K.H., et al.: DDoS attack detection method using cluster analysis. Expert Syst. Appl. 34(3), 1659\u20131665 (2008)","journal-title":"Expert Syst. Appl."},{"key":"3_CR14","doi-asserted-by":"crossref","unstructured":"Li, M., Huang, W., Wang, Y., et al.: The study of APT attack stage model. In: 2016 IEEE\/ACIS 15th International Conference on Computer and Information Science (ICIS), pp. 1\u20135. IEEE (2016)","DOI":"10.1109\/ICIS.2016.7550947"},{"key":"3_CR15","doi-asserted-by":"crossref","unstructured":"Nguyen, T.H., Wright, M., Wellman, M.P., et al.: Multi-stage attack graph security games: heuristic strategies, with empirical game-theoretic analysis. In: Proceedings of the 2017 Workshop on Moving Target Defense, pp. 87\u201397 (2017)","DOI":"10.1145\/3140549.3140562"},{"key":"3_CR16","doi-asserted-by":"crossref","unstructured":"Pei, K., Gu, Z., Saltaformaggio, B., et al.: Hercule: attack story reconstruction via community discovery on correlated log graph. In: Proceedings of the 32nd Annual Conference on Computer Security Applications, pp. 583\u2013595 (2016)","DOI":"10.1145\/2991079.2991122"},{"issue":"11","key":"3_CR17","doi-asserted-by":"publisher","first-page":"2673","DOI":"10.1109\/78.650093","volume":"45","author":"M Schuster","year":"1997","unstructured":"Schuster, M., Paliwal, K.K.: Bidirectional recurrent neural networks. IEEE Trans. Signal Process. 45(11), 2673\u20132681 (1997)","journal-title":"IEEE Trans. Signal Process."},{"key":"3_CR18","doi-asserted-by":"crossref","unstructured":"Sharafaldin, I., Lashkari, A.H., Ghorbani, A.A.: Toward generating a new intrusion detection dataset and intrusion traffic characterization. In: ICISSP, pp. 108\u2013116 (2018)","DOI":"10.5220\/0006639801080116"},{"key":"3_CR19","series-title":"Communications in Computer and Information Science","doi-asserted-by":"publisher","first-page":"438","DOI":"10.1007\/978-3-319-22915-7_40","volume-title":"Security in Computing and Communications","author":"T Yadav","year":"2015","unstructured":"Yadav, T., Rao, A.: Technical aspects of cyber kill chain. In: Abawajy, J.H., Mukherjea, S., Thampi, S.M., Ruiz-Mart\u00ednez, A. (eds.) SSCC 2015. CCIS, vol. 536, pp. 438\u2013452. Springer, Cham (2015). https:\/\/doi.org\/10.1007\/978-3-319-22915-7_40"}],"container-title":["Lecture Notes in Computer Science","Information Security and Cryptology"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-71852-7_3","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,3,12]],"date-time":"2021-03-12T07:05:16Z","timestamp":1615532716000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-71852-7_3"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021]]},"ISBN":["9783030718510","9783030718527"],"references-count":19,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-71852-7_3","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2021]]},"assertion":[{"value":"13 March 2021","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"Inscrypt","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Information Security and Cryptology","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Guangzhou","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"China","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2020","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"11 December 2020","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"14 December 2020","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"cisc2020","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"79","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"24","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"8","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"30% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"6","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}