{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,13]],"date-time":"2025-10-13T22:43:15Z","timestamp":1760395395551,"version":"build-2065373602"},"publisher-location":"Cham","reference-count":26,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030883805"},{"type":"electronic","value":"9783030883812"}],"license":[{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021]]},"DOI":"10.1007\/978-3-030-88381-2_8","type":"book-chapter","created":{"date-parts":[[2021,10,14]],"date-time":"2021-10-14T14:42:13Z","timestamp":1634222533000},"page":"157-173","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["MALICIOUS LOGIN DETECTION USING LONG SHORT-TERM MEMORY WITH AN ATTENTION MECHANISM"],"prefix":"10.1007","author":[{"given":"Yanna","family":"Wu","sequence":"first","affiliation":[]},{"given":"Fucheng","family":"Liu","sequence":"additional","affiliation":[]},{"given":"Yu","family":"Wen","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2021,10,15]]},"reference":[{"key":"8_CR1","unstructured":"F. Amrouche, S. Lagraa, G. Kaiafas and R. State, Graph-based malicious login events investigation, Proceedings of the IFIP\/IEEE Symposium on Integrated Network and Service Management, pp. 63\u201366, 2019."},{"key":"8_CR2","doi-asserted-by":"crossref","unstructured":"T. Bai, H. Bian, A. Daya, M. Salahuddin, N. Limam and R. Boutaba, A machine learning approach for RDP-based lateral movement detection, Proceedings of the Forty-Fourth IEEE Conference on Local Computer Networks, pp. 242\u2013245, 2019.","DOI":"10.1109\/LCN44214.2019.8990853"},{"key":"8_CR3","doi-asserted-by":"crossref","unstructured":"H. Bian, T. Bai, M. Salahuddin, N. Limam, A. Daya and R. Boutaba, Host in danger? Detecting network intrusions from authentication logs, Proceedings of the Fifteenth International Conference on Network and Service Management, 2019.","DOI":"10.23919\/CNSM46954.2019.9012700"},{"key":"8_CR4","doi-asserted-by":"crossref","unstructured":"A. Bohara, M. Noureddine, A. Fawaz and W. Sanders, An unsupervised multi-detector approach for identifying malicious lateral movement, Proceedings of the Thirty-Sixth IEEE Symposium on Reliable Distributed Systems, pp. 224\u2013233, 2017.","DOI":"10.1109\/SRDS.2017.31"},{"key":"8_CR5","doi-asserted-by":"crossref","unstructured":"A. Brown, A. Tuor, B. Hutchinson and N. Nichols, Recurrent Neural Network Attention Mechanisms for Interpretable System Log Anomaly Detection, arXiv: 1803.04967 (arxiv.org\/abs\/1803.04967), 2018.","DOI":"10.1145\/3217871.3217872"},{"key":"8_CR6","doi-asserted-by":"crossref","unstructured":"H. Chen, M. Sun, C. Tu, Y. Lin and Z. Liu, Neural sentiment classification with user and product attention, Proceedings of the Conference on Empirical Methods in Natural Language Processing, pp. 1650\u20131659, 2016.","DOI":"10.18653\/v1\/D16-1171"},{"key":"8_CR7","doi-asserted-by":"crossref","unstructured":"M. Chen, Y. Yao, J. Liu, B. Jiang, L. Su and Z. Lu, A novel approach for identifying lateral movement attacks based on network embedding, Proceedings of the IEEE International Conference on Parallel and Distributed Processing with Applications, Ubiquitous Computing and Communications, Big Data and Cloud Computing, Social Computing and Networking, and Sustainable Computing and Communications, pp. 708\u2013715, 2018.","DOI":"10.1109\/BDCloud.2018.00107"},{"key":"8_CR8","doi-asserted-by":"crossref","unstructured":"I. Ghafir, M. Hammoudeh, V. Prenosil, L. Han, R. Hegarty, K. Rabie and F. Aparicio-Navarro, Detection of advanced persistent threat using machine learning correlation analysis, Future Generation Computer Systems, vol. 89, pp. 349\u2013359, 2018.","DOI":"10.1016\/j.future.2018.06.055"},{"key":"8_CR9","unstructured":"R. Holt, S. Aubrey, A. DeVille, W. Haight, T. Gary and Q. Wang, Deep autoencoder neural networks for detecting lateral movement in computer networks, Proceedings of the International Conference on Artificial Intelligence, pp. 277\u2013283, 2019."},{"key":"8_CR10","doi-asserted-by":"crossref","unstructured":"G. Kaiafas, C. Hammerschmidt, S. Lagraa and R. State, Auto semi-supervised outlier detection for malicious authentication events, in Machine Learning and Knowledge Discovery in Databases, P. Cellier and K. Driessens (Eds.), Springer, Cham, Switzerland, pp. 176\u2013190, 2020.","DOI":"10.1007\/978-3-030-43887-6_14"},{"key":"8_CR11","doi-asserted-by":"crossref","unstructured":"G. Kaiafas, G. Varisteas, S. Lagraa, R. State, C. Nguyen, T. Ries and M. Ourdane, Detecting malicious authentication events trustfully, Proceedings of the IEEE\/IFIP Network Operations and Management Symposium, 2018.","DOI":"10.1109\/NOMS.2018.8406295"},{"key":"8_CR12","unstructured":"A. Kent, Comprehensive, Multi-Source Cyber-Security Events, Los Alamos National Laboratory, Los Alamos, New Mexico (csr.lanl.gov\/data\/cyber1), 2015."},{"key":"8_CR13","doi-asserted-by":"crossref","unstructured":"A. Kent, L. Liebrock and J. Neil, Authentication graphs: Analyzing user behavior within an enterprise network, Computers and Security, vol. 48, pp. 150\u2013166, 2015.","DOI":"10.1016\/j.cose.2014.09.001"},{"key":"8_CR14","doi-asserted-by":"crossref","unstructured":"F. Liu, Y. Wen, D. Zhang, X. Jiang, X. Xing and D. Meng, Log2vec: A heterogeneous graph embedding based approach for detecting cyber threats within an enterprise, Proceedings of the ACM SIGSAC Conference on Computer and Communications Security, pp. 1777\u20131794, 2019.","DOI":"10.1145\/3319535.3363224"},{"key":"8_CR15","unstructured":"P. Liu, X. Qiu and X. Huang, Recurrent Neural Network for Text Classification with Multi-Task Learning, arXiv: 1605.05101 (arxiv.org\/abs\/1605.05101), 2016."},{"key":"8_CR16","doi-asserted-by":"crossref","unstructured":"B. Powell, Detecting malicious logins as graph anomalies, Journal of Information Security and Applications, vol. 54, article no. 102557, 2019.","DOI":"10.1016\/j.jisa.2020.102557"},{"key":"8_CR17","doi-asserted-by":"crossref","unstructured":"M. Pritom, C. Li, B. Chu and X. Niu, A study on log analysis approaches using the Sandia dataset, Proceedings of the Twenty-Sixth International Conference on Computer Communications and Networks, 2017.","DOI":"10.1109\/ICCCN.2017.8038522"},{"key":"8_CR18","unstructured":"T. Schindler, Anomaly Detection in Log Data Using Graph Databases and Machine Learning to Defend Advanced Persistent Threats, arXiv: 1802.00259 (arxiv.org\/abs\/1802.00259), 2018."},{"key":"8_CR19","doi-asserted-by":"crossref","unstructured":"Y. Shen, E. Mariconti, P. Vervier and G. Stringhini, Tiresias: Predicting security events through deep learning, Proceedings of the ACM SIGSAC Conference on Computer and Communications Security, pp. 592\u2013605, 2018.","DOI":"10.1145\/3243734.3243811"},{"key":"8_CR20","doi-asserted-by":"crossref","unstructured":"H. Siadati and N. Memon, Detecting structurally-anomalous logins within enterprise networks, Proceedings of the ACM SIGSAC Conference on Computer and Communications Security, pp. 1273\u20131284, 2017.","DOI":"10.1145\/3133956.3134003"},{"key":"8_CR21","doi-asserted-by":"crossref","unstructured":"H. Siadati, B. Saket and N. Memon, Detecting malicious logins in enterprise networks using visualization, Proceedings of the IEEE Symposium on Visualization for Cyber Security, 2016.","DOI":"10.1109\/VIZSEC.2016.7739582"},{"key":"8_CR22","doi-asserted-by":"crossref","unstructured":"G. Tang, M. Muller, A. Rios and R. Sennrich, Why Self-Attention? A Targeted Evaluation of Neural Machine Translation Architectures, arXiv: 1808.08946 (arxiv.org\/abs\/1808.08946), 2018.","DOI":"10.18653\/v1\/D18-1458"},{"key":"8_CR23","unstructured":"A. Tuor, R. Baerwolf, N. Knowles, B. Hutchinson, N. Nichols and R. Jasper, Recurrent Neural Network Language Models for Open Vocabulary Event-Level Cyber Anomaly Detection, arXiv: 1712.00557 (arxiv.org\/abs\/1712.00557), 201."},{"key":"8_CR24","doi-asserted-by":"crossref","unstructured":"L. Yang, P. Li, Y. Zhang, X. Yang, Y. Xiang and W. Zhou, Effective repair strategy against advanced persistent threat: A differential game approach, IEEE Transactions on Information Forensics and Security, vol. 14(7), pp. 1713\u20131728, 2019.","DOI":"10.1109\/TIFS.2018.2885251"},{"key":"8_CR25","doi-asserted-by":"crossref","unstructured":"Z. Yang, D. Yang, C. Dyer, X. He and E. Hovy, Hierarchical attention networks for document classification, Proceedings of the Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies, pp. 1480\u20131489, 2017.","DOI":"10.18653\/v1\/N16-1174"},{"key":"8_CR26","doi-asserted-by":"crossref","unstructured":"Y. Zuo, G. Liu, H. Lin, J. Guo, X. Hu and J. Wu, Embedding temporal network via neighborhood formation, Proceedings of the Twenty-Fourth ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 2857\u20132866, 2018.","DOI":"10.1145\/3219819.3220054"}],"container-title":["IFIP Advances in Information and Communication Technology","Advances in Digital Forensics XVII"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-88381-2_8","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,13]],"date-time":"2025-10-13T22:04:25Z","timestamp":1760393065000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-88381-2_8"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021]]},"ISBN":["9783030883805","9783030883812"],"references-count":26,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-88381-2_8","relation":{},"ISSN":["1868-4238","1868-422X"],"issn-type":[{"type":"print","value":"1868-4238"},{"type":"electronic","value":"1868-422X"}],"subject":[],"published":{"date-parts":[[2021]]},"assertion":[{"value":"15 October 2021","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"DigitalForensics","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"IFIP International Conference on Digital Forensics","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2021","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"1 February 2021","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2 February 2021","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"17","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"digitalforensics2021","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/www.ifip119.org\/Conferences\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}