{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,7]],"date-time":"2026-05-07T11:31:28Z","timestamp":1778153488943,"version":"3.51.4"},"publisher-location":"Cham","reference-count":76,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030939557","type":"print"},{"value":"9783030939564","type":"electronic"}],"license":[{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2022]]},"DOI":"10.1007\/978-3-030-93956-4_11","type":"book-chapter","created":{"date-parts":[[2022,1,12]],"date-time":"2022-01-12T08:03:00Z","timestamp":1641974580000},"page":"178-197","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":7,"title":["Database Intrusion Detection Systems (DIDs): Insider Threat Detection via\u00a0Behaviour-Based Anomaly Detection Systems - A\u00a0Brief Survey of\u00a0Concepts and\u00a0Approaches"],"prefix":"10.1007","author":[{"given":"Muhammad Imran","family":"Khan","sequence":"first","affiliation":[]},{"given":"Simon N.","family":"Foley","sequence":"additional","affiliation":[]},{"given":"Barry","family":"O\u2019Sullivan","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2022,1,12]]},"reference":[{"key":"11_CR1","unstructured":"2014 US state of cybercrime survey. Technical report, CERT, Software Engineering Institute, Carnegie Mellon University (2014). https:\/\/resources.sei.cmu.edu\/library\/asset-view.cfm?assetid=298318"},{"key":"11_CR2","unstructured":"2015 Cost of cyber crime: Global. Technical report, Ponemon Institute (2015). http:\/\/www.cnmeonline.com\/myresources\/hpe\/docs\/HPE_SIEM_Analyst_Report_-_2015_Cost_of_Cyber_Crime_Study_-_Global.pdf"},{"key":"11_CR3","unstructured":"2015 Vormetric insider threat report. Technical report, Vormetric (2015). http:\/\/go.thalesesecurity.com\/rs\/480-LWA-970\/images\/2015_Vormetric_ITR_European_R3.pdf"},{"key":"11_CR4","unstructured":"Grand theft data data exfiltration study: Actors, tactics, and detection. Technical report, Intel security and McAfee (2015). https:\/\/www.mcafee.com\/enterprise\/en-us\/assets\/reports\/rp-data-exfiltration.pdf"},{"key":"11_CR5","unstructured":"Cybersecurity snapshot global results. Technical report, ISACA (2016)"},{"key":"11_CR6","unstructured":"Security trends in the healthcare industry data theft and ransomware plague healthcare organizations. Technical report, IBM Security, IBM (2016). https:\/\/www.ibm.com\/downloads\/cas\/PLWZ76MM"},{"key":"11_CR7","unstructured":"Privacy amendment (notifiable data breaches) act 2017 (2017). https:\/\/www.legislation.gov.au\/Details\/C2017A00012"},{"key":"11_CR8","unstructured":"2018 insider threat report. Technical report, ca Technologies (2018). https:\/\/crowdresearchpartners.com\/wp-content\/uploads\/2017\/07\/Insider-Threat-Report-2018.pdf"},{"key":"11_CR9","doi-asserted-by":"crossref","unstructured":"Amr, S., Abed, T., Clancy, C., Levy, D.S.: Applying bag of system calls for anomalous behavior detection of applications in linux containers. In: 2015 IEEE Globecom Workshops, San Diego, CA, USA, 6\u201310 December 2015, pp. 1\u20135 (2015)","DOI":"10.1109\/GLOCOMW.2015.7414047"},{"issue":"2","key":"11_CR10","doi-asserted-by":"publisher","first-page":"207","DOI":"10.1145\/170036.170072","volume":"22","author":"R Agrawal","year":"1993","unstructured":"Agrawal, R., Imieli\u0144ski, T., Swami, A.: Mining association rules between sets of items in large databases. SIGMOD Rec. 22(2), 207\u2013216 (1993)","journal-title":"SIGMOD Rec."},{"key":"11_CR11","doi-asserted-by":"crossref","unstructured":"Alizadeh, M., Peters, S., Etalle, S., Zannone, N.: Behavior analysis in the medical sector: theory and practice. In: Proceedings of the 33rd Annual ACM Symposium on Applied Computing, SAC 2018, pp. 1637\u20131646, ACM, New York (2018)","DOI":"10.1145\/3167132.3167307"},{"key":"11_CR12","doi-asserted-by":"crossref","unstructured":"Anjum, F., Subhadrabandhu, D., Sarkar, S.: Signature based intrusion detection for wireless ad-hoc networks: a comparative study of various routing protocols. In: 2003 IEEE 58th Vehicular Technology Conference. VTC 2003-Fall (IEEE Cat. No.03CH37484), vol. 3, pp. 2152\u20132156, October 2003","DOI":"10.1109\/VETECF.2003.1285405"},{"key":"11_CR13","doi-asserted-by":"crossref","unstructured":"Ramos, R., Barbosa, R., Pras, A.: Intrusion detection in Scada networks. In: Stiller, B., De Turck, F. (eds.) Mechanisms for Autonomous Management of Networks and Services, pp. 163\u2013166. Springer, Berlin (2010)","DOI":"10.1007\/978-3-642-13986-4_23"},{"key":"11_CR14","unstructured":"Bertino, E., Terzi, E., Kamra, A., Vakali, A.: Intrusion detection in CHAC-administered databases. In: 21st Annual Computer Security Applications Conference (ACSAC 2005), pp 10\u2013182, December 2005"},{"key":"11_CR15","unstructured":"BeyondTrust. PowerBroker for Databases. https:\/\/www.beyondtrust.com\/resources\/brochures\/powerbroker-for-databases"},{"key":"11_CR16","doi-asserted-by":"crossref","unstructured":"Bishop, M., Gates, C.: Defining the insider threat. In: Proceedings of the 4th Annual Workshop on Cyber Security and Information Intelligence Research: Developing Strategies to Meet the Cyber Security and Information Intelligence Challenges Ahead, CSIIRW 2008, pp. 15:1\u201315:3. ACM, New York (2008)","DOI":"10.1145\/1413140.1413158"},{"key":"11_CR17","unstructured":"Bishop, M., Gollmann, D., Hunker, J., Probst, C.W. (eds): Countering Insider Threats, 20.07. - 25.07.2008, volume 08302 of Dagstuhl Seminar Proceedings. Schloss Dagstuhl - Leibniz-Zentrum f\u00fcr Informatik, Germany (2008)"},{"key":"11_CR18","unstructured":"Bouche, J., Hock, D., Kappes, M.: On the performance of anomaly detection systems uncovering traffic mimicking covert channels. In: Proceedings of the Eleventh International Network Conference, INC 2016, Frankfurt, Germany, July 19\u201321, 2016. pp. 19\u201324 (2016)"},{"key":"11_CR19","unstructured":"Brackney, R.C., Anderson, R.H.: Understanding the insider threat. In:Proceedings of a March 2004 Workshop, vol. 196. Rand Corporation (2004)"},{"key":"11_CR20","unstructured":"Brenner, B.: Healthcare data breaches mostly caused by insiders (2017). Naked Security by Sophos. https:\/\/nakedsecurity.sophos.com\/2017\/02\/23\/healthcare-data-breaches-mostly-caused-by-insiders\/"},{"key":"11_CR21","doi-asserted-by":"crossref","unstructured":"Burguera, I., Zurutuza, U., Nadjm-Tehrani, S.: Crowdroid: Behavior-based malware detection system for android. In: Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, SPSM 2011, pp. 15\u201326, ACM, New York (2011)","DOI":"10.1145\/2046614.2046619"},{"key":"11_CR22","doi-asserted-by":"crossref","unstructured":"Butun, I., Morgera, S.D., Sankar, R.: A survey of intrusion detection systems in wireless sensor networks. IEEE Commun. Surv. Tutor. 16(1), 266\u2013282 (2014)","DOI":"10.1109\/SURV.2013.050113.00191"},{"key":"11_CR23","doi-asserted-by":"crossref","unstructured":"Caselli, M., Zambon, E., Kargl, F.:Sequence-aware intrusion detection in industrial control systems. In: Proceedings of the 1st ACM Workshop on Cyber-Physical System Security, CPSS 2015, pp. 13\u201324. ACM,New York(2015)","DOI":"10.1145\/2732198.2732200"},{"issue":"2","key":"11_CR24","doi-asserted-by":"publisher","first-page":"173","DOI":"10.1145\/762476.762477","volume":"6","author":"SN Chari","year":"2003","unstructured":"Chari, S.N., Cheng, P.-C.: Bluebox: A policy-driven, host-based intrusion detection system. ACM Trans. Inf. Syst. Secur. 6(2), 173\u2013200 (2003)","journal-title":"ACM Trans. Inf. Syst. Secur."},{"key":"11_CR25","unstructured":"Tsang, C.H., Kwong, S.: Multi-agent intrusion detection system in industrial network using ant colony clustering approach and unsupervised feature extraction. In: 2005 IEEE International Conference on Industrial Technology, pp. 51\u201356, December 2005"},{"issue":"4","key":"11_CR26","doi-asserted-by":"publisher","first-page":"198","DOI":"10.1109\/TDSC.2013.8","volume":"10","author":"C-J Chung","year":"2013","unstructured":"Chung, C.-J., Khatkar, P., Xing, T., Lee, J., Huang, D.: NICE: network intrusion detection and countermeasure selection in virtual network systems. IEEE Trans. Dependable Sec. Comput. 10(4), 198\u2013211 (2013)","journal-title":"IEEE Trans. Dependable Sec. Comput."},{"issue":"4","key":"11_CR27","doi-asserted-by":"publisher","first-page":"807","DOI":"10.1109\/TC.2013.13","volume":"63","author":"G Creech","year":"2014","unstructured":"Creech, G., Hu, J.: A semantic approach to host-based intrusion detection systems using contiguous and discontiguous system call patterns. IEEE Trans. Comput. 63(4), 807\u2013819 (2014)","journal-title":"IEEE Trans. Comput."},{"issue":"4","key":"11_CR28","doi-asserted-by":"publisher","first-page":"807","DOI":"10.1109\/TC.2013.13","volume":"63","author":"G Creech","year":"2014","unstructured":"Creech, G., Jiankun, H.: A semantic approach to host-based intrusion detection systems using contiguous and discontiguous system call patterns. IEEE Trans. Comput. 63(4), 807\u2013819 (2014)","journal-title":"IEEE Trans. Comput."},{"key":"11_CR29","unstructured":"Regulation (EU) 2016\/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95\/46\/EC (General Data Protection Regulation). Offi. J. Eur. Union L119, 1\u201388 (2016)"},{"issue":"2","key":"11_CR30","first-page":"139","volume":"2","author":"DH Fisher","year":"1987","unstructured":"Fisher, D.H.: Knowledge acquisition via incremental conceptual clustering. Mach. Learn. 2(2), 139\u2013172 (1987)","journal-title":"Mach. Learn."},{"key":"11_CR31","unstructured":"Forrest, S., Hofmeyr, S.A., Somayaji, A., Longstaff, T.A. :A sense of self for unix processes. In: Proceedings 1996 IEEE Symposium on Security and Privacy, pp. 120\u2013128, May 1996"},{"key":"11_CR32","doi-asserted-by":"crossref","unstructured":"Gafny, M., Shabtai, A., Rokach, L., Elovici, Y.: Poster: applying unsupervised context-based analysis for detecting unauthorized data disclosure. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS 2011, pp. 765\u2013768. ACM, New York, NY (2011)","DOI":"10.1145\/2046707.2093488"},{"issue":"1","key":"11_CR33","doi-asserted-by":"publisher","first-page":"18","DOI":"10.1016\/j.cose.2008.08.003","volume":"28","author":"P Garcia-Teodoro","year":"2009","unstructured":"Garcia-Teodoro, P., Diaz-Verdejo, J., Macia-Fernandez, G., Vazquez, E.: Anomaly-based network intrusion detection: techniques, systems and challenges. Comput. Secur. 28(1), 18\u201328 (2009)","journal-title":"Comput. Secur."},{"issue":"1","key":"11_CR34","doi-asserted-by":"publisher","first-page":"11","DOI":"10.1016\/0004-3702(89)90046-5","volume":"40","author":"JH Gennari","year":"1989","unstructured":"Gennari, J.H., Langley, P., Fisher, D.: Models of incremental concept formation. Artif. Intell. 40(1), 11\u201361 (1989)","journal-title":"Artif. Intell."},{"issue":"5","key":"11_CR35","doi-asserted-by":"publisher","first-page":"460","DOI":"10.1111\/j.1468-0394.2008.00467.x","volume":"25","author":"S Hashemi","year":"2008","unstructured":"Hashemi, S., Yang, Y., Zabihzadeh, D., Kangavari, M.: Detecting intrusion transactions in databases using data item dependencies and anomaly analysis. Exp. Syst. 25(5), 460\u2013473 (2008)","journal-title":"Exp. Syst."},{"issue":"3","key":"11_CR36","doi-asserted-by":"publisher","first-page":"151","DOI":"10.3233\/JCS-980109","volume":"6","author":"SA Hofmeyr","year":"1998","unstructured":"Hofmeyr, S.A., Forrest, S., Somayaji, A.: Intrusion detection using sequences of system calls. J. Comput. Secur. 6(3), 151\u2013180 (1998)","journal-title":"J. Comput. Secur."},{"key":"11_CR37","unstructured":"Hunker, J., Probst, C.W.: Insiders and insider threats - an overview of definitions and mitigation techniques. J. Wirel. Mobile Netwo. Ubiquit. Comput. Depend. Appl. 2, \u201327 (2011)"},{"key":"11_CR38","doi-asserted-by":"crossref","unstructured":"Hussain, S.R., Sallam, A.M., Bertino, E.: Detanom: detecting anomalous database transactions by insiders. In: Proceedings of the 5th ACM Conference on Data and Application Security and Privacy, CODASPY 2015, pp. 25\u201335. ACM, New York, NY (2015)","DOI":"10.1145\/2699026.2699111"},{"key":"11_CR39","unstructured":"IBM. Guardium. http:\/\/www-01.ibm.com\/software\/data\/guardium\/"},{"issue":"5","key":"11_CR40","doi-asserted-by":"publisher","first-page":"1063","DOI":"10.1007\/s00778-007-0051-4","volume":"17","author":"A Kamra","year":"2008","unstructured":"Kamra, A., Terzi, E., Bertino, E.: Detecting anomalous access patterns in relational databases. VLDB J. 17(5), 1063\u20131077 (2008)","journal-title":"VLDB J."},{"issue":"4","key":"11_CR41","doi-asserted-by":"publisher","first-page":"27","DOI":"10.1109\/MC.2002.1012428","volume":"35","author":"RA Kemmerer","year":"2002","unstructured":"Kemmerer, R.A., Vigna, G.: Intrusion detection: a brief history and overview. Computer 35(4), 27\u201330 (2002)","journal-title":"Computer"},{"key":"11_CR42","doi-asserted-by":"crossref","unstructured":"Khan, M.I., Sullivan, B.O., Foley, S.N.: Towards modelling insiders behaviour as rare behaviour to detect malicious RDMBS access. In 2018 IEEE International Conference on Big Data (Big Data), pp. 3094\u20133099 (2018)","DOI":"10.1109\/BigData.2018.8622047"},{"key":"11_CR43","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"147","DOI":"10.1007\/978-3-319-54876-0_12","volume-title":"Risks and Security of Internet and Systems","author":"MI Khan","year":"2017","unstructured":"Khan, M.I., Foley, S.N.: Detecting anomalous behavior in DBMS\u00a0logs. In: Cuppens, F., Cuppens, N., Lanet, J.-L., Legay, A. (eds.) CRiSIS 2016. LNCS, vol. 10158, pp. 147\u2013152. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-54876-0_12"},{"key":"11_CR44","doi-asserted-by":"publisher","unstructured":"Imran Khan, M., O\u2019Sullivan, B., Foley, S.N.: A semantic approach to frequency based anomaly detection of insider access in database management systems. In: Cuppens, N., Cuppens, F., Lanet, J.-L., Legay, A., Garcia-Alfaro, J. (eds.) Risks and Security of Internet and Systems, pp. 18\u201328, Springer International Publishing, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-76687-4","DOI":"10.1007\/978-3-319-76687-4"},{"key":"11_CR45","doi-asserted-by":"crossref","unstructured":"Ko, C., Ruschitzka, M., Levitt, K.: Execution monitoring of security-critical programs in distributed systems: a specification-based approach. In: Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No. 97CB36097), pp. 175\u2013187, May 1997","DOI":"10.1109\/SECPRI.1997.601332"},{"key":"11_CR46","unstructured":"Kruegel, C., Kirda, E., Mutz, D., Robertson ,W., Vigna, G.: Automating mimicry attacks using static binary analysis. In: Proceedings of the 14th Conference on USENIX Security Symposium - Vol. 14, SSYM 2005, pp. 11\u201311, USENIX Association, Berkeley (2005)"},{"issue":"12","key":"11_CR47","doi-asserted-by":"publisher","first-page":"2408","DOI":"10.1109\/TKDE.2018.2831214","volume":"30","author":"G Kul","year":"2018","unstructured":"Kul, G., Luong, D.T.A., Xie, T., Chandola, V., Kennedy, O., Upadhyaya, S.: Similarity metrics for SQL query clustering. IEEE Trans. Knowl. Data Eng. 30(12), 2408\u20132420 (2018)","journal-title":"IEEE Trans. Knowl. Data Eng."},{"key":"11_CR48","doi-asserted-by":"crossref","unstructured":"Kul, G., et al.: Ettu: Analyzing query intents in corporate databases. In: Proceedings of the 25th International Conference Companion on World Wide Web, WWW 2016 Companion, pp. 463\u2013466, Republic and Canton of Geneva, International World Wide Web Conferences Steering Committee, Switzerland (2016)","DOI":"10.1145\/2872518.2888608"},{"key":"11_CR49","unstructured":"Kumar, S., Spafford, E.H.: A pattern matching model for misuse intrusion detection. In: Proceedings of the 17th National Computer Security Conference, pp. 11\u201321 (1994)"},{"key":"11_CR50","doi-asserted-by":"publisher","unstructured":"Lazarevic, A., Kumar, V., Srivastava, J.: Intrusion detection: a survey. In: Kumar, V., Srivastava, J., Lazarevic, A. (eds.) Managing Cyber Threats. Massive Computing, vol. 5, pp. 19\u201378. Springer, Boston (2005). https:\/\/doi.org\/10.1007\/0-387-24230-9_2","DOI":"10.1007\/0-387-24230-9_2"},{"key":"11_CR51","doi-asserted-by":"crossref","unstructured":"Lee, S.Y., Low, W.L., Wong, P.E.: Learning fingerprints for a database intrusion detection system. In: Proceedings of the 7th European Symposium on Research in Computer Security, ESORICS 2002, pp. 264\u2013280, Springer-Verlag, London (2002)","DOI":"10.1007\/3-540-45853-0_16"},{"key":"11_CR52","doi-asserted-by":"crossref","unstructured":"Lee, V.C.S., Stankovic, J.A., Son, S.H.: Intrusion detection in real-time database systems via time signatures. In: Proceedings Sixth IEEE Real-time Technology and Applications Symposium. RTAS 2000, pp. 124\u2013133 (2000)","DOI":"10.1109\/RTTAS.2000.852457"},{"key":"11_CR53","unstructured":"Low, W.L., Lee, J., Teoh, P.: DIDAFIT: detecting intrusions in databases through fingerprinting transactions. In: ICEIS 2002, Proceedings of the 4st International Conference on Enterprise Information Systems, Ciudad Real, Spain, 2\u20136 April 2002, pp. 121\u2013128 (2002)"},{"key":"11_CR54","doi-asserted-by":"crossref","unstructured":"Lunt, T.F., Jagannathan, R., Lee, R., Whitehurst, A., Listgarten, S.: Knowledge-based intrusion detection. In: [1989] Proceedings. The Annual AI Systems in Government Conference, pp. 102\u2013107, March 1989","DOI":"10.1109\/AISIG.1989.47311"},{"key":"11_CR55","doi-asserted-by":"crossref","unstructured":"Majumdar, R., Sen, K.: Hybrid concolic testing. In: Proceedings of the 29th International Conference on Software Engineering, ICSE 2007, pp. 416\u2013426. IEEE Computer Society,Washington, DC (2007)","DOI":"10.1109\/ICSE.2007.41"},{"key":"11_CR56","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"382","DOI":"10.1007\/978-3-642-15512-3_20","volume-title":"Recent Advances in Intrusion Detection","author":"S Mathew","year":"2010","unstructured":"Mathew, S., Petropoulos, M., Ngo, H.Q., Upadhyaya, S.: A data-centric approach to insider attack detection in database systems. In: Jha, S., Sommer, R., Kreibich, C. (eds.) RAID 2010. LNCS, vol. 6307, pp. 382\u2013401. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-15512-3_20"},{"issue":"1","key":"11_CR57","doi-asserted-by":"publisher","first-page":"48","DOI":"10.1109\/MWC.2004.1269717","volume":"11","author":"A Mishra","year":"2004","unstructured":"Mishra, A., Nadkarni, K., Patcha, A.: Intrusion detection in wireless ad hoc networks. IEEE Wirel. Commun. 11(1), 48\u201360 (2004)","journal-title":"IEEE Wirel. Commun."},{"key":"11_CR58","doi-asserted-by":"crossref","unstructured":"Nurse, J.R.C., et al.: Understanding insider threat: a framework for characterizing attacks. In: 2014 IEEE Security and Privacy Workshops, pp. 214\u2013228, May 2014","DOI":"10.1109\/SPW.2014.38"},{"key":"11_CR59","unstructured":"Parter, D.W.(ed.): Proceedings of the 13th Conference on Systems Administration (LISA-99), Seattle, WA, USA, November 7\u201312, 1999. USENIX (1999)"},{"key":"11_CR60","unstructured":"Patzakis, J.: New incident response best practices: Patch and proceed is no longer acceptable incident response procedure. Technical report, Guidance Software, Pasadena, CA"},{"key":"11_CR61","doi-asserted-by":"crossref","unstructured":"Pfleeger, S.L., Predd, J.B., Hunker, J., Bulford, C.: Insiders behaving badly: addressing bad actors and their actions. Trans. Info. For. Sec., 5(1), 169\u2013179 (2010)","DOI":"10.1109\/TIFS.2009.2039591"},{"key":"11_CR62","doi-asserted-by":"crossref","unstructured":"Sallam, A., Bertino, E., Hussain, S.R., Landers, D., Lefler, R.M., Steiner, D.: Dbsafe:an anomaly detection system to protect databases from exfiltration attempts. IEEE Syst. J., 99, 1\u201311 (2015)","DOI":"10.1109\/JSYST.2015.2487221"},{"issue":"6","key":"11_CR63","doi-asserted-by":"publisher","first-page":"231","DOI":"10.1002\/widm.1195","volume":"6","author":"A Sallam","year":"2016","unstructured":"Sallam, A., Fadolalkarim, D., Bertino, E., Xiao, Q.: Data and syntax centric anomaly detection for relational databases. Wiley Interdiscipl. Rev. Data Min. Knowl. Discov. 6(6), 231\u2013239 (2016)","journal-title":"Wiley Interdiscipl. Rev. Data Min. Knowl. Discov."},{"key":"11_CR64","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"681","DOI":"10.1007\/978-3-642-35063-4_53","volume-title":"Web Information Systems Engineering - WISE 2012","author":"RJ Santos","year":"2012","unstructured":"Santos, R.J., Bernardino, J., Vieira, M., Rasteiro, D.M.L.: Securing data warehouses from web-based intrusions. In: Wang, X.S., Cruz, I., Delis, A., Huang, G. (eds.) WISE 2012. LNCS, vol. 7651, pp. 681\u2013688. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-35063-4_53"},{"key":"11_CR65","doi-asserted-by":"crossref","unstructured":"Sekar, R., et al.: Specification-based anomaly detection: a new approach for detecting network intrusions. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, CCS 2002, pp. 265\u2013274. ACM, New York (2002)","DOI":"10.1145\/586110.586146"},{"key":"11_CR66","doi-asserted-by":"crossref","unstructured":"Sen, K.: Concolic testing. In: Proceedings of the Twenty-second IEEE\/ACM International Conference on Automated Software Engineering, ASE 2007, pp. 571\u2013572. ACM, New York (2007)","DOI":"10.1145\/1321631.1321746"},{"key":"11_CR67","doi-asserted-by":"crossref","unstructured":"Sen, K., Marinov, D., Agha, G.: Cute: a concolic unit testing engine for c. In: Proceedings of the 10th European Software Engineering Conference Held Jointly with 13th ACM SIGSOFT International Symposium on Foundations of Software Engineering, ESEC\/FSE-13, pp. 263\u2013272. ACM, New York (2005)","DOI":"10.1145\/1081706.1081750"},{"key":"11_CR68","unstructured":"Somayaji, A., Forrest, S.: Automated response using system-call delays. In: Proceedings of the 9th Conference on USENIX Security Symposium - Volume 9, SSYM 2000, pp. 14\u201314, USENIX Association, Berkeley (2000)"},{"key":"11_CR69","series-title":"Lecture Notes in Computer Science (Lecture Notes in Artificial Intelligence)","doi-asserted-by":"publisher","first-page":"611","DOI":"10.1007\/11731139_71","volume-title":"Advances in Knowledge Discovery and Data Mining","author":"A Srivastava","year":"2006","unstructured":"Srivastava, A., Sural, S., Majumdar, A.K.: Weighted Intra-transactional Rule Mining for database intrusion detection. In: Ng, W.-K., Kitsuregawa, M., Li, J., Chang, K. (eds.) PAKDD 2006. LNCS (LNAI), vol. 3918, pp. 611\u2013620. Springer, Heidelberg (2006). https:\/\/doi.org\/10.1007\/11731139_71"},{"key":"11_CR70","doi-asserted-by":"publisher","unstructured":"Tang, A., Sethumadhavan, S., Stolfo, S.J.:Unsupervised anomaly-based malware detection using hardware features. In: Stavrou, A., Bos, H., Portokalidis, G. (eds.) Research in Attacks, Intrusions and Defenses, pp. 109\u2013129, Springer, Cham (2014). https:\/\/doi.org\/10.1007\/978-3-642-33338-5","DOI":"10.1007\/978-3-642-33338-5"},{"key":"11_CR71","doi-asserted-by":"crossref","unstructured":"Tapiador, J.E., Clark, J.A.: Masquerade mimicry attack detection: a randomised approach. Comput. Secur. 30(5), 297\u2013310 (2011)","DOI":"10.1016\/j.cose.2011.05.004"},{"key":"11_CR72","unstructured":"Trustwave. DbProtect. https:\/\/www.trustwave.com\/en-us\/services\/security-testing\/dbprotect\/"},{"key":"11_CR73","doi-asserted-by":"crossref","unstructured":"Wagner, D., Soto, P.: Mimicry attacks on host-based intrusion detection systems. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, CCS 2002, pp. 255\u2013264. ACM, New York (2002)","DOI":"10.1145\/586110.586145"},{"key":"11_CR74","unstructured":"Gao, W., Morris, T., Reaves, B., Richey, D.: On Scada control system command and response injection and intrusion detection. In: 2010 eCrime Researchers Summit, pp. 1\u20139, October 2010"},{"key":"11_CR75","doi-asserted-by":"crossref","unstructured":"Wu, G.Z., Osborn, S.I., Jin, X.: Database Intrusion Detection Using Role Profiling with Role Hierarchy, pp. 33\u201348. Springer, Berlin (2009)","DOI":"10.1007\/978-3-642-04219-5_3"},{"key":"11_CR76","doi-asserted-by":"crossref","unstructured":"Zhang, Y., Lee, W.: Intrusion detection in wireless ad-hoc networks. In: Proceedings of the 6th Annual International Conference on Mobile Computing and Networking, MobiCom 2000, pp. 275\u2013283. ACM, New York (2000)","DOI":"10.1145\/345910.345958"}],"container-title":["Communications in Computer and Information Science","Emerging Information Security and Applications"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-93956-4_11","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,9,16]],"date-time":"2024-09-16T03:47:08Z","timestamp":1726458428000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-93956-4_11"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022]]},"ISBN":["9783030939557","9783030939564"],"references-count":76,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-93956-4_11","relation":{},"ISSN":["1865-0929","1865-0937"],"issn-type":[{"value":"1865-0929","type":"print"},{"value":"1865-0937","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022]]},"assertion":[{"value":"12 January 2022","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"EISA","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Symposium on Emerging Information Security and Applications","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Copenhagen","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Denmark","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2021","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"12 November 2021","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"13 November 2021","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"eisa2021","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/eisa.compute.dtu.dk\/2021\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"36","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"10","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"1","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"28% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"4","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Due to the COVID-19 pandemic the conference was held online.","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}