{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,1]],"date-time":"2026-02-01T05:05:03Z","timestamp":1769922303972,"version":"3.49.0"},"publisher-location":"Cham","reference-count":29,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783031157769","type":"print"},{"value":"9783031157776","type":"electronic"}],"license":[{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2022]]},"DOI":"10.1007\/978-3-031-15777-6_30","type":"book-chapter","created":{"date-parts":[[2022,8,23]],"date-time":"2022-08-23T15:24:33Z","timestamp":1661268273000},"page":"546-565","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["TapTree: Process-Tree Based Host Behavior Modeling and\u00a0Threat Detection Framework via\u00a0Sequential Pattern Mining"],"prefix":"10.1007","author":[{"given":"Mohammad","family":"Mamun","sequence":"first","affiliation":[]},{"given":"Scott","family":"Buffett","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2022,8,24]]},"reference":[{"key":"30_CR1","doi-asserted-by":"crossref","unstructured":"Liu, F., Wen, Y., Zhang D., Jiang, X., Xing, X., Meng, D.: Log2vec: a heterogeneous graph embedding based approach for detecting cyber threats within enterprise. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pp. 1777\u20131794 (2019)","DOI":"10.1145\/3319535.3363224"},{"key":"30_CR2","doi-asserted-by":"crossref","unstructured":"Mamun, M., Shi, K.: DeepTaskAPT: insider apt detection using task-tree based deep learning. arXiv preprint arXiv:2108.13989 (2021)","DOI":"10.1109\/TrustCom53373.2021.00102"},{"key":"30_CR3","doi-asserted-by":"crossref","unstructured":"Du, M., Li, F., Zheng, G., Srikumar, V.: DeepLog: anomaly detection and diagnosis from system logs through deep learning. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 1285\u20131298 (2017)","DOI":"10.1145\/3133956.3134015"},{"issue":"1","key":"30_CR4","doi-asserted-by":"publisher","first-page":"e05969","DOI":"10.1016\/j.heliyon.2021.e05969","volume":"7","author":"M Tatam","year":"2021","unstructured":"Tatam, M., Shanmugam, B., Azam, S., Kannoorpatti, K.: A review of threat modelling approaches for apt-style attacks. Heliyon 7(1), e05969 (2021)","journal-title":"Heliyon"},{"key":"30_CR5","doi-asserted-by":"crossref","unstructured":"Lee, K.H., Zhang, X., Xu, D.: LogGC: garbage collecting audit log. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, pp. 1005\u20131016 (2013)","DOI":"10.1145\/2508859.2516731"},{"key":"30_CR6","doi-asserted-by":"crossref","unstructured":"Liu, Y., et al.: Towards a timely causality analysis for enterprise security. In: NDSS (2018)","DOI":"10.14722\/ndss.2018.23254"},{"key":"30_CR7","unstructured":"Hossain, M.N., et al.: SLEUTH: real-time attack scenario reconstruction from cots audit data. In: The 26th USENIX Security Symposium, pp. 487\u2013504 (2017)"},{"key":"30_CR8","doi-asserted-by":"crossref","unstructured":"Zong, B., et al.: Behavior query discovery in system-generated temporal graphs. arXiv preprint arXiv:1511.05911 (2015)","DOI":"10.14778\/2856318.2856320"},{"key":"30_CR9","doi-asserted-by":"crossref","unstructured":"Han, X., Pasquier, T., Bates, A., Mickens, J., Seltzer, M.: UNICORN: runtime provenance-based detector for advanced persistent threats. arXiv preprint arXiv:2001.01525 (2020)","DOI":"10.14722\/ndss.2020.24046"},{"key":"30_CR10","doi-asserted-by":"crossref","unstructured":"Zeng, J., Chua, Z.L., Chen, Y., Ji, K., Liang, Z., Mao, J.: WATSON: abstracting behaviors from audit logs via aggregation of contextual semantics. In: Proceedings of the 28th Annual Network and Distributed System Security Symposium, NDSS (2021)","DOI":"10.14722\/ndss.2021.24549"},{"key":"30_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"456","DOI":"10.1007\/978-3-030-36938-5_28","volume-title":"Network and System Security","author":"M Mamun","year":"2019","unstructured":"Mamun, M., Lu, R., Gaudet, M.: Tell them from me: an encrypted application profiler. In: Liu, J.K., Huang, X. (eds.) NSS 2019. LNCS, vol. 11928, pp. 456\u2013471. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-36938-5_28"},{"key":"30_CR12","doi-asserted-by":"crossref","unstructured":"Zhang, K., Xu, J., Min, M.R., Jiang, G., Pelechrinis, K., Zhang, H.: Automated it system failure prediction: a deep learning approach. In: 2016 IEEE International Conference on Big Data (Big Data), pp. 1291\u20131300. IEEE (2016)","DOI":"10.1109\/BigData.2016.7840733"},{"key":"30_CR13","doi-asserted-by":"crossref","unstructured":"Zheng, P., Yuan, S., Wu, X., Li, J., Lu, A.: One-class adversarial nets for fraud detection. In: Proceedings of the AAAI Conference on Artificial Intelligence, vol. 33, no. 01, pp. 1286\u20131293 (2019)","DOI":"10.1609\/aaai.v33i01.33011286"},{"key":"30_CR14","doi-asserted-by":"publisher","first-page":"390","DOI":"10.1016\/j.future.2021.05.024","volume":"124","author":"X Liu","year":"2021","unstructured":"Liu, X., et al.: LogNADS: network anomaly detection scheme based on semantic representation. Future Generation Computer Systems 124, 390\u2013405 (2021)","journal-title":"Future Generation Computer Systems"},{"key":"30_CR15","series-title":"Advances in Intelligent Systems and Computing","doi-asserted-by":"publisher","first-page":"143","DOI":"10.1007\/978-981-13-3702-4_9","volume-title":"Advanced Computing and Systems for Security","author":"MK Nammous","year":"2019","unstructured":"Nammous, M.K., Saeed, K.: Natural language processing: speaker, language, and gender identification with LSTM. In: Chaki, R., Cortesi, A., Saeed, K., Chaki, N. (eds.) Advanced Computing and Systems for Security. AISC, vol. 883, pp. 143\u2013156. Springer, Singapore (2019). https:\/\/doi.org\/10.1007\/978-981-13-3702-4_9"},{"key":"30_CR16","unstructured":"Weir, C., Arantes, R., Hannon, H., Kulseng, M.: Operationally transparent cyber (OpTC) (2021)"},{"key":"30_CR17","doi-asserted-by":"crossref","unstructured":"Mazzawi, H., et al.: Anomaly detection in large databases using behavioral patterning. In: 2017 IEEE 33rd International Conference on Data Engineering (ICDE), pp. 1140\u20131149. IEEE (2017)","DOI":"10.1109\/ICDE.2017.158"},{"key":"30_CR18","doi-asserted-by":"crossref","unstructured":"Cochrane, T., Foster, P., Chhabra, V., Lemercier, M., Salvi, C., Lyons, T.: SK-tree: a systematic malware detection algorithm on streaming trees via the signature kernel. arXiv preprint arXiv:2102.07904 (2021)","DOI":"10.1109\/CSR51186.2021.9527933"},{"key":"30_CR19","unstructured":"Kent, A.D.: Comprehensive, multi-source cyber-security events data set. Technical report, Los Alamos National Lab. (LANL), Los Alamos, NM, USA (2015)"},{"key":"30_CR20","doi-asserted-by":"crossref","unstructured":"Wang, Q., et al.: You are what you do: hunting stealthy malware via data provenance analysis. In: NDSS (2020)","DOI":"10.14722\/ndss.2020.24167"},{"issue":"8","key":"30_CR21","doi-asserted-by":"publisher","first-page":"e0221068","DOI":"10.1371\/journal.pone.0221068","volume":"14","author":"M Balaban","year":"2019","unstructured":"Balaban, M., Moshiri, N., Mai, U., Jia, X., Mirarab, S.: TreeCluster: clustering biological sequences using phylogenetic trees. PLoS One 14(8), e0221068 (2019)","journal-title":"PLoS One"},{"key":"30_CR22","unstructured":"Agrawal, R., Srikant, R.: Mining sequential patterns. In: Proceedings of the eleventh international conference on data engineering, pp. 3\u201314. IEEE (1995)"},{"issue":"2","key":"30_CR23","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/2431211.2431218","volume":"45","author":"CH Mooney","year":"2013","unstructured":"Mooney, C.H., Roddick, J.F.: Sequential pattern mining-approaches and algorithms. ACM Comput. Surv. (CSUR) 45(2), 1\u201339 (2013)","journal-title":"ACM Comput. Surv. (CSUR)"},{"key":"30_CR24","doi-asserted-by":"crossref","unstructured":"Lesh, N., Zaki, M.J., Ogihara, M.: Mining features for sequence classification. In: Proceedings of the Fifth ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 342\u2013346 (1999)","DOI":"10.1145\/312129.312275"},{"issue":"2","key":"30_CR25","doi-asserted-by":"publisher","first-page":"48","DOI":"10.1109\/5254.850827","volume":"15","author":"N Lesh","year":"2000","unstructured":"Lesh, N., Zaki, M.J., Oglhara, M.: Scalable feature mining for sequential data. IEEE Intell. Syst. Appl. 15(2), 48\u201356 (2000)","journal-title":"IEEE Intell. Syst. Appl."},{"issue":"1","key":"30_CR26","doi-asserted-by":"publisher","first-page":"40","DOI":"10.1145\/1882471.1882478","volume":"12","author":"Z Xing","year":"2010","unstructured":"Xing, Z., Pei, J., Keogh, E.: A brief survey on sequence classification. ACM SIGKDD Explor. Newsl. 12(1), 40\u201348 (2010)","journal-title":"ACM SIGKDD Explor. Newsl."},{"key":"30_CR27","doi-asserted-by":"crossref","unstructured":"Shen, Y., Mariconti, E., Vervier, P.A., Stringhini, G.: Tiresias: Predicting security events through deep learning. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 592\u2013605 (2018)","DOI":"10.1145\/3243734.3243811"},{"key":"30_CR28","doi-asserted-by":"publisher","unstructured":"Li, Z., Cheng, X., Sun, L., Zhang, J., Chen, B.: A hierarchical approach for advanced persistent threat detection with attention-based graph neural networks. Secur. Commun. Netw. 2021, Article ID 9961342 (2021). https:\/\/doi.org\/10.1155\/2021\/9961342.","DOI":"10.1155\/2021\/9961342"},{"issue":"31","key":"30_CR29","first-page":"1","volume":"20","author":"FJ Kir\u00e1ly","year":"2019","unstructured":"Kir\u00e1ly, F.J., Oberhauser, H.: Kernels for sequentially ordered data. J. Mach. Learn. Res. 20(31), 1\u201345 (2019)","journal-title":"J. Mach. Learn. Res."}],"container-title":["Lecture Notes in Computer Science","Information and Communications Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-15777-6_30","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,3,7]],"date-time":"2024-03-07T16:38:13Z","timestamp":1709829493000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-15777-6_30"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022]]},"ISBN":["9783031157769","9783031157776"],"references-count":29,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-15777-6_30","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022]]},"assertion":[{"value":"24 August 2022","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}}]}}