{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,14]],"date-time":"2025-06-14T05:24:29Z","timestamp":1749878669639,"version":"3.40.3"},"publisher-location":"Cham","reference-count":45,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783031171451"},{"type":"electronic","value":"9783031171468"}],"license":[{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2022]]},"DOI":"10.1007\/978-3-031-17146-8_27","type":"book-chapter","created":{"date-parts":[[2022,9,21]],"date-time":"2022-09-21T23:35:39Z","timestamp":1663803339000},"page":"549-568","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":5,"title":["An Infection-Identifying and\u00a0Self-Evolving System for\u00a0IoT Early Defense from\u00a0Multi-Step Attacks"],"prefix":"10.1007","author":[{"given":"Hyunwoo","family":"Lee","sequence":"first","affiliation":[]},{"given":"Anand","family":"Mudgerikar","sequence":"additional","affiliation":[]},{"given":"Ashish","family":"Kundu","sequence":"additional","affiliation":[]},{"given":"Ninghui","family":"Li","sequence":"additional","affiliation":[]},{"given":"Elisa","family":"Bertino","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2022,9,22]]},"reference":[{"key":"27_CR1","unstructured":"Andrea, H.: 10 benefits of internet of things (iot) in our lives and businesses (2021). https:\/\/www.tech21century.com\/internet-of-things-iot-benefits\/. Accessed 13 Sep 2021"},{"key":"27_CR2","unstructured":"Antonakakis, M., et al.: Understanding the mirai botnet. In: 26th USENIX Security Symposium (2017)"},{"key":"27_CR3","unstructured":"Bahdanau, D., Cho, K., Bengio, Y.: Neural machine translation by jointly learning to align and translate. In: International Conference on Learning Representations (2015)"},{"issue":"2","key":"27_CR4","doi-asserted-by":"publisher","first-page":"76","DOI":"10.1109\/MC.2017.62","volume":"50","author":"E Bertino","year":"2017","unstructured":"Bertino, E., Islam, N.: Botnets and internet of things security. IEEE Comput. 50(2), 76\u201379 (2017)","journal-title":"IEEE Comput."},{"issue":"5","key":"27_CR5","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3465055","volume":"12","author":"S Chaudhari","year":"2021","unstructured":"Chaudhari, S., Mithal, V., Polatkan, G., Ramanath, R.: An attentive survey of attention models. ACM Trans. Intell. Syst. Technol. (TIST) 12(5), 1\u201332 (2021)","journal-title":"ACM Trans. Intell. Syst. Technol. (TIST)"},{"key":"27_CR6","doi-asserted-by":"crossref","unstructured":"Cho, K., Merri\u00ebnboer, B.V., Bahdanau, D., Bengio, Y.: On the properties of neural machine translation: encoder-decoder approaches (2014)","DOI":"10.3115\/v1\/W14-4012"},{"key":"27_CR7","unstructured":"Cole, E.: Threat hunting: Open season on the adversary (2016). https:\/\/de.malwarebytes.com\/pdf\/white-papers\/Survey_Threat-Hunting-2016_Malwarebytes.pdf. Accessed 31 Jan 2022"},{"key":"27_CR8","unstructured":"CoreSecurity: Pcapy (2014). Accessed 15 Oct 2021"},{"key":"27_CR9","unstructured":"Dingee, D.: Iot, not people, now the weakest link in security, January 2019. https:\/\/devops.com\/iot-not-people-now-the-weakest-link-in-security\/. Accessed 13 May 2021"},{"issue":"8","key":"27_CR10","doi-asserted-by":"publisher","first-page":"6882","DOI":"10.1109\/JIOT.2020.2970501","volume":"7","author":"M Eskandari","year":"2020","unstructured":"Eskandari, M., Janjua, Z.H., Vecchio, M., Antonelli, F.: Passban IDS: an intelligent anomaly-based intrusion detection system for IoT edge devices. IEEE Internet Things J. 7(8), 6882\u20136897 (2020)","journal-title":"IEEE Internet Things J."},{"issue":"3","key":"27_CR11","doi-asserted-by":"publisher","first-page":"268","DOI":"10.1109\/PROC.1973.9030","volume":"61","author":"GD Forney","year":"1973","unstructured":"Forney, G.D.: The viterbi algorithm. Proc. IEEE 61(3), 268\u2013278 (1973)","journal-title":"Proc. IEEE"},{"key":"27_CR12","doi-asserted-by":"crossref","unstructured":"Fu, Y., Yan, Z., Cao, J., Kon\u00e9, O., Cao, X.: An automata based intrusion detection method for internet of things. Mob. Inf. Syst. 2017, 1750637:1\u20131750637:13 (2017)","DOI":"10.1155\/2017\/1750637"},{"key":"27_CR13","unstructured":"Gartner: Addressing the cyber kill chain: Full gartner research report and lookingglass perspectives (2016). Accessed 06 Mar 2021"},{"key":"27_CR14","unstructured":"Glassberg, J.: Jackware: a new type of ransomware could be 10 times as dangerous (2021). https:\/\/finance.yahoo.com\/news\/ransomware-jackware-115229732.html. Accessed 12 June 2021"},{"key":"27_CR15","unstructured":"Gu, G., Porras, P.A., Yegneswaran, V., Fong, M.W., Lee, W.: Bothunter: detecting malware infection through ids-driven dialog correlation. In: USENIX Security Symposium, vol. 7, pp. 1\u201316 (2007)"},{"key":"27_CR16","unstructured":"Guo, C., Berkhahn, F.: Entity embeddings of categorical variables. arXiv preprint arXiv:1604.06737 (2016)"},{"key":"27_CR17","doi-asserted-by":"crossref","unstructured":"Haas, S., Fischer, M.: GAC: graph-based alert correlation for the detection of distributed multi-step attacks. In: Proceedings of the 33rd Annual ACM Symposium on Applied Computing, pp. 979\u2013988 (2018)","DOI":"10.1145\/3167132.3167239"},{"issue":"4","key":"27_CR18","doi-asserted-by":"publisher","first-page":"968","DOI":"10.1109\/JIOT.2017.2704093","volume":"4","author":"J Habibi","year":"2017","unstructured":"Habibi, J., Midi, D., Mudgerikar, A., Bertino, E.: Heimdall: mitigating the internet of insecure things. IEEE Internet Things J. 4(4), 968\u2013978 (2017)","journal-title":"IEEE Internet Things J."},{"key":"27_CR19","doi-asserted-by":"crossref","unstructured":"Han, X., Pasquier, T., Bates, A., Mickens, J., Seltzer, M.: Unicorn: runtime provenance-based detector for advanced persistent threats. In: Proceedings of the Network and Distributed System Security Symposium (NDSS) (2020)","DOI":"10.14722\/ndss.2020.24046"},{"issue":"1","key":"27_CR20","first-page":"80","volume":"1","author":"EM Hutchins","year":"2011","unstructured":"Hutchins, E.M., Cloppert, M.J., Amin, R.M., et al.: Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains. Lead. Issues Inf. Warfare Secur. Res. 1(1), 80 (2011)","journal-title":"Lead. Issues Inf. Warfare Secur. Res."},{"key":"27_CR21","doi-asserted-by":"crossref","unstructured":"Jallad, K.A., Aljnidi, M., Desouki, M.S.: Anomaly detection optimization using big data and deep learning to reduce false-positive. J. Big Data 7(1) (2020)","DOI":"10.1186\/s40537-020-00346-1"},{"key":"27_CR22","doi-asserted-by":"crossref","unstructured":"Javed, M., Paxson, V.: Detecting stealthy, distributed SSH brute-forcing. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, pp. 85\u201396 (2013)","DOI":"10.1145\/2508859.2516719"},{"key":"27_CR23","unstructured":"Kang, H., Ahn, D., Lee, G., Yoo, J., Park, K., Kim, H.: Iot network intrusion dataset (2019). https:\/\/ieee-dataport.org\/open-access\/iot-network-intrusion-dataset. Accessed 06 Mar 2021"},{"key":"27_CR24","unstructured":"Keras: Keras (2016). https:\/\/keras.io\/. Accessed 15 Oct 2021"},{"key":"27_CR25","unstructured":"Klassen, F.: AppNeta: Tcpreplay (2018). https:\/\/tcpreplay.appneta.com\/. Accessed 06 Mar 2021"},{"key":"27_CR26","unstructured":"Krebs, B.: Reaper: calm before the iot security storm?, October 2017. https:\/\/krebsonsecurity.com\/2017\/10\/reaper-calm-before-the-iot-security-storm\/. Accessed 05 July 2021"},{"key":"27_CR27","doi-asserted-by":"crossref","unstructured":"Lantz, B., Heller, B., McKeown, N.: A network in a laptop: rapid prototyping for software-defined networks. In: Proceedings of the 9th ACM SIGCOMM Workshop on Hot Topics in Networks, pp. 1\u20136 (2010)","DOI":"10.1145\/1868447.1868466"},{"key":"27_CR28","unstructured":"Lashkari, A.H.: Cicflowmeter features (2018). https:\/\/github.com\/ahlashkari\/CICFlowMeter\/blob\/master\/ReadMe.txt. Accessed 19 May 2022"},{"key":"27_CR29","doi-asserted-by":"publisher","first-page":"67542","DOI":"10.1109\/ACCESS.2020.2983568","volume":"8","author":"C Liu","year":"2020","unstructured":"Liu, C., Liu, Y., Yan, Y., Wang, J.: An intrusion detection model with hierarchical attention mechanism. IEEE Access 8, 67542\u201367554 (2020)","journal-title":"IEEE Access"},{"key":"27_CR30","doi-asserted-by":"crossref","unstructured":"Luong, M.T., Pham, H., Manning, C.D.: Effective approaches to attention-based neural machine translation. In: The 2015 Conference on Empirical Methods in Natural Language Processing (EMNLP 2015) (2015)","DOI":"10.18653\/v1\/D15-1166"},{"issue":"3","key":"27_CR31","doi-asserted-by":"publisher","first-page":"259","DOI":"10.1023\/A:1009748302351","volume":"1","author":"H Mannila","year":"1997","unstructured":"Mannila, H., Toivonen, H., Verkamo, A.I.: Discovery of frequent episodes in event sequences. Data Min. Knowl. Disc. 1(3), 259\u2013289 (1997)","journal-title":"Data Min. Knowl. Disc."},{"key":"27_CR32","unstructured":"Martin, L.: Seven ways to apply the cyber kill chain with a threat intelligence platform (2015). lockheed martin corporation"},{"key":"27_CR33","unstructured":"McMillen, D., Alvarez, M.: Mirai iot botnet: mining for bitcoins?, April 2017. https:\/\/securityintelligence.com\/mirai-iot-botnet-mining-for-bitcoins\/. Accessed 05 July 2021"},{"key":"27_CR34","doi-asserted-by":"crossref","unstructured":"Midi, D., Rullo, A., Mudgerikar, A., Bertino, E.: Kalis-a system for knowledge-driven adaptable intrusion detection for the internet of things. In: 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS), pp. 656\u2013666. IEEE (2017)","DOI":"10.1109\/ICDCS.2017.104"},{"key":"27_CR35","doi-asserted-by":"crossref","unstructured":"Milajerdi, S.M., Gjomemo, R., Eshete, B., Sekar, R., Venkatakrishnan, V.: Holmes: real-time apt detection through correlation of suspicious information flows. In: 2019 IEEE Symposium on Security and Privacy (S &P), pp. 1137\u20131152. IEEE (2019)","DOI":"10.1109\/SP.2019.00026"},{"key":"27_CR36","unstructured":"Msehgal: Protect your iot devices from log4j 2 vulnerability (2021). https:\/\/live.paloaltonetworks.com\/t5\/blogs\/protect-your-iot-devices-from-log4j-2-vulnerability\/ba-p\/453381. Accessed 14 Jan 2022"},{"key":"27_CR37","doi-asserted-by":"crossref","unstructured":"Nguyen, T.D., Marchal, S., Miettinen, M., Fereidooni, H., Asokan, N., Sadeghi, A.R.: D\u00efot: a federated self-learning anomaly detection system for IoT. In: 2019 IEEE 39th International Conference on Distributed Computing Systems (ICDCS), pp. 756\u2013767. IEEE (2019)","DOI":"10.1109\/ICDCS.2019.00080"},{"key":"27_CR38","unstructured":"Osborne, C.: This is why the mozi botnet will linger on (2021). https:\/\/www.zdnet.com\/article\/this-is-why-the-mozi-botnet-will-linger-on\/. Accessed 27 Jan 2022"},{"key":"27_CR39","unstructured":"Palmer, D.: This sneaky hacking group hid inside networks for 18 months without being detected (2022). https:\/\/www.zdnet.com\/article\/this-sneaky-hacking-group-hid-inside-networks-for-18-months-without-being-detected\/. Accessed 18 May 2022"},{"key":"27_CR40","unstructured":"Research, C.P.: Iotroop botnet: the full investigation, March 2017. https:\/\/research.checkpoint.com\/2017\/iotroop-botnet-full-investigation\/. Accessed 05 July 2021"},{"issue":"11","key":"27_CR41","doi-asserted-by":"publisher","first-page":"1368","DOI":"10.1016\/j.comcom.2012.04.001","volume":"35","author":"M Soleimani","year":"2012","unstructured":"Soleimani, M., Ghorbani, A.A.: Multi-layer episode filtering for the multi-step attack detection. Comput. Commun. 35(11), 1368\u20131379 (2012)","journal-title":"Comput. Commun."},{"key":"27_CR42","unstructured":"Sqrrl Data, I.: A framework for cyber threat hunting (2018). https:\/\/www.threathunting.net\/files\/framework-for-threat-hunting-whitepaper.pdf. Accessed 31 Jan 2022"},{"key":"27_CR43","unstructured":"Storm, B.E., Applebaum, A., Miller, D.P., Nickels, K.C., Pennington, A.G., Thomas, C.B.: Mitre att &ck: design and philosophy (2018). Accessed 06 Mar 2021"},{"key":"27_CR44","unstructured":"Sutskever, I., Vinyals, O., Le, Q.V.: Sequence to sequence learning with neural networks. In: Proceedings of the 27th International Conference on Neural Information Processing Systems, vol. 2, pp. 3104\u20133112 (2014)"},{"issue":"10","key":"27_CR45","doi-asserted-by":"publisher","first-page":"1695","DOI":"10.3390\/sym12101695","volume":"12","author":"C Tang","year":"2020","unstructured":"Tang, C., Luktarhan, N., Zhao, Y.: SAAE-DNN: deep learning method on intrusion detection. Symmetry 12(10), 1695 (2020)","journal-title":"Symmetry"}],"container-title":["Lecture Notes in Computer Science","Computer Security \u2013 ESORICS 2022"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-17146-8_27","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,10,19]],"date-time":"2022-10-19T22:05:55Z","timestamp":1666217155000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-17146-8_27"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022]]},"ISBN":["9783031171451","9783031171468"],"references-count":45,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-17146-8_27","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2022]]},"assertion":[{"value":"22 September 2022","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ESORICS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"European Symposium on Research in Computer Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Copenhagen","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Denmark","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2022","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"26 September 2022","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"30 September 2022","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"27","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"esorics2022","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/esorics2022.compute.dtu.dk\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"562","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"104","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"6","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"19% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3.4","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"12","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}