{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,25]],"date-time":"2025-03-25T21:18:32Z","timestamp":1742937512279,"version":"3.40.3"},"publisher-location":"Cham","reference-count":22,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783031236891"},{"type":"electronic","value":"9783031236907"}],"license":[{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2022]]},"DOI":"10.1007\/978-3-031-23690-7_15","type":"book-chapter","created":{"date-parts":[[2022,12,10]],"date-time":"2022-12-10T05:02:50Z","timestamp":1670648570000},"page":"247-259","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["WiP: EventTracker-Event Driven Evidence Collection for\u00a0Digital Forensics"],"prefix":"10.1007","author":[{"given":"Aniket","family":"Sangwan","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Sarthak","family":"Jain","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Neminath","family":"Hubballi","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2022,12,11]]},"reference":[{"key":"15_CR1","unstructured":"accessdata.com. Accessed 18 July 2022"},{"key":"15_CR2","unstructured":"security.opentext.com\/encase-forensic . Accessed 20 July 2022"},{"key":"15_CR3","unstructured":"www.ossec.net. Accessed 12 July 2022"},{"key":"15_CR4","unstructured":"www.tripwire.com. Accessed 12 July 2022"},{"key":"15_CR5","unstructured":"www.elastic.co\/beats\/auditbeat. Accessed 12 July 2022"},{"key":"15_CR6","unstructured":"github.com\/gorakhargosh\/watchdog. Accessed 12 July 2022"},{"key":"15_CR7","unstructured":"access.redhat.com\/documentation\/en-us\/red_hat_enterprise_linux\/8\/html\/security_hardening\/auditing-the-system_security-hardening. Accessed 12 July 2022"},{"key":"15_CR8","unstructured":"www.mongodb.com. Accessed 12 July 2022"},{"key":"15_CR9","unstructured":"github.com\/504ensicsLabs\/LiME. Accessed 12 July 2022"},{"key":"15_CR10","unstructured":"www.volatilityfoundation.org. Accessed 12 July 2022"},{"key":"15_CR11","unstructured":"www.elastic.co\/elastic-stack. Accessed 12 July 2022"},{"key":"15_CR12","doi-asserted-by":"crossref","unstructured":"Chen, L., et al.: Detecting advanced attacks based on linux logs. In: BigDataSecurity\u201920: Proceedings of the IEEE 6th International Conference on Big Data Security on Cloud, pp. 60\u201364 (2020)","DOI":"10.1109\/BigDataSecurity-HPSC-IDS49724.2020.00022"},{"issue":"5","key":"15_CR13","doi-asserted-by":"publisher","first-page":"1564","DOI":"10.1109\/LCOMM.2020.3048995","volume":"25","author":"Q Cheng","year":"2021","unstructured":"Cheng, Q., Wu, C., Zhou, S.: Discovering attack scenarios via intrusion alert correlation using graph convolutional networks. IEEE Commun. Lett. 25(5), 1564\u20131567 (2021)","journal-title":"IEEE Commun. Lett."},{"key":"15_CR14","doi-asserted-by":"publisher","unstructured":"Debar, H., Wespi, A.: Aggregation and correlation of intrusion-detection alerts. In: Lee, W., M\u00e9, L., Wespi, A. (eds.) RAID 2001. LNCS, vol. 2212, pp. 85\u2013103. Springer, Heidelberg (2001). https:\/\/doi.org\/10.1007\/3-540-45474-8_6","DOI":"10.1007\/3-540-45474-8_6"},{"key":"15_CR15","doi-asserted-by":"crossref","unstructured":"Feng, Y., et al.: Attack graph generation and visualization for industrial control network. In: CCC 2020: Proceedings of the 39th Chinese Control Conference, pp. 7655\u20137660 (2020)","DOI":"10.23919\/CCC50068.2020.9189450"},{"key":"15_CR16","doi-asserted-by":"crossref","unstructured":"Haas, S., Fischer, M.: Gac: graph-based alert correlation for the detection of distributed multi-step attacks. In: SAC 2018: Proceedings of the 33rd Annual ACM Symposium on Applied Computing, pp. 979\u2013988 (2018)","DOI":"10.1145\/3167132.3167239"},{"issue":"1","key":"15_CR17","doi-asserted-by":"publisher","first-page":"5","DOI":"10.1145\/3325061.3325062","volume":"19","author":"S Haas","year":"2019","unstructured":"Haas, S., Fischer, M.: On the alert correlation process for the detection of multi-step attacks and a graph-based realization. SIGAPP Appl. Comput. Rev. 19(1), 5\u201319 (2019)","journal-title":"SIGAPP Appl. Comput. Rev."},{"key":"15_CR18","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.comcom.2014.04.012","volume":"49","author":"N Hubballi","year":"2014","unstructured":"Hubballi, N., Suryanarayanan, V.: False alarm minimization techniques in signature-based intrusion detection systems: A survey. Comput. Commun. 49, 1\u201317 (2014)","journal-title":"Comput. Commun."},{"key":"15_CR19","doi-asserted-by":"publisher","unstructured":"Porras, P.A., Fong, M.W., Valdes, A.: A mission-impact-based approach to INFOSEC alarm correlation. In: Wespi, A., Vigna, G., Deri, L. (eds.) RAID 2002. LNCS, vol. 2516, pp. 95\u2013114. Springer, Heidelberg (2002). https:\/\/doi.org\/10.1007\/3-540-36084-0_6","DOI":"10.1007\/3-540-36084-0_6"},{"key":"15_CR20","unstructured":"Qin, X., Lee, W.: Attack plan recognition and prediction using causal networks. In: 20th Annual Computer Security Applications Conference, pp. 370\u2013379 (2004)"},{"key":"15_CR21","doi-asserted-by":"crossref","unstructured":"Roschke, S., Cheng, F., Meinel, C.: A new alert correlation algorithm based on attack graph. In: CISIS 2011: Proceedings of the 4th International Conference on Computational Intelligence in Security for Information Systems, pp. 58\u201367 (2011)","DOI":"10.1007\/978-3-642-21323-6_8"},{"key":"15_CR22","unstructured":"T, C., Nadjm-Tehrani, S., Burschka, S., Burbeck, K.: Alarm reduction and correlation in defence of IP networks. In: 13th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, pp. 229\u2013234 (2004)"}],"container-title":["Lecture Notes in Computer Science","Information Systems Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-23690-7_15","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,12,10]],"date-time":"2022-12-10T05:05:23Z","timestamp":1670648723000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-23690-7_15"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022]]},"ISBN":["9783031236891","9783031236907"],"references-count":22,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-23690-7_15","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2022]]},"assertion":[{"value":"11 December 2022","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ICISS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Information Systems Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Tirupati","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"India","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2022","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"16 December 2022","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"20 December 2022","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"18","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"iciss2022","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.icissconf.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"easychair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"55","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"8","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"5","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"15% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3.5","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}