{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,21]],"date-time":"2025-09-21T08:47:40Z","timestamp":1758444460310,"version":"3.44.0"},"publisher-location":"Cham","reference-count":24,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783032050724"},{"type":"electronic","value":"9783032050731"}],"license":[{"start":{"date-parts":[[2025,9,21]],"date-time":"2025-09-21T00:00:00Z","timestamp":1758412800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,9,21]],"date-time":"2025-09-21T00:00:00Z","timestamp":1758412800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2026]]},"DOI":"10.1007\/978-3-032-05073-1_7","type":"book-chapter","created":{"date-parts":[[2025,9,20]],"date-time":"2025-09-20T07:37:22Z","timestamp":1758353842000},"page":"92-107","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Cybersecurity Threat Detection Through Business Process Log Analysis"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-2034-9774","authenticated-orcid":false,"given":"Barbara","family":"Pernici","sequence":"first","affiliation":[]},{"given":"Fotios","family":"Gioulekas","sequence":"additional","affiliation":[]},{"given":"Athanasios","family":"Tzikas","sequence":"additional","affiliation":[]},{"given":"Konstantinos","family":"Gounaris","sequence":"additional","affiliation":[]},{"given":"Evangelos","family":"Stamatiadis","sequence":"additional","affiliation":[]},{"given":"Thomas","family":"Schaberreiter","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6062-5174","authenticated-orcid":false,"given":"Cinzia","family":"Cappiello","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,9,21]]},"reference":[{"key":"7_CR1","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1016\/j.entcs.2004.10.013","volume":"121","author":"WM Aalst","year":"2005","unstructured":"Aalst, W.M., Medeiros, A.K.A.: Process mining and security: detecting anomalous process executions and checking process conformance. Electron. Notes Theor. Comput. Sci. 121, 3\u201321 (2005)","journal-title":"Electron. Notes Theor. Comput. Sci."},{"key":"7_CR2","doi-asserted-by":"publisher","first-page":"172","DOI":"10.1016\/j.cose.2017.10.010","volume":"73","author":"M Alizadeh","year":"2018","unstructured":"Alizadeh, M., Lu, X., Fahland, D., Zannone, N., Aalst, W.M.: Linking data and process perspectives for conformance analysis. Comput. Secur. 73, 172\u2013193 (2018)","journal-title":"Comput. Secur."},{"key":"7_CR3","doi-asserted-by":"publisher","unstructured":"Andriessen, J., Schaberreiter, T., Papanikolaou, A., R\u00f6ning, J. (eds.): Cybersecurity Awareness, Advances in Information Security, vol.\u00a088. Springer, Cham (2022). https:\/\/doi.org\/10.1007\/978-3-031-04227-0, https:\/\/link.springer.com\/10.1007\/978-3-031-04227-0","DOI":"10.1007\/978-3-031-04227-0"},{"key":"7_CR4","unstructured":"Cappiello, C., et al.: Human-in-the-loop anomaly detection and contextual intelligence for enhancing cybersecurity management. In: Natural Language Processing and Artificial Intelligence for Cyber Security (NLPAICS 2024) (2024)"},{"key":"7_CR5","doi-asserted-by":"publisher","first-page":"42021","DOI":"10.1109\/ACCESS.2020.2976076","volume":"8","author":"SY Cho","year":"2020","unstructured":"Cho, S.Y., Happa, J., Creese, S.: Capturing tacit knowledge in security operation centers. IEEE Access 8, 42021\u201342041 (2020). https:\/\/doi.org\/10.1109\/ACCESS.2020.2976076","journal-title":"IEEE Access"},{"key":"7_CR6","unstructured":"European Commission: Regulation of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95\/46\/EC (General Data Protection Regulation). Regulation (EU) 2016\/679, April 2016"},{"key":"7_CR7","unstructured":"European Commission: The EU\u2019s Cybersecurity Strategy for the Digital Decade. Joint Communication to the European Parliament and the Council - JOIN(2020) 18 final (2020)"},{"key":"7_CR8","doi-asserted-by":"publisher","unstructured":"Granadillo, G., Gonz\u00e1lez-Zarzosa, S., Diaz, R.: Security information and event management (SIEM): analysis, trends, and usage in critical infrastructures. Sensors 21, 4759 (2021). https:\/\/doi.org\/10.3390\/s21144759","DOI":"10.3390\/s21144759"},{"key":"7_CR9","unstructured":"ISO\/IEC 27000:2016: Information technology \u2013 security techniques \u2014 information security management systems \u2013 overview and vocabulary. Tech. rep., ISO\/IEC (2016)"},{"key":"7_CR10","doi-asserted-by":"publisher","unstructured":"Jasimuddin, S.M., Saci, F.: Creating a culture to avoid knowledge hiding within an organization: The role of management support. Front. Psychol. 13 (2022). https:\/\/doi.org\/10.3389\/fpsyg.2022.850989, https:\/\/www.frontiersin.org\/journals\/psychology\/articles\/10.3389\/fpsyg.2022.850989","DOI":"10.3389\/fpsyg.2022.850989"},{"key":"7_CR11","doi-asserted-by":"publisher","unstructured":"Kiran, M., Murphy, P., Monga, I., Dugan, J., Baveja, S.S.: Lambda architecture for cost-effective batch and speed big data processing. In: 2015 IEEE International Conference on Big Data (Big Data), pp. 2785\u20132792 (2015). https:\/\/doi.org\/10.1109\/BigData.2015.7364082","DOI":"10.1109\/BigData.2015.7364082"},{"key":"7_CR12","unstructured":"Kupfersberger, V., Schaberreiter, T., Wills, C., Quirchmayr, G., R\u00f6ning, J.: Applying soft systems methodology to complex problem situations in critical infrastructures: the cs-aware case study. Int. J. Adv. Secur. 11, 191\u2013200 (2018), http:\/\/eprints.cs.univie.ac.at\/5904\/"},{"key":"7_CR13","doi-asserted-by":"crossref","unstructured":"Landauer, M., Skopik, F., Wurzenberger, M., Rauber, A.: System log clustering approaches for cyber security applications: a survey. Comput. Secur. 92, 101739 (2020)","DOI":"10.1016\/j.cose.2020.101739"},{"key":"7_CR14","doi-asserted-by":"crossref","unstructured":"Leevy, J.L., Hancock, J.T., Zuech, R., Khoshgoftaar, T.M.: Detecting cybersecurity attacks across different network features and learners. J. Big Data 8(1), 1\u201329 (2021)","DOI":"10.1186\/s40537-021-00426-w"},{"key":"7_CR15","unstructured":"Luidold, C., et al.: Increasing cybersecurity awareness and collaboration in organisations and local\/regional networks: The CS-AWARE-NEXT project. In: Sustainable, Secure, and Smart Collaboration (S3C) Workshop 2023 (2023), http:\/\/CEUR-WS.org\/Vol-3574\/paper_5.pdf"},{"key":"7_CR16","doi-asserted-by":"crossref","unstructured":"McGlave, C., Neprash, H., Nikpay, S.: Hacked to pieces? the effects of ransomware attacks on hospitals and patients (2024), http:\/\/dx.doi.org\/10.2139\/ssrn.4579292","DOI":"10.2139\/ssrn.4579292"},{"key":"7_CR17","doi-asserted-by":"crossref","unstructured":"Melaku, H.M.: A dynamic and adaptive cybersecurity governance framework. J. Cybersecur. Priv. 3(3), 327\u2013350 (2023)","DOI":"10.3390\/jcp3030017"},{"key":"7_CR18","doi-asserted-by":"crossref","unstructured":"National institute of standards and technology: the NIST cybersecurity framework (CSF) 2.0. cybersecurity white paper (CSWP) 29, February 2024, https:\/\/doi.org\/10.6028\/NIST.CSWP.29","DOI":"10.6028\/NIST.CSWP.29"},{"key":"7_CR19","doi-asserted-by":"crossref","unstructured":"Ozawa, S., Ban, T., Hashimoto, N., Nakazato, J., Shimamura, J.: A study of iot malware activities using association rule learning for darknet sensor data. Int. J. Inf. Sec. 19(1), 83\u201392 (2020)","DOI":"10.1007\/s10207-019-00439-w"},{"key":"7_CR20","doi-asserted-by":"crossref","unstructured":"Sarker, I.H.: Cyberlearning: effectiveness analysis of machine learning security modeling to detect cyber-anomalies and multi-attacks. Internet Things 14, 100393 (2021)","DOI":"10.1016\/j.iot.2021.100393"},{"key":"7_CR21","unstructured":"Securities, A., Comission, I.: Spotlight on cyber: Findings and insights from the cyber pulse survey 2023. Report\u00a0776, November 2023"},{"key":"7_CR22","doi-asserted-by":"crossref","unstructured":"Shukla, S., Parada, J.I., Pearlson, K.: Trusting the needle in the haystack: cybersecurity management of ai\/ml systems. In: Arai, K. (ed.) Advances in Information and Communication, pp. 441\u2013455. Springer (2022)","DOI":"10.1007\/978-3-030-98015-3_30"},{"key":"7_CR23","unstructured":"The European Parliament and the Council of the European Union: Directive (EU) 2022\/2555 of the European Parliament and of the Council of 14 December 2022. Official Journal of the European Union L333\/80 (2022)"},{"key":"7_CR24","doi-asserted-by":"publisher","unstructured":"Vu, Q.H., Ruta, D., Cen, L.: Gradient boosting decision trees for cyber security threats detection based on network events logs. In: Baru, C.K., et al. (eds.) 2019 IEEE International Conference on Big Data (IEEE BigData), Los Angeles, CA, USA, 9\u201312 December 2019, pp. 5921\u20135928. IEEE (2019). https:\/\/doi.org\/10.1109\/BIGDATA47090.2019.9006061","DOI":"10.1109\/BIGDATA47090.2019.9006061"}],"container-title":["Lecture Notes in Computer Science","Model-Based Safety and Assessment"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-032-05073-1_7","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,9,20]],"date-time":"2025-09-20T07:37:30Z","timestamp":1758353850000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-032-05073-1_7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,9,21]]},"ISBN":["9783032050724","9783032050731"],"references-count":24,"URL":"https:\/\/doi.org\/10.1007\/978-3-032-05073-1_7","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2025,9,21]]},"assertion":[{"value":"21 September 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"IMBSA","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Symposium on Model-Based Safety and Assessment","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Athens","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Greece","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"24 September 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"26 September 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"9","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"imbsa2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/imbsa-conference.com","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}