{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,19]],"date-time":"2026-06-19T16:24:14Z","timestamp":1781886254538,"version":"3.54.5"},"publisher-location":"Cham","reference-count":20,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783032147813","type":"print"},{"value":"9783032147820","type":"electronic"}],"license":[{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2026]]},"DOI":"10.1007\/978-3-032-14782-0_20","type":"book-chapter","created":{"date-parts":[[2026,4,5]],"date-time":"2026-04-05T23:06:46Z","timestamp":1775430406000},"page":"366-383","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Dissecting Mirai: Spatio-Sequential Analysis and\u00a0Restoration Strategies Using MITRE ATT&amp;CK and\u00a0D3FEND"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0009-0007-8238-988X","authenticated-orcid":false,"given":"Zo\u00e9","family":"Lagache","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4390-5622","authenticated-orcid":false,"given":"Pierre-Henri","family":"Thevenon","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6127-9816","authenticated-orcid":false,"given":"Maxime","family":"Puys","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0493-9096","authenticated-orcid":false,"given":"Oum-El-Kheir","family":"Aktouf","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2026,4,1]]},"reference":[{"key":"20_CR1","unstructured":"Antonakakis, M., et al.: Understanding the mirai botnet. In: 26th USENIX Security Symposium (USENIX Security 2017), pp. 1093\u20131110. USENIX Association, Vancouver, BC (2017). https:\/\/www.usenix.org\/conference\/usenixsecurity17\/technical-sessions\/presentation\/antonakakis"},{"key":"20_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"136","DOI":"10.1007\/978-3-540-45248-5_8","volume-title":"Recent Advances in Intrusion Detection","author":"I Balepin","year":"2003","unstructured":"Balepin, I., Maltsev, S., Rowe, J., Levitt, K.: Using specification-based intrusion detection for automated response. In: Vigna, G., Kruegel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol. 2820, pp. 136\u2013154. Springer, Heidelberg (2003). https:\/\/doi.org\/10.1007\/978-3-540-45248-5_8"},{"key":"20_CR3","doi-asserted-by":"publisher","unstructured":"Ben\u00a0Said, N., et al.: Detection of mirai by syntactic and behavioral analysis. In: 2018 IEEE 29th International Symposium on Software Reliability Engineering (ISSRE), pp. 224\u2013235 (2018). https:\/\/doi.org\/10.1109\/ISSRE.2018.00032","DOI":"10.1109\/ISSRE.2018.00032"},{"issue":"5","key":"20_CR4","doi-asserted-by":"publisher","first-page":"2674","DOI":"10.1109\/TNSE.2022.3189546","volume":"10","author":"H Cao","year":"2023","unstructured":"Cao, H., Jindal, A., Hu, H., Piran, M.J., Yang, L.: Secure and intelligent service function chain for sustainable services in healthcare cyber physical systems. IEEE Trans. Netw. Sci. Eng. 10(5), 2674\u20132684 (2023). https:\/\/doi.org\/10.1109\/TNSE.2022.3189546","journal-title":"IEEE Trans. Netw. Sci. Eng."},{"key":"20_CR5","doi-asserted-by":"crossref","unstructured":"Chevalier, R., Plaquin, D., Dalton, C., Hiet, G.: Intrusion survivability for commodity operating systems. Ph.D. thesis, Universit\u00e9 Paris-Saclay (2020). https:\/\/inria.hal.science\/hal-03085774","DOI":"10.1145\/3419471"},{"issue":"2","key":"20_CR6","doi-asserted-by":"publisher","first-page":"1215","DOI":"10.1007\/s10207-023-00760-5","volume":"23","author":"P Empl","year":"2024","unstructured":"Empl, P., Schlette, D., Stoger, L., Pernul, G.: Generating ICS vulnerability playbooks with open standards. Int. J. Inf. Secur. 23(2), 1215\u20131230 (2024). https:\/\/doi.org\/10.1007\/s10207-023-00760-5","journal-title":"Int. J. Inf. Secur."},{"key":"20_CR7","doi-asserted-by":"publisher","unstructured":"Empl, P., Schlette, D., Zupfer, D., Pernul, G.: SOAR4IoT: securing IoT assets with digital twins. In: Proceedings of the 17th International Conference on Availability, Reliability and Security, Vienna Austria, pp. 1\u201310. ACM (2022). https:\/\/doi.org\/10.1145\/3538969.3538975","DOI":"10.1145\/3538969.3538975"},{"key":"20_CR8","unstructured":"Frank, C., Nance, C., Jarocki, S., Pauli, W.E., Madison, SD.: Protecting IoT from mirai botnets; IoT device hardening. In: Proceedings of the Conference on Information Systems Applied Research, Austin, TX, USA, p.\u00a01508 (2017)"},{"key":"20_CR9","doi-asserted-by":"publisher","unstructured":"Goel, A., Po, K., Farhadi, K., Li, Z., De\u00a0Lara, E.: The taser intrusion recovery system. In: Proceedings of the Twentieth ACM Symposium on Operating Systems Principles, pp. 163\u2013176 (2005). https:\/\/doi.org\/10.1145\/1095810.1095826","DOI":"10.1145\/1095810.1095826"},{"key":"20_CR10","doi-asserted-by":"publisher","unstructured":"Kelly, C., Pitropakis, N., McKeown, S., Lambrinoudakis, C.: Testing and hardening IoT devices against the mirai botnet. In: 2020 International Conference on Cyber Security and Protection of Digital Services (Cyber Security), Dublin, Ireland, pp. 1\u20138. IEEE (2020). https:\/\/doi.org\/10.1109\/CyberSecurity49315.2020.9138887","DOI":"10.1109\/CyberSecurity49315.2020.9138887"},{"issue":"7","key":"20_CR11","doi-asserted-by":"publisher","first-page":"80","DOI":"10.1109\/MC.2017.201","volume":"50","author":"C Kolias","year":"2017","unstructured":"Kolias, C., Kambourakis, G., Stavrou, A., Voas, J.: DDoS in the IoT: Mirai and other botnets. Computer 50(7), 80\u201384 (2017). https:\/\/doi.org\/10.1109\/MC.2017.201","journal-title":"Computer"},{"key":"20_CR12","doi-asserted-by":"publisher","unstructured":"Lekidis, A., Mavroeidis, V., Fysarakis, K.: Towards incident response orchestration and automation for the advanced metering infrastructure. In: 2024 IEEE 20th International Conference on Factory Communication Systems (WFCS), Toulouse, France, pp. 1\u20138. IEEE (2024). https:\/\/doi.org\/10.1109\/WFCS60972.2024.10540775","DOI":"10.1109\/WFCS60972.2024.10540775"},{"key":"20_CR13","doi-asserted-by":"publisher","unstructured":"Palla, T.G., Tayeb, S.: Intelligent Mirai malware detection for IoT nodes. Electronics 10(11) (2021). https:\/\/doi.org\/10.3390\/electronics10111241. https:\/\/www.mdpi.com\/2079-9292\/10\/11\/1241","DOI":"10.3390\/electronics10111241"},{"key":"20_CR14","doi-asserted-by":"publisher","unstructured":"Sahu, A., Huang, H., Davis, K., Zonouz, S.: Score: a security-oriented cyber-physical optimal response engine. In: 2019 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids (SmartGridComm), pp.\u00a01\u20136 (2019). https:\/\/doi.org\/10.1109\/SmartGridComm.2019.8909814","DOI":"10.1109\/SmartGridComm.2019.8909814"},{"key":"20_CR15","doi-asserted-by":"publisher","first-page":"191","DOI":"10.1007\/978-3-031-65172-4_12","volume-title":"Data and Applications Security and Privacy XXXVIII","author":"KA Saint-Hilaire","year":"2024","unstructured":"Saint-Hilaire, K.A., Neal, C., Cuppens, F., Boulahia-Cuppens, N., Hadji, M.: Optimal automated generation of playbooks. In: Ferrara, A.L., Krishnan, R. (eds.) Data and Applications Security and Privacy XXXVIII, pp. 191\u2013199. Springer, Cham (2024)"},{"key":"20_CR16","doi-asserted-by":"publisher","unstructured":"Sasaki, T., Sawada, K., Shin, S., Hosokawa, S.: Fallback and recovery control system of industrial control system for cybersecurity. IFAC-PapersOnLine 50(1), 15247\u201315252 (2017). https:\/\/doi.org\/10.1016\/j.ifacol.2017.08.2402, 20th IFAC World Congress","DOI":"10.1016\/j.ifacol.2017.08.2402"},{"key":"20_CR17","doi-asserted-by":"publisher","unstructured":"Sharma, A., Mansotra, P.V., Singh, K.: Detection of Mirai botnet attacks on IoT devices using deep learning. J. Sci. Res. Technol. (JSRT) 1(6) (2023). https:\/\/doi.org\/10.5281\/zenodo.8330561","DOI":"10.5281\/zenodo.8330561"},{"key":"20_CR18","doi-asserted-by":"publisher","unstructured":"Strasburg, C., Stakhanova, N., Basu, S., Wong, J.S.: A framework for cost sensitive assessment of intrusion response selection. In: 2009 33rd Annual IEEE International Computer Software and Applications Conference, Seattle, Washington, USA, pp. 355\u2013360. IEEE (2009). https:\/\/doi.org\/10.1109\/COMPSAC.2009.54","DOI":"10.1109\/COMPSAC.2009.54"},{"key":"20_CR19","unstructured":"Webster, A., Eckenrod, R., Purtilo, J.: Fast and service-preserving recovery from malware infections using CRIU. In: 27th USENIX Security Symposium (USENIX Security 2018), Baltimore, MD, pp. 1199\u20131211. USENIX Association (2018). https:\/\/www.usenix.org\/conference\/usenixsecurity18\/presentation\/webster"},{"key":"20_CR20","doi-asserted-by":"publisher","unstructured":"Zheng, Z., Jin, S., Bettati, R., Reddy, A.N.: Securing cyber-physical systems with adaptive commensurate response. In: 2017 IEEE Conference on Communications and Network Security (CNS), pp.\u00a01\u20136 (2017). https:\/\/doi.org\/10.1109\/CNS.2017.8228641","DOI":"10.1109\/CNS.2017.8228641"}],"container-title":["Lecture Notes in Computer Science","Secure IT Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-032-14782-0_20","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,4,5]],"date-time":"2026-04-05T23:06:48Z","timestamp":1775430408000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-032-14782-0_20"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026]]},"ISBN":["9783032147813","9783032147820"],"references-count":20,"URL":"https:\/\/doi.org\/10.1007\/978-3-032-14782-0_20","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026]]},"assertion":[{"value":"1 April 2026","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"NordSec","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Nordic Conference on Secure IT Systems","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Tartu","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Estonia","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"12 November 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"13 November 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"30","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"nordsec2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/nordsec2025.cs.ut.ee\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}