{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,2]],"date-time":"2026-02-02T17:08:03Z","timestamp":1770052083343,"version":"3.49.0"},"publisher-location":"Cham","reference-count":30,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783032151391","type":"print"},{"value":"9783032151407","type":"electronic"}],"license":[{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2026]]},"DOI":"10.1007\/978-3-032-15140-7_15","type":"book-chapter","created":{"date-parts":[[2026,2,2]],"date-time":"2026-02-02T06:42:23Z","timestamp":1770014543000},"page":"266-283","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Toward an Intent-Based and Ontology-Driven Autonomic Security Response in Security Orchestration Automation and Response"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0009-0001-9551-7621","authenticated-orcid":false,"given":"Zequan","family":"Huang","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7425-2639","authenticated-orcid":false,"given":"Jacques","family":"Robin","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1540-2099","authenticated-orcid":false,"given":"Nicolas","family":"Herbaut","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3051-7241","authenticated-orcid":false,"given":"Nourh\u00e8ne","family":"Ben Rabah","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3813-4093","authenticated-orcid":false,"given":"B\u00e9n\u00e9dicte","family":"Le Grand","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2026,2,3]]},"reference":[{"key":"15_CR1","doi-asserted-by":"crossref","unstructured":"Zidan, K., Alam, A., Allison, J., Al-sherbaz, A.: Assessing the\u00a0challenges faced by\u00a0Security Operations Centres (SOC). In: Advances in Information and Communication, pp. 256\u2013271 (2024)","DOI":"10.1007\/978-3-031-53963-3_18"},{"issue":"2","key":"15_CR2","doi-asserted-by":"publisher","first-page":"527","DOI":"10.32604\/iasc.2021.016240","volume":"28","author":"J Kinyua","year":"2021","unstructured":"Kinyua, J., Awuah, L.: AI\/ML in security orchestration, automation and response: future research directions. Intell. Autom. Soft Comput. 28(2), 527\u2013545 (2021)","journal-title":"Intell. Autom. Soft Comput."},{"key":"15_CR3","unstructured":"Vyas, S., Hannay, J., Bolton, A., Burnap, P.P.: Automated cyber defence: a review (2023). arXiv preprint arXiv:2303.04926"},{"key":"15_CR4","doi-asserted-by":"publisher","first-page":"4055","DOI":"10.1109\/TIFS.2025.3558600","volume":"20","author":"K Hammar","year":"2025","unstructured":"Hammar, K., Li, T., Stadler, R., Zhu, Q.: Adaptive security response strategies through conjectural online learning. IEEE Trans. Inf. Forensics Secur. 20, 4055\u20134070 (2025)","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"issue":"3","key":"15_CR5","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/2480741.2480742","volume":"45","author":"MH Manshaei","year":"2013","unstructured":"Manshaei, M.H., Zhu, Q., Alpcan, T., Bac\u015far, T., Hubaux, J.P.: Game theory meets network security and privacy. ACM Comput. Surv. (CSUR) 45(3), 1\u201339 (2013)","journal-title":"ACM Comput. Surv. (CSUR)"},{"issue":"1","key":"15_CR6","first-page":"51","volume":"47","author":"S Wallace","year":"2020","unstructured":"Wallace, S., Green, K.Y., Johnson, C., Cooper, J., Gilstrap, C.: An extended TOE framework for cybersecurity-adoption decisions. Commun. Assoc. Inf. Syst. 47(1), 51 (2020)","journal-title":"Commun. Assoc. Inf. Syst."},{"key":"15_CR7","doi-asserted-by":"publisher","unstructured":"Lalanda, P., McCann, J.A., Diaconescu, A.: Autonomic computing. In: Principles, Design and Implementation. Springer (2013). https:\/\/doi.org\/10.1007\/978-1-4471-5007-7","DOI":"10.1007\/978-1-4471-5007-7"},{"key":"15_CR8","doi-asserted-by":"crossref","unstructured":"Clemm, A., Ciavaglia L., Granville L., Tantsura J.: Intent-based networking - concepts and definitions, RFC 9315, IETF (2021)","DOI":"10.17487\/RFC9315"},{"issue":"1","key":"15_CR9","doi-asserted-by":"publisher","first-page":"625","DOI":"10.1109\/COMST.2022.3215919","volume":"25","author":"A Leivadeas","year":"2023","unstructured":"Leivadeas, A., Falkner, M.: A survey on intent-based networking. IEEE Commun. Surv. Tutorials 25(1), 625\u2013655 (2023)","journal-title":"IEEE Commun. Surv. Tutorials"},{"key":"15_CR10","unstructured":"Kaloroumakis, P.E., Smith, M.J.: Toward a knowledge graph of cybersecurity countermeasures. The MITRE Corporation (2021)"},{"issue":"9","key":"15_CR11","doi-asserted-by":"publisher","first-page":"3511","DOI":"10.1007\/s10115-023-01860-3","volume":"65","author":"LF Sikos","year":"2023","unstructured":"Sikos, L.F.: Cybersecurity knowledge graphs. Knowl. Inf. Syst. 65(9), 3511\u20133531 (2023)","journal-title":"Knowl. Inf. Syst."},{"key":"15_CR12","doi-asserted-by":"publisher","first-page":"323","DOI":"10.1007\/978-3-030-63479-7_22","volume-title":"IFIP Working Conference on The Practice of Enterprise Modeling","author":"BF Martins","year":"2020","unstructured":"Martins, B.F., Serrano, L., Reyes, J.F., Panach, J.I., Pastor, O., Rochwerger, B.: Conceptual characterization of cybersecurity ontologies. In: IFIP Working Conference on The Practice of Enterprise Modeling, pp. 323\u2013338. Springer International Publishing, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-63479-7_22"},{"key":"15_CR13","unstructured":"Strom, B.E., et al.: Finding cyber threats with ATT&CK-based analytics. The MITRE Corporation, Bedford, MA, Technical Report No. MTR170202 (2017)"},{"key":"15_CR14","doi-asserted-by":"crossref","unstructured":"Oliveira, \u00cd., et al.: Boosting D3FEND: ontological analysis and recommendations. formal ontology in information systems (2023)","DOI":"10.3233\/FAIA231138"},{"key":"15_CR15","doi-asserted-by":"crossref","unstructured":"Tian, B., et al.: Safely and automatically updating in-network ACL configurations with intent language. In: Proceedings of the ACM Special Interest Group on Data Communication, pp. 214\u2013226","DOI":"10.1145\/3341302.3342088"},{"issue":"4","key":"15_CR16","doi-asserted-by":"publisher","first-page":"45","DOI":"10.1109\/MCOM.001.1900476","volume":"58","author":"J Kim","year":"2020","unstructured":"Kim, J., et al.: IBCS: Intent-Based Cloud Services for security applications. IEEE Commun. Mag. 58(4), 45\u201351 (2020)","journal-title":"IEEE Commun. Mag."},{"issue":"4","key":"15_CR17","doi-asserted-by":"publisher","first-page":"169","DOI":"10.1109\/MCOM.001.2400022","volume":"63","author":"P Lingga","year":"2025","unstructured":"Lingga, P., Jeong, J., Dunbar, L.: ICSC: intent-based closed-loop security control system for cloud-based security services. IEEE Commun. Mag. 63(4), 169\u2013175 (2025)","journal-title":"IEEE Commun. Mag."},{"key":"15_CR18","doi-asserted-by":"crossref","unstructured":"Pizzato, F., Bringhenti, D., Sisto, R., Valenza, F.: An intent-based solution for network isolation in Kubernetes. In: 2024 IEEE 10th International Conference on Network Softwarization (NetSoft), pp. 381\u2013386 (2024)","DOI":"10.1109\/NetSoft60951.2024.10588939"},{"key":"15_CR19","doi-asserted-by":"crossref","unstructured":"Robles-Enciso, A., Bernab\u00e9 Murcia, J.M., Molina Zarca, A., Skarmeta Gomez, A.: Dynamic multi-method allocation for intent-based security orchestration. J. Netw. Syst. Manage. 33(1)","DOI":"10.1007\/s10922-024-09896-8"},{"issue":"4","key":"15_CR20","doi-asserted-by":"publisher","first-page":"289","DOI":"10.1364\/JOCN.10.000289","volume":"10","author":"T Szyrkowiec","year":"2018","unstructured":"Szyrkowiec, T., et al.: Automatic intent-based secure service creation through a multilayer SDN network orchestration. J. Opt. Commun. Netw. 10(4), 289 (2018)","journal-title":"J. Opt. Commun. Netw."},{"issue":"1","key":"15_CR21","doi-asserted-by":"publisher","first-page":"5142","DOI":"10.48084\/etasr.3266","volume":"10","author":"MF Hyder","year":"2020","unstructured":"Hyder, M.F., Ismail, M.A.: INMTD: intent-based moving target defense framework using software defined networks. Eng. Technol. Appl.Sci. Res. 10(1), 5142\u20135147 (2020)","journal-title":"Eng. Technol. Appl.Sci. Res."},{"key":"15_CR22","doi-asserted-by":"crossref","unstructured":"Settanni, F., Zamponi, A., Basile, C.: Dynamic security provisioning for cloud-native networks: an intent-based approach. In: 2024 IEEE International Conference on Cyber Security and Resilience (CSR), 321\u2013328 (2024)","DOI":"10.1109\/CSR61664.2024.10679397"},{"key":"15_CR23","doi-asserted-by":"crossref","unstructured":"Lopez, D., Lopez, E., Dunbar, L., Strassner, J., Kumar, R.: Framework for interface to network security functions. RFC 8329, IETF (2018)","DOI":"10.17487\/RFC8329"},{"key":"15_CR24","doi-asserted-by":"crossref","unstructured":"Applebaum, A., et al.: Bridging automated to autonomous cyber defense: foundational analysis of tabular q-learning. In: Proceedings of the 15th ACM Workshop on Artificial Intelligence and Security, pp. 149\u2013159 (2022)","DOI":"10.1145\/3560830.3563732"},{"key":"15_CR25","doi-asserted-by":"publisher","first-page":"52138","DOI":"10.1109\/ACCESS.2018.2870052","volume":"6","author":"A Adadi","year":"2018","unstructured":"Adadi, A., Berrada, M.: Peeking inside the black-box: a survey on explainable artificial intelligence (XAI). IEEE Access 6, 52138\u201352160 (2018)","journal-title":"IEEE Access"},{"key":"15_CR26","unstructured":"Booker, L.B., Musman, S.A.: A model-based, decision-theoretic perspective on automated cyber response (2020). arXiv preprint arXiv:2002.08957"},{"issue":"2","key":"15_CR27","first-page":"127","volume":"15","author":"S Musman","year":"2017","unstructured":"Musman, S., Turner, A.: A game theoretic approach to cyber security risk management. J. Defense Model. Simul. Appl. Methodol. Technol. 15(2), 127\u2013146 (2017)","journal-title":"J. Defense Model. Simul. Appl. Methodol. Technol."},{"key":"15_CR28","doi-asserted-by":"crossref","unstructured":"Antoniou, G., Harmelen, F.V.: Web Ontology Language: Owl. In: Handbook on ontologies, pp. 91\u2013110 (2009)","DOI":"10.1007\/978-3-540-92673-3_4"},{"key":"15_CR29","unstructured":"Hammar, K.: Optimal security response to network intrusions in IT systems, Ph.D. dissertation, KTH Royal Institute of Technology (2025). arXiv preprint arXiv:2502.02541"},{"key":"15_CR30","doi-asserted-by":"publisher","DOI":"10.1017\/CBO9781316471104","volume-title":"Partially Observed Markov Decision Processes","author":"V Krishnamurthy","year":"2016","unstructured":"Krishnamurthy, V.: Partially Observed Markov Decision Processes. Cambridge University Press (2016)"}],"container-title":["Lecture Notes in Computer Science","Enterprise Design, Operations, and Computing"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-032-15140-7_15","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,2,2]],"date-time":"2026-02-02T06:42:26Z","timestamp":1770014546000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-032-15140-7_15"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026]]},"ISBN":["9783032151391","9783032151407"],"references-count":30,"URL":"https:\/\/doi.org\/10.1007\/978-3-032-15140-7_15","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026]]},"assertion":[{"value":"3 February 2026","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"The authors have no competing interests to declare that are relevant to the content of this article.","order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Disclosure of Interests"}},{"value":"EDOC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Enterprise Design, Operations, and Computing","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Lisbon","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Portugal","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"9 September 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"12 September 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"29","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"edoc2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/cbi-edoc-2025.inesc-id.pt\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}