{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,1]],"date-time":"2025-11-01T13:42:51Z","timestamp":1762004571818,"version":"3.40.4"},"publisher-location":"Cham","reference-count":30,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319053011"},{"type":"electronic","value":"9783319053028"}],"license":[{"start":{"date-parts":[[2014,1,1]],"date-time":"2014-01-01T00:00:00Z","timestamp":1388534400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2014,1,1]],"date-time":"2014-01-01T00:00:00Z","timestamp":1388534400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2014]]},"DOI":"10.1007\/978-3-319-05302-8_10","type":"book-chapter","created":{"date-parts":[[2014,3,20]],"date-time":"2014-03-20T14:31:24Z","timestamp":1395325884000},"page":"161-177","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":27,"title":["ONTIDS: A Highly Flexible Context-Aware and Ontology-Based Alert Correlation Framework"],"prefix":"10.1007","author":[{"given":"Alireza","family":"Sadighian","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jos\u00e9 M.","family":"Fernandez","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Antoine","family":"Lemay","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Saman T.","family":"Zargar","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2014,3,21]]},"reference":[{"doi-asserted-by":"crossref","unstructured":"Li-Zhong, G., Hui-bo, J.: A novel intrusion detection scheme for network-attached storage based on multi-source information fusion. In: 2012 Eighth International Conference on Computational Intelligence and Security, pp. 469\u2013473 (2009)","key":"10_CR1","DOI":"10.1109\/CIS.2009.262"},{"issue":"3","key":"10_CR2","doi-asserted-by":"publisher","first-page":"542","DOI":"10.1109\/TIFS.2009.2026954","volume":"4","author":"C Thomas","year":"2009","unstructured":"Thomas, C., Balakrishnan, N.: Improvement in intrusion detection with advances in sensor fusion. Trans. Inf. For. Sec. 4(3), 542\u2013551 (2009)","journal-title":"Trans. Inf. For. Sec."},{"key":"10_CR3","series-title":"LNCS","first-page":"206","volume-title":"DIMVA 2005","author":"H Dreger","year":"2005","unstructured":"Dreger, H., Kreibich, C., Paxson, V., Sommer, R.: Enhancing the accuracy of network-based intrusion detection with host-based context. In: Julisch, K., Kruegel, C. (eds.) DIMVA 2005. LNCS, vol. 3548, pp. 206\u2013221. Springer, Heidelberg (2005)"},{"doi-asserted-by":"crossref","unstructured":"Cuppens, F., Miege, A.: Alert correlation in a cooperative intrusion detection framework. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 202\u2013215 (2002)","key":"10_CR4","DOI":"10.1109\/SECPRI.2002.1004372"},{"key":"10_CR5","series-title":"LNCS","first-page":"84","volume-title":"RAID 2003","author":"B Morin","year":"2003","unstructured":"Morin, B., Debar, H.: Correlation of intrusion symptoms: an application of chronicles. In: Vigna, G., Kruegel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol. 2820, pp. 84\u2013112. Springer, Heidelberg (2003)"},{"key":"10_CR6","series-title":"LNCS","first-page":"37","volume-title":"DIMVA 2006","author":"L Chen","year":"2006","unstructured":"Chen, L., Aritsugi, M.: An SVM-based masquerade detection method with online update using co-occurrence matrix. In: B\u00fcschkes, R., Laskov, P. (eds.) DIMVA 2006. LNCS, vol. 4064, pp. 37\u201353. Springer, Heidelberg (2006)"},{"key":"10_CR7","series-title":"LNCS","first-page":"232","volume-title":"DIMVA 2013","author":"E Raftopoulos","year":"2013","unstructured":"Raftopoulos, E., Egli, M., Dimitropoulos, X.: Shedding light on log correlation in network forensics analysis. In: Flegel, U., Markatos, E., Robertson, W. (eds.) DIMVA 2013. LNCS, vol. 7591, pp. 232\u2013241. Springer, Heidelberg (2013)"},{"key":"10_CR8","series-title":"LNCS","first-page":"147","volume-title":"DIMVA 2009","author":"F Gagnon","year":"2009","unstructured":"Gagnon, F., Massicotte, F., Esfandiari, B.: Using contextual information for ids alarm classification (extended abstract). In: Flegel, U., Bruschi, D. (eds.) DIMVA 2009. LNCS, vol. 5587, pp. 147\u2013156. Springer, Heidelberg (2009)"},{"key":"10_CR9","series-title":"LNCS","first-page":"290","volume-title":"RAID 2006","author":"S Sinha","year":"2006","unstructured":"Sinha, S., Jahanian, F., Patel, J.M.: WIND: workload-aware intrusion detection. In: Kruegel, C., Zamboni, D. (eds.) RAID 2006. LNCS, vol. 4219, pp. 290\u2013310. Springer, Heidelberg (2006)"},{"issue":"1","key":"10_CR10","first-page":"61","volume":"42","author":"A Vorobiev","year":"2010","unstructured":"Vorobiev, A., Bekmamedova, N.: An ontology-driven approach applied to information security. J. Res. Prac. Inf. Technol. 42(1), 61 (2010)","journal-title":"J. Res. Prac. Inf. Technol."},{"key":"10_CR11","series-title":"LNCS","first-page":"192","volume-title":"SEUS 2009","author":"L Coppolino","year":"2009","unstructured":"Coppolino, L., D\u2019Antonio, S., Elia, I., Romano, L.: From intrusion detection to intrusion detection and diagnosis: An ontology-based approach. In: Lee, S., Narasimhan, P. (eds.) SEUS 2009. LNCS, vol. 5860, pp. 192\u2013202. Springer, Heidelberg (2009)"},{"issue":"3","key":"10_CR12","doi-asserted-by":"publisher","first-page":"146","DOI":"10.1109\/TDSC.2004.21","volume":"1","author":"F Valeur","year":"2004","unstructured":"Valeur, F., Vigna, G., Kruegel, C., Kemmerer, R.: Comprehensive approach to intrusion detection alert correlation. IEEE Trans. Depend. Secur. Comput. 1(3), 146\u2013169 (2004)","journal-title":"IEEE Trans. Depend. Secur. Comput."},{"key":"10_CR13","series-title":"LNCS","first-page":"197","volume-title":"RAID 2000","author":"F Cuppens","year":"2000","unstructured":"Cuppens, F., Ortalo, R.: LAMBDA: A language to model a database for detection of attacks. In: Debar, H., M\u00e9, L., Wu, S.F. (eds.) RAID 2000. LNCS, vol. 1907, pp. 197\u2013216. Springer, Heidelberg (2000)"},{"unstructured":"CVE: Common vulnerabilities exposures (CVE), the key to information sharing. http:\/\/cve.mitre.org\/","key":"10_CR14"},{"unstructured":"CAPEC: Common attack pattern enumeration and classification (capec). http:\/\/capec.mitre.org\/","key":"10_CR15"},{"issue":"1","key":"10_CR16","doi-asserted-by":"crossref","first-page":"71","DOI":"10.3233\/JCS-2002-101-204","volume":"10","author":"ST Eckmann","year":"2002","unstructured":"Eckmann, S.T., Vigna, G., Kemmerer, R.A.: STATL: An attack language for state-based intrusion detection. J. Comput. Secur. 10(1), 71\u2013103 (2002)","journal-title":"J. Comput. Secur."},{"doi-asserted-by":"crossref","unstructured":"Debar, H., Curry, D., Feinstein, B.: The intrusion detection message exchange format (idmef) (2007)","key":"10_CR17","DOI":"10.17487\/rfc4765"},{"unstructured":"Mitre Corporation: A standardized common event expression (CEE) for event interoperability (2013)","key":"10_CR18"},{"unstructured":"Roesch, M.: Snort - lightweight intrusion detection for networks. In: Proceedings of the 13th USENIX Conference on System Administration (LISA \u201999), pp. 229\u2013238. USENIX Association, Berkeley (1999)","key":"10_CR19"},{"unstructured":"Corporation, I.: IBM RealSecure. http:\/\/www-935.ibm.com\/services\/us\/en\/it-services\/express-managed-protection-services-for-server.html","key":"10_CR20"},{"unstructured":"Zaraska, K.: Prelude ids: current state and development perspectives (2003). http:\/\/www.prelude-ids.org\/download\/misc\/pingwinaria\/2003\/paper.pdf","key":"10_CR21"},{"unstructured":"Deraison, R.: The nessus project (2002). http:\/\/www.nessus.org","key":"10_CR22"},{"unstructured":"Lyon, G.F.: Nmap network scanning: The official Nmap project guide to network discovery and security scanning. Insecure, USA (2009)","key":"10_CR23"},{"unstructured":"Nyulas, C., O\u2019Connor, M., Tu, S.: Datamaster\u2013a plug-in for importing schemas and data from relational databases into protege. In: Proceedings of the 10th International Protege Conference (2007)","key":"10_CR24"},{"unstructured":"Parsia, B., Sirin, E.: Pellet: An OWL-DL reasoner. In: Third International Semantic Web Conference-Poster, p. 18 (2004)","key":"10_CR25"},{"unstructured":"Friedman-Hill, E. et al.: Jess, the rule engine for the java platform (2003)","key":"10_CR26"},{"unstructured":"O\u2019Connor, M., Das, A.: SQWRL: a query language for OWL. In: Proceedings of the 6th Workshop on OWL: Experiences and Directions (OWLED2009) (2009)","key":"10_CR27"},{"issue":"3","key":"10_CR28","doi-asserted-by":"publisher","first-page":"357","DOI":"10.1016\/j.cose.2011.12.012","volume":"31","author":"A Shiravi","year":"2012","unstructured":"Shiravi, A., Shiravi, H., Tavallaee, M., Ghorbani, A.A.: Toward developing a systematic approach to generate benchmark datasets for intrusion detection. Comput. Secur. 31(3), 357\u2013374 (2012)","journal-title":"Comput. Secur."},{"unstructured":"MIT Lincoln Laboratory: 2000 DARPA intrusion detection scenario specific data sets (2000)","key":"10_CR29"},{"unstructured":"Hu, Y.: TIAA: A toolkit for intrusion alert analysis (2004)","key":"10_CR30"}],"container-title":["Lecture Notes in Computer Science","Foundations and Practice of Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-05302-8_10","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,5,2]],"date-time":"2025-05-02T03:30:26Z","timestamp":1746156626000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-319-05302-8_10"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2014]]},"ISBN":["9783319053011","9783319053028"],"references-count":30,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-05302-8_10","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2014]]},"assertion":[{"value":"21 March 2014","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}}]}}