{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,7,1]],"date-time":"2025-07-01T22:10:06Z","timestamp":1751407806749,"version":"3.41.0"},"publisher-location":"Cham","reference-count":34,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319756493"},{"type":"electronic","value":"9783319756509"}],"license":[{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018]]},"DOI":"10.1007\/978-3-319-75650-9_10","type":"book-chapter","created":{"date-parts":[[2018,2,16]],"date-time":"2018-02-16T15:14:32Z","timestamp":1518794072000},"page":"144-159","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":10,"title":["HuMa: A Multi-layer Framework for Threat Analysis in a Heterogeneous Log Environment"],"prefix":"10.1007","author":[{"given":"Julio","family":"Navarro","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"V\u00e9ronique","family":"Legrand","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Sofiane","family":"Lagraa","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"J\u00e9r\u00f4me","family":"Fran\u00e7ois","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Abdelkader","family":"Lahmadi","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Giulia","family":"De Santis","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Olivier","family":"Festor","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Nadira","family":"Lammari","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Fay\u00e7al","family":"Hamdi","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Aline","family":"Deruyver","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Quentin","family":"Goux","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Morgan","family":"Allard","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Pierre","family":"Parrend","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2018,2,17]]},"reference":[{"key":"10_CR1","unstructured":"Abraham, S., Nair, S.: A predictive framework for cyber security analytics using attack graphs. Int. J. Comput. Netw. Commun. (2015). http:\/\/arxiv.org\/abs\/1502.01240"},{"key":"10_CR2","doi-asserted-by":"publisher","unstructured":"Allodi, L., Massacci, F.: A preliminary analysis of vulnerability scores for attacks in wild: the ekits and sym datasets. In: Proceedings of the 2012 ACM Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, BADGERS 2012, pp. 17\u201324. ACM, New York (2012). https:\/\/doi.org\/10.1145\/2382416.2382427","DOI":"10.1145\/2382416.2382427"},{"key":"10_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"285","DOI":"10.1007\/978-3-642-54792-8_16","volume-title":"Principles of Security and Trust","author":"F Arnold","year":"2014","unstructured":"Arnold, F., Hermanns, H., Pulungan, R., Stoelinga, M.: Time-dependent analysis of attacks. In: Abadi, M., Kremer, S. (eds.) POST 2014. LNCS, vol. 8414, pp. 285\u2013305. Springer, Heidelberg (2014). https:\/\/doi.org\/10.1007\/978-3-642-54792-8_16"},{"key":"10_CR4","doi-asserted-by":"crossref","unstructured":"Benali, F., Ub\u00e9da, S., Legrand, V.: Collaborative approach to automatic classification of heterogeneous information security. In: Second International Conference on Emerging Security Information, Systems and Technologies, SECURWARE 2008, pp. 294\u2013299. IEEE (2008)","DOI":"10.1109\/SECURWARE.2008.53"},{"key":"10_CR5","doi-asserted-by":"crossref","unstructured":"Camtepe, S., Yener, B.: Modeling and detection of complex attacks. In: SecureComm Third International Conference on Security and Privacy in Communications Networks and the Workshops, pp. 234\u2013243, September 2007","DOI":"10.1109\/SECCOM.2007.4550338"},{"key":"10_CR6","doi-asserted-by":"crossref","unstructured":"Chen, B., Lee, J., Wu, A.S.: Active event correlation in Bro IDS to detect multi-stage attacks. In: Fourth IEEE International Workshop on Information Assurance (IWIA 2006), pp. 16\u201350. IEEE, London (2006)","DOI":"10.1109\/IWIA.2006.2"},{"key":"10_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"63","DOI":"10.1007\/978-3-662-44885-4_5","volume-title":"Communications and Multimedia Security","author":"P Chen","year":"2014","unstructured":"Chen, P., Desmet, L., Huygens, C.: A study on advanced persistent threats. In: De Decker, B., Z\u00faquete, A. (eds.) CMS 2014. LNCS, vol. 8735, pp. 63\u201372. Springer, Heidelberg (2014). https:\/\/doi.org\/10.1007\/978-3-662-44885-4_5"},{"issue":"4","key":"10_CR8","doi-asserted-by":"crossref","first-page":"91","DOI":"10.1109\/MC.2011.115","volume":"44","author":"TM Chen","year":"2011","unstructured":"Chen, T.M., Abu-Nimeh, S.: Lessons from stuxnet. Computer 44(4), 91\u201393 (2011)","journal-title":"Computer"},{"key":"10_CR9","doi-asserted-by":"crossref","unstructured":"Coudriau, M., Lahmadi, A., Francois, J.: Topological analysis and visualisation of network monitoring data: darknet case study. In: International Workshop on Information Forensics and Security (WIFS). IEEE, Abu Dhabi (2016)","DOI":"10.1109\/WIFS.2016.7823920"},{"key":"10_CR10","unstructured":"Cui, Z., Herwono, I., Kearney, P.: Multi-stage attack modelling. In: Proceedings of Cyberpatterns 2013, pp. 78\u201389 (2013)"},{"key":"10_CR11","doi-asserted-by":"crossref","unstructured":"De Santis, G., Lahmadi, A., Francois, J., Festor, O.: Modeling of IP scanning activities with hidden Markov models: darknet case study. In: 8th IFIP International Conference on New Technologies, Mobility and Security (NTMS), pp. 1\u20135. IEEE (2016)","DOI":"10.1109\/NTMS.2016.7792461"},{"key":"10_CR12","unstructured":"Fl\u00e5ten, O., Lund, M.S.: How good are attack trees for modelling advanced cyber threats? Norw. Inf. Secur. Conf. (NISK) 7(1) (2014)"},{"key":"10_CR13","doi-asserted-by":"crossref","first-page":"35","DOI":"10.1016\/j.cose.2014.09.006","volume":"48","author":"I Friedberg","year":"2015","unstructured":"Friedberg, I., Skopik, F., Settanni, G., Fiedler, R.: Combating advanced persistent threats: from network event correlation to incident detection. Comput. Secur. 48, 35\u201357 (2015)","journal-title":"Comput. Secur."},{"issue":"3","key":"10_CR14","first-page":"93","volume":"1","author":"P Giura","year":"2013","unstructured":"Giura, P., Wang, W.: Using large scale distributed computing to unveil advanced persistent threats. Science 1(3), 93 (2013)","journal-title":"Science"},{"key":"10_CR15","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1016\/j.cosrev.2014.07.001","volume":"13\u201314","author":"B Kordy","year":"2014","unstructured":"Kordy, B., Pi\u00e8tre-Cambac\u00e8d\u00e9s, L., Schweitzer, P.: Dag-based attack and defense modeling: don\u2019t miss the forest for the attack trees. Comput. Sci. Rev. 13\u201314, 1\u201338 (2014)","journal-title":"Comput. Sci. Rev."},{"key":"10_CR16","unstructured":"Kotenko, I., Chechulin, A.: A cyber attack modeling and impact assessment framework. In: 2013 5th International Conference on Cyber Conflict (CYCON 2013), pp. 1\u201324, June 2013"},{"key":"10_CR17","unstructured":"Lagraa, S., Legrand, V., Minier, M.: Behavioral change-based anomaly detection in computer networks using data mining. Int. J. Network Manag. (Submitted)"},{"key":"10_CR18","unstructured":"Le, Q., Mikolov, T.: Distributed representations of sentences and documents. In: Jebara, T., Xing, E.P. (eds.) Proceedings of the 31st International Conference on Machine Learning (ICML 2014), pp. 1188\u20131196. JMLR Workshop and Conference Proceedings (2014)"},{"key":"10_CR19","doi-asserted-by":"crossref","unstructured":"Legrand, V., State, R., Paffumi, L.: A dangerousness-based investigation model for security event management. In: The Third International Conference on Internet Monitoring and Protection, ICIMP 2008, pp. 109\u2013118. IEEE (2008)","DOI":"10.1109\/ICIMP.2008.16"},{"key":"10_CR20","doi-asserted-by":"crossref","unstructured":"Legrand, V., Ubeda, S.: Enriched diagnosis and investigation models for security event correlation. In: Second International Conference on Internet Monitoring and Protection, ICIMP 2007, p. 1. IEEE (2007)","DOI":"10.1109\/ICIMP.2007.16"},{"key":"10_CR21","unstructured":"Legrand, V.: Confiance et risque pour engager un \u00e9change en milieu hostile. Ph.D. thesis, INSA-Lyon (2013)"},{"key":"10_CR22","doi-asserted-by":"crossref","unstructured":"Marchetti, M., Colajanni, M., Manganiello, F.: Identification of correlated network intrusion alerts. In: Third International Workshop on Cyberspace Safety and Security (CSS), pp. 15\u201320. IEEE, Milan (2011)","DOI":"10.1109\/CSS.2011.6058565"},{"key":"10_CR23","doi-asserted-by":"crossref","unstructured":"Mathew, S., Upadhyaya, S.: Attack scenario recognition through heterogeneous event stream analysis. In: IEEE Military Communications Conference (MILCOM), pp. 1\u20137. IEEE, Boston (2009)","DOI":"10.1109\/MILCOM.2009.5379763"},{"key":"10_CR24","doi-asserted-by":"crossref","unstructured":"Navarro-Lara, J., Deruyver, A., Parrend, P.: Morwilog: an ACO-based system for outlining multi-step attacks. In: IEEE Symposium Series on Computational Intelligence (SSCI). IEEE, Athens (2016)","DOI":"10.1109\/SSCI.2016.7849902"},{"key":"10_CR25","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1016\/j.aca.2015.12.037","volume":"910","author":"M Offroy","year":"2016","unstructured":"Offroy, M., Duponchel, L.: Topological data analysis: a promising big data exploration tool in biology, analytical chemistry and physical chemistry. Anal. Chim. Acta 910, 1\u201311 (2016)","journal-title":"Anal. Chim. Acta"},{"key":"10_CR26","unstructured":"Pearson, P., Muellner, D., Singh, G.: TDAmapper: Analyze High-Dimensional Data Using Discrete Morse Theory (2015). https:\/\/github.com\/paultpearson\/TDAmapper\/ , (R package version 1.0)"},{"key":"10_CR27","unstructured":"\u0158eh\u016f\u0159ek, R., Sojka, P.: Software framework for topic modelling with large corpora. In: Proceedings of the LREC 2010 Workshop on New Challenges for NLP Frameworks, pp. 45\u201350. ELRA, Valletta, May 2010"},{"key":"10_CR28","doi-asserted-by":"crossref","first-page":"e25","DOI":"10.7717\/peerj-cs.25","volume":"1","author":"N Scarabeo","year":"2015","unstructured":"Scarabeo, N., Fung, B.C., Khokhar, R.H.: Mining known attack patterns from security-related events. PeerJ Comput. Sci. 1, e25 (2015)","journal-title":"PeerJ Comput. Sci."},{"key":"10_CR29","first-page":"21","volume":"24","author":"B Schneider","year":"1999","unstructured":"Schneider, B.: Attack trees. Dr. Dobb\u2019s J. 24, 21\u201329 (1999)","journal-title":"Dr. Dobb\u2019s J."},{"issue":"1","key":"10_CR30","first-page":"54","volume":"11","author":"AK Sood","year":"2013","unstructured":"Sood, A.K., Enbody, R.J.: Targeted cyberattacks: a superset of advanced persistent threats. IEEE Secur. Priv. 11(1), 54\u201361 (2013)","journal-title":"IEEE Secur. Priv."},{"issue":"2","key":"10_CR31","first-page":"142","volume":"10","author":"L Wang","year":"2010","unstructured":"Wang, L., Ghorbani, A., Li, Y.: Automatic multi-step attack pattern discovering. Int. J. Netw. Secur. (IJNS) 10(2), 142\u2013152 (2010)","journal-title":"Int. J. Netw. Secur. (IJNS)"},{"key":"10_CR32","doi-asserted-by":"crossref","unstructured":"Zali, Z., Hashemi, M.R., Saidi, H.: Real-time attack scenario detection via intrusion detection alert correlation. In: 9th International ISC Conference on Information Security and Cryptology (ISCISC), pp. 95\u2013102. IEEE, Tabriz (2012)","DOI":"10.1109\/ISCISC.2012.6408197"},{"key":"10_CR33","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"217","DOI":"10.1007\/978-3-642-23088-2_15","volume-title":"Database and Expert Systems Applications","author":"S Zhang","year":"2011","unstructured":"Zhang, S., Caragea, D., Ou, X.: An empirical study on using the national vulnerability database to predict software vulnerabilities. In: Hameurlain, A., Liddle, S.W., Schewe, K.-D., Zhou, X. (eds.) DEXA 2011. LNCS, vol. 6860, pp. 217\u2013231. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-23088-2_15"},{"key":"10_CR34","doi-asserted-by":"crossref","unstructured":"Zhaowen, L., Shan, L., Yan, M.: Real-time intrusion alert correlation system based on prerequisites and consequence. In: 6th International Conference on Wireless Communications Networking and Mobile Computing (WiCOM), pp. 1\u20135. IEEE, Chengdu City (2010)","DOI":"10.1109\/WICOM.2010.5601285"}],"container-title":["Lecture Notes in Computer Science","Foundations and Practice of Security"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-75650-9_10","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,1]],"date-time":"2025-07-01T21:55:06Z","timestamp":1751406906000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-75650-9_10"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018]]},"ISBN":["9783319756493","9783319756509"],"references-count":34,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-75650-9_10","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2018]]}}}