{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,8]],"date-time":"2025-11-08T17:47:29Z","timestamp":1762624049672,"version":"3.37.3"},"publisher-location":"Cham","reference-count":40,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319983844"},{"type":"electronic","value":"9783319983851"}],"license":[{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018]]},"DOI":"10.1007\/978-3-319-98385-1_15","type":"book-chapter","created":{"date-parts":[[2018,7,26]],"date-time":"2018-07-26T03:47:49Z","timestamp":1532576869000},"page":"213-228","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":18,"title":["An Enhanced Cyber Attack Attribution Framework"],"prefix":"10.1007","author":[{"given":"Nikolaos","family":"Pitropakis","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Emmanouil","family":"Panaousis","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Alkiviadis","family":"Giannakoulias","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"George","family":"Kalpakis","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Rodrigo Diaz","family":"Rodriguez","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Panayiotis","family":"Sarigiannidis","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2018,7,27]]},"reference":[{"key":"15_CR1","doi-asserted-by":"crossref","unstructured":"Farinholt, B., et al.: To catch a ratter: monitoring the behavior of amateur DarkComet RAT operators in the wild. In: IEEE Symposium on Security and Privacy, pp. 770\u2013787. IEEE (2017)","DOI":"10.1109\/SP.2017.48"},{"key":"15_CR2","doi-asserted-by":"crossref","unstructured":"Huang, L., Joseph, A.D., Nelson, B., Rubinstein, B.I., Tygar, J.: Adversarial machine learning. In: 4th ACM Workshop on Security and Artificial Intelligence, pp. 43\u201358. ACM (2011)","DOI":"10.1145\/2046684.2046692"},{"issue":"4","key":"15_CR3","doi-asserted-by":"crossref","first-page":"489","DOI":"10.1515\/jhsem-2014-0035","volume":"11","author":"SL Pfleeger","year":"2014","unstructured":"Pfleeger, S.L., Sasse, M.A., Furnham, A.: From weakest link to security hero: transforming staff security behavior. J. Homel. Secur. Emerg. Manag. 11(4), 489\u2013510 (2014)","journal-title":"J. Homel. Secur. Emerg. Manag."},{"issue":"3","key":"15_CR4","doi-asserted-by":"publisher","first-page":"49","DOI":"10.1109\/MSP.2011.67","volume":"9","author":"R Langner","year":"2011","unstructured":"Langner, R.: Stuxnet: dissecting a cyberwarfare weapon. IEEE Secur. Priv. 9(3), 49\u201351 (2011)","journal-title":"IEEE Secur. Priv."},{"key":"15_CR5","unstructured":"Kaspersky: Targeted cyber attacks logbook. https:\/\/apt.securelist.com\/ . Accessed 09 Feb 2018"},{"key":"15_CR6","unstructured":"Symantec: Advanced persistent threats: a symantec perspective. https:\/\/www.symantec.com\/content\/en\/us\/enterprise\/white_papers\/b-advanced_persistent_threats_WP_21215957.en-us.pdf . Accessed 09 Feb 2018"},{"key":"15_CR7","unstructured":"ITU: Targeted attack trends. https:\/\/www.itu.int\/en\/ITU-D\/Cybersecurity\/Documents\/2H_2013_Targeted_Attack_Campaign_Report.pdf . Accessed 09 Feb 2018"},{"key":"15_CR8","unstructured":"King, S.: Apt (advanced persistent threat) - what you need to know. https:\/\/www.netswitch.net\/apt-advanced-persistent-threat-what-you-need-to-know\/ . Accessed 09 Feb 2018"},{"key":"15_CR9","doi-asserted-by":"crossref","DOI":"10.4324\/9780203937419","volume-title":"Cyber-security and Threat Politics: US Efforts to Secure the Information Age","author":"MD Cavelty","year":"2007","unstructured":"Cavelty, M.D.: Cyber-security and Threat Politics: US Efforts to Secure the Information Age. Routledge, Abingdon (2007)"},{"issue":"8","key":"15_CR10","doi-asserted-by":"publisher","first-page":"719","DOI":"10.1016\/j.cose.2011.08.004","volume":"30","author":"KKR Choo","year":"2011","unstructured":"Choo, K.K.R.: The cyber threat landscape: challenges and future research directions. Comput. Secur. 30(8), 719\u2013731 (2011)","journal-title":"Comput. Secur."},{"key":"15_CR11","doi-asserted-by":"crossref","unstructured":"Giura, P., Wang, W.: A context-based detection framework for advanced persistent threats. In: International Conference on Cyber Security, pp. 69\u201374. IEEE (2012)","DOI":"10.1109\/CyberSecurity.2012.16"},{"key":"15_CR12","doi-asserted-by":"crossref","unstructured":"Virvilis, N., Gritzalis, D.: The big four-what we did wrong in advanced persistent threat detection? In: 8th International Conference on Availability, Reliability and Security, pp. 248\u2013254. IEEE (2013)","DOI":"10.1109\/ARES.2013.32"},{"key":"15_CR13","unstructured":"Jasek, R., Kolarik, M., Vymola, T.: APT detection system using honeypots. In: 13th International Conference on Applied Informatics and Communications, pp. 25\u201329. (2013)"},{"key":"15_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"63","DOI":"10.1007\/978-3-662-44885-4_5","volume-title":"Communications and Multimedia Security","author":"P Chen","year":"2014","unstructured":"Chen, P., Desmet, L., Huygens, C.: A study on advanced persistent threats. In: De Decker, B., Z\u00faquete, A. (eds.) CMS 2014. LNCS, vol. 8735, pp. 63\u201372. Springer, Heidelberg (2014). https:\/\/doi.org\/10.1007\/978-3-662-44885-4_5"},{"key":"15_CR15","doi-asserted-by":"publisher","first-page":"35","DOI":"10.1016\/j.cose.2014.09.006","volume":"48","author":"I Friedberg","year":"2015","unstructured":"Friedberg, I., Skopik, F., Settanni, G., Fiedler, R.: Combating advanced persistent threats: from network event correlation to incident detection. Comput. Secur. 48, 35\u201357 (2015)","journal-title":"Comput. Secur."},{"key":"15_CR16","doi-asserted-by":"publisher","first-page":"127","DOI":"10.1016\/j.comnet.2016.05.018","volume":"109","author":"M Marchetti","year":"2016","unstructured":"Marchetti, M., Pierazzi, F., Colajanni, M., Guido, A.: Analysis of high volumes of network traffic for advanced persistent threat detection. Comput. Netw. 109, 127\u2013141 (2016)","journal-title":"Comput. Netw."},{"key":"15_CR17","doi-asserted-by":"crossref","unstructured":"Hu, P., Li, H., Fu, H., Cansever, D., Mohapatra, P.: Dynamic defense strategy against advanced persistent threat with insiders. In: IEEE Conference on Computer Communications, pp. 747\u2013755. IEEE (2015)","DOI":"10.1109\/INFOCOM.2015.7218444"},{"key":"15_CR18","doi-asserted-by":"publisher","first-page":"13958","DOI":"10.1109\/ACCESS.2018.2814481","volume":"6","author":"Q Zhu","year":"2018","unstructured":"Zhu, Q., Rass, S.: On multi-phase and multi-stage game-theoretic modeling of advanced persistent threats. IEEE Access 6, 13958\u201313971 (2018)","journal-title":"IEEE Access"},{"key":"15_CR19","doi-asserted-by":"crossref","unstructured":"Bhatt, P., Yano, E.T., Gustavsson, P.: Towards a framework to detect multi-stage advanced persistent threats attacks. In: 2014 IEEE 8th International Symposium on Service Oriented System Engineering (SOSE), pp. 390\u2013395. IEEE (2014)","DOI":"10.1109\/SOSE.2014.53"},{"issue":"3","key":"15_CR20","first-page":"93","volume":"1","author":"P Giura","year":"2012","unstructured":"Giura, P., Wang, W.: Using large scale distributed computing to unveil advanced persistent threats. Sci. J. 1(3), 93\u2013105 (2012)","journal-title":"Sci. J."},{"key":"15_CR21","doi-asserted-by":"crossref","unstructured":"Wheeler, D.A., Larsen, G.N.: Techniques for cyber attack attribution. Technical report, Institute for Defense Analyses, Alexandria, VA (2003)","DOI":"10.21236\/ADA468859"},{"key":"15_CR22","unstructured":"Hunker, J., Hutchinson, B., Margulies, J.: Role and challenges for sufficient cyber-attack attribution. Institute for Information Infrastructure Protection, pp. 5\u201310 (2008)"},{"issue":"5","key":"15_CR23","doi-asserted-by":"publisher","first-page":"198","DOI":"10.1109\/MCOM.2017.1600292CM","volume":"55","author":"E Bou-Harb","year":"2017","unstructured":"Bou-Harb, E., Lucia, W., Forti, N., Weerakkody, S., Ghani, N., Sinopoli, B.: Cyber meets control: a novel federated approach for resilient CPS leveraging real cyber threat intelligence. IEEE Commun. Mag. 55(5), 198\u2013204 (2017)","journal-title":"IEEE Commun. Mag."},{"key":"15_CR24","doi-asserted-by":"publisher","first-page":"35","DOI":"10.1016\/j.cose.2017.02.005","volume":"67","author":"S Qamar","year":"2017","unstructured":"Qamar, S., Anwar, Z., Rahman, M.A., Al-Shaer, E., Chu, B.T.: Data-driven analytics for cyber-threat intelligence and information sharing. Comput. Secur. 67, 35\u201358 (2017)","journal-title":"Comput. Secur."},{"key":"15_CR25","unstructured":"DARPA: Enhanced attribution federal project. https:\/\/govtribe.com\/project\/enhanced-attribution . Accessed 09 Feb 2018"},{"key":"15_CR26","doi-asserted-by":"crossref","unstructured":"Kintis, P., et al.: Hiding in plain sight: a longitudinal study of combosquatting abuse. In: ACM Conference on Computer and Communications Security, pp. 569\u2013586. ACM (2017)","DOI":"10.1145\/3133956.3134002"},{"key":"15_CR27","unstructured":"Keromytis, A.: Enhanced attribution. https:\/\/www.enisa.europa.eu\/events\/cti-eu-event\/cti-eu-event-presentations\/enhanced-attribution\/ . Accessed 09 Feb 2018"},{"key":"15_CR28","unstructured":"David Westcott, K.B.: Aptnotes. https:\/\/github.com\/aptnotes\/data . Accessed 09 Feb 2018"},{"key":"15_CR29","doi-asserted-by":"crossref","unstructured":"Meusel, R., Mika, P., Blanco, R.: Focused crawling for structured data. In: 23rd ACM International Conference on Conference on Information and Knowledge Management, pp. 1039\u20131048. ACM (2014)","DOI":"10.1145\/2661829.2661902"},{"issue":"2","key":"15_CR30","doi-asserted-by":"publisher","first-page":"245","DOI":"10.1007\/s10115-013-0706-y","volume":"42","author":"I Triguero","year":"2015","unstructured":"Triguero, I., Garc\u00eda, S., Herrera, F.: Self-labeled techniques for semi-supervised learning: taxonomy, software and empirical study. Knowl. Inf. Syst. 42(2), 245\u2013284 (2015)","journal-title":"Knowl. Inf. Syst."},{"issue":"3","key":"15_CR31","doi-asserted-by":"publisher","first-page":"175","DOI":"10.1561\/1500000017","volume":"4","author":"C Olston","year":"2010","unstructured":"Olston, C., Najork, M.: Web crawling. Found. Trends Inf. Retr. 4(3), 175\u2013246 (2010)","journal-title":"Found. Trends Inf. Retr."},{"key":"15_CR32","doi-asserted-by":"publisher","first-page":"19","DOI":"10.1007\/978-0-387-39252-3_3","volume-title":"Ontology Learning and Population from Text: Algorithms, Evaluation and Applications","author":"P Cimiano","year":"2006","unstructured":"Cimiano, P.: Ontology learning from text. In: Cimiano, P. (ed.) Ontology Learning and Population from Text: Algorithms, Evaluation and Applications, pp. 19\u201334. Springer, Boston (2006). https:\/\/doi.org\/10.1007\/978-0-387-39252-3_3"},{"key":"15_CR33","doi-asserted-by":"crossref","unstructured":"Gialampoukidis, I., Moumtzidou, A., Tsikrika, T., Vrochidis, S., Kompatsiaris, I.: Retrieval of multimedia objects by fusing multiple modalities. In: ACM on International Conference on Multimedia Retrieval, pp. 359\u2013362. ACM (2016)","DOI":"10.1145\/2911996.2912068"},{"issue":"4","key":"15_CR34","doi-asserted-by":"publisher","first-page":"299","DOI":"10.1007\/s10207-014-0255-8","volume":"14","author":"N Pitropakis","year":"2015","unstructured":"Pitropakis, N., Pikrakis, A., Lambrinoudakis, C.: Behaviour reflects personality: detecting co-residence attacks on Xen-based cloud environments. Int. J. Inf. Secur. 14(4), 299\u2013305 (2015)","journal-title":"Int. J. Inf. Secur."},{"key":"15_CR35","volume-title":"Network Forensics: Tracking Hackers Through Cyberspace","author":"S Davidoff","year":"2012","unstructured":"Davidoff, S., Ham, J.: Network Forensics: Tracking Hackers Through Cyberspace, vol. 2014. Prentice Hall, Upper Saddle River (2012)"},{"key":"15_CR36","doi-asserted-by":"publisher","first-page":"13","DOI":"10.1016\/j.dss.2016.02.012","volume":"86","author":"A Fielder","year":"2016","unstructured":"Fielder, A., Panaousis, E., Malacaria, P., Hankin, C., Smeraldi, F.: Decision support approaches for cyber security investment. Decis. Support Syst. 86, 13\u201323 (2016)","journal-title":"Decis. Support Syst."},{"key":"15_CR37","series-title":"IFIP Advances in Information and Communication Technology","doi-asserted-by":"publisher","first-page":"15","DOI":"10.1007\/978-3-642-55415-5_2","volume-title":"ICT Systems Security and Privacy Protection","author":"A Fielder","year":"2014","unstructured":"Fielder, A., Panaousis, E., Malacaria, P., Hankin, C., Smeraldi, F.: Game theory meets information security management. In: Cuppens-Boulahia, N., Cuppens, F., Jajodia, S., Abou El Kalam, A., Sans, T. (eds.) SEC 2014. IAICT, vol. 428, pp. 15\u201329. Springer, Heidelberg (2014). https:\/\/doi.org\/10.1007\/978-3-642-55415-5_2"},{"key":"15_CR38","doi-asserted-by":"crossref","unstructured":"Fielder, A., Konig, S., Panaousis, E., Schauer, S., Rass, S.: Uncertainty in cyber security investments. arXiv preprint arXiv:1712.05893 (2017)","DOI":"10.3390\/g9020034"},{"issue":"1","key":"15_CR39","first-page":"69","volume":"23","author":"G Widmer","year":"1996","unstructured":"Widmer, G., Kubat, M.: Learning in the presence of concept drift and hidden contexts. Mach. Learn. 23(1), 69\u2013101 (1996)","journal-title":"Mach. Learn."},{"key":"15_CR40","unstructured":"Nikhi, B., Giannetsos, T., Panaousis, E., Took, C.C.: Unsupervised learning for trustworthy IoT. In: IEEE International Conference on Fuzzy Systems (FUZZ-IEEE) (2018)"}],"container-title":["Lecture Notes in Computer Science","Trust, Privacy and Security in Digital Business"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-98385-1_15","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,8,28]],"date-time":"2022-08-28T05:41:49Z","timestamp":1661665309000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-98385-1_15"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018]]},"ISBN":["9783319983844","9783319983851"],"references-count":40,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-98385-1_15","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2018]]}}}