{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,11]],"date-time":"2025-09-11T19:05:15Z","timestamp":1757617515159,"version":"3.44.0"},"publisher-location":"Singapore","reference-count":28,"publisher":"Springer Nature Singapore","isbn-type":[{"type":"print","value":"9789819624164"},{"type":"electronic","value":"9789819624171"}],"license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-981-96-2417-1_22","type":"book-chapter","created":{"date-parts":[[2025,3,3]],"date-time":"2025-03-03T09:52:33Z","timestamp":1740995553000},"page":"402-419","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["An Efficient IOC-Driven BigData Tracing and\u00a0Backtracking Model for\u00a0Emergency Response"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0009-0009-4049-0466","authenticated-orcid":false,"given":"Haiping","family":"Wang","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jianqiang","family":"Li","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Binbin","family":"Li","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Tianning","family":"Zang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Zisen","family":"Qi","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Siyu","family":"Jia","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yu","family":"Ding","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yifei","family":"Yang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2025,3,4]]},"reference":[{"key":"22_CR1","volume-title":"Intelligence-Driven Incident Response: Outwitting the Adversary","author":"SJ Roberts","year":"2017","unstructured":"Roberts, S.J., Brown, R.: Intelligence-Driven Incident Response: Outwitting the Adversary. O\u2019Reilly Media, Inc., Newton (2017)"},{"issue":"4","key":"22_CR2","doi-asserted-by":"publisher","first-page":"2525","DOI":"10.1109\/COMST.2021.3117338","volume":"23","author":"D Schlette","year":"2021","unstructured":"Schlette, D., Caselli, M., Pernul, G.: A comparative study on cyber threat intelligence: the security incident response perspective. IEEE Commun. Surv. Tutor. 23(4), 2525\u20132556 (2021)","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"22_CR3","unstructured":"G\u00f3mez, J.A. (2011). The Targeting Process: D3A and F3EAD"},{"issue":"4","key":"22_CR4","doi-asserted-by":"publisher","first-page":"2160","DOI":"10.1109\/TSMC.2022.3229036","volume":"53","author":"D Yang","year":"2023","unstructured":"Yang, D., Li, Q., Zhu, F., Cui, H., Yi, W., Qin, J.: Parallel emergency management of incidents by integrating OODA and PREA loops: the C2 mechanism and modes. IEEE Trans. Syst. Man Cybern. Syst. 53(4), 2160\u20132172 (2023)","journal-title":"IEEE Trans. Syst. Man Cybern. Syst."},{"issue":"1\/2","key":"22_CR5","first-page":"84","volume":"20","author":"SF Emara","year":"2023","unstructured":"Emara, S.F., Abdelhady, S., Zaki, M.: A novel traceback model for DDoS attacks using modified Floyd-Warshall algorithm. Int. J. Inf. Comput. Secur. 20(1\/2), 84\u2013103 (2023)","journal-title":"Int. J. Inf. Comput. Secur."},{"key":"22_CR6","doi-asserted-by":"crossref","unstructured":"Xiao, F., Chen, E., Xu, Q., Zhang, X.: ICSTrace: a malicious IP traceback model for attacking data of the industrial control system. Secur. Commun. Netw. 2021, 7525092:1-7525092:14 (2021)","DOI":"10.1155\/2021\/7525092"},{"key":"22_CR7","doi-asserted-by":"publisher","first-page":"60","DOI":"10.1016\/j.comcom.2014.01.003","volume":"42","author":"S Saurabh","year":"2014","unstructured":"Saurabh, S., Sairam, A.S.: ICMP based IP traceback with negligible overhead for highly distributed reflector attack using bloom filters. Comput. Commun. 42, 60\u201369 (2014)","journal-title":"Comput. Commun."},{"key":"22_CR8","doi-asserted-by":"publisher","first-page":"42","DOI":"10.1016\/j.future.2013.10.023","volume":"33","author":"E-H Jeong","year":"2014","unstructured":"Jeong, E.-H., Lee, B.K.: An IP Traceback protocol using a compressed hash table, a sinkhole router and data mining based on network forensics against network attacks. Future Gener. Comput. Syst. 33, 42\u201352 (2014)","journal-title":"Future Gener. Comput. Syst."},{"key":"22_CR9","unstructured":"https:\/\/mcfp.weebly.com\/the-ctu-13-dataset-a-labeled-dataset-with-botnet-normal-and-background-traffic.html"},{"issue":"1\u20132","key":"22_CR10","doi-asserted-by":"publisher","first-page":"18","DOI":"10.1016\/j.cose.2008.08.003","volume":"28","author":"P Garcia-Teodoro","year":"2009","unstructured":"Garcia-Teodoro, P., Verdejo, J.E.D., Maci\u00e1-Fern\u00e1ndez, G., V\u00e1zquez, E.: Anomaly-based network intrusion detection: techniques, systems and challenges. Comput. Secur. 28(1\u20132), 18\u201328 (2009)","journal-title":"Comput. Secur."},{"issue":"1","key":"22_CR11","first-page":"S2","volume":"9","author":"A Chonka","year":"2012","unstructured":"Chonka, A., Skinner, N.: Real-time network forensics: building a back-end for full packet capture. Digit. Investig. 9(1), S2\u2013S14 (2012)","journal-title":"Digit. Investig."},{"key":"22_CR12","doi-asserted-by":"crossref","unstructured":"Sommer, R., Paxson, V.: Outside the closed world: on using machine learning for network intrusion detection. In: IEEE Symposium on Security and Privacy, pp. 305\u2013316 (2010)","DOI":"10.1109\/SP.2010.25"},{"key":"22_CR13","unstructured":"STIX. https:\/\/oasis-open.github.io\/cti-documentation\/stix\/intro"},{"key":"22_CR14","unstructured":"TAXII. https:\/\/oasis-open.github.io\/cti-documentation\/taxii\/intro.html"},{"issue":"1","key":"22_CR15","first-page":"1509835","volume":"14","author":"M Al-Muhtadi","year":"2018","unstructured":"Al-Muhtadi, M., Tipper, H.: Integrating threat intelligence into intrusion detection systems. Int. J. Distrib. Sensor Netw. 14(1), 1509835 (2018)","journal-title":"Int. J. Distrib. Sensor Netw."},{"key":"22_CR16","first-page":"445","volume":"112","author":"Y Liu","year":"2020","unstructured":"Liu, Y., Jin, X., Ni, Q.: A threat intelligence-driven framework for detecting advanced persistent threats. Futur. Gener. Comput. Syst. 112, 445\u2013457 (2020)","journal-title":"Futur. Gener. Comput. Syst."},{"key":"22_CR17","first-page":"20","volume":"67","author":"AM Al-Nemrat","year":"2016","unstructured":"Al-Nemrat, A.M., Furnell, S.: Cyber threat intelligence sharing and prediction of cyber attacks. J. Netw. Comput. Appl. 67, 20\u201332 (2016)","journal-title":"J. Netw. Comput. Appl."},{"issue":"4","key":"22_CR18","doi-asserted-by":"publisher","first-page":"2347","DOI":"10.1109\/COMST.2015.2444095","volume":"17","author":"A Al-Fuqaha","year":"2015","unstructured":"Al-Fuqaha, A., Guizani, M., Mohammadi, M., Aledhari, M., Ayyash, M.: Internet of things: a survey on enabling technologies, protocols, and applications. IEEE Commun. Surv. Tutor. 17(4), 2347\u20132376 (2015)","journal-title":"IEEE Commun. Surv. Tutor."},{"issue":"1","key":"22_CR19","first-page":"200","volume":"13","author":"J Park","year":"2018","unstructured":"Park, J., Son, S.: Machine learning-based IP traceback using flow correlation. IEEE Trans. Inf. Forensics Secur. 13(1), 200\u2013214 (2018)","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"22_CR20","first-page":"49","volume":"67","author":"H Yu","year":"2016","unstructured":"Yu, H., He, D., Li, Y., Hu, X.: An intelligent data traceback system based on association rule mining. J. Netw. Comput. Appl. 67, 49\u201360 (2016)","journal-title":"J. Netw. Comput. Appl."},{"issue":"6","key":"22_CR21","first-page":"533","volume":"7","author":"Z Li","year":"2014","unstructured":"Li, Z., Chen, L., Zhang, Y., Song, W.: A hybrid data traceback approach based on improved Apriori algorithm and SVM in cloud computing environment. IEEE Trans. Serv. Comput. 7(6), 533\u2013546 (2014)","journal-title":"IEEE Trans. Serv. Comput."},{"issue":"12","key":"22_CR22","first-page":"2456","volume":"10","author":"L Xu","year":"2015","unstructured":"Xu, L., Wang, Y., Ren, K.: Anomaly-based intrusion detection using deep learning over network flows. IEEE Trans. Inf. Forensics Secur. 10(12), 2456\u20132468 (2015)","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"22_CR23","first-page":"442","volume":"32","author":"J Srivastava","year":"2014","unstructured":"Srivastava, J., Shrivastava, A., Singh, S.K.: Predictive modeling using data mining techniques for cyber crime investigation. Procedia Comput. Sci. 32, 442\u2013449 (2014)","journal-title":"Procedia Comput. Sci."},{"issue":"4","key":"22_CR24","first-page":"28","volume":"38","author":"P Carbone","year":"2015","unstructured":"Carbone, P., Katsifodimos, A., Ewen, S., Markl, V., Haridi, S., Tzoumas, K.: Apache Flink\u2122: stream and batch processing in a single engine. IEEE Data Eng. Bull. 38(4), 28\u201338 (2015)","journal-title":"IEEE Data Eng. Bull."},{"key":"22_CR25","doi-asserted-by":"crossref","unstructured":"Thusoo, A., et al: Hive - a petabyte scale data warehouse using Hadoop. In: ICDE 2010, pp. 996\u20131005 (2010)","DOI":"10.1109\/ICDE.2010.5447738"},{"key":"22_CR26","doi-asserted-by":"crossref","unstructured":"Shanahan, J.G., Dai, L.: Large scale distributed data science using apache spark. In: KDD, pp. 2323\u20132324 (2015)","DOI":"10.1145\/2783258.2789993"},{"issue":"12","key":"22_CR27","doi-asserted-by":"publisher","first-page":"1654","DOI":"10.14778\/2824032.2824063","volume":"8","author":"G Wang","year":"2015","unstructured":"Wang, G., et al.: Building a replicated logging system with apache kafka. Proc. VLDB Endow. 8(12), 1654\u20131655 (2015)","journal-title":"Proc. VLDB Endow."},{"key":"22_CR28","unstructured":"Zhao, Z., Kleinhans, A., Sandhu, G., Patel, I., Unnikrishnan, K.P.: Capsule networks with max-min normalization. CoRR arxiv:1903.09662 (2019)"}],"container-title":["Lecture Notes in Computer Science","Science of Cyber Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-981-96-2417-1_22","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,9,6]],"date-time":"2025-09-06T07:07:49Z","timestamp":1757142469000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-981-96-2417-1_22"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"ISBN":["9789819624164","9789819624171"],"references-count":28,"URL":"https:\/\/doi.org\/10.1007\/978-981-96-2417-1_22","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2025]]},"assertion":[{"value":"4 March 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"SciSec","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Science of Cyber Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Copenhagen","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Denmark","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2024","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"14 August 2024","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"16 August 2024","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"6","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"scisec2024","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/www.scisec.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}