{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,21]],"date-time":"2026-05-21T16:39:28Z","timestamp":1779381568056,"version":"3.53.1"},"publisher-location":"Singapore","reference-count":27,"publisher":"Springer Nature Singapore","isbn-type":[{"value":"9789819624164","type":"print"},{"value":"9789819624171","type":"electronic"}],"license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-981-96-2417-1_4","type":"book-chapter","created":{"date-parts":[[2025,3,3]],"date-time":"2025-03-03T09:51:53Z","timestamp":1740995513000},"page":"56-75","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["LogSHIELD: A Graph-Based Real-Time Anomaly Detection Framework Using Frequency Analysis"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-9388-8042","authenticated-orcid":false,"given":"Krishna Chandra","family":"Roy","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0130-5901","authenticated-orcid":false,"given":"Qian","family":"Chen","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2025,3,4]]},"reference":[{"key":"4_CR1","unstructured":"Acquesta, E., et\u00a0al.: Detailed statistical models of host-based data for detection of malicious activity. Technical report, Sandia National Lab. (SNL-NM), Albuquerque, NM, USA (2019)"},{"issue":"1","key":"4_CR2","doi-asserted-by":"publisher","first-page":"155","DOI":"10.1017\/S1351324916000334","volume":"23","author":"KW Church","year":"2017","unstructured":"Church, K.W.: Word2vec. Nat. Lang. Eng. 23(1), 155\u2013162 (2017)","journal-title":"Nat. Lang. Eng."},{"key":"4_CR3","doi-asserted-by":"crossref","unstructured":"Du, M., Chen, Z., Liu, C., Oak, R., Song, D.: Lifelong anomaly detection through unlearning. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pp. 1283\u20131297 (2019)","DOI":"10.1145\/3319535.3363226"},{"key":"4_CR4","doi-asserted-by":"crossref","unstructured":"Fu, C., Li, Q., Shen, M., Xu, K.: Realtime robust malicious traffic detection via frequency domain analysis. In: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, pp. 3431\u20133446 (2021)","DOI":"10.1145\/3460120.3484585"},{"key":"4_CR5","doi-asserted-by":"crossref","unstructured":"Gamachchi, A., Boztas, S.: Insider threat detection through attributed graph clustering. In: 2017 IEEE Trustcom\/BigDataSE\/ICESS, pp. 112\u2013119. IEEE (2017)","DOI":"10.1109\/Trustcom\/BigDataSE\/ICESS.2017.227"},{"key":"4_CR6","doi-asserted-by":"crossref","unstructured":"Gamachchi, A., Sun, L., Boztas, S.: A graph based framework for malicious insider threat detection. arXiv preprint arXiv:1809.00141 (2018)","DOI":"10.24251\/HICSS.2017.319"},{"issue":"12","key":"4_CR7","doi-asserted-by":"publisher","first-page":"1871","DOI":"10.3390\/electronics11121871","volume":"11","author":"SH Han","year":"2022","unstructured":"Han, S.H., Lee, D.: Kernel-based real-time file access monitoring structure for detecting malware activity. Electronics 11(12), 1871 (2022)","journal-title":"Electronics"},{"key":"4_CR8","doi-asserted-by":"crossref","unstructured":"Han, X., Pasquier, T., Bates, A., Mickens, J., Seltzer, M.: Unicorn: runtime provenance-based detector for advanced persistent threats. arXiv preprint arXiv:2001.01525 (2020)","DOI":"10.14722\/ndss.2020.24046"},{"key":"4_CR9","doi-asserted-by":"publisher","first-page":"4363","DOI":"10.1109\/TIFS.2021.3098977","volume":"16","author":"H Irshad","year":"2021","unstructured":"Irshad, H., et al.: TRACE: enterprise-wide provenance tracking for real-time APT detection. IEEE Trans. Inf. Forensics Secur. 16, 4363\u20134376 (2021)","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"4_CR10","unstructured":"Joulin, A., Grave, E., Bojanowski, P., Douze, M., J\u00e9gou, H., Mikolov, T.: FastText. zip: compressing text classification models. arXiv preprint arXiv:1612.03651 (2016)"},{"key":"4_CR11","doi-asserted-by":"crossref","unstructured":"Le, D.C., Zincir-Heywood, N., Heywood, M.: Training regime influences to semi-supervised learning for insider threat detection. In: 2021 IEEE Security and Privacy Workshops (SPW), pp. 13\u201318. IEEE (2021)","DOI":"10.1109\/SPW53761.2021.00010"},{"key":"4_CR12","doi-asserted-by":"crossref","unstructured":"Liu, F., Wen, Y., Zhang, D., Jiang, X., Xing, X., Meng, D.: Log2vec: a heterogeneous graph embedding based approach for detecting cyber threats within enterprise. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pp. 1777\u20131794 (2019)","DOI":"10.1145\/3319535.3363224"},{"key":"4_CR13","doi-asserted-by":"crossref","unstructured":"Lo, W.W., Layeghy, S., Sarhan, M., Gallagher, M., Portmann, M.: E-GraphSAGE: a graph neural network based intrusion detection system. arXiv preprint arXiv:2103.16329 (2021)","DOI":"10.1109\/NOMS54207.2022.9789878"},{"key":"4_CR14","doi-asserted-by":"crossref","unstructured":"Panda, B., Tripathy, S.N.: Host-specific outlier detection using process relation semantics with graph mining. In: Advances in Data Science and Management, pp. 449\u2013462. Springer (2022)","DOI":"10.1007\/978-981-16-5685-9_44"},{"key":"4_CR15","unstructured":"PRODUCTIO, P.F.R.T.: (2022). https:\/\/pytorch.org\/"},{"key":"4_CR16","doi-asserted-by":"crossref","unstructured":"Roy, K.C., Chen, G.: GraphCH: a deep framework for assessing cyber-human aspects in insider threat detection. IEEE Trans. Dependable Secure Comput. (2024)","DOI":"10.1109\/TDSC.2024.3353929"},{"key":"4_CR17","doi-asserted-by":"crossref","unstructured":"Roy, K.C., Chen, Q.: DeepRan: attention-based biLSTM and CRF for ransomware early detection and classification. Inf. Syst. Front. 1\u201317 (2020)","DOI":"10.1007\/s10796-020-10017-4"},{"issue":"5","key":"4_CR18","doi-asserted-by":"publisher","first-page":"513","DOI":"10.1016\/0306-4573(88)90021-0","volume":"24","author":"G Salton","year":"1988","unstructured":"Salton, G., Buckley, C.: Term-weighting approaches in automatic text retrieval. Inf. Process. Manage. 24(5), 513\u2013523 (1988)","journal-title":"Inf. Process. Manage."},{"key":"4_CR19","doi-asserted-by":"crossref","unstructured":"Wang, J., Aggarwal, S., Ji, F., Tay, W.P., et\u00a0al.: Learning correlation graph and anomalous employee behavior for insider threat detection. In: 2018 21st International Conference on Information Fusion (FUSION), pp.\u00a01\u20137. IEEE (2018)","DOI":"10.23919\/ICIF.2018.8455358"},{"key":"4_CR20","doi-asserted-by":"crossref","unstructured":"Wang, X., et al.: Heterogeneous graph attention network. In: The World Wide Web Conference, pp. 2022\u20132032 (2019)","DOI":"10.1145\/3308558.3313562"},{"key":"4_CR21","doi-asserted-by":"publisher","first-page":"108616","DOI":"10.1016\/j.comnet.2021.108616","volume":"203","author":"Z Wang","year":"2022","unstructured":"Wang, Z., Tian, J., Fang, H., Chen, L., Qin, J.: LightLog: a lightweight temporal convolutional network for log anomaly detection on the edge. Comput. Netw. 203, 108616 (2022)","journal-title":"Comput. Netw."},{"key":"4_CR22","doi-asserted-by":"crossref","unstructured":"Wu, Y., et al.: Paradise: real-time, generalized, and distributed provenance-based intrusion detection. IEEE Trans. Dependable Secure Comput. (2022)","DOI":"10.1109\/TDSC.2022.3160879"},{"key":"4_CR23","doi-asserted-by":"crossref","unstructured":"Yang, X., Peng, G., Zhang, D., Lv, Y.: An enhanced intrusion detection system for IoT networks based on deep learning and knowledge graph. Secur. Commun. Netw. 2022 (2022)","DOI":"10.1155\/2022\/4748528"},{"key":"4_CR24","doi-asserted-by":"crossref","unstructured":"Zhang, C., Song, D., Huang, C., Swami, A., Chawla, N.V.: Heterogeneous graph neural network. In: Proceedings of the 25th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining, pp. 793\u2013803 (2019)","DOI":"10.1145\/3292500.3330961"},{"key":"4_CR25","doi-asserted-by":"crossref","unstructured":"Zhang, X., et\u00a0al.: Robust log-based anomaly detection on unstable log data. In: Proceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, pp. 807\u2013817 (2019)","DOI":"10.1145\/3338906.3338931"},{"issue":"7","key":"4_CR26","doi-asserted-by":"publisher","first-page":"1838","DOI":"10.1109\/TIFS.2018.2805600","volume":"13","author":"J Zheng","year":"2018","unstructured":"Zheng, J., Li, Q., Gu, G., Cao, J., Yau, D.K., Wu, J.: Realtime DDoS defense using COTS SDN switches via adaptive correlation analysis. IEEE Trans. Inf. Forensics Secur. 13(7), 1838\u20131853 (2018)","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"4_CR27","doi-asserted-by":"crossref","unstructured":"Zhu, S., et al.: You do (not) belong here: detecting dpi evasion attacks with context learning. In: Proceedings of the 16th International Conference on emerging Networking EXperiments and Technologies, pp. 183\u2013197 (2020)","DOI":"10.1145\/3386367.3431311"}],"container-title":["Lecture Notes in Computer Science","Science of Cyber Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-981-96-2417-1_4","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,9,6]],"date-time":"2025-09-06T06:57:29Z","timestamp":1757141849000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-981-96-2417-1_4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"ISBN":["9789819624164","9789819624171"],"references-count":27,"URL":"https:\/\/doi.org\/10.1007\/978-981-96-2417-1_4","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025]]},"assertion":[{"value":"4 March 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"SciSec","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Science of Cyber Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Copenhagen","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Denmark","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2024","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"14 August 2024","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"16 August 2024","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"6","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"scisec2024","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/www.scisec.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}