{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,17]],"date-time":"2026-05-17T03:12:52Z","timestamp":1778987572653,"version":"3.51.4"},"reference-count":48,"publisher":"Springer Science and Business Media LLC","issue":"3","license":[{"start":{"date-parts":[[2017,3,27]],"date-time":"2017-03-27T00:00:00Z","timestamp":1490572800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"funder":[{"name":"National ICT Rnd Fund","award":["CDACDEA"],"award-info":[{"award-number":["CDACDEA"]}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Cluster Comput"],"published-print":{"date-parts":[[2017,9]]},"DOI":"10.1007\/s10586-017-0819-2","type":"journal-article","created":{"date-parts":[[2017,3,27]],"date-time":"2017-03-27T15:49:48Z","timestamp":1490629788000},"page":"2423-2437","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":5,"title":["A high-level domain-specific language for SIEM (design, development and formal verification)"],"prefix":"10.1007","volume":"20","author":[{"given":"Anam","family":"Nazir","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Masoom","family":"Alam","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Saif U. R.","family":"Malik","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Adnan","family":"Akhunzada","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Muhammad Nadeem","family":"Cheema","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Muhammad Khurram","family":"Khan","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yang","family":"Ziang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Tanveer","family":"Khan","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Abid","family":"Khan","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2017,3,27]]},"reference":[{"key":"819_CR1","unstructured":"Katsaris, D.: Security information and event management systems: Benefits and Inefficiencies, Masters thesis, U. Piraeus, January, 2014"},{"key":"819_CR2","unstructured":"Swift, D.: A practical application of SIM\/SEM\/SIEM automating threat identification. 23 Dec 2006"},{"key":"819_CR3","unstructured":"Potts, G.: OSSIM user guide the book of OSSIM Open Source Software Image Map OSSIM, Document version 1.1 July 10, 2006"},{"key":"819_CR4","unstructured":"OSSEC community. http:\/\/www.ossec.net\/files\/ossec-hids-2.0.tar.gz . Accessed 2015"},{"key":"819_CR5","unstructured":"Prelude community. Prelude documentation. https:\/\/dev.prelude-ids.com\/ . Accessed 2015"},{"key":"819_CR6","unstructured":"OpenNMS Group and the Order of the Green Polo. Opennms website. http:\/\/www.opennms.org . Accessed 2015"},{"key":"819_CR7","unstructured":"D. Community, Drools website. http:\/\/www.jboss.org\/drools\/ . Accessed 2015"},{"key":"819_CR8","unstructured":"Boley, H., Tabet, S., Wagner, G.: Design rationale for ruleML: a markup language for semantic web rules. In: SWWS, vol. 1, pp. 381\u2013401 (2001)"},{"key":"819_CR9","doi-asserted-by":"crossref","unstructured":"Di Sarno, C., Formicola, V., Sicuranza, M., Paragliola, G.: Addressing security issues of electronic health record systems through enhanced siem technology. In: Eighth International Conference on Availability, Reliability and Security (ARES), IEEE, pp. 646\u2013653 (2013)","DOI":"10.1109\/ARES.2013.85"},{"key":"819_CR10","unstructured":"Sandoval, R.: The effects of SIEM technology in monitoring employee computer use, information technology security (ITSec) (2014)"},{"key":"819_CR11","doi-asserted-by":"crossref","unstructured":"Kotenko, I., Chechulin, A. Common framework for attack modeling and security evaluation in SIEM systems. In: 2012 IEEE International Conference on Green Computing and Communications (GreenCom), IEEE (2012)","DOI":"10.1109\/GreenCom.2012.24"},{"key":"819_CR12","doi-asserted-by":"crossref","unstructured":"Vianello, V., et al. A scalable SIEM correlation engine and its application to the olympic games IT infrastructure. In: 2013 Eighth International Conference on Availability, Reliability and Security (ARES), IEEE (2013)","DOI":"10.1109\/ARES.2013.82"},{"key":"819_CR13","doi-asserted-by":"crossref","unstructured":"Cheng, F., et al. Security Event Correlation Supported by Multi-Core Architecture. In: International Conference on IT Convergence and Security (ICITCS). IEEE (2013)","DOI":"10.1109\/ICITCS.2013.6717881"},{"issue":"4","key":"819_CR14","doi-asserted-by":"crossref","first-page":"248","DOI":"10.1108\/09685221211267639","volume":"20","author":"Raydel Montesino","year":"2012","unstructured":"Montesino, Raydel, Fenz, Stefan, Baluja, Walter: SIEM-based framework for security controls automation. Inf. Manag. Comput. Secur. 20(4), 248\u2013263 (2012)","journal-title":"Inf. Manag. Comput. Secur."},{"key":"819_CR15","doi-asserted-by":"crossref","unstructured":"Patel, V.: A practical solution to improve cyber security on a global scale. Third Worldwide. IEEE, Cybersecurity Summit (WCS) (2012)","DOI":"10.1109\/WCS.2012.6780876"},{"key":"819_CR16","doi-asserted-by":"crossref","unstructured":"Azodi, A., et al. A new approach to building a multi-tier direct access knowledgebase for IDS\/SIEM Systems. In: IEEE 11th International Conference on Dependable, Autonomic and Secure Computing (DASC), IEEE (2013)","DOI":"10.1109\/DASC.2013.48"},{"key":"819_CR17","first-page":"145","volume":"93","author":"SE Hansen","year":"1993","unstructured":"Hansen, S.E., Atkins, E.T.: Automated system monitoring and notification with swatch. LISA 93, 145\u2013152 (1993)","journal-title":"LISA"},{"key":"819_CR18","unstructured":"Thompson, K:. An introduction to logsurfer. SysAdmin magazine. http:\/\/www.crypt.gen.nz\/papers\/logsurfer.html (2004)"},{"key":"819_CR19","unstructured":"Simple-evcorr.sourceforge.net, \u2019SEC\u2014open source and platform independent event correlation tool\u2019, 2015. http:\/\/simple-evcorr.sourceforge.net\/ . Accessed 2015"},{"key":"819_CR20","unstructured":"Espertech.com, \u2019EsperTech-Esper\u2019, 2015. http:\/\/www.espertech.com\/esper\/index_redirected.php . Accessed 2015"},{"key":"819_CR21","doi-asserted-by":"crossref","unstructured":"Prieto, E., et al.: MASSIF: a promising solution to enhance olympic games IT security. Global Security, Safety and Sustainability & e-Democracy. Springer, Berlin, pp. 139\u2013147 (2012)","DOI":"10.1007\/978-3-642-33448-1_20"},{"key":"819_CR22","series-title":"A rule-based language for complex event processing and reasoning","doi-asserted-by":"crossref","first-page":"42","DOI":"10.1007\/978-3-642-15918-3_5","volume-title":"Web Reasoning and Rule Systems","author":"D Anicic","year":"2010","unstructured":"Anicic, D., et al.: Web Reasoning and Rule Systems. A rule-based language for complex event processing and reasoning, pp. 42\u201357. Springer, Berlin (2010)"},{"key":"819_CR23","doi-asserted-by":"crossref","unstructured":"Anicic, D., et al.: EP-SPARQL: a unified language for event processing and stream reasoning. In: Proceedings of the 20th International Conference on World Wide Web. ACM (2011)","DOI":"10.1145\/1963405.1963495"},{"key":"819_CR24","doi-asserted-by":"crossref","unstructured":"Saleem, M., Jaafar, J., Hassan, M.: A domain-specific language for modelling security objectives in a business process models of SOA applications. In: AISS, vol. 4.1, pp. 353\u2013362","DOI":"10.4156\/aiss.vol4.issue1.45"},{"issue":"3","key":"819_CR25","doi-asserted-by":"crossref","first-page":"334","DOI":"10.1109\/32.798323","volume":"25","author":"D Atkins","year":"1999","unstructured":"Atkins, D., Ball, T., Bruns, G., Cox, K.: Mawl: a domain-specific language for form-based services. IEEE Trans. Softw. Eng. 25(3), 334\u2013346 (1999)","journal-title":"IEEE Trans. Softw. Eng."},{"key":"819_CR26","unstructured":"Websec.ca, Panoptic\u2014a tool to exploit path traversal vulnerabilities. http:\/\/websec.ca\/blog\/view\/panoptic (2015). Accessed 2015"},{"key":"819_CR27","doi-asserted-by":"crossref","unstructured":"Bharadwaj, R.: SOLj: a domain-speci_c language (DSL) for secure service-based systems. In: Proceedings of the 11th IEEE International Workshop on Future Trends of Distributed Computing Systems (FTDCS\u201907), vol. 4, pp. 0-7695-2810 (2007)","DOI":"10.1109\/FTDCS.2007.32"},{"key":"819_CR28","doi-asserted-by":"crossref","unstructured":"Kotenko, I, Polubelova, O, Saenko, I: The Ontological Approach for SIEM Data Repository Implementation Laboratory of Computer Security Problems. In: IEEE International Conference on Green Computing and Communications, Conference on Internet of Things, and Conference on Cyber, Physical and Social Computing (2012)","DOI":"10.1109\/GreenCom.2012.125"},{"key":"819_CR29","unstructured":"Nrl.sourceforge.net, NRL: The Natural Rule Language. http:\/\/nrl.sourceforge.net\/ (2015). Accessed 31 May 2015"},{"issue":"2","key":"819_CR30","doi-asserted-by":"crossref","first-page":"52","DOI":"10.1093\/itnow\/bwt025","volume":"55","author":"SUR Malik","year":"2013","unstructured":"Malik, S.U.R., Khan, S.U.: Formal methods in LARGE-SCALE computing systems. ITNOW 55(2), 52\u201353 (2013)","journal-title":"ITNOW"},{"key":"819_CR31","doi-asserted-by":"crossref","unstructured":"Malik, S.U.R., Khan, S.U., Srinivasan, S.K.: Modeling and analysis of state of-the-art VM-based cloud management platforms. IEEE Trans. Cloud Comput. 1(1), 1 (2013)","DOI":"10.1109\/TCC.2013.3"},{"key":"819_CR32","unstructured":"SMT-Lib. http:\/\/smt-lib.org\/ . Accessed 2015"},{"key":"819_CR33","unstructured":"Barrett, C.: The SMT-LIB Standard Version 2.0, Release. 9 Sept 2012"},{"key":"819_CR34","unstructured":"Jee, C.: Top 10 software failures of 2014, Computerworld UK, 2015. http:\/\/www.computerworlduk.com\/galleries\/infrastructure\/top-10-software-failures-2014-3599528\/ . Accessed 2015"},{"key":"819_CR35","doi-asserted-by":"crossref","unstructured":"de Moura, L.: Z3: an efficient SMT solver. In: Proc. Theory and Practice of Software, 14th Intl Conf. Tools and Algorithms for the Construction and Analysis of Systems (TACAS 08) (2008)","DOI":"10.1007\/978-3-540-78800-3_24"},{"key":"819_CR36","unstructured":"Triam, R.D.S.A. https:\/\/demo.triam.com.pk\/index.php\/module\/user\/security\/login . Accessed 2015"},{"key":"819_CR37","volume-title":"The Definitive ANTLR Reference","author":"T Parr","year":"2007","unstructured":"Parr, T.: The Definitive ANTLR Reference. Pragmatic Bookshelf, Raleigh (2007)"},{"key":"819_CR38","unstructured":"Karlsch, M: A model driven framework for domain specific languages demonstrated on a test automation language, Masters Thesis, March, 2007"},{"key":"819_CR39","volume-title":"MDA Explained. The Model Driven Architecture: Practice and Promise","author":"A Kleppe","year":"2003","unstructured":"Kleppe, A., Warmer, J., Bast, W.: MDA Explained. The Model Driven Architecture: Practice and Promise. Addison-Wesley, Boston (2003)"},{"issue":"11","key":"819_CR40","first-page":"1249","volume":"23","author":"JL Bentley","year":"1993","unstructured":"Bentley, J.L., McIlroy, M.D.: Engineering a sort function. Software 23(11), 1249 (1993)","journal-title":"Software"},{"key":"819_CR41","unstructured":"Jones, C.: Programming languages table, release 8.2, Software Productivity Research, Burlington (1996)"},{"issue":"4","key":"819_CR42","doi-asserted-by":"crossref","first-page":"316","DOI":"10.1145\/1118890.1118892","volume":"37","author":"M Mernik","year":"2005","unstructured":"Mernik, M., Heering, J., Sloane, A.M.: When and how to develop domain-specific languages. ACM Comput. Surv. 37(4), 316\u2013344 (2005)","journal-title":"ACM Comput. Surv."},{"issue":"2","key":"819_CR43","doi-asserted-by":"crossref","first-page":"4754","DOI":"10.1145\/382296.382703","volume":"15","author":"R Prieto-Diaz","year":"1990","unstructured":"Prieto-Diaz, R.: Domain analysis: an introduction. SIGSOFT Softw. Eng. Notes 15(2), 4754 (1990)","journal-title":"SIGSOFT Softw. Eng. Notes"},{"key":"819_CR44","unstructured":"Eclipse Foundation, Eclipse.org, 2015. https:\/\/eclipse.org\/ . Accessed 2015"},{"key":"819_CR45","unstructured":"ASERG. www.aserg.com.pk . Accessed 2015"},{"key":"819_CR46","series-title":"Bounded model checking","first-page":"118","volume-title":"Advances in Computers","author":"A Biere","year":"2003","unstructured":"Biere, A., Cimatti, A., Clarke, E.M., Strichman, O., Zhu, Y.: Advances in Computers. Bounded model checking, vol. 58, pp. 118\u2013149. Academic Press, London (2003)"},{"key":"819_CR47","unstructured":"Z3. https:\/\/github.com\/z3prover\/z3\/wiki\/Documentation . Accessed 2015"},{"key":"819_CR48","first-page":"825","volume-title":"Satisfiability Modulo Theories in Handbook of Satisfiability","author":"C Barrett","year":"2009","unstructured":"Barrett, C.: Satisfiability Modulo Theories in Handbook of Satisfiability, vol. 185, pp. 825\u2013885. IOS Press, Amsterdam (2009)"}],"container-title":["Cluster Computing"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s10586-017-0819-2\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10586-017-0819-2.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10586-017-0819-2.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,9,20]],"date-time":"2019-09-20T06:43:29Z","timestamp":1568961809000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s10586-017-0819-2"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,3,27]]},"references-count":48,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2017,9]]}},"alternative-id":["819"],"URL":"https:\/\/doi.org\/10.1007\/s10586-017-0819-2","relation":{},"ISSN":["1386-7857","1573-7543"],"issn-type":[{"value":"1386-7857","type":"print"},{"value":"1573-7543","type":"electronic"}],"subject":[],"published":{"date-parts":[[2017,3,27]]}}}