{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,3]],"date-time":"2026-06-03T04:21:02Z","timestamp":1780460462088,"version":"3.54.1"},"reference-count":46,"publisher":"Springer Science and Business Media LLC","issue":"5","license":[{"start":{"date-parts":[[2022,4,20]],"date-time":"2022-04-20T00:00:00Z","timestamp":1650412800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2022,4,20]],"date-time":"2022-04-20T00:00:00Z","timestamp":1650412800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"funder":[{"DOI":"10.13039\/100019920","name":"Naif Arab University for Security Sciences","doi-asserted-by":"crossref","award":["SCR17"],"award-info":[{"award-number":["SCR17"]}],"id":[{"id":"10.13039\/100019920","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Cluster Comput"],"published-print":{"date-parts":[[2022,10]]},"DOI":"10.1007\/s10586-022-03576-5","type":"journal-article","created":{"date-parts":[[2022,4,20]],"date-time":"2022-04-20T16:02:58Z","timestamp":1650470578000},"page":"3629-3640","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":17,"title":["Leveraging a cloud-native architecture to enable semantic interconnectedness of data for cyber threat intelligence"],"prefix":"10.1007","volume":"25","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-6264-3720","authenticated-orcid":false,"given":"Meryem","family":"Ammi","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Oluwasegun","family":"Adedugbe","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Fahad M.","family":"Alharby","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Elhadj","family":"Benkhelifa","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2022,4,20]]},"reference":[{"key":"3576_CR1","unstructured":"Aboubacar, M.S., Castelltort, A., Laurent, A.: (2020). Knowledge graph on cybersecurity: A survey, Doctoral Congress 2020"},{"key":"3576_CR2","doi-asserted-by":"publisher","unstructured":"Ab Rahman, N.H., Glisson, W.B., Yang, Y., Choo, K.R.: (2016a). Forensic-by-design framework for cyber-physical cloud systems. In IEEE Cloud Computing, vol.\u00a03, no. 1, pp.\u00a050\u201359, Jan.-Feb. 2016, doi: https:\/\/doi.org\/10.1109\/MCC.2016.5","DOI":"10.1109\/MCC.2016.5"},{"key":"3576_CR3","doi-asserted-by":"crossref","unstructured":"Ab Rahman, N.H., Cahyani, N.W., Choo, K.K.R.: (2016b). Cloud incident handling and forensic-by-design: cloud storage as a case study. In Concurrency Computation 29.14 (July 2017), ISSN 15320634","DOI":"10.1002\/cpe.3868"},{"key":"3576_CR4","doi-asserted-by":"publisher","unstructured":"Ab Rahman, N.H., Choo, K.R.: (2015). A survey of information security incident handling in the cloud. Computers & Security, Volume\u00a049, 2015, Pages 45\u201369, ISSN 0167\u20134048. https:\/\/doi.org\/10.1016\/j.cose.2014.11.006","DOI":"10.1016\/j.cose.2014.11.006"},{"key":"3576_CR5","doi-asserted-by":"crossref","unstructured":"Alberts, C., Dorofee, A., Killcrece, G., Ruefle, R., Zajicek, M.: Defining incident management processes for CSIRTs. A work in progress (2004)","DOI":"10.21236\/ADA453378"},{"key":"3576_CR6","unstructured":"Alsaleem, L.S., Alqahtani, S.A., Alharbi, S.F., Agrouba, R.: (2019). Cloud computing-based attacks and countermeasures: A survey. Journal of Theoretical and Applied Information Technology, Vol.97. No 19, Pages 5185\u20135203"},{"key":"3576_CR7","doi-asserted-by":"publisher","unstructured":"Amara, N., Zhiqui, H., Ali, A.: (2017). Cloud computing security threats and attacks with their mitigation techniques. International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC), 2017, pp.\u00a0244\u2013251, doi: https:\/\/doi.org\/10.1109\/CyberC.2017.37","DOI":"10.1109\/CyberC.2017.37"},{"issue":"1","key":"3576_CR8","doi-asserted-by":"publisher","first-page":"138","DOI":"10.1016\/j.im.2013.11.004","volume":"51","author":"R Baskerville","year":"2014","unstructured":"Baskerville, R., Spagnoletti, P., Kim, J.: Incident-centered information security: Managing a strategic balance between prevention and response. Inf. Manag. 51(1), 138\u2013151 (2014)","journal-title":"Inf. Manag."},{"key":"3576_CR9","doi-asserted-by":"crossref","unstructured":"Blackwell, C.: (2010). A security ontology for incident analysis. In Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research, page 46. ACM","DOI":"10.1145\/1852666.1852717"},{"key":"3576_CR10","unstructured":"British Standards Institution: (2007). BIP 0107:2008 Foundations of IT Service Management Based on ITIL V3, UK"},{"key":"3576_CR11","unstructured":"Casey, T.: 2017. Threat Agent Library helps identify information security risks. Intel White Paper, 2"},{"issue":"4","key":"3576_CR12","first-page":"459","volume":"20","author":"P Cichonski","year":"2012","unstructured":"Cichonski, P., Millar, T., Grance, T., Scarfone, K.: Computer security incident handling guide. Int. J. Comput. Res. 20(4), 459\u2013530 (2012)","journal-title":"Int. J. Comput. Res."},{"key":"3576_CR13","doi-asserted-by":"publisher","unstructured":"Dekker, M., Liveri, D., Lakka, M.: (2013). Cloud security incident reporting - Framework for reporting about major cloud security incidents. December. 2013, p.\u00a038. ISBN: 9789279000775. doi: https:\/\/doi.org\/10.2788\/14231","DOI":"10.2788\/14231"},{"key":"3576_CR14","volume-title":"Good practice guide for incident management","author":"ENISA","year":"2010","unstructured":"ENISA: Good practice guide for incident management. ENISA, Athens (2010)"},{"key":"3576_CR15","doi-asserted-by":"publisher","unstructured":"Fr\u00f8ystad, C., Gj\u00e6re, E.A., T\u00f8ndel, I.A., Jaatun, M.J.: (2016). Security incident information exchange for cloud services. In: Scitepress, May 2016, pp.\u00a0391\u2013398. doi: https:\/\/doi.org\/10.5220\/0005953803910398","DOI":"10.5220\/0005953803910398"},{"key":"3576_CR16","doi-asserted-by":"crossref","unstructured":"Grobauer, B., Schreck, T.: (2010). Towards incident handling in the cloud, in Proceedings of the 2010 ACM Workshop on Cloud Computing Security Workshop (CCSW 10), pp.\u00a077\u201385","DOI":"10.1145\/1866835.1866850"},{"key":"3576_CR18","unstructured":"Hengst, K.: (2020). Best practices in cloud incident handling. Master\u2019s Thesis, University of Twente"},{"key":"3576_CR19","unstructured":"Henry, P., Williams, J., Wright, B.: The SANS survey of digital forensics and incident response. Tech. rep. SANS Institute (2013)"},{"key":"3576_CR20","unstructured":"ISO: (2011). ISO\/IEC 27035:2011 Information Technology - security techniques - information security incident management, Geneva"},{"key":"3576_CR22","doi-asserted-by":"publisher","DOI":"10.21236\/ADA421664","volume-title":"State of the practice of computer security incident response teams (CSIRTs)","author":"G Killcrece","year":"2003","unstructured":"Killcrece, G.: State of the practice of computer security incident response teams (CSIRTs). CMU\/SEI, Pittsburgh (2003)"},{"key":"3576_CR23","doi-asserted-by":"publisher","DOI":"10.21236\/ADA421684","volume-title":"Organizational models for computer security incident response teams (CSIRTs)","author":"G Killcrece","year":"2003","unstructured":"Killcrece, G., Kossakowski, K.P., Ruefle, R., Zajicek, M.: Organizational models for computer security incident response teams (CSIRTs). CMU\/SEI, Pittsburgh (2003)"},{"key":"3576_CR24","unstructured":"Kral, P.: Incident Handler\u2019s Handbook. SANS Institute (2011)"},{"key":"3576_CR25","doi-asserted-by":"publisher","unstructured":"Kumar, J., Rajendran, B., Bindhumadhava, B.S., Babu, N.S.C.: (2017). XML Wrapping attack mitigation using positional token, In International Conference On Public Key Infrastructure and its applications (Pkia), Bangalore, India. Digital Investigation 9.2 (2012), pp.\u00a071\u201380. issn: 17422876. doi:https:\/\/doi.org\/10.1016\/j.diin.2012.07.001","DOI":"10.1016\/j.diin.2012.07.001"},{"key":"3576_CR26","doi-asserted-by":"crossref","unstructured":"Martini, B., Choo, K.K.R.: (2012). An integrated conceptual digital forensic framework for cloud computing. Digital Investigation 9.2 (2012), pp.\u00a071\u201380, ISSN: 17422876","DOI":"10.1016\/j.diin.2012.07.001"},{"key":"3576_CR27","unstructured":"MITRE Corporation. (2021a) MITRE: Common Vulnerabilities and Exposures (CVE). [Online]. Available from: https:\/\/cve.mitre.org\/"},{"key":"3576_CR28","unstructured":"The MITRE Corporation. (2021b) MITRE: Common Platform Enumeration (CPE). [Online]. Available from: https:\/\/cpe.mitre.org\/"},{"key":"3576_CR29","unstructured":"MITRE Corporation. (2021c) MITRE: Common Weakness Enumeration (CWE). [Online]. Available from: https:\/\/cwe.mitre.org\/"},{"key":"3576_CR30","unstructured":"MITRE Corporation. (2021b) MITRE: Common Attack Pattern Enumeration and Classification. [Online]. Available from: https:\/\/capec.mitre.org\/"},{"key":"3576_CR31","unstructured":"MITRE Corporation. (2021e) MITRE: Adversarial Tactics, Techniques and Common Knowledge (ATT & CK). [Online]. Available from: https:\/\/attack.mitre.org\/"},{"issue":"1","key":"3576_CR32","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1186\/2192-113X-1-1","volume":"1","author":"A Monfared","year":"2012","unstructured":"Monfared, A., Jaatun, M.G.: Handling compromised components in an IaaS cloud installation. J. Cloud Computing: Adv. Syst. Appl. 1(1), 1\u201321 (2012)","journal-title":"J. Cloud Computing: Adv. Syst. Appl."},{"key":"3576_CR33","unstructured":"Mogull, R., Arlen, J., Lane, A., Peterson, G., Rothman, M., Mortman, D.: (2017). Security guidance for critical areas of focus in cloud computing v4.0. Tech. rep. Cloud Security Alliance, 2017"},{"key":"3576_CR34","doi-asserted-by":"crossref","unstructured":"Moreira, G.B., Calegario, V.M., Duarte, J.C., Santos, A.F.: (2018). CSIHO: An Ontology for Computer Security Incident Handling. https:\/\/sol.sbc.org.br\/index.php\/sbseg\/article\/view\/4239\/4170","DOI":"10.5753\/sbseg.2018.4239"},{"key":"3576_CR35","unstructured":"Mundie, D., Ruefle, R., Dorofee, A., McCloud, J., Perl, S., Collins, M.: (2014). An incident management ontology. CEUR Workshop Proceedings. 1304. 62\u201371"},{"key":"3576_CR36","unstructured":"O\u2019Sullivan, K., Turnbull, B.: (2015). The cyber simulation terrain: Towards an open source cyber effects simulation ontology. In Australian Information Warfare Conference, pages 14\u201323. Security Research Institute, Edith Cowan University, 05 Nov. de 2017"},{"key":"3576_CR37","doi-asserted-by":"publisher","unstructured":"Ozer, M., Varlioglu, S., Gonen, B., Adewopo, V., Elsayed, N., Zengin, S.: (2020). Cloud incident response: Challenges and opportunities. International Conference on Computational Science and Computational Intelligence (CSCI), 2020, pp.\u00a049\u201354, doi: https:\/\/doi.org\/10.1109\/CSCI51800.2020.00015","DOI":"10.1109\/CSCI51800.2020.00015"},{"key":"3576_CR38","doi-asserted-by":"crossref","unstructured":"Rajendran, R., Kumar, S., Palanichamy, Y., Arputharaj, K.: (2018). Detection of dos attacks in cloud networks using intelligent rule based classification system. Cluster Computing, 2018","DOI":"10.1007\/s10586-018-2181-4"},{"issue":"1","key":"3576_CR39","doi-asserted-by":"publisher","first-page":"33","DOI":"10.1007\/s11831-021-09575-w","volume":"29","author":"P Purnaye","year":"2022","unstructured":"Purnaye, P., Kulkarni, V.: A comprehensive study of cloud forensics. Arch. Comput. Methods Eng. 29(1), 33\u201346 (2022)","journal-title":"Arch. Comput. Methods Eng."},{"key":"3576_CR40","unstructured":"\u0160endelj, R., Ognjanovi\u0107, I.: (2014). Semantically enhanced cyber security over clouds: Methodological approach. International Journal of Advances in Computer Networks and Its Security \u2013 IJCNS, 4(3)"},{"key":"3576_CR41","doi-asserted-by":"crossref","unstructured":"Shaikh, A.A.: (2016). Attacks on cloud computing and its countermeasures. In 2016 International Conference On Signal Processing, Communication, Power And Embedded System (Scopes), Paralakhemundi, India, 2016","DOI":"10.1109\/SCOPES.2016.7955539"},{"key":"3576_CR42","doi-asserted-by":"crossref","unstructured":"Silva, P.C.D., Fagundes, L.L.: (2014). Simo: Security incident management ontology. In SimposioBrasileiroemSeguranc\u00b8a da Informac\u00b8 \u00b4 ao e de SistemasComputacionais, pages 302\u2013305, Bras\u00b4\u0131lia. SociedadeBrasileira de Computac\u00b8ao. 05 nov. de 2017","DOI":"10.5753\/sbseg.2014.20139"},{"key":"3576_CR43","doi-asserted-by":"crossref","unstructured":"Soman, G., Gaur, M.S., Sanghi, D., Conti, M., Buyya, R.: (2017). DDoS attacks in Cloud Computing: Issues, Taxonomy, and Future directions. Computer Communications, Vol. 107","DOI":"10.1016\/j.comcom.2017.03.010"},{"issue":"3","key":"3576_CR44","doi-asserted-by":"publisher","first-page":"1326","DOI":"10.11591\/ijece.v7i3.pp1326-1336","volume":"7","author":"NO Sri","year":"2017","unstructured":"Sri, N.O., Tapas, K., Vedula, V.: A survey on security aspects of server virtualization in cloud computing. Int. J. Electr. Comput. Eng. (Ijece) 7(3), 1326\u20131336 (2017)","journal-title":"Int. J. Electr. Comput. Eng. (Ijece)"},{"key":"3576_CR45","doi-asserted-by":"crossref","unstructured":"Srinivasan, J.: (2015). Semantic cloud architecture an integration of cloud and semantic web. IMS Manthan. The Journal of Innovations, 8(2)","DOI":"10.18701\/imsmanthan.v8i2.5133"},{"key":"3576_CR46","unstructured":"U.S. National Vulnerability Database. NVD: (2021): Common Vulnerability Scoring System (CVSS) v2 [Online]. Available from: https:\/\/nvd.nist.gov\/vuln-metrics\/cvss\/v2-calculator"},{"key":"3576_CR48","volume-title":"Cloud computing virtualization and cyber attacks: Evidence centralization","author":"T Yucel","year":"2015","unstructured":"Yucel, T., Romuald, K.K.: Cloud computing virtualization and cyber attacks: Evidence centralization. CivilComp Press, Stirlingshire (2015)"},{"key":"3576_CR49","doi-asserted-by":"publisher","unstructured":"Zhang, S., Zhang, S., Chen, X., Huo, X.: (2010). Cloud computing research and development trend. Second International Conference on Future Networks, 2010, pp.\u00a093\u201397, doi: https:\/\/doi.org\/10.1109\/ICFN.2010.58","DOI":"10.1109\/ICFN.2010.58"}],"container-title":["Cluster Computing"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10586-022-03576-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10586-022-03576-5\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10586-022-03576-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,9,22]],"date-time":"2024-09-22T15:56:33Z","timestamp":1727020593000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10586-022-03576-5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,4,20]]},"references-count":46,"journal-issue":{"issue":"5","published-print":{"date-parts":[[2022,10]]}},"alternative-id":["3576"],"URL":"https:\/\/doi.org\/10.1007\/s10586-022-03576-5","relation":{},"ISSN":["1386-7857","1573-7543"],"issn-type":[{"value":"1386-7857","type":"print"},{"value":"1573-7543","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,4,20]]},"assertion":[{"value":"6 December 2021","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"15 February 2022","order":2,"name":"revised","label":"Revised","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"28 February 2022","order":3,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"20 April 2022","order":4,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Statements and Declarations"}},{"value":"The authors have no relevant financial or non-financial interests to disclose.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}}]}}