{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,31]],"date-time":"2025-10-31T15:38:30Z","timestamp":1761925110534,"version":"build-2065373602"},"reference-count":36,"publisher":"Springer Science and Business Media LLC","issue":"12","license":[{"start":{"date-parts":[[2025,9,15]],"date-time":"2025-09-15T00:00:00Z","timestamp":1757894400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,9,15]],"date-time":"2025-09-15T00:00:00Z","timestamp":1757894400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Cluster Comput"],"published-print":{"date-parts":[[2025,11]]},"DOI":"10.1007\/s10586-025-05531-6","type":"journal-article","created":{"date-parts":[[2025,9,15]],"date-time":"2025-09-15T19:24:08Z","timestamp":1757964248000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Enhancing cloud native security: a knowledge graph approach for securing container runtimes"],"prefix":"10.1007","volume":"28","author":[{"given":"Amina","family":"Eldjou","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ilham","family":"Kitouni","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Zakaria","family":"Benmounah","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Samir","family":"Bennacer","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2025,9,15]]},"reference":[{"key":"5531_CR1","doi-asserted-by":"publisher","first-page":"227756","DOI":"10.1109\/ACCESS.2020.3045514","volume":"8","author":"M Vielberth","year":"2020","unstructured":"Vielberth, M., B\u00f6hm, F., Fichtinger, I., Pernul, G.: Security operations center: A systematic study and open challenges. Ieee Access 8, 227756\u2013227779 (2020)","journal-title":"Ieee Access"},{"key":"5531_CR2","unstructured":"Stream Security: Why Cloud Security Tools Have So Many False Positives? https:\/\/www.stream.security\/post\/why-cloud-security-tools-have-so-many-false-positives (2024). Accessed 10 Nov 2024"},{"key":"5531_CR3","doi-asserted-by":"crossref","unstructured":"Freitas, S., Gharib, A.: Graphweaver: Billion-scale cybersecurity incident correlation. In: Proceedings of the 33rd ACM International Conference on Information and Knowledge Management, pp. 4479\u20134486 (2024)","DOI":"10.1145\/3627673.3680057"},{"key":"5531_CR4","unstructured":"Freitas, S.: Cybersecurity Incident Correlation in the Unified Security Operations Platform. Microsoft Defender XDR Blog, 5 min read. https:\/\/techcommunity.microsoft.com\/blog\/microsoftthreatprotectionblog\/cybersecurity-incident-correlation-in-the-unified-security-operations-platform\/4214394 (2024). Published Aug 08, 2024"},{"key":"5531_CR5","unstructured":"Security, I., Institute, P.: Cost of a data breach report 2024. Technical report, IBM Security (2024). Sponsored, analyzed, and published by IBM; research conducted by Ponemon Institute. https:\/\/www.ibm.com\/security\/data-breach"},{"key":"5531_CR6","unstructured":"Krieger, B., Kennedy, C., De\u011firmenci, F., Kautz, F., Bork, J., Moore, M., Pruchniak, M., Joglekar, P., Faisal, R., Raghunathan, S.: Cloud Native Security Whitepaper Version 2. https:\/\/www.cncf.io\/wp-content\/uploads\/2022\/06\/CNCF_cloud-native-security-whitepaper-May2022-v2.pdf (2022)"},{"key":"5531_CR7","doi-asserted-by":"publisher","first-page":"102828","DOI":"10.1016\/j.cose.2022.102828","volume":"121","author":"K Kurniawan","year":"2022","unstructured":"Kurniawan, K., Ekelhart, A., Kiesling, E., Quirchmayr, G., Tjoa, A.M.: Krystal: Knowledge graph-based framework for tactical attack discovery in audit data. Comput. Secur. 121, 102828 (2022)","journal-title":"Comput. Secur."},{"issue":"6","key":"5531_CR8","doi-asserted-by":"publisher","first-page":"1397","DOI":"10.3390\/electronics12061397","volume":"12","author":"B Yu","year":"2023","unstructured":"Yu, B., Zhang, Y., Xie, W., Zuo, W., Zhao, Y., Wei, Y.: A network traffic anomaly detection method based on gaussian mixture model. Electronics 12(6), 1397 (2023)","journal-title":"Electronics"},{"key":"5531_CR9","unstructured":"Reynolds, I.: 2020 sans network visibility and threat detection survey. SANS Institute (2020)"},{"key":"5531_CR10","doi-asserted-by":"publisher","unstructured":"Binu, S., & Misbahuddin, M. (2013). A Survey of Traditional and Cloud Specific Security Issues. In A. Abraham, A. K. Mandal, A. K. Bhattacharya, & S. K. Singh (Eds.), Security in Computing and Communications (pp. 110\u2013129). Springer. https:\/\/doi.org\/10.1007\/978-3-642-40576-1_12","DOI":"10.1007\/978-3-642-40576-1_12"},{"issue":"5","key":"5531_CR11","doi-asserted-by":"publisher","first-page":"3629","DOI":"10.1007\/s10586-022-03576-5","volume":"25","author":"M Ammi","year":"2022","unstructured":"Ammi, M., Adedugbe, O., Alharby, F.M., Benkhelifa, E.: Leveraging a cloud-native architecture to enable semantic interconnectedness of data for cyber threat intelligence. Cluster Comput. 25(5), 3629\u20133640 (2022)","journal-title":"Cluster Comput."},{"key":"5531_CR12","unstructured":"Mongeau, S.: Knowledge Graphs for Security: Past, Present, and Future. Presentation at FloCon 2023. https:\/\/insights.sei.cmu.edu\/documents\/4492\/2023_017_001_890927.pdf (2023)"},{"key":"5531_CR13","doi-asserted-by":"publisher","first-page":"107327","DOI":"10.1016\/j.infsof.2023.107327","volume":"145","author":"L Wang","year":"2023","unstructured":"Wang, L., Sun, C., Zhang, C., Nie, W., Huang, K.: Application of knowledge graph in software engineering field: A systematic literature review. Inf. Softw. Technol. 145, 107327 (2023)","journal-title":"Inf. Softw. Technol."},{"issue":"3","key":"5531_CR14","doi-asserted-by":"publisher","first-page":"89","DOI":"10.3390\/fi14030089","volume":"14","author":"V Chang","year":"2022","unstructured":"Chang, V., Golightly, L., Modesti, P., Xu, Q.A., Doan, L.M.T., Hall, K., Boddu, S., Kobusi\u0144ska, A.: A survey on intrusion detection systems for fog and cloud computing. Future Internet 14(3), 89 (2022)","journal-title":"Future Internet"},{"key":"5531_CR15","doi-asserted-by":"publisher","unstructured":"Gupta, S., Vijarania, M., Goel, J.: Application of machine learning in cybersecurity: A technological perceptive. In: Sustainable IoT and Data Analytics Enabled Machine Learning Techniques and Applications (pp. 61\u201377). https:\/\/doi.org\/10.1007\/978-981-97-5365-9_4","DOI":"10.1007\/978-981-97-5365-9_4"},{"issue":"5","key":"5531_CR16","doi-asserted-by":"publisher","first-page":"447","DOI":"10.3233\/JCS-200095","volume":"29","author":"G Li","year":"2021","unstructured":"Li, G., Sharma, P., Pan, L., Rajasegarar, S., Karmakar, C., Patterson, N.: Deep learning algorithms for cyber security applications: A survey. J. Comput. Secur. 29(5), 447\u2013471 (2021)","journal-title":"J. Comput. Secur."},{"key":"5531_CR17","doi-asserted-by":"crossref","unstructured":"Haque, M.U., Kholoosi, M.M., Babar, M.A.: Kgsecconfig: a knowledge graph based approach for secured container orchestrator configuration. In: 2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER), pp. 420\u2013431. IEEE (2022)","DOI":"10.1109\/SANER53432.2022.00057"},{"key":"5531_CR18","doi-asserted-by":"publisher","unstructured":"Kurniawan, K., Ekelhart, A., Kiesling, E., Winkler, D., Quirchmayr, G., Tjoa, A.M.: Vlograph: a virtual knowledge graph framework for distributed security log analysis. Mach. Learn. Knowl. Extr. 4(2) (2022) https:\/\/doi.org\/10.3390\/make4020016","DOI":"10.3390\/make4020016"},{"key":"5531_CR19","doi-asserted-by":"publisher","unstructured":"Andrew, Y., Budiarto, E.: Knowledge graphs for cybersecurity: A framework for honeypot data analysis. In: 2023 International Conference on Cybersecurity and Intelligent Computing Systems (ICOCICS), pp. 275\u2013280. https:\/\/doi.org\/10.1109\/icocics58778.2023.10276627 (2023)","DOI":"10.1109\/icocics58778.2023.10276627"},{"issue":"3","key":"5531_CR20","doi-asserted-by":"publisher","first-page":"45","DOI":"10.32629\/jai.v6i3.882","volume":"6","author":"A Sali","year":"2023","unstructured":"Sali, A., Al-Jumaily, A.H.J., Gil Jim\u00e9nez, V.P., Al-Jumeily, D.: Cybersecurity threat perception technology based on knowledge graph. J. Auton. Intell. 6(3), 45\u201358 (2023). https:\/\/doi.org\/10.32629\/jai.v6i3.882","journal-title":"J. Auton. Intell."},{"key":"5531_CR21","doi-asserted-by":"publisher","unstructured":"Chi\u015f, A., Stoica, O.I., Ghiran, A.-M., Buchmann, R.A.: A knowledge graph approach to cyber threat mitigation derived from data flow diagrams. In: 2024 IEEE International Conference on Automation, Quality and Testing, Robotics (AQTR). https:\/\/doi.org\/10.1109\/aqtr61889.2024.10554074 (2024)","DOI":"10.1109\/aqtr61889.2024.10554074"},{"key":"5531_CR22","doi-asserted-by":"publisher","unstructured":"Bonagiri, K., Priyadharshini, L., PanneerSelvi, R., Sahitya, P., Swamy, H., P., V.: Practical applications of cybersecurity: A research paper on knowledge graphs for real-world security solutions. Asian Conference on Communication Systems (ASIANCON), pp. 1\u20136. https:\/\/doi.org\/10.1109\/asiancon62057.2024.10837769. Published as journal article despite conference origin (2024)","DOI":"10.1109\/asiancon62057.2024.10837769"},{"key":"5531_CR23","doi-asserted-by":"publisher","DOI":"10.1049\/cmu2.12736","author":"E Gilliard","year":"2024","unstructured":"Gilliard, E., Liu, J., Aliyu, A.A.: Knowledge graph reasoning for cyber attack detection. IET Commun. (2024). https:\/\/doi.org\/10.1049\/cmu2.12736","journal-title":"IET Commun."},{"key":"5531_CR24","doi-asserted-by":"publisher","unstructured":"Zou, Z., Wang, B., Li, F., Ye, B.: Research on network security threat analysis method based on knowledge graph. In: 2024 IEEE 7th International Conference on Industrial Automation, Electronics and Automation Control (IAEAC), vol. 7, pp. 668\u2013672. https:\/\/doi.org\/10.1109\/iaeac59436.2024.10504024 (2024)","DOI":"10.1109\/iaeac59436.2024.10504024"},{"key":"5531_CR25","unstructured":"Iv\u00e1nk\u00f3, N. R., & Salazar, J. (2022). Security Observability with eBPF. O\u2019Reilly Media. https:\/\/isovalent.com\/books\/ebpf-security\/?utm_source=chatgpt.com"},{"key":"5531_CR26","unstructured":"Elastic: Elastic Common Schema (ECS) Reference [8.17]. https:\/\/doi.org\/8.17. https:\/\/www.elastic.co\/guide\/en\/ecs\/current\/index.html"},{"key":"5531_CR27","unstructured":"Rise, L.: Learning eBPF\u2013Programming the Linux Kernel for Enhanced Observability, Networking, and Security. O\u2019Reilly book (2023)"},{"key":"5531_CR28","unstructured":"Isovalent, I.: Tetragon: Open-source eBPF-based Security. https:\/\/tetragon.cilium.io"},{"key":"5531_CR29","unstructured":"Scholl, B., Swanson, T., & Jausovec, P. (2019). Cloud Native: Using Containers, Functions, and Data to Build Next-Generation Applications. O\u2019Reilly Media, Inc."},{"key":"5531_CR30","unstructured":"Kubernetes Goat Scenarios. https:\/\/madhuakula.com\/kubernetes-goat\/docs\/scenarios (2023)"},{"key":"5531_CR31","unstructured":"Rodriguez, R.: The Threat Hunter Playbook. https:\/\/threathunterplaybook.com\/. Community-driven open source project for threat hunting. Published via Jupyter Book. https:\/\/threathunterplaybook.com\/ (2022)"},{"key":"5531_CR32","unstructured":"Sysdig, I.: Sysdig Secure Documentation. https:\/\/sysdig.com\/products\/secure\/ (2020)"},{"key":"5531_CR33","unstructured":"Sysdig, I.: Falco: ebpf-based runtime security. https:\/\/falco.org (2017)"},{"key":"5531_CR34","unstructured":"Elastic: Elastic Agent Documentation. https:\/\/www.elastic.co\/fr\/elastic-agent (2024). Accessed 17 Nov 2024"},{"key":"5531_CR35","unstructured":"OpenTelemetry: OpenTelemetry Community. https:\/\/github.com\/open-telemetry\/community Accessed 17 Nov 2024"},{"key":"5531_CR36","unstructured":"Eldjou, A., Amoura, M. E., Soltane, M., Belguidoum, M., Bennacer, S., & Kitouni, I. (2023). Enhancing Container Runtime Security: A Case Study in Threat Detection. In Proceedings of the 3rd Tunisian-Algerian Joint Conference on Applied Computing (TACC 2023) (pp. 55\u201369). CEUR Workshop Proceedings, Vol. 3642. https:\/\/ceur-ws.org\/Vol-3642\/paper5.pdf"}],"container-title":["Cluster Computing"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10586-025-05531-6.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10586-025-05531-6\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10586-025-05531-6.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,31]],"date-time":"2025-10-31T15:35:37Z","timestamp":1761924937000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10586-025-05531-6"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,9,15]]},"references-count":36,"journal-issue":{"issue":"12","published-print":{"date-parts":[[2025,11]]}},"alternative-id":["5531"],"URL":"https:\/\/doi.org\/10.1007\/s10586-025-05531-6","relation":{},"ISSN":["1386-7857","1573-7543"],"issn-type":[{"type":"print","value":"1386-7857"},{"type":"electronic","value":"1573-7543"}],"subject":[],"published":{"date-parts":[[2025,9,15]]},"assertion":[{"value":"2 December 2024","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"7 May 2025","order":2,"name":"revised","label":"Revised","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"11 May 2025","order":3,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"15 September 2025","order":4,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors have no relevant financial or non-financial interests to disclose.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}}],"article-number":"777"}}