{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2022,5,12]],"date-time":"2022-05-12T23:48:55Z","timestamp":1652399335555},"reference-count":30,"publisher":"Springer Science and Business Media LLC","issue":"45-46","license":[{"start":{"date-parts":[[2018,9,20]],"date-time":"2018-09-20T00:00:00Z","timestamp":1537401600000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2018,9,20]],"date-time":"2018-09-20T00:00:00Z","timestamp":1537401600000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Multimed Tools Appl"],"published-print":{"date-parts":[[2020,12]]},"DOI":"10.1007\/s11042-018-6689-7","type":"journal-article","created":{"date-parts":[[2018,9,20]],"date-time":"2018-09-20T08:28:06Z","timestamp":1537432086000},"page":"33349-33363","update-policy":"http:\/\/dx.doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":4,"title":["Network threat detection based on correlation analysis of multi-platform multi-source alert data"],"prefix":"10.1007","volume":"79","author":[{"given":"Xindai","family":"Lu","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jiajia","family":"Han","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Qianbo","family":"Ren","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Hua","family":"Dai","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jiyuan","family":"Li","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jing","family":"Ou","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2018,9,20]]},"reference":[{"issue":"4","key":"6689_CR1","first-page":"29","volume":"2","author":"T Bray","year":"2007","unstructured":"Bray T, Paoli J, Sperberg-Mcqueen CM, Maler E (2007) Extensible markup language (xml) 1.0. World Wide Web J 2(4):29\u201366","journal-title":"World Wide Web J"},{"key":"6689_CR2","doi-asserted-by":"crossref","unstructured":"Debar H, Wespi A (2001) Aggregation and correlation of intrusion-detection alerts 2212, pp 85\u2013103","DOI":"10.1007\/3-540-45474-8_6"},{"key":"6689_CR3","doi-asserted-by":"crossref","unstructured":"Endorf C, Schultz E, Mellander J (2004) Intrusion detection& prevention","DOI":"10.1016\/j.cose.2004.04.004"},{"issue":"14","key":"6689_CR4","doi-asserted-by":"publisher","first-page":"2245","DOI":"10.1002\/sec.1483","volume":"9","author":"D Faraji","year":"2016","unstructured":"Faraji D, Abbaspour M (2016) Extracting fuzzy attack patterns using an online fuzzy adaptive alert correlation framework. Secur Commun Netw 9(14):2245\u20132260","journal-title":"Secur Commun Netw"},{"issue":"11","key":"6689_CR5","first-page":"2493","volume":"51","author":"X Feng","year":"2014","unstructured":"Feng X, Wang D, Huang M, Li J (2014) A causal knowledge mining method based on markov property. J Comput Res Dev 51(11):2493\u20132504","journal-title":"J Comput Res Dev"},{"key":"6689_CR6","doi-asserted-by":"publisher","DOI":"10.1002\/sec.1190","volume-title":"A realistic graph-based alert correlation system","author":"O Fredj","year":"2015","unstructured":"Fredj O (2015) A realistic graph-based alert correlation system. Wiley, New York"},{"key":"6689_CR7","doi-asserted-by":"crossref","unstructured":"Fournier-Viger P, Wu CW, Tseng VS (2013) Mining maximal sequential patterns without candidate maintenance. In: Proceedings of the 9th international conference on advanced data mining and applications, pp 169\u2013180","DOI":"10.1007\/978-3-642-53914-5_15"},{"issue":"5","key":"6689_CR8","doi-asserted-by":"publisher","first-page":"822","DOI":"10.1002\/sec.1039","volume":"8","author":"M Ghasemigol","year":"2015","unstructured":"Ghasemigol M, Ghaemi-Bafghi A (2015) E-correlator: an entropy-based alert correlation system. Secur Commun Netw 8(5):822\u2013836","journal-title":"Secur Commun Netw"},{"issue":"8","key":"6689_CR9","doi-asserted-by":"publisher","first-page":"1662","DOI":"10.1016\/j.comnet.2010.12.008","volume":"55","author":"M Govindarajanm","year":"2011","unstructured":"Govindarajanm M, Chandrasekaranr M (2011) Intrusion detection using neural based hybrid classification methods. Comput Netw 55(8):1662\u20131671","journal-title":"Comput Netw"},{"key":"6689_CR10","unstructured":"Idmef, https:\/\/en.wikipedia.org\/wiki\/Intrusion_Detection_Message_Exchange_Format"},{"key":"6689_CR11","doi-asserted-by":"crossref","unstructured":"Kawakani C, Junior S, Miani R (2016) Intrusion alert correlation to support security management. In: Xii Brazilian symposium on information systems on Brazilian symposium on information systems: information systems in the cloud computing era, p 42","DOI":"10.5753\/sbsi.2016.5977"},{"issue":"1","key":"6689_CR12","first-page":"1911","volume":"41","author":"H Li","year":"2004","unstructured":"Li H (2004) Research on intrusion event correlation method based on interactive knowledge discovery. J Comput Res Dev 41(1):1911\u20131918","journal-title":"J Comput Res Dev"},{"key":"6689_CR13","first-page":"1714","volume":"2","author":"P Lichodzijewski","year":"2002","unstructured":"Lichodzijewski P, Zineir-Heywood AN, Heywood MI (2002) Host-based intrusion detection using self-organizing maps. IEEE Comput Soc 2:1714\u20131719","journal-title":"IEEE Comput Soc"},{"key":"6689_CR14","doi-asserted-by":"crossref","unstructured":"Lippmann R, Webster S, Stetson D (2002) The effect of identifying vulnerabilities and pathing software on the utility of network intrusion detection. In: The 5th international symposium on recent advances in intrusion detection","DOI":"10.1007\/3-540-36084-0_17"},{"issue":"10","key":"6689_CR15","doi-asserted-by":"publisher","first-page":"1570","DOI":"10.1002\/sec.855","volume":"7","author":"X Liu","year":"2014","unstructured":"Liu X, Xia Y, Wang Y, Ren J (2014) Discovering anomaly on the basis of flow estimation of alert feature distribution. Secur Commun Netw 7(10):1570\u20131581","journal-title":"Secur Commun Netw"},{"issue":"3","key":"6689_CR16","first-page":"1495","volume":"75","author":"X Liu","year":"2016","unstructured":"Liu X, Huet B (2016) Event-based cross media question answering. Multi Syst 75(3):1495\u20131508","journal-title":"Multi Syst"},{"issue":"8","key":"6689_CR17","doi-asserted-by":"publisher","first-page":"1316","DOI":"10.1016\/j.jcss.2016.05.006","volume":"82","author":"X Liu","year":"2016","unstructured":"Liu X, Xia Y, Chen W, Xiang Y, Hassan MM, Alelaiwi A (2016) semd: Secure and efficient message dissemination with policy enforcement in vanet. J Comput Syst Sci 82(8):1316\u20131328","journal-title":"J Comput Syst Sci"},{"issue":"10","key":"6689_CR18","first-page":"1427","volume":"52","author":"J Ma","year":"2012","unstructured":"Ma J, Jin M, Yang Y, Zhang J (2012) Privacy preserving multi-step attack association algorithm based on sequential pattern mining. J Tsinghua Univ (Sci Technol) 52(10):1427\u20131434","journal-title":"J Tsinghua Univ (Sci Technol)"},{"key":"6689_CR19","doi-asserted-by":"crossref","unstructured":"Ning P, Cui Y, Reeves D (2004) Techniques and tools for analyzing intrusion alerts. In: ACM transactions on information and system security, pp 274\u2013317","DOI":"10.1145\/996943.996947"},{"key":"6689_CR20","unstructured":"Ramaki A, Khosravi-Farmad M, Bafghi A (2016) Alert correlation system with automatic extraction of attack strategies by using dynamic feature weights. In: International Iranian society of cryptology conference on information security and cryptology"},{"key":"6689_CR21","unstructured":"Sekar R, Bendre M, Dhurjati D (2001) A fast automation-based method for detecting anomalous program behaviors. In: Proceedings of the IEEE symposium on security and privacy. IEEE Computer Society, pp 144\u2013152"},{"issue":"8","key":"6689_CR22","first-page":"1304","volume":"46","author":"Z Tian","year":"2009","unstructured":"Tian Z, Zhang Y, Zhang W, Li Y, Ye J (2009) Adaptive alarm correlation based on pattern mining and clustering analysisy. J Comput Res Dev 46(8):1304\u20131315","journal-title":"J Comput Res Dev"},{"key":"6689_CR23","unstructured":"Wang YCCH Alert correlation system with automatic extraction of attack strategies by using dynamic feature weights"},{"issue":"1","key":"6689_CR24","first-page":"55","volume":"31","author":"Z Wang","year":"2016","unstructured":"Wang Z, Yuan P, Huang X (2016) Research on a new multi step attack scenario construction technology. J Southwest Univ Sci Technol 31(1):55\u201360","journal-title":"J Southwest Univ Sci Technol"},{"issue":"10","key":"6689_CR25","first-page":"3607","volume":"8","author":"Y Xia","year":"2014","unstructured":"Xia Y, Xia F, Liu X, Sun X, Liu Y, Ge Y (2014) An improved privacy preserving construction for data integrity verification in cloud storage. KSII Trans Inter Inf Syst 8(10):3607\u20133623","journal-title":"KSII Trans Inter Inf Syst"},{"key":"6689_CR26","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.tcs.2015.12.025","volume":"618","author":"Y Xia","year":"2016","unstructured":"Xia Y, Liu X, Xia F, Wang G (2016) A reduction of security notions in designated confirmer signatures. Theor Comput Sci 618:1\u201320","journal-title":"Theor Comput Sci"},{"key":"6689_CR27","unstructured":"Xu Y (2011) Research on network attack classification. Silicon Valley, pp 109\u2013109"},{"key":"6689_CR28","doi-asserted-by":"crossref","unstructured":"Yan H, Liu X, Hong R (2016) Image classification via fusing the latent deep cnn feature. In: International conference on internet multimedia computing and service, pp 110\u2013113","DOI":"10.1145\/3007669.3007706"},{"issue":"2","key":"6689_CR29","first-page":"400","volume":"96","author":"X Ye","year":"2018","unstructured":"Ye X, Han M (2018) Alert correlation using support vector machine for multi intrusion detection systems. J Theor Appl Inf Tech 96(2):400\u2013407","journal-title":"J Theor Appl Inf Tech"},{"key":"6689_CR30","unstructured":"Zhang J, Li X, Wang H Real-time alert correlation approach based on attack planning graph. J Comput Appl 36(6):1538\u20131543"}],"container-title":["Multimedia Tools and Applications"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s11042-018-6689-7.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s11042-018-6689-7\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s11042-018-6689-7.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,11,30]],"date-time":"2020-11-30T18:13:39Z","timestamp":1606760019000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s11042-018-6689-7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,9,20]]},"references-count":30,"journal-issue":{"issue":"45-46","published-print":{"date-parts":[[2020,12]]}},"alternative-id":["6689"],"URL":"https:\/\/doi.org\/10.1007\/s11042-018-6689-7","relation":{},"ISSN":["1380-7501","1573-7721"],"issn-type":[{"value":"1380-7501","type":"print"},{"value":"1573-7721","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018,9,20]]},"assertion":[{"value":"10 March 2018","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"12 August 2018","order":2,"name":"revised","label":"Revised","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"12 September 2018","order":3,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"20 September 2018","order":4,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}]}}