{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,2,21]],"date-time":"2025-02-21T14:41:10Z","timestamp":1740148870179,"version":"3.37.3"},"reference-count":26,"publisher":"Springer Science and Business Media LLC","issue":"3-4","license":[{"start":{"date-parts":[[2023,10,9]],"date-time":"2023-10-09T00:00:00Z","timestamp":1696809600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2023,10,9]],"date-time":"2023-10-09T00:00:00Z","timestamp":1696809600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Ann. Telecommun."],"published-print":{"date-parts":[[2024,4]]},"DOI":"10.1007\/s12243-023-00993-4","type":"journal-article","created":{"date-parts":[[2023,10,9]],"date-time":"2023-10-09T09:15:09Z","timestamp":1696842909000},"page":"257-270","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["An approach for detecting multi-institution attacks"],"prefix":"10.1007","volume":"79","author":[{"ORCID":"https:\/\/orcid.org\/0009-0008-0080-6692","authenticated-orcid":false,"given":"Saif","family":"Zabarah","sequence":"first","affiliation":[]},{"given":"Omar","family":"Naman","sequence":"additional","affiliation":[]},{"given":"Mohammad A.","family":"Salahuddin","sequence":"additional","affiliation":[]},{"given":"Raouf","family":"Boutaba","sequence":"additional","affiliation":[]},{"given":"Samer","family":"Al-Kiswany","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2023,10,9]]},"reference":[{"key":"993_CR1","unstructured":"Government Accountability Office (2021). Cyber Insurance-Insurers and policyholders face challenges in an evolving market, from https:\/\/www.gao.gov\/assets\/gao-21-477.pdf. Accessed Jan 2023"},{"key":"993_CR2","first-page":"113","volume":"1","author":"M Akbanov","year":"2019","unstructured":"Akbanov M, Vassilakis V (2019) WannaCry ransomware: analysis of infection, persistence, recovery prevention and propagation mechanisms. J Telecommun Inf Tech 1:113\u2013124","journal-title":"J Telecommun Inf Tech"},{"key":"993_CR3","unstructured":"Accenture Security (2021). Ninth Annual cost of cybercrime study, from https:\/\/www.digitalmarketingcommunity.com\/researches\/ninth-annual-cost-of-cybercrime-research-2019. Accessed Jan 2023"},{"key":"993_CR4","unstructured":"Bilodeau H, Lari M, Uhrbach M (2019) Cyber security and cybercrime challenges of Canadian businesses in 2017, from https:\/\/www150.statcan.gc.ca\/n1\/pub\/85-002-x\/2019001\/article\/00006-eng.htm. Accessed Jan 2023"},{"key":"993_CR5","unstructured":"Dunning T, Friedman E (2014) In: Practical Machine Learning: Innovations in Recommendation. O\u2019Reilly"},{"key":"993_CR6","unstructured":"CANARIE (2022). Canarie.ca, from https:\/\/www.canarie.ca\/. Accessed Jan 2023"},{"key":"993_CR7","doi-asserted-by":"publisher","unstructured":"Zabarah S, Naman O, Salahuddin MA, Boutaba R, Al-Kiswany S (2023) Soteria: an approach for detecting multi-institution attacks. In: 2023 26th Conference on innovation in clouds, internet and networks and workshops (ICIN), pp 113\u2013120. https:\/\/doi.org\/10.1109\/ICIN56760.2023.10073491","DOI":"10.1109\/ICIN56760.2023.10073491"},{"key":"993_CR8","unstructured":"Udhayan J, Prabu M, Krishnan V, Anitha R (2009) Reconnaissance scan detection heuristics to disrupt the preattack information gathering. In: International conference on network and service security"},{"key":"993_CR9","doi-asserted-by":"publisher","first-page":"450","DOI":"10.1109\/SECON.2005.1423286","volume":"2005","author":"WH Allen","year":"2005","unstructured":"Allen WH, Marin GA, Rivera LA (2005) Automated detection of malicious reconnaissance to enhance network security. Proceedings. IEEE SoutheastCon 2005:450\u2013454. https:\/\/doi.org\/10.1109\/SECON.2005.1423286","journal-title":"Proceedings. IEEE SoutheastCon"},{"key":"993_CR10","doi-asserted-by":"publisher","unstructured":"Cao J, Jin Y, Chen A, Bu T, Zhang Z-L (2009) Identifying high cardinality internet hosts. In: IEEE INFOCOM 2009. https:\/\/doi.org\/10.1109\/INFCOM.2009.5061990","DOI":"10.1109\/INFCOM.2009.5061990"},{"key":"993_CR11","doi-asserted-by":"publisher","unstructured":"Kamiyama N, Mori T, Kawahara R (2007) Simple and adaptive identification of superspreaders by flow sampling. In: IEEE INFOCOM. https:\/\/doi.org\/10.1109\/INFCOM.2007.305","DOI":"10.1109\/INFCOM.2007.305"},{"issue":"5","key":"993_CR12","doi-asserted-by":"publisher","first-page":"547","DOI":"10.1109\/TDSC.2015.2423675","volume":"13","author":"Y Liu","year":"2016","unstructured":"Liu Y, Chen W, Guan Y (2016) Identifying high-cardinality hosts from network-wide traffic measurements. IEEE Trans Dependable and Secure Comput 13(5):547\u2013558. https:\/\/doi.org\/10.1109\/TDSC.2015.2423675","journal-title":"IEEE Trans Dependable and Secure Comput"},{"key":"993_CR13","unstructured":"The Zeek Project (2022). conn.log - Book of ZEEK, from https:\/\/docs.zeek.org\/en\/master\/logs\/conn.html. Accessed Jan 2023"},{"key":"993_CR14","unstructured":"Cisco: networking, cloud, and cybersecurity solutions (2022). Snort, from https:\/\/www.snort.org. Accessed Jan 2023"},{"key":"993_CR15","unstructured":"The Open Information Security Foundation (OISF) (2022). Suricata, from https:\/\/www.suricata.io\/. Accessed Jan 2023"},{"key":"993_CR16","unstructured":"Feng B (2021) Threat intelligence sharing: what kind of intelligence to share? Concordia, from https:\/\/www.concordia-h2020.eu\/blog-post\/threat-intelligence-sharing\/. Accessed Jan 2023"},{"key":"993_CR17","unstructured":"Marathon Studios Inc (2016). AbuseIPDB - IP address abuse reports, from https:\/\/www.abuseipdb.com\/. Accessed Jan 2023"},{"key":"993_CR18","unstructured":"Hispasec Sistemas (2004). virustotal.com, from https:\/\/www.virustotal.com\/. Accessed Jan 2023"},{"key":"993_CR19","unstructured":"The MITRE Corporation (1999). CVE - common vulnerabilities and exposures, from https:\/\/cve.mitre.org\/. Accessed Jan 2023"},{"key":"993_CR20","unstructured":"The MITRE Corporation (2006). CWE - common weakness enumeration, from https:\/\/cwe.mitre.org\/. Accessed Jan 2023"},{"key":"993_CR21","unstructured":"Solarwinds (2023). Intrusion Detection Software, from https:\/\/www.solarwinds.com\/security-event-manager\/use-cases\/intrusion-detection-software. Accessed Jan 2023"},{"key":"993_CR22","doi-asserted-by":"publisher","first-page":"154","DOI":"10.1016\/j.cose.2016.04.003","volume":"60","author":"F Skopik","year":"2016","unstructured":"Skopik F, Settanni G, Fiedler R (2016) A problem shared is a problem halved: a survey on the dimensions of collective cyber defense through security information sharing. Comput Secur 60:154\u2013176. https:\/\/doi.org\/10.1016\/j.cose.2016.04.003","journal-title":"Comput Secur"},{"key":"993_CR23","doi-asserted-by":"publisher","first-page":"166","DOI":"10.1016\/j.jisa.2016.05.005","volume":"34","author":"G Settanni","year":"2017","unstructured":"Settanni G, Skopik F, Shovgenya Y, Fiedler R, Carolan M, Conroy D, Boettinger K, Gall M, Brost G, Ponchel C, Haustein M, Kaufmann H, Theuerkauf K, Olli P (2017) A collaborative cyber incident management system for European interconnected critical infrastructures. J Inf Secur Appl 34:166\u2013182. https:\/\/doi.org\/10.1016\/j.jisa.2016.05.005","journal-title":"J Inf Secur Appl"},{"key":"993_CR24","doi-asserted-by":"publisher","first-page":"1735","DOI":"10.1162\/neco.1997.9.8.1735","volume":"9","author":"S Hochreiter","year":"1997","unstructured":"Hochreiter S, Schmidhuber J (1997) Long short-term memory. Neural Comput 9:1735\u201380. https:\/\/doi.org\/10.1162\/neco.1997.9.8.1735","journal-title":"Neural Comput"},{"key":"993_CR25","unstructured":"Chollet F et al (2015) Keras. https:\/\/keras.io"},{"key":"993_CR26","unstructured":"Kingma DP, Ba J (2017) Adam: a method for stochastic optimization"}],"container-title":["Annals of Telecommunications"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s12243-023-00993-4.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s12243-023-00993-4\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s12243-023-00993-4.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,4,12]],"date-time":"2024-04-12T08:43:19Z","timestamp":1712911399000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s12243-023-00993-4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,10,9]]},"references-count":26,"journal-issue":{"issue":"3-4","published-print":{"date-parts":[[2024,4]]}},"alternative-id":["993"],"URL":"https:\/\/doi.org\/10.1007\/s12243-023-00993-4","relation":{},"ISSN":["0003-4347","1958-9395"],"issn-type":[{"type":"print","value":"0003-4347"},{"type":"electronic","value":"1958-9395"}],"subject":[],"published":{"date-parts":[[2023,10,9]]},"assertion":[{"value":"10 May 2023","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"19 September 2023","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"9 October 2023","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare no competing interests.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}}]}}