{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,1]],"date-time":"2025-11-01T13:53:33Z","timestamp":1762005213763,"version":"3.37.3"},"reference-count":34,"publisher":"Springer Science and Business Media LLC","issue":"5","license":[{"start":{"date-parts":[[2020,7,21]],"date-time":"2020-07-21T00:00:00Z","timestamp":1595289600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2020,7,21]],"date-time":"2020-07-21T00:00:00Z","timestamp":1595289600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"DOI":"10.13039\/501100007601","name":"Horizon 2020","doi-asserted-by":"publisher","award":["826404"],"award-info":[{"award-number":["826404"]}],"id":[{"id":"10.13039\/501100007601","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["SN COMPUT. SCI."],"published-print":{"date-parts":[[2020,9]]},"abstract":"<jats:title>Abstract<\/jats:title><jats:p>As the confidentiality and integrity of modern health infrastructures is threatened by intrusions and real-time attacks related to privacy and cyber-security, there is a need for proposing novel methodologies to predict future incidents and identify new threat patterns. The main scope of this article is to propose an advanced extension to current Intrusion Detection System (IDS) solutions, which (i) harvests the knowledge out of health data sources or network monitoring to construct models for new threat patterns and (ii) encompasses methods for detecting threat patterns utilizing also advanced unsupervised machine learning data analytic methodologies. Although the work is motivated by the health sector, it is developed in a manner that is directly applicable to other domains.<\/jats:p>","DOI":"10.1007\/s42979-020-00226-8","type":"journal-article","created":{"date-parts":[[2020,7,21]],"date-time":"2020-07-21T10:02:42Z","timestamp":1595325762000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":6,"title":["A Methodology for Runtime Detection and Extraction of Threat Patterns"],"prefix":"10.1007","volume":"1","author":[{"given":"Christos","family":"Bellas","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Athanasios","family":"Naskos","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0800-8360","authenticated-orcid":false,"given":"Georgia","family":"Kougka","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"George","family":"Vlahavas","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Anastasios","family":"Gounaris","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Athena","family":"Vakali","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Apostolos","family":"Papadopoulos","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Evmorfia","family":"Biliri","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Nefeli","family":"Bountouni","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Gustavo Gonzalez","family":"Granadillo","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2020,7,21]]},"reference":[{"key":"226_CR1","unstructured":"CAPEC, Common Attack Patterns Enumeration and Classification, A community resource for identifying and understanding attacks. https:\/\/capec.mitre.org\/. Accessed 13 Sept 2019."},{"key":"226_CR2","unstructured":"Matrix Profile. https:\/\/www.cs.ucr.edu\/~eamonn\/MatrixProfile.html. Accessed 16 Oct 2019."},{"key":"226_CR3","unstructured":"SELKS. https:\/\/github.com\/StamusNetworks\/SELKS\/wiki. Accessed 20 Sept 2019."},{"key":"226_CR4","doi-asserted-by":"crossref","DOI":"10.1007\/978-3-319-14142-8","volume-title":"Data mining: the textbook","author":"CC Aggarwal","year":"2015","unstructured":"Aggarwal CC. Data mining: the textbook. Berlin: Springer; 2015."},{"key":"226_CR5","volume-title":"Outlier analysis","author":"CC Aggarwal","year":"2018","unstructured":"Aggarwal CC. Outlier analysis. 2nd ed. Berlin: Springer; 2018.","edition":"2"},{"key":"226_CR6","doi-asserted-by":"publisher","first-page":"19","DOI":"10.1016\/j.jnca.2015.11.016","volume":"60","author":"M Ahmed","year":"2016","unstructured":"Ahmed M, Mahmood AN, Hu J. A survey of network anomaly detection techniques. J Netw Comput Appl. 2016;60:19\u201331.","journal-title":"J Netw Comput Appl."},{"key":"226_CR7","doi-asserted-by":"crossref","unstructured":"Amudha P, Karthik S, Sivakumari S. Classification techniques for intrusion detection\u2014an overview 2013;","DOI":"10.5120\/13334-0928"},{"issue":"1","key":"226_CR8","doi-asserted-by":"publisher","first-page":"5","DOI":"10.1023\/A:1010933404324","volume":"45","author":"L Breiman","year":"2001","unstructured":"Breiman L. Random forests. Mach Learning. 2001;45(1):5\u201332.","journal-title":"Mach Learning"},{"issue":"1","key":"226_CR9","doi-asserted-by":"publisher","first-page":"266","DOI":"10.1109\/SURV.2013.050113.00191","volume":"16","author":"I Butun","year":"2014","unstructured":"Butun I, Morgera SD, Sankar R. A survey of intrusion detection systems in wireless sensor networks. IEEE Commun Surveys Tutorials. 2014;16(1):266\u201382.","journal-title":"IEEE Commun Surveys Tutorials"},{"issue":"2","key":"226_CR10","doi-asserted-by":"publisher","first-page":"33:1","DOI":"10.1145\/3170432","volume":"51","author":"M Dayarathna","year":"2018","unstructured":"Dayarathna M, Perera S. Recent advancements in event processing. ACM Comput Surv. 2018;51(2):33:1\u201336.","journal-title":"ACM Comput Surv."},{"key":"226_CR11","doi-asserted-by":"crossref","unstructured":"D\u00edaz-Honrubia AJ, Gonz\u00e1lez AR, Zamorano JM, Jim\u00e9nez JR, Gonzalez Granadillo G, Diaz R, Konidi M, Papachristou P, Nifakos S, Kougka G, Gounaris A. An overview of the CUREX platform. In: 32nd IEEE international symposium on computer-based medical systems, CBMS 2019, Cordoba, Spain, June 5-7, 2019, 2019;162\u2013167.","DOI":"10.1109\/CBMS.2019.00042"},{"key":"226_CR12","unstructured":"Faysel MA, Haque S. Towards cyber defense: research in intrusion detection and intrusion prevention systems 2010."},{"key":"226_CR13","doi-asserted-by":"publisher","first-page":"18","DOI":"10.1016\/j.cose.2008.08.003","volume":"28","author":"P Garc\u00eda-Teodoro","year":"2009","unstructured":"Garc\u00eda-Teodoro P, D\u00edaz-Verdejo J, Maci\u00e1-Fern\u00e1ndez G, V\u00e1zquez E. Anomaly-based network intrusion detection: techniques, systems and challenges. Comput Secur. 2009;28:18\u201328.","journal-title":"Comput Secur"},{"key":"226_CR14","unstructured":"Gartner: Magic Quadrant SIEM Report (2018). https:\/\/virtualizationandstorage.files.wordpress.com\/2018\/03\/magic-quadrant-for-security-information-and-event-3-dec-2018.pdf 2018. Accessed 28 Aug 2019."},{"key":"226_CR15","doi-asserted-by":"crossref","unstructured":"Gupta A, Birkner R, Canini M, Feamster N, Mac-Stoker C, Willinger W. Network monitoring as a streaming analytics problem. In: Proceedings of the 15th ACM workshop on hot topics in networks, 2016;106\u2013112.","DOI":"10.1145\/3005745.3005748"},{"key":"226_CR16","unstructured":"Harper A, VanDyke S, Blask C, Harris S, Miller D. Security Information and Event Management (SIEM) Implementation. : McGraw-Hill Osborne Media; 2010."},{"key":"226_CR17","doi-asserted-by":"crossref","unstructured":"Heady R, Luger G, Maccabe A, Servilla M. The architecture of a network level intrusion detection system 1990.","DOI":"10.2172\/425295"},{"key":"226_CR18","unstructured":"Hindy H, Brosset D, Bayne E, Seeam A, Tachtatzis C, Atkinson RC, Bellekens XJA. A taxonomy and survey of intrusion detection system design techniques, network threats and datasets. ArXiv abs\/1806.03517 2018."},{"key":"226_CR19","unstructured":"Kendall KR. A database of computer attacks for the evaluation of intrusion detection systems 1999."},{"key":"226_CR20","doi-asserted-by":"crossref","unstructured":"Kontaki M, Gounaris A, Papadopoulos AN, Tsichlas K, Manolopoulos Y. Continuous monitoring of distance-based outliers over data streams. In:\u00a02011 IEEE 27th international conference on data engineering, Hannover, pp 135\u2013146.","DOI":"10.1109\/ICDE.2011.5767923"},{"issue":"C","key":"226_CR21","doi-asserted-by":"publisher","first-page":"37","DOI":"10.1016\/j.is.2015.07.006","volume":"55","author":"M Kontaki","year":"2016","unstructured":"Kontaki M, Gounaris A, Papadopoulos AN, Tsichlas K, Manolopoulos Y. Efficient and flexible algorithms for monitoring distance-based outliers over data streams. Inform Syst. 2016;55(C):37\u201353.","journal-title":"Inform Syst."},{"key":"226_CR22","doi-asserted-by":"crossref","unstructured":"Korvesis P, Besseau S, Vazirgiannis M. Predictive maintenance in aviation: Failure prediction from post-flight reports. In: 34th IEEE international conference on data engineering, ICDE 2018, Paris, France, April 16-19, 2018, 2018;1414\u20131422.","DOI":"10.1109\/ICDE.2018.00160"},{"key":"226_CR23","doi-asserted-by":"crossref","unstructured":"Laskov P, D\u00fcssel P, Sch\u00e4fer C, Rieck K. Learning intrusion detection: Supervised or unsupervised? 2005;50\u201357.","DOI":"10.1007\/11553595_6"},{"key":"226_CR24","doi-asserted-by":"crossref","unstructured":"Lewis K. Endpoint security. Computer and Information Security Handbook 2017;1049\u20131055.","DOI":"10.1016\/B978-0-12-803843-7.00078-8"},{"key":"226_CR25","unstructured":"Louppe G, Wehenkel L, Sutera A, Geurts P. Understanding variable importances in forests of randomized trees. In: Proceedings of the 26th international conference on neural information processing systems, Volume 1, NIPS\u201913, 2013;431\u2013439."},{"key":"226_CR26","doi-asserted-by":"publisher","first-page":"686","DOI":"10.1109\/COMST.2018.2847722","volume":"21","author":"P Mishra","year":"2019","unstructured":"Mishra P, Varadharajan V, Tupakula U, Pilli ES. A detailed investigation and analysis of using machine learning techniques for intrusion detection. IEEE Commun Surveys Tutorials. 2019;21:686\u2013728.","journal-title":"IEEE Commun Surveys Tutorials"},{"issue":"1","key":"226_CR27","doi-asserted-by":"publisher","first-page":"37","DOI":"10.1016\/j.eij.2013.10.003","volume":"15","author":"G Nadiammai","year":"2014","unstructured":"Nadiammai G, Hemalatha M. Effective approach toward intrusion detection system using data mining techniques. Egypt Inform J. 2014;15(1):37\u201350.","journal-title":"Egypt Inform J"},{"key":"226_CR28","unstructured":"Naskos A, Gounaris A. Efficiency assessment of event-based predictive maintenance in industry 4.0. In: Advances in data mining\u2014applications and theoretical aspects, 19th industrial conference, ICDM 2019, New York, USA, July 17\u2013July 21, 2019, 2019;103\u2013117."},{"key":"226_CR29","doi-asserted-by":"crossref","unstructured":"Naskos A, Kougka G, Toliopoulos T, Gounaris A, Vamvalis C, Caljouw D. Event-based predictive maintenance on top of sensor data in a real industry 4 . 0 case study. In: ECML\/PKDD workshop on IoT Stream for Data Driven Predictive Maintenance 2019.","DOI":"10.1007\/978-3-030-43887-6_28"},{"key":"226_CR30","doi-asserted-by":"crossref","unstructured":"Toliopoulos T, Gounaris A, Tsichlas K, Papadopoulos AN, Sampaio S. Parallel continuous outlier mining in streaming data. In: 2018 IEEE 5th international conference on data science and advanced analytics (DSAA) 2018;227\u2013236.","DOI":"10.1109\/DSAA.2018.00033"},{"issue":"12","key":"226_CR31","doi-asserted-by":"publisher","first-page":"1089","DOI":"10.14778\/2994509.2994526","volume":"9","author":"L Tran","year":"2016","unstructured":"Tran L, Fan L, Shahabi C. Distance-based outlier detection in data streams. Proc VLDB Endow. 2016;9(12):1089\u2013100.","journal-title":"Proc VLDB Endow."},{"key":"226_CR32","doi-asserted-by":"crossref","unstructured":"Verizon: Data Breach Investigations Report (2019). https:\/\/www.cs.ucr.edu\/~eamonn\/MatrixProfile.html. Accessed 1 Nov 2019.","DOI":"10.1016\/S1361-3723(19)30060-0"},{"key":"226_CR33","first-page":"76","volume":"2003","author":"DJ Welch","year":"2003","unstructured":"Welch DJ, Lathrop S. Wireless security threat taxonomy. IEEE Syst Man Cybernet Soci Inform Assurance Workshop. 2003;2003:76\u201383.","journal-title":"IEEE Syst Man Cybernet Soci Inform Assurance Workshop"},{"key":"226_CR34","doi-asserted-by":"crossref","unstructured":"Yeh CM, Zhu Y, Ulanova L, Begum N, Ding Y, Dau HA, Silva DF, Mueen A, Keogh E. Matrix profile i: All pairs similarity joins for time series: A unifying view that includes motifs, discords and shapelets. In: 2016 IEEE 16th international conference on data mining (ICDM), 2016;1317\u20131322.","DOI":"10.1109\/ICDM.2016.0179"}],"container-title":["SN Computer Science"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s42979-020-00226-8.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s42979-020-00226-8\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s42979-020-00226-8.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,10,4]],"date-time":"2023-10-04T15:46:35Z","timestamp":1696434395000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s42979-020-00226-8"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,7,21]]},"references-count":34,"journal-issue":{"issue":"5","published-print":{"date-parts":[[2020,9]]}},"alternative-id":["226"],"URL":"https:\/\/doi.org\/10.1007\/s42979-020-00226-8","relation":{},"ISSN":["2662-995X","2661-8907"],"issn-type":[{"type":"print","value":"2662-995X"},{"type":"electronic","value":"2661-8907"}],"subject":[],"published":{"date-parts":[[2020,7,21]]},"assertion":[{"value":"9 March 2020","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"10 June 2020","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"21 July 2020","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Compliance with ethical standards"}},{"value":"We declare a CoI against all partners working in Aristotle University of Thessaloniki and Suite5 and ATOS companies.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}}],"article-number":"238"}}