{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,8]],"date-time":"2026-02-08T08:41:06Z","timestamp":1770540066842,"version":"3.49.0"},"reference-count":28,"publisher":"IEEE","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2015,7]]},"DOI":"10.1109\/iscc.2015.7405523","type":"proceedings-article","created":{"date-parts":[[2016,2,16]],"date-time":"2016-02-16T00:54:13Z","timestamp":1455584053000},"page":"245-250","source":"Crossref","is-referenced-by-count":1,"title":["Events and causal factors charting of kernel traces for root cause analysis"],"prefix":"10.1109","author":[{"given":"Yi-Ching","family":"Liao","sequence":"first","affiliation":[]},{"given":"Hanno","family":"Langweg","sequence":"additional","affiliation":[]}],"member":"263","reference":[{"key":"ref10","first-page":"190","article-title":"Abstraction-based misuse detection: high-level specifications and adaptable strategies","author":"lin","year":"1998","journal-title":"Computer Security Foundations Workshop 1998 Proceedings 11th IEEE"},{"key":"ref11","doi-asserted-by":"crossref","first-page":"71","DOI":"10.3233\/JCS-2002-101-204","article-title":"STATL: An attack language for state-based intrusion detection","volume":"10","author":"eckmann","year":"2002","journal-title":"Journal of Computer Security"},{"key":"ref12","author":"uppuluri","year":"2003","journal-title":"Intrusion Detection\/Prevention Using Behavior Specfications"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1145\/950191.950192"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1002\/0471662542"},{"key":"ref15","author":"andersen","year":"2006","journal-title":"Root Cause Analysis Simplified Tools and Techniques"},{"key":"ref16","first-page":"45","article-title":"Root cause analysis for beginners","volume":"37","author":"rooney","year":"2004","journal-title":"Quality Progress"},{"key":"ref17","article-title":"Events and Causal Factors Analysis","author":"buys","year":"1995"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1145\/2598918.2598921"},{"key":"ref19","first-page":"1","article-title":"Defining digital forensic examination and analysis tools using abstraction layers","volume":"1","author":"carrier","year":"2003","journal-title":"International Journal of Digital Evidence"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1002\/9781118904589.ch9"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-45875-1_12"},{"key":"ref27","article-title":"MORT: The Management Oversight and Risk Tree","author":"johnson","year":"1975","journal-title":"Journal of Safety Research"},{"key":"ref3","first-page":"42","article-title":"A Survey of Trace Exploration Tools and Techniques","author":"hamou-lhadj","year":"2004","journal-title":"Proceedings of the 2004 Conference of the Centre for Advanced Studies on Collaborative Research"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.1997.610288"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1109\/2.589912"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1109\/CCECE.2011.6030698"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1109\/CCECE.2009.5090273"},{"key":"ref2","first-page":"1","author":"tan","year":"2001","journal-title":"Forensic Readiness"},{"key":"ref9","author":"kumar","year":"1995","journal-title":"Classification and detection of computer intrusions"},{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1109\/JISIC.2014.28"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1155\/2012\/140368"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.3115\/1225403.1225421"},{"key":"ref21","article-title":"strace","author":"levin","year":"2013"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-45848-4_57"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1145\/2025113.2025151"},{"key":"ref26","author":"casey","year":"2011","journal-title":"Digital evidence and computer crime Forensic science computers and the Internet"},{"key":"ref25","first-page":"360","article-title":"Alert correlation through triggering events and common resources","author":"xu","year":"2004","journal-title":"Computer Security Applications Conference 2004 20th Annual"}],"event":{"name":"2015 20th IEEE Symposium on Computers and Communication (ISCC)","location":"Larnaca","start":{"date-parts":[[2015,7,6]]},"end":{"date-parts":[[2015,7,9]]}},"container-title":["2015 IEEE Symposium on Computers and Communication (ISCC)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/7397314\/7405441\/07405523.pdf?arnumber=7405523","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,9,4]],"date-time":"2019-09-04T16:34:33Z","timestamp":1567614873000},"score":1,"resource":{"primary":{"URL":"http:\/\/ieeexplore.ieee.org\/document\/7405523\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015,7]]},"references-count":28,"URL":"https:\/\/doi.org\/10.1109\/iscc.2015.7405523","relation":{},"subject":[],"published":{"date-parts":[[2015,7]]}}}