{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,10]],"date-time":"2026-02-10T18:25:21Z","timestamp":1770747921969,"version":"3.49.0"},"reference-count":27,"publisher":"IEEE","license":[{"start":{"date-parts":[[2020,4,1]],"date-time":"2020-04-01T00:00:00Z","timestamp":1585699200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2020,4,1]],"date-time":"2020-04-01T00:00:00Z","timestamp":1585699200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2020,4,1]],"date-time":"2020-04-01T00:00:00Z","timestamp":1585699200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020,4]]},"DOI":"10.1109\/noms47738.2020.9110301","type":"proceedings-article","created":{"date-parts":[[2020,6,8]],"date-time":"2020-06-08T22:06:15Z","timestamp":1591653975000},"page":"1-5","source":"Crossref","is-referenced-by-count":4,"title":["Process mining-based approach for investigating malicious login events"],"prefix":"10.1109","author":[{"given":"Sofiane","family":"Lagraa","sequence":"first","affiliation":[]},{"given":"Radu","family":"State","sequence":"additional","affiliation":[]}],"member":"263","reference":[{"key":"ref10","author":"kent","year":"2015","journal-title":"Multi-Source Cyber-Security Events"},{"key":"ref11","article-title":"Cybersecurity data sources for dynamic network research","author":"kent","year":"2015","journal-title":"Dynamic Networks in Cybersecurity"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1002\/nem.2065"},{"key":"ref13","article-title":"feature engineering in big data for detection of information system misuse","author":"lopze","year":"2018"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1109\/ISCC.2016.7543771"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1145\/3231053.3231057"},{"key":"ref16","first-page":"144","article-title":"Huma: A multi-layer framework for threat analysis in a heterogeneous log environment","author":"navarro","year":"2017","journal-title":"Foundations and Practice of Security - 10th International Symposium FPS"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1007\/s10618-013-0313-2"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1145\/948134.948137"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1016\/S1389-1286(99)00112-7"},{"key":"ref4","first-page":"63","article-title":"Graph-based malicious login events investigation","author":"amrouche","year":"2019","journal-title":"IFIP\/IEEE International Symposium on Integrated Network Management IM 2019"},{"key":"ref27","first-page":"614","article-title":"Mining and application of user behavior pattern based on operation and maintenance data","author":"zhang","year":"2019","journal-title":"IFIP\/IEEE International Symposium on Integrated Network Management IM 2019"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1145\/2480362.2480634"},{"key":"ref6","author":"caswell","year":"2003","journal-title":"Snort 2 0 intrusion detection"},{"key":"ref5","first-page":"13","article-title":"Process Mining for Python (PM4Py): Bridging the Gap Between Process-and Data Science","author":"berti","year":"2019"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1016\/j.comcom.2014.04.012"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1109\/INFCOM.2009.5061947"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1145\/2245276.2232051"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1109\/NOMS.2018.8406295"},{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1016\/j.entcs.2004.10.013"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1109\/ICCCN.2017.8038522"},{"key":"ref22","article-title":"Rosdefender: Dynamic security policy enforcement for robotic applications","author":"sean","year":"2019","journal-title":"Proceedings of the ACM Workshop on the Internet of Safe Things (SafeThings)"},{"key":"ref21","first-page":"229","article-title":"Snort - lightweight intrusion detection for networks","author":"roesch","year":"1999","journal-title":"LISA '99 Proceedings of the 13th USENIX conference on System administration"},{"key":"ref24","doi-asserted-by":"crossref","DOI":"10.1007\/978-3-642-19345-3","author":"van der aalst","year":"2011","journal-title":"Process Mining - Discovery Conformance and Enhancement of Business Processes"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.4236\/jis.2012.33024"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2015.27"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1007\/11494744_25"}],"event":{"name":"NOMS 2020-2020 IEEE\/IFIP Network Operations and Management Symposium","location":"Budapest, Hungary","start":{"date-parts":[[2020,4,20]]},"end":{"date-parts":[[2020,4,24]]}},"container-title":["NOMS 2020 - 2020 IEEE\/IFIP Network Operations and Management Symposium"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/9107308\/9110252\/09110301.pdf?arnumber=9110301","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,6,28]],"date-time":"2022-06-28T21:55:10Z","timestamp":1656453310000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/9110301\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,4]]},"references-count":27,"URL":"https:\/\/doi.org\/10.1109\/noms47738.2020.9110301","relation":{},"subject":[],"published":{"date-parts":[[2020,4]]}}}