{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,26]],"date-time":"2026-03-26T14:53:11Z","timestamp":1774536791313,"version":"3.50.1"},"reference-count":106,"publisher":"Association for Computing Machinery (ACM)","issue":"1","license":[{"start":{"date-parts":[[2016,5,12]],"date-time":"2016-05-12T00:00:00Z","timestamp":1463011200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"Bright Spark Unit"},{"name":"Malaysian Ministry of Higher Education under the University of Malaya"},{"DOI":"10.13039\/501100000923","name":"Australian Research Council","doi-asserted-by":"crossref","id":[{"id":"10.13039\/501100000923","id-type":"DOI","asserted-by":"crossref"}]},{"DOI":"10.13039\/501100004386","name":"University of Malaya","doi-asserted-by":"crossref","id":[{"id":"10.13039\/501100004386","id-type":"DOI","asserted-by":"crossref"}]},{"name":"Malaysia and a High Impact Research","award":["UM.C\/625\/1\/HIR\/MOE\/FCSIT\/17"],"award-info":[{"award-number":["UM.C\/625\/1\/HIR\/MOE\/FCSIT\/17"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Comput. Surv."],"published-print":{"date-parts":[[2017,3,31]]},"abstract":"<jats:p>Cloud log forensics (CLF) mitigates the investigation process by identifying the malicious behavior of attackers through profound cloud log analysis. However, the accessibility attributes of cloud logs obstruct accomplishment of the goal to investigate cloud logs for various susceptibilities. Accessibility involves the issues of cloud log access, selection of proper cloud log file, cloud log data integrity, and trustworthiness of cloud logs. Therefore, forensic investigators of cloud log files are dependent on cloud service providers (CSPs) to get access of different cloud logs. Accessing cloud logs from outside the cloud without depending on the CSP is a challenging research area, whereas the increase in cloud attacks has increased the need for CLF to investigate the malicious activities of attackers. This paper reviews the state of the art of CLF and highlights different challenges and issues involved in investigating cloud log data. The logging mode, the importance of CLF, and cloud log-as-a-service are introduced. Moreover, case studies related to CLF are explained to highlight the practical implementation of cloud log investigation for analyzing malicious behaviors. The CLF security requirements, vulnerability points, and challenges are identified to tolerate different cloud log susceptibilities. We identify and introduce challenges and future directions to highlight open research areas of CLF for motivating investigators, academicians, and researchers to investigate them.<\/jats:p>","DOI":"10.1145\/2906149","type":"journal-article","created":{"date-parts":[[2016,5,13]],"date-time":"2016-05-13T14:30:58Z","timestamp":1463149858000},"page":"1-42","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":63,"title":["Cloud Log Forensics"],"prefix":"10.1145","volume":"49","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-5725-6184","authenticated-orcid":false,"given":"Suleman","family":"Khan","sequence":"first","affiliation":[{"name":"University of Malaya, Kuala Lumpur, Malaysia"}]},{"given":"Abdullah","family":"Gani","sequence":"additional","affiliation":[{"name":"University of Malaya, Kuala Lumpur, Malaysia"}]},{"given":"Ainuddin Wahid Abdul","family":"Wahab","sequence":"additional","affiliation":[{"name":"University of Malaya, Kuala Lumpur, Malaysia"}]},{"given":"Mustapha Aminu","family":"Bagiwa","sequence":"additional","affiliation":[{"name":"University of Malaya, Kuala Lumpur, Malaysia"}]},{"given":"Muhammad","family":"Shiraz","sequence":"additional","affiliation":[{"name":"Federal Urdu University, Islamabad, Pakistan"}]},{"given":"Samee U.","family":"Khan","sequence":"additional","affiliation":[{"name":"North Dakota State University, Fargo, USA"}]},{"given":"Rajkumar","family":"Buyya","sequence":"additional","affiliation":[{"name":"University of Melbourne, Australia"}]},{"given":"Albert Y.","family":"Zomaya","sequence":"additional","affiliation":[{"name":"University of Sydney, NSW, Australia"}]}],"member":"320","published-online":{"date-parts":[[2016,5,12]]},"reference":[{"key":"e_1_2_1_1_1","volume-title":"Retrieved","author":"Burton A.","year":"2014"},{"key":"e_1_2_1_2_1","unstructured":"A. Chuvakin K. Schmidt and Chris Phillips. 2013. Logging and Log Management: The Authoritative Guide to Understanding the Concepts Surrounding Logging and Log Management. Syngress 460 pages.   A. Chuvakin K. Schmidt and Chris Phillips. 2013. Logging and Log Management: The Authoritative Guide to Understanding the Concepts Surrounding Logging and Log Management. Syngress 460 pages."},{"key":"e_1_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2014.04.009"},{"key":"e_1_2_1_4_1","volume-title":"Retrieved","author":"Holovaty A.","year":"2014"},{"key":"e_1_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/2076450.2076466"},{"key":"e_1_2_1_6_1","volume-title":"Proceeding of the IEEE 10th International Conference on Communications (COMM). 1--4.","author":"Patrascu A."},{"key":"e_1_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.15837\/ijccc.2015.2.802"},{"key":"e_1_2_1_8_1","first-page":"144","article-title":"Extending access management to maintain audit logs in cloud computing","volume":"5","author":"Prasad A.","year":"2014","journal-title":"Int. J. Adv. Comput. Sci. Appl."},{"key":"e_1_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.mcm.2012.06.035"},{"key":"e_1_2_1_10_1","volume-title":"Retrieved","author":"Stanojevic A.","year":"2013"},{"key":"e_1_2_1_11_1","volume-title":"Retrieved","author":"Williams A.","year":"2013"},{"key":"e_1_2_1_12_1","volume-title":"Retrieved","year":"2015"},{"key":"e_1_2_1_13_1","volume-title":"Retrieved","author":"Mizerany B.","year":"2014"},{"key":"e_1_2_1_14_1","volume-title":"Retrieved","author":"Mollamustafaoglu B.","year":"2014"},{"key":"e_1_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/1113034.1113069"},{"issue":"8","key":"e_1_2_1_16_1","first-page":"856","article-title":"Ensuring integrity of security event log upon download and delete. (2014)","author":"Yun C. C.","year":"2014","journal-title":"U.S. Patent"},{"key":"e_1_2_1_17_1","volume-title":"Retrieved","author":"Oppenheimer C.","year":"2009"},{"key":"e_1_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.compeleceng.2012.04.015"},{"key":"e_1_2_1_19_1","unstructured":"D. J. Scales M. Xu and M. D. Ginzton. 2013. Low overhead fault tolerance through hybrid checkpointing and replay. U.S. Patent No. 8 499 297 (2013).  D. J. Scales M. Xu and M. D. Ginzton. 2013. Low overhead fault tolerance through hybrid checkpointing and replay. U.S. Patent No. 8 499 297 (2013)."},{"key":"e_1_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/SADFE.2011.17"},{"key":"e_1_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1109\/SADFE.2011.17"},{"key":"e_1_2_1_22_1","volume-title":"Handbook of Digital Forensics and Investigation","author":"Casey E."},{"key":"e_1_2_1_23_1","first-page":"1219","article-title":"Gramm-Leach-Bliley act, information privacy, and the limits of default rules. The","volume":"86","author":"Janger E. J.","year":"2001","journal-title":"Minn. L. Rev."},{"key":"e_1_2_1_24_1","volume-title":"Retrieved","author":"Lindvall E.","year":"2014"},{"key":"e_1_2_1_25_1","volume-title":"Retrieved","author":"Rocher G.","year":"2005"},{"key":"e_1_2_1_26_1","volume-title":"Logging in Java with the JDK 1.4 Logging API and Apache Log4j","author":"Samudra G."},{"key":"e_1_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1109\/SOSE.2014.50"},{"key":"e_1_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2012.05.015"},{"key":"e_1_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-06608-0_1"},{"key":"e_1_2_1_30_1","volume-title":"\u201cbig data","author":"Hashem I. A. T.","year":"2015"},{"key":"e_1_2_1_31_1","doi-asserted-by":"crossref","volume-title":"Cloud Management and Security","author":"Abbadi I. M.","DOI":"10.1002\/9781118817087"},{"key":"e_1_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/JSYST.2012.2221958"},{"key":"e_1_2_1_33_1","first-page":"19","article-title":"Understanding issues in cloud forensics: Two hypothetical case studies","volume":"3","author":"Dykstra J.","year":"2011","journal-title":"J. Network Forens."},{"key":"e_1_2_1_34_1","volume-title":"Case Study Research. Principles and Practices","author":"Gerring J."},{"key":"e_1_2_1_35_1","unstructured":"J. Hash P. Bowen A. Johnson C. D. Smith and D. I. Steinberg. 2008. An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. Doctoral Dissertation National Institute of Standards and Technology 117 pages.  J. Hash P. Bowen A. Johnson C. D. Smith and D. I. Steinberg. 2008. An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. Doctoral Dissertation National Institute of Standards and Technology 117 pages."},{"key":"e_1_2_1_36_1","unstructured":"J. H. Beaver. 2015. Lessons on Efficient Log Analysis from Monex Insight. Case Study Report. Loggly Research. 3 pages. https:\/\/www.loggly.com\/blog\/lessons-efficient-log-analysis-monex-insight\/.  J. H. Beaver. 2015. Lessons on Efficient Log Analysis from Monex Insight. Case Study Report. Loggly Research. 3 pages. https:\/\/www.loggly.com\/blog\/lessons-efficient-log-analysis-monex-insight\/."},{"key":"e_1_2_1_37_1","volume-title":"Retrieved","author":"Sissel J.","year":"2014"},{"key":"e_1_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2011.33"},{"key":"e_1_2_1_40_1","volume-title":"Case Study. Amazon. Retrieved","author":"Stoppelman J.","year":"2004"},{"key":"e_1_2_1_41_1","first-page":"53","article-title":"Security and privacy controls for federal information systems and organizations","volume":"800","author":"Force J. T.","year":"2013","journal-title":"NIST Spec. Publ."},{"key":"e_1_2_1_42_1","volume-title":"Understanding logging and log monitoring. Hardening Linux","author":"Turnbull J."},{"key":"e_1_2_1_43_1","first-page":"1","article-title":"LISS: Log data integrity support scheme for reliable log analysis of osp","volume":"5","author":"Joo J. W.","year":"2014","journal-title":"J. Converg."},{"key":"e_1_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSC.2011.6138547"},{"key":"e_1_2_1_45_1","volume-title":"USENIX Workshop on Interactions of NVM\/Flash with Operating Systems and Workloads (INFLOW)","author":"Yang J."},{"key":"e_1_2_1_46_1","volume-title":"Cloud based logging service. US Patent 20,140,366,118","author":"Yin J.","year":"2014"},{"key":"e_1_2_1_47_1","doi-asserted-by":"crossref","unstructured":"K. Kent S. Chevalier T. Grance and H. Dang. 2006. Guide to integrating forensic techniques into incident response. NIST Spec. Publ. (2006) 800--886.  K. Kent S. Chevalier T. Grance and H. Dang. 2006. Guide to integrating forensic techniques into incident response. NIST Spec. Publ. (2006) 800--886.","DOI":"10.6028\/NIST.SP.800-86"},{"key":"e_1_2_1_48_1","unstructured":"K. Kent and M. Souppaya. 2014. Guide to computer security log management. National Institute of Standards and Technology (2014). 72 pages.  K. Kent and M. Souppaya. 2014. Guide to computer security log management. National Institute of Standards and Technology (2014). 72 pages."},{"key":"e_1_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1109\/TrustCom.2011.100"},{"key":"e_1_2_1_50_1","volume-title":"Proceedings of the IEEE Defense Science Research Conference and Expo (DSR)","author":"Ryan K. L. K."},{"key":"e_1_2_1_51_1","volume-title":"Proceedings of the IEEE 33rd International Convention (MIPRO)","author":"Popovic K."},{"key":"e_1_2_1_52_1","doi-asserted-by":"crossref","unstructured":"K. Ruan J. Carthy T. Kechadi and M. Crosbie. 2011. Cloud forensics. Advances in Digital Forensics VII. Springer Berlin 35--46.  K. Ruan J. Carthy T. Kechadi and M. Crosbie. 2011. Cloud forensics. Advances in Digital Forensics VII. Springer Berlin 35--46.","DOI":"10.1007\/978-3-642-24212-0_3"},{"key":"e_1_2_1_53_1","doi-asserted-by":"crossref","unstructured":"K. Ruan J. James J. Carthy and T. Kechadi. 2012. Key terms for service level agreements to support cloud forensics. Advances in Digital Forensics VIII. Springer Berlin 201--212.  K. Ruan J. James J. Carthy and T. Kechadi. 2012. Key terms for service level agreements to support cloud forensics. Advances in Digital Forensics VIII. Springer Berlin 201--212.","DOI":"10.1007\/978-3-642-33962-2_14"},{"key":"e_1_2_1_54_1","volume-title":"Retrieved","author":"Saurabh K.","year":"2015"},{"key":"e_1_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1145\/1721654.1721672"},{"key":"e_1_2_1_56_1","unstructured":"M. Baum. 2014. Analyze & troubleshoot your cloud applications. Technical Report. SplunkStorm. https:\/\/www.splunk.com\/web_assets\/pdfs\/secure\/Storm_Product_Fact_Sheet.pdf.  M. Baum. 2014. Analyze & troubleshoot your cloud applications. Technical Report. SplunkStorm. https:\/\/www.splunk.com\/web_assets\/pdfs\/secure\/Storm_Product_Fact_Sheet.pdf."},{"key":"e_1_2_1_57_1","unstructured":"M. Bradley and A. Dent. 2010. Payment Card Industry Data Security: What it is and its impact on retail merchants. Technical Report. Royal Holloway Series. http:\/\/cdn.ttgtmedia.com\/searchsecurityuk\/downloads\/RHUL_Bradley_2010.pdf.  M. Bradley and A. Dent. 2010. Payment Card Industry Data Security: What it is and its impact on retail merchants. Technical Report. Royal Holloway Series. http:\/\/cdn.ttgtmedia.com\/searchsecurityuk\/downloads\/RHUL_Bradley_2010.pdf."},{"key":"e_1_2_1_58_1","volume-title":"Proceedings of the IEEE International Conference on Cyber Security, Cyber Warfare and Digital Forensics (CyberSec). 190--194","author":"Damshenas M."},{"key":"e_1_2_1_59_1","volume-title":"Retrieved","author":"Ellis M.","year":"2013"},{"key":"e_1_2_1_60_1","volume-title":"Proceedings of the Applications of Information Systems in Engineering and Bioscience","author":"Lemoudden M."},{"key":"e_1_2_1_61_1","doi-asserted-by":"crossref","unstructured":"M. Sato and T. Yamauchi. 2013. Secure log transfer by replacing a library in a virtual machine. In Advances in Information and Computer Security. Springer Berlin 1--18.  M. Sato and T. Yamauchi. 2013. Secure log transfer by replacing a library in a virtual machine. In Advances in Information and Computer Security. Springer Berlin 1--18.","DOI":"10.1007\/978-3-642-41383-4_1"},{"key":"e_1_2_1_62_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10723-014-9323-6"},{"key":"e_1_2_1_63_1","doi-asserted-by":"publisher","DOI":"10.1016\/S1353-4858(11)70024-1"},{"key":"e_1_2_1_64_1","volume-title":"Proceedings of the 10th USENIX Conference on File and Storage Technologies","author":"Vrable M."},{"key":"e_1_2_1_65_1","first-page":"5","article-title":"Encrypted query processing based log management in the cloud for improved potential for confidentiality","volume":"3","author":"Prabha N.","year":"2014","journal-title":"Int. J. Comput. Appl. Technol. Res."},{"key":"e_1_2_1_66_1","volume-title":"Proceedings of the 2009 Conference on Hot Topics in Cloud Computing. 3--3.","author":"Santos N."},{"key":"e_1_2_1_67_1","volume-title":"Retrieved","author":"Heath P.","year":"2014"},{"key":"e_1_2_1_68_1","volume-title":"Proceedings of the IEEE Information Security for South Africa (ISSA). 1--6.","author":"Trenwith P. M."},{"key":"e_1_2_1_69_1","doi-asserted-by":"crossref","unstructured":"P. Mell and T. Grace. 2011. The NIST definition of cloud computing. NIST Special Publication 800--145 (2011).  P. Mell and T. Grace. 2011. The NIST definition of cloud computing. NIST Special Publication 800--145 (2011).","DOI":"10.6028\/NIST.SP.800-145"},{"key":"e_1_2_1_70_1","doi-asserted-by":"publisher","DOI":"10.1007\/s11227-014-1187-9"},{"key":"e_1_2_1_71_1","volume-title":"Usenix Annual Technical Conference. 242","author":"Popa R. A.","year":"2011"},{"key":"e_1_2_1_72_1","doi-asserted-by":"publisher","DOI":"10.1109\/HPCC.2008.172"},{"key":"e_1_2_1_73_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2008.12.001"},{"key":"e_1_2_1_74_1","volume-title":"Retrieved","author":"Dahl R.","year":"2014"},{"key":"e_1_2_1_75_1","doi-asserted-by":"publisher","DOI":"10.1145\/1982185.1982226"},{"key":"e_1_2_1_76_1","doi-asserted-by":"publisher","DOI":"10.1109\/MILCOM.2014.53"},{"key":"e_1_2_1_77_1","volume-title":"Int. J. Adv. Sci. Technol. 44","author":"Ahmad S.","year":"2012"},{"key":"e_1_2_1_78_1","volume-title":"Retrieved","author":"Butterfield S.","year":"2015"},{"key":"e_1_2_1_79_1","volume-title":"Proceeding of the IEEE International Conference on Consumer Electronics-Taiwan (ICCE-TW). 418--419","author":"Khan S."},{"key":"e_1_2_1_80_1","doi-asserted-by":"crossref","unstructured":"S. Khan A. Gani A. W. A. Wahab M. Shiraz and I. Ahmad. 2016. Network forensics: Review taxonomy and open challenges. (in press).  S. Khan A. Gani A. W. A. Wahab M. Shiraz and I. Ahmad. 2016. Network forensics: Review taxonomy and open challenges. (in press).","DOI":"10.1016\/j.jnca.2016.03.005"},{"key":"e_1_2_1_81_1","volume-title":"Proceeding of the IEEE International Conference on Computer, Communication, and Control Technology (I4CT","author":"Khan S.","year":"2014"},{"key":"e_1_2_1_82_1","doi-asserted-by":"crossref","unstructured":"S. Khan K. Hayat S. A. Madani S. U. Khan and J. Kolodziej. 2012. The median resource failure check pointing. In 26<sup>th<\/sup> European Conference on Modelling and Simulation (ECMS). 483--489.  S. Khan K. Hayat S. A. Madani S. U. Khan and J. Kolodziej. 2012. The median resource failure check pointing. In 26<sup>th<\/sup> European Conference on Modelling and Simulation (ECMS). 483--489.","DOI":"10.7148\/2012-0483-0489"},{"key":"e_1_2_1_83_1","first-page":"27","article-title":"A comprehensive review on adaptability of network forensics frameworks for mobile cloud computing. Sci","volume":"547062","author":"Khan S.","year":"2014","journal-title":"World"},{"key":"e_1_2_1_84_1","volume-title":"Proceedings of the IEEE Information Security for South Africa (ISSA). 1--7.","author":"Ramgovind S."},{"key":"e_1_2_1_85_1","doi-asserted-by":"crossref","unstructured":"S. Simou C. Kalloniatis E. Kavakli and S. Gritzalis. 2014. Cloud forensics: Identifying the major issues and challenges. In Advanced Information Systems Engineering. Springer Berlin 271--284.  S. Simou C. Kalloniatis E. Kavakli and S. Gritzalis. 2014. Cloud forensics: Identifying the major issues and challenges. In Advanced Information Systems Engineering. Springer Berlin 271--284.","DOI":"10.1007\/978-3-319-07881-6_19"},{"key":"e_1_2_1_86_1","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2012.26"},{"key":"e_1_2_1_87_1","doi-asserted-by":"publisher","DOI":"10.1109\/TKDE.2011.122"},{"key":"e_1_2_1_88_1","volume-title":"Proceeding of the IEEE 1st International Workshop on Security and Forensics in Communication Systems. 1--7.","author":"Thorpe S."},{"key":"e_1_2_1_89_1","volume-title":"The International Conference on Cybercrime, Security & Digital Forensics. 14 pages.","author":"Thorpe S."},{"key":"e_1_2_1_90_1","doi-asserted-by":"crossref","unstructured":"S. Thorpe I. Ray and T. Grandison. 2011c. Enforcing data quality rules for a synchronized VM log audit environment using transformation mapping techniques. In Computational Intelligence in Security for Information Systems. Springer Berlin 265--271.   S. Thorpe I. Ray and T. Grandison. 2011c. Enforcing data quality rules for a synchronized VM log audit environment using transformation mapping techniques. In Computational Intelligence in Security for Information Systems. Springer Berlin 265--271.","DOI":"10.1007\/978-3-642-21323-6_34"},{"key":"e_1_2_1_91_1","doi-asserted-by":"publisher","DOI":"10.1109\/COMPSACW.2012.44"},{"key":"e_1_2_1_92_1","doi-asserted-by":"crossref","unstructured":"S. Thorpe I. Ray T. Grandison A. Barbir and R. France. 2013b. Hypervisor event logs as a source of consistent virtual machine evidence for forensic cloud investigations. In Data and Applications Security and Privacy XXVII. Springer Berlin 97--112.  S. Thorpe I. Ray T. Grandison A. Barbir and R. France. 2013b. Hypervisor event logs as a source of consistent virtual machine evidence for forensic cloud investigations. In Data and Applications Security and Privacy XXVII. Springer Berlin 97--112.","DOI":"10.1007\/978-3-642-39256-6_7"},{"key":"e_1_2_1_93_1","first-page":"398","article-title":"A formal temporal log data model for the global synchronized virtual machine environment","volume":"6","author":"Thorpe S.","year":"2011","journal-title":"Int. J. Inform. Assur. Secur."},{"key":"e_1_2_1_94_1","doi-asserted-by":"crossref","unstructured":"S. Thorpe I. Ray I. Ray T. Grandison A. Barbir and R. France. 2012b. Formal parameterization of log synchronization events within a distributed forensic compute cloud database environment. In Digital Forensics and Cyber Crime. Springer Berlin 156--171.  S. Thorpe I. Ray I. Ray T. Grandison A. Barbir and R. France. 2012b. Formal parameterization of log synchronization events within a distributed forensic compute cloud database environment. In Digital Forensics and Cyber Crime. Springer Berlin 156--171.","DOI":"10.1007\/978-3-642-35515-8_13"},{"key":"e_1_2_1_95_1","doi-asserted-by":"publisher","DOI":"10.1109\/SERVICES.2013.76"},{"key":"e_1_2_1_96_1","volume-title":"Retrieved","author":"Nielsen T.","year":"2014"},{"key":"e_1_2_1_97_1","volume-title":"Retrieved November 16th","author":"Wyatt T. R.","year":"2009"},{"key":"e_1_2_1_98_1","doi-asserted-by":"publisher","DOI":"10.1109\/ISDEA.2012.29"},{"key":"e_1_2_1_99_1","volume-title":"Retrieved","author":"Simon T.","year":"2014"},{"key":"e_1_2_1_100_1","volume-title":"Infrastructure Security","author":"Flegel U."},{"key":"e_1_2_1_101_1","unstructured":"V. Wesley T. Harris L. Long Jr. and R. Green. 2014. Hypervisor security in cloud computing systems. ACM Comput. Surv. (2014) 1--22.  V. Wesley T. Harris L. Long Jr. and R. Green. 2014. Hypervisor security in cloud computing systems. ACM Comput. Surv. (2014) 1--22."},{"key":"e_1_2_1_102_1","volume-title":"Proceedings of the IEEE 5th International Conference on Broadband Network & Multimedia Technology (IC-BNMT2013)","author":"Lin X."},{"key":"e_1_2_1_103_1","volume-title":"Detection of network security breaches based on analysis of network record logs. U.S. Patent No. 7,904,479","author":"Nik Z.","year":"2011"},{"key":"e_1_2_1_104_1","doi-asserted-by":"publisher","DOI":"10.1145\/2484313.2484342"},{"key":"e_1_2_1_105_1","doi-asserted-by":"publisher","DOI":"10.2298\/CSIS131201051Z"},{"key":"e_1_2_1_106_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICICTA.2010.724"},{"key":"e_1_2_1_107_1","doi-asserted-by":"publisher","DOI":"10.1109\/BigData.Congress.2013.60"}],"container-title":["ACM Computing Surveys"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2906149","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2906149","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T18:55:50Z","timestamp":1750272950000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2906149"}},"subtitle":["Foundations, State of the Art, and Future Directions"],"short-title":[],"issued":{"date-parts":[[2016,5,12]]},"references-count":106,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2017,3,31]]}},"alternative-id":["10.1145\/2906149"],"URL":"https:\/\/doi.org\/10.1145\/2906149","relation":{},"ISSN":["0360-0300","1557-7341"],"issn-type":[{"value":"0360-0300","type":"print"},{"value":"1557-7341","type":"electronic"}],"subject":[],"published":{"date-parts":[[2016,5,12]]},"assertion":[{"value":"2015-05-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2016-02-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2016-05-12","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}