{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T10:07:54Z","timestamp":1767262074660,"version":"3.41.0"},"reference-count":114,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2018,4,24]],"date-time":"2018-04-24T00:00:00Z","timestamp":1524528000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"DOI":"10.13039\/501100003391","name":"Fonds Unique Interminist\u00e9riel","doi-asserted-by":"crossref","award":["AAP-19 HuMa"],"award-info":[{"award-number":["AAP-19 HuMa"]}],"id":[{"id":"10.13039\/501100003391","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["EURASIP J. on Info. Security"],"published-print":{"date-parts":[[2018,12]]},"DOI":"10.1186\/s13635-018-0074-y","type":"journal-article","created":{"date-parts":[[2018,4,24]],"date-time":"2018-04-24T11:07:39Z","timestamp":1524568059000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":35,"title":["Foundations and applications of artificial Intelligence for zero-day and multi-step attack detection"],"prefix":"10.1186","volume":"2018","author":[{"given":"Pierre","family":"Parrend","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Julio","family":"Navarro","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Fabio","family":"Guigou","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Aline","family":"Deruyver","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Pierre","family":"Collet","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2018,4,24]]},"reference":[{"key":"74_CR1","unstructured":"Internet Security Threat Report. Symantec. 22: (2017). Available from: https:\/\/www.symantec.com\/content\/dam\/symantec\/docs\/reports\/istr-22-2017-en.pdf ."},{"issue":"3","key":"74_CR2","doi-asserted-by":"publisher","first-page":"672","DOI":"10.3390\/fi4030672","volume":"4","author":"DE Denning","year":"2012","unstructured":"DE Denning, Stuxnet: what has changed?Future Internet. 4(3), 672\u2013687 (2012).","journal-title":"Future Internet"},{"key":"74_CR3","doi-asserted-by":"publisher","first-page":"19","DOI":"10.1016\/j.jnca.2015.11.016","volume":"60","author":"M Ahmed","year":"2016","unstructured":"M Ahmed, AN Mahmood, J Hu, A survey of network anomaly detection techniques. J. Netw. Comput. Appl. 60:, 19\u201331 (2016).","journal-title":"J. Netw. Comput. Appl"},{"issue":"11","key":"74_CR4","first-page":"947","volume":"6","author":"MU Modi","year":"2015","unstructured":"MU Modi, A Jain, A survey of IDS classification using KDD CUP 99 dataset in WEKA. Int. J. Sci. Eng. Res. 6(11), 947\u2013954 (2015).","journal-title":"Int. J. Sci. Eng. Res"},{"key":"74_CR5","first-page":"16156","volume":"5","author":"MS Kumar","year":"2016","unstructured":"MS Kumar, A survey on improving classification performance using data pre processing and machine learning methods on NSL-KDD data. Int. J. Eng. Comput. Sci. 5:, 16156\u201316161 (2016).","journal-title":"Int. J. Eng. Comput. Sci"},{"key":"74_CR6","doi-asserted-by":"crossref","unstructured":"J Ernst, T Hamed, S Kremer, in Computer and Network Security Essentials. A survey and comparison of performance evaluation in intrusion detection systems (Springer, 2018), pp. 555\u2013568.","DOI":"10.1007\/978-3-319-58424-9_32"},{"key":"74_CR7","unstructured":"NW Group, et al., RFC4949: Internet Security Glossary, Version 2 (Internet Engineering Task Force, 2007)."},{"key":"74_CR8","unstructured":"Y Qian, D Tipper, P Krishnamurthy, J Joshi, Information assurance: dependability and security in networked systems (Morgan Kaufmann, 2010)."},{"key":"74_CR9","doi-asserted-by":"crossref","unstructured":"VM Igure, RD Williams, Taxonomies of attacks and vulnerabilities in computer systems. IEEE Commun. Surv. Tutorials. 10(1) (2008).","DOI":"10.1109\/COMST.2008.4483667"},{"key":"74_CR10","unstructured":"W Stallings, L Brown, MD Bauer, AK Bhattacharjee, Computer security: principles and practice (Pearson Education, 2012)."},{"key":"74_CR11","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.comcom.2014.04.012","volume":"49","author":"N Hubballi","year":"2014","unstructured":"N Hubballi, V Suryanarayanan, False alarm minimization techniques in signature-based intrusion detection systems: a survey. Comput. Commun. 49:, 1\u201317 (2014).","journal-title":"Comput. Commun"},{"key":"74_CR12","doi-asserted-by":"crossref","unstructured":"L Bilge, T Dumitras, in Proceedings of the 2012 ACM conference on Computer and communications security. Before we knew it: an empirical study of zero-day attacks in the real world (ACM, 2012), pp. 833\u2013844.","DOI":"10.1145\/2382196.2382284"},{"key":"74_CR13","first-page":"80","volume":"1","author":"EM Hutchins","year":"2011","unstructured":"EM Hutchins, MJ Cloppert, RM Amin, Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains. Lead. Issues Inf. Warf. Secur. Res. 1:, 80 (2011).","journal-title":"Lead. Issues Inf. Warf. Secur. Res"},{"key":"74_CR14","doi-asserted-by":"crossref","unstructured":"P Chen, L Desmet, C Huygens, in IFIP International Conference on Communications and Multimedia Security. A study on advanced persistent threats (Springer, 2014), pp. 63\u201372.","DOI":"10.1007\/978-3-662-44885-4_5"},{"key":"74_CR15","doi-asserted-by":"crossref","unstructured":"M Ussath, D Jaeger, F Cheng, C Meinel, in Information Science and Systems (CISS) 2016 Annual Conference on. Advanced persistent threats: behind the scenes (IEEE, 2016), pp. 181\u2013186.","DOI":"10.1109\/CISS.2016.7460498"},{"key":"74_CR16","unstructured":"Mandiant, APT1: exposing one of China\u2019s cyber espionage units (2013). https:\/\/www.fireeye.com\/content\/dam\/fireeye-www\/services\/pdfs\/mandiant-apt1-report.pdf ."},{"issue":"5","key":"74_CR17","doi-asserted-by":"publisher","first-page":"42","DOI":"10.1109\/MSP.2014.99","volume":"12","author":"P Kampanakis","year":"2014","unstructured":"P Kampanakis, Security automation and threat information-sharing options. IEEE Secur. Priv. 12(5), 42\u201351 (2014).","journal-title":"IEEE Secur. Priv"},{"key":"74_CR18","unstructured":"C Goodwin, JP Nicholas, J Bryant, K Ciglic, A Kleiner, C Kutterer, A Massagli, A Mckay, P Mckitrick, J Neutze, et al., A framework for cybersecurity information sharing and risk reduction. Microsoft (2015)."},{"issue":"2","key":"74_CR19","doi-asserted-by":"publisher","first-page":"106","DOI":"10.1007\/s00502-015-0289-2","volume":"132","author":"F Fransen","year":"2015","unstructured":"F Fransen, A Smulders, R Kerkdijk, Cyber security information exchange to gain insight into the effects of cyber threats and incidents. e & i Elektrotechnik und Informationstechnik. 132(2), 106\u2013112 (2015).","journal-title":"e & i Elektrotechnik und Informationstechnik"},{"key":"74_CR20","unstructured":"F Pistono, RV Yampolskiy, Unethical research: how to create a malevolent artificial intelligence. arXiv preprint arXiv:160, 502817 (2016)."},{"key":"74_CR21","doi-asserted-by":"crossref","unstructured":"B Morel, in Intrusion Detection Systems. Anomaly based intrusion detection and artificial intelligence (InTech, 2011), pp. 19\u201338.","DOI":"10.5772\/14103"},{"issue":"2","key":"74_CR22","doi-asserted-by":"publisher","first-page":"1153","DOI":"10.1109\/COMST.2015.2494502","volume":"18","author":"AL Buczak","year":"2016","unstructured":"AL Buczak, E Guven, A survey of data mining and machine learning methods for cyber security intrusion detection. IEEE Commun. Surv. Tutorials. 18(2), 1153\u20131176 (2016).","journal-title":"IEEE Commun. Surv. Tutorials"},{"issue":"3","key":"74_CR23","doi-asserted-by":"publisher","first-page":"15","DOI":"10.1145\/1541880.1541882","volume":"41","author":"V Chandola","year":"2009","unstructured":"V Chandola, A Banerjee, V Kumar, Anomaly detection: a survey. ACM computing surveys (CSUR). 41(3), 15 (2009).","journal-title":"ACM computing surveys (CSUR)"},{"issue":"5","key":"74_CR24","doi-asserted-by":"publisher","first-page":"823","DOI":"10.1109\/TKDE.2010.235","volume":"24","author":"V Chandola","year":"2012","unstructured":"V Chandola, A Banerjee, V Kumar, Anomaly detection for discrete sequences: a survey. IEEE Trans. Knowl. Data Eng. 24(5), 823\u2013839 (2012).","journal-title":"IEEE Trans. Knowl. Data Eng"},{"key":"74_CR25","doi-asserted-by":"crossref","unstructured":"MV Mahoney, PK Chan, in Data Mining, 2003. ICDM 2003. Third IEEE International Conference on. Learning rules for anomaly detection of hostile network traffic (IEEE, 2003), pp. 601\u2013604.","DOI":"10.1109\/ICDM.2003.1250987"},{"key":"74_CR26","unstructured":"G Tandon, P Chan, D Mitra, Data cleaning and enriched representations for anomaly detection in system calls. Machine Learning and Data Mining for Computer Security, (2006)."},{"key":"74_CR27","doi-asserted-by":"crossref","unstructured":"MM Breunig, H-P Kriegel, RT Ng, J Sander, in ACM sigmod record, vol. 29. LOF: identifying density-based local outliers (ACM, 2000), pp. 93\u2013104.","DOI":"10.1145\/335191.335388"},{"key":"74_CR28","first-page":"541","volume":"26","author":"PC Mahalanobis","year":"1930","unstructured":"PC Mahalanobis, On test and measures of group divergence, Part I: Theoretical formulae. J. Proc. Asiat. Soc. Bengal New series26. 26:, 541\u2013588 (1930).","journal-title":"J. Proc. Asiat. Soc. Bengal New series26"},{"issue":"6","key":"74_CR29","doi-asserted-by":"publisher","first-page":"20","DOI":"10.1007\/BF02834632","volume":"4","author":"GJ McLachlan","year":"1999","unstructured":"GJ McLachlan, Mahalanobis distance. Resonance. 4(6), 20\u201326 (1999).","journal-title":"Resonance"},{"issue":"1","key":"74_CR30","doi-asserted-by":"publisher","first-page":"79","DOI":"10.1214\/aoms\/1177729694","volume":"22","author":"S Kullback","year":"1951","unstructured":"S Kullback, RA Leibler, On information and sufficiency. Ann. Math. Stat. 22(1), 79\u201386 (1951).","journal-title":"Ann. Math. Stat"},{"key":"74_CR31","unstructured":"S Kullback, Information theory and statistics (Courier Corporation, 1997)."},{"key":"74_CR32","doi-asserted-by":"crossref","unstructured":"Y Chakhchoukh, S Liu, M Sugiyama, H Ishii, in Power and Energy Society General Meeting (PESGM) 2016. Statistical outlier detection for diagnosis of cyber attacks in power state estimation (IEEE, 2016), pp. 1\u20135.","DOI":"10.1109\/PESGM.2016.7741572"},{"key":"74_CR33","volume-title":"Data mining and knowledge discovery handbook. Outlier detection","author":"I Ben-Gal","year":"2005","unstructured":"I Ben-Gal, Data mining and knowledge discovery handbook. Outlier detection (Springer, New York, 2005)."},{"issue":"2","key":"74_CR34","doi-asserted-by":"publisher","first-page":"85","DOI":"10.1023\/B:AIRE.0000045502.10941.a9","volume":"22","author":"V Hodge","year":"2004","unstructured":"V Hodge, J Austin, A survey of outlier detection methodologies. Artif. Intell. Rev. 22(2), 85\u2013126 (2004).","journal-title":"Artif. Intell. Rev"},{"key":"74_CR35","doi-asserted-by":"crossref","unstructured":"DM Hawkins, Identification of outliers, vol. 11 (Springer, 1980).","DOI":"10.1007\/978-94-015-3994-4"},{"key":"74_CR36","unstructured":"EM Knorr, RT Ng, in Proceedings of the International Conference on Very Large Data Bases. Algorithms for mining distance-based outliers in large datasets (Citeseer, 1998), pp. 392\u2013403."},{"key":"74_CR37","doi-asserted-by":"crossref","unstructured":"S Ramaswamy, R Rastogi, K Shim, in ACM Sigmod Record, vol. 29. Efficient algorithms for mining outliers from large data sets (ACM, 2000), pp. 427\u2013438.","DOI":"10.1145\/335191.335437"},{"key":"74_CR38","unstructured":"M Sugiyama, S Nakajima, H Kashima, PV Buenau, M Kawanabe, in Advances in neural information processing systems. Direct importance estimation with model selection and its application to covariate shift adaptation (Neural Information Processing Systems Foundation, Inc., 2008), pp. 1433\u20131440."},{"issue":"2","key":"74_CR39","doi-asserted-by":"publisher","first-page":"309","DOI":"10.1007\/s10115-010-0283-2","volume":"26","author":"S Hido","year":"2011","unstructured":"S Hido, Y Tsuboi, H Kashima, M Sugiyama, T Kanamori, Statistical outlier detection using direct density ratio estimation. Knowl. Inf. Syst. 26(2), 309\u2013336 (2011).","journal-title":"Knowl. Inf. Syst"},{"issue":"7","key":"74_CR40","doi-asserted-by":"publisher","first-page":"1443","DOI":"10.1162\/089976601750264965","volume":"13","author":"B Sch\u00f6lkopf","year":"2001","unstructured":"B Sch\u00f6lkopf, JC Platt, S-J Taylor, AJ Smola, RC Williamson, Estimating the support of a high-dimensional distribution. Neural Comput. 13(7), 1443\u20131471 (2001).","journal-title":"Neural Comput"},{"key":"74_CR41","doi-asserted-by":"crossref","unstructured":"CC Aggarwal, PS Yu, in ACM Sigmod Record, vol. 30. Outlier detection for high dimensional data (ACM, 2001), pp. 37\u201346.","DOI":"10.1145\/376284.375668"},{"key":"74_CR42","doi-asserted-by":"crossref","unstructured":"MA Maloof, Machine learning and data mining for computer security: methods and applications (Springer, 2006).","DOI":"10.1007\/1-84628-253-5"},{"key":"74_CR43","doi-asserted-by":"crossref","unstructured":"S Dua, X Du, Data mining and machine learning in cybersecurity (CRC press, 2016).","DOI":"10.1201\/b10867"},{"key":"74_CR44","unstructured":"KDD Cup 1999 Dataset, 1 (1999). Available from: http:\/\/kdd.ics.uci.edu\/databases\/kddcup99\/kddcup99.html ."},{"key":"74_CR45","unstructured":"NSL-KDD Dataset. Available from: http:\/\/www.unb.ca\/cic\/datasets\/nsl.html ."},{"key":"74_CR46","doi-asserted-by":"crossref","unstructured":"MR Kabir, AR Onik, T Samad, A network intrusion detection framework based on Bayesian network using Wrapper Approach. Int. J. Comput. Appl. 166(4) (2017).","DOI":"10.5120\/ijca2017913992"},{"key":"74_CR47","doi-asserted-by":"crossref","unstructured":"L Xiao, Y Chen, CK Chang, in Computer Software and Applications Conference Workshops (COMPSACW), 2014 IEEE 38th International. Bayesian model averaging of Bayesian network classifiers for intrusion detection (IEEE, 2014), pp. 128\u2013133.","DOI":"10.1109\/COMPSACW.2014.25"},{"key":"74_CR48","doi-asserted-by":"publisher","DOI":"10.1109\/CSS.2011.6058565","volume-title":"Identification of correlated network intrusion alerts","author":"M Marchetti","year":"2011","unstructured":"M Marchetti, M Colajanni, F Manganiello, Identification of correlated network intrusion alerts (IEEE, Milan, Italy, 2011)."},{"key":"74_CR49","unstructured":"N Bergman, Recursive bayesian estimation, vol. 579 (Department of Electrical Engineering, Link\u00f6ping University, Link\u00f6ping Studies in Science and Technology Doctoral dissertation, 1999)."},{"key":"74_CR50","doi-asserted-by":"crossref","unstructured":"G Birkhoff, Lattice theory. Am. Math. Soc. 25: (1940).","DOI":"10.1090\/coll\/025"},{"key":"74_CR51","unstructured":"M Barbut, Ordre et classification (Hachette, 1970)."},{"key":"74_CR52","doi-asserted-by":"crossref","unstructured":"R Wille, in Ordered sets. Restructuring lattice theory: an approach based on hierarchies of concepts (Springer, 1982), pp. 445\u2013470.","DOI":"10.1007\/978-94-009-7798-3_15"},{"key":"74_CR53","first-page":"8","volume":"45","author":"B Ganter","year":"1996","unstructured":"B Ganter, R Wille, Formal concept analysis. Wiss. Z.-Tech. Univ. Dresd. 45:, 8\u201313 (1996).","journal-title":"Wiss. Z.-Tech. Univ. Dresd"},{"key":"74_CR54","unstructured":"K Bertet, Structure de treillis: contributions structurelles et algorithmiques: quelques usages pour des donn\u00e9es images, Thesis for habilitation (Universit\u00e9 de La Rochelle, 2010)."},{"key":"74_CR55","volume-title":"Confiance et risque pour engager un \u00e9change en milieu hostile","author":"V Legrand","year":"2013","unstructured":"V Legrand, Confiance et risque pour engager un \u00e9change en milieu hostile (INSA, Lyon, 2013)."},{"issue":"1","key":"74_CR56","doi-asserted-by":"publisher","first-page":"5","DOI":"10.1109\/JSAC.2002.806121","volume":"21","author":"A Sabelfeld","year":"2003","unstructured":"A Sabelfeld, AC Myers, Language-based information-flow security. IEEE J. Sel. Areas Commun. 21(1), 5\u201319 (2003).","journal-title":"IEEE J. Sel. Areas Commun"},{"issue":"1","key":"74_CR57","doi-asserted-by":"publisher","first-page":"15","DOI":"10.1007\/s11416-012-0172-1","volume":"9","author":"F Goichon","year":"2013","unstructured":"F Goichon, G Salagnac, P Parrend, S Fr\u00e9not, Static vulnerability detection in Java service-oriented components. J. Comput. Virol. Hacking Tech. 9(1), 15\u201326 (2013).","journal-title":"J. Comput. Virol. Hacking Tech"},{"key":"74_CR58","unstructured":"J Newsome, D Song, Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software (Internet Society, 2005)."},{"key":"74_CR59","doi-asserted-by":"crossref","unstructured":"T Terauchi, A Aiken, in International Static Analysis Symposium. Secure information flow as a safety problem (Springer, 2005), pp. 352\u2013367.","DOI":"10.1007\/11547662_24"},{"key":"74_CR60","doi-asserted-by":"crossref","unstructured":"M Ussath, F Cheng, C Meinel, in Network Operations and Management Symposium (NOMS) 2016 IEEE\/IFIP. Event attribute tainting: a new approach for attack tracing and event correlation (IEEE, 2016), pp. 509\u2013515.","DOI":"10.1109\/NOMS.2016.7502851"},{"key":"74_CR61","doi-asserted-by":"crossref","unstructured":"M Ussath, F Cheng, C Meinel, in Computational Intelligence (SSCI) 2016 IEEE Symposium Series on. Automatic multi-step signature derivation from taint graphs (IEEE, 2016), pp. 1\u20138.","DOI":"10.1109\/SSCI.2016.7850076"},{"key":"74_CR62","unstructured":"M Rhodes-Ousley, Information Security: the complete reference (McGraw-Hill Education, 2013)."},{"key":"74_CR63","doi-asserted-by":"crossref","unstructured":"T Hamed, JB Ernst, SC Kremer, in Computer and Network Security Essentials. A survey and taxonomy of classifiers of intrusion detection systems (Springer, 2018), pp. 21\u201339.","DOI":"10.1007\/978-3-319-58424-9_2"},{"issue":"4","key":"74_CR64","doi-asserted-by":"publisher","first-page":"1690","DOI":"10.1016\/j.eswa.2013.08.066","volume":"41","author":"G Kim","year":"2014","unstructured":"G Kim, S Lee, S Kim, A novel hybrid intrusion detection method integrating anomaly detection with misuse detection. Expert Syst. Appl. 41(4), 1690\u20131700 (2014).","journal-title":"Expert Syst. Appl"},{"key":"74_CR65","doi-asserted-by":"crossref","unstructured":"L Mehrotra, PS Saxena, in Information and Communication Technology. An assessment report on: statistics-based and signature-based intrusion detection techniques (Springer, 2018), pp. 321\u2013327.","DOI":"10.1007\/978-981-10-5508-9_31"},{"key":"74_CR66","unstructured":"DE Denning, PG Neumann, Requirements and model for IDES-a real-time intrusion detection expert system (Document A005, SRI International, 1985)."},{"key":"74_CR67","doi-asserted-by":"publisher","first-page":"222","DOI":"10.1109\/TSE.1987.232894","volume":"2","author":"DE Denning","year":"1987","unstructured":"DE Denning, An intrusion-detection model. IEEE Trans. Softw. Eng. 2:, 222\u2013232 (1987).","journal-title":"IEEE Trans. Softw. Eng"},{"key":"74_CR68","doi-asserted-by":"crossref","unstructured":"H Debar, A Wespi, in International Workshop on Recent Advances in Intrusion Detection. Aggregation and correlation of intrusion-detection alerts (Springer, 2001), pp. 85\u2013103.","DOI":"10.1007\/3-540-45474-8_6"},{"key":"74_CR69","first-page":"122","volume":"10","author":"CT Kawakani","year":"2017","unstructured":"CT Kawakani, S Barbon, RS Miani, M Cukier, BB Zarpel\u00e3o, Discovering attackers past behavior to generate online hyper-alerts. iSys-Revista Brasileira de Sistemas de Informa\u00e7\u00e3o. 10:, 122\u2013147 (2017).","journal-title":"iSys-Revista Brasileira de Sistemas de Informa\u00e7\u00e3o"},{"key":"74_CR70","first-page":"5.97","volume":"4514","author":"Y Zhang","year":"2015","unstructured":"Y Zhang, T Liu, J Shi, P Zhang, H Zhang, J Ya, An automatic multi-step attack pattern mining approach for massive WAF alert data. Scanning. 4514:, 5.97 (2015).","journal-title":"Scanning"},{"key":"74_CR71","doi-asserted-by":"crossref","unstructured":"F Cuppens, A Miege, in Security and privacy, 2002. proceedings 2002 ieee symposium on. Alert correlation in a cooperative intrusion detection framework (IEEE, 2002), pp. 202\u2013215.","DOI":"10.1109\/SECPRI.2002.1004372"},{"key":"74_CR72","doi-asserted-by":"crossref","unstructured":"W Kanoun, N Cuppens-Boulahia, F Cuppens, J Araujo, in Risks and Security of Internet and Systems, 2008. CRiSIS\u201908. Third International Conference on. Automated reaction based on risk analysis and attackers skills in intrusion detection systems (IEEE, 2008), pp. 117\u2013124.","DOI":"10.1109\/CRISIS.2008.4757471"},{"key":"74_CR73","doi-asserted-by":"publisher","first-page":"53","DOI":"10.1016\/j.jnca.2015.12.006","volume":"62","author":"Z Inayat","year":"2016","unstructured":"Z Inayat, A Gani, NB Anuar, MK Khan, S Anwar, Intrusion response systems: foundations, design, and challenges. J. Netw. Comput. Appl.62:, 53\u201374 (2016).","journal-title":"J. Netw. Comput. Appl."},{"issue":"5","key":"74_CR74","doi-asserted-by":"publisher","first-page":"1289","DOI":"10.1016\/j.comnet.2012.10.022","volume":"57","author":"S Salah","year":"2013","unstructured":"S Salah, G Maci\u00e1-Fern\u00e1ndez, JE D\u00edaz-Verdejo, A model-based survey of alert correlation techniques. Comput. Netw. 57(5), 1289\u20131317 (2013).","journal-title":"Comput. Netw"},{"issue":"4","key":"74_CR75","doi-asserted-by":"publisher","first-page":"99","DOI":"10.1145\/332051.332079","volume":"43","author":"T Bass","year":"2000","unstructured":"T Bass, Intrusion detection systems and multisensor data fusion. Commun. ACM. 43(4), 99\u2013105 (2000).","journal-title":"Commun. ACM"},{"issue":"1","key":"74_CR76","doi-asserted-by":"publisher","first-page":"18","DOI":"10.1016\/j.cose.2008.08.003","volume":"28","author":"P Garcia-Teodoro","year":"2009","unstructured":"P Garcia-Teodoro, J Diaz-Verdejo, G Maci\u00e1-Fern\u00e1ndez, E V\u00e1zquez, Anomaly-based network intrusion detection: techniques, systems and challenges. Comput. Secur. 28(1), 18\u201328 (2009).","journal-title":"Comput. Secur"},{"key":"74_CR77","doi-asserted-by":"crossref","unstructured":"J Viinikka, H Debar, L M\u00e9, R S\u00e9guier, in Proceedings of the 2006 ACM Symposium on Information, computer and communications security. Time series modeling for IDS alert management (ACM, 2006), pp. 102\u2013113.","DOI":"10.1145\/1128817.1128835"},{"issue":"1","key":"74_CR78","doi-asserted-by":"publisher","first-page":"315","DOI":"10.1016\/j.eswa.2012.07.057","volume":"40","author":"S Shin","year":"2013","unstructured":"S Shin, S Lee, H Kim, S Kim, Advanced probabilistic approach for network intrusion forecasting and detection. Expert Syst. Appl. 40(1), 315\u2013322 (2013).","journal-title":"Expert Syst. Appl"},{"key":"74_CR79","doi-asserted-by":"crossref","unstructured":"F Manganiello, M Marchetti, M Colajanni, in International Conference on Information Security and Assurance. Multistep attack detection and alert correlation in intrusion detection systems (Springer, 2011), pp. 101\u2013110.","DOI":"10.1007\/978-3-642-23141-4_10"},{"issue":"1","key":"74_CR80","doi-asserted-by":"publisher","first-page":"130","DOI":"10.1109\/TSMCC.2010.2050685","volume":"41","author":"S Mabu","year":"2011","unstructured":"S Mabu, C Chen, N Lu, K Shimada, K Hirasawa, An intrusion-detection model based on fuzzy class-association-rule mining using genetic network programming. IEEE Trans. Syst. Man Cybern. B Appl. Rev. 41(1), 130\u2013139 (2011).","journal-title":"IEEE Trans. Syst. Man Cybern. B Appl. Rev"},{"key":"74_CR81","doi-asserted-by":"crossref","unstructured":"J Navarro Lara, A Deruyver, P Parrend, in IEEE Symposium Series on Computational Intelligence (IEEE SSCI 2016). Morwilog: an ACO-based system for outlining multi-step attacks (IEE, 2016), pp. 1\u20138.","DOI":"10.1109\/SSCI.2016.7849902"},{"issue":"1","key":"74_CR82","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1186\/s40537-015-0013-4","volume":"2","author":"R Zuech","year":"2015","unstructured":"R Zuech, TM Khoshgoftaar, R Wald, Intrusion detection and big heterogeneous data: a survey. Journal of Big Data. 2(1), 3 (2015). Springer.","journal-title":"Journal of Big Data"},{"issue":"2","key":"74_CR83","first-page":"111","volume":"5","author":"NN Diep","year":"2017","unstructured":"NN Diep, Intrusion detection using deep neural network. Southeast Asian J. Sci. 5(2), 111\u2013125 (2017).","journal-title":"Southeast Asian J. Sci"},{"key":"74_CR84","doi-asserted-by":"crossref","unstructured":"M Ussath, D Jaeger, F Cheng, C Meinel, in Cyber Security and Cloud Computing (CSCloud), 2017 IEEE 4th International Conference on. Identifying suspicious user behavior with neural networks (IEEE, 2017), pp. 255\u2013263.","DOI":"10.1109\/CSCloud.2017.10"},{"key":"74_CR85","unstructured":"F Sicard, E Zama\u00ef, J-M Flaus, in 20th World Congress of the International Federation of Automatic Control. Distance concept based filter approach for detection of cyberattacks on industrial control systems (IFAC, 2017), pp. 1\u20135."},{"key":"74_CR86","doi-asserted-by":"crossref","unstructured":"D Gao, MK Reiter, D Song, in International Workshop on Recent Advances in Intrusion Detection. Behavioral distance for intrusion detection (Springer, 2005), pp. 63\u201381.","DOI":"10.1007\/11663812_4"},{"key":"74_CR87","doi-asserted-by":"crossref","unstructured":"K Julisch, M Dacier, in Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining. Mining intrusion detection alarms for actionable knowledge (ACM, 2002), pp. 366\u2013375.","DOI":"10.1145\/775094.775101"},{"key":"74_CR88","doi-asserted-by":"publisher","DOI":"10.1109\/CSCloud.2015.26","volume-title":"Multi-step attack pattern detection on normalized event logs","author":"D Jaeger","year":"2015","unstructured":"D Jaeger, M Ussath, F Cheng, C Meinel, Multi-step attack pattern detection on normalized event logs (IEEE, New York, USA, 2015)."},{"key":"74_CR89","doi-asserted-by":"crossref","unstructured":"M Ussath, D Jaeger, F Cheng, C Meinel, in Information Technology: New Generations. Pushing the limits of cyber threat intelligence: extending STIX to support complex patterns (Springer, 2016), pp. 213\u2013225.","DOI":"10.1007\/978-3-319-32467-8_20"},{"key":"74_CR90","doi-asserted-by":"crossref","unstructured":"M Ussath, F Cheng, C Meinel, in Parallel, Distributed, and Network-Based Processing (PDP), 2016 24th Euromicro International Conference on. Insights into encrypted network connections: analyzing remote desktop protocol traffic (IEEE, 2016), pp. 585\u2013589.","DOI":"10.1109\/PDP.2016.38"},{"issue":"4","key":"74_CR91","doi-asserted-by":"publisher","first-page":"1029","DOI":"10.1007\/s10462-012-9372-9","volume":"42","author":"A Rehman","year":"2014","unstructured":"A Rehman, T Saba, Evaluation of artificial intelligent techniques to secure information in enterprises. Artif. Intell. Rev. 42(4), 1029\u20131044 (2014).","journal-title":"Artif. Intell. Rev"},{"key":"74_CR92","unstructured":"O Van\u011bk, Z Yin, M Jain, B Bo\u0161ansky\u0300, M Tambe, M P\u011bchou\u010dek, in Proceedings of the 11th International Conference on Autonomous Agents and Multiagent Systems-Volume 2. Game-theoretic resource allocation for malicious packet detection in computer networks (International Foundation for Autonomous Agents and Multiagent Systems, 2012), pp. 905\u2013912."},{"key":"74_CR93","unstructured":"RD Paz, The HeartBeat APT Campaign. Trend Micro Incorporated Research Paper (2012)."},{"key":"74_CR94","unstructured":"V Kamluk, C Raiu, I Soumenkov, The ICEFOG APT: a tale of cloak and three daggers. Kaspersky Lab (2013)."},{"key":"74_CR95","unstructured":"KG Research, Team A. The Darkhotel APT\u2014a story of unusual hospitality (2014). https:\/\/securelist.com\/files\/2014\/11\/darkhotel_kl_07.11.pdf ."},{"key":"74_CR96","unstructured":"Cylance, Operation Cleaver (2014). https:\/\/www.cylance.com\/content\/dam\/cylance\/pages\/operation-cleaver\/Cylance_Operation_Cleaver_Report.pdf ."},{"key":"74_CR97","unstructured":"RI Response, Shell Crew (2014). https:\/\/www.emc.com\/collateral\/white-papers\/h12756-wp-shell-crew.pdf ."},{"key":"74_CR98","unstructured":"KG Research, Team A. The Regin Platform - Nation-State Ownage of GSM Networks (2014). https:\/\/securelist.com\/files\/2014\/11\/Kaspersky_Lab_whitepaper_Regin_platform_eng.pdf ."},{"key":"74_CR99","unstructured":"A FireEye, A Window into Russia\u2019s Cyber Espionage Operations (2014)."},{"key":"74_CR100","unstructured":"GROUP-IB, FOX-IT, Anunak: APT Against Financial Institutions, (2014). https:\/\/www.group-ib.com\/resources\/threat-research\/Anunak_APT_against_financial_institutions.pdf ."},{"key":"74_CR101","unstructured":"D Aplerovitch, Deep in thought: Chinese targeting of national security think tanks. Crowdstrike (July 7, 2014) (2014). https:\/\/www.crowdstrike.com\/blog\/deep-thought-chinese-targeting-national-security-think-tanks\/ ."},{"key":"74_CR102","unstructured":"CK Baumgartner, C Raiu, The cozyduke apt. Kaspersky Lab (2015)."},{"key":"74_CR103","unstructured":"C Raiu, M Golovkin, The Chronicles of the Hellsing APT: the Empire Strikes Back, (2015). https:\/\/securelist.com\/the-chronicles-of-the-hellsing-apt-the-empire-strikes-back\/69567\/ ."},{"key":"74_CR104","unstructured":"K Baumgartner, Golovkin, M, (2015). https:\/\/securelist.com\/files\/2015\/05\/TheNaikonAPT-MsnMM1.pdf ."},{"key":"74_CR105","unstructured":"Kaspersky Labs - Global Research & Analysis Team, Carbanak APT - The Great Bank Robbery (2015). https:\/\/securelist.com\/files\/2015\/02\/Carbanak_APT_eng.pdf ."},{"key":"74_CR106","first-page":"2016","volume":"27","author":"B Bencs\u00e1th","year":"2015","unstructured":"B Bencs\u00e1th, G \u00c1cs-Kurucz, G Moln\u00e1r, G Vasp\u00f6ri, L Butty\u00e1n, R Kamar\u00e1s, Duqu 2.0: A comparison to Duqu. Budapest. Retrieved February. 27:, 2016 (2015).","journal-title":"Budapest. Retrieved February"},{"key":"74_CR107","unstructured":"CC Security, Thamar Reservoir - An Iranian cyber-attack campaign against targets in the Middel East (2015). https:\/\/www.clearskysec.com\/wp-content\/uploads\/2015\/06\/Thamar-Reservoir-public1.pdf ."},{"key":"74_CR108","unstructured":"K Baumgartner, M Golovkin, The Naikon APT, (2015)."},{"key":"74_CR109","unstructured":"F Labs, APT30: The mechanics behind a decade long cyber espionage operation (2015). https:\/\/www2.fireeye.com\/WEB-2015RPTAPT30.html ."},{"key":"74_CR110","unstructured":"C Pernet, K Lu, Operation Woolen-Goldfish-When Kittens Go Phising. Trend Micro. 18: (2015)."},{"key":"74_CR111","unstructured":"Team KLGRA, Equation Group: Questions and Answers (2015). https:\/\/securelist.com\/files\/2015\/02\/Equation_group_questions_and_answers.pdf ."},{"key":"74_CR112","unstructured":"Team KLGRA, Animals in the APT Farm (2015). https:\/\/securelist.com\/animals-in-the-apt-farm\/69114\/ ."},{"key":"74_CR113","unstructured":"Symantec, The Waterbug attack group (2015). https:\/\/www.symantec.com\/content\/en\/us\/enterprise\/media\/security_response\/whitepapers\/waterbug-attack-group.pdf ."},{"key":"74_CR114","unstructured":"Team KLGRA, The Desert Falcons Targeted Attacks (2015). https:\/\/securelist.com\/files\/2015\/02\/The-Desert-Falcons-targeted-attacks.pdf ."}],"container-title":["EURASIP Journal on Information Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1186\/s13635-018-0074-y.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1186\/s13635-018-0074-y\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1186\/s13635-018-0074-y.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,3]],"date-time":"2025-07-03T22:16:16Z","timestamp":1751580976000},"score":1,"resource":{"primary":{"URL":"https:\/\/jis-eurasipjournals.springeropen.com\/articles\/10.1186\/s13635-018-0074-y"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,4,24]]},"references-count":114,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2018,12]]}},"alternative-id":["74"],"URL":"https:\/\/doi.org\/10.1186\/s13635-018-0074-y","relation":{},"ISSN":["2510-523X"],"issn-type":[{"type":"electronic","value":"2510-523X"}],"subject":[],"published":{"date-parts":[[2018,4,24]]},"assertion":[{"value":"21 November 2017","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"20 March 2018","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"24 April 2018","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"The authors declare that they have no competing interests.","order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}},{"value":"Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Publisher\u2019s Note"}}],"article-number":"4"}}