{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,17]],"date-time":"2025-10-17T13:59:59Z","timestamp":1760709599676,"version":"3.37.3"},"reference-count":66,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2018,5,2]],"date-time":"2018-05-02T00:00:00Z","timestamp":1525219200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"DOI":"10.13039\/501100003391","name":"Fonds Unique Interminist\u00e9riel","doi-asserted-by":"crossref","award":["AAP-19 HuMa"],"award-info":[{"award-number":["AAP-19 HuMa"]}],"id":[{"id":"10.13039\/501100003391","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["EURASIP J. on Info. Security"],"published-print":{"date-parts":[[2018,12]]},"DOI":"10.1186\/s13635-018-0075-x","type":"journal-article","created":{"date-parts":[[2018,5,2]],"date-time":"2018-05-02T02:01:44Z","timestamp":1525226504000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":6,"title":["OMMA: open architecture for Operator-guided Monitoring of Multi-step Attacks"],"prefix":"10.1186","volume":"2018","author":[{"given":"Julio","family":"Navarro","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"V\u00e9ronique","family":"Legrand","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Aline","family":"Deruyver","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Pierre","family":"Parrend","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2018,5,2]]},"reference":[{"key":"75_CR1","unstructured":"M-Trends 2017: a view from the front lines [Generic]. FireEye (2017). The publication date is March 14, 2017. https:\/\/www.fireeye.com\/blog\/threat-research\/2017\/03\/m-trends-2017.html . Accessed 23 Apr 2018."},{"key":"75_CR2","first-page":"390","volume-title":"IEEE 2nd International Conference on Cyber Security and Cloud Computing (CSCloud)","author":"D Jaeger","year":"2015","unstructured":"D Jaeger, M Ussath, F Cheng, C Meinel, in IEEE 2nd International Conference on Cyber Security and Cloud Computing (CSCloud). Multi-step attack pattern detection on normalized event logs (IEEENew York, 2015), pp. 390\u2013398."},{"key":"75_CR3","volume-title":"Cesar 2014: Detection et reaction face aux attaques informatiques","author":"V Legrand","year":"2014","unstructured":"V Legrand, P Parrend, P Collet, S Fr\u00e9not, M Minier, in Cesar 2014: Detection et reaction face aux attaques informatiques. Vers une architecture \u00abbig-data\u00bb bio-inspir\u00e9e pour la d\u00e9tection d\u2019anomalie des SIEM (RennesFrance, 2014)."},{"key":"75_CR4","volume-title":"The influence of architecture in engineering systems","author":"E Crawley","year":"2004","unstructured":"E Crawley, O De Weck, C Magee, J Moses, W Seering, J Schindall, et al., The influence of architecture in engineering systems (MIT, Cambridge, 2004)."},{"key":"75_CR5","first-page":"188","volume-title":"OASIcs-OpenAccess Series in Informatics","author":"M Vogel","year":"2011","unstructured":"M Vogel, S Schmerl, in OASIcs-OpenAccess Series in Informatics. Efficient distributed intrusion detection applying multi step signatures, vol. 17 (Schloss Dagstuhl-Leibniz-Zentrum fuer InformatikWadern, 2011), pp. 188\u2013193."},{"key":"75_CR6","unstructured":"R Abreu, D Bobrow, H Eldardiry, A Feldman, J Hanley, T Honda, et al., in Proceedings of the 26th International Workshop on Principles of Diagnosis (DX-2015). Diagnosing advanced persistent threats: a position paper, (2015), pp. 193\u2013200."},{"key":"75_CR7","volume-title":"The 10th International Symposium on Foundations & Practice of Security (FPS)","author":"J Navarro","year":"2017","unstructured":"J Navarro, V Legrand, S Lagraa, J Fran\u00e7ois, A Lahmadi, G De Santis, et al., in The 10th International Symposium on Foundations & Practice of Security (FPS). HuMa: a multi-layer framework for threat analysis in a heterogeneous log environment (Springer International PublishingNancy, 2017)."},{"key":"75_CR8","volume-title":"Clouds. Wasps. Peace. Loeb Classical Library","author":"Aristophanes","year":"1998","unstructured":"Aristophanes, Clouds. Wasps. Peace. Loeb Classical Library (Hardvard University Press, Cambridge, MA, 1998)."},{"key":"75_CR9","volume-title":"IEEE Symposium Series on Computational Intelligence (SSCI)","author":"J Navarro","year":"2016","unstructured":"J Navarro, A Deruyver, P Parrend, in IEEE Symposium Series on Computational Intelligence (SSCI). Morwilog: an ACO-based system for outlining multi-step attacks (IEEEAthens, 2016)."},{"key":"75_CR10","unstructured":"Standard on logging and monitoring [Standard]. European Commission (2010). https:\/\/www.eba.europa.eu\/documents\/10180\/1449046\/Annex+5+Standard+on+Logging+and+Monitoring.pdf\/4e9f17de-4589-424c-a670-c0cdc1b5f67b . Accessed 23 Apr 2018."},{"key":"75_CR11","first-page":"1542","volume-title":"IEEE Military Communications Conference (MILCOM)","author":"J Ya","year":"2015","unstructured":"J Ya, T Liu, H Zhang, J Shi, L Guo, in IEEE Military Communications Conference (MILCOM). An automatic approach to extract the formats of network and security log messages (IEEETampa, 2015), pp. 1542\u20131547."},{"key":"75_CR12","doi-asserted-by":"publisher","first-page":"237","DOI":"10.1007\/978-3-319-24018-3_15","volume-title":"IFIP International Conference on Information Security Theory and Practice","author":"D Jaeger","year":"2015","unstructured":"D Jaeger, A Azodi, F Cheng, C Meinel, in IFIP International Conference on Information Security Theory and Practice. Normalizing security events with a hierarchical knowledge base (SpringerHeraklion, 2015), pp. 237\u2013248."},{"key":"75_CR13","doi-asserted-by":"publisher","first-page":"35","DOI":"10.1016\/j.cose.2014.09.006","volume":"48","author":"I Friedberg","year":"2015","unstructured":"I Friedberg, F Skopik, G Settanni, R Fiedler, Combating advanced persistent threats: from network event correlation to incident detection [Journal Article]. Comput. Secur. 48:, 35\u201357 (2015).","journal-title":"Comput. Secur"},{"key":"75_CR14","first-page":"52","volume":"50","author":"J Navarro","year":"2014","unstructured":"J Navarro, \u00bfQui\u00e9n teme a la APT feroz? [Magazine Article]. eSecurity. 50:, 52\u201357 (2014).","journal-title":"eSecurity"},{"key":"75_CR15","first-page":"127","volume-title":"Proceedings of the 2nd International Workshop on Computational Intelligence in Security for Information Systems (CISIS\u201909)","author":"G Suarez-Tangil","year":"2009","unstructured":"G Suarez-Tangil, E Palomar, JM De Fuentes, J Blasco, A Ribagorda, in Proceedings of the 2nd International Workshop on Computational Intelligence in Security for Information Systems (CISIS\u201909). Automatic rule generation based on genetic programming for event correlation, vol. 63 (SpringerBurgos, 2009), pp. 127\u2013134."},{"key":"75_CR16","first-page":"233","volume-title":"Proceedings of the Sixth IFIP\/IEEE International Symposium on Integrated Network Management","author":"M Hasan","year":"1999","unstructured":"M Hasan, B Sugla, R Viswanathan, in Proceedings of the Sixth IFIP\/IEEE International Symposium on Integrated Network Management. A conceptual framework for network management event correlation and filtering systems (IEEEBoston, 1999), pp. 233\u2013246."},{"key":"75_CR17","unstructured":"KM Kavanagh, O Rochford, Magic quadrant for security information and event management [Generic] (Gartner, 2015)."},{"key":"75_CR18","unstructured":"A M\u00fcller, Event correlation engine [Master\u2019s Thesis] (Eidgen\u00f6ssische Technische Hochschule Z\u00fcrich, 2009)."},{"key":"75_CR19","volume-title":"Critical capabilities for security information and event management","author":"TB Oliver Rochford","year":"2016","unstructured":"TB Oliver Rochford, KM Kavanagh, Critical capabilities for security information and event management (Gartner, Stamford, 2016)."},{"key":"75_CR20","unstructured":"KM Kavanagh, O Rochford, Magic quadrant for security information and 1847 event management [Generic]. AlienVault (2014). https:\/\/www.alienvault.com\/doc-repo\/USM-for-Government\/all\/Lifecycle-of-a-Log.pdf . Accessed 23 Apr 2018."},{"key":"75_CR21","first-page":"753","volume-title":"24th IEEE International Conference on Advanced Information Networking and Applications (AINA)","author":"F Alserhani","year":"2010","unstructured":"F Alserhani, M Akhlaq, IU Awan, AJ Cullen, P Mirchandani, in 24th IEEE International Conference on Advanced Information Networking and Applications (AINA). MARS: Multi-stage Attack Recognition System (IEEEPerth, 2010), pp. 753\u2013759."},{"key":"75_CR22","first-page":"16","volume-title":"Fourth IEEE International Workshop on Information Assurance (IWIA\u201906)","author":"B Chen","year":"2006","unstructured":"B Chen, J Lee, AS Wu, in Fourth IEEE International Workshop on Information Assurance (IWIA\u201906). Active event correlation in Bro IDS to detect multi-stage attacks (IEEELondon, 2006), pp. 16\u201350."},{"key":"75_CR23","first-page":"1","volume-title":"Proceedings of 19th International Conference on Computer Communications and Networks","author":"H Du","year":"2010","unstructured":"H Du, DF Liu, J Holsopple, SJ Yang, in Proceedings of 19th International Conference on Computer Communications and Networks. Toward ensemble characterization and projection of multistage cyber attacks (IEEEZurich, 2010), pp. 1\u20138."},{"issue":"23","key":"75_CR24","first-page":"2465","volume":"31","author":"MY Huang","year":"1999","unstructured":"MY Huang, RJ Jasper, TM Wicks, A large scale distributed intrusion detection framework based on attack strategy analysis [Journal Article]. Comm. Com. Inf. SC. 31(23), 2465\u20132475 (1999).","journal-title":"Comm. Com. Inf. SC"},{"key":"75_CR25","first-page":"370","volume-title":"20th Annual Computer Security Applications Conference","author":"X Qin","year":"2004","unstructured":"X Qin, W Lee, in 20th Annual Computer Security Applications Conference. Attack plan recognition and prediction using causal networks (IEEETucson, 2004), pp. 370\u2013379."},{"key":"75_CR26","first-page":"1","volume-title":"IEEE Military Communications Conference (MILCOM)","author":"S Mathew","year":"2009","unstructured":"S Mathew, S Upadhyaya, in IEEE Military Communications Conference (MILCOM). Attack scenario recognition through heterogeneous event stream analysis (IEEEBoston, 2009), pp. 1\u20137."},{"key":"75_CR27","doi-asserted-by":"crossref","first-page":"245","DOI":"10.1145\/586110.586144","volume-title":"Proceedings of the 9th ACM Conference on Computer and Communications Security","author":"P Ning","year":"2002","unstructured":"P Ning, Y Cui, DS Reeves, in Proceedings of the 9th ACM Conference on Computer and Communications Security. Constructing attack scenarios through correlation of intrusion alerts (ACMWashington DC, 2002), pp. 245\u2013254."},{"issue":"1-2","key":"75_CR28","doi-asserted-by":"publisher","first-page":"71","DOI":"10.3233\/JCS-2002-101-204","volume":"10","author":"ST Eckmann","year":"2002","unstructured":"ST Eckmann, G Vigna, RA Kemmerer, STATL: an attack language for state-based intrusion detection [Journal Article]. J. Comput. Secur. 10(1-2), 71\u2013103 (2002).","journal-title":"J. Comput. Secur"},{"key":"75_CR29","unstructured":"M Meier. Intrusion Detection effektiv!: Modellierung und Analyse von Angriffsmustern (Springer-VerlagBerlin, 2007)."},{"key":"75_CR30","first-page":"1","volume-title":"IEEE Symposium Series on Computational Intelligence (SSCI)","author":"M Ussath","year":"2016","unstructured":"M Ussath, F Cheng, C Meinel, in IEEE Symposium Series on Computational Intelligence (SSCI). Automatic multi-step signature derivation from taint graphs (IEEEAthens, 2016), pp. 1\u20138."},{"key":"75_CR31","first-page":"13","volume-title":"IFIP International Conference on Autonomous Infrastructure, Management and Security","author":"M Vogel","year":"2011","unstructured":"M Vogel, S Schmerl, H K\u00f6nig, in IFIP International Conference on Autonomous Infrastructure, Management and Security. Efficient distributed signature analysis (SpringerNancy, 2011), pp. 13\u201325."},{"key":"75_CR32","first-page":"59","volume-title":"International Conference on Information Security and Cryptology (ICISC)","author":"C Kruegel","year":"2002","unstructured":"C Kruegel, T Toth, C Kerer, in International Conference on Information Security and Cryptology (ICISC). Decentralized event correlation for intrusion detection [Journal Article] (SpringerSeoul, 2002), pp. 59\u201395."},{"key":"75_CR33","first-page":"4352","volume-title":"Fifth World Congress on Intelligent Control and Automation (WCICA)","author":"Z Anming","year":"2004","unstructured":"Z Anming, J Chunfu, in Fifth World Congress on Intelligent Control and Automation (WCICA). Study on the applications of Hidden Markov Models to computer intrusion detection, vol. 5 (IEEEHangzhou, 2004), pp. 4352\u20134356."},{"key":"75_CR34","first-page":"1","volume-title":"2014 IEEE Innovative Smart Grid Technologies Conference (ISGT)","author":"F Skopik","year":"2014","unstructured":"F Skopik, I Friedberg, R Fiedler, in 2014 IEEE Innovative Smart Grid Technologies Conference (ISGT). Dealing with advanced persistent threats in smart grid ICT networks (IEEEWashington DC, 2014), pp. 1\u20135."},{"key":"75_CR35","doi-asserted-by":"publisher","first-page":"69","DOI":"10.1109\/CyberSecurity.2012.16","volume-title":"Proceedings of the 2012 International Conference on Cyber Security","author":"P Giura","year":"2012","unstructured":"P Giura, W Wang, in Proceedings of the 2012 International Conference on Cyber Security. A context-based detection framework for Advanced Persistent Threats (IEEE Computer SocietyWashington DC, 2012), pp. 69\u201374."},{"issue":"3","key":"75_CR36","first-page":"93","volume":"1","author":"P Giura","year":"2012","unstructured":"P Giura, W Wang, Using large scale distributed computing to unveil Advanced Persistent Threats [Journal Article]. Sci. J. 1(3), 93\u2013105 (2012).","journal-title":"Sci. J"},{"key":"75_CR37","doi-asserted-by":"crossref","first-page":"583","DOI":"10.1145\/2991079.2991122","volume-title":"Proceedings of the 32nd Annual Conference on Computer Security Applications","author":"K Pei","year":"2016","unstructured":"K Pei, Z Gu, B Saltaformaggio, S Ma, F Wang, Z Zhang, et al., in Proceedings of the 32nd Annual Conference on Computer Security Applications. HERCULE: attack story reconstruction via community discovery on correlated log graph (ACMLos Angeles, 2016), pp. 583\u2013595."},{"key":"75_CR38","doi-asserted-by":"publisher","unstructured":"J Navarro, A Deruyver, P Parrend, A systematic survey on multi-step attack detection. Comput. Secur. 76:, 214\u2013249 (2018). https:\/\/doi.org\/10.1016\/j.cose.2018.03.001 .","DOI":"10.1016\/j.cose.2018.03.001"},{"key":"75_CR39","doi-asserted-by":"crossref","DOI":"10.7551\/mitpress\/1290.001.0001","volume-title":"Ant colony optimization","author":"M Dorigo","year":"2004","unstructured":"M Dorigo, T St\u00fctzle, Ant colony optimization (MIT Press, Cambridge, 2004)."},{"issue":"2","key":"75_CR40","doi-asserted-by":"publisher","first-page":"97","DOI":"10.1162\/106454699568700","volume":"5","author":"G Theraulaz","year":"1999","unstructured":"G Theraulaz, E Bonabeau, A brief history of stigmergy [Journal Article]. Artif Life. 5(2), 97\u2013116 (1999).","journal-title":"Artif Life"},{"key":"75_CR41","doi-asserted-by":"publisher","DOI":"10.1515\/9781400835447","volume-title":"Ant encounters: interaction networks and colony behavior","author":"DM Gordon","year":"2010","unstructured":"DM Gordon, Ant encounters: interaction networks and colony behavior (Princeton University Press, Princeton, 2010)."},{"key":"75_CR42","volume-title":"Positive feedback as a search strategy","author":"M Dorigo","year":"1991","unstructured":"M Dorigo, V Maniezzo, A Colorni, Positive feedback as a search strategy (Politecnico di Milano, Milan, 1991)."},{"key":"75_CR43","volume-title":"Optimization, learning and natural algorithms [Ph.D. Thesis]","author":"M Dorigo","year":"1992","unstructured":"M Dorigo, Optimization, learning and natural algorithms [Ph.D. Thesis] (Politecnico di Milano, Italy, 1992)."},{"key":"75_CR44","doi-asserted-by":"publisher","DOI":"10.5772\/51695","volume-title":"An ant colony optimization algorithm for area traffic control","author":"S Haldenbilen","year":"2013","unstructured":"S Haldenbilen, C Ozan, O Baskan, An ant colony optimization algorithm for area traffic control (INTECH Open Access Publisher, London, 2013)."},{"key":"75_CR45","first-page":"146","volume-title":"International Conference on Swarn Intelligence (ANTS 2014)","author":"S Fernandez","year":"2014","unstructured":"S Fernandez, S Alvarez, D D\u00edaz, M Iglesias, B Ena, in International Conference on Swarn Intelligence (ANTS 2014). Scheduling a galvanizing line by ant colony optimization (SpringerBrussels, 2014), pp. 146\u2013157."},{"key":"75_CR46","volume-title":"D\u00e9veloppement d\u2019un paradigme d\u2019optimisation par Hommiliere\u0300 et application \u00e1 l\u2019enseignement assist\u00e8 par ordinateur sur Internet [Ph.D. Thesis]","author":"G Valigiani","year":"2006","unstructured":"G Valigiani, D\u00e9veloppement d\u2019un paradigme d\u2019optimisation par Hommiliere\u0300 et application \u00e1 l\u2019enseignement assist\u00e8 par ordinateur sur Internet [Ph.D. Thesis] (Universit\u00e9 du Littoral C\u00f4te d\u2019Opale, Dunkerque, 2006)."},{"issue":"10","key":"75_CR47","first-page":"1245","volume":"26","author":"G Valigiani","year":"2007","unstructured":"G Valigiani, E Lutton, C Fonlupt, P Collet, Optimisation par \u201chommili\u00e8re\u201d de chemins p\u00e9dagogiques pour un logiciel d\u2019e-learning [Journal Article]. Tech. Sci. Inform. 26(10), 1245\u20131267 (2007).","journal-title":"Tech. Sci. Inform"},{"issue":"4","key":"75_CR48","first-page":"509","volume":"17","author":"P Mahanti","year":"2005","unstructured":"P Mahanti, M Al-Fayoumi, S Banerjee, Simulating targeted attacks using research honeypots based on ant colony metaphor [Journal Article]. Eur. J. Sci. Res. 17(4), 509\u2013522 (2005).","journal-title":"Eur. J. Sci. Res"},{"issue":"3","key":"75_CR49","doi-asserted-by":"publisher","first-page":"710","DOI":"10.1016\/j.jnca.2008.07.011","volume":"32","author":"Z Zhang","year":"2009","unstructured":"Z Zhang, PH Ho, Janus: a dual-purpose analytical model for understanding, characterizing and countermining multi-stage collusive attacks in enterprise networks [Journal Article]. J. Netw. Comput. Appl. 32(3), 710\u2013720 (2009).","journal-title":"J. Netw. Comput. Appl"},{"issue":"2","key":"75_CR50","doi-asserted-by":"publisher","first-page":"36","DOI":"10.1109\/MSP.2014.21","volume":"12","author":"GA Fink","year":"2014","unstructured":"GA Fink, JN Haack, AD McKinnon, EW Fulp, Defense on the move: ant-based cyber defense [Journal Article]. IEEE Secur. Priv. 12(2), 36\u201343 (2014).","journal-title":"IEEE Secur. Priv"},{"key":"75_CR51","doi-asserted-by":"crossref","first-page":"21","DOI":"10.1109\/ICIMA.2009.5156550","volume-title":"International Conference on Industrial Mechatronics and Automation (ICIMA)","author":"X Hui","year":"2009","unstructured":"X Hui, W Min, Z Zhi-ming, in International Conference on Industrial Mechatronics and Automation (ICIMA). Using Ant Colony Optimization to modeling the network vulnerability detection and restoration system (IEEEChengdu, 2009), pp. 21\u201323."},{"key":"75_CR52","first-page":"515","volume-title":"Science and Information Conference (SAI)","author":"M Kemiche","year":"2014","unstructured":"M Kemiche, R Beghdad, in Science and Information Conference (SAI). CAC-UA: a Communicating Ant for Clustering to Detect Unknown Attacks (IEEELondon, 2014), pp. 515\u2013522."},{"issue":"10","key":"75_CR53","first-page":"1","volume":"105","author":"DP Jeyepalan","year":"2014","unstructured":"DP Jeyepalan, E Kirubakaran, Agent based parallelized intrusion detection system using Ant Colony Optimization [Journal Article]. Int. J. Comput. Appl. (IJCA). 105(10), 1\u20136 (2014).","journal-title":"Int. J. Comput. Appl. (IJCA)"},{"key":"75_CR54","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.jnca.2015.11.024","volume":"64","author":"G Fernandes","year":"2016","unstructured":"G Fernandes, LF Carvalho, JPC JRodrigues, ML Proen\u00e7a, Network anomaly detection using IP flows with principal component analysis and Ant Colony Optimization [Journal Article]. J. Netw. Comput. Appl. 64:, 1\u201311 (2016).","journal-title":"J. Netw. Comput. Appl"},{"key":"75_CR55","doi-asserted-by":"publisher","first-page":"127","DOI":"10.1016\/j.future.2013.06.027","volume":"37","author":"W Feng","year":"2014","unstructured":"W Feng, Q Zhang, G Hu, JX Huang, Mining network data for intrusion detection through combining SVMs with Ant Colony Networks [Journal Article]. Futur. Gener. Comp. Sy. 37:, 127\u2013140 (2014).","journal-title":"Futur. Gener. Comp. Sy"},{"issue":"1","key":"75_CR56","first-page":"33","volume":"2","author":"MS Abadeh","year":"2015","unstructured":"MS Abadeh, J Habibi, A hybridization of evolutionary fuzzy systems and Ant Colony Optimization for intrusion detection [Journal Article]. ISC Int. J. Inf. Secur. (ISeCure). 2(1), 33\u201346 (2015).","journal-title":"ISC Int. J. Inf. Secur. (ISeCure)"},{"issue":"3","key":"75_CR57","doi-asserted-by":"publisher","first-page":"213","DOI":"10.5614\/itbj.ict.res.appl.2015.8.3.3","volume":"8","author":"MNK Abdurrazaq","year":"2015","unstructured":"MNK Abdurrazaq, BR Trilaksono, B Rahardjo, DIDS using cooperative agents based on ant colony clustering [Journal Article]. J. ICT Res. Appl. 8(3), 213\u2013233 (2015).","journal-title":"J. ICT Res. Appl"},{"issue":"8","key":"75_CR58","doi-asserted-by":"publisher","first-page":"625","DOI":"10.1016\/j.cose.2011.08.009","volume":"30","author":"C Kolias","year":"2011","unstructured":"C Kolias, G Kambourakis, M Maragoudakis, Swarm intelligence in intrusion detection: a survey [Journal Article]. Comput. Secur. 30(8), 625\u2013642 (2011).","journal-title":"Comput. Secur"},{"key":"75_CR59","volume-title":"Threat modeling: designing for security","author":"A Shostack","year":"2014","unstructured":"A Shostack, Threat modeling: designing for security (Wiley, Hoboken, 2014)."},{"key":"75_CR60","first-page":"71","volume-title":"First Complex Systems Digital Campus World E-Conference","author":"F Guigou","year":"2015","unstructured":"F Guigou, P Parrend, P Collet, in First Complex Systems Digital Campus World E-Conference. An artificial immune ecosystem model for hybrid cloud supervision (SpringerTempe, 2015), pp. 71\u201384."},{"key":"75_CR61","first-page":"11","volume-title":"Proceedings of The Ninth International Conference on Future Internet Technologies","author":"S Kobayashi","year":"2014","unstructured":"S Kobayashi, K Fukuda, H Esaki, in Proceedings of The Ninth International Conference on Future Internet Technologies. Towards an NLP-based log template generation algorithm for system log analysis (ACMTokyo, 2014), p. 11."},{"key":"75_CR62","doi-asserted-by":"crossref","unstructured":"R Gerhards, The syslog protocol. RFC Editor; 2009. 5424. Available from: https:\/\/tools.ietf.org\/html\/rfc5424 . Accessed 23 Apr 2018.","DOI":"10.17487\/rfc5424"},{"key":"75_CR63","unstructured":"J Pokorny, Proto-Indo-European etymological dictionary. A Revised Edition of Julius Pokorny\u2019s Indogermanisches Etymologisches W\u00f6rterbuch. Indo-Eur. Lang. Revival Assoc. (2007). Available from: https:\/\/marciorenato.files.wordpress.com\/2012\/01\/pokorny-julius-proto-indo-european-etymological-dictionary.pdf . Accessed 23 Apr 2018."},{"key":"75_CR64","doi-asserted-by":"publisher","DOI":"10.1017\/CBO9780511808616","volume-title":"Indo-European linguistics: an introduction","author":"J Clackson","year":"2007","unstructured":"J Clackson, Indo-European linguistics: an introduction (Cambridge University Press, Cambridge, 2007)."},{"key":"75_CR65","first-page":"136","volume-title":"Proceedings of the 18th National Information Systems Security Conference","author":"M Bishop","year":"1995","unstructured":"M Bishop, in Proceedings of the 18th National Information Systems Security Conference. A standard audit trail format (DTIC DocumentBaltimore, 1995), pp. 136\u2013145."},{"key":"75_CR66","doi-asserted-by":"publisher","DOI":"10.1007\/978-1-4757-3458-4","volume-title":"Computer intrusion detection and network monitoring: a statistical viewpoint","author":"DJ Marchette","year":"2001","unstructured":"DJ Marchette, Computer intrusion detection and network monitoring: a statistical viewpoint (Springer Science & Business Media, New York, 2001)."}],"container-title":["EURASIP Journal on Information Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1186\/s13635-018-0075-x.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1186\/s13635-018-0075-x\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1186\/s13635-018-0075-x.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,8,21]],"date-time":"2022-08-21T13:39:46Z","timestamp":1661089186000},"score":1,"resource":{"primary":{"URL":"https:\/\/jis-eurasipjournals.springeropen.com\/articles\/10.1186\/s13635-018-0075-x"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,5,2]]},"references-count":66,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2018,12]]}},"alternative-id":["75"],"URL":"https:\/\/doi.org\/10.1186\/s13635-018-0075-x","relation":{},"ISSN":["2510-523X"],"issn-type":[{"type":"electronic","value":"2510-523X"}],"subject":[],"published":{"date-parts":[[2018,5,2]]},"assertion":[{"value":"30 November 2017","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"2 April 2018","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"2 May 2018","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"The authors declare that they have no competing interests.","order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}},{"value":"Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Publisher\u2019s Note"}}],"article-number":"6"}}