{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,3]],"date-time":"2026-05-03T11:00:05Z","timestamp":1777806005356,"version":"3.51.4"},"reference-count":59,"publisher":"SAGE Publications","issue":"6","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["JCS"],"published-print":{"date-parts":[[2016,12,1]]},"DOI":"10.3233\/jcs-160555","type":"journal-article","created":{"date-parts":[[2016,7,22]],"date-time":"2016-07-22T10:56:52Z","timestamp":1469185012000},"page":"735-791","source":"Crossref","is-referenced-by-count":5,"title":["Using temporal probabilistic logic for optimal monitoring of security events with limited resources"],"prefix":"10.1177","volume":"24","author":[{"given":"Sushil","family":"Jajodia","sequence":"first","affiliation":[{"name":"Center for Secure Information Systems, George Mason University, Fairfax, USA. E-mail:\u00a0jajodia@gmu.edu"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Noseong","family":"Park","sequence":"additional","affiliation":[{"name":"Institute for Advanced Computer Studies, University of Maryland, College Park, USA. E-mails:\u00a0npark@cs.umd.edu,\u00a0vs@cs.umd.edu"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Edoardo","family":"Serra","sequence":"additional","affiliation":[{"name":"Computer Science Department, Boise State University, Boise, USA. E-mail:\u00a0edoardoserra@boisestate.edu"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"V.S.","family":"Subrahmanian","sequence":"additional","affiliation":[{"name":"Institute for Advanced Computer Studies, University of Maryland, College Park, USA. E-mails:\u00a0npark@cs.umd.edu,\u00a0vs@cs.umd.edu"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"179","reference":[{"key":"10.3233\/JCS-160555_ref1","doi-asserted-by":"publisher","first-page":"59","DOI":"10.1016\/j.ic.2012.10.006","article-title":"Linear programming in the semi-streaming model with application to the maximum matching problem","volume":"222","author":"Ahn","year":"2013","journal-title":"Information and Computation"},{"key":"10.3233\/JCS-160555_ref2","unstructured":"K.G.\u00a0Anagnostakis, S.\u00a0Sidiroglou, P.\u00a0Akritidis, K.\u00a0Xinidis, E.\u00a0Markatos and A.D.\u00a0Keromytis, Detecting targeted attacks using shadow honeypots, in: Proceedings of the 14th Conference on USENIX Security Symposium\u00a0\u2013 Volume 14 (SSYM\u201905), USENIX Association, Berkeley, CA, USA, 2005, pp.\u00a09\u20139."},{"key":"10.3233\/JCS-160555_ref4","doi-asserted-by":"crossref","unstructured":"C.A.\u00a0Ardagna, M.\u00a0Cremonini, E.\u00a0Damiani, S.\u00a0De\u00a0Capitani di Vimercati and P.\u00a0Samarati, Supporting location-based conditions in access control policies, in: Proceedings of the 2006 ACM Symposium on Information, Computer and Communications Security, ACM, 2006, pp.\u00a0212\u2013222.","DOI":"10.1145\/1128817.1128850"},{"issue":"2","key":"10.3233\/JCS-160555_ref5","doi-asserted-by":"publisher","first-page":"135","DOI":"10.1109\/TCSS.2014.2377811","article-title":"Behavioral analysis of insider threat: A survey and bootstrapped prediction in imbalanced data","volume":"1","author":"Azaria","year":"2014","journal-title":"IEEE Transactions on Computational Social Systems"},{"key":"10.3233\/JCS-160555_ref6","doi-asserted-by":"crossref","unstructured":"D.\u00a0Barbara and S.\u00a0Jajodia\u00a0(eds), Application of Data Mining in Computer Security, Vol.\u00a06, Springer, 2002.","DOI":"10.1007\/978-1-4615-0953-0"},{"key":"10.3233\/JCS-160555_ref7","doi-asserted-by":"crossref","unstructured":"T.\u00a0Ba\u015far, A tutorial on dynamic and differential games, in: Dynamic Games and Applications in Economics, Springer, 1986, pp.\u00a01\u201325.","DOI":"10.1007\/978-3-642-61636-5_1"},{"issue":"31","key":"10.3233\/JCS-160555_ref8","doi-asserted-by":"publisher","first-page":"4007","DOI":"10.1016\/j.tcs.2011.04.006","article-title":"Distributed temporal logic for the analysis of security protocol models","volume":"412","author":"Basin","year":"2011","journal-title":"Theoretical Computer Science"},{"key":"10.3233\/JCS-160555_ref9","doi-asserted-by":"publisher","DOI":"10.1145\/137097.137892"},{"issue":"6","key":"10.3233\/JCS-160555_ref10","doi-asserted-by":"publisher","first-page":"1178","DOI":"10.1145\/195613.195637","article-title":"Mixed integer programming methods for computing nonmonotonic deductive databases","volume":"41","author":"Bell","year":"1994","journal-title":"Journal of the ACM (JACM)"},{"issue":"1","key":"10.3233\/JCS-160555_ref12","doi-asserted-by":"publisher","first-page":"67","DOI":"10.1109\/MSECP.2003.1176998","article-title":"What is computer security?","volume":"1","author":"Bishop","year":"2003","journal-title":"Security & Privacy, IEEE"},{"issue":"2","key":"10.3233\/JCS-160555_ref13","doi-asserted-by":"publisher","first-page":"199","DOI":"10.1016\/S0169-023X(01)00024-6","article-title":"Lying versus refusal for known potential secrets","volume":"38","author":"Biskup","year":"2001","journal-title":"Data & Knowledge Engineering"},{"key":"10.3233\/JCS-160555_ref14","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-56039-4_55"},{"issue":"3","key":"10.3233\/JCS-160555_ref15","doi-asserted-by":"publisher","first-page":"406","DOI":"10.1109\/69.390247","article-title":"Foundations of secure deductive databases","volume":"7","author":"Bonatti","year":"1995","journal-title":"IEEE Transactions on Knowledge and Data Engineering"},{"key":"10.3233\/JCS-160555_ref16","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-18690-5_8"},{"issue":"1","key":"10.3233\/JCS-160555_ref17","doi-asserted-by":"publisher","first-page":"71","DOI":"10.1016\/0888-613X(87)90005-3","article-title":"Summarizing and propagating uncertain information with triangular norms","volume":"1","author":"Bonissone","year":"1987","journal-title":"International Journal of Approximate Reasoning"},{"issue":"3","key":"10.3233\/JCS-160555_ref18","doi-asserted-by":"crossref","first-page":"328","DOI":"10.1016\/0888-613X(88)90126-0","article-title":"Using T-norm-based uncertainty calculi in a naval situation assessment application","volume":"2","author":"Bonissone","year":"1988","journal-title":"Int. J. Approx. Reasoning"},{"key":"10.3233\/JCS-160555_ref19","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.44"},{"key":"10.3233\/JCS-160555_ref20","doi-asserted-by":"crossref","unstructured":"G.\u00a0Boole, An Investigation of the Laws of Thought: On Which Are Founded the Mathematical Theories of Logic and Probabilities, Dover Publications, 1854.","DOI":"10.5962\/bhl.title.29413"},{"key":"10.3233\/JCS-160555_ref22","doi-asserted-by":"crossref","unstructured":"R.\u00a0Corin and S.\u00a0Etalle, An Improved Constraint-Based System for the Verification of Security Protocols, Springer, 2002.","DOI":"10.1007\/3-540-45789-5_24"},{"key":"10.3233\/JCS-160555_ref23","doi-asserted-by":"crossref","unstructured":"A.\u00a0D\u2019Amico and K.\u00a0Whitley, The real work of computer network defense analysts: The analysis roles and processes that transform network data into security situation awareness, in: Proceedings of the Workshop on Visualization for Computer Security, 2008, pp.\u00a019\u201337.","DOI":"10.1007\/978-3-540-78243-8_2"},{"issue":"3","key":"10.3233\/JCS-160555_ref24","doi-asserted-by":"publisher","first-page":"423","DOI":"10.3233\/JCS-2005-13304","article-title":"A derivation system and compositional logic for security protocols","volume":"13","author":"Datta","year":"2005","journal-title":"Journal of Computer Security"},{"key":"10.3233\/JCS-160555_ref25","unstructured":"A.\u00a0Dekhtyar, M.I.\u00a0Dekhtyar and V.S.\u00a0Subrahmanian, Temporal probabilistic logic programs, in: ICLP, D.\u00a0De Schreye, ed., MIT Press, 1999, pp.\u00a0109\u2013123."},{"key":"10.3233\/JCS-160555_ref26","doi-asserted-by":"crossref","unstructured":"D.E.\u00a0Denning, An intrusion-detection model, in: Proceedings of IEEE Symposium on Security and Privacy, Oakland, CA, 1986, pp.\u00a0118\u2013131.","DOI":"10.1109\/SP.1986.10010"},{"issue":"2","key":"10.3233\/JCS-160555_ref27","doi-asserted-by":"publisher","first-page":"222","DOI":"10.1109\/TSE.1987.232894","article-title":"An intrusion-detection model","volume":"13","author":"Denning","year":"1987","journal-title":"IEEE Trans. Software Eng."},{"key":"10.3233\/JCS-160555_ref28","unstructured":"J.\u00a0Desrosiers and M.E.\u00a0L\u00fcbbecke, A Primer in Column Generation, Springer, 2005."},{"key":"10.3233\/JCS-160555_ref29","doi-asserted-by":"publisher","DOI":"10.1109\/SECPRI.2002.1004365"},{"key":"10.3233\/JCS-160555_ref30","unstructured":"J.P.\u00a0Dickerson, G.I.\u00a0Simari, V.S.\u00a0Subrahmanian and S.\u00a0Kraus, A graph-theoretic approach to protect static and moving targets from adversaries, in: Proceedings of the 9th International Conference on Autonomous Agents and Multiagent Systems: Volume 1-Volume 1, International Foundation for Autonomous Agents and Multiagent Systems, 2010, pp.\u00a0299\u2013306."},{"key":"10.3233\/JCS-160555_ref31","doi-asserted-by":"publisher","DOI":"10.1109\/CyberSecurity.2012.31"},{"key":"10.3233\/JCS-160555_ref32","unstructured":"P.\u00a0Eronen and J.\u00a0Zitting, An expert system for analyzing firewall rules, in: Proceedings of the 6th Nordic Workshop on Secure IT Systems (NordSec 2001), 2001, pp.\u00a0100\u2013107."},{"issue":"3","key":"10.3233\/JCS-160555_ref33","doi-asserted-by":"publisher","first-page":"226","DOI":"10.1145\/146937.146940","article-title":"A logic for reasoning about security","volume":"10","author":"Glasgow","year":"1992","journal-title":"ACM Transactions on Computer Systems (TOCS)"},{"key":"10.3233\/JCS-160555_ref34","doi-asserted-by":"publisher","first-page":"287","DOI":"10.1016\/S0167-5060(08)70356-X","article-title":"Optimization and approximation in deterministic sequencing and scheduling: A survey","volume":"5","author":"Graham","year":"1979","journal-title":"Annals of Discrete Mathematics"},{"key":"10.3233\/JCS-160555_ref35","doi-asserted-by":"crossref","unstructured":"J.Y.\u00a0Halpern and V.\u00a0Weissman, Using first-order logic to reason about policies, ACM Transactions on Information and System Security (TISSEC) 11(4) (2008), 21.","DOI":"10.1145\/1380564.1380569"},{"issue":"2","key":"10.3233\/JCS-160555_ref36","doi-asserted-by":"crossref","first-page":"109","DOI":"10.1145\/304181.304192","article-title":"Belief reasoning in MLS deductive databases","volume":"28","author":"Hasan","year":"1999","journal-title":"ACM SIGMOD Record"},{"key":"10.3233\/JCS-160555_ref37","unstructured":"J.\u00a0Hooker, Logic-Based Methods for Optimization: Combining Optimization and Constraint Satisfaction, Vol.\u00a02, John Wiley & Sons, 2011."},{"key":"10.3233\/JCS-160555_ref38","doi-asserted-by":"publisher","DOI":"10.1145\/41625.41635"},{"key":"10.3233\/JCS-160555_ref39","doi-asserted-by":"crossref","unstructured":"S.\u00a0Jajodia, S.\u00a0Noel, P.\u00a0Kalapa, M.\u00a0Albanese and J.\u00a0Williams, Cauldron: Mission-centric cyber situational awareness with defense in depth, in: Proceedings of the Military Communications Conference (MILCOM 2011), 2011.","DOI":"10.1109\/MILCOM.2011.6127490"},{"issue":"2","key":"10.3233\/JCS-160555_ref40","doi-asserted-by":"publisher","first-page":"214","DOI":"10.1145\/383891.383894","article-title":"Flexible support for multiple access control policies","volume":"26","author":"Jajodia","year":"2001","journal-title":"ACM Transactions on Database Systems (TODS)"},{"issue":"2","key":"10.3233\/JCS-160555_ref41","doi-asserted-by":"publisher","first-page":"183","DOI":"10.1016\/0167-9236(88)90128-5","article-title":"Computation-oriented reductions of predicate to propositional logic","volume":"4","author":"Jeroslow","year":"1988","journal-title":"Decision Support Systems"},{"issue":"1","key":"10.3233\/JCS-160555_ref42","doi-asserted-by":"publisher","first-page":"139","DOI":"10.1016\/j.artint.2004.04.003","article-title":"Combining probabilistic logic programming with the power of maximum entropy","volume":"157","author":"Kern-Isberner","year":"2004","journal-title":"Artificial Intelligence"},{"key":"10.3233\/JCS-160555_ref44","doi-asserted-by":"crossref","first-page":"297","DOI":"10.1613\/jair.3269","article-title":"Stackelberg vs. Nash in security games: An extended investigation of interchangeability, equivalence, and uniqueness","volume":"41","author":"Korzhyk","year":"2011","journal-title":"J. Artif. Intell. Res. (JAIR)"},{"key":"10.3233\/JCS-160555_ref45","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-36388-2_6"},{"key":"10.3233\/JCS-160555_ref46","doi-asserted-by":"crossref","unstructured":"J.W.\u00a0Lloyd, Foundations of Logic Programming, 2nd edn, Springer, 1987.","DOI":"10.1007\/978-3-642-83189-8"},{"issue":"6","key":"10.3233\/JCS-160555_ref47","doi-asserted-by":"crossref","first-page":"85","DOI":"10.1109\/MSP.2006.145","article-title":"Common vulnerability scoring system","volume":"4","author":"Mell","year":"2006","journal-title":"Security Privacy, IEEE"},{"issue":"1","key":"10.3233\/JCS-160555_ref48","doi-asserted-by":"publisher","first-page":"265","DOI":"10.1007\/BF01588971","article-title":"An analysis of approximations for maximizing submodular set functions\u00a0\u2013 I","volume":"14","author":"Nemhauser","year":"1978","journal-title":"Mathematical Programming"},{"issue":"2","key":"10.3233\/JCS-160555_ref49","doi-asserted-by":"publisher","first-page":"150","DOI":"10.1016\/0890-5401(92)90061-J","article-title":"Probabilistic logic programming","volume":"101","author":"Ng","year":"1992","journal-title":"Information and Computation"},{"issue":"1","key":"10.3233\/JCS-160555_ref50","doi-asserted-by":"publisher","first-page":"71","DOI":"10.1016\/0004-3702(86)90031-7","article-title":"Probabilistic logic","volume":"28","author":"Nilsson","year":"1986","journal-title":"Artificial Intelligence"},{"key":"10.3233\/JCS-160555_ref51","unstructured":"P.\u00a0Paruchuri, Playing games for security: An efficient exact algorithm for solving Bayesian Stackelberg games, in: AAMAS, 2008."},{"issue":"23\u201324","key":"10.3233\/JCS-160555_ref52","doi-asserted-by":"publisher","first-page":"2435","DOI":"10.1016\/S1389-1286(99)00112-7","article-title":"Bro: A system for detecting network intruders in real-time","volume":"31","author":"Paxson","year":"1999","journal-title":"Computer Networks"},{"issue":"11","key":"10.3233\/JCS-160555_ref53","doi-asserted-by":"publisher","first-page":"1380","DOI":"10.1016\/j.comcom.2012.04.002","article-title":"DDoS flooding attack detection scheme based on F-divergence","volume":"35","author":"Rahmani","year":"2012","journal-title":"Computer Communications"},{"issue":"7","key":"10.3233\/JCS-160555_ref54","doi-asserted-by":"publisher","first-page":"563","DOI":"10.1016\/0098-1354(93)E0010-7","article-title":"Modelling and computational techniques for logic based integer programming","volume":"18","author":"Raman","year":"1994","journal-title":"Computers & Chemical Engineering"},{"key":"10.3233\/JCS-160555_ref55","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-45608-2_3"},{"key":"10.3233\/JCS-160555_ref56","doi-asserted-by":"crossref","unstructured":"E.\u00a0Serra, S.\u00a0Jajodia, A.\u00a0Pugliese, A.\u00a0Rullo and V.S.\u00a0Subrahmanian, Pareto-optimal adversarial defense of enterprise systems, ACM Transactions on Information and System Security (TISSEC) 17(3) (2015), 11.","DOI":"10.1145\/2699907"},{"key":"10.3233\/JCS-160555_ref57","doi-asserted-by":"crossref","unstructured":"P.\u00a0Shakarian, A.\u00a0Parker, G.I.\u00a0Simari and V.S.\u00a0Subrahmanian, Annotated probabilistic temporal logic, ACM Trans. Comput. Log. 12(2) (2011), 14.","DOI":"10.1145\/1877714.1877720"},{"key":"10.3233\/JCS-160555_ref58","doi-asserted-by":"crossref","unstructured":"P.\u00a0Shakarian, G.I.\u00a0Simari and V.S.\u00a0Subrahmanian, Annotated probabilistic temporal logic: Approximate fixpoint implementation, ACM Trans. Comput. Log. 13(2) (2012), 13.","DOI":"10.1145\/2159531.2159535"},{"key":"10.3233\/JCS-160555_ref59","doi-asserted-by":"crossref","unstructured":"R.\u00a0Sommer and V.\u00a0Paxson, Outside the closed world: On using machine learning for network intrusion detection, in: Proceedings of IEEE Symposium on Security and Privacy, 2010, pp.\u00a0305\u2013316.","DOI":"10.1109\/SP.2010.25"},{"key":"10.3233\/JCS-160555_ref60","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-92687-0_28"},{"issue":"4","key":"10.3233\/JCS-160555_ref62","doi-asserted-by":"publisher","first-page":"626","DOI":"10.1145\/195664.195675","article-title":"Formal query languages for secure relational databases","volume":"19","author":"Winslett","year":"1994","journal-title":"ACM Transactions on Database Systems (TODS)"},{"issue":"6","key":"10.3233\/JCS-160555_ref63","doi-asserted-by":"crossref","first-page":"1073","DOI":"10.1109\/TPDS.2011.262","article-title":"Discriminating DDoS attacks from flash crowds using flow correlation coefficient","volume":"23","author":"Yu","year":"2012","journal-title":"IEEE Transactions on Parallel and Distributed Systems"},{"key":"10.3233\/JCS-160555_ref64","unstructured":"C.\u00a0Zimmerman, The Strategies of a World-Class Cybersecurity Operations Center, The MITRE Corporation, 2014."}],"container-title":["Journal of Computer Security"],"original-title":[],"link":[{"URL":"https:\/\/content.iospress.com\/download?id=10.3233\/JCS-160555","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,4,29]],"date-time":"2026-04-29T20:45:00Z","timestamp":1777495500000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.medra.org\/servlet\/aliasResolver?alias=iospress&doi=10.3233\/JCS-160555"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016,12,1]]},"references-count":59,"journal-issue":{"issue":"6"},"URL":"https:\/\/doi.org\/10.3233\/jcs-160555","relation":{},"ISSN":["1875-8924","0926-227X"],"issn-type":[{"value":"1875-8924","type":"electronic"},{"value":"0926-227X","type":"print"}],"subject":[],"published":{"date-parts":[[2016,12,1]]}}}