{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,4,22]],"date-time":"2025-04-22T09:27:16Z","timestamp":1745314036573},"publisher-location":"Berlin, Heidelberg","reference-count":25,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783540258780"},{"type":"electronic","value":"9783540319498"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2005]]},"DOI":"10.1007\/11425274_2","type":"book-chapter","created":{"date-parts":[[2010,7,13]],"date-time":"2010-07-13T04:24:54Z","timestamp":1278995094000},"page":"14-28","source":"Crossref","is-referenced-by-count":22,"title":["Anomaly Detection in Computer Security and an Application to File System Accesses"],"prefix":"10.1007","author":[{"given":"Salvatore J.","family":"Stolfo","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Shlomo","family":"Hershkop","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Linh H.","family":"Bui","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ryan","family":"Ferster","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ke","family":"Wang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"key":"2_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"36","DOI":"10.1007\/3-540-36084-0_3","volume-title":"Recent Advances in Intrusion Detection","author":"F. Apap","year":"2002","unstructured":"Apap, F., Honig, A., Hershkop, S., Eskin, E., Stolfo, S.: Detecting Malicious Software by Monitoring Anomalous Windows Registry Accesses. In: Wespi, A., Vigna, G., Deri, L. (eds.) RAID 2002. LNCS, vol.\u00a02516, p. 36. Springer, Heidelberg (2002)"},{"unstructured":"Balzer, R.: Mediating Connectors. In: 19th IEEE International Conference on Distributed Computing Systems Workshop (1994)","key":"2_CR2"},{"key":"2_CR3","first-page":"SE","volume":"222","author":"D.E. Denning","year":"1987","unstructured":"Denning, D.E.: An intrusion detection model. IEEE Transactions on Software Engineering\u00a0222, SE-13 (1987)","journal-title":"IEEE Transactions on Software Engineering"},{"unstructured":"Eskin, E.: Anomaly Detection Over Noisy Data Using Learned Probability Distributions. In: Proceedings of the 17th Int\u2019l Conf. on Machine Learning, ICML-2000 (2000)","key":"2_CR4"},{"doi-asserted-by":"crossref","unstructured":"Eskin, E., Arnold, A., Prerau, M., Portnoy, L., Stolfo, S.J.: A Geometric Framework for Unsupervised Anomaly Detection: Detecting Intrusions in Unlabeled Data. Data Mining for Security Applications. Kluwer (2002)","key":"2_CR5","DOI":"10.1007\/978-1-4615-0953-0_4"},{"doi-asserted-by":"crossref","unstructured":"Forrest, S., Hofmeyr, S.A., Somayaji, A., Longstaff, T.A.: A Sense of Self for UNIX Processes. In: IEEE Symposium on Security and Privacy, pp. 120\u2013128 (1996)","key":"2_CR6","DOI":"10.1109\/SECPRI.1996.502675"},{"unstructured":"Ghosh, A.K., Schwartzbard, A., Schatz, M.: Learning Program Behavior Profiles for Intrusion Detection. In: Workshop Intrusion Detection and Network Monitoring (1999)","key":"2_CR7"},{"unstructured":"Heller, K.A., Svore, K.M., Keromytis, A.D., Stolfo, S.J.: One Class Support Vector Machines for Detecting Anomalous Window Registry Accesses. In: 3rd IEEE Conference Data Mining Workshop on Data Mining for Computer Security, November 19 (2003)","key":"2_CR8"},{"unstructured":"Javitz, H.S., Valdes, A.: The NIDES Statistical Component: Description and Justification. Technical report. SRI International (1993)","key":"2_CR9"},{"unstructured":"Lee, W., Stolfo, S.J., Chan, P.K.: Learning patterns from UNIX processes execution traces for intrusion detection. In: AAAI Workshop on AI Approaches to Fraud Detection and Risk Management, pp. 50\u201356 (1997)","key":"2_CR10"},{"unstructured":"Lee, W., Stolfo, S.: A Framework for Constructing Features and Models for Intrusion Detection Systems. In: Proceedings of 1999 IEEE Symposium on Computer Security and Privacy and the Proceedings of the 8th ACM SIGKDD Int. Conf. on Knowledge Discovery and Data Mining (1999)","key":"2_CR11"},{"unstructured":"Mahoney, M.V., Chan, P.K.: Detecting Novel Attacks by Identifying anomalous Network Packet Headers. Florida Institute of Technology Technical Report CS-2001-2 (1999)","key":"2_CR12"},{"doi-asserted-by":"crossref","unstructured":"Maxion, R., Townsend, T.: Masquerade Detection Using Truncated Command Lines. In: International Conference on Dependable Systems and Networks (DSN 2002), Washington, D.C. (2002)","key":"2_CR13","DOI":"10.1109\/DSN.2002.1028903"},{"doi-asserted-by":"crossref","unstructured":"Michael, C.C., Ghosh, A.: Simple, State-based approaches to Program-based Anomaly Detection. ACM Trans. on Information and System Security, TISSEC\u00a05 (2002)","key":"2_CR14","DOI":"10.1145\/545186.545187"},{"unstructured":"Portnoy, L., Eskin, E., Stolfo, S.J.: Intrusion detection with unlabeled data using clustering. In: Proceedings of ACM CSS Workshop on Data Mining Applied to Security (DMSA-2001), Philadelphia, PA (2001)","key":"2_CR15"},{"issue":"1","key":"2_CR16","doi-asserted-by":"publisher","first-page":"58","DOI":"10.1214\/ss\/998929476","volume":"16","author":"M. Schonlau","year":"2001","unstructured":"Schonlau, M., DuMouchel, W., Ju, W., Karr, A.F., Theus, M., Vardi, Y.: Computer intrusion: Detecting masquerades. Statistical Science\u00a016(1), 58\u201374 (2001)","journal-title":"Statistical Science"},{"doi-asserted-by":"crossref","unstructured":"Tan, K.M.C., Maxion, R.A.: Why 6? Defining the Operational Limits of stide, an Anomaly-Based Intrusion Detector. IEEE Symp. On Security and Privacy (2002)","key":"2_CR17","DOI":"10.1109\/SECPRI.2002.1004371"},{"doi-asserted-by":"crossref","unstructured":"Taylor, C., Alves-Foss, J.: NATE: Network Analysis of Anomalous Traffic Events, a low-cost approach. In: Proceedings New Security Paradigms Workshop (2001)","key":"2_CR18","DOI":"10.1145\/508171.508186"},{"doi-asserted-by":"crossref","unstructured":"Vigna, G., Valeur, F., Kemmerer, R.: Designing and Implementing a Family of Intrusion Detection Systems. In: Proc. 9th European software engineering conference (2003)","key":"2_CR19","DOI":"10.1145\/940071.940084"},{"doi-asserted-by":"crossref","unstructured":"Wagner, D., Soto, P.: Mimicry attacks on host based intrusion detection systems. In: Ninth ACM Conference on Computer and Communications Security (2002)","key":"2_CR20","DOI":"10.1145\/586110.586145"},{"unstructured":"Wang, K., Stolfo, S.: One-Class Training for Masquerade Detection. In: 3rd IEEE International Conference on Data Mining, Workshop on Data Mining for Security Applications, Florida (November 2003)","key":"2_CR21"},{"key":"2_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"203","DOI":"10.1007\/978-3-540-30143-1_11","volume-title":"Recent Advances in Intrusion Detection","author":"K. Wang","year":"2004","unstructured":"Wang, K., Stolfo, S.J.: Anomalous Payload-based Network Intrusion Detection. In: Jonsson, E., Valdes, A., Almgren, M. (eds.) RAID 2004. LNCS, vol.\u00a03224, pp. 203\u2013222. Springer, Heidelberg (2004)"},{"key":"2_CR23","volume-title":"Detecting Intrusions Using System Calls: Alternative Data Models","author":"C. Warrender","year":"1999","unstructured":"Warrender, C., Forrest, S., Pearluter, B.: Detecting Intrusions Using System Calls: Alternative Data Models. IEEE Computer Society, Los Alamitos (1999)"},{"unstructured":"Ye, N.: A Markov Chain Model of Temporal Behavior for Anomaly Detection. In: Proceedings of the 2000 IEEE Workshop on Information Assurance and Security, United States Military Academy, West Point, NY (2000)","key":"2_CR24"},{"doi-asserted-by":"crossref","unstructured":"Zadok, E., Nieh, J.: FiST: A Language for Stackable File Systems. In: Usenix Technical Conference (June 2000)","key":"2_CR25","DOI":"10.1145\/346152.346263"}],"container-title":["Lecture Notes in Computer Science","Foundations of Intelligent Systems"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/11425274_2.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,11,17]],"date-time":"2020-11-17T19:55:15Z","timestamp":1605642915000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/11425274_2"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2005]]},"ISBN":["9783540258780","9783540319498"],"references-count":25,"URL":"https:\/\/doi.org\/10.1007\/11425274_2","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2005]]}}}