{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,5]],"date-time":"2024-09-05T18:20:40Z","timestamp":1725560440494},"publisher-location":"Berlin, Heidelberg","reference-count":28,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783540289555"},{"type":"electronic","value":"9783540319368"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2005]]},"DOI":"10.1007\/11554578_7","type":"book-chapter","created":{"date-parts":[[2005,9,27]],"date-time":"2005-09-27T12:51:11Z","timestamp":1127825471000},"page":"207-236","source":"Crossref","is-referenced-by-count":11,"title":["Intrusion Detection: Introduction to Intrusion Detection and Security Information Management"],"prefix":"10.1007","author":[{"given":"Herv\u00e9","family":"Debar","sequence":"first","affiliation":[]},{"given":"Jouni","family":"Viinikka","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"7_CR1","unstructured":"Debar, H., Curry, D., Fenstein, B.: Intrusion Detection Message Exchange Format Data Model and Extensible Markup Language (XML) Document Type Definition. Internet Draft, work in progress (2005), http:\/\/search.ietf.org\/internet-drafts\/draft-ietf-idwg-idmef-xml-14.txt"},{"key":"7_CR2","unstructured":"Feinstein, B., Matthews, G., White, J.: The intrusion detection exchange protocol (idxp). Internet Draft (work in progress) (2002) (expires April 22, 2003)"},{"key":"7_CR3","unstructured":"Roesch, M.: Snort - Lightweight Intrusion Detection for Networks. In: Proceedings of LISA 1999, Seattle, Washington, USA (1999)"},{"key":"7_CR4","unstructured":"Northcutt, S., Novak, J.: Network Intrusion Detection. In: QUE, 3rd edn. (2003) ISBN 0735712654"},{"key":"7_CR5","unstructured":"Ptacek, T.H., Newsham, T.N.: Insertion, Evasion, and Denial of Service\u00a0: Eluding Network Intrusion Detection. Secure Networks, Inc (1998)"},{"key":"7_CR6","unstructured":"Zhang, Y., Paxson, V.: Detecting stepping stones. In: Proceedings of the 9th USENIX Security Symposium, Denver, CO (2000)"},{"key":"7_CR7","doi-asserted-by":"crossref","unstructured":"Paxson, V.: An analysis of using reflectors for distributed denial-of-service attacks. Computer Communication Review 31 (2001)","DOI":"10.1145\/505659.505664"},{"key":"7_CR8","unstructured":"Handley, M., Kreibich, C., Paxson, V.: Network Intrusion Detection: Evasion, Traffic Normalization, and End-to-End Protocol Semantics. In: Proceedings of the 10th USENIX Security Symposium, Washington, DC (2001)"},{"key":"7_CR9","doi-asserted-by":"crossref","unstructured":"Fieldings, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L., Leach, P., Berners-Lee, T.: Hypertext Transfer Protocol \u2013 HTTP\/1.1. RFC 2616 (1999)","DOI":"10.17487\/rfc2616"},{"key":"7_CR10","unstructured":"Denning, D.E., Edwards, D.L., Jagannathan, R., Lunt, T.F., Neumann, P.G.: A prototype IDES \u2014 A Real-Time Intrusion Detection Expert System. Technical report. Computer Science Laboratory, SRI International (1987)"},{"key":"7_CR11","unstructured":"Snapp, S.R., Smaha, S.E.: Signature Analysis Model Definition and Formalism. In: Proc. Fourth Workshop on Computer Security Incident Handling, Denver, CO (1992)"},{"key":"7_CR12","doi-asserted-by":"publisher","first-page":"762","DOI":"10.1145\/359842.359859","volume":"20","author":"R.S. Boyer","year":"1977","unstructured":"Boyer, R.S., Moore, J.S.: A fast string searching algorithm. Communications of the ACM\u00a020, 762\u2013772 (1977)","journal-title":"Communications of the ACM"},{"key":"7_CR13","doi-asserted-by":"publisher","first-page":"419","DOI":"10.1145\/363347.363387","volume":"11","author":"K. Thomson","year":"1968","unstructured":"Thomson, K.: Regular expression search algorithm. Communications of the ACM\u00a011, 419\u2013422 (1968)","journal-title":"Communications of the ACM"},{"key":"7_CR14","unstructured":"Denning, D.E., Neumann, P.G.: Requirements and model for IDES - a real-time intrusion detection expert system. Technical report, Computer Science Laboratory, SRI International, Menlo Park, CA (1985)"},{"key":"7_CR15","doi-asserted-by":"publisher","first-page":"222","DOI":"10.1109\/TSE.1987.232894","volume":"13","author":"D. Denning","year":"1987","unstructured":"Denning, D.: An Intrusion-Detection Model. IEEE Transactions on Software Engineering\u00a013, 222\u2013232 (1987)","journal-title":"IEEE Transactions on Software Engineering"},{"key":"7_CR16","unstructured":"Javitz, H.S., Valdez, A., Lunt, T.F., Tamaru, A., Tyson, M., Lowrance, J.: Next generation intrusion detection expert system (NIDES) - 1. statistical algorithms rationale - 2. rationale for proposed resolver. Technical Report A016\u2013Rationales, SRI International, 333 Ravenswood Avenue, Menlo Park, CA (1993)"},{"key":"7_CR17","doi-asserted-by":"crossref","unstructured":"Droms, R.: Dynamic host configuration protocol. RFC 2131 (1997)","DOI":"10.17487\/rfc2131"},{"key":"7_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"115","DOI":"10.1007\/3-540-36084-0_7","volume-title":"Recent Advances in Intrusion Detection","author":"B. Morin","year":"2002","unstructured":"Morin, B., M\u00e9, L., Debar, H., Ducass\u00e9, M.: M2D2\u00a0: A Formal Data Model for IDS Alert Correlation. In: Wespi, A., Vigna, G., Deri, L. (eds.) RAID 2002. LNCS, vol.\u00a02516, p. 115. Springer, Heidelberg (2002)"},{"key":"7_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"166","DOI":"10.1007\/978-3-540-30143-1_9","volume-title":"Recent Advances in Intrusion Detection","author":"J. Viinikka","year":"2004","unstructured":"Viinikka, J., Debar, H.: Monitoring ids background noise using ewma control charts and alert information. In: Jonsson, E., Valdes, A., Almgren, M. (eds.) RAID 2004. LNCS, vol.\u00a03224, pp. 166\u2013187. Springer, Heidelberg (2004)"},{"key":"7_CR20","doi-asserted-by":"crossref","unstructured":"Egevang, K., Francis, P.: The ip network address translator (nat). RFC 1631 (1994)","DOI":"10.17487\/rfc1631"},{"key":"7_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"177","DOI":"10.1007\/3-540-36084-0_10","volume-title":"Recent Advances in Intrusion Detection","author":"H. Debar","year":"2002","unstructured":"Debar, H., Morin, B.: Evaluation of the Diagnostic Capabilities of Commercial Intrusion Detection Systems. In: Wespi, A., Vigna, G., Deri, L. (eds.) RAID 2002. LNCS, vol.\u00a02516, p. 177. Springer, Heidelberg (2002)"},{"key":"7_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"95","DOI":"10.1007\/3-540-36084-0_6","volume-title":"Recent Advances in Intrusion Detection","author":"P.A. Porras","year":"2002","unstructured":"Porras, P.A., Fong, M.W., Valdes, A.: A Mission-Impact-Based Approach to INFOSEC Alarm Correlation. In: Wespi, A., Vigna, G., Deri, L. (eds.) RAID 2002. LNCS, vol.\u00a02516, pp. 95\u2013114. Springer, Heidelberg (2002)"},{"key":"7_CR23","doi-asserted-by":"crossref","unstructured":"Julisch, K.: Mining Alarm Clusters to Improve Alarm Handling Efficiency. In: Proceedings of the 17th Annual Computer Security Applications Conference (ACSAC) (2001)","DOI":"10.1109\/ACSAC.2001.991517"},{"key":"7_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"94","DOI":"10.1007\/978-3-540-45248-5_6","volume-title":"Recent Advances in Intrusion Detection","author":"B. Morin","year":"2003","unstructured":"Morin, B., Debar, H.: Correlation of Intrusion Symptoms: an Application of Chronicles. In: Vigna, G., Kr\u00fcgel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol.\u00a02820, pp. 94\u2013112. Springer, Heidelberg (2003)"},{"key":"7_CR25","doi-asserted-by":"publisher","first-page":"230","DOI":"10.2307\/1266443","volume":"1","author":"S.W. Roberts","year":"1959","unstructured":"Roberts, S.W.: Control Chart Tests Based On Geometric Moving Averages. Technometrics\u00a01, 230\u2013250 (1959)","journal-title":"Technometrics"},{"key":"7_CR26","doi-asserted-by":"publisher","first-page":"75","DOI":"10.1109\/TR.2002.805796","volume":"52","author":"N. Ye","year":"2003","unstructured":"Ye, N., Vilbert, S., Chen, Q.: Computer Intrusion Detection Through EWMA for Autocorrelated and Uncorrelated Data. IEEE Transactions on Reliability\u00a052, 75\u201382 (2003)","journal-title":"IEEE Transactions on Reliability"},{"key":"7_CR27","doi-asserted-by":"publisher","first-page":"443","DOI":"10.1002\/qre.493","volume":"18","author":"N. Ye","year":"2002","unstructured":"Ye, N., Borror, C., Chang, Y.: EWMA Techniques for Computer Intrusion Detection Through Anomalous Changes In Event Intensity. Quality and Reliability Engineering International\u00a018, 443\u2013451 (2002)","journal-title":"Quality and Reliability Engineering International"},{"key":"7_CR28","unstructured":"Mahadik, V.A., Wu, X., Reeves, D.S.: Detection of Denial of QoS Attacks Based on \u03c7 2 Statistic and EWMA Control Chart (2002) (submitted for Usenix 2002), Online document, http:\/\/arqos.csc.ncsu.edu\/papers.htm"}],"container-title":["Lecture Notes in Computer Science","Foundations of Security Analysis and Design III"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/11554578_7.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,11,17]],"date-time":"2020-11-17T19:46:50Z","timestamp":1605642410000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/11554578_7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2005]]},"ISBN":["9783540289555","9783540319368"],"references-count":28,"URL":"https:\/\/doi.org\/10.1007\/11554578_7","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2005]]}}}