{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,26]],"date-time":"2025-03-26T17:06:42Z","timestamp":1743008802407,"version":"3.40.3"},"publisher-location":"Berlin, Heidelberg","reference-count":41,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783540289630"},{"type":"electronic","value":"9783540319818"}],"license":[{"start":{"date-parts":[[2005,1,1]],"date-time":"2005-01-01T00:00:00Z","timestamp":1104537600000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2005]]},"DOI":"10.1007\/11555827_15","type":"book-chapter","created":{"date-parts":[[2005,9,27]],"date-time":"2005-09-27T14:10:29Z","timestamp":1127830229000},"page":"247-266","source":"Crossref","is-referenced-by-count":28,"title":["An Efficient and Unified Approach to Correlating, Hypothesizing, and Predicting Intrusion Alerts"],"prefix":"10.1007","author":[{"given":"Lingyu","family":"Wang","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Anyi","family":"Liu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Sushil","family":"Jajodia","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"key":"15_CR1","doi-asserted-by":"crossref","unstructured":"Ammann, P., Wijesekera, D., Kaushik, S.: Scalable, graph-based network vulnerability analysis. In: Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS 2002), pp. 217\u2013224 (2002)","DOI":"10.1145\/586110.586140"},{"key":"15_CR2","unstructured":"Cuppens, F.: Managing alerts in a multi-intrusion detection environment. In: Proceedings of the 17th Annual Computer Security Applications Conference, ACSAC 2001 (2001)"},{"key":"15_CR3","unstructured":"Cuppens, F., Miege, A.: Alert correlation in a cooperative intrusion detection framework. In: Proceedings of the 2002 IEEE Symposium on Security and Privacy (S&P 2002), pp. 187\u2013200 (2002)"},{"key":"15_CR4","doi-asserted-by":"crossref","unstructured":"Cuppens, F., Ortalo, R.: LAMBDA: A language to model a database for detection of attacks. In: Proceedings of the 3rd International Symposium on Recent Advances in Intrusion Detection (RAID 2001), pp. 197\u2013216 (2001)","DOI":"10.1007\/3-540-39945-3_13"},{"key":"15_CR5","doi-asserted-by":"crossref","unstructured":"Dain, O., Cunningham, R.K.: Building scenarios from a heterogeneous alert system. In: Proceedings of the 2001 IEEE Workshop on Information Assurance and Security (2001)","DOI":"10.1007\/978-1-4615-0953-0_5"},{"key":"15_CR6","doi-asserted-by":"crossref","unstructured":"Dain, O., Cunningham, R.K.: Fusing a heterogeneous alert stream into scenarios. In: Proceedings of the ACM Workshop on Data Mining for Security Applications, pp. 1\u201313 (2001)","DOI":"10.1007\/978-1-4615-0953-0_5"},{"key":"15_CR7","unstructured":"2000 darpa intrusion detection evaluation datasets (2000), http:\/\/www.ll.mit.edu\/IST\/ideval\/data\/2000\/2000_data_index.html"},{"key":"15_CR8","doi-asserted-by":"crossref","unstructured":"Debar, H., Wespi, A.: Aggregation and correlation of intrusion-detection alerts. In: Proceedings of the 3rd International Symposium on Recent Advances in Intrusion Detection (RAID 2001), pp. 85\u2013103 (2001)","DOI":"10.1007\/3-540-45474-8_6"},{"issue":"1\/2","key":"15_CR9","doi-asserted-by":"crossref","first-page":"71","DOI":"10.3233\/JCS-2002-101-204","volume":"10","author":"S.T. Eckmann","year":"2002","unstructured":"Eckmann, S.T., Vigna, G., Kemmerer, R.A.: STATL: An attack language for state-based intrusion detection. Journal of Computer Security\u00a010(1\/2), 71\u2013104 (2002)","journal-title":"Journal of Computer Security"},{"key":"15_CR10","unstructured":"Farmer, D., Spafford, E.H.: The COPS security checker system. In: USENIX Summer, pp. 165\u2013170 (1990)"},{"key":"15_CR11","doi-asserted-by":"crossref","unstructured":"Habra, N., Charlier, B.L., Mounji, A., Mathieu, I.: ASAX: software architechture and rule-based language for universal audit trail analysis. In: Proceedings of the 2nd European Symposium on Research in Computer Security (ESORICS 1992), pp. 430\u2013450 (2004)","DOI":"10.1007\/BFb0013912"},{"key":"15_CR12","unstructured":"IBM. IBM tivoli risk manager, Available at http:\/\/www.ibm.com\/software\/tivoli\/products\/risk-mgr\/"},{"key":"15_CR13","unstructured":"SRI International. Event monitoring enabling responses to anomalous live disturbances (EMERALD), Available at http:\/\/www.sdl.sri.com\/projects\/emerald\/"},{"key":"15_CR14","unstructured":"Jajodia, S., Noel, S., O\u2019Berry, B.: Topological analysis of network attack vulnerability. In: Kumar, V., Srivastava, J., Lazarevic, A. (eds.) Managing Cyber Threats: Issues, Approaches and Challenges. Kluwer Academic Publisher, Dordrecht (2003)"},{"key":"15_CR15","unstructured":"Jha, S., Sheyner, O., Wing, J.M.: Two formal analysis of attack graph. In: Proceedings of the 15th Computer Security Foundation Workshop, CSFW 2002 (2002)"},{"key":"15_CR16","doi-asserted-by":"crossref","unstructured":"Julisch, K., Dacier, M.: Mining intrusion detection alarms for actionable knowledge. In: Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining, pp. 366\u2013375 (2002)","DOI":"10.1145\/775047.775101"},{"key":"15_CR17","doi-asserted-by":"crossref","unstructured":"Lee, W., Cabrera, J.B.D., Thomas, A., Balwalli, N., Saluja, S., Zhang, Y.: Performance adaptation in real-time intrusion detection systems. In: Proceedings of The 5th International Symposium on Recent Advances in Intrusion Detection, RAID 2002 (2002)","DOI":"10.1007\/3-540-36084-0_14"},{"key":"15_CR18","doi-asserted-by":"crossref","unstructured":"Morin, B., M\u00e9, L., Debar, H., Ducass\u00e9, M.: M2D2: A formal data model for IDS alert correlation. In: Proceedings of the 5th International Symposium on Recent Advances in Intrusion Detection (RAID 2002), pp. 115\u2013137 (2002)","DOI":"10.1007\/3-540-36084-0_7"},{"key":"15_CR19","doi-asserted-by":"crossref","unstructured":"Ning, P., Cui, Y., Reeves, D.S.: Constructing attack scenarios through correlation of intrusion alerts. In: Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS 2002), pp. 245\u2013254 (2002)","DOI":"10.1145\/586110.586144"},{"key":"15_CR20","unstructured":"Ning, P., Xu, D.: Adapting query optimization techniques for efficient intrusion alert correlation. Technical report, NCSU, Department of Computer Science (2002)"},{"key":"15_CR21","doi-asserted-by":"crossref","unstructured":"Ning, P., Xu, D.: Learning attack strategies from intrusion alerts. In: Proceedings of the 10th ACM Conference on Computer and Communications Security, CCS 2003 (2003)","DOI":"10.1145\/948134.948137"},{"key":"15_CR22","unstructured":"Ning, P., Xu, D., Healey, C.G., Amant, R.S.: Building attack scenarios through integration of complementary alert correlation methods. In: Proceedings of the 11th Annual Network and Distributed System Security Symposium (NDSS 2004), pp. 97\u2013111 (2004)"},{"key":"15_CR23","unstructured":"Noel, S., Jajodia, S.: Correlating intrusion events and building attack scenarios through attack graph distance. In: Proceedings of the 20th Annual Computer Security Applications Conference, ACSAC 2004 (2004)"},{"key":"15_CR24","unstructured":"Noel, S., Jajodia, S., O\u2019Berry, B., Jacobs, M.: Efficient minimum-cost network hardening via exploit dependency grpahs. In: Proceedings of the 19th Annual Computer Security Applications Conference, ACSAC 2003 (2003)"},{"issue":"5","key":"15_CR25","doi-asserted-by":"publisher","first-page":"633","DOI":"10.1109\/32.815323","volume":"25","author":"R. Ortalo","year":"1999","unstructured":"Ortalo, R., Deswarte, Y., Kaaniche, M.: Experimenting with quantitative evaluation tools for monitoring operational security. IEEE Trans. Software Eng.\u00a025(5), 633\u2013650 (1999)","journal-title":"IEEE Trans. Software Eng."},{"key":"15_CR26","unstructured":"OSSIM. Open source security information management, Available at http:\/\/www.ossim.net"},{"issue":"23-24","key":"15_CR27","doi-asserted-by":"publisher","first-page":"2435","DOI":"10.1016\/S1389-1286(99)00112-7","volume":"31","author":"V. Paxson","year":"1999","unstructured":"Paxson, V.: Bro: A system for detecting network intruders in real-time. Computer Networks\u00a031(23-24), 2435\u20132463 (1999)","journal-title":"Computer Networks"},{"key":"15_CR28","doi-asserted-by":"crossref","unstructured":"Qin, X., Lee, W.: Statistical causality analysis of INFOSEC alert data. In: Proceedings of the 6th International Symposium on Recent Advances in Intrusion Detection (RAID 2003), pp. 591\u2013627 (2003)","DOI":"10.1007\/978-3-540-45248-5_5"},{"key":"15_CR29","doi-asserted-by":"crossref","unstructured":"Qin, X., Lee, W.: Discovering novel attack strategies from INFOSEC alerts. In: Proceedings of the 9th European Symposium on Research in Computer Security (ESORICS 2004), pp. 439\u2013456 (2004)","DOI":"10.1007\/978-3-540-30108-0_27"},{"key":"15_CR30","doi-asserted-by":"crossref","unstructured":"Ritchey, R., Ammann, P.: Using model checking to analyze network vulnerabilities. In: Proceedings of the 2000 IEEE Symposium on Research on Security and Privacy (S&P 2000), pp. 156\u2013165 (2000)","DOI":"10.1109\/SECPRI.2000.848453"},{"key":"15_CR31","doi-asserted-by":"crossref","unstructured":"Ritchey, R., O\u2019Berry, B., Noel, S.: Representing TCP\/IP connectivity for topological analysis of network security. In: Proceedings of the 18th Annual Computer Security Applications Conference (ACSAC 2002), p. 25 (2002)","DOI":"10.1109\/CSAC.2002.1176275"},{"key":"15_CR32","unstructured":"Roesch, M.: Snort - lightweight intrusion detection for networks. In: Proceedings of the 1999 USENIX LISA Conference, pp. 229\u2013238 (1999)"},{"key":"15_CR33","doi-asserted-by":"crossref","unstructured":"Sheyner, O., Haines, J., Jha, S., Lippmann, R., Wing, J.M.: Automated generation and analysis of attack graphs. In: Proceedings of the 2002 IEEE Symposium on Security and Privacy (S&P 2002), pp. 273\u2013284 (2002)","DOI":"10.1109\/SECPRI.2002.1004377"},{"issue":"1\/2","key":"15_CR34","doi-asserted-by":"crossref","first-page":"105","DOI":"10.3233\/JCS-2002-101-205","volume":"10","author":"S. Staniford","year":"2002","unstructured":"Staniford, S., Hoagland, J.A., McAlerney, J.M.: Practical automated detection of stealthy portscans. Journal of Computer Security\u00a010(1\/2), 105\u2013136 (2002)","journal-title":"Journal of Computer Security"},{"key":"15_CR35","doi-asserted-by":"crossref","unstructured":"Templeton, S., Levitt, K.: A requires\/provides model for computer attacks. In: Proceedings of the 2000 New Security Paradigms Workshop (NSPW 2000), pp. 31\u201338 (2000)","DOI":"10.1145\/366173.366187"},{"key":"15_CR36","unstructured":"Treasure hunt datasets (2004), http:\/\/www.cs.ucsb.edu\/vigna\/treasurehunt\/index.html"},{"key":"15_CR37","unstructured":"Turner, A.: Tcpreplay: Pcap editing and replay tools for *nix, Available at http:\/\/tcpreplay.sourceforge.net\/"},{"key":"15_CR38","doi-asserted-by":"crossref","unstructured":"Valdes, A., Skinner, K.: Probabilistic alert correlation. In: Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection, pp. 54\u201368 (2001)","DOI":"10.1007\/3-540-45474-8_4"},{"key":"15_CR39","unstructured":"Wang, L., Liu, A., Jajodia, S.: Real-time analyses of intrusion alert streams. Technical report, Center for Secure Information Systems, George Mason University (2005)"},{"key":"15_CR40","unstructured":"Zerkle, D., Levitt, K.: Netkuang - a multi-host configuration vulnerability checker. In: Proceedings of the 6th USENIX Unix Security Symposium, USENIX 1996 (1996)"},{"key":"15_CR41","unstructured":"Zhai, Y., Ning, P., Iyer, P., Reeves, D.: Reasoning about complementary intrusion evidence. In: Proceedings of the 20th Annual Computer Security Applications Conference (ACSAC 2004), pp. 39\u201348 (2004)"}],"container-title":["Lecture Notes in Computer Science","Computer Security \u2013 ESORICS 2005"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/11555827_15","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,1,4]],"date-time":"2025-01-04T15:45:52Z","timestamp":1736005552000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/11555827_15"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2005]]},"ISBN":["9783540289630","9783540319818"],"references-count":41,"URL":"https:\/\/doi.org\/10.1007\/11555827_15","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2005]]}}}