{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T15:26:30Z","timestamp":1763479590214},"publisher-location":"Berlin, Heidelberg","reference-count":19,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783540297703"},{"type":"electronic","value":"9783540321156"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2005]]},"DOI":"10.1007\/11576259_43","type":"book-chapter","created":{"date-parts":[[2005,10,24]],"date-time":"2005-10-24T10:17:00Z","timestamp":1130149020000},"page":"387-396","source":"Crossref","is-referenced-by-count":2,"title":["Improvement of Protocol Anomaly Detection Based on Markov Chain and Its Application"],"prefix":"10.1007","author":[{"given":"Zheng","family":"Qin","sequence":"first","affiliation":[]},{"given":"Na","family":"Li","sequence":"additional","affiliation":[]},{"given":"Da-fang","family":"Zhang","sequence":"additional","affiliation":[]},{"given":"Nai-Zheng","family":"Bian","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"doi-asserted-by":"crossref","unstructured":"Levitt, K.: Intrusion Detection: Current Capabilities and Future Directions. In: Proc. of 18th Annual Computer Security Applications Conference, pp. 365\u2013370 (2002)","key":"43_CR1","DOI":"10.1109\/CSAC.2002.1176308"},{"unstructured":"Das, K.: Protocol Anomaly Detection for Network-based Intrusion Detection (1-16-2004), http:\/\/www.sans.org\/rr\/whitepapers\/detection\/349.php","key":"43_CR2"},{"doi-asserted-by":"crossref","unstructured":"Postel, J.: Transmission Control Protocol. RFC 793 (September 1981), http:\/\/www.faqs.org\/rfcs\/rfc793.html","key":"43_CR3","DOI":"10.17487\/rfc0793"},{"doi-asserted-by":"crossref","unstructured":"Estevez-Tapiador, J.M., Garcia-Teodoro, P., Diaz-Verdejo, J.E.: Stochastic Protocol Modeling for Anomaly Based Network Intrusion Detection. In: Proc. of the First IEEE International Workshop on Information Assurance (IWIA 2003), pp. 3\u201312 (2003)","key":"43_CR4","DOI":"10.1109\/IWIAS.2003.1192454"},{"unstructured":"Lemonnier, E.: Protocol Anomaly Detection in Network-based IDSs (June 2001), http:\/\/erwan.lemonnier.free.fr\/exjobb\/report\/protocol_anomaly_detection.pdf","key":"43_CR5"},{"doi-asserted-by":"crossref","unstructured":"Joglekar, S.P., Tate, S.R.: ProtoMon: Embedded Monitors for Cryptographic Protocol Intrusion Detection and Prevention. In: Proc. of the International Conference on Information Technology: Coding and Computing (ITCC 2004), pp. 81\u201386 (2004)","key":"43_CR6","DOI":"10.1109\/ITCC.2004.1286430"},{"unstructured":"MIT Lincoln Laboratory. Intrusion detection evaluation (04-01-2003), http:\/\/www.ll.mit.edu\/IST\/ideval","key":"43_CR7"},{"issue":"10","key":"43_CR8","first-page":"66","volume":"31","author":"N. Li","year":"2004","unstructured":"Li, N., Qin, Z., Zhang, D.-F., et al.: Protocol Anomaly Detection Model Based on Markov Chain. Computer Science\u00a031(10), 66\u201368 (2004)","journal-title":"Computer Science"},{"unstructured":"Zhao, S., Deng, W.: The analysis of stochastic signal, 1st edn., pp. 153\u2013159 (1999)","key":"43_CR9"},{"doi-asserted-by":"crossref","unstructured":"Gao, B., Ma, H.Y., Yang, Y.H.: HMMS (HIdden Markov Chain Models) Based on Anomaly Intrusion Detection Method. In: Proc. of the First Conference on Machine Learning and Cybernetics, Beijing, pp. 381\u2013385 (2002)","key":"43_CR10","DOI":"10.1109\/ICMLC.2002.1176779"},{"doi-asserted-by":"crossref","unstructured":"Gao, F., Sun, J., Wei, Z.: The Prediction Role of Hidden Markov Model in Intrusion Detection. In: Proc. of the First International Conference on Machine Learning and Cybernetics, Beijing, pp. 381\u2013385 (2002)","key":"43_CR11","DOI":"10.1109\/ICMLC.2002.1176779"},{"doi-asserted-by":"crossref","unstructured":"Jha, S., Tan, K., Maxion, R.A.: Markov Chains, Classifiers, and Intrusion Detection. In: Proc. of the 14th IEEE Workshop on Computer Security Foundations, pp. 206\u2013219 (2001)","key":"43_CR12","DOI":"10.1109\/CSFW.2001.930147"},{"issue":"12","key":"43_CR13","first-page":"189","volume":"28","author":"X. Tan","year":"2002","unstructured":"Tan, X., Wang, W., Xi, H., et al.: The system call sequence models based on Markov Chain and the application in anomaly detection. Engineering of Computer\u00a028(12), 189\u2013191 (2002)","journal-title":"Engineering of Computer"},{"issue":"3","key":"43_CR14","first-page":"116","volume":"52","author":"N. Ye","year":"2003","unstructured":"Ye, N., Zhang, Y., Borror, C.M.: Robustness of the Markov chain model for cyber attack detection. IEEE Transactions on Reliability\u00a052(3), 116\u2013123 (2003)","journal-title":"IEEE Transactions on Reliability"},{"unstructured":"TCPDUMP public repository. TCPDUMP (6-12-2004), http:\/\/www.tcpdump.org\/","key":"43_CR15"},{"issue":"4","key":"43_CR16","doi-asserted-by":"publisher","first-page":"557","DOI":"10.1109\/TR.2004.837705","volume":"53","author":"N. Ye","year":"2004","unstructured":"Ye, N., Chen, Q., Borror, C.M.: EWMA Forecast of Normal System Activity for Computer Intrusion Detection. IEEE Transactions on Reliability\u00a053(4), 557\u2013566 (2004)","journal-title":"IEEE Transactions on Reliability"},{"unstructured":"Wang, H., Zhang, D., Shin, K.G.: Detecting SYN Flooding Attacks. In: Proc. of IEEE INFOCOM, pp. 1530\u20131539 (2002)","key":"43_CR17"},{"doi-asserted-by":"crossref","unstructured":"Siris, V., Papagalou, F.: Application of Anomaly Detection Algorithms for Detecting SYN Flooding Attacks. In: Proc. of IEEE Global Telecommunications Conference, pp. 14\u201320 (2004)","key":"43_CR18","DOI":"10.1109\/GLOCOM.2004.1378372"},{"unstructured":"Li, N.: The research of Protocol Anomaly Detection Based-on Markov Chain. Master thesis. Hunan University (2005)","key":"43_CR19"}],"container-title":["Lecture Notes in Computer Science","Parallel and Distributed Processing and Applications - ISPA 2005 Workshops"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/11576259_43.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,11,17]],"date-time":"2020-11-17T14:59:19Z","timestamp":1605625159000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/11576259_43"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2005]]},"ISBN":["9783540297703","9783540321156"],"references-count":19,"URL":"https:\/\/doi.org\/10.1007\/11576259_43","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2005]]}}}