{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,16]],"date-time":"2026-03-16T14:08:36Z","timestamp":1773670116680,"version":"3.50.1"},"publisher-location":"Berlin, Heidelberg","reference-count":39,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783540317784","type":"print"},{"value":"9783540317791","type":"electronic"}],"license":[{"start":{"date-parts":[[2006,1,1]],"date-time":"2006-01-01T00:00:00Z","timestamp":1136073600000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2006]]},"DOI":"10.1007\/11663812_4","type":"book-chapter","created":{"date-parts":[[2006,1,20]],"date-time":"2006-01-20T12:57:08Z","timestamp":1137761828000},"page":"63-81","source":"Crossref","is-referenced-by-count":29,"title":["Behavioral Distance for Intrusion Detection"],"prefix":"10.1007","author":[{"given":"Debin","family":"Gao","sequence":"first","affiliation":[]},{"given":"Michael K.","family":"Reiter","sequence":"additional","affiliation":[]},{"given":"Dawn","family":"Song","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"4_CR1","unstructured":"Myserver, http:\/\/www.myserverproject.net"},{"key":"4_CR2","doi-asserted-by":"crossref","unstructured":"Alvisi, L., Malkhi, D., Pierce, E., Reiter, M.K.: Fault detection for Byzantine quorum systems. IEEE Transactions on Parallel Distributed Systems\u00a012(9) (September 2001)","DOI":"10.1109\/71.954640"},{"key":"4_CR3","doi-asserted-by":"crossref","unstructured":"Buskens, R.W., Bianchini Jr., R.P.: Distributed on-line diagnosis in the presence of arbitrary faults. In: Proceedings of the 23rd International Symposium on Fault-Tolerant Computing, June 1993, pp. 470\u2013479 (1993)","DOI":"10.1109\/FTCS.1993.627350"},{"issue":"3","key":"4_CR4","doi-asserted-by":"publisher","first-page":"236","DOI":"10.1145\/859716.859718","volume":"21","author":"M. Castro","year":"2003","unstructured":"Castro, M., Rodrigues, R., Liskov, B.: Base: Using abstraction to improve fault tolerance. ACM Transactions on Computer Systems (TOCS)\u00a021(3), 236\u2013269 (2003)","journal-title":"ACM Transactions on Computer Systems (TOCS)"},{"key":"4_CR5","unstructured":"Chen, L., Avizienes, A.: n-version programming: A fault-tolerance approach to reliability of software operation. In: Proceedings of the 8th International Symposium on Fault-Tolerant Computing, pp. 3\u20139 (1978)"},{"key":"4_CR6","unstructured":"Cheung, S., Crawford, R., Dilger, M., Frank, J., Hoagland, J., Levitt, K., Rowe, J., Staniford-Chen, S., Yip, R., Zerkle, D.: The design of GrIDS: A graph-based intrusion detection system. Technical Report CSE-99-2, Computer Science Department, U.C. Davis (1999)"},{"key":"4_CR7","doi-asserted-by":"crossref","unstructured":"Collberg, C., Thomborson, C., Low, D.: Manufacturing cheap, resilient, and stealthy opaque constructs. In: Proceedings of the ACM Symposium on Principles of Programming Languages (January 1998)","DOI":"10.1145\/268946.268962"},{"key":"4_CR8","unstructured":"Feng, H.H., Giffin, J.T., Huang, Y., Jha, S., Lee, W., Miller, B.P.: Formalizing sensitivity in static analysis for intrusion detection. In: Proceedings of the 2004 IEEE Symposium on Security and Privacy (2004)"},{"key":"4_CR9","unstructured":"Feng, H.H., Kolesnikov, O.M., Fogla, P., Lee, W., Gong, W.: Anomaly detection using call stack information. In: Proceedings of the 2003 IEEE Symposium on Security and Privacy (2003)"},{"key":"4_CR10","unstructured":"Forrest, S., Langstaff, T.A.: A sense of self for unix processes. In: Proceedings of the 1996 IEEE Symposium on Security and Privacy (1996)"},{"key":"4_CR11","unstructured":"The Apache\u00a0Software Foundation. Apache http server, http:\/\/httpd.apache.org"},{"key":"4_CR12","doi-asserted-by":"crossref","unstructured":"Gao, D., Reiter, M.K., Song, D.: Gray-box extraction of execution graph for anomaly detection. In: Proceedings of the 11th ACM Conference on Computer & Communication Security (2004)","DOI":"10.1145\/1030083.1030126"},{"key":"4_CR13","unstructured":"Gao, D., Reiter, M.K., Song, D.: On gray-box program tracking for anomaly detection. In: Proceedings of the 13th USENIX Security Symposium (2004)"},{"key":"4_CR14","unstructured":"Giffin, J.T., Jha, S., Miller, B.P.: Detecting manipulated remote call streams. In: Proceedings of the 11th USENIX Security Symposium (2002)"},{"key":"4_CR15","unstructured":"Giffin, J.T., Jha, S., Miller, B.P.: Efficient context-sensitive intrusion detection. In: Proceedings of Symposium on Network and Distributed System Security (2004)"},{"key":"4_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"326","DOI":"10.1007\/978-3-540-39650-5_19","volume-title":"Computer Security \u2013 ESORICS 2003","author":"C. Kruegel","year":"2003","unstructured":"Kruegel, C., Mutz, D., Valeur, F., Vigna, G.: On the detection of anomalous system call arguments. In: Snekkenes, E., Gollmann, D. (eds.) ESORICS 2003. LNCS, vol.\u00a02808, pp. 326\u2013343. Springer, Heidelberg (2003)"},{"key":"4_CR17","doi-asserted-by":"crossref","unstructured":"Lamport, L.: The implementation of reliable distributed multiprocess systems. Computer Networks\u00a02 (1978)","DOI":"10.1016\/0376-5075(78)90045-4"},{"key":"4_CR18","unstructured":"Lu, X.: A Linux executable editing library. Master\u2019s thesis, Computer and Information Science Department, National Unviersity of Singpaore (1999)"},{"key":"4_CR19","unstructured":"Nebbett, G.: Windows NT\/2000 Native API Reference. Sams Publishing (2000)"},{"key":"4_CR20","doi-asserted-by":"crossref","DOI":"10.1093\/oso\/9780195135848.001.0001","volume-title":"Molecular Evolution and Phylogenetics","author":"M. Nei","year":"2000","unstructured":"Nei, M., Kumar, S.: Molecular Evolution and Phylogenetics. Oxford University Press, Oxford (2000)"},{"key":"4_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"74","DOI":"10.1007\/3-540-36084-0_5","volume-title":"Recent Advances in Intrusion Detection","author":"P. Ning","year":"2002","unstructured":"Ning, P., Cui, Y., Reeves, D.S.: Analyzing intensive intrusion alerts via correlation. In: Wespi, A., Vigna, G., Deri, L. (eds.) RAID 2002. LNCS, vol.\u00a02516, p. 74. Springer, Heidelberg (2002)"},{"key":"4_CR22","unstructured":"Prasad, M., Chiueh, T.: A binary rewriting defense against stack based buffer overflow attacks. In: Proceedings of the USENIX Annual Technical Conference (June 2003)"},{"issue":"1","key":"4_CR23","doi-asserted-by":"publisher","first-page":"55","DOI":"10.1093\/bioinformatics\/14.1.55","volume":"14","author":"I. Rigoutsos","year":"1998","unstructured":"Rigoutsos, I., Floratos, A.: Combinatorial pattern discovery in biological sequences. Bioinformatics\u00a014(1), 55\u201367 (1998)","journal-title":"Bioinformatics"},{"key":"4_CR24","unstructured":"Romer, T., Voelker, G., Lee, D., Wolman, A., Wong, W., Levy, H., Bershad, B., Chen, B.: Instrumentation and optimization of win32\/intel executables using etch. In: Proceeding of the USENIX Windows NT Workshop (August 1997)"},{"issue":"4","key":"4_CR25","doi-asserted-by":"publisher","first-page":"299","DOI":"10.1145\/98163.98167","volume":"22","author":"F.B. Schneider","year":"1990","unstructured":"Schneider, F.B.: Implementing fault-tolerant services using the state machine approach: A tutorial. ACM Computing Surveys\u00a022(4), 299\u2013319 (1990)","journal-title":"ACM Computing Surveys"},{"key":"4_CR26","doi-asserted-by":"crossref","unstructured":"Schwarz, B., Debray, S., Andrews, G.: Disassembly of executable code revisited. In: Proceeding of the Working Conference on Reverse Engineering, pp. 45\u201354 (2002)","DOI":"10.1109\/WCRE.2002.1173063"},{"key":"4_CR27","unstructured":"Sekar, R., Bendre, M., Dhurjati, D., Bollineni, P.: A fast automaton-based method for detecting anomalous program behaviors. In: Proceedings of the 2001 IEEE Symposium on Security and Privacy (2001)"},{"key":"4_CR28","doi-asserted-by":"crossref","unstructured":"Sellers, P.H.: On the theory and computation of evolutionary distances. SIAM J. Appl. Math.\u00a026, 787\u2013793","DOI":"10.1137\/0126070"},{"key":"4_CR29","unstructured":"Shin, K., Ramanathan, P.: Diagnosis of processors with Byzantine faults in a distributed computing system. In: Proceedings of the 17th International Symposium on Fault-Tolerant Computing, pp. 55\u201360 (1987)"},{"key":"4_CR30","unstructured":"Snapp, S.R., Smaha, S.E., Teal, D.M., Grance, T.: The DIDS (Distributed Intrusion Detection System) prototype. In: Proceedings of the Summer USENIX Conference, pp. 227\u2013233 (1992)"},{"key":"4_CR31","doi-asserted-by":"crossref","unstructured":"Tan, K., McHugh, J., Killourhy, K.: Hiding intrusions: From the abnormal to the normal and beyond. In: Proceedings of the 5th International Workshop on Information Hiding (October 2002)","DOI":"10.1007\/3-540-36415-3_1"},{"key":"4_CR32","unstructured":"Aprelium Technologies. Abyss web server, http:\/\/www.aprelium.com"},{"key":"4_CR33","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"54","DOI":"10.1007\/3-540-45474-8_4","volume-title":"Recent Advances in Intrusion Detection","author":"A. Valdes","year":"2001","unstructured":"Valdes, A., Skinner, K.: Probabilistic alert correlation. In: Lee, W., M\u00e9, L., Wespi, A. (eds.) RAID 2001. LNCS, vol.\u00a02212, p. 54. Springer, Heidelberg (2001)"},{"key":"4_CR34","unstructured":"VeriTest. Webbench, http:\/\/www.veritest.com\/benchmarks\/webbench\/default.asp"},{"key":"4_CR35","unstructured":"Wagner, D., Dean, D.: Intrusion detection via static analysis. In: Proceedings of the 2001 IEEE Symposium on Security and Privacy (2001)"},{"key":"4_CR36","doi-asserted-by":"crossref","unstructured":"Wagner, D., Soto, P.: Mimicry attacks on host-based intrusion detection systems. In: Proceedings of the 9th ACM Conference on Computer and Communications Security (2002)","DOI":"10.1145\/586110.586145"},{"key":"4_CR37","doi-asserted-by":"crossref","unstructured":"Wespi, A., Dacier, M., Debar, H.: Intrusion detection using variable-length audit trail patterns. In: Proceedings of the 2000 Recent Advances in Intrusion Detection (2000)","DOI":"10.1007\/3-540-39945-3_8"},{"key":"4_CR38","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"238","DOI":"10.1007\/978-3-540-30143-1_13","volume-title":"Recent Advances in Intrusion Detection","author":"Y. Xie","year":"2004","unstructured":"Xie, Y., Kim, H., O\u2019Hallaron, D., Reiter, M.K., Zhang, H.: Seurat: A pointillist approach to anomaly detection. In: Jonsson, E., Valdes, A., Almgren, M. (eds.) RAID 2004. LNCS, vol.\u00a03224, pp. 238\u2013257. Springer, Heidelberg (2004)"},{"key":"4_CR39","doi-asserted-by":"crossref","unstructured":"Yin, J., Martin, J.-P., Venkataramani, A., Alvisi, L., Dahlin, M.: Separating agreement from execution for Byzantine fault tolerant services. In: Proceedings of the 19th ACM Symposium on Operating System Principles (2003)","DOI":"10.1145\/945469.945470"}],"container-title":["Lecture Notes in Computer Science","Recent Advances in Intrusion Detection"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/11663812_4","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,1,7]],"date-time":"2025-01-07T08:25:52Z","timestamp":1736238352000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/11663812_4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2006]]},"ISBN":["9783540317784","9783540317791"],"references-count":39,"URL":"https:\/\/doi.org\/10.1007\/11663812_4","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2006]]}}}