{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,5]],"date-time":"2024-09-05T16:11:49Z","timestamp":1725552709808},"publisher-location":"Berlin, Heidelberg","reference-count":19,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783540317784"},{"type":"electronic","value":"9783540317791"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2006]]},"DOI":"10.1007\/11663812_8","type":"book-chapter","created":{"date-parts":[[2006,1,20]],"date-time":"2006-01-20T07:57:08Z","timestamp":1137743828000},"page":"146-164","source":"Crossref","is-referenced-by-count":7,"title":["Improving Host-Based IDS with Argument Abstraction to Prevent Mimicry Attacks"],"prefix":"10.1007","author":[{"family":"Sufatrio","sequence":"first","affiliation":[]},{"given":"Roland H. C.","family":"Yap","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"8_CR1","doi-asserted-by":"crossref","first-page":"151","DOI":"10.3233\/JCS-980109","volume":"6","author":"S. Hofmeyr","year":"1998","unstructured":"Hofmeyr, S., Forrest, S., Somayaji, A.: Intrusion detection using sequences of system calls. Journal of Computer Security\u00a06, 151\u2013180 (1998)","journal-title":"Journal of Computer Security"},{"key":"8_CR2","unstructured":"Somayaji, A., Forrest, S.: Automated response using system-call delays. In: Proceedings of the 9th USENIX Security Symposium (2000)"},{"key":"8_CR3","unstructured":"Somayaji, A.: Operating system stability and security through process homeostasis. Ph.D. Thesis, University of New Mexico (2002)"},{"key":"8_CR4","doi-asserted-by":"crossref","unstructured":"Warrender, C., Forrest, S., Pearlmutter, B.: Detecting intrusions using system calls: alternative data models. In: Proceedings of the 1999 IEEE Symposium on Security and Privacy (1999)","DOI":"10.1109\/SECPRI.1999.766910"},{"key":"8_CR5","doi-asserted-by":"crossref","unstructured":"Wagner, D., Soto, P.: Mimicry attacks on host-based intrusion detection systems. In: Proceedings of the 9th ACM Conference on Computer and Communications Security (2002)","DOI":"10.1145\/586110.586145"},{"key":"8_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"54","DOI":"10.1007\/3-540-36084-0_4","volume-title":"Recent Advances in Intrusion Detection","author":"K.M.C. Tan","year":"2002","unstructured":"Tan, K.M.C., Killourhy, K.S., Maxion, R.A.: Understanding an anomaly-based intrusion detection system using common exploits. In: Wespi, A., Vigna, G., Deri, L. (eds.) RAID 2002. LNCS, vol.\u00a02516, p. 54. Springer, Heidelberg (2002)"},{"issue":"1","key":"8_CR7","first-page":"96","volume":"21","author":"K.M.C. Tan","year":"2003","unstructured":"Tan, K.M.C., Maxion, R.A.: Determining the Operational Limits of an Anomaly-Based Intrusion Detector. IEEE Journal on Selected Areas in Communications, Special Issue on Design and Analysis Techniques for Security Assurance\u00a021(1), 96\u2013110 (2003)","journal-title":"IEEE Journal on Selected Areas in Communications, Special Issue on Design and Analysis Techniques for Security Assurance"},{"key":"8_CR8","doi-asserted-by":"crossref","unstructured":"Tan, K.M.C., Maxion, R.A.: Why 6? Defining the operational limits of stide, an anomaly-based intrusion detector. In: Proceedings of the 2002 IEEE Symposium on Security and Privacy (2002)","DOI":"10.1109\/SECPRI.2002.1004371"},{"key":"8_CR9","unstructured":"Gao, D., Reiter, M.K., Song, D.: On gray-Box program tracking for anomaly detection. In: Proceedings of the 13th USENIX Security Symposium (2004)"},{"key":"8_CR10","doi-asserted-by":"crossref","unstructured":"Sekar, R., Bendre, M., Dhurjati, D., Bollineni, P.: A fast automaton-based method for detecting anomalous program behaviors. In: Proceedings of the 2001 IEEE Symposium on Security and Privacy (2001)","DOI":"10.1109\/SECPRI.2001.924295"},{"key":"8_CR11","doi-asserted-by":"crossref","unstructured":"Feng, H., Kolesnikov, O., Fogla, P., Lee, W., Gong, W.: Anomaly detection using call stack information. In: Proceedings of the 2003 IEEE Symposium on Security and Privacy (2003)","DOI":"10.1109\/SECPRI.2003.1199328"},{"key":"8_CR12","doi-asserted-by":"crossref","unstructured":"Maxion, R.: Masquerade detection using enriched command lines. In: Proceedings of the International Conference on Dependable Systems & Networks, DSN 2003 (2003)","DOI":"10.1109\/DSN.2003.1209911"},{"key":"8_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"326","DOI":"10.1007\/978-3-540-39650-5_19","volume-title":"Computer Security \u2013 ESORICS 2003","author":"C. Kruegel","year":"2003","unstructured":"Kruegel, C., Mutz, D., Valeur, F., Vigna, G.: On the detection of anomalous system call arguments. In: Snekkenes, E., Gollmann, D. (eds.) ESORICS 2003. LNCS, vol.\u00a02808, pp. 326\u2013343. Springer, Heidelberg (2003)"},{"key":"8_CR14","unstructured":"Giffin, J., Jha, S., Miller, B.: Efficient context-sensitive intrusion detection. In: Proceedings of the 11th Network and Distributed System Security Symposium (2004)"},{"key":"8_CR15","unstructured":"Provos, N.: Improving host security with system call policies. In: Proceedings of the 12th USENIX Security Symposium (2003)"},{"key":"8_CR16","doi-asserted-by":"crossref","first-page":"63","DOI":"10.1080\/07391102.1989.10507752","volume":"7","author":"P.A. Pevzner","year":"1989","unstructured":"Pevzner, P.A.: L-tuple DNA sequencing: computer analysis. Journal of Biomolecular Structure and Dynamics\u00a07, 63\u201374 (1989)","journal-title":"Journal of Biomolecular Structure and Dynamics"},{"key":"8_CR17","volume-title":"Foundations of Computer Science: C edn.","author":"A.V. Aho","year":"1995","unstructured":"Aho, A.V., Ullman, J.D.: Foundations of Computer Science: C edn. W.H. Freeman & Co, New York (1995)"},{"issue":"1","key":"8_CR18","doi-asserted-by":"publisher","first-page":"36","DOI":"10.1145\/504909.504911","volume":"5","author":"M. Bernaschi","year":"2002","unstructured":"Bernaschi, M., Gabrielli, E., Mancini, L.V.: REMUS: A security-enhanced operating system. ACM Transactions on Information and System Security\u00a05(1), 36\u201361 (2002)","journal-title":"ACM Transactions on Information and System Security"},{"key":"8_CR19","volume-title":"Practical Unix Security","author":"S. Garfinkel","year":"1996","unstructured":"Garfinkel, S., Spafford, G.: Practical Unix Security, 2nd edn. O\u2019Reilly and Associates, Sebastopol (1996)","edition":"2"}],"container-title":["Lecture Notes in Computer Science","Recent Advances in Intrusion Detection"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/11663812_8.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,4,27]],"date-time":"2021-04-27T03:12:45Z","timestamp":1619493165000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/11663812_8"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2006]]},"ISBN":["9783540317784","9783540317791"],"references-count":19,"URL":"https:\/\/doi.org\/10.1007\/11663812_8","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2006]]}}}