{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,5]],"date-time":"2024-09-05T15:57:27Z","timestamp":1725551847741},"publisher-location":"Berlin, Heidelberg","reference-count":40,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783540317784"},{"type":"electronic","value":"9783540317791"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2006]]},"DOI":"10.1007\/11663812_9","type":"book-chapter","created":{"date-parts":[[2006,1,20]],"date-time":"2006-01-20T12:57:08Z","timestamp":1137761828000},"page":"165-184","source":"Crossref","is-referenced-by-count":2,"title":["On Random-Inspection-Based Intrusion Detection"],"prefix":"10.1007","author":[{"given":"Simon P.","family":"Chung","sequence":"first","affiliation":[]},{"given":"Aloysius K.","family":"Mok","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"9_CR1","doi-asserted-by":"crossref","unstructured":"Barrantes, E.G., Ackley, D.H., Forrest, S., Palmer, T.S., Stefanovic, D., Zovi, D.D.: Randomized instruction set emulation to disrupt binary code injection attacks. In: 10th ACM International Conference on Computer and Communications Security (CCS), October 2003, pp. 272\u2013280 (2003)","DOI":"10.1145\/948109.948147"},{"key":"9_CR2","unstructured":"Bhatkar, S., DuVarney, D.C., Sekar, R.: Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits. In: 12th USENIX Security Symposium (2003)"},{"key":"9_CR3","doi-asserted-by":"crossref","unstructured":"Buchholz, F., Daniels, T., Early, J., Gopalakrishna, R., Gorman, R., Kuperman, B., Nystrom, S., Schroll, A., Smith, A.: Digging For Worms, Fishing For Answers. In: ACSAC 2002 (2002)","DOI":"10.1109\/CSAC.2002.1176293"},{"key":"9_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"207","DOI":"10.1007\/978-3-540-45248-5_12","volume-title":"Recent Advances in Intrusion Detection","author":"S.-B. Cho","year":"2003","unstructured":"Cho, S.-B., Han, S.-J.: Two Sophisticated Techniques to Improve HMM-Based Intrusion Detection Systems. In: Vigna, G., Kr\u00fcgel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol.\u00a02820, pp. 207\u2013219. Springer, Heidelberg (2003)"},{"key":"9_CR5","series-title":"Lecture Notes in Computer Science","volume-title":"Advances in Computer Systems Architecture","author":"S. Coull","year":"2003","unstructured":"Coull, S., Branch, J., Szymanski, B.K., Breimer, E.: Intrusion Detection: A Bioinformatics Approach. In: Omondi, A.R., Sedukhin, S.G. (eds.) ACSAC 2003. LNCS, vol.\u00a02823. Springer, Heidelberg (2003)"},{"key":"9_CR6","doi-asserted-by":"crossref","unstructured":"Cowan, C., Pu, C., Hinton, H.: Death, Taxes, and Imperfect Software: Surviving the Inevitable. In: The New Security Paradigms Workshop 1998 (1998)","DOI":"10.1145\/310889.310915"},{"issue":"2","key":"9_CR7","doi-asserted-by":"publisher","first-page":"222","DOI":"10.1109\/TSE.1987.232894","volume":"13","author":"D.E. Denning","year":"1987","unstructured":"Denning, D.E.: An intrusion detection model. IEEE Transactions on Software Engineering\u00a013(2), 222 (1987)","journal-title":"IEEE Transactions on Software Engineering"},{"key":"9_CR8","doi-asserted-by":"crossref","unstructured":"Feng, H.H., Kolesnikov, O., Fogla, P., Lee, W., Gong, W.: Anomaly Detection Using Call Stack Information. In: IEEE Symposium on Security and Privacy (2003)","DOI":"10.1109\/SECPRI.2003.1199328"},{"key":"9_CR9","doi-asserted-by":"crossref","unstructured":"Forrest, S., Hofmeyr, S., Somayaji, A., Longstaff, T.: A sense of self for UNIX processes. In: IEEE Symposium on Security and Privacy (1996)","DOI":"10.1109\/SECPRI.1996.502675"},{"key":"9_CR10","doi-asserted-by":"crossref","unstructured":"Forrest, S., Somayaji, A., Ackley, D.: Building Diverse Computer Systems. In: Proceeding: 6 workshop on Hot Topics in Operating Systems, pp. 67\u201372. IEEE Computer Society Press, Los Alamitos","DOI":"10.1109\/HOTOS.1997.595185"},{"key":"9_CR11","unstructured":"Nkel, T.G.: Traps and pitfalls: Practical problems in in system call interposition based security tools. In: Proc. Network and Distributed Systems Security Symposium (February 2003)"},{"key":"9_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"93","DOI":"10.1007\/3-540-39945-3_7","volume-title":"Recent Advances in Intrusion Detection","author":"A.K. Ghosh","year":"2000","unstructured":"Ghosh, A.K., Michael, C., Schatz, M.: A Real-Time Intrusion Detection System Based on Learning Program Behavior. In: Debar, H., M\u00e9, L., Wu, S.F. (eds.) RAID 2000. LNCS, vol.\u00a01907, p. 93. Springer, Heidelberg (2000)"},{"key":"9_CR13","unstructured":"Giffin, J.T., Jha, S., Miller, B.P.: Detecting manipulated remote call streams. In: 11th USENIX Security Symposium (2002)"},{"key":"9_CR14","unstructured":"Giffin, J.T., Jha, S., Miller, B.P.: Efficient context-sensitive intrusion detection. In: 11th Network and Distributed System Security Symposium (2004)"},{"key":"9_CR15","doi-asserted-by":"crossref","first-page":"151","DOI":"10.3233\/JCS-980109","volume":"6","author":"S.A. Hofmeyr","year":"1998","unstructured":"Hofmeyr, S.A., Somayaji, A., Forrest, S.: Intrusion detection using sequences of system calls. Journal of Computer Security\u00a06, 151\u2013180 (1998)","journal-title":"Journal of Computer Security"},{"key":"9_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"82","DOI":"10.1007\/978-3-540-30143-1_5","volume-title":"Recent Advances in Intrusion Detection","author":"R. Hu","year":"2004","unstructured":"Hu, R., Mok, A.K.: Detecting Unknown Massive Mailing Viruses Using Proactive Methods. In: Jonsson, E., Valdes, A., Almgren, M. (eds.) RAID 2004. LNCS, vol.\u00a03224, pp. 82\u2013101. Springer, Heidelberg (2004)"},{"key":"9_CR17","doi-asserted-by":"crossref","unstructured":"Jones, A., Li, S.: Temporal Signatures of Intrusion Detection. In: ACSAC 2001 (2001)","DOI":"10.1109\/ACSAC.2001.991541"},{"key":"9_CR18","doi-asserted-by":"crossref","unstructured":"Kc, G.S., Keromytis, A.D., Prevelakis, V.: Countering Code-Injection Attacks With Instruction-Set Randomization. In: 10th ACM International Conference on Computer and Communications Security (CCS), October 2003, pp. 272\u2013280 (2003)","DOI":"10.1145\/948109.948146"},{"key":"9_CR19","unstructured":"Kiriansky, V., Bruening, D., Amarasinghe, S.: Secure execution via program shepherding. In: 11th USENIX Security Symposium (2002)"},{"key":"9_CR20","doi-asserted-by":"crossref","unstructured":"Ko, C.: Logic Induction of Valid Behavior Specifications for Intrusion Detection. In: IEEE Symposium on Security and Privacy (2000)","DOI":"10.1109\/SECPRI.2000.848452"},{"key":"9_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"326","DOI":"10.1007\/978-3-540-39650-5_19","volume-title":"Computer Security \u2013 ESORICS 2003","author":"C. Kruegel","year":"2003","unstructured":"Kruegel, C., Mutz, D., Valeur, F., Vigna, G.: On the Detection of Anomalous System Call Arguments. In: Snekkenes, E., Gollmann, D. (eds.) ESORICS 2003. LNCS, vol.\u00a02808, pp. 326\u2013343. Springer, Heidelberg (2003)"},{"key":"9_CR22","series-title":"Lecture Notes in Computer Science","volume-title":"Advances in Computer Systems Architecture","author":"C. Kruegel","year":"2003","unstructured":"Kruegel, C., Mutz, D., Robertson, W., Valeur, F.: Bayesian Event Classification for Intrusion Detection. In: Omondi, A.R., Sedukhin, S.G. (eds.) ACSAC 2003. LNCS, vol.\u00a02823. Springer, Heidelberg (2003)"},{"key":"9_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-540-30143-1_1","volume-title":"Recent Advances in Intrusion Detection","author":"L.C. Lam","year":"2004","unstructured":"Lam, L.C., Chiueh, T.-c.: Automatic Extraction of Accurate Application-Specific Sandboxing Policy. In: Jonsson, E., Valdes, A., Almgren, M. (eds.) RAID 2004. LNCS, vol.\u00a03224, pp. 1\u201320. Springer, Heidelberg (2004)"},{"key":"9_CR24","doi-asserted-by":"crossref","unstructured":"Lane, T., Brodley, C.: Temporal Sequence Learning and Data Reduction for Anomaly Detection. ACM Trans. Info. and Sys. Security (1999)","DOI":"10.1145\/288090.288122"},{"key":"9_CR25","unstructured":"Lee, W., Stolfo, S.: Data Mining Approaches for Intrusion Detection. In: 7th USENIX Security Symposium (1998)"},{"key":"9_CR26","unstructured":"Butler, J.: Bypassing 3rd Party Windows Buffer Overflow Protection, Phrack, Issue #62, of July 10 (2004), p62_wbo_a@author.phrack.org and p62_wbo_b@author.phrack.org"},{"key":"9_CR27","doi-asserted-by":"crossref","unstructured":"Sekar, R., Bendre, M., Dhurjati, D., Bollineni, P.: A Fast Automaton-based Method for Detecting Anomalous Program Behaviors. In: Proceedings of the 2001 IEEE Symposium on Security and Privacy (2001)","DOI":"10.1109\/SECPRI.2001.924295"},{"key":"9_CR28","doi-asserted-by":"crossref","unstructured":"Sekar, R., Gupta, A., Frullo, J., Shanbhag, T., Tiwari, A., Yang, H., Zhou, S.: Specification based anomaly detection: a new approach for detecting network intrusions. In: ACM Computer and Communication Security Conference (2002)","DOI":"10.1145\/586110.586146"},{"key":"9_CR29","unstructured":"Skape, Understanding Windows Shellcode, http:\/\/www.hick.org\/code\/skape\/papers\/win32-shellcode.pdf"},{"key":"9_CR30","unstructured":"Somayaji, A., Forrest, S.: Automated Response Using System-Call Delays. In: 9th Usenix Security Symposium (2000)"},{"key":"9_CR31","unstructured":"Tan, K.M.C., Maxion, R.A.: \u201cWhy 6?\u201d Defining the Operational Limits of Stide, an Anomaly-Based Intrusion Detector. In: IEEE Symposium on Security and Privacy 2002 (2002)"},{"key":"9_CR32","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"54","DOI":"10.1007\/3-540-36084-0_4","volume-title":"Recent Advances in Intrusion Detection","author":"K.M.C. Tan","year":"2002","unstructured":"Tan, K.M.C., Killourhy, K.S., Maxion, R.A.: Undermining an Anomaly-Based Intrusion Detection System Using Common Exploits. In: Wespi, A., Vigna, G., Deri, L. (eds.) RAID 2002. LNCS, vol.\u00a02516, p. 54. Springer, Heidelberg (2002)"},{"key":"9_CR33","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"274","DOI":"10.1007\/3-540-36084-0_15","volume-title":"Recent Advances in Intrusion Detection","author":"T. Toth","year":"2002","unstructured":"Toth, T., Krugel, C.: Accurate Buffer Overflow Detection via Abstract Payload Execution. In: Wespi, A., Vigna, G., Deri, L. (eds.) RAID 2002. LNCS, vol.\u00a02516, p. 274. Springer, Heidelberg (2002)"},{"key":"9_CR34","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"172","DOI":"10.1007\/3-540-45474-8_11","volume-title":"Recent Advances in Intrusion Detection","author":"P. Uppuluri","year":"2001","unstructured":"Uppuluri, P., Sekar, R.: Experiences with Specification-Based Intrusion Detection. In: Lee, W., M\u00e9, L., Wespi, A. (eds.) RAID 2001. LNCS, vol.\u00a02212, p. 172. Springer, Heidelberg (2001)"},{"key":"9_CR35","doi-asserted-by":"crossref","unstructured":"Wagner, D., Soto, P.: Mimicry Attacks on Host-Based Intrusion Detection Systems. In: ACM Conference on Computer and Communications Security (2002)","DOI":"10.1145\/586110.586145"},{"key":"9_CR36","doi-asserted-by":"crossref","unstructured":"Wagner, D., Dean, D.: Intrusion Detection via Static Analysis. In: IEEE Symposium on Security and Privacy (2001)","DOI":"10.1109\/SECPRI.2001.924296"},{"key":"9_CR37","doi-asserted-by":"crossref","unstructured":"Warrender, C., Forrest, S., Pearlmutter, B.: Detecting intrusions using system calls: alternative data models. In: IEEE Symposium on Security and Privacy (1999)","DOI":"10.1109\/SECPRI.1999.766910"},{"key":"9_CR38","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"110","DOI":"10.1007\/3-540-39945-3_8","volume-title":"Recent Advances in Intrusion Detection","author":"A. Wespi","year":"2000","unstructured":"Wespi, A., Dacier, M., Debar, H.: Intrusion detection using variable-length audit trail patterns. In: Debar, H., M\u00e9, L., Wu, S.F. (eds.) RAID 2000. LNCS, vol.\u00a01907, p. 110. Springer, Heidelberg (2000)"},{"key":"9_CR39","unstructured":"Williamson, M.M.: Throttling Viruses: Restricting propagation to defeat malicious mobile code. In: ACSAC 2002 (2002)"},{"key":"9_CR40","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"21","DOI":"10.1007\/978-3-540-30143-1_2","volume-title":"Recent Advances in Intrusion Detection","author":"H. Xu","year":"2004","unstructured":"Xu, H., Du, W., Chapin, S.J.: Context Sensitive Anomaly Monitoring of Process Control Flow to Detect Mimicry Attacks and Impossible Paths. In: Jonsson, E., Valdes, A., Almgren, M. (eds.) RAID 2004. LNCS, vol.\u00a03224, pp. 21\u201338. Springer, Heidelberg (2004)"}],"container-title":["Lecture Notes in Computer Science","Recent Advances in Intrusion Detection"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/11663812_9.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,11,17]],"date-time":"2020-11-17T20:04:29Z","timestamp":1605643469000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/11663812_9"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2006]]},"ISBN":["9783540317784","9783540317791"],"references-count":40,"URL":"https:\/\/doi.org\/10.1007\/11663812_9","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2006]]}}}