{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,9]],"date-time":"2025-09-09T21:01:20Z","timestamp":1757451680424,"version":"3.32.0"},"publisher-location":"Berlin, Heidelberg","reference-count":37,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783540397236"},{"type":"electronic","value":"9783540397250"}],"license":[{"start":{"date-parts":[[2006,1,1]],"date-time":"2006-01-01T00:00:00Z","timestamp":1136073600000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2006]]},"DOI":"10.1007\/11856214_1","type":"book-chapter","created":{"date-parts":[[2006,9,16]],"date-time":"2006-09-16T07:12:21Z","timestamp":1158390741000},"page":"1-18","source":"Crossref","is-referenced-by-count":46,"title":["A Framework for the Application of Association Rule Mining in Large Intrusion Detection Infrastructures"],"prefix":"10.1007","author":[{"given":"James J.","family":"Treinen","sequence":"first","affiliation":[]},{"given":"Ramakrishna","family":"Thurimella","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"1_CR1","doi-asserted-by":"crossref","unstructured":"Agrawal, R., Imielinski, T., Swami, A.: Mining Association Rules Between Sets of Items in Large Databases. In: Proceedings of the ACM SIGMOD Conference on Management of Data, pp. 207\u2013216 (1993)","DOI":"10.1145\/170036.170072"},{"key":"1_CR2","unstructured":"Ali, K., Manganaris, S., Srikant, R.: Partial Classification Using Association Rules. In: Proceedings of the Third International Conference on Knowledge Discovery and Data Mining, pp. 115\u2013118 (1997)"},{"key":"1_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"36","DOI":"10.1007\/3-540-36084-0_3","volume-title":"Recent Advances in Intrusion Detection","author":"F. Apap","year":"2002","unstructured":"Apap, F., Honig, A., Hershkop, S., Eskin, E., Stolfo, S.J.: Detecting malicious software by monitoring anomalous windows registry accesses. In: Wespi, A., Vigna, G., Deri, L. (eds.) RAID 2002. LNCS, vol.\u00a02516, pp. 36\u201353. Springer, Heidelberg (2002)"},{"key":"1_CR4","unstructured":"Arcsight Corporation. Arcsight ESM Product Brief (2005), http:\/\/www.arcsight.com\/collateral\/ArcSight_ESM_brochure.pdf"},{"key":"1_CR5","unstructured":"Arcsight Corporation. Arcsight Pattern Discovery Product Brief (2005), http:\/\/www.arcsight.com\/collateral\/ArcSight_Pattern_Discovery.pdf"},{"issue":"4","key":"1_CR6","doi-asserted-by":"publisher","first-page":"15","DOI":"10.1145\/604264.604268","volume":"30","author":"D. Barbara","year":"2001","unstructured":"Barbara, D., Couto, J., Jajodia, S., Wu, N.: ADAM: A Testbed for Exploring the Use of Data Mining in Intrusion Detection. SIGMOD Record\u00a030(4), 15\u201324 (2001)","journal-title":"SIGMOD Record"},{"key":"1_CR7","unstructured":"Cisco Systems. Network Security Database (2005), http:\/\/www.cisco.com\/cgibin\/front.x\/csec\/idsAllList.pl"},{"key":"1_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"85","DOI":"10.1007\/3-540-45474-8_6","volume-title":"Recent Advances in Intrusion Detection","author":"H. Debar","year":"2001","unstructured":"Debar, H., Wespi, A.: Aggregation and correlation of intrusion-detection alerts. In: Lee, W., M\u00e9, L., Wespi, A. (eds.) RAID 2001. LNCS, vol.\u00a02212, pp. 85\u2013103. Springer, Heidelberg (2001)"},{"key":"1_CR9","doi-asserted-by":"crossref","unstructured":"Fayyad, U., Piatetsky-Shapiro, G., Smyth, P.: The KDD Process for Extracting Useful Knowledge From Volumes of Data. Communications of the ACM, 27\u201334 (1996)","DOI":"10.1145\/240455.240464"},{"key":"1_CR10","unstructured":"Guan, Y., Ghorbani, A., Belacel, N.: Y-Means: A Clustering Method for Intrusion Detection. In: Proceedings of Canadian Conference on Electrical and Computer Engineering (2003)"},{"key":"1_CR11","unstructured":"Han, J., Cai, Y., Cercone, N.: Knowledge Discovery in Databases: An Attribute-Oriented Approach. In: Proceedings of the 18th International Conference on Very Large Data Bases, pp. 547\u2013559 (1992)"},{"key":"1_CR12","doi-asserted-by":"publisher","first-page":"29","DOI":"10.1109\/69.204089","volume":"5","author":"J. Han","year":"1993","unstructured":"Han, J., Cai, Y., Cercone, N.: Data-Driven Discovery of Quantitative Rules in Relational Databases. IEEE Transactions on Knowledge and Data Engineering\u00a05, 29\u201340 (1993)","journal-title":"IEEE Transactions on Knowledge and Data Engineering"},{"key":"1_CR13","doi-asserted-by":"crossref","first-page":"153","DOI":"10.1007\/978-1-4615-0953-0_7","volume-title":"Applications of Data Mining in Computer Security","author":"A. Honig","year":"2002","unstructured":"Honig, A., Howard, A., Eskin, E., Stolfo, S.: Adaptive Model Generation: An Architecture for the Deployment of Data Mining-based Intrusion Detection Systems. In: Barbara, D., Sushil, J. (eds.) Applications of Data Mining in Computer Security, pp. 153\u2013194. Kluwer Academic Publishers, Boston (2002)"},{"key":"1_CR14","unstructured":"Hosel, V., Walcher, S.: Clustering Techniques: A Brief Survey (2000), http:\/\/ibb.gsf.de\/reports\/2001\/walcher.ps"},{"key":"1_CR15","unstructured":"IBM Corporation: DB2 Intelligent Miner for Modeling, New York (2005)"},{"key":"1_CR16","unstructured":"IBM Corporation: IBM DB2 Intelligent Miner Modeling Administration and Programming Guide v8.2. Second Edition. New York (2004)"},{"key":"1_CR17","doi-asserted-by":"crossref","unstructured":"Julisch, K.: Mining Alarm Clusters to Improve Alarm Handling Efficiency. In: Proceedings of the 17th Annual Computer Security Applications Conference, pp. 12\u201321 (2001)","DOI":"10.1109\/ACSAC.2001.991517"},{"key":"1_CR18","doi-asserted-by":"crossref","first-page":"33","DOI":"10.1007\/978-1-4615-0953-0_2","volume-title":"Applications of Data Mining in Computer Security","author":"K. Julisch","year":"2002","unstructured":"Julisch, K.: Data Mining for Intrusion Detection A Critical Review. In: Barbara, D., Sushil, J. (eds.) Applications of Data Mining in Computer Security, pp. 33\u201362. Kluwer Academic Publishers, Boston (2002)"},{"key":"1_CR19","doi-asserted-by":"crossref","unstructured":"Julisch, K., Dacier, M.: Mining Intrusion Detection Alarms for Actionable Knowledge. In: Proceedings of the Eighth ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 366\u2013375 (2002)","DOI":"10.1145\/775094.775101"},{"issue":"4","key":"1_CR20","doi-asserted-by":"publisher","first-page":"443","DOI":"10.1145\/950191.950192","volume":"6","author":"K. Julisch","year":"2003","unstructured":"Julisch, K.: Clustering Intrusion Detection Alarms to Support Root Cause Analysis. ACM Transactions on Information and System Security\u00a06(4), 443\u2013471 (2003)","journal-title":"ACM Transactions on Information and System Security"},{"key":"1_CR21","unstructured":"Julisch, K.: Using Root Cause Analysis to Handle Intrusion Detection Alarms. PhD Thesis. Universit\u00e4t Dortmund (2003)"},{"key":"1_CR22","unstructured":"Lee, W., Stolfo, S.: Data Mining Approaches for Intrusion Detection. In: Proceedings of the 7th USENIX Security Symposium, pp. 79\u201394 (1998)"},{"key":"1_CR23","unstructured":"Lee, W., Stolfo, W., Mok, K.: Mining Audit Data to Build Intrusion Detection Models. In: Proceedings of the Fourth International Conference on Knowledge Discovery and Data Mining, pp. 66\u201372 (1998)"},{"key":"1_CR24","unstructured":"Lee, W., Stolfo, S., Kui, M.: A Data Mining Framework for Building Intrusion Detection Models. In: IEEE Symposium on Security and Privacy, pp. 120\u2013132 (1999)"},{"key":"1_CR25","unstructured":"Lee, W., Stolfo, S., Chan, P., Eskin, E., Fan, W., Miller, M., Hershkop, S., Zhang, J.: Real Time Data Mining-based Intrusion Detection. In: Proceedings of the 2nd DARPA Information Survivability Conference and Exposition (2001)"},{"key":"1_CR26","doi-asserted-by":"publisher","first-page":"579","DOI":"10.1016\/S1389-1286(00)00139-0","volume":"34","author":"R. Lippmann","year":"2000","unstructured":"Lippmann, R., Haines, J., Fried, D., Korba, J., Das, K.: The 1999 DARPA Off-Line Intrusion Detection Evaluation. Computer Networks\u00a034, 579\u2013595 (2000)","journal-title":"Computer Networks"},{"key":"1_CR27","doi-asserted-by":"crossref","unstructured":"Manganaris, S., Christensen, M., Zerkle, D., Hermiz, K.: A Data Mining Analysis of RTID Alarms. In: Proceedings of Recent Advances in Intrusion Detection, Second International Workshop (1999)","DOI":"10.1016\/S1389-1286(00)00138-9"},{"issue":"4","key":"1_CR28","doi-asserted-by":"publisher","first-page":"262","DOI":"10.1145\/382912.382923","volume":"3","author":"J. Mchugh","year":"2000","unstructured":"Mchugh, J.: Testing Intrusion Detection Systems: A Critique of the 1998 and 1999 DARPA Intrusion Detection System Evaluations as Performed by Lincoln Laboratory. ACM Transactions on Information and System Security\u00a03(4), 262\u2013294 (2000)","journal-title":"ACM Transactions on Information and System Security"},{"key":"1_CR29","unstructured":"McLure, S., Scambray, J., Kurtz, G.: Hacking Exposed Fifth Edition: Network Security Secrets & Solutions: McGraw-Hill\/Osborne (2005)"},{"key":"1_CR30","unstructured":"Nauta, K., Lieble, F.: Offline Network Intrusion Detection: Mining TCPDUMP Data to Identify Suspicious Activity. In: Proceedings of the AFCEA Federal Database Colloquium (1999)"},{"issue":"2","key":"1_CR31","doi-asserted-by":"publisher","first-page":"274","DOI":"10.1145\/996943.996947","volume":"7","author":"P. Ning","year":"2004","unstructured":"Ning, P., Cui, Y., Reeves, D., Xu, D.: Techniques and Tools for Analyzing Intrusion Alerts. ACM Transaction on Information and System Security\u00a07(2), 274\u2013318 (2004)","journal-title":"ACM Transaction on Information and System Security"},{"key":"1_CR32","first-page":"1","volume-title":"Applications of Data Mining in Computer Security","author":"S. Noel","year":"2002","unstructured":"Noel, S., Wijesekera, D., Youman, C.: Modern Intrusion Detection, Data Mining, and Degrees of Attack Guilt. In: Barbara, D., Sushil, J. (eds.) Applications of Data Mining in Computer Security, pp. 1\u201331. Kluwer Academic Publishers, Boston (2002)"},{"key":"1_CR33","unstructured":"Portnoy, L., Eskin, E., Stolfo, S.: Intrusion Detection with Unlabeled Data Using Clustering. In: Proceedings of ACM CSS Workshop on Data Mining Applied to Security (2001)"},{"key":"1_CR34","unstructured":"Schultz, M., Eskin, E., Zadok, E., Stolfo, S.: Data Mining Methods for Detection of New Malicious Executables. In: Proceedings of IEEE Symposium on Security and Privacy (2001)"},{"issue":"4","key":"1_CR35","doi-asserted-by":"publisher","first-page":"5","DOI":"10.1145\/604264.604267","volume":"30","author":"S. Stolfo","year":"2001","unstructured":"Stolfo, S., Lee, W., Chan, P., Fan, W., Eskin, E.: Data Mining-based Intrusion Detectors: An Overview of the Columbia IDS Project. SIGMOD Record\u00a030(4), 5\u201314 (2001)","journal-title":"SIGMOD Record"},{"key":"1_CR36","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"54","DOI":"10.1007\/3-540-45474-8_4","volume-title":"Recent Advances in Intrusion Detection","author":"A. Valdes","year":"2001","unstructured":"Valdes, A., Skinner, K.: Probabilistic alert correlation. In: Lee, W., M\u00e9, L., Wespi, A. (eds.) RAID 2001. LNCS, vol.\u00a02212, pp. 54\u201368. Springer, Heidelberg (2001)"},{"key":"1_CR37","doi-asserted-by":"crossref","unstructured":"Yang, D., Hu, C., Chen, Y.: A Framework of Cooperating Intrusion Detection Based on Clustering Analysis and Expert System. In: Proceedings of the 3rd international conference on Information Security (2004)","DOI":"10.1145\/1046290.1046321"}],"container-title":["Lecture Notes in Computer Science","Recent Advances in Intrusion Detection"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/11856214_1","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,1,10]],"date-time":"2025-01-10T21:49:04Z","timestamp":1736545744000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/11856214_1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2006]]},"ISBN":["9783540397236","9783540397250"],"references-count":37,"URL":"https:\/\/doi.org\/10.1007\/11856214_1","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2006]]}}}