{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,4,23]],"date-time":"2025-04-23T05:27:40Z","timestamp":1745386060126,"version":"3.32.0"},"publisher-location":"Berlin, Heidelberg","reference-count":36,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783540397236"},{"type":"electronic","value":"9783540397250"}],"license":[{"start":{"date-parts":[[2006,1,1]],"date-time":"2006-01-01T00:00:00Z","timestamp":1136073600000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2006]]},"DOI":"10.1007\/11856214_16","type":"book-chapter","created":{"date-parts":[[2006,9,16]],"date-time":"2006-09-16T07:12:21Z","timestamp":1158390741000},"page":"311-330","source":"Crossref","is-referenced-by-count":19,"title":["SafeCard: A Gigabit IPS on the Network Card"],"prefix":"10.1007","author":[{"given":"Willem","family":"de Bruijn","sequence":"first","affiliation":[]},{"given":"Asia","family":"Slowinska","sequence":"additional","affiliation":[]},{"given":"Kees","family":"van Reeuwijk","sequence":"additional","affiliation":[]},{"given":"Tomas","family":"Hruby","sequence":"additional","affiliation":[]},{"given":"Li","family":"Xu","sequence":"additional","affiliation":[]},{"given":"Herbert","family":"Bos","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"16_CR1","unstructured":"Ptacek, T.H., Newsham, T.N.: Insertion, evasion, and denial of service: Eluding network intrusion detection. Technical report, Secure Networks Inc. (1998)"},{"key":"16_CR2","unstructured":"Handley, M., Paxson, V., Kreibich, C.: Network intrusion detection: Evasion, traffic normalization, and end-to-end protocol semantics. In: USENIX-Sec 2001, Washington, D.C., USA (2001)"},{"key":"16_CR3","unstructured":"Stuart Staniford, V.P., Weaver, N.: How to 0wn the internet in your spare time. In: Proc. of the 11th USENIX Security Symposium (2002)"},{"key":"16_CR4","unstructured":"James Newsome, B.K., Song, D.: Polygraph: Automatically generating signatures for polymorphic worms. In: Proc. of the IEEE Symposium on Security and Privacy (2005)"},{"key":"16_CR5","unstructured":"Singh, S., Estan, C., Varghese, G., Savage, S.: Automated worm fingerprinting. In: Proc. of the 6th USENIX Symposium on Operating Systems Design and Implementation (OSDI), pp. 45\u201360 (2004)"},{"key":"16_CR6","doi-asserted-by":"publisher","first-page":"190","DOI":"10.1145\/352600.353052","volume-title":"CCS 2000: Proceedings of the 7th ACM conference on Computer and communications security","author":"S. Ioannidis","year":"2000","unstructured":"Ioannidis, S., Keromytis, A.D., Bellovin, S.M., Smith, J.M.: Implementing a distributed firewall. In: CCS 2000: Proceedings of the 7th ACM conference on Computer and communications security, pp. 190\u2013199. ACM Press, New York (2000)"},{"key":"16_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"102","DOI":"10.1007\/11663812_6","volume-title":"Recent Advances in Intrusion Detection","author":"H. Bos","year":"2006","unstructured":"Bos, H., Huang, K.: Towards software-based signature detection for intrusion prevention on the network card. In: Valdes, A., Zamboni, D. (eds.) RAID 2005. LNCS, vol.\u00a03858, pp. 102\u2013123. Springer, Heidelberg (2006)"},{"key":"16_CR8","doi-asserted-by":"crossref","unstructured":"Portokalidis, G., Slowinska, A., Bos, H.: Argos: an emulator for fingerprinting zero-day attacks. In: Proc. ACM SIGOPS EUROSYS 2006, Leuven, Belgium (2006)","DOI":"10.1145\/1217935.1217938"},{"key":"16_CR9","unstructured":"Roesch, M.: Snort - lightweight intrusion detection for networks. In: Proc. of LISA 1999: 13th Systems Administration Conference (1999)"},{"key":"16_CR10","unstructured":"Cowan, C., Pu, C., Maier, D., Walpole, J., Bakke, P., Beattie, S., Grier, A., Wagle, P., Zhang, Q.: StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks. In: Proc. of the 7th USENIX Security Symposium (1998)"},{"key":"16_CR11","unstructured":"Bhatkar, S., Du Varney, D.C., Sekar, R.: Address obfuscation: an efficient approach to combat a broad range of memory error exploits. In: Proc. of the 12th USENIX Security Symposium, pp. 105\u2013120 (2003)"},{"key":"16_CR12","doi-asserted-by":"crossref","unstructured":"Barrantes, E.G., Ackley, D.H., Forrest, S., Palmer, T.S., Stefanovix, D., Zovi, D.D.: Randomized instruction set emulation to disrupt code injection attacks. In: Proc. of the 10th ACM Conference on Computer and Communications Security (CCS), pp. 281\u2013289 (2003)","DOI":"10.1145\/948143.948147"},{"key":"16_CR13","doi-asserted-by":"crossref","unstructured":"Costa, M., Crowcroft, J., Castro, M., Rowstron, A., Zhou, L., Zhang, L., Barham, P.: Vigilante: End-to-end containment of internet worms. In: Proc. of the 20th ACM Symposium on Operating Systems Principles (SOSP), Brighton, UK (2005)","DOI":"10.1145\/1095810.1095824"},{"key":"16_CR14","doi-asserted-by":"crossref","unstructured":"Clark, C., Lee, W., Schimmel, D., Contis, D., Kon\u00e9, M., Thomas, A.: A hardware platform for network intrusion detection and prevention. In: Third Workshop on Network Processors and Applications, Madrid, Spain (2004)","DOI":"10.1016\/B978-012088476-6\/50007-1"},{"key":"16_CR15","unstructured":"Williamson, M.M.: Throttling Viruses: Restricting Propagation to Defeat Malicious Mobile Code. In: Proc. of ACSAC Security Conference, Las Vegas, Nevada (2002)"},{"key":"16_CR16","unstructured":"Robertson, W., Vigna, G., Kruegel, C., Kemmerer, R.: Using generalization and characterization techniques in the anomaly-based detection of web attacks. In: NDSS 2005 (2005)"},{"key":"16_CR17","unstructured":"Cowan, C., Beattie, S., Johansen, J., Wagle, P.: PointGuard: Protecting pointers from buffer overflow vulnerabilities. In: Proc. of the 12th USENIX Security Symposium, pp. 91\u2013104 (2003)"},{"key":"16_CR18","unstructured":"Cowan, C., Barringer, M., Beattie, S., Kroah-Hartman, G.: FormatGuard: Automatic protection from printf format string vulnerabilities. In: Proc. of the 10th Usenix Security Symposium (2001)"},{"key":"16_CR19","unstructured":"Provos, N.: Improving host security with system call policies. In: Proc. of the 12th USENIX Security Symposium (2003)"},{"key":"16_CR20","unstructured":"Shankar, U., Talwar, K., Foster, J.S., Wagner, D.: Detecting format string vulnerabilities with type qualifiers. In: Proc. of the 10th USENIX Security Symposium, pp. 201\u2013216 (2001)"},{"key":"16_CR21","doi-asserted-by":"crossref","unstructured":"Necula, G.C., McPeak, S., Weimer, W.: CCured: Type-safe retrofitting of legacy code. In: Proc. of the Principles of Programming Languages (PoPL) (2002)","DOI":"10.1145\/503272.503286"},{"key":"16_CR22","unstructured":"bulba and Kil3r: Bypassing Stackguard and Stackshield. Phrack Magazine 10(56) (2000)"},{"key":"16_CR23","unstructured":"gera, riq: Advances in format string exploitation. Phrack Magazine 11(59) (2002)"},{"key":"16_CR24","doi-asserted-by":"crossref","unstructured":"Liang, Z., Sekar, R.: Fast and automated generation of attack signatures: A basis for building self-protecting servers. In: Proc. ACM CCS, Alexandria, VA, USA, pp. 213\u2013223 (2005)","DOI":"10.1145\/1102120.1102150"},{"key":"16_CR25","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"207","DOI":"10.1007\/11663812_11","volume-title":"Recent Advances in Intrusion Detection","author":"C. Kr\u00fcgel","year":"2006","unstructured":"Kr\u00fcgel, C., Kirda, E., Mutz, D., Robertson, W., Vigna, G.: Polymorphic worm detection using structural information of executables. In: Valdes, A., Zamboni, D. (eds.) RAID 2005. LNCS, vol.\u00a03858, pp. 207\u2013226. Springer, Heidelberg (2006)"},{"key":"16_CR26","unstructured":"Kerschbaum, F., Spafford, E.H., Zamboni, D.: Using embedded sensors for detecting network attack. Technical report, Purdue University (2000)"},{"issue":"23-24","key":"16_CR27","doi-asserted-by":"publisher","first-page":"2435","DOI":"10.1016\/S1389-1286(99)00112-7","volume":"31","author":"V. Paxson","year":"1999","unstructured":"Paxson, V.: Bro: A system for detecting network intruders in real-time. Computer Networks\u00a031(23-24), 2435\u20132463 (1999)","journal-title":"Computer Networks"},{"key":"16_CR28","unstructured":"Bos, H., de Bruijn, W., Cristea, M., Nguyen, T., Portokalidis, G.: FFPF: Fairly Fast Packet Filters. In: Proceedings of OSDI 2004, San Francisco, CA (2004)"},{"key":"16_CR29","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"743","DOI":"10.1007\/11422778_60","volume-title":"NETWORKING 2005. Networking Technologies, Services, and Protocols; Performance of Computer and Communication Networks; Mobile and Wireless Communications Systems","author":"M.-L. Cristea","year":"2005","unstructured":"Cristea, M.-L., de Bruijn, W., Bos, H.: FPL-3: Towards language support for distributed packet processing. In: Boutaba, R., Almeroth, K.C., Puigjaner, R., Shen, S., Black, J.P. (eds.) NETWORKING 2005. LNCS, vol.\u00a03462, pp. 743\u2013755. Springer, Heidelberg (2005)"},{"key":"16_CR30","unstructured":"Malan, R., Watson, D., Jahanian, F., Howell, P.: Transport and application protocol scrubbing. In: Infocom 2000, Tel-Aviv, Israel (2000)"},{"key":"16_CR31","doi-asserted-by":"crossref","unstructured":"Laurikari, V.: NFAs with tagged transitions, their conversion to deterministic automata and application to regular expressions. In: SPIRE, pp. 181\u2013187 (2000)","DOI":"10.1109\/SPIRE.2000.878194"},{"key":"16_CR32","unstructured":"Aho, A.V., Ullman, J.D.: Foundations of Computer Science. Computer Science Press (1992)"},{"key":"16_CR33","volume-title":"Introduction to the Theory of Finite-state Machines","author":"A. Gill","year":"1962","unstructured":"Gill, A.: Introduction to the Theory of Finite-state Machines. McGraw-Hill, New York (1962)"},{"key":"16_CR34","unstructured":"Newsome, J., Song, D.: Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In: Proc. of the 12th Annual Network and Distributed System Security Symposium (NDSS) (2005)"},{"key":"16_CR35","unstructured":"SecurityFocus: Can-2003-0245 apache apr-psprintf memory corruption vulnerability (2003), http:\/\/www.securityfocus.com\/bid\/7723\/discussion\/"},{"key":"16_CR36","unstructured":"Nguyen, T., Cristea, M., de Bruijn, W., Box, H.: Scalable network monitors for high-speed links: a bottom-up approach. In: Proceedings of IPOM 2004 (2004)"}],"container-title":["Lecture Notes in Computer Science","Recent Advances in Intrusion Detection"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/11856214_16","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,1,10]],"date-time":"2025-01-10T21:49:21Z","timestamp":1736545761000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/11856214_16"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2006]]},"ISBN":["9783540397236","9783540397250"],"references-count":36,"URL":"https:\/\/doi.org\/10.1007\/11856214_16","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2006]]}}}