{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T12:09:28Z","timestamp":1763467768522,"version":"3.32.0"},"publisher-location":"Berlin, Heidelberg","reference-count":36,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783540397236"},{"type":"electronic","value":"9783540397250"}],"license":[{"start":{"date-parts":[[2006,1,1]],"date-time":"2006-01-01T00:00:00Z","timestamp":1136073600000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2006]]},"DOI":"10.1007\/11856214_2","type":"book-chapter","created":{"date-parts":[[2006,9,16]],"date-time":"2006-09-16T07:12:21Z","timestamp":1158390741000},"page":"19-40","source":"Crossref","is-referenced-by-count":53,"title":["Behavioral Distance Measurement Using Hidden Markov Models"],"prefix":"10.1007","author":[{"given":"Debin","family":"Gao","sequence":"first","affiliation":[]},{"given":"Michael K.","family":"Reiter","sequence":"additional","affiliation":[]},{"given":"Dawn","family":"Song","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"2_CR1","doi-asserted-by":"crossref","unstructured":"Abd-El-Malek, M., Ganger, G.R., Goodson, G.R., Reiter, M.K., Wylie, J.J.: Fault-scalable Byzantine fault-tolerant services. In: Proceedings of the 20th ACM Symposium on Operating Systems Principles, pp. 59\u201374 (October 2005)","DOI":"10.1145\/1095809.1095817"},{"key":"2_CR2","doi-asserted-by":"crossref","unstructured":"Alvisi, L., Malkhi, D., Pierce, E., Reiter, M.K.: Fault detection for Byzantine quorum systems. IEEE Transactions on Parallel Distributed Systems\u00a012(9) (September 2001)","DOI":"10.1109\/71.954640"},{"key":"2_CR3","doi-asserted-by":"publisher","first-page":"1554","DOI":"10.1214\/aoms\/1177699147","volume":"37","author":"L.E. Baum","year":"1966","unstructured":"Baum, L.E., Petrie, T.: Statistical inference for probabilistic functions of finite state Markov chains. Ann. Math. Statist.\u00a037, 1554\u20131563 (1966)","journal-title":"Ann. Math. Statist."},{"key":"2_CR4","doi-asserted-by":"crossref","unstructured":"Bhatkar, S., Chaturvedi, A., Sekar, R.: Dataflow anomaly detection. In: Proceedings of the 2006 IEEE Symposium on Security and Privacy (2006)","DOI":"10.1109\/SP.2006.12"},{"key":"2_CR5","doi-asserted-by":"crossref","unstructured":"Buskens, R.W., Bianchini Jr., R.P.: Distributed on-line diagnosis in the presence of arbitrary faults. In: Proceedings of the 23rd International Symposium on Fault-Tolerant Computing, pp. 470\u2013479 (June 1993)","DOI":"10.1109\/FTCS.1993.627350"},{"key":"2_CR6","unstructured":"Cachin, C., Poritz, J.A.: Secure intrusion-tolerant replication on the Internet. In: Proceedings of the 2002 International Conference on Dependable Systems and Networks (2002)"},{"key":"2_CR7","doi-asserted-by":"crossref","unstructured":"Castro, M., Liskov, B.: Practical Byzantine fault tolerance and proactive recovery. ACM Transactions on Computer Systems\u00a020(4) (November 2002)","DOI":"10.1145\/571637.571640"},{"key":"2_CR8","doi-asserted-by":"crossref","unstructured":"Castro, M., Rodrigues, R., Liskov, B.: BASE: Using abstraction to improve fault tolerance. ACM Transactions on Computer Systems\u00a021(3) (August 2003)","DOI":"10.1145\/859716.859718"},{"key":"2_CR9","unstructured":"Chen, L., Avizienis, A.: N-version programming: A fault-tolerance approach to reliability of software operation. In: Proceedings of the 8th International Symposium on Fault-Tolerant Computing, pp. 3\u20139 (1978)"},{"key":"2_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"207","DOI":"10.1007\/978-3-540-45248-5_12","volume-title":"Recent Advances in Intrusion Detection","author":"S.-B. Cho","year":"2003","unstructured":"Cho, S.-B., Han, S.-J.: Two sophisticated techniques to improve HMM-based intrusion detection systems. In: Vigna, G., Kr\u00fcgel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol.\u00a02820, pp. 207\u2013219. Springer, Heidelberg (2003)"},{"key":"2_CR11","unstructured":"Cox, B., Evans, D., Filipi, A., Rowanhill, J., Hu, W., Davidson, J., Knight, J., Nguyen-Tuong, A., Hiser, J.: N-variant systems \u2013 A secretless framework for security through diversity. In: Proceedings of the 15th USENIX Security Symposium (August 2006)"},{"key":"2_CR12","unstructured":"Davis, R.I.A., Lovell, B.C., Caelli, T.: Improved estimation of Hidden Markov Model parameters from multiple observation sequences. In: Proceedings of the 16th International Conference on Pattern Recognition (ICPR 2002) (2002)"},{"key":"2_CR13","unstructured":"Feng, H.H., Giffin, J.T., Huang, Y., Jha, S., Lee, W., Miller, B.P.: Formalizing sensitivity in static analysis for intrusion detection. In: Proceedings of the 2004 IEEE Symposium on Security and Privacy (2004)"},{"key":"2_CR14","unstructured":"Feng, H.H., Kolesnikov, O.M., Fogla, P., Lee, W., Gong, W.: Anomaly detection using call stack information. In: Proceedings of the 2003 IEEE Symposium on Security and Privacy (2003)"},{"key":"2_CR15","unstructured":"Forrest, S., Hofmeyr, S.A., Somayaji, A., Longstaff, T.A.: A sense of self for Unix processes. In: Proceedings of the 1996 IEEE Symposium on Security and Privacy (1996)"},{"key":"2_CR16","doi-asserted-by":"crossref","unstructured":"Gao, D., Reiter, M.K., Song, D.: Gray-box extraction of execution graph for anomaly detection. In: Proceedings of the 11th ACM Conference on Computer & Communication Security (2004)","DOI":"10.1145\/1030083.1030126"},{"key":"2_CR17","unstructured":"Gao, D., Reiter, M.K., Song, D.: On gray-box program tracking for anomaly detection. In: Proceedings of the 13th USENIX Security Symposium (2004)"},{"key":"2_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"63","DOI":"10.1007\/11663812_4","volume-title":"Recent Advances in Intrusion Detection","author":"D. Gao","year":"2006","unstructured":"Gao, D., Reiter, M.K., Song, D.: Behavioral distance for intrusion detection. In: Valdes, A., Zamboni, D. (eds.) RAID 2005. LNCS, vol.\u00a03858, pp. 63\u201381. Springer, Heidelberg (2006)"},{"key":"2_CR19","unstructured":"Giffin, J.T., Jha, S., Miller, B.P.: Detecting manipulated remote call streams. In: Proceedings of the 11th USENIX Security Symposium (2002)"},{"key":"2_CR20","unstructured":"Giffin, J.T., Jha, S., Miller, B.P.: Efficient context-sensitive intrusion detection. In: Proceedings of Symposium on Network and Distributed System Security (2004)"},{"key":"2_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"326","DOI":"10.1007\/978-3-540-39650-5_19","volume-title":"Computer Security \u2013 ESORICS 2003","author":"C. Kr\u00fcgel","year":"2003","unstructured":"Kr\u00fcgel, C., Mutz, D., Valeur, F., Vigna, G.: On the detection of anomalous system call arguments. In: Snekkenes, E., Gollmann, D. (eds.) ESORICS 2003. LNCS, vol.\u00a02808, pp. 326\u2013343. Springer, Heidelberg (2003)"},{"key":"2_CR22","first-page":"95","volume":"2","author":"L. Lamport","year":"1978","unstructured":"Lamport, L.: The implementation of reliable distributed multiprocess systems. Computer Networks\u00a02, 95\u2013114 (1978)","journal-title":"Computer Networks"},{"key":"2_CR23","volume-title":"Comparative ab initio prediction of gene structures using pair HMMs","author":"I.M. Meyer","year":"2002","unstructured":"Meyer, I.M., Durbin, R.: Comparative ab initio prediction of gene structures using pair HMMs. Oxford University Press, Oxford (2002)"},{"key":"2_CR24","doi-asserted-by":"crossref","unstructured":"Pachter, L., Alexandersson, M., Cawley, S.: Applications of generalized pair Hidden Markov Models to alignment and gene finding problems. Computational Biology\u00a09(2) (2002)","DOI":"10.1089\/10665270252935520"},{"key":"2_CR25","doi-asserted-by":"crossref","unstructured":"Rabiner, L.R.: A tutorial on Hidden Markov Models and selected applications in speech recognition. Proceedings of IEEE (February 1989)","DOI":"10.1016\/B978-0-08-051584-7.50027-9"},{"key":"2_CR26","doi-asserted-by":"crossref","unstructured":"Reiter, M.K.: Secure agreement protocols: Reliable and atomic group multicast in Rampart. In: Proceedings of the 2nd ACM Conference on Computer and Communication Security, pp. 68\u201380 (November 1994)","DOI":"10.1145\/191177.191194"},{"issue":"4","key":"2_CR27","doi-asserted-by":"publisher","first-page":"299","DOI":"10.1145\/98163.98167","volume":"22","author":"F.B. Schneider","year":"1990","unstructured":"Schneider, F.B.: Implementing fault-tolerant services using the state machine approach: A tutorial. ACM Computing Surveys\u00a022(4), 299\u2013319 (1990)","journal-title":"ACM Computing Surveys"},{"key":"2_CR28","unstructured":"Sekar, R., Bendre, M., Dhurjati, D., Bollineni, P.: A fast automaton-based method for detecting anomalous program behaviors. In: Proceedings of the 2001 IEEE Symposium on Security and Privacy (2001)"},{"key":"2_CR29","doi-asserted-by":"publisher","first-page":"787","DOI":"10.1137\/0126070","volume":"26","author":"P.H. Sellers","year":"1974","unstructured":"Sellers, P.H.: On the theory and computation of evolutionary distances. SIAM J. Appl. Math.\u00a026, 787\u2013793 (1974)","journal-title":"SIAM J. Appl. Math."},{"key":"2_CR30","unstructured":"Shin, K., Ramanathan, P.: Diagnosis of processors with Byzantine faults in a distributed computing system. In: Proceedings of the 17th International Symposium on Fault-Tolerant Computing, pp. 55\u201360 (1987)"},{"key":"2_CR31","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/3-540-36415-3_1","volume-title":"Information Hiding","author":"K. Tan","year":"2003","unstructured":"Tan, K., McHugh, J., Killourhy, K.: Hiding intrusions: From the abnormal to the normal and beyond. In: Petitcolas, F.A.P. (ed.) IH 2002. LNCS, vol.\u00a02578, pp. 1\u201317. Springer, Heidelberg (2003)"},{"key":"2_CR32","unstructured":"Wagner, D., Dean, D.: Intrusion detection via static analysis. In: Proceedings of the 2001 IEEE Symposium on Security and Privacy (2001)"},{"key":"2_CR33","doi-asserted-by":"crossref","unstructured":"Wagner, D., Soto, P.: Mimicry attacks on host-based intrusion detection systems. In: Proceedings of the 9th ACM Conference on Computer and Communications Security (2002)","DOI":"10.1145\/586110.586145"},{"key":"2_CR34","unstructured":"Warrender, C., Forrest, S., Pearlmutter, B.: Detecting intrusions using system calls: alternative data models. In: Proceedings of the 1999 IEEE Symposium on Security and Privacy (1999)"},{"key":"2_CR35","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"110","DOI":"10.1007\/3-540-39945-3_8","volume-title":"Recent Advances in Intrusion Detection","author":"A. Wespi","year":"2000","unstructured":"Wespi, A., Dacier, M., Debar, H.: Intrusion detection using variable-length audit trail patterns. In: Debar, H., M\u00e9, L., Wu, S.F. (eds.) RAID 2000. LNCS, vol.\u00a01907, p. 110. Springer, Heidelberg (2000)"},{"key":"2_CR36","doi-asserted-by":"crossref","unstructured":"Yin, J., Martin, J., Venkataramani, A., Alvisi, L., Dahlin, M.: Separating agreement from execution for Byzantine fault tolerant services. In: Proceedings of the 19th ACM Symposium on Operating System Principles (October 2003)","DOI":"10.1145\/945469.945470"}],"container-title":["Lecture Notes in Computer Science","Recent Advances in Intrusion Detection"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/11856214_2","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,1,10]],"date-time":"2025-01-10T21:48:56Z","timestamp":1736545736000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/11856214_2"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2006]]},"ISBN":["9783540397236","9783540397250"],"references-count":36,"URL":"https:\/\/doi.org\/10.1007\/11856214_2","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2006]]}}}