{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,4]],"date-time":"2026-05-04T13:30:11Z","timestamp":1777901411270,"version":"3.51.4"},"publisher-location":"Berlin, Heidelberg","reference-count":18,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783540397236","type":"print"},{"value":"9783540397250","type":"electronic"}],"license":[{"start":{"date-parts":[[2006,1,1]],"date-time":"2006-01-01T00:00:00Z","timestamp":1136073600000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2006]]},"DOI":"10.1007\/11856214_8","type":"book-chapter","created":{"date-parts":[[2006,9,16]],"date-time":"2006-09-16T07:12:21Z","timestamp":1158390741000},"page":"145-164","source":"Crossref","is-referenced-by-count":51,"title":["Using Hidden Markov Models to Evaluate the Risks of Intrusions"],"prefix":"10.1007","author":[{"given":"Andr\u00e9","family":"\u00c5rnes","sequence":"first","affiliation":[]},{"given":"Fredrik","family":"Valeur","sequence":"additional","affiliation":[]},{"given":"Giovanni","family":"Vigna","sequence":"additional","affiliation":[]},{"given":"Richard A.","family":"Kemmerer","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"8_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"388","DOI":"10.1007\/11596981_57","volume-title":"Computational Intelligence and Security","author":"A. \u00c5rnes","year":"2005","unstructured":"\u00c5rnes, A., Sallhammar, K., Haslum, K., Brekne, T., Moe, M.E.G., Knapskog, S.J.: Real-time risk assessment with network sensors and intrusion detection systems. In: Hao, Y., Liu, J., Wang, Y.-P., Cheung, Y.-m., Yin, H., Jiao, L., Ma, J., Jiao, Y.-C. (eds.) CIS 2005. LNCS, vol.\u00a03802, pp. 388\u2013397. Springer, Heidelberg (2005)"},{"key":"8_CR2","unstructured":"CORAS IST-2000-25031 (2003), Web Site, \n                      \n                        http:\/\/www.nr.no\/coras"},{"key":"8_CR3","unstructured":"Debar, H., Curry, D.A., Feinstein, B.S.: Intrusion detection message exchange format (IDMEF) \u2013 internet-draft (2005)"},{"key":"8_CR4","unstructured":"Desai, N.: IDS correlation of VA data and IDS alerts (June 2003), \n                      \n                        http:\/\/www.securityfocus.com\/infocus\/1708"},{"issue":"6","key":"8_CR5","doi-asserted-by":"publisher","first-page":"59","DOI":"10.1109\/MSP.2004.109","volume":"02","author":"S. Evans","year":"2004","unstructured":"Evans, S., Heinbuch, D., Kyule, E., Piorkowski, J., Wallner, J.: Risk-based systems security engineering: Stopping attacks with intention. IEEE Security and Privacy\u00a002(6), 59\u201362 (2004)","journal-title":"IEEE Security and Privacy"},{"key":"8_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"296","DOI":"10.1007\/978-3-540-30143-1_16","volume-title":"Recent Advances in Intrusion Detection","author":"A. Gehani","year":"2004","unstructured":"Gehani, A., Kedem, G.: RheoStat: Real-time risk management. In: Jonsson, E., Valdes, A., Almgren, M. (eds.) RAID 2004. LNCS, vol.\u00a03224, pp. 296\u2013314. Springer, Heidelberg (2004)"},{"key":"8_CR7","unstructured":"Gula, R.: Correlating ids alerts with vulnerability information. Technical report, Tenable Network Security (December 2002)"},{"key":"8_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"207","DOI":"10.1007\/11663812_11","volume-title":"Recent Advances in Intrusion Detection","author":"C. Kr\u00fcgel","year":"2006","unstructured":"Kr\u00fcgel, C., Kirda, E., Mutz, D., Robertson, W., Vigna, G.: Polymorphic worm detection using structural information of executables. In: Valdes, A., Zamboni, D. (eds.) RAID 2005. LNCS, vol.\u00a03858, pp. 207\u2013226. Springer, Heidelberg (2006)"},{"key":"8_CR9","unstructured":"Kruegel, C., Robertson, W.: Alert verification: Determining the success of intrusion attempts. In: Proceedings of the 1st Workshop on the Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA 2004), Dortmund, Germany (July 2004)"},{"issue":"4","key":"8_CR10","first-page":"219","volume":"27","author":"C. Kruegel","year":"2004","unstructured":"Kruegel, C., Robertson, W., Vigna, G.: Using alert verification to identify successful intrusion attempts. Practice in Information Processing and Communication (PIK 2004)\u00a027(4), 219\u2013227 (2004)","journal-title":"Practice in Information Processing and Communication (PIK 2004)"},{"key":"8_CR11","unstructured":"Lincoln Laboratory. Lincoln laboratory scenario (DDoS) 1.0 (2000), \n                      \n                        http:\/\/www.ll.mit.edu\/SST\/ideval\/data\/2000\/LLS_DDOS_1.0.html"},{"key":"8_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"95","DOI":"10.1007\/3-540-36084-0_6","volume-title":"Recent Advances in Intrusion Detection","author":"P.A. Porras","year":"2002","unstructured":"Porras, P.A., Fong, M.W., Valdes, A.: A mission-impact-based approach to INFOSEC alarm correlation. In: Wespi, A., Vigna, G., Deri, L. (eds.) RAID 2002. LNCS, vol.\u00a02516, pp. 95\u2013114. Springer, Heidelberg (2002)"},{"key":"8_CR13","doi-asserted-by":"crossref","unstructured":"Rabiner, L.R.: A tutorial on hidden markov models and selected applications in speech recognition. Readings in speech recognition, pp. 267\u2013296 (1990)","DOI":"10.1016\/B978-0-08-051584-7.50027-9"},{"key":"8_CR14","unstructured":"Standards Australia and Standards New Zealand. AS\/NZS 4360: 2004 risk management (2004)"},{"key":"8_CR15","unstructured":"Stonebumer, G., Goguen, A., Feringa, A.: Risk management guide for information technology systems, special publication, pp. 800\u2013830 (2002), \n                      \n                        http:\/\/csrc.nist.gov\/publications\/nistpubs\/800-30\/sp800-30.pdf"},{"key":"8_CR16","unstructured":"Sun Microsystems, Inc. Installing, Administering, and Using the Basic Security Module. 2550 Garcia Ave., Mountain View, CA 94043 (December 1991)"},{"key":"8_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"69","DOI":"10.1007\/3-540-45474-8_5","volume-title":"Recent Advances in Intrusion Detection","author":"G. Vigna","year":"2001","unstructured":"Vigna, G., Kemmerer, R.A., Blix, P.: Designing a web of highly-configurable intrusion detection sensors. In: Lee, W., M\u00e9, L., Wespi, A. (eds.) RAID 2001. LNCS, vol.\u00a02212, pp. 69\u201384. Springer, Heidelberg (2001)"},{"key":"8_CR18","doi-asserted-by":"crossref","unstructured":"Vigna, G., Valeur, F., Kemmerer, R.: Designing and implementing a family of intrusion detection systems. In: Proceedings of European Software Engineering Conference and ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC\/FSE 2003), Helsinki, Finland (September 2003)","DOI":"10.1145\/940080.940084"}],"container-title":["Lecture Notes in Computer Science","Recent Advances in Intrusion Detection"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/11856214_8","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,19]],"date-time":"2019-05-19T17:55:19Z","timestamp":1558288519000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/11856214_8"}},"subtitle":["System Architecture and Model Validation"],"short-title":[],"issued":{"date-parts":[[2006]]},"ISBN":["9783540397236","9783540397250"],"references-count":18,"URL":"https:\/\/doi.org\/10.1007\/11856214_8","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2006]]}}}