{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,10]],"date-time":"2026-03-10T13:43:31Z","timestamp":1773150211040,"version":"3.50.1"},"publisher-location":"Berlin, Heidelberg","reference-count":31,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783540446019","type":"print"},{"value":"9783540446057","type":"electronic"}],"license":[{"start":{"date-parts":[[2006,1,1]],"date-time":"2006-01-01T00:00:00Z","timestamp":1136073600000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2006]]},"DOI":"10.1007\/11863908_32","type":"book-chapter","created":{"date-parts":[[2006,9,15]],"date-time":"2006-09-15T23:28:46Z","timestamp":1158362926000},"page":"527-546","source":"Crossref","is-referenced-by-count":18,"title":["Towards an Information-Theoretic Framework for Analyzing Intrusion Detection Systems"],"prefix":"10.1007","author":[{"given":"Guofei","family":"Gu","sequence":"first","affiliation":[]},{"given":"Prahlad","family":"Fogla","sequence":"additional","affiliation":[]},{"given":"David","family":"Dagon","sequence":"additional","affiliation":[]},{"given":"Wenke","family":"Lee","sequence":"additional","affiliation":[]},{"given":"Boris","family":"Skoric","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"32_CR1","unstructured":"Kdd cup 1999 data (2006), Available at: \n                  \n                    http:\/\/kdd.ics.uci.edu\/databases\/kddcup99\/"},{"key":"32_CR2","series-title":"Lecture Notes in Computer Science","volume-title":"Selected Areas in Cryptography","author":"N.B. Amor","year":"2004","unstructured":"Amor, N.B., Benferhat, S., Elouedi, Z.: Naive bayes vs decision trees in intrusion detection systems. In: Handschuh, H., Hasan, M.A. (eds.) SAC 2004. LNCS, vol.\u00a03357. Springer, Heidelberg (2004)"},{"key":"32_CR3","doi-asserted-by":"crossref","unstructured":"Axelsson, S.: The base-rate fallacy and its implications for the difficulty of intrusion detection. In: Proceedings of ACM CCS 1999 (November 1999)","DOI":"10.1145\/319709.319710"},{"key":"32_CR4","unstructured":"Axelsson, S.: A preliminary attempt to apply detection and estimation theory to intrusion detection. Technical Report 00-4, Dept. of Computer Engineering, Chalmers Univerity of Technology, Sweden (March 2000)"},{"key":"32_CR5","doi-asserted-by":"crossref","unstructured":"Cardenas, A., Seamon, K., Baras, J.: A Framework for the Evaluation of Intrusion Detection Systems. In: Proceedings of the 2006 IEEE Symposium on Security and Privacy, Oakland, California (May 2006)","DOI":"10.1109\/SP.2006.2"},{"key":"32_CR6","doi-asserted-by":"publisher","DOI":"10.1002\/0471200611","volume-title":"Elements of Information Theory","author":"T. Cover","year":"1991","unstructured":"Cover, T., Thomas, J.: Elements of Information Theory. John Wiley, Chichester (1991)"},{"key":"32_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"267","DOI":"10.1007\/11555827_16","volume-title":"Computer Security \u2013 ESORICS 2005","author":"G. Crescenzo Di","year":"2005","unstructured":"Di Crescenzo, G., Ghosh, A., Talpade, R.: Towards a theory of intrusion detection. In: di Vimercati, S.d.C., Syverson, P.F., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol.\u00a03679, pp. 267\u2013286. Springer, Heidelberg (2005)"},{"issue":"8","key":"32_CR8","doi-asserted-by":"publisher","first-page":"805","DOI":"10.1016\/S1389-1286(98)00017-6","volume":"31","author":"H. Debar","year":"1999","unstructured":"Debar, H., Dacier, M., Wespi, A.: Towards a taxonomy of intrusion-detection systems. Computer Networks\u00a031(8), 805\u2013822 (1999)","journal-title":"Computer Networks"},{"key":"32_CR9","doi-asserted-by":"crossref","unstructured":"Denning, D.: An intrusion-detection model. IEEE Transactions on Software Engineering\u00a02 (February 1987)","DOI":"10.1109\/TSE.1987.232894"},{"key":"32_CR10","doi-asserted-by":"crossref","unstructured":"Gu, G., Fogla, P., Dagon, D., Lee, W., Skoric, B.: Measuring intrusion detection capability: An information-theoretic approach. In: Proceedings of ACM Symposium on InformAction, Computer and Communications Security (ASIACCS 2006) (March 2006)","DOI":"10.1145\/1128817.1128834"},{"key":"32_CR11","unstructured":"Handley, M., Paxson, V., Kreibich, C.: Network intrusion detection: Evasion, traffic normalization, and end-to-end protocol semantics. In: Proc. USENIX Security Symposium 2001 (2001)"},{"key":"32_CR12","doi-asserted-by":"crossref","unstructured":"Helman, P., Liepins, G.: Statistical foundations of audit trail analysis for the detection of computer misuse. IEEE Transactions on Software Engineering\u00a019(9) (September 1993)","DOI":"10.1109\/32.241771"},{"key":"32_CR13","unstructured":"Hu, W., Liao, Y., Vemuri, V.R.: Robust support vector machines for anomaly detection in computer security. In: Proc. 2003 International Conference on Machine Learning and Applications (ICMLA 2003) (2003)"},{"key":"32_CR14","unstructured":"Kim, H.-A., Karp, B.: Autograph: Toward automated, distributed worm signature detection. In: USENIX Security Symposium, pp. 271\u2013286 (2004)"},{"key":"32_CR15","doi-asserted-by":"crossref","unstructured":"Lakhina, A., Crovella, M., Diot, C.: Mining anomalies using traffic feature distributions. In: SIGCOMM 2005 (2005)","DOI":"10.1145\/1080091.1080118"},{"key":"32_CR16","unstructured":"Lee, W., Xiang, D.: Information-theoretic measures for anomaly detection. In: Proceedings of the 2001 IEEE Symposium on Security and Privacy (May 2001)"},{"issue":"4","key":"32_CR17","doi-asserted-by":"publisher","first-page":"227","DOI":"10.1145\/382912.382914","volume":"3","author":"W. Lee","year":"2000","unstructured":"Lee, W., Stolfo, S.J.: A framework for constructing features and models for intrusion detection systems. ACM Transactions on Information and System Security (TISSEC)\u00a03(4), 227\u2013261 (2000)","journal-title":"ACM Transactions on Information and System Security (TISSEC)"},{"key":"32_CR18","unstructured":"Massachusetts Institute of\u00a0Technology Lincoln\u00a0Laboratory. 1998 darpa intrusion detection evaluation data set overview (2005), \n                  \n                    http:\/\/www.ll.mit.edu\/IST\/ideval\/"},{"key":"32_CR19","unstructured":"Lunt, T.F.: Panel:foundations for intrusion detection. In: Proc. 13th Computer Security Foundations Workshop (CSFW 2000) (2000)"},{"key":"32_CR20","doi-asserted-by":"crossref","unstructured":"McHugh, J.: Testing intrusion detection systems: A critique of the 1998 and 1999 darpa off-line intrusion detection system evaluation as performed by lincoln laboratory. ACM Transactions on Information and System Security\u00a03(4) (November 2000)","DOI":"10.1145\/382912.382923"},{"key":"32_CR21","volume-title":"Machine Learning","author":"T. Mitchell","year":"1997","unstructured":"Mitchell, T.: Machine Learning. McGraw-Hill, New York (1997)"},{"key":"32_CR22","unstructured":"Newsome, J., Karp, B., Song, D.: Polygraph: Automatically generating signatures for polymorphic worms. In: IEEE S&P 2005 (2005)"},{"issue":"23\u201324","key":"32_CR23","doi-asserted-by":"publisher","first-page":"2435","DOI":"10.1016\/S1389-1286(99)00112-7","volume":"31","author":"V. Paxson","year":"1999","unstructured":"Paxson, V.: Bro: A system for detecting network intruders in real-time. Computer Networks\u00a031(23\u201324), 2435\u20132463 (1999)","journal-title":"Computer Networks"},{"key":"32_CR24","unstructured":"Ptacek, T.H., Newsham, T.N.: Insertion, evasion, and denial of service: Eluding network intrusion detection. Technical report, Secure Networks Inc. (January 1998)"},{"issue":"10","key":"32_CR25","doi-asserted-by":"publisher","first-page":"719","DOI":"10.1109\/32.544350","volume":"22","author":"N.J. Puketza","year":"1996","unstructured":"Puketza, N.J., Zhang, K., Chung, M., Mukherjee, B., Olsson, R.A.: A methodology for testing intrusion detection systems. IEEE Transactions on Software Engineering\u00a022(10), 719\u2013729 (1996)","journal-title":"IEEE Transactions on Software Engineering"},{"key":"32_CR26","unstructured":"Roesch, M.: Snort - lightweight intrusion detection for networks. In: Proceedings of USENIX LISA 1999 (1999)"},{"key":"32_CR27","doi-asserted-by":"crossref","unstructured":"Sommer, R., Paxson, V.: Enhancing byte-level network intrusion detection signatures with context. In: CCS 2003 (2003)","DOI":"10.1145\/948143.948145"},{"key":"32_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"278","DOI":"10.1007\/978-3-540-30143-1_15","volume-title":"Recent Advances in Intrusion Detection","author":"T. Song","year":"2004","unstructured":"Song, T., Ko, C., Alves-Foss, J., Zhang, C., Levitt, K.N.: Formal reasoning about intrusion detection systems. In: Jonsson, E., Valdes, A., Almgren, M. (eds.) RAID 2004. LNCS, vol.\u00a03224, pp. 278\u2013295. Springer, Heidelberg (2004)"},{"key":"32_CR29","unstructured":"Nikto, S. (2006), Available at: \n                  \n                    http:\/\/www.cirt.net\/code\/nikto.shtml"},{"key":"32_CR30","doi-asserted-by":"crossref","DOI":"10.1007\/978-1-4757-2440-0","volume-title":"The Nature of Statistical Learning Theory","author":"V.N. Vapnik","year":"1995","unstructured":"Vapnik, V.N.: The Nature of Statistical Learning Theory. Springer, Heidelberg (1995)"},{"key":"32_CR31","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"203","DOI":"10.1007\/978-3-540-30143-1_11","volume-title":"Recent Advances in Intrusion Detection","author":"K. Wang","year":"2004","unstructured":"Wang, K., Stolfo, S.J.: Anomalous payload-based network intrusion detection. In: Jonsson, E., Valdes, A., Almgren, M. (eds.) RAID 2004. LNCS, vol.\u00a03224, pp. 203\u2013222. Springer, Heidelberg (2004)"}],"container-title":["Lecture Notes in Computer Science","Computer Security \u2013 ESORICS 2006"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/11863908_32","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,6,2]],"date-time":"2019-06-02T20:22:34Z","timestamp":1559506954000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/11863908_32"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2006]]},"ISBN":["9783540446019","9783540446057"],"references-count":31,"URL":"https:\/\/doi.org\/10.1007\/11863908_32","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2006]]}}}