{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,29]],"date-time":"2025-10-29T18:33:35Z","timestamp":1761762815280},"publisher-location":"Berlin, Heidelberg","reference-count":28,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783540690832"},{"type":"electronic","value":"9783540690849"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2006]]},"DOI":"10.1007\/11962977_18","type":"book-chapter","created":{"date-parts":[[2007,1,19]],"date-time":"2007-01-19T00:55:24Z","timestamp":1169168124000},"page":"222-234","source":"Crossref","is-referenced-by-count":16,"title":["High-Speed Intrusion Detection in Support of Critical Infrastructure Protection"],"prefix":"10.1007","author":[{"given":"Salvatore","family":"D\u2019Antonio","sequence":"first","affiliation":[]},{"given":"Francesco","family":"Oliviero","sequence":"additional","affiliation":[]},{"given":"Roberto","family":"Setola","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"18_CR1","unstructured":"Dunn, M., Wigert, I.: An Inventory and Analysis of Protection Policies in Fourteen Countries. In: Wenger, A., Metzger, J. (eds.) International CIIP (Critical Information Infrastructure Protection) Handbook 2004, ETH Swiss Federal Institute fo Technology Zurich (2004)"},{"key":"18_CR2","unstructured":"U.S. Government, The National Strategy for The Physical Protection of Critical Infrastructures and Key Assets. The White House, Washington, USA (2003)"},{"key":"18_CR3","unstructured":"U.S. Government,Green Paper on a European Programme for Critical Infrastructure Protection COM (2005)576, Brussels (2005)"},{"key":"18_CR4","unstructured":"Byres, E., Lowe, J.: The Myths and Facts behind Cyber Security Risks for Industrial Control Systems, British Columbia Institute of Technology"},{"key":"18_CR5","unstructured":"Lavalle, L., Balducelli, C., Vicoli, G.: Anomaly Detection Approach to Safeguard Critical Infrastructures: A Knowledge Engineering Process on a SCADA Case Study. In: Proceedings of Complex Network and Infrastructure Protection (CNIP 2006) (March 2006)"},{"key":"18_CR6","unstructured":"Communication from the Commission to the Council and the European Parliament Critical Infrastructure Protection in the fight against terrorism COM (704)2004, Brussels (October 2004)"},{"key":"18_CR7","unstructured":"Shea, D.A.: Critical Infrastructure: Control Systems and the Terrorist Threat, in Report for Congress RL31534. The Library of Congress (Febraury 2003)"},{"key":"18_CR8","unstructured":"Davis, P.: Abuse and Misuse of Firewalls in SCADA and Control Systems Environments. In: Proceedings of Complex Network and Infrastructure Protection (CNIP 2006) (March 2006)"},{"key":"18_CR9","unstructured":"Esposito, M., Mazzariello, C., Oliviero, F., Romano, S.P., Sansone, C.: Evaluating Pattern Recognition Techniques in Intrusion Detection Systems. In: Proceedings of 5th Workshop on Pattern Recognition in Information Systems (PRIS 2005) (May 2005)"},{"key":"18_CR10","unstructured":"D\u2019Antonio, S., Mazzariello, C., Oliviero, F., Salvi, D.: A distributed multi-purpose IP flow monitor. In: Proceedings of 3rd International Workshop on Internet Performance, Simulation, Monitoring and Measurement (IPS-MoMe 2005) (March 2005)"},{"key":"18_CR11","doi-asserted-by":"crossref","unstructured":"Vigna, G., Kemmerer, R.: Netstat: a network based intrusion detection system. Journal of Computer Security\u00a07(1) (1999)","DOI":"10.3233\/JCS-1999-7103"},{"key":"18_CR12","unstructured":"Anderson, D.: Detecting usual program behavior using the statistical component of the next-generation intrusion detection expert system (nides), Technical report, Computer Science Laboratory (1995)"},{"key":"18_CR13","unstructured":"Tyson, M.: Derbi: Diagnosys explanation and recovery from computer break-ins, Technical report, SRI International (2000)"},{"key":"18_CR14","unstructured":"Rebecca Gurley Bace. Intrusion Detection. Macmillan Technical Publishing, Basingstoke (January 2000)"},{"key":"18_CR15","doi-asserted-by":"crossref","unstructured":"Lakhina, A., Crovella, M., Diot, C.: Mining anomalies using traffic feature distributions. In: Proceedings of ACM SIGCOMM 2005 (August 2005)","DOI":"10.1145\/1080091.1080118"},{"key":"18_CR16","doi-asserted-by":"crossref","unstructured":"Mahoney, M.V.: Network traffic anomaly detection based on packet bytes. In: Proceedings of ACM SAC 2003 (2003)","DOI":"10.1145\/952532.952601"},{"key":"18_CR17","doi-asserted-by":"crossref","unstructured":"Baker, A.R., Caswell, B., Poor, M.: Snort 2.1 Intrusion Detection, 2nd edn., Syngress (2004)","DOI":"10.1016\/B978-193183604-3\/50006-0"},{"key":"18_CR18","unstructured":"Paxson, V., Terney, B.: Bro reference manual (2004)"},{"key":"18_CR19","doi-asserted-by":"crossref","unstructured":"Lindqvist, U., Porras, P.A.: Detecting computer and network misuse through the production-based expert system toolset (p-best). In: Proceedings of the 1999 IEEE Symposium on Security and Privacy, Oakland, California, May 1999, pp. 146\u2013161 (1999)","DOI":"10.1109\/SECPRI.1999.766911"},{"issue":"4","key":"18_CR20","doi-asserted-by":"publisher","first-page":"227","DOI":"10.1145\/382912.382914","volume":"3","author":"W. Wenke Lee","year":"2000","unstructured":"Wenke Lee, W., Stolfo, S.J.: A framework for constructing features and models for intrusion detection systems. ACM Transactions on Information and System Security (TISSEC)\u00a03(4), 227\u2013261 (2000)","journal-title":"ACM Transactions on Information and System Security (TISSEC)"},{"key":"18_CR21","doi-asserted-by":"crossref","unstructured":"Barbara, D., Couto, J., Jajodia, S., Popyack, L., Wu, N.: Adam: Detecting intrusion by data mining. In: Proceedings of the Workshop on Information Assurance and Security (2001)","DOI":"10.1145\/604264.604268"},{"key":"18_CR22","unstructured":"Sadasivan, G., Brownlee, N., Claise, B., Quittek, J.: Ipfix working group internet draft, architecture model for ip flow information export, Internet draft, IETF (January 2005)"},{"key":"18_CR23","doi-asserted-by":"crossref","unstructured":"Kitatsuji, Y., Yamazaki, K.: A distributed real-time tool for ip-flow measurement. In: Proceedings of the 2004 International Symposium on Applications and the Internet (2004)","DOI":"10.1109\/SAINT.2004.1266103"},{"key":"18_CR24","unstructured":"Falko Dressler, F., Carle, G.: History - high speed network monitoring and analysis. In: Proceedings of 24th IEEE Conference on Computer Communications (IEEE INFOCOM 2005) (March 2005)"},{"key":"18_CR25","unstructured":"Abad, C., Li, Y., Lakkaraju, K., Yin, X., Yurcik, W.: Correlation between netflow system and network views for intrusion detection. In: Proceedings of Workshop on Link Analysis, Counter-terrorism, and Privacy held in conjunction with SDM 2004 (2004)"},{"key":"18_CR26","doi-asserted-by":"publisher","first-page":"26","DOI":"10.1145\/1029208.1029214","volume-title":"Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security","author":"X. Yin","year":"2004","unstructured":"Yin, X., Yurcik, W., Treaster, M., Li, Y., Lakkaraju, K.: Visflowconnect: netflow visualizations of link relationships for security situational awareness. In: Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security, pp. 26\u201334. ACM Press, New York (2004)"},{"key":"18_CR27","doi-asserted-by":"crossref","unstructured":"Abad, C., Taylor, J., Sengul, C., Yurcik, W., Zhou, Y., Rowe, K.: Log correlation for intrusion detection: A proof of concept. In: Proceedings of the 19th Annual Computer Security Applications Conference (ACSAC) (2003)","DOI":"10.1109\/CSAC.2003.1254330"},{"key":"18_CR28","unstructured":"Li, Z., Taylor, J., Partridge, E., Zhou, Y., Yurcik, W., Abad, C., Barlow, J., Rosendale, J.: Uclog: A unified, correlated logging architecture for intrusion detection. In: Proceedings of the 12th International Conference on Telecommunication Systems, Modeling and Analysis (ICTSM) (2004)"}],"container-title":["Lecture Notes in Computer Science","Critical Information Infrastructures Security"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/11962977_18.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,4,27]],"date-time":"2021-04-27T03:22:30Z","timestamp":1619493750000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/11962977_18"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2006]]},"ISBN":["9783540690832","9783540690849"],"references-count":28,"URL":"https:\/\/doi.org\/10.1007\/11962977_18","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2006]]}}}