{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,20]],"date-time":"2026-01-20T14:18:43Z","timestamp":1768918723420,"version":"3.49.0"},"publisher-location":"Berlin, Heidelberg","reference-count":19,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783540000204","type":"print"},{"value":"9783540360841","type":"electronic"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2002]]},"DOI":"10.1007\/3-540-36084-0_16","type":"book-chapter","created":{"date-parts":[[2007,5,16]],"date-time":"2007-05-16T01:40:00Z","timestamp":1179279600000},"page":"292-306","source":"Crossref","is-referenced-by-count":6,"title":["Introducing Reference Flow Control for Detecting Intrusion Symptoms at the OS Level"],"prefix":"10.1007","author":[{"given":"Jacob","family":"Zimmermann","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ludovic","family":"M\u00e9","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Christophe","family":"Bidan","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2002,10,10]]},"reference":[{"key":"16_CR1","doi-asserted-by":"crossref","unstructured":"J. Allen, A. Christie, W. Fithen, J. McHugh, J. Pickel, and E. Stoner. State of the practice of intrusion detection technologies. Technical Report SEI-99TR-028, CMU\/SEI, 2000.","DOI":"10.21236\/ADA375846"},{"key":"16_CR2","doi-asserted-by":"crossref","unstructured":"John McHugh. Intrusion and intrusion detection. International Journal of Information Security, July 2001.","DOI":"10.1007\/s102070100001"},{"key":"16_CR3","unstructured":"D. Schnackenberg, K. Djahandari, and D. Sterne. Infrastructure for intrusion detection and response. In Proceedings of the DARPA Information Survivability Conference and Exposition (DISCEX\u201900), 2000."},{"key":"16_CR4","unstructured":"Fr\u00e9d\u00e9ric Cuppens. Managing alerts in a multi-intrusion detection environment. In Proceedings of the 17th Annual Computer Security Applications Conference (AC-SAC 2001), December 2001."},{"key":"16_CR5","doi-asserted-by":"crossref","unstructured":"R. P. Goldman, W. Heimerdinger, S. A. Harp, C. W. Geib, V. Thomas, and R. L. Carter. Information modeling for intrusion report aggregation. In Proceedings of the DARPA Information Survivability Conference and Exposition, June 2001.","DOI":"10.1109\/DISCEX.2001.932228"},{"key":"16_CR6","unstructured":"Fr\u00e9d\u00e9ric Cuppens and Alexandre Mi\u00e8ge. Alert correlation in a cooperative intrusion detection framework. In Proccedings of the IEEE Symposium on Security and Privacy, 2002."},{"key":"16_CR7","doi-asserted-by":"crossref","unstructured":"Benjamin Morin, Ludovic M\u00e9, Herv\u00e9 Debar, and Mireille Ducass\u00e9. M2D2: A formal data model for IDS alert correlation. In Proceedings of the Fifth International Symposium on the Recent Advances in Intrusion Detection (RAID\u20192002), 2002.","DOI":"10.1007\/3-540-36084-0_7"},{"key":"16_CR8","series-title":"Lect Notes Comput Sci","doi-asserted-by":"publisher","first-page":"172","DOI":"10.1007\/3-540-45474-8_11","volume-title":"Proceedings of the Fourth International Symposium on the Recent Advances in Intrusion Detection (RAID\u20192001)","author":"P. Uppuluri","year":"2001","unstructured":"Prem Uppuluri and R. Sekar. Experiences with specification-based intrusion detection. In W. Lee, L. M\u00e9, and A. Wespi, editors, Proceedings of the Fourth International Symposium on the Recent Advances in Intrusion Detection (RAID\u20192001), number 2212 in LNCS, pages 172\u2013189, October 2001."},{"key":"16_CR9","doi-asserted-by":"crossref","unstructured":"Calvin Ko and Timothy Redmond. Noninterference and intrusion detection. In Proccedings of the IEEE Symposium on Security and Privacy, 2002.","DOI":"10.1109\/SECPRI.2002.1004370"},{"key":"16_CR10","doi-asserted-by":"crossref","unstructured":"Daniel Hagimont, Jacques Mossiere, Xavier Rousset de Pina, and F. Saunier. Hidden software capabilities. In International Conference on Distributed Computing Systems, pages 282\u2013289, 1996.","DOI":"10.1109\/ICDCS.1996.507926"},{"key":"16_CR11","doi-asserted-by":"crossref","unstructured":"David F.C. Brewer and Michael J. Nash. The chinese wall security policy. In Proceedings of the IEEE Symposium on Research in Security and Privacy, pages 206\u2013214. IEEE Computer Society Press, May 1989.","DOI":"10.1109\/SECPRI.1989.36295"},{"key":"16_CR12","unstructured":"CMU CERT\/CC. Ca-1995-02: Vulnerabilities in \/bin\/mail. http:\/\/www.cert.org\/advisories\/CA-1995-02.html , January 26 1995."},{"key":"16_CR13","unstructured":"CMU CERT\/CC. Vu#40327: Openssh uselogin option allows remote execution of commands as root. http:\/\/www.kb.cert.org\/vuls\/id\/40327 , November 2001."},{"issue":"1","key":"16_CR14","doi-asserted-by":"publisher","first-page":"30","DOI":"10.1145\/353323.353382","volume":"3","author":"F. B. Schneider","year":"2000","unstructured":"Fred B. Schneider. Enforceable security policies. Information and System Security, 3(1):30\u201350, 2000.","journal-title":"Information and System Security"},{"key":"16_CR15","unstructured":"John Rushby. Noninterference, transitivity, and channel-control security policies. Technical Report CSL-92-02, SRI, dec 1992."},{"key":"16_CR16","doi-asserted-by":"crossref","unstructured":"J. McLean. A general theory of composition for trace sets closed under selective interleaving functions. In Proceedings of the IEEE Symposium on Research in Security and Privacy, May 1994.","DOI":"10.1109\/RISP.1994.296590"},{"key":"16_CR17","doi-asserted-by":"crossref","unstructured":"E. Ferrari, P. Samarati, E. Bertino, and S. Jajodia. Providing flexibility in information flow control for object-oriented systems. In Proceedings of the IEEE Symposium on Security and Privacy, pages 130\u2013140, 1997.","DOI":"10.1109\/SECPRI.1997.601328"},{"key":"16_CR18","doi-asserted-by":"crossref","unstructured":"H. Mantel and A. Sabelfeld. A generic approach to the security of multi-threaded programs. In Proceedings of the 13th ProIEEE Computer Security Foundations Workshop, pages 200\u2013214, June 2001.","DOI":"10.1109\/CSFW.2001.930142"},{"key":"16_CR19","doi-asserted-by":"crossref","unstructured":"Steve Zdancewic, Lantian Zheng, Nathaniel Nystrom, and Andrew C. Myers. Untrusted hosts and confidentiality: Secure program partitioning. In Proceedings of the 18th ACM Symposium on Operating Systems Principles, 2001.","DOI":"10.1145\/502034.502036"}],"container-title":["Lecture Notes in Computer Science","Recent Advances in Intrusion Detection"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/3-540-36084-0_16","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,1,16]],"date-time":"2025-01-16T09:11:06Z","timestamp":1737018666000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/3-540-36084-0_16"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2002]]},"ISBN":["9783540000204","9783540360841"],"references-count":19,"URL":"https:\/\/doi.org\/10.1007\/3-540-36084-0_16","relation":{},"ISSN":["0302-9743"],"issn-type":[{"value":"0302-9743","type":"print"}],"subject":[],"published":{"date-parts":[[2002]]}}}