{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,28]],"date-time":"2025-09-28T20:31:46Z","timestamp":1759091506886,"version":"3.33.0"},"publisher-location":"Berlin, Heidelberg","reference-count":29,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783540000204"},{"type":"electronic","value":"9783540360841"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2002]]},"DOI":"10.1007\/3-540-36084-0_3","type":"book-chapter","created":{"date-parts":[[2007,5,16]],"date-time":"2007-05-16T01:40:00Z","timestamp":1179279600000},"page":"36-53","source":"Crossref","is-referenced-by-count":27,"title":["Detecting Malicious Software by Monitoring Anomalous Windows Registry Accesses"],"prefix":"10.1007","author":[{"given":"Frank","family":"Apap","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Andrew","family":"Honig","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Shlomo","family":"Hershkop","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Eleazar","family":"Eskin","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Sal","family":"Stolfo","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2002,10,10]]},"reference":[{"key":"3_CR1","unstructured":"Aim Recovery. http:\/\/www.dark-e.com\/des\/software\/aim\/index.shtml ."},{"key":"3_CR2","unstructured":"Back Orifice. http:\/\/www.cultdeadcow.com\/tools\/bo.html ."},{"key":"3_CR3","unstructured":"BackDoor. XTCP. http:\/\/www.ntsecurity.new\/Panda\/Index.cfm?FuseAction=Virus&VirusID=659 ."},{"key":"3_CR4","unstructured":"BrowseList. http:\/\/e4gle.org\/files\/nttools\/ , http:\/\/binaries.faq.net.pl\/securitytools ."},{"key":"3_CR5","unstructured":"Happy 99. http:\/\/www.symantex.com\/qvcenter\/venc\/data\/happy99.worm.html ."},{"key":"3_CR6","unstructured":"IPCrack. http:\/\/www.geocities.com\/SiliconValley\/Garage\/3755\/toolicq.html , http:\/\/home.swipenet.se\/~w-65048\/hacks.htm ."},{"key":"3_CR7","unstructured":"L0pht Crack. http:\/\/www.atstack.com\/research\/lc ."},{"key":"3_CR8","unstructured":"Setup Trojan. http:\/\/www.nwinternet.com\/~pchelp\/bo\/setuptrojan.txt ."},{"key":"3_CR9","unstructured":"V. Barnett and T. Lewis. Outliers in Statistical Data. John Wiley and Sons, 1994."},{"key":"3_CR10","volume-title":"A Short Course on Computer Viruses","author":"F. Cohen","year":"1990","unstructured":"Fred Cohen. A Short Course on Computer Viruses. ASP Press, Pittsburgh, PA, 1990."},{"key":"3_CR11","volume-title":"Optimal Statistical Decisions","author":"M. H. DeGroot","year":"1970","unstructured":"M. H. DeGroot. Optimal Statistical Decisions. McGraw-Hill, New York, 1970."},{"key":"3_CR12","doi-asserted-by":"publisher","first-page":"222","DOI":"10.1109\/TSE.1987.232894","volume":"13","author":"D. E. Denning","year":"1987","unstructured":"D. E. Denning. An intrusion detection model. IEEE Transactions on Software Engineering, SE-13:222\u2013232, 1987.","journal-title":"IEEE Transactions on Software Engineering"},{"key":"3_CR13","unstructured":"Eleazar Eskin. Anomaly detection over noisy data using learned probability distributions. In Proceedings of the Seventeenth International Conference on Machine Learning (ICML-2000), 2000."},{"key":"3_CR14","unstructured":"Eleazar Eskin. Probabilistic anomaly detection over discrete records using inconsistency checks. Technical report, Columbia University Computer Science Technical Report, 2002."},{"key":"3_CR15","unstructured":"Stephanie Forrest, S. A. Hofmeyr, A. Somayaji, and T. A. Longstaff. A sense of self for unix processes. pages 120\u2013128. IEEE Computer Society, 1996."},{"key":"3_CR16","unstructured":"N. Friedman and Y. Singer. Efficient bayesian parameter estimation in large discrete domains, 1999."},{"key":"3_CR17","doi-asserted-by":"crossref","first-page":"151","DOI":"10.3233\/JCS-980109","volume":"6","author":"S. A. Hofmeyr","year":"1998","unstructured":"S. A. Hofmeyr, Stephanie Forrest, and A. Somayaji. Intrusion detect using sequences of system calls. Journal of Computer Security, 6:151\u2013180, 1998.","journal-title":"Journal of Computer Security"},{"key":"3_CR18","doi-asserted-by":"crossref","unstructured":"Andrew Honig, Andrew Howard, Eleazar Eskin, and Salvatore Stolfo. Adaptive model generation: An architecture for the deployment of data minig-based intrusion detection systems. In Data Mining for Security Applications. Kluwer, 2002.","DOI":"10.1007\/978-1-4615-0953-0_7"},{"key":"3_CR19","unstructured":"Internet Engineering Task Force. Intrusion detection exchange format. In http:\/\/www.ietf.org\/html.charters\/idwg-charter.html , 2000."},{"key":"3_CR20","unstructured":"H. S. Javitz and A. Valdes. The nides statistical component: Description and justification. Technical report, SRI International, 1993."},{"key":"3_CR21","unstructured":"W. Lee, S. J. Stolfo, and P. K. Chan. Learning patterns from unix processes execution traces for intrusion detection. pages 50\u201356. AAAI Press, 1997."},{"key":"3_CR22","doi-asserted-by":"crossref","unstructured":"W. Lee, S. J. Stolfo, and K. Mok. Data mining in work flow environments: Experiences in intrusion detection. In Proceedings of the 1999 Conference on Knowledge Discovery and Data Mining (KDD-99), 1999.","DOI":"10.1145\/312129.312212"},{"key":"3_CR23","unstructured":"Wenke Lee, Sal Stolfo, and Kui Mok. A data mining framework for building intrusion detection models. 1999."},{"key":"3_CR24","unstructured":"MacAfee. Homepage: macafee.com. Online publication, 2000. http:\/\/www.mcafee.com ."},{"key":"3_CR25","volume-title":"Technical Report CS-2001-2","author":"M. Mahoney","year":"2001","unstructured":"M. Mahoney and P. Chan. Detecting novel attacks by identifying anomalous network packet headers. Technical Report CS-2001-2, Florida Institute of Technology, Melbourne, FL, 2001."},{"key":"3_CR26","unstructured":"B. Sch\u00f6lkopf, J. Platt, J. Shawe-Taylor, A. J. Smola, and R. C. Williamson. Estimating the support of a high-dimensional distribution. Technical Report 99-87, Microsoft Research, 1999. To appear in Neural Computation, 2001."},{"key":"3_CR27","unstructured":"SysInternals. Regmon for Windows NT\/9x. Online publication, 2000. http:\/\/www.sysinternals.com\/ntw2k\/source\/regmon.shtml ."},{"key":"3_CR28","doi-asserted-by":"crossref","unstructured":"Christina Warrender, Stephanie Forrest, and Barak Pearlmutter. Detecting intrusions using system calls: alternative data models. pages 133\u2013145. IEEE Computer Society, 1999.","DOI":"10.1109\/SECPRI.1999.766910"},{"key":"3_CR29","unstructured":"Steve R. White. Open problems in computer virus research. In Virus Bulletin Conference, 1998."}],"container-title":["Lecture Notes in Computer Science","Recent Advances in Intrusion Detection"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/3-540-36084-0_3","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,1,16]],"date-time":"2025-01-16T09:12:45Z","timestamp":1737018765000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/3-540-36084-0_3"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2002]]},"ISBN":["9783540000204","9783540360841"],"references-count":29,"URL":"https:\/\/doi.org\/10.1007\/3-540-36084-0_3","relation":{},"ISSN":["0302-9743"],"issn-type":[{"type":"print","value":"0302-9743"}],"subject":[],"published":{"date-parts":[[2002]]}}}