{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,21]],"date-time":"2026-02-21T13:10:30Z","timestamp":1771679430782,"version":"3.50.1"},"publisher-location":"Berlin, Heidelberg","reference-count":21,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783540000204","type":"print"},{"value":"9783540360841","type":"electronic"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2002]]},"DOI":"10.1007\/3-540-36084-0_4","type":"book-chapter","created":{"date-parts":[[2007,5,16]],"date-time":"2007-05-16T01:40:00Z","timestamp":1179279600000},"page":"54-73","source":"Crossref","is-referenced-by-count":77,"title":["Undermining an Anomaly-Based Intrusion Detection System Using Common Exploits"],"prefix":"10.1007","author":[{"given":"Kymie M. C.","family":"Tan","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Kevin S.","family":"Killourhy","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Roy A.","family":"Maxion","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2002,10,10]]},"reference":[{"key":"4_CR1","doi-asserted-by":"crossref","unstructured":"Herve Debar, Marc Dacier, and Andreas Wespi. Towards a taxonomy of intrusion-detection systems. Computer Networks, 31(8):805\u2013822, April 1999.","DOI":"10.1016\/S1389-1286(98)00017-6"},{"key":"4_CR2","doi-asserted-by":"publisher","first-page":"120","DOI":"10.1109\/SECPRI.1996.502675","volume-title":"Proceedings of the 1996 IEEE Symposium on Security and Privacy","author":"S. Forrest","year":"1996","unstructured":"Stephanie Forrest, Steven A. Hofmeyr, Anil Somayaji, and Thomas A. Longstaff. A sense of self for unix processes. In Proceedings of the 1996 IEEE Symposium on Security and Privacy, 6-8 May 1996, Oakland, California, pages 120\u2013128, IEEE Computer Society Press, Los Alamitos, California, 1996."},{"key":"4_CR3","unstructured":"Cristian Gafton. passwd(1). Included in passwd version 0.64.1-1 software package, January 1998."},{"key":"4_CR4","first-page":"51","volume-title":"Proceedings of the 1st Workshop on Intrusion Detection and Network Monitoring","author":"A. K. Ghosh","year":"1999","unstructured":"Anup K. Ghosh, Aaron Schwartzbard, and Michael Schatz. Learning program behavior profiles for intrusion detection. In Proceedings of the 1st Workshop on Intrusion Detection and Network Monitoring, 9-12 April 1999, Santa Clara, California, pages 51\u201362, The USENIX Association, Berkeley, California, 1999."},{"key":"4_CR5","first-page":"259","volume-title":"Proceedings of the 14th Annual Computer Security Applications Conference","author":"A. K. Ghosh","year":"1998","unstructured":"Anup K. Ghosh, James Wanken, and Frank Charron. Detecting anomalous and unknown intrusions against programs. In Proceedings of the 14th Annual Computer Security Applications Conference, 7-11 December 1998, Phoenix, Arizona, pages 259\u2013267, IEEE Computer Society Press, Los Alamitos, 1998."},{"issue":"3","key":"4_CR6","doi-asserted-by":"crossref","first-page":"151","DOI":"10.3233\/JCS-980109","volume":"6","author":"S. A. Hofmeyr","year":"1998","unstructured":"Steven A. Hofmeyr, Stephanie Forrest, and Anil Somayaji. Intrusion detection using sequences of system calls. Journal of Computer Security, 6(3):151\u2013180, 1998.","journal-title":"Journal of Computer Security"},{"key":"4_CR7","unstructured":"Van Jacobson. Traceroute(8). Included in traceroute version 1.4a5 software package, April 1997."},{"key":"4_CR8","unstructured":"Michel \u201cMaXX\u201d Kaempf. Traceroot2: Local root exploit in LBNL traceroute. Internet: http:\/\/packetstormsecurity.org\/0011-exploits\/traceroot2.c , March 2002."},{"key":"4_CR9","series-title":"PhD thesis","volume-title":"Classification and Detection of Computer Intrusions","author":"S. Kumar","year":"1995","unstructured":"Sandeep Kumar. Classification and Detection of Computer Intrusions. PhD thesis, Purdue University, West Lafayette, Indiana, August 1995."},{"key":"4_CR10","unstructured":"Teresa Lunt. Automated audit trail analysis and intrusion detection: A survey. In Proceedings of the 11th National Computer Security Conference, Baltimore, Maryland, pages 65\u201373, October 1988."},{"key":"4_CR11","doi-asserted-by":"publisher","first-page":"101","DOI":"10.1145\/366173.366197","volume-title":"New Security Paradigms Workshop","author":"C. Marceau","year":"2000","unstructured":"Carla Marceau. Characterizing the behavior of a program using multiple-length N-grams. In New Security Paradigms Workshop, 18\u201322 September 2000, Ballycotton, County Cork, Ireland, pages 101\u2013110, ACM Press, New York, New York, 2001."},{"key":"4_CR12","doi-asserted-by":"crossref","unstructured":"Roy A. Maxion and Kymie M. C. Tan. Anomaly detection in embedded systems. IEEE Transactions on Computers, 51(2):108\u2013120, February 2002.","DOI":"10.1109\/12.980003"},{"key":"4_CR13","unstructured":"Andrew P. Moore. CERT\/CC vulnerability note VU#176888, July 2002. Internet: http:\/\/www.kb.cert.org\/vuls\/id\/176888 ."},{"key":"4_CR14","unstructured":"Thomas H. Ptacek and Timothy N. Newsham. Insertion, evasion, and denial of service: Eluding network intrusion detection. Secure Networks, Inc., Calgary, Alberta, Canada, January 1998."},{"key":"4_CR15","unstructured":"Wojciech Purczynski (original author) and \u201clst\u201d (author of improvements). Epcs2: Exploit for execve\/ptrace race condition in Linux kernel up to 2.2.18. Internet: http:\/\/www.securiteam.com\/exploits\/5NP061P4AW.html , March 2002."},{"key":"4_CR16","unstructured":"SecurityFocus Vulnerability Archive. LBNL Traceroute Heap Corruption Vulnerability, Bugtraq ID 1739. Internet: http:\/\/online.securityfocus.com\/bid\/1739 , March 2002."},{"key":"4_CR17","unstructured":"SecurityFocus Vulnerability Archive. Linux PTrace\/Setuid Exec Vulnerability, Bugtraq ID 3447. Internet: http:\/\/online.securityfocus.com\/bid\/3447 , March 2002."},{"key":"4_CR18","unstructured":"Anil Somayaji and Geoffrey Hunsicker. IMMSEC Kernel-level system call tracing for Linux 2.2, Version 991117. Obtained through private communication. Previous version available on the Internet: http:\/\/www.cs.unm.edu\/~immsec\/software\/ , March 2002."},{"key":"4_CR19","doi-asserted-by":"publisher","first-page":"188","DOI":"10.1109\/SECPRI.2002.1004371","volume-title":"Proceedings of the 2002 IEEE Symposium on Security and Privacy","author":"K. M. C. Tan","year":"2002","unstructured":"Kymie M. C. Tan and Roy A. Maxion. \u201cWhy 6?\u201d Defining the operational limits of stide, an anomaly-based intrusion detector. In Proceedings of the 2002 IEEE Symposium on Security and Privacy, 12-15 May 2002, Berkeley, California, pages 188\u2013201, IEEE Computer Society Press, Los Alamitos, California, 2002."},{"key":"4_CR20","volume-title":"Proceedings of the 2001 IEEE Symposium on Security and Privacy","author":"D. Wagner","year":"2001","unstructured":"David Wagner and Drew Dean. Intrusion detection via static analysis. In Proceedings of the 2001 IEEE Symposium on Security and Privacy, 14-16 May 2001, Berkeley, California, IEEE Computer Society Press, Los Alamitos, California, 2001."},{"key":"4_CR21","first-page":"133","volume-title":"Proceedings of the 1999 IEEE Symposium on Security and Privacy","author":"C. Warrender","year":"1999","unstructured":"Christina Warrender, Stephanie Forrest, and Barak Pearlmutter. Detecting intrusions using system calls: Alternative data models. In Proceedings of the 1999 IEEE Symposium on Security and Privacy, 9-12 May 1999, Oakland, California, pages 133\u2013145, IEEE Computer Society Press, Los Alamitos, California, 1999."}],"container-title":["Lecture Notes in Computer Science","Recent Advances in Intrusion Detection"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/3-540-36084-0_4","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,4,28]],"date-time":"2019-04-28T00:51:43Z","timestamp":1556412703000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/3-540-36084-0_4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2002]]},"ISBN":["9783540000204","9783540360841"],"references-count":21,"URL":"https:\/\/doi.org\/10.1007\/3-540-36084-0_4","relation":{},"ISSN":["0302-9743"],"issn-type":[{"value":"0302-9743","type":"print"}],"subject":[],"published":{"date-parts":[[2002]]}}}