{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,19]],"date-time":"2025-03-19T11:12:15Z","timestamp":1742382735917},"publisher-location":"Berlin, Heidelberg","reference-count":24,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783540000204"},{"type":"electronic","value":"9783540360841"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2002]]},"DOI":"10.1007\/3-540-36084-0_5","type":"book-chapter","created":{"date-parts":[[2007,5,16]],"date-time":"2007-05-16T01:40:00Z","timestamp":1179279600000},"page":"74-94","source":"Crossref","is-referenced-by-count":53,"title":["Analyzing Intensive Intrusion Alerts via Correlation"],"prefix":"10.1007","author":[{"given":"Peng","family":"Ning","sequence":"first","affiliation":[]},{"given":"Yun","family":"Cui","sequence":"additional","affiliation":[]},{"given":"Douglas S.","family":"Reeves","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2002,10,10]]},"reference":[{"key":"5_CR1","unstructured":"Javits, H., Valdes, A.: The NIDES statistical component: Description and justification. Technical report, SRI International, Computer Science Laboratory (1993)"},{"key":"5_CR2","doi-asserted-by":"crossref","first-page":"37","DOI":"10.3233\/JCS-1999-7103","volume":"7","author":"G. Vigna","year":"1999","unstructured":"Vigna, G., Kemmerer, R.A.: NetSTAT: A network-based intrusion detection system. Journal of Computer Security 7 (1999) 37\u201371","journal-title":"Journal of Computer Security"},{"key":"5_CR3","doi-asserted-by":"crossref","unstructured":"Valdes, A., Skinner, K.: Probabilistic alert correlation. In: Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection (RAID 2001). (2001) 54\u201368","DOI":"10.1007\/3-540-45474-8_4"},{"key":"5_CR4","series-title":"Lect Notes Comput Sci","doi-asserted-by":"publisher","first-page":"85","DOI":"10.1007\/3-540-45474-8_6","volume-title":"Recent Advances in Intrusion Detection","author":"H. Debar","year":"2001","unstructured":"Debar, H., Wespi, A.: Aggregation and correlation of intrusion-detection alerts. In: Recent Advances in Intrusion Detection. LNCS 2212 (2001) 85\u2013103"},{"key":"5_CR5","unstructured":"Dain, O., Cunningham, R.: Fusing a heterogeneous alert stream into scenarios. In: Proceedings of the 2001 ACM Workshop on Data Mining for Security Applications. (2001) 1\u201313"},{"key":"5_CR6","unstructured":"Ning, P., Reeves, D.S., Cui, Y.: Correlating alerts using prerequisites of intrusions. Technical Report TR-2001-13, North Carolina State University, Department of Computer Science (2001)"},{"key":"5_CR7","unstructured":"Ning, P., Cui, Y.: An intrusion alert correlator based on prerequisites of intrusions. Technical Report TR-2002-01, North Carolina State University, Department of Computer Science (2002)"},{"key":"5_CR8","unstructured":"MIT Lincoln Lab: 2000 DARPA intrusion detection scenario specific datasets. http:\/\/www.ll.mit.edu\/IST\/ideval\/data\/2000\/2000dataindex.html (2000)"},{"key":"5_CR9","doi-asserted-by":"publisher","first-page":"571","DOI":"10.1016\/S1389-1286(00)00138-9","volume":"34","author":"S. Manganaris","year":"2000","unstructured":"Manganaris, S., Christensen, M., Zerkle, D., Hermiz, K.: A data mining analysis of RTID alarms. Computer Networks 34 (2000) 571\u2013577","journal-title":"Computer Networks"},{"key":"5_CR10","unstructured":"DEFCON: Def con capture the flag (CTF) contest. http:\/\/www.defcon.org\/html\/defcon-8-post.html (2000) Archive accessible at http:\/\/wi2600.org\/mediawhore\/mirrors\/shmoo\/ ."},{"key":"5_CR11","doi-asserted-by":"crossref","unstructured":"Bace, R.: Intrusion Detection. Macmillan Technology Publishing (2000)","DOI":"10.6028\/NIST.SP.800-31"},{"key":"5_CR12","doi-asserted-by":"crossref","unstructured":"Staniford, S., Hoagland, J., McAlerney, J.: Practical automated detection of stealthy portscans. To appear in Journal of Computer Security (2002)","DOI":"10.3233\/JCS-2002-101-205"},{"key":"5_CR13","doi-asserted-by":"crossref","unstructured":"Templeton, S., Levit, K.: A requires\/provides model for computer attacks. In: Proceedings of New Security Paradigms Workshop, ACM Press (2000) 31\u201338","DOI":"10.1145\/366173.366187"},{"key":"5_CR14","doi-asserted-by":"crossref","unstructured":"Cuppens, F., Miege, A.: Alert correlation in a cooperative intrusion detection framework. In: Proceedings of the 2002 IEEE Symposium on Security and Privacy. (2002)","DOI":"10.1109\/SECPRI.2002.1004372"},{"key":"5_CR15","first-page":"361","volume":"1","author":"S. Staniford-Chen","year":"1996","unstructured":"Staniford-Chen, S., Cheung, S., Crawford, R., Dilger, M., Frank, J., Hoagland, J., Levitt, K., Wee, C., Yip, R., Zerkle, D.: GrIDS-a graph based intrusion detection system for large networks. In: Proceedings of the 19th National Information Systems Security Conference. Volume 1.(1996) 361\u2013370","journal-title":"Proceedings of the 19th National Information Systems Security Conference"},{"key":"5_CR16","doi-asserted-by":"publisher","first-page":"181","DOI":"10.1109\/32.372146","volume":"21","author":"K. Ilgun","year":"1995","unstructured":"Ilgun, K., Kemmerer, R.A., Porras, P.A.: State transition analysis: A rule-based intrusion detection approach. IEEE Transaction on Software Engineering 21 (1995) 181\u2013199","journal-title":"IEEE Transaction on Software Engineering"},{"key":"5_CR17","doi-asserted-by":"crossref","unstructured":"Cuppens, F., Ortalo, R.: Lambda: A language to model a database for detection of attacks. In: Proc. of Recent Advances in Intrusion Detection (RAID 2000). (2000) 197\u2013216","DOI":"10.1007\/3-540-39945-3_13"},{"key":"5_CR18","unstructured":"Lin, J., Wang, X.S., Jajodia, S.: Abstraction-based misuse detection: High-level specifications and adaptable strategies. In: Proceedings of the 1 1th Computer Security Foundations Workshop, Rockport, MA (1998) 190\u2013201"},{"key":"5_CR19","doi-asserted-by":"publisher","first-page":"407","DOI":"10.1145\/503339.503342","volume":"4","author":"P. Ning","year":"2001","unstructured":"Ning, P., Jajodia, S., Wang, X.S.: Abstraction-based intrusion detection in distributed environments. ACM Transactions on Information and System Security 4 (2001) 407\u2013452","journal-title":"ACM Transactions on Information and System Security"},{"key":"5_CR20","unstructured":"Gruschke, B.: Integrated event management: Event correlation using dependency graphs. In: Proceedings of the 9th IFIP\/IEEE International Workshop on Distributed Systems: Operations & Management. (1998)"},{"key":"5_CR21","unstructured":"Ricciulli, L., Shacham, N.: Modeling correlated alarms in network management systems. In: In Western Simulation Multiconference. (1997)"},{"key":"5_CR22","unstructured":"Gardner, R., Harle, D.: Pattern discovery and specification translation for alarm correlation. In: Proceedings of Network Operations and Management Symposium (NOMS\u201998). (1998) 713\u2013722"},{"key":"5_CR23","unstructured":"ISS, Inc.: RealSecure intrusion detection system. ( http:\/\/www.iss.net )"},{"key":"5_CR24","unstructured":"AT & T Research Labs: Graphviz-open source graph layout and drawing software. ( http:\/\/www.research.att.com\/sw\/tools\/graphviz\/ )"}],"container-title":["Lecture Notes in Computer Science","Recent Advances in Intrusion Detection"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/3-540-36084-0_5","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,4,28]],"date-time":"2019-04-28T00:51:32Z","timestamp":1556412692000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/3-540-36084-0_5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2002]]},"ISBN":["9783540000204","9783540360841"],"references-count":24,"URL":"https:\/\/doi.org\/10.1007\/3-540-36084-0_5","relation":{},"ISSN":["0302-9743"],"issn-type":[{"type":"print","value":"0302-9743"}],"subject":[],"published":{"date-parts":[[2002]]}}}