{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,19]],"date-time":"2025-03-19T13:46:50Z","timestamp":1742392010521},"publisher-location":"Berlin, Heidelberg","reference-count":16,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783540004219"},{"type":"electronic","value":"9783540364153"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2003]]},"DOI":"10.1007\/3-540-36415-3_1","type":"book-chapter","created":{"date-parts":[[2007,8,12]],"date-time":"2007-08-12T00:32:50Z","timestamp":1186878770000},"page":"1-17","source":"Crossref","is-referenced-by-count":20,"title":["Hiding Intrusions: From the Abnormal to the Normal and Beyond"],"prefix":"10.1007","author":[{"given":"Kymie","family":"Tan","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"John","family":"McHugh","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Kevin","family":"Killourhy","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2002,12,18]]},"reference":[{"key":"1_CR1","doi-asserted-by":"publisher","first-page":"222","DOI":"10.1109\/TSE.1987.232894","volume":"SE-13","author":"D. E. Denning","year":"1987","unstructured":"Denning, D. E.: An intrusion detection model. IEEE Transactions on Software Engineering SE-13 (1987) 222\u2013232 1, 3","journal-title":"IEEE Transactions on Software Engineering"},{"key":"1_CR2","unstructured":"Tan, K.M.C., Maxion, R.A.: \u201cWhy 6?\u201d Defining the operational limits of stide, an anomaly\u2013based intrusion detector. In: Proceedings of the 2002 IEEE Symposium on Security and Privacy, Oakland, CA (2002) 2, 5"},{"key":"1_CR3","doi-asserted-by":"crossref","unstructured":"Forrest, S., Hofmeyr, S.A., Somayaji, A., Longsta., T.A.: A sense of self for unix processes. In: Proceedings 1996 IEEE Symposium on Security and Privacy, Los Alamitos, CA, IEEE Computer Society Press (1996) 2, 4, 5","DOI":"10.1109\/SECPRI.1996.502675"},{"key":"1_CR4","unstructured":"Provos, N.: Steganography press information. On line report of work performed at the University of Michigan Center for Information Technology Integration (2002) Observed at \n http:\/\/www.citi.umich.edu\/projects\/steganography\/faq.html\n \n as of 4 february 2002 2"},{"key":"1_CR5","unstructured":"Provos, N., Honeyman, P.: Detecting steganographic content on the internet. In: ISOC NDSS\u201902, San Diego, CA (2002) 2"},{"key":"1_CR6","unstructured":"Anderson, J.P.: Computer security threat monitoring and surveillance. Technical report, James P. Anderson Co., Fort Washington, PA (1980) Available online at \n http:\/\/seclab.cs.ucdavis.edu\/projects\/history\/CD\/ande80.pdf\n \n 3"},{"key":"1_CR7","doi-asserted-by":"crossref","unstructured":"Warrender, C., Forrest, S., Pearlmutter, B.: Detecting intrusions using system calls: Alternative data models. In: Proceedings of the 1999 IEEE Symposium on Security and Privacy, Oakland, CA (1999) 133\u2013145 4, 5, 7","DOI":"10.1109\/SECPRI.1999.766910"},{"key":"1_CR8","doi-asserted-by":"publisher","first-page":"108","DOI":"10.1109\/12.980003","volume":"51","author":"R.A. Maxion","year":"2002","unstructured":"Maxion, R.A., Tan, K.M.C.: Anomaly detection in embedded systems. IEEE Transactions on Computers 51 (2002) 108\u2013120 5","journal-title":"IEEE Transactions on Computers"},{"key":"1_CR9","unstructured":"Pop, S., Card, R.: Restore(8) system manager\u2019s manual. Included in dump version 0.4b13 software package (2000) 8"},{"key":"1_CR10","unstructured":"Troan, E., Brows, P.: Tmpwatch(8). Included in tmpwatch version 2.2 software package (2000) 9"},{"key":"1_CR11","unstructured":"Yurchenko, A.Y.: Tmpwatch arbitrary command execution vulnerability. Internet\u2013\n http:\/\/www.securityfocus.com\/bid\/1785\n \n (2000) bugtraq id 1785 9, 13"},{"key":"1_CR12","unstructured":"Jaconson, V.: Traceroute(8). Included in traceroute version 1.4a5 software package (1997) 10"},{"key":"1_CR13","unstructured":"Kaempf, M.: Lbnl traceroute heap corruption vulnerability (2000) bugtraq id 1739 11"},{"key":"1_CR14","doi-asserted-by":"crossref","unstructured":"Wagner, D., Soto, P.: Mimicry attacks on host\u2013based intrusion detection systems. In: 9th ACM Conference on Computer and Communications Security. (2002) To Appear 14","DOI":"10.1145\/586110.586145"},{"key":"1_CR15","series-title":"Lect Notes Comput Sci","doi-asserted-by":"crossref","first-page":"54","DOI":"10.1007\/3-540-36084-0_4","volume-title":"5th International Symposium","author":"K. M. Tan","year":"2002","unstructured":"Tan, K. M., Killourhy, K. S., Maxion, R.A.: Undermining an anomaly\u2013based intrusion detection system using common exploits. In Wespi, A., Vigna, G., Deri, L., eds.: 5th International Symposium, RAID 2002. Number 2516 in LNCS, Zurich, Switzerland, Springer (2002) 54\u201373 14"},{"key":"1_CR16","unstructured":"Lee, W., Xiang, D.: \u2018Information\u2013theoretic measures for anomaly detection\u2019. In: Proceedings of the 2001 IEEE Symposium on Security and Privacy, Oakland, CA, IEEE Computer Society Press, Los Alamitos, CA (2001) 130\u2013143 16"}],"container-title":["Lecture Notes in Computer Science","Information Hiding"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/3-540-36415-3_1","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,2,21]],"date-time":"2019-02-21T07:54:33Z","timestamp":1550735673000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/3-540-36415-3_1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2002,12,18]]},"ISBN":["9783540004219","9783540364153"],"references-count":16,"URL":"https:\/\/doi.org\/10.1007\/3-540-36415-3_1","relation":{},"ISSN":["0302-9743"],"issn-type":[{"type":"print","value":"0302-9743"}],"subject":[],"published":{"date-parts":[[2002,12,18]]}}}