{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,8]],"date-time":"2026-05-08T14:16:08Z","timestamp":1778249768694,"version":"3.51.4"},"publisher-location":"Berlin, Heidelberg","reference-count":15,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783540023548","type":"print"},{"value":"9783540369011","type":"electronic"}],"license":[{"start":{"date-parts":[[2003,1,1]],"date-time":"2003-01-01T00:00:00Z","timestamp":1041379200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2003,1,1]],"date-time":"2003-01-01T00:00:00Z","timestamp":1041379200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2003]]},"DOI":"10.1007\/3-540-36901-5_21","type":"book-chapter","created":{"date-parts":[[2007,8,15]],"date-time":"2007-08-15T03:32:09Z","timestamp":1187148729000},"page":"193-200","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Applying Data Mining Techniques to Analyze Alert Data"],"prefix":"10.1007","author":[{"given":"Moonsun","family":"Shin","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Hosung","family":"Moon","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Keunho","family":"Ryu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"KiYoung","family":"Kim","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"JinOh","family":"Kim","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2003,4,15]]},"reference":[{"key":"21_CR1","unstructured":"D. Schnackenberg, K. Djahandari, and D. Sterne, \u201cInfrastructure for Intrusion Detection and Response\u201d, Proceedings of the DARPA Information Survivability Conference, Jan. 2000"},{"key":"21_CR2","unstructured":"D. Schnackenberg, H. Holliday, R. Smith, K. Djahandari, and D. Sterne, \u201cCooperative Intrusion Traceback and Response Architecture (CITRA)\u201d, DISCEX\u201901, Anaheim, California, June. 2001."},{"key":"21_CR3","doi-asserted-by":"crossref","unstructured":"S. M. Lewandowski, D. J. Van Hook, G. C. O\u2019Leary, J. W. Haines, and L. M. Rossey, \u201cSARA: Survivable Autonomic Response Architecture\u201d, DISCEX\u201901, Anaheim, California, June. 2001.","DOI":"10.21236\/ADA408307"},{"key":"21_CR4","unstructured":"IPHIGHWAY, Inc., \u201cIntroduction to Policy-based network and quality of service\u2019, http:\/\/www.iphighway.com, 2002."},{"key":"21_CR5","doi-asserted-by":"crossref","unstructured":"E. Lupu and M. Sloman, \u201cConflicts in Policy-based Distributed Systems Management\u201d, IEEE Transactions on Software Engineering, Vol. 25, No. 6, Nov. 1999.","DOI":"10.1109\/32.824414"},{"issue":"2","key":"21_CR6","doi-asserted-by":"publisher","first-page":"73","DOI":"10.1145\/276305.276312","volume":"27","author":"S. Guha","year":"1998","unstructured":"Sudipto Guha, Rajeev Rastogi, and Kyuseok Shim, \u201cCURE: An Efficient Clustering Algorithm for Large Databases\u201d, In Proceedings of SIGMOD, Vol. 27(2), pages 73\u201384, Jun. 1998.","journal-title":"Proceedings of SIGMOD"},{"key":"21_CR7","doi-asserted-by":"crossref","unstructured":"B. Moore, E. Ellesson, J. Strassner, and A. Westerinen, \u201cPolicy Core Information Model \u2014 Ver. 1 Spec.\u201d, IETF RFC3060, Feb. 2001.","DOI":"10.17487\/rfc3060"},{"key":"21_CR8","unstructured":"W. Lee, S. J. Stolfo, K. W. Mok \u201cA Data Mining Framework for Building Intrusion Detection Models*\u201d, Computer Science Department, Columbia University"},{"key":"21_CR9","doi-asserted-by":"crossref","unstructured":"Valdes and K. Skinner, \u201cProbabilistic alert correlation\u201d, In Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection (RAID 2001), pages 54\u201368, 2001.","DOI":"10.1007\/3-540-45474-8_4"},{"key":"21_CR10","doi-asserted-by":"crossref","unstructured":"H. Mannila, H. Toivonen and A. I. Verkamo, \u201cDiscovery of frequent episodes in event sequences\u201d, Data Mining and Knowledge Discovery, 1(3), Nov. 1997.","DOI":"10.1023\/A:1009748302351"},{"key":"21_CR11","unstructured":"O. Dain and R.K. Cunningham, \u201cFusing a heterogeneous alert stream into scenarios\u201d, In Proceedings of the 2001 ACM Workshop on Data Mining for Security Applications, pages 1\u201313, Nov. 2001."},{"key":"21_CR12","unstructured":"Lincoln Lab MIT. DARPA 2000 intrusion detection evaluation datasets."},{"key":"21_CR13","unstructured":"http:\/\/ideval.ll.mit.edu\/"},{"key":"21_CR14","unstructured":"KDD99Cup, http:\/\/kdd.ics.uci.edu\/databases\/kddcup99\/kddcup99.html, 1999"},{"key":"21_CR15","unstructured":"H. S. Moon, M.S. Shin, K. H. Ryu and J. O. Kim \u201cImplementation of security policy server\u2019s alert analyzer\u201d, ICIS, Aug. 2002"}],"container-title":["Lecture Notes in Computer Science","Web Technologies and Applications"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/3-540-36901-5_21","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,5,8]],"date-time":"2026-05-08T13:50:28Z","timestamp":1778248228000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/3-540-36901-5_21"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2003]]},"ISBN":["9783540023548","9783540369011"],"references-count":15,"URL":"https:\/\/doi.org\/10.1007\/3-540-36901-5_21","relation":{},"ISSN":["0302-9743"],"issn-type":[{"value":"0302-9743","type":"print"}],"subject":[],"published":{"date-parts":[[2003]]},"assertion":[{"value":"15 April 2003","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}}]}}