{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,30]],"date-time":"2026-03-30T17:51:43Z","timestamp":1774893103384,"version":"3.50.1"},"publisher-location":"Berlin, Heidelberg","reference-count":23,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783540410850","type":"print"},{"value":"9783540399452","type":"electronic"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2000]]},"DOI":"10.1007\/3-540-39945-3_11","type":"book-chapter","created":{"date-parts":[[2007,4,14]],"date-time":"2007-04-14T06:38:33Z","timestamp":1176532713000},"page":"162-182","source":"Crossref","is-referenced-by-count":137,"title":["Analysis and Results of the 1999 DARPA Off-Line Intrusion Detection Evaluation"],"prefix":"10.1007","author":[{"given":"Richard","family":"Lippmann","sequence":"first","affiliation":[]},{"given":"Joshua W.","family":"Haines","sequence":"additional","affiliation":[]},{"given":"David J.","family":"Fried","sequence":"additional","affiliation":[]},{"given":"Jonathan","family":"Korba","sequence":"additional","affiliation":[]},{"given":"Kumar","family":"Das","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2000,11,11]]},"reference":[{"key":"11_CR1","unstructured":"E. G. Amoroso, Intrusion Detection: An Introduction to Internet Surveillance, Correlation, Trace Back, Traps, and Response, Intrusion.Net Books, 1999."},{"key":"11_CR2","unstructured":"K. Das, The Development of Stealthy Attacks to Evaluate Intrusion Detection Systems, S. M. Thesis, MIT Department of Electrical Engineering and Computer Science, June 2000."},{"key":"11_CR3","doi-asserted-by":"publisher","first-page":"53","DOI":"10.1145\/306549.306571","volume":"42","author":"R. Durst","year":"1999","unstructured":"R. Durst, Terrence Champion, Brian Witten, Eric Miller and Luigi Spagnuolo, Testing and evaluating computer intrusion detection systems, Communications of the ACM, 42, 1999, 53\u201361.","journal-title":"Communications of the ACM"},{"key":"11_CR4","unstructured":"A. K. Ghosh and A. Schwartzbard, A Study in Using Neural Networks for Anomaly and Misuse Detection, in Proceedings of the USENIX Security Symposium, August 23\u201326, 1999, Washington, D.C, http:\/\/www.rstcorp.com\/~anup ."},{"key":"11_CR5","unstructured":"T. Heberlein, T., Network Security Monitor (NSM)-Final Report, U. C. Davis: February 1995, http:\/\/seclab.cs.ucdavis.edu\/papers\/NSM-final.pdf"},{"key":"11_CR6","unstructured":"K. Jackson, Intrusion Detection System (IDS) Product Survey, Los Alamos National Laboratory, Report LA-UR-99-3883, 1999."},{"key":"11_CR7","unstructured":"S. Jajodia, D. Barbara, B. Speegle, and N. Wu, Audit Data Analysis and Mining (ADAM), project described in http:\/\/www.isse.gmu.edu\/~dbarbara\/adam.html , April, 2000."},{"key":"11_CR8","unstructured":"K. Kendall, A Database of Computer Attacks for the Evaluation of Intrusion Detection Systems, S. M. Thesis, MIT Department of Electrical Engineering and Computer Science, June 1999."},{"key":"11_CR9","unstructured":"J. Korba, Windows NT Attacks for the Evaluation of Intrusion Detection Systems, S. M. Thesis, MIT Department of Electrical Engineering and Computer Science, June 2000."},{"key":"11_CR10","unstructured":"Lawrence Berkeley National Laboratory Network Research Group provides tcp-dump at http:\/\/www-nrg.ee.lbl.gov ."},{"key":"11_CR11","doi-asserted-by":"crossref","unstructured":"R. P. Lippmann, Joshua W. Haines, David J. Fried, Jonathan Korba, and Kumar Das, The 1999 DARPA Off-Line Intrusion Detection Evaluation, Computer Networks, In Press, 2000.","DOI":"10.1016\/S1389-1286(00)00139-0"},{"key":"11_CR12","doi-asserted-by":"crossref","unstructured":"R. P. Lippmann, David J. Fried, Isaac Graf, Joshua W. Haines, Kristopher R. Kendall, David McClung, Dan Weber, Seth E. Webster, Dan Wyschogrod, Robert K. Cunningham, and Marc A. Zissman, Evaluating Intrusion Detection Systems: the 1998 DARPA Off-Line Intrusion Detection Evaluation, in Proceedings of the 2000 DARPA Information Survivability Conference and Exposition (DISCEX), Vol. 2, IEEE Press, January 2000.","DOI":"10.1109\/DISCEX.2000.821506"},{"key":"11_CR13","unstructured":"R. P. Lippmann and R. K. Cunningham, Guide to Creating Stealthy Attacks for the 1999 DARPA Off-Line Intrusion Detection Evaluation, MIT Lincoln Laboratory Project Report IDDE-1, June 1999."},{"key":"11_CR14","unstructured":"MIT Lincoln Laboratory, A public web site http:\/\/www.ll.mit.edu\/IST\/ideval\/index.html , contains limited information on the 1998 and 1999 evaluations. Follow instructions on this web site or send email to the authors (rpl or jhaines@sst.ll.mit.edu) to obtain access to a password-protected site with more complete information on these evaluations and results. Software scripts to execute attacks are not provided on these or other web sites."},{"key":"11_CR15","unstructured":"P. Neumann and P. Porras, Experience with EMERALD to DATE, in Proceedings 1st USENIX Workshop on Intrusion Detection and Network Monitoring, Santa Clara, California, April 1999, 73\u201380, http:\/\/www.sdl.sri.com\/emerald\/index.html ."},{"key":"11_CR16","volume-title":"An Analysis Handbook","author":"S. Northcutt","year":"1999","unstructured":"S. Northcutt, Network Intrusion Detection; An Analysis Handbook, New Riders Publishing, Indianapolis, 1999."},{"key":"11_CR17","doi-asserted-by":"crossref","unstructured":"V. Paxson, \u201cEmpirically-Derived Analytic Models of Wide-Area TCP Connections\u201d, IEEE\/ACM Transactions on Networking, Vol. 2, No. 4, August, 1994, ftp:\/\/ftp.ee.lbl.gov\/papers\/WAN-TCP-models.ps.Z .","DOI":"10.1109\/90.330413"},{"key":"11_CR18","unstructured":"T. H. Ptacek and T. N. Newsham, Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection, Secure Networks, Inc. Report, January 1998."},{"key":"11_CR19","doi-asserted-by":"crossref","unstructured":"N. Puketza, M. Chung, R. A. Olsson, and B. Mukherjee, A Software Platform for Testing Intrusion Detection Systems, IEEE Software, September\/October, 1997, 43\u201351.","DOI":"10.1109\/52.605930"},{"key":"11_CR20","unstructured":"A. Schwartzbard and A. K. Ghosh, A Study in the Feasibility of Performing Hostbased Anomaly Detection on Windows NT, in Proceedings of the 2nd Recent Advances in Intrusion Detection (RAID 1999) Workshop, West Lafayette, IN, September 7\u20139, 1999."},{"key":"11_CR21","doi-asserted-by":"crossref","unstructured":"R. Sekar and P. Uppuluri, Synthesizing Fast Intrusion Prevention\/Detection Systems from High-Level Specifications, in Proceedings 8th Usenix Security Symposium, Washington DC, Aug. 1999, http:\/\/rcs-sgi.cs.iastate.edu\/sekar\/abs\/usenixsec99.htm .","DOI":"10.1145\/319709.319712"},{"key":"11_CR22","unstructured":"M. Tyson, P. Berry, N. Williams, D. Moran, D. Blei, DERBI: Diagnosis, Explanation and Recovery from computer Break-Ins, project described in http:\/\/www.ai.sri.com\/~derbi\/ , April. 2000."},{"key":"11_CR23","unstructured":"G. Vigna, S. T. Eckmann, and R. A. Kemmerer, The STAT Tool Suite, in Proceedings of the 2000 DARPA Information Survivability Conference and Exposition (DISCEX), IEEE Press, January 2000."}],"container-title":["Lecture Notes in Computer Science","Recent Advances in Intrusion Detection"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/3-540-39945-3_11","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,1,15]],"date-time":"2025-01-15T20:03:50Z","timestamp":1736971430000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/3-540-39945-3_11"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2000]]},"ISBN":["9783540410850","9783540399452"],"references-count":23,"URL":"https:\/\/doi.org\/10.1007\/3-540-39945-3_11","relation":{},"ISSN":["0302-9743"],"issn-type":[{"value":"0302-9743","type":"print"}],"subject":[],"published":{"date-parts":[[2000]]}}}