{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,7,30]],"date-time":"2025-07-30T15:10:42Z","timestamp":1753888242190},"publisher-location":"Berlin, Heidelberg","reference-count":18,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783540410850"},{"type":"electronic","value":"9783540399452"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2000]]},"DOI":"10.1007\/3-540-39945-3_4","type":"book-chapter","created":{"date-parts":[[2007,4,14]],"date-time":"2007-04-14T02:38:33Z","timestamp":1176518313000},"page":"49-65","source":"Crossref","is-referenced-by-count":27,"title":["A Data Mining and CIDF Based Approach for Detecting Novel and Distributed Intrusions"],"prefix":"10.1007","author":[{"given":"Wenke","family":"Lee","sequence":"first","affiliation":[]},{"given":"Rahul A.","family":"Nimbalkar","sequence":"additional","affiliation":[]},{"given":"Kam K.","family":"Yee","sequence":"additional","affiliation":[]},{"given":"Sunil B.","family":"Patil","sequence":"additional","affiliation":[]},{"given":"Pragneshkumar H.","family":"Desai","sequence":"additional","affiliation":[]},{"given":"Thuan T.","family":"Tran","sequence":"additional","affiliation":[]},{"given":"Salvatore J.","family":"Stolfo","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2000,11,11]]},"reference":[{"key":"4_CR1","doi-asserted-by":"crossref","unstructured":"W. W. Cohen. Fast effective rule induction. In Machine Learning: the 12th International Conference, Lake Taho, CA, 1995. Morgan Kaufmann.","DOI":"10.1016\/B978-1-55860-377-6.50023-2"},{"key":"4_CR2","unstructured":"D. Dittrich. Distributed denial of service (ddos) attacks and tools. http:\/\/staff.washington.edu\/dittrich\/misc\/ddos\/ ."},{"key":"4_CR3","doi-asserted-by":"crossref","unstructured":"R. Heady, G. Luger, A. Maccabe, and M. Servilla. The architecture of a network level intrusion detection system. Technical report, Computer Science Department, University of New Mexico, August 1990.","DOI":"10.2172\/425295"},{"issue":"3","key":"4_CR4","doi-asserted-by":"crossref","first-page":"181","DOI":"10.1109\/32.372146","volume":"21","author":"K. Ilgun","year":"1995","unstructured":"K. Ilgun, R. A. Kemmerer, and P. A. Porras. State transition analysis: A rule-based intrusion detection approach. IEEE Transactions on Software Engineering, 21(3):181\u2013199, March 1995.","journal-title":"IEEE Transactions on Software Engineering"},{"key":"4_CR5","unstructured":"V. Jacobson, C. Leres, and S. McCanne. tcpdump. available via anonymous ftp to ftp:\/\/ftp.ee.lbl.gov\/ , June 1989."},{"key":"4_CR6","volume-title":"Technical report","author":"J. O. Kephart","year":"1997","unstructured":"J. O. Kephart, G. B. Sorkin, M. Swimmer, and S. R. White. Blueprint for a computer immune system. Technical report, IBM T. J. Watson Research Center, Yorktown Heights, New York, 1997."},{"key":"4_CR7","unstructured":"S. Kumar and E. H. Spafford. A software architecture to support misuse intrusion detection. In Proceedings of the 18th National Information Security Conference, pages 194\u2013204, 1995."},{"key":"4_CR8","unstructured":"W. Lee. A Data Mining Framework for Constructing Features and Models for Intrusion Detection Systems. PhD thesis, Columbia University, June 1999."},{"key":"4_CR9","unstructured":"W. Lee, S. J. Stolfo, and K. W. Mok. Mining audit data to build intrusion detection models. In Proceedings of the 4th International Conference on Knowledge Discovery and Data Mining, New York, NY, August 1998. AAAI Press."},{"key":"4_CR10","unstructured":"W. Lee, S. J. Stolfo, and K. W. Mok. A data mining framework for building intrusion detection models. In Proceedings of the 1999 IEEE Symposium on Security and Privacy, May 1999."},{"key":"4_CR11","unstructured":"R. Lippmann, D. Fried, I. Graf, J. Haines, K. Kendall, D. McClung, D. Weber, S. Webster, D. Wyschogrod, R. Cunninghan, and M. Zissman. Evaluating intrusion detection systems: The 1998 darpa off-line intrusion detection evaluation. In Proceedings of the 2000 DARPA Information Survivability Conference and Exposition, January 2000."},{"key":"4_CR12","volume-title":"Technical report","author":"T. Lunt","year":"1992","unstructured":"T. Lunt, A. Tamaru, F. Gilham, R. Jagannathan, P. Neumann, H. Javitz, A. Valdes, and T. Garvey. A real-time intrusion detection expert system (IDES)-final technical report. Technical report, Computer Science Laboratory, SRI International, Menlo Park, California, February 1992."},{"key":"4_CR13","unstructured":"Network Flight Recorder Inc. Network flight recorder. http:\/\/www.nfr.com , 1997."},{"key":"4_CR14","unstructured":"V. Paxson. Bro: A system for detecting network intruders in real-time. In Proceedings of the 7th USENIX Security Symposium, San Antonio, TX, 1998."},{"key":"4_CR15","unstructured":"P. A. Porras and P. G. Neumann. EMERALD: Event monitoring enabling responses to anomalous live disturbances. In National Information Systems Security Conference, Baltimore MD, October 1997."},{"key":"4_CR16","unstructured":"R. Rivest. S-expressions. Internet-Draft draft-rivest-sexp-00.txt, expired 1997."},{"key":"4_CR17","unstructured":"S. Stainford-Chen. Common intrusion detection framework. http:\/\/seclab.cs.ucdavis.edu\/cidf ."},{"key":"4_CR18","unstructured":"B. Tung. The common intrusion specification language: A retrospective. In Proceedings of the 2000 DARPA Information Survivability Conference and Exposition, January 2000."}],"container-title":["Lecture Notes in Computer Science","Recent Advances in Intrusion Detection"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/3-540-39945-3_4","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,4,27]],"date-time":"2019-04-27T05:34:51Z","timestamp":1556343291000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/3-540-39945-3_4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2000]]},"ISBN":["9783540410850","9783540399452"],"references-count":18,"URL":"https:\/\/doi.org\/10.1007\/3-540-39945-3_4","relation":{},"ISSN":["0302-9743"],"issn-type":[{"type":"print","value":"0302-9743"}],"subject":[],"published":{"date-parts":[[2000]]}}}