{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,6]],"date-time":"2025-12-06T04:55:10Z","timestamp":1764996910577},"publisher-location":"Boston, MA","reference-count":74,"publisher":"Springer US","isbn-type":[{"type":"print","value":"9781461353218"},{"type":"electronic","value":"9781461509530"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2002]]},"DOI":"10.1007\/978-1-4615-0953-0_1","type":"book-chapter","created":{"date-parts":[[2011,6,20]],"date-time":"2011-06-20T01:35:58Z","timestamp":1308533758000},"page":"1-31","source":"Crossref","is-referenced-by-count":24,"title":["Modern Intrusion Detection, Data Mining, and Degrees of Attack Guilt"],"prefix":"10.1007","author":[{"given":"Steven","family":"Noel","sequence":"first","affiliation":[]},{"given":"Duminda","family":"Wijesekera","sequence":"additional","affiliation":[]},{"given":"Charles","family":"Youman","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"1_CR1","unstructured":"Abraham, T. (2001). IDDM: Intrusion Detection using Data Mining Techniques. Technical Report DSTO-GD-0286, DSTO Electronics and Surveillance Research Laboratory."},{"key":"1_CR2","volume-title":"CMU","author":"J Allen","year":"2000","unstructured":"Allen, J., Christie, A., Fithen, W., McHugh, J., Pickel, J., and Stoner, E. (2000). State of the practice of intrusion detection technologies. Technical Report CMU\/SEI-99-TR-028, Software Engineering Institute, CMU, Pittsburgh, PA."},{"key":"1_CR3","volume-title":"SRI International","author":"D Anderson","year":"(1995a)","unstructured":"Anderson, D., Lunt, T. F., Javitz, H., Tamaru, A., and Valdes, A. (1995a). Detecting Unusual Program Behavior Using the Statistical Component of the Next-generation Intrusion Detection Expert System (NIDES). Technical Report SRI-CSL-95\u201306, SRI International, Menlo Park, CA."},{"key":"1_CR4","volume-title":"SRI International","author":"D Anderson","year":"(1995b)","unstructured":"Anderson, D., Lunt, T. F., Javitz, H., Tamaru, A., and Valdes, A. (1995b). Detecting Unusual Program Behavior Using the Statistical Component of the Next-generation Intrusion Detection Expert System (NIDES). Technical Report SRI-CSL-95\u201306, Computer Science Laboratory, SRI International, Menlo Park, CA."},{"key":"1_CR5","volume-title":"Chalmers University of Technology","author":"S Axelsson","year":"1999","unstructured":"Axelsson, S. (1999). Research in intrusion-detection systems: A survey. Technical Report TR: 98\u201317, Department of Computer Engineering, Chalmers University of Technology, Goteborg, Sweden."},{"issue":"1","key":"1_CR6","doi-asserted-by":"publisher","first-page":"186","DOI":"10.1145\/357830.357849","volume":"3","author":"S Axelsson","year":"(2000a)","unstructured":"Axelsson, S. (2000a). The base-rate fallacy and the difficulty of intrusion detection.ACM Transactions on Information and System Security3(1):186\u2013205.","journal-title":"ACM Transactions on Information and System Security"},{"key":"1_CR7","volume-title":"Chalmers University of Technology","author":"S Axelsson","year":"(2000b)","unstructured":"Axelsson, S. (2000b). Intrusion detection systems: A survey and taxonomy. Technical report, Department of Computer Engineering, Chalmers University of Technology, Goteborg, Sweden."},{"key":"1_CR8","volume-title":"Mining unexpected rules in network audit trails","author":"D Barbara","year":"1999","unstructured":"Barbara, D., Jajodia, S., Wu, N., and Speegle, B. (1999). Mining unexpected rules in network audit trails. Technical report, George Mason University."},{"key":"1_CR9","doi-asserted-by":"crossref","unstructured":"Barbara, D., Wu, N., and Jajodia, S. (2001). Detecting novel network intrusions using bayes estimators. InFirst SIAM Conference on Data MiningChicago, IL. Society for Industrial and Applied Mathematics.","DOI":"10.1137\/1.9781611972719.28"},{"key":"1_CR10","doi-asserted-by":"crossref","unstructured":"Bauer, D. S. and Koblentz, M. E. (1988). NIDX-An Expert System for Real-time. InComputer Networking Symposium.","DOI":"10.1109\/CNS.1988.4983"},{"key":"1_CR11","doi-asserted-by":"crossref","unstructured":"Cabrera, J. B. D., Ravichandran, B., and Mehra, R. K. (2000). Statistical traffic modeling for network intrusion detection. In8th International Symposium on Modeling\n                Analysis and Simulation of Computer and Telecommunication Systems San Francisco, CA.","DOI":"10.1109\/MASCOT.2000.876573"},{"key":"1_CR12","volume-title":"Technical Report CA-2001-02","author":"CERT Advisory","year":"2001","unstructured":"CERT Advisory (2001). Multiple vulnerabilities in bind, computer emergency response. Technical Report CA-2001\u201302, Computer Emergency Response Center, Carnegie Mellon University. Available as\n                  http:\/\/www.cert.org\n                  \n                \n\/advisories\/CA-2001-02.html"},{"key":"1_CR13","doi-asserted-by":"crossref","unstructured":"Clifton, C. and Gengo, G. (2000). Developing custom intrusion detection filters using data mining. In21st Century Military Communications Conferencevolume 1, pages 440\u2013443. IEEE Computer Society.","DOI":"10.1109\/MILCOM.2000.904991"},{"key":"1_CR14","unstructured":"Crosbie, M., Dole, B., Ellis, T., Krsul, I., and Spafford, E. (1996).IDIOT Users Guide.Purdue University, West Lafayette, IN. TR-96\u2013050."},{"key":"1_CR15","unstructured":"CTC-Corporation (2000). Best of breed appendices. Tech Report 0017UU-TE-000712."},{"key":"1_CR16","doi-asserted-by":"publisher","first-page":"222","DOI":"10.1109\/TSE.1987.232894","volume":"13","author":"DE Denning","year":"1987","unstructured":"Denning, D. E. (1987). An intrusion-detection model.IEEE Transactions on Software Engineering13:222\u2013232.","journal-title":"IEEE Transactions on Software Engineering"},{"key":"1_CR17","unstructured":"Dowell, C. and Ramstedt, P. (1990). The computerwatch data reduction tool. In 13th National Computer Security Conference, Washington, DC."},{"key":"1_CR18","unstructured":"Engelhardt, D. (1997). Directions for intrusion detection and response: A survey. Technical Report DSTO-GD-0155, DSTO Electronics and Surveillance Research Laboratory."},{"key":"1_CR19","doi-asserted-by":"crossref","unstructured":"Esmaili, M., Balachandran, B., Safavi-Naini, R., and Pieprzyk, J. (1996). Case-based reasoning for intrusion detection. In12th Annual Computer Security Applications ConferenceSan Diego, CA.","DOI":"10.1109\/CSAC.1996.569702"},{"key":"1_CR20","unstructured":"Esmaili, M., Safavi-Naini, R., and Balachandran, B. M. (1997). Auto-guard: A continuous case-based intrusion detection system. InTwen-tieth Australasian Computer Science Conference."},{"key":"1_CR21","first-page":"120","volume-title":"IEEE Symposium on Security and Privacy","author":"S Forrest","year":"1996","unstructured":"Forrest, S., Hofmeyr, S., Somayaji, A., and Longstaff, T. (1996). A sense of self for unix processes. InIEEE Symposium on Security and Privacypages 120\u2013128, Oakland, CA. IEEE Computer Society."},{"key":"1_CR22","unstructured":"Ghosh, A. K. and Schwartzbard, A. (1999). A study in using neural networks for anomaly and misuse detection. InUsenix Security SymposiumWashington, DC."},{"key":"1_CR23","unstructured":"Heberlein, L. T., Mukherjee, B., and Levitt, K. N. (1992). Internet security monitor: An intrusion detection system for large-scale networks. In15th National Computer Security ConferenceBaltimore, MD."},{"key":"1_CR24","volume-title":"Iowa State University","author":"G Helmer","year":"1999","unstructured":"Helmer, G., Wong, J., Honavar, V., and Miller, L. (1999). Automated discovery of concise predictive rules for intrusion detection. Technical Report TR 99\u201301, Department of Computer Science, Iowa State University, Ames, IA."},{"issue":"3","key":"1_CR25","doi-asserted-by":"publisher","first-page":"248","DOI":"10.1016\/0167-4048(93)90110-Q","volume":"12","author":"J Hochberg","year":"1993","unstructured":"Hochberg, J., Jackson, K., Stallings, C., McClary, J., DuBois, D., and Ford, J. (1993). NADIR: An Automated System for Detecting Network Intrusions and Misuse.Computers and Security12(3):248\u2013253.","journal-title":"Computers and Security"},{"key":"1_CR26","volume-title":"USTAT A Real-time Intrusion Detection System for UNIX","author":"K Ilgun","year":"1992","unstructured":"Ilgun, K. (1992).USTAT A Real-time Intrusion Detection System for UNIX.Master of science, University of California Santa Barbara."},{"key":"1_CR27","volume-title":"Los Alamos National Laboratory","author":"KA Jackson","year":"1999","unstructured":"Jackson, K. A. (1999). Intrusion Detection System (IDS) Product Survey. Technical Report LA-UR-99\u20133883, Los Alamos National Laboratory, Los Alamos, NM."},{"key":"1_CR28","doi-asserted-by":"crossref","unstructured":"Javitz, H. S. and Valdes, A. (1991). The SRI IDES Statistical Anomaly Detector. InIEEE Symposium on Research in Security and PrivacyOakland, CA.","DOI":"10.1109\/RISP.1991.130799"},{"key":"1_CR29","volume-title":"presented at Tools and Algorithms for the Construction and Analysis of Systems (TACAS) Workshop","author":"K Jensen","year":"1997","unstructured":"Jensen, K. (1997). A Brief Introduction to Coloured Petri Nets. Technical report, presented at Tools and Algorithms for the Construction and Analysis of Systems (TACAS) Workshop, Enschede, The Netherlands."},{"key":"1_CR30","unstructured":"Kemmerer, R. A. (1997). NSTAT: A Model-based Real-time Network Intrusion Detection System. Technical Report TR 1997\u201318, University of California Santa Barbara Department of Computer Science."},{"key":"1_CR31","unstructured":"Kohavi, R., Beckeer, B., and Sommerfield, D. (1997). Improving simple bayes. InEuropean Conference on Machine LearningPrague, Czech Republic."},{"key":"1_CR32","volume-title":"Chalmers University of Technology","author":"H Kvarnstrom","year":"1999","unstructured":"Kvarnstrom, H. (1999). A survey of commercial tools for intrusion detection. Technical Report TR 99\u20138, Department of Computer Engineering, Chalmers University of Technology, Goteborg, Sweden."},{"key":"1_CR33","volume-title":"Machine Learning Techniques for the Computer Security Domain of Anomaly Detection","author":"TD Lane","year":"2000","unstructured":"Lane, T. D. (2000).Machine Learning Techniques for the Computer Security Domain of Anomaly Detection.Doctor of philosophy, Purdue University."},{"key":"1_CR34","volume-title":"The MITRE Corporation","author":"LJ LaPadula","year":"1999","unstructured":"LaPadula, L. J. (1999). State of the art in anomaly detection and reaction. Technical Report MP 99B0000020, The MITRE Corporation, Bedford, MA."},{"key":"1_CR35","volume-title":"The MITRE Corporation","author":"LJ LaPadula","year":"2000","unstructured":"LaPadula, L. J. (2000). Compendium of anomaly detection and reaction tools and projects. Technical Report MP 99B0000018R1, The MITRE Corporation, Bedford, MA."},{"key":"1_CR36","volume-title":"Technical report","author":"W Lee","year":"1999","unstructured":"Lee, W. (1999). A data mining framework for constructing features and models for intrusion detection systems. Technical report, Graduate School of Arts and Sciences, Columbia University."},{"key":"1_CR37","doi-asserted-by":"publisher","first-page":"533","DOI":"10.1023\/A:1006624031083","volume":"14","author":"W Lee","year":"2000","unstructured":"Lee, W., Stolfo, S., and Mok, K. (2000). Adaptive intrusion detection: a data mining approach.Artificial Intelligence Review14:533\u2013567.","journal-title":"Artificial Intelligence Review"},{"key":"1_CR38","unstructured":"Lee, W. and Stolfo, S. J. (1998). Data mining approaches for intrusion detection. InProceedings of the 7th USENIX Security SymposiumSan Antonio, TX."},{"key":"1_CR39","unstructured":"Lee, W., Stolfo, S. J., and Mok, K. W. (1999). A data mining framework for building intrusion detection models. InIEEE Symposium on Security and Privacy."},{"key":"1_CR40","volume-title":"IEEE Symposium on Security and Privacy, pages","author":"W Lee","year":"2001","unstructured":"Lee, W. and Xiang, D. (2001). Information-theoretic measures for anomaly detection. InIEEE Symposium on Security and Privacypages 130143, Oakland, CA. IEEE Computer Society."},{"key":"1_CR41","first-page":"495","volume-title":"12th National Computer Security Conference","author":"G Liepins","year":"1989","unstructured":"Liepins, G. and Vaccaro, H. (1989). Anomaly detection purpose and framework. In12th National Computer Security Conferencepages 495\u2013504, Baltimore, MD. NIST and NSA."},{"key":"1_CR42","doi-asserted-by":"crossref","unstructured":"Liepins, G. E. and Vaccaro, H. S. (1992). Intrusion detection: It\u2019s role and validation.Computers and Securitypages 347\u2013355.","DOI":"10.1016\/0167-4048(92)90175-Q"},{"key":"1_CR43","unstructured":"Lin, J.-L., Wang, X. S., and Jajodia, S. (1998). Abstraction-based misuse detection: High-level specifications and adaptable strategies. In11th IEEE Computer Security Foundations Workshop."},{"key":"1_CR44","doi-asserted-by":"crossref","unstructured":"Lindqvist, U. and Porras, P. A. (1999). Detecting Computer and Network Misuse Through the Production-based Expert System Toolset (P-BEST). InIEEE Symposium on Security and Privacy.","DOI":"10.1109\/SECPRI.1999.766911"},{"key":"1_CR45","unstructured":"Lippmann, R. P., Fried, D. J., Graf, I., J. W. Haines, K. R. K., D., McClung, D. Weber, S. E. W., Wyschogrod, D., Cunningham, R. K.,, M., and Zissman, A. (2000). Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation. InDARPA Information Survivability Conference and Exposition."},{"key":"1_CR46","unstructured":"Lundin, E. and Jonsson, E. (1999). Some practical and fundamental problems with anomaly detection. InProceedings of the Nordic Workshop on Secure Computer Systems."},{"key":"1_CR47","volume-title":"A Real Time Intrusion Detection Expert System (IDES)","author":"T Lunt","year":"1992","unstructured":"Lunt, T., Tamaru, A., Gilham, F., Jagannathan, R., Jalali, C., Neumann, P. G., Javitz, H. S., Valdes, A., and Garvey, T. D. (1992). A Real Time Intrusion Detection Expert System (IDES). Technical report, SRI."},{"key":"1_CR48","unstructured":"Lunt, T. F. (1989). Real-time intrusion detection. Inpresented at COMPCON: Thirty-Fourth IEEE Computer Society International Conference: Intellectual Leverage."},{"issue":"No. 4","key":"1_CR49","doi-asserted-by":"publisher","first-page":"571","DOI":"10.1016\/S1389-1286(00)00138-9","volume":"34","author":"S Manganaris","year":"2000","unstructured":"Manganaris, S., Christensen, M., Zerkle, D., and Hermiz, K. (2000). A Data Mining Analysis of RTID Alarms.Computer Networks34(No. 4):571\u2013577.","journal-title":"Computer Networks"},{"key":"1_CR50","unstructured":"Net-Ranger (1999).NetRanger.Available at\n                  http:\/\/www.nursingworld.org\/ojin\/topic30\/tpc30_1.htm\n                  \n                ."},{"key":"1_CR51","unstructured":"Neumann, P. G. and Porras, P. A. (1999). Experience with EMERALD to Date. InFirst Useniz Workshop on Intrusion Detection and Network MonitoringSanta Clara, CA."},{"key":"1_CR52","volume-title":"Abstraction-based Intrusion Detection in Distributed Environments","author":"P Ning","year":"2001","unstructured":"Ning, P. (2001).Abstraction-based Intrusion Detection in Distributed Environments.Doctor of philosophy, George Mason University."},{"key":"1_CR53","volume-title":"STAT: A State Transition Analysis for Intrusion De-tection","author":"P Porras","year":"1992","unstructured":"Porras, P. (1992).STAT: A State Transition Analysis for Intrusion De-\n                tection.Master of science, University of California Santa Barbara."},{"key":"1_CR54","doi-asserted-by":"crossref","unstructured":"Porras, P. A. and Kemmerer, R. A. (1992). Penetration state transition analysis: A rule-based intrusion detection approach. InEighth Annual Computer Security Applications Conference.","DOI":"10.1109\/CSAC.1992.228217"},{"key":"1_CR55","unstructured":"Porras, P. A. and Neumann, P. G. (1997). EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances. InProceedings of the 20th National Information Systems Security ConferenceBalti-more, MD."},{"key":"1_CR56","unstructured":"Real-Secure (1999).RealSecure.Internet Security Systems. Available atwww.iss.net\/customer_care\/resource_center."},{"key":"1_CR57","doi-asserted-by":"crossref","unstructured":"Schultz, M. G., Eskin, E., Zadok, E., and Stolfo, S. J. (2001). Data mining methods for detection of new malicious executables. InIEEE Symposium on Security and PrivacyOakland, CA. IEEE Computer Society.","DOI":"10.1109\/SECPRI.2001.924286"},{"key":"1_CR58","doi-asserted-by":"crossref","unstructured":"Smaha, S. E. (1988). Haystack: An Intrusion Detection System. InFourth Aerospace Computer Security Applications Conference.","DOI":"10.1109\/ACSAC.1988.113412"},{"key":"1_CR59","doi-asserted-by":"crossref","unstructured":"Snapp, S., Brentano, J., Dias, G., Goan, T., Granee, T., Heberlein, L., Ho, C.-L., Levitt, K. N., Mukherjee, B., Mansur, D. L., Pon, K. L., and Smaha, S. E. (1991). A system for distributed intrusion detection. InCompcon Springpages 170\u2013176. IEEE Computer Society.","DOI":"10.1109\/CMPCON.1991.128802"},{"key":"1_CR60","doi-asserted-by":"crossref","unstructured":"Somayaji, A., Hofmeyr, S., and Forrest, S. (1997). Principles of a computer immune system. InNew Security Paradigms WorkshopLangdale, Cumbria UK.","DOI":"10.1145\/283699.283742"},{"issue":"4","key":"1_CR61","doi-asserted-by":"publisher","first-page":"547","DOI":"10.1016\/S1389-1286(00)00136-5","volume":"34","author":"EH Spafford","year":"2000","unstructured":"Spafford, E. H. and Zamboni, D. (2000). Intrusion detection using autonomous agents.Computer Networks34(4):547\u2013570.","journal-title":"Computer Networks"},{"key":"1_CR62","first-page":"361","volume-title":"19th National Information Systems Security Conference","author":"S Staniford-Chen","year":"1996","unstructured":"Staniford-Chen, S., Cheung, S., Crawford, R., Dilger, M., Frank, J., Hoagland, J., Levitt, K., Wee, C., Yip, R., and Zerkle, D. (1996). GrIDS-A Graph Based Intrusion Detection System for Large Networks. In19th National Information Systems Security Conferencepages 361\u2013370, Baltimore, MD. NIST and NSA."},{"key":"1_CR63","doi-asserted-by":"crossref","unstructured":"Vaccaro, H. and Liepins, G. (1989). Detection of anomalous computer session activity. InIEEE Symposium on Security and Privacy.IEEE Computer Society.","DOI":"10.1109\/SECPRI.1989.36302"},{"key":"1_CR64","doi-asserted-by":"publisher","first-page":"80","DOI":"10.1007\/3-540-39945-3_6","volume-title":"Recent Advances in Intrusion Detection","author":"A Valdes","year":"2000","unstructured":"Valdes, A. and Skinner, K. (2000). Adaptive, model-based monitoring for cyber attack detection. InRecent Advances in Intrusion Detectionpages 80\u201393, Toulouse, France. Springer-Verlag."},{"key":"1_CR65","doi-asserted-by":"crossref","unstructured":"Vigna, G. and Kemmerer, R. A. (1998). NetSTAT: A Network-based Intrusion Detection Approach. InProceedings of the International Conference on Knowledge and Data MiningNew York, NY.","DOI":"10.1109\/CSAC.1998.738566"},{"key":"1_CR66","unstructured":"W. Lee, S. J. S. and Mok, K. W. (1998). Mining audit data to build intrusion detection models. InProceedings of the International Conference on Knowledge and Data MiningNew York, NY."},{"key":"1_CR67","doi-asserted-by":"crossref","unstructured":"Wagner, D. and Dean, R. (2001). Intrusion detection via static analysis. InIEEE Symposium on Security and Privacy.IEEE Computer Society.","DOI":"10.1109\/SECPRI.2001.924296"},{"key":"1_CR68","doi-asserted-by":"publisher","first-page":"110","DOI":"10.1007\/3-540-39945-3_8","volume-title":"Recent Advances in Intrusion Detection","author":"A Wespi","year":"2000","unstructured":"Wespi, A., Dacier, M., and Debara, H. (2000). Intrusion detection using variable-length audit trail patterns. InRecent Advances in Intrusion Detectionpages 110\u2013129, Toulouse, FR. Springer-Verlag."},{"key":"1_CR69","unstructured":"Winkler, J. R. (1990). A unix prototype for intrusion and anomaly detection in secure networks. In 13th National Computer Security Conference, Washington, DC."},{"key":"1_CR70","unstructured":"Winkler, J. R. and Landry, L. C. (1992). Intrusion and anomaly detection, isoa update. In 15th National Computer Security Conference, Baltimore, MD."},{"key":"1_CR71","volume-title":"Audit Data Analysis and Mining. PhD thesis, George Mason University, Department of Information and Software Engineering","author":"N Wu","year":"(2001a)","unstructured":"Wu, N. (2001a).Audit Data Analysis and Mining.PhD thesis, George Mason University, Department of Information and Software Engineering. Fairfax, VA."},{"key":"1_CR72","unstructured":"Wu, N. (2001b). Research statement."},{"key":"1_CR73","volume-title":"and Cleaveland, R","author":"SF Wu","year":"1999","unstructured":"Wu, S. F., Chang, H., Jou, F., Wang, F., Gong, F., Sargor, C., Qu, D., and Cleaveland, R. (1999). JiNao: Design and Implementation of a Scalable Intrusion Detection System for the OSPF Routing Protocol."},{"key":"1_CR74","doi-asserted-by":"crossref","unstructured":"Yang, J., Ning, P., Wang, X. S., and Jajodia, S. (2000). CARDS: A Distributed System for Detecting Coordinated Attacks. In IFIP TC11 16th Annual Working Conference on Information Security, pages 171180. Kluwer.","DOI":"10.1007\/978-0-387-35515-3_18"}],"container-title":["Advances in Information Security","Applications of Data Mining in Computer Security"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-1-4615-0953-0_1.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,5,1]],"date-time":"2021-05-01T10:17:57Z","timestamp":1619864277000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-1-4615-0953-0_1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2002]]},"ISBN":["9781461353218","9781461509530"],"references-count":74,"URL":"https:\/\/doi.org\/10.1007\/978-1-4615-0953-0_1","relation":{},"ISSN":["1568-2633"],"issn-type":[{"type":"print","value":"1568-2633"}],"subject":[],"published":{"date-parts":[[2002]]}}}