{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,3]],"date-time":"2026-01-03T06:48:45Z","timestamp":1767422925731,"version":"3.41.0"},"publisher-location":"Cham","reference-count":35,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319257433"},{"type":"electronic","value":"9783319257440"}],"license":[{"start":{"date-parts":[[2015,1,1]],"date-time":"2015-01-01T00:00:00Z","timestamp":1420070400000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2015]]},"DOI":"10.1007\/978-3-319-25744-0_12","type":"book-chapter","created":{"date-parts":[[2015,11,29]],"date-time":"2015-11-29T12:46:38Z","timestamp":1448801198000},"page":"134-150","source":"Crossref","is-referenced-by-count":3,"title":["Poisson-Based Anomaly Detection for Identifying Malicious User Behaviour"],"prefix":"10.1007","author":[{"given":"Andrey","family":"Sapegin","sequence":"first","affiliation":[]},{"given":"Aragats","family":"Amirkhanyan","sequence":"additional","affiliation":[]},{"given":"Marian","family":"Gawron","sequence":"additional","affiliation":[]},{"given":"Feng","family":"Cheng","sequence":"additional","affiliation":[]},{"given":"Christoph","family":"Meinel","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2015,11,25]]},"reference":[{"key":"12_CR1","doi-asserted-by":"crossref","unstructured":"Nanda, S., Cker Chiueh, T.: Execution trace-driven automated attack signature generation. In: Proceedings - Annual Computer Security Applications Conference, ACSAC, pp. 195\u2013204 (2008)","DOI":"10.1109\/ACSAC.2008.58"},{"issue":"1","key":"12_CR2","doi-asserted-by":"publisher","first-page":"42","DOI":"10.1016\/j.jnca.2012.05.003","volume":"36","author":"C Modi","year":"2013","unstructured":"Modi, C., Patel, D., Borisaniya, B., Patel, H., Patel, A., Rajarajan, M.: A survey of intrusion detection techniques in cloud. J. Netw. Comput. Appl. 36(1), 42\u201357 (2013)","journal-title":"J. Netw. Comput. Appl."},{"issue":"4","key":"12_CR3","doi-asserted-by":"publisher","first-page":"277","DOI":"10.1108\/09685221011079199","volume":"18","author":"A Patel","year":"2010","unstructured":"Patel, A., Qassim, Q., Wills, C.: A survey of intrusion detection and prevention systems. Inf. Manag. Comput. Secur. 18(4), 277\u2013290 (2010)","journal-title":"Inf. Manag. Comput. Secur."},{"issue":"12","key":"12_CR4","first-page":"18","volume":"28","author":"G Maci\u00e1-Fern\u00e1ndez","year":"2009","unstructured":"Maci\u00e1-Fern\u00e1ndez, G., V\u00e1zquez, E., Garcia-Teodoro, P.: Anomaly-based network intrusion detection: techniques, systems and challenges. Comput. Secur. 28(12), 18\u201328 (2009)","journal-title":"Comput. Secur."},{"key":"12_CR5","doi-asserted-by":"crossref","unstructured":"Scarfone, K., Mell, P.: Guide to intrusion detection and prevention systems (IDPS) (2007)","DOI":"10.6028\/NIST.SP.800-94"},{"key":"12_CR6","doi-asserted-by":"crossref","unstructured":"Ihler, A., Hutchins, J., Smyth, P.: Adaptive event detection with time-varying poisson processes. In: Proceedings of the 12th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining - KDD 2006, p. 207. ACM Press, New York (2006)","DOI":"10.1145\/1150402.1150428"},{"issue":"1","key":"12_CR7","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.asoc.2009.06.019","volume":"10","author":"SX Wu","year":"2010","unstructured":"Wu, S.X., Banzhaf, W.: The use of computational intelligence in intrusion detection systems: a review. Appl. Soft Comput. 10(1), 1\u201335 (2010)","journal-title":"Appl. Soft Comput."},{"key":"12_CR8","doi-asserted-by":"crossref","unstructured":"Berthier, R., Rhee, W., Bailey, M., Pal, P., Jahanian, F., Sanders, WH: Safeguarding academic accounts and resources with the University credential abuse auditing system. In: IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN 2012), pp. 1\u20138, IEEE, June 2012","DOI":"10.1109\/DSN.2012.6263961"},{"key":"12_CR9","doi-asserted-by":"crossref","unstructured":"Chapple, M.J., Chawla, N., Striegel, A.: Authentication anomaly detection: a case study on a virtual private network. In: Proceedings of the 3rd Annual ACM Workshop on Mining Network Data, pp. 0\u20135 (2007)","DOI":"10.1145\/1269880.1269886"},{"issue":"7","key":"12_CR10","doi-asserted-by":"publisher","first-page":"596","DOI":"10.1016\/S0167-4048(03)00710-7","volume":"22","author":"SH Oh","year":"2003","unstructured":"Oh, S.H., Lee, W.S.: An anomaly intrusion detection method by clustering normal user behavior. Comput. Secur. 22(7), 596\u2013612 (2003)","journal-title":"Comput. Secur."},{"issue":"2","key":"12_CR11","doi-asserted-by":"publisher","first-page":"10","DOI":"10.1109\/MITP.2010.52","volume":"12","author":"S Liu","year":"2010","unstructured":"Liu, S., Kuhn, R.: Data loss prevention. IT Prof. 12(2), 10\u201313 (2010)","journal-title":"IT Prof."},{"key":"12_CR12","doi-asserted-by":"crossref","unstructured":"Shabtai, A., Elovici, Y., Rokach, L.: A survey of data leakage detection and prevention solutions (2012)","DOI":"10.1007\/978-1-4614-2053-8"},{"key":"12_CR13","unstructured":"Viswanath, B., Ahmad Bashir, M., Crovella, M., Guha, S., Gummadi, K.P., Krishnamurthy, B., Mislove, A.: Towards detecting anomalous user behavior in online social networks. In: Proceedings of the 23rd USENIX Security Symposium (USENIX Security)"},{"key":"12_CR14","doi-asserted-by":"crossref","unstructured":"Ringberg, H., Soule, A., Rexford, J., Diot, C.: Sensitivity of PCA for traffic anomaly detection. In: Proceedings of the 2007 ACM SIGMETRICS International Conference on Measurement and Modeling of Computer Systems - SIGMETRICS 2007, p. 109 (2007)","DOI":"10.1145\/1254882.1254895"},{"key":"12_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"181","DOI":"10.1007\/978-3-642-23644-0_10","volume-title":"Recent Advances in Intrusion Detection","author":"MB Salem","year":"2011","unstructured":"Salem, M.B., Stolfo, S.J.: Modeling user search behavior for masquerade detection. In: Sommer, R., Balzarotti, D., Maier, G. (eds.) RAID 2011. LNCS, vol. 6961, pp. 181\u2013200. Springer, Heidelberg (2011)"},{"key":"12_CR16","unstructured":"Mukkamala, S., Janoski, G., Sung, A.: Intrusion detection: support vector machines and neural networks. In: Proceedings of the IEEE International Joint Conference on Neural Networks (ANNIE), pp. 1702\u20131707 (2002)"},{"issue":"10","key":"12_CR17","doi-asserted-by":"publisher","first-page":"2617","DOI":"10.1016\/j.cor.2004.03.019","volume":"32","author":"W-H Chen","year":"2005","unstructured":"Chen, W.-H., Hsu, S.-H., Shen, H.-P.: Application of SVM and ANN for intrusion detection. Comput. Oper. Res. 32(10), 2617\u20132634 (2005)","journal-title":"Comput. Oper. Res."},{"issue":"18","key":"12_CR18","doi-asserted-by":"publisher","first-page":"13492","DOI":"10.1016\/j.eswa.2012.07.009","volume":"39","author":"L Koc","year":"2012","unstructured":"Koc, L., Mazzuchi, T.A., Sarkani, S.: A network intrusion detection system based on a Hidden Na\u00efve Bayes multiclass classifier. Expert Syst. Appl. 39(18), 13492\u201313500 (2012)","journal-title":"Expert Syst. Appl."},{"issue":"3","key":"12_CR19","doi-asserted-by":"publisher","first-page":"648","DOI":"10.3923\/itj.2011.648.655","volume":"10","author":"Z Muda","year":"2011","unstructured":"Muda, Z., Yassin, W., Sulaiman, M.N., Udzir, N.I.: A K-Means and naive bayes learning approach for better intrusion detection. Inf. Tech. J. 10(3), 648\u2013655 (2011)","journal-title":"Inf. Tech. J."},{"issue":"1","key":"12_CR20","doi-asserted-by":"publisher","first-page":"116","DOI":"10.1109\/TR.2004.823851","volume":"53","author":"N Ye","year":"2004","unstructured":"Ye, N., Zhang, Y., Borror, C.M.: Robustness of the markov-chain model for cyber-attack detection. IEEE Trans. Reliab. 53(1), 116\u2013123 (2004)","journal-title":"IEEE Trans. Reliab."},{"key":"12_CR21","doi-asserted-by":"crossref","unstructured":"Khanna, R., Liu, H.: System approach to intrusion detection using hidden markov model. In: Proceeding of the 2006 International Conference on Communications and Mobile Computing - IWCMC 2006, p. 349. ACM Press, New York (2006)","DOI":"10.1145\/1143549.1143619"},{"issue":"1","key":"12_CR22","doi-asserted-by":"publisher","first-page":"114","DOI":"10.1016\/j.jnca.2005.06.003","volume":"30","author":"S Peddabachigari","year":"2007","unstructured":"Peddabachigari, S., Abraham, A., Grosan, C., Thomas, J.: Modeling intrusion detection system using hybrid intelligent systems. J. Netw. Comput. Appl. 30(1), 114\u2013132 (2007)","journal-title":"J. Netw. Comput. Appl."},{"key":"12_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"153","DOI":"10.1007\/11937807_13","volume-title":"information security and cryptology","author":"Y Chen","year":"2006","unstructured":"Chen, Y., Li, Y., Cheng, X., Guo, L.: Survey and taxonomy of feature selection algorithms in intrusion detection system. In: Lipmaa, H., Yung, M., Lin, D. (eds.) Inscrypt 2006. LNCS, vol. 4318, pp. 153\u2013167. Springer, Heidelberg (2006)"},{"issue":"4","key":"12_CR24","doi-asserted-by":"publisher","first-page":"193","DOI":"10.1177\/003754978404300406","volume":"43","author":"RW Klein","year":"1984","unstructured":"Klein, R.W., Roberts, S.D.: A time-varying poisson arrival process generator. Simulation 43(4), 193\u2013195 (1984)","journal-title":"Simulation"},{"key":"12_CR25","doi-asserted-by":"crossref","unstructured":"Yu, H., Zheng, D., Zhao, B.Y., Zheng, W.: Understanding user behavior in large-scale video-on-demand systems (2006)","DOI":"10.1145\/1217935.1217968"},{"key":"12_CR26","unstructured":"Remote desktop protocol. http:\/\/msdn.microsoft.com\/en-us\/library\/aa383015.aspx"},{"key":"12_CR27","unstructured":"Virtual network computing. http:\/\/www.hep.phy.cam.ac.uk\/vnc_docs\/index.html"},{"key":"12_CR28","unstructured":"Python imaging library. http:\/\/www.pythonware.com\/products\/pil\/"},{"key":"12_CR29","unstructured":"Chandrasekaran, B.: Survey of network traffic models. Waschington University in St. Louis CSE, pp. 1\u20138 (2009)"},{"key":"12_CR30","first-page":"246","volume":"5","author":"S Roschke","year":"2010","unstructured":"Roschke, S., Cheng, F., Meinel, C.: An advanced IDS management architecture. J. Inf. Assur. Secur. 5, 246\u2013255 (2010)","journal-title":"J. Inf. Assur. Secur."},{"key":"12_CR31","unstructured":"Real-time event analysis and monitoring system. https:\/\/hpi.de\/en\/meinel\/security-tech\/network-security\/security-analytics\/reams.html"},{"key":"12_CR32","unstructured":"SAP HANA. http:\/\/www.saphana.com"},{"key":"12_CR33","doi-asserted-by":"crossref","unstructured":"Sapegin, A., Jaeger, D., Azodi, A., Gawron, M., Cheng, F., Meinel, C.: Hierarchical object log format for normalisation of security events. In: 2013 9th International Conference on Information Assurance and Security (IAS), IAS 2013, pp. 25\u201330, IEEE, December 2013","DOI":"10.1109\/ISIAS.2013.6947748"},{"issue":"3","key":"12_CR34","first-page":"167","volume":"9","author":"A Sapegin","year":"2014","unstructured":"Sapegin, A., Jaeger, D., Azodi, A., Gawron, M., Cheng, F., Meinel, C.: Normalisation of log messages for intrusion detection. J. Inf. Assur. Secur. 9(3), 167\u2013176 (2014)","journal-title":"J. Inf. Assur. Secur."},{"issue":"4","key":"12_CR35","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/2445566.2445569","volume":"15","author":"MQ Ali","year":"2013","unstructured":"Ali, M.Q., Al-Shaer, E., Khan, H., Khayam, S.A.: Automated anomaly detector adaptation using adaptive threshold tuning. ACM Trans. Inf. Syst. Secur. (TISSEC) 15(4), 1\u201330 (2013)","journal-title":"ACM Trans. Inf. Syst. Secur. (TISSEC)"}],"container-title":["Lecture Notes in Computer Science","Mobile, Secure, and Programmable Networking"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-25744-0_12","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,5,31]],"date-time":"2025-05-31T16:00:18Z","timestamp":1748707218000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-25744-0_12"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015]]},"ISBN":["9783319257433","9783319257440"],"references-count":35,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-25744-0_12","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2015]]}}}