{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,5]],"date-time":"2025-06-05T04:51:30Z","timestamp":1749099090706},"publisher-location":"Cham","reference-count":38,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319462622"},{"type":"electronic","value":"9783319462639"}],"license":[{"start":{"date-parts":[[2016,1,1]],"date-time":"2016-01-01T00:00:00Z","timestamp":1451606400000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2016]]},"DOI":"10.1007\/978-3-319-46263-9_1","type":"book-chapter","created":{"date-parts":[[2016,9,7]],"date-time":"2016-09-07T09:21:47Z","timestamp":1473240107000},"page":"1-24","source":"Crossref","is-referenced-by-count":1,"title":["A Bottom-Up Approach to Applying Graphical Models in Security Analysis"],"prefix":"10.1007","author":[{"given":"Xinming","family":"Ou","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2016,9,8]]},"reference":[{"key":"1_CR1","unstructured":"Snort rules documentation. http:\/\/www.snort.org"},{"key":"1_CR2","doi-asserted-by":"crossref","unstructured":"Almgren, M., Lindqvist, U., Jonsson, E.: A multi-sensor model to improve automated attack detection. In: 11th International Symposium on Recent Advances in Intrusion Detection (RAID 2008). RAID, September 2008","DOI":"10.1007\/978-3-540-87403-4_16"},{"issue":"3","key":"1_CR3","doi-asserted-by":"crossref","first-page":"186","DOI":"10.1145\/357830.357849","volume":"3","author":"S Axelsson","year":"2000","unstructured":"Axelsson, S.: The base-rate fallacy and the difficulty of intrusion detection. ACM Trans. Inf. Syst. Secur. 3(3), 186\u2013205 (2000)","journal-title":"ACM Trans. Inf. Syst. Secur."},{"key":"1_CR4","unstructured":"Barreno, M., C\u00e1rdenas, A.A., Tygar, J.D.: Optimal ROC curve for a combination of classifiers. In: Advances in Neural Information Processing Systems (NIPS, 2007) (2008)"},{"key":"1_CR5","unstructured":"Carrier, B.: A hypothesis-based approach to digital forensic investigations. Technical report, Center for Education and Research in Information Assurance and Security (CERIAS), Purdue University (2006)"},{"key":"1_CR6","doi-asserted-by":"crossref","unstructured":"Chen, Q., Aickelin, U.: Anomaly detection using the Dempster-Shafer method. In: International Conference on Data Mining (DMIN 2006) (2006)","DOI":"10.2139\/ssrn.2831339"},{"key":"1_CR7","doi-asserted-by":"crossref","first-page":"35","DOI":"10.1109\/MIC.2005.123","volume":"9","author":"TM Chen","year":"2005","unstructured":"Chen, T.M., Venkataramanan, V.: Dempster-Shafer theory for intrusion detection in ad hoc networks. IEEE Internet Comput. 9, 35\u201341 (2005)","journal-title":"IEEE Internet Comput."},{"key":"1_CR8","doi-asserted-by":"crossref","unstructured":"Cheung, S., Lindqvist, U., Fong, M.W.: Modeling multistep cyber attacks for scenario recognition. In: DARPA Information Survivability Conference and Exposition (DISCEX III), Washington, D.C., pp. 284\u2013292 (2003)","DOI":"10.1109\/DISCEX.2003.1194892"},{"key":"1_CR9","doi-asserted-by":"crossref","unstructured":"Cuppens, F., Mi\u00e8ge, A.: Alert correlation in a cooperative intrusion detection framework. In: IEEE Symposium on Security and Privacy (2002)","DOI":"10.1109\/SECPRI.2002.1004372"},{"key":"1_CR10","doi-asserted-by":"crossref","unstructured":"Denceux, T.: The cautious rule of combination for belief functions and some extensions. In: 9th International Conference on Information Fusion (2006)","DOI":"10.1109\/ICIF.2006.301572"},{"key":"1_CR11","volume-title":"Theories of Probability","author":"TL Fine","year":"1973","unstructured":"Fine, T.L.: Theories of Probability. Academic Press, New York (1973)"},{"key":"1_CR12","doi-asserted-by":"crossref","unstructured":"Guofei, G., C\u00e1rdenas, A.A., Lee, W.: Principled reasoning and practical applications of alert fusion in intrusion detection systems. In: Proceedings of the 2008 ACM Symposium on Information, Computer and Communications Security, ASIACCS 2008, pp. 136\u2013147. ACM, New York (2008)","DOI":"10.1145\/1368310.1368332"},{"key":"1_CR13","volume-title":"Reasoning About Uncertainty","author":"JY Halpern","year":"2005","unstructured":"Halpern, J.Y.: Reasoning About Uncertainty. The MIT Press, London (2005)"},{"key":"1_CR14","doi-asserted-by":"crossref","unstructured":"Jensen, F.V., Nielsen, T.D.: Bayesian Networks and Decision Graphs. Springer, New York (2007)","DOI":"10.1007\/978-0-387-68282-2"},{"key":"1_CR15","unstructured":"ArgusLab.: Snort intrusion analysis using proof strengthening (SnIPS). http:\/\/people.cis.ksu.edu\/xou\/argus\/software\/snips\/"},{"key":"1_CR16","doi-asserted-by":"crossref","unstructured":"Mahoney, M.V., Chan, P.K.: An analysis of the 1999 DARPA\/Lincoln laboratory evaluation data for network anomaly detection. In: Proceedings of the Sixth International Symposium on Recent Advances in Intrusion Detection (RAID) (2003)","DOI":"10.1007\/978-3-540-45248-5_13"},{"issue":"4","key":"1_CR17","doi-asserted-by":"crossref","first-page":"262","DOI":"10.1145\/382912.382923","volume":"3","author":"J McHugh","year":"2000","unstructured":"McHugh, J.: Testing intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln laboratory. ACM Trans. Inf. Syst. Secur. (TISSEC) 3(4), 262\u2013294 (2000)","journal-title":"ACM Trans. Inf. Syst. Secur. (TISSEC)"},{"key":"1_CR18","doi-asserted-by":"crossref","unstructured":"Modelo-Howard, G., Bagchi, S., Lebanon, G.: Determining placement of intrusion detectors for a distributed application through Bayesian network modeling. In: 11th International Symposium on Recent Advances in Intrusion Detection (RAID 2008). RAID, September 2008","DOI":"10.1007\/978-3-540-87403-4_15"},{"issue":"2","key":"1_CR19","doi-asserted-by":"crossref","first-page":"273","DOI":"10.1145\/996943.996947","volume":"7","author":"P Ning","year":"2004","unstructured":"Ning, P., Cui, Y., Reeves, D., Dingbang, X.: Tools and techniques for analyzing intrusion alerts. ACM Trans. Inf. Syst. Secur. 7(2), 273\u2013318 (2004)","journal-title":"ACM Trans. Inf. Syst. Secur."},{"key":"1_CR20","doi-asserted-by":"crossref","unstructured":"Noel, S., Robertson, E., Jajodia, S.: Correlating intrusion events and building attack scenarios through attack graph distances. In: 20th Annual Computer Security Applications Conference (ACSAC 2004), pp. 350\u2013359 (2004)","DOI":"10.1109\/CSAC.2004.11"},{"key":"1_CR21","unstructured":"Xinming, O., Raj Rajagopalan, S., Sakthivelmurugan, S.: An empirical approach to modeling uncertainty in intrusion analysis. In: Annual Computer Security Applications Conference (ACSAC), December 2009"},{"key":"1_CR22","doi-asserted-by":"crossref","unstructured":"Sentz, K., Ferson, S.: Combination of evidence in Dempster-Shafer theory. Technical report, Sandia National Laboratories, Albuquerque, New Mexico (2002)","DOI":"10.2172\/800792"},{"key":"1_CR23","doi-asserted-by":"crossref","DOI":"10.1515\/9780691214696","volume-title":"A Mathematical Theory of Evidence","author":"G Shafer","year":"1976","unstructured":"Shafer, G.: A Mathematical Theory of Evidence. Princeton University Press, Princeton (1976)"},{"key":"1_CR24","unstructured":"Shafer, G.: The problem of dependent evidence. Technical report, University of Kansas (1984)"},{"key":"1_CR25","unstructured":"Shafer, G.: Belief functions and possibility measures. In: The Analysis of Fuzzy Information (1986)"},{"issue":"1","key":"1_CR26","doi-asserted-by":"crossref","first-page":"3","DOI":"10.1214\/ss\/1177013426","volume":"2","author":"G Shafer","year":"1987","unstructured":"Shafer, G.: Probability judgment in artificial intelligence and expert systems. Stat. Sci. 2(1), 3\u201316 (1987)","journal-title":"Stat. Sci."},{"key":"1_CR27","series-title":"Lecture Notes in Computer Science (Lecture Notes in Artificial Intelligence)","doi-asserted-by":"crossref","first-page":"308","DOI":"10.1007\/978-3-540-68825-9_29","volume-title":"Advances in Artificial Intelligence","author":"R Smith","year":"2008","unstructured":"Smith, R., Japkowicz, N., Dondo, M., Mason, P.: Using unsupervised learning for network alert correlation. In: Bergler, S. (ed.) Canadian AI. LNCS (LNAI), vol. 5032, pp. 308\u2013319. Springer, Heidelberg (2008)"},{"key":"1_CR28","first-page":"109","volume":"22","author":"L Sun","year":"2006","unstructured":"Sun, L., Srivastava, R.P., Mock, T.J.: An information systems security risk assessment model under Dempster-Shafer theory of belief functions. J. Manag. Inf. 22, 109\u2013142 (2006)","journal-title":"J. Manag. Inf."},{"key":"1_CR29","unstructured":"Sundaramurthy, S.C., Zomlot, L., Xinming, O.: Practical IDS alert correlation in the face of dynamic threats. In: The 2011 International Conference on Security and Management (SAM 2011), Las Vegas, USA, July 2011"},{"key":"1_CR30","unstructured":"Svensson, H., Audun J $$\\phi $$ sang.: Correlation of intrusion alarms with subjective logic. In: Sixth Nordic Workshop on Secure IT systems (NordSec) (2001)"},{"key":"1_CR31","unstructured":"Valeur, F.: Real-time intrusion detection alert correlation. Ph.D. thesis, University of California, Santa Barbara, May 2006"},{"issue":"3","key":"1_CR32","doi-asserted-by":"crossref","first-page":"146","DOI":"10.1109\/TDSC.2004.21","volume":"1","author":"F Valeur","year":"2004","unstructured":"Valeur, F., Vigna, G., Kruegel, C., Kemmerer, R.A.: A comprehensive approach to intrusion detection alert correlation. IEEE Trans. Dependable Secure Comput. 1(3), 146\u2013169 (2004)","journal-title":"IEEE Trans. Dependable Secure Comput."},{"key":"1_CR33","unstructured":"Dong, Y., Frincke, D.: A novel framework for alert correlation and understanding. In: International Conference on Applied Cryptography and Network Security (ACNS) (2004)"},{"key":"1_CR34","unstructured":"Dong, Y., Frincke, D.: Alert confidence fusion in intrusion detection systems with extended Dempster-Shafer theory. In: 43rd ACM Southeast Conference, Kennesaw, GA, USA (2005)"},{"key":"1_CR35","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"272","DOI":"10.1007\/11760146_24","volume-title":"Intelligence and Security Informatics","author":"Y Zhai","year":"2006","unstructured":"Zhai, Y., Ning, P., Xu, J.: Integrating IDS alert correlation and OS-level dependency tracking. In: Mehrotra, S., Zeng, D.D., Chen, H., Thuraisingham, B., Wang, F.-Y. (eds.) ISI 2006. LNCS, vol. 3975, pp. 272\u2013284. Springer, Heidelberg (2006)"},{"key":"1_CR36","doi-asserted-by":"crossref","unstructured":"Zhai, Y., Ning, P., Iyer, P., Reeves, D.S.: Reasoning about complementary intrusion evidence. In: Proceedings of 20th Annual Computer Security Applications Conference (ACSAC), pp. 39\u201348, December 2004","DOI":"10.1109\/CSAC.2004.29"},{"issue":"1","key":"1_CR37","doi-asserted-by":"crossref","first-page":"4","DOI":"10.1145\/1210263.1210267","volume":"10","author":"J Zhou","year":"2007","unstructured":"Zhou, J., Heckman, M., Reynolds, B., Carlson, A., Bishop, M.: Modeling network intrusion detection alerts for correlation. ACM Trans. Inf. Syst. Secur. (TISSEC) 10(1), 4 (2007)","journal-title":"ACM Trans. Inf. Syst. Secur. (TISSEC)"},{"key":"1_CR38","doi-asserted-by":"crossref","unstructured":"Zomlot, L., Sundaramurthy, S.C., Luo, K., Xinming, O., Raj Rajagopalan, S.: Prioritizing intrusion analysis using Dempster-Shafer theory. In: 4TH ACM Workshop on Artificial Intelligence and Security (AISec) (2011)","DOI":"10.1145\/2046684.2046694"}],"container-title":["Lecture Notes in Computer Science","Graphical Models for Security"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-46263-9_1","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,7,7]],"date-time":"2022-07-07T21:23:56Z","timestamp":1657229036000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-46263-9_1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016]]},"ISBN":["9783319462622","9783319462639"],"references-count":38,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-46263-9_1","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2016]]}}}