{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,9]],"date-time":"2024-09-09T11:58:22Z","timestamp":1725883102266},"publisher-location":"Cham","reference-count":27,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319565484"},{"type":"electronic","value":"9783319565491"}],"license":[{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2017]]},"DOI":"10.1007\/978-3-319-56549-1_7","type":"book-chapter","created":{"date-parts":[[2017,3,29]],"date-time":"2017-03-29T05:39:05Z","timestamp":1490765945000},"page":"79-89","source":"Crossref","is-referenced-by-count":3,"title":["A Behavior-Based Online Engine for Detecting Distributed Cyber-Attacks"],"prefix":"10.1007","author":[{"given":"Yaokai","family":"Feng","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yoshiaki","family":"Hori","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Kouichi","family":"Sakurai","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2017,3,30]]},"reference":[{"key":"7_CR1","series-title":"Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering","doi-asserted-by":"publisher","first-page":"217","DOI":"10.1007\/978-3-642-03354-4_17","volume-title":"Collaborative Computing: Networking, Applications and Worksharing","author":"S Xu","year":"2009","unstructured":"Xu, S.: Collaborative attack vs. collaborative defense. In: Bertino, E., Joshi, J.B.D. (eds.) CollaborateCom 2008. LNICSSITE, vol. 10, pp. 217\u2013228. Springer, Heidelberg (2009). doi: 10.1007\/978-3-642-03354-4_17"},{"key":"7_CR2","unstructured":"ComputerWeekly News. http:\/\/www.computerweekly.com\/news\/4500243431\/DDoS-losses-potentially-100k-an-hour-survey-shows . Accessed 6 Nov 2016"},{"key":"7_CR3","unstructured":"Tang, Y.: Defending against internet worms: a signature-based approach. In: Proceedings of 24th IEEE Annual Joint Conference of the Computer and Communications Societies (INFOCOM), pp. 1384\u20131394 (2005)"},{"key":"7_CR4","doi-asserted-by":"crossref","unstructured":"Eskin, E., Lee, W.: Modeling system call for intrusion detection with dynamic window sizes. In: Proceedings of DARPA Information Survivalility Conference and Exposition (DISCEX), pp. 165\u2013175 (2001)","DOI":"10.1109\/DISCEX.2001.932213"},{"issue":"2","key":"7_CR5","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1109\/TNSM.2009.090604","volume":"6","author":"A Kind","year":"2009","unstructured":"Kind, A., Stoecklin, M.P., Dimitropoulos, X.: Histogram-based traffic anomaly detection. IEEE Trans. Netw. Serv. Manage. 6(2), 1\u201312 (2009)","journal-title":"IEEE Trans. Netw. Serv. Manage."},{"key":"7_CR6","doi-asserted-by":"crossref","unstructured":"Feng, Y., Hori, Y., Sakurai, K., Takeuchi, J.: A behavior-based method for detecting outbreaks of low-rate attacks. In: Proceedings of 3rd Workshop on Network Technologies for Security, Administration and Protection (NETSAP), SAINT 2012, pp. 267\u2013272 (2012)","DOI":"10.1109\/SAINT.2012.50"},{"key":"7_CR7","unstructured":"Lee, W., Xiang, D.: Information-theoretic measures for anomaly detection. In: Proceedings of IEEE Symposium on Security and Privacy, pp. 130\u2013143 (2001)"},{"issue":"2","key":"7_CR8","doi-asserted-by":"crossref","first-page":"426","DOI":"10.1109\/TIFS.2011.2107320","volume":"6","author":"Y Xiang","year":"2011","unstructured":"Xiang, Y., Li, K., Zhou, W.: Low-rate DDoS attacks detection and traceback by using new information metrics. IEEE Trans. Inf. Forensics Secur. 6(2), 426\u2013437 (2011)","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"issue":"3","key":"7_CR9","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/1541880.1541882","volume":"41","author":"V Chandola","year":"2009","unstructured":"Chandola, V., Banerjee, A., Kumar, V.: Anomaly detection: a survey. ACM Comput. Surv. 41(3), 1\u201372 (2009)","journal-title":"ACM Comput. Surv."},{"key":"7_CR10","unstructured":"Kim, M.S., Kang, H.J., Hong, S.C.: A flow-based method for abnormal network traffic detection. In: Proceedings of IEEE\/IPIP Network Operations and Management Symposium, pp. 599\u2013612 (2004)"},{"issue":"5","key":"7_CR11","doi-asserted-by":"crossref","first-page":"1396","DOI":"10.1109\/TNET.2011.2109009","volume":"19","author":"J Treurniet","year":"2011","unstructured":"Treurniet, J.: A network activity classification schema and its application to scan detection. IEEE\/ACM Trans. Netw. 19(5), 1396\u20131404 (2011)","journal-title":"IEEE\/ACM Trans. Netw."},{"key":"7_CR12","unstructured":"Snort user\u2019s manual. http:\/\/www.snort.org\/docs . Accessed 6 Nov 2016"},{"key":"7_CR13","unstructured":"The Bro internet security monitor. https:\/\/www.bro.org\/ . Accessed 6 Nov 2016"},{"key":"7_CR14","unstructured":"Network and Security Manager (NSM). https:\/\/www.juniper.net\/documentation\/en_US\/release-independent\/nsm\/information-products\/pathway-pages\/nsm\/product\/index.html . Accessed 6 Nov 2016"},{"key":"7_CR15","unstructured":"Gates, C.: The Modeling and Detection of Distributed Port Scans: a Thesis Proposal, Technical Report CS-2003-01, Dalhousie University (2003)"},{"key":"7_CR16","doi-asserted-by":"crossref","unstructured":"Yegneswaran, V., Barford, P., Ullrich, J.: Internet intrusions: global characteristics and prevalence. In: Proceedings of 2003 ACM Joint International Conference on Measurement and Modeling of Computer Systems, pp. 138\u2013147 (2003)","DOI":"10.1145\/781027.781045"},{"issue":"3","key":"7_CR17","first-page":"527","volume":"21","author":"Y Feng","year":"2013","unstructured":"Feng, Y., Hori, Y., Sakurai, K., Takeuchi, J.: A behavior-based method for detecting distributed scan attacks in darknets. J. Inf. Process. (JIP) 21(3), 527\u2013538 (2013)","journal-title":"J. Inf. Process. (JIP)"},{"key":"7_CR18","doi-asserted-by":"crossref","unstructured":"Cooke, E., Bailey, M., Mao, Z.M., Watson, D., Jahanian, F., McPherson, D.: Toward understanding distributed blackhole placement. In: Proceedings of ACM CCS Workshop on Rapid Malcode, pp. 54\u201364 (2004)","DOI":"10.1145\/1029618.1029627"},{"key":"7_CR19","doi-asserted-by":"crossref","unstructured":"Eto, M., Inoue, D., Song, J., Ohtaka, K., Nakao, K.: NICTER: a large-scale network incident analysis system. In: Proceedings of 1st Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS), pp. 37\u201345 (2011)","DOI":"10.1145\/1978672.1978677"},{"key":"7_CR20","unstructured":"Murakami, K., Kamatani, T., et al.: A proposal of method for detecting synchronized increase of attacks on multiple dataknet sensors. In: Computer Security Symposium in Japan, pp. 32\u201339 (2014)"},{"key":"7_CR21","unstructured":"Bailey, M., Cooke, E., Jahanian, F., Nazario, J., Watson, D.: The internet motion sensor: a distributed blackhole monitoring system. In: Proceedings of 12th ISOC Symposium on Network and Distributed Systems Security (NDSS), pp. 167\u2013179 (2005)"},{"key":"7_CR22","unstructured":"National Police Agency of Japan: Internet Report. http:\/\/www.npa.go.jp\/cyberpolice\/detect\/pdf\/20140328.pdf"},{"key":"7_CR23","unstructured":"https:\/\/www.npa.go.jp\/cyberpolice\/detect\/pdf\/20151215_1.pdf . Accessed 6 Nov 2016"},{"key":"7_CR24","unstructured":"Hacker News (2014). http:\/\/www.daemonology.net\/hn-daily\/2014-04.html"},{"issue":"5","key":"7_CR25","doi-asserted-by":"crossref","first-page":"787","DOI":"10.1587\/transinf.E92.D.787","volume":"92","author":"K Nakao","year":"2009","unstructured":"Nakao, K., Inoue, D., Eto, M., Yoshioka, K.: Practical correlation analysis between scan and malware profiles against zero-day attacks based on darknet monitoring. IEICE Trans. Inf. Syst. 92(5), 787\u2013798 (2009)","journal-title":"IEICE Trans. Inf. Syst."},{"key":"7_CR26","doi-asserted-by":"crossref","unstructured":"Feng, Y., Hori, Y., Sakurai, K.: A proposal for detecting distributed cyber-attacks using automatic thresholding. In: Proceedings of 10th Asia Conference on Information Security (AsiaJCIS) (2015)","DOI":"10.1109\/AsiaJCIS.2015.22"},{"key":"7_CR27","unstructured":"Yazid, I., Hanan, A., Aizaini, M.: Volume-based network intrusion attacks detection. In: Advanced Computer Network and Security, pp. 147\u2013162. UTM Press (2008)"}],"container-title":["Lecture Notes in Computer Science","Information Security Applications"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-56549-1_7","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,9,20]],"date-time":"2019-09-20T05:38:34Z","timestamp":1568957914000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-56549-1_7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017]]},"ISBN":["9783319565484","9783319565491"],"references-count":27,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-56549-1_7","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2017]]}}}