{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,9]],"date-time":"2024-09-09T13:25:34Z","timestamp":1725888334437},"publisher-location":"Cham","reference-count":25,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319596914"},{"type":"electronic","value":"9783319596921"}],"license":[{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2017]]},"DOI":"10.1007\/978-3-319-59692-1_16","type":"book-chapter","created":{"date-parts":[[2017,5,23]],"date-time":"2017-05-23T09:54:10Z","timestamp":1495533250000},"page":"186-197","source":"Crossref","is-referenced-by-count":1,"title":["Querying Streams of Alerts for Knowledge-Based Detection of Long-Lived Network Intrusions"],"prefix":"10.1007","author":[{"given":"Miguel-Angel","family":"Sicilia","sequence":"first","affiliation":[]},{"given":"Javier","family":"Bermejo-Higuera","sequence":"additional","affiliation":[]},{"given":"Elena","family":"Garc\u00eda-Barriocanal","sequence":"additional","affiliation":[]},{"given":"Salvador","family":"S\u00e1nchez-Alonso","sequence":"additional","affiliation":[]},{"given":"Daniel","family":"Dom\u00ednguez-\u00c1lvarez","sequence":"additional","affiliation":[]},{"given":"Miguel","family":"Monz\u00f3n-Fern\u00e1ndez","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2017,5,24]]},"reference":[{"key":"16_CR1","unstructured":"Axelsson, S.: A survey and taxonomy, vol. 99. Chalmers University of Technology, Technical report (2000)"},{"key":"16_CR2","doi-asserted-by":"crossref","unstructured":"Balasubramaniyan, J.S., Garc\u00eda-Fernandez, J.O., Isacoff, D., Spafford, E., Zamboni, D.: An architecture for intrusion detection using autonomous agents. In: Proceeding of the 14th Annual Computer Security Applications Conference, pp. 13\u201324. IEEE (1998)","DOI":"10.1109\/CSAC.1998.738563"},{"key":"16_CR3","unstructured":"Byrd, W.E.: Techniques, applications, and implementations (Doctoral dissertation, Department of Computer Science, Indiana University) (2009)"},{"key":"16_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"63","DOI":"10.1007\/978-3-662-44885-4_5","volume-title":"Communications and Multimedia Security","author":"P Chen","year":"2014","unstructured":"Chen, P., Desmet, L., Huygens, C.: A study on advanced persistent threats. In: Decker, B., Z\u00faquete, A. (eds.) CMS 2014. LNCS, vol. 8735, pp. 63\u201372. Springer, Heidelberg (2014). doi: 10.1007\/978-3-662-44885-4_5"},{"key":"16_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"199","DOI":"10.1007\/978-3-642-24270-0_15","volume-title":"Computer Safety, Reliability, and Security","author":"L Coppolino","year":"2011","unstructured":"Coppolino, L., D\u2019Antonio, S., Formicola, V., Romano, L.: Integration of a system for critical infrastructure protection with the OSSIM SIEM platform: a dam case study. In: Flammini, F., Bologna, S., Vittorini, V. (eds.) SAFECOMP 2011. LNCS, vol. 6894, pp. 199\u2013212. Springer, Heidelberg (2011). doi: 10.1007\/978-3-642-24270-0_15"},{"key":"16_CR6","doi-asserted-by":"crossref","unstructured":"Cuppens, F., Miege, A.: Alert correlation in a cooperative intrusion detection framework. In: Proceeding of the IEEE Symposium on Security and Privacy, pp. 202\u2013215. IEEE (2002)","DOI":"10.1109\/SECPRI.2002.1004372"},{"issue":"2","key":"16_CR7","doi-asserted-by":"crossref","first-page":"109","DOI":"10.1016\/S0164-1212(02)00092-4","volume":"67","author":"G Helmer","year":"2003","unstructured":"Helmer, G., Wong, J.S., Honavar, V., Miller, L., Wang, Y.: Lightweight agents for intrusion detection. J. Syst. Softw. 67(2), 109\u2013122 (2003)","journal-title":"J. Syst. Softw."},{"issue":"9","key":"16_CR8","doi-asserted-by":"crossref","first-page":"1622","DOI":"10.1016\/j.jss.2009.08.023","volume":"83","author":"SH Houmb","year":"2010","unstructured":"Houmb, S.H., Franqueira, V.N., Engum, E.A.: Quantifying security risk level from CVSS estimates of frequency and impact. J. Syst. Softw. 83(9), 1622\u20131634 (2010)","journal-title":"J. Syst. Softw."},{"key":"16_CR9","unstructured":"Jajodia, S., Noel, S., Kalapa, P., Albanese, M., Williams, J.: mission-centric cyber situational awareness with defense in depth. In: Military Communications Conference, 2011-MILCOM, pp. 1339\u20131344. IEEE (2011)"},{"key":"16_CR10","unstructured":"Lee, A., Varadharajan, V., Tupakula, U.: On malware characterization and attack classification. In Proceedings of the First Australasian Web Conference, vol. 144, pp. 43\u201347. Australian Computer Society (2013)"},{"issue":"1","key":"16_CR11","doi-asserted-by":"crossref","first-page":"16","DOI":"10.1016\/j.jnca.2012.09.004","volume":"36","author":"HJ Liao","year":"2013","unstructured":"Liao, H.J., Lin, C.H.R., Lin, Y.C., Tung, K.Y.: Intrusion detection system: a comprehensive review. J. Network Comput. Appl. 36(1), 16\u201324 (2013)","journal-title":"J. Network Comput. Appl."},{"issue":"1","key":"16_CR12","doi-asserted-by":"crossref","first-page":"48","DOI":"10.1109\/MWC.2004.1269717","volume":"11","author":"A Mishra","year":"2004","unstructured":"Mishra, A., Nadkarni, K., Patcha, A.: Intrusion detection in wireless ad hoc networks. IEEE Wirel. Commun. 11(1), 48\u201360 (2004)","journal-title":"IEEE Wirel. Commun."},{"key":"16_CR13","doi-asserted-by":"crossref","unstructured":"Pauli, J., Engebretson, P.H.: Towards a specification prototype for hierarchy-driven attack patterns. In: Fifth International Conference on Information Technology: New Generations, ITNG 2008, pp. 1168-1169. IEEE (2011)","DOI":"10.1109\/ITNG.2008.23"},{"key":"16_CR14","doi-asserted-by":"crossref","unstructured":"Robiah, Y., Rahayu, S.S., Sahib, S., Zaki, M.M., Faizal, M.A., Marliza, R.: An improved traditional worm attack pattern. In: International Symposium in Information Technology (ITSim), vol. 2, pp. 1067\u20131072. IEEE (2010)","DOI":"10.1109\/ITSIM.2010.5561572"},{"key":"16_CR15","unstructured":"Roesch, M.: Lightweight intrusion detection for networks. In: Lisa, vol. 99, no. 1, pp. 229\u2013238 (1999)"},{"key":"16_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"161","DOI":"10.1007\/978-3-319-05302-8_10","volume-title":"Foundations and Practice of Security","author":"A Sadighian","year":"2014","unstructured":"Sadighian, A., Fernandez, J.M., Lemay, A., Zargar, S.T.: ONTIDS: a highly flexible context-aware and ontology-based alert correlation framework. In: Danger, J.-L., Debbabi, M., Marion, J.-Y., Garcia-Alfaro, J., Zincir Heywood, N. (eds.) FPS -2013. LNCS, vol. 8352, pp. 161\u2013177. Springer, Cham (2014). doi: 10.1007\/978-3-319-05302-8_10"},{"issue":"3","key":"16_CR17","doi-asserted-by":"crossref","first-page":"357","DOI":"10.1016\/j.cose.2011.12.012","volume":"31","author":"A Shiravi","year":"2012","unstructured":"Shiravi, A., Shiravi, H., Tavallaee, M., Ghorbani, A.A.: Toward developing a systematic approach to generate benchmark datasets for intrusion detection. Comput. Secur. 31(3), 357\u2013374 (2012)","journal-title":"Comput. Secur."},{"issue":"4","key":"16_CR18","doi-asserted-by":"crossref","first-page":"547","DOI":"10.1016\/S1389-1286(00)00136-5","volume":"34","author":"EH Spafford","year":"2000","unstructured":"Spafford, E.H., Zamboni, D.: Intrusion detection using autonomous agents. Comput. Networks 34(4), 547\u2013570 (2000)","journal-title":"Comput. Networks"},{"key":"16_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"113","DOI":"10.1007\/978-3-540-45248-5_7","volume-title":"Recent Advances in Intrusion Detection","author":"J Undercoffer","year":"2003","unstructured":"Undercoffer, J., Joshi, A., Pinkston, J.: Modeling computer attacks: an ontology for intrusion detection. In: Vigna, G., Kruegel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol. 2820, pp. 113\u2013135. Springer, Heidelberg (2003). doi: 10.1007\/978-3-540-45248-5_7"},{"key":"16_CR20","unstructured":"Vaarandi, R., Niziski, P.: Comparative analysis of open-source log management solutions for security monitoring and network forensics. In: Proceedings of the 2013 European Conference on Information Warfare and Security, pp. 278\u2013287 (2013)"},{"key":"16_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"107","DOI":"10.1007\/978-3-540-74320-0_6","volume-title":"Recent Advances in Intrusion Detection","author":"M Vallentin","year":"2007","unstructured":"Vallentin, M., Sommer, R., Lee, J., Leres, C., Paxson, V., Tierney, B.: The NIDS cluster: scalable, stateful network intrusion detection on commodity hardware. In: Kruegel, C., Lippmann, R., Clark, A. (eds.) RAID 2007. LNCS, vol. 4637, pp. 107\u2013126. Springer, Heidelberg (2007). doi: 10.1007\/978-3-540-74320-0_6"},{"key":"16_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"116","DOI":"10.1007\/978-3-540-87403-4_7","volume-title":"Recent Advances in Intrusion Detection","author":"G Vasiliadis","year":"2008","unstructured":"Vasiliadis, G., Antonatos, S., Polychronakis, M., Markatos, E.P., Ioannidis, S.: Gnort: high performance network intrusion detection using graphics processors. In: Lippmann, R., Kirda, E., Trachtenberg, A. (eds.) RAID 2008. LNCS, vol. 5230, pp. 116\u2013134. Springer, Heidelberg (2008). doi: 10.1007\/978-3-540-87403-4_7"},{"key":"16_CR23","doi-asserted-by":"crossref","unstructured":"Veeramachaneni, K., Arnaldo, I., Korrapati, V., Bassias, C., Li, K.: $$AI{^2}$$ training a big data machine to defend. In: IEEE International Conference on Intelligent Data and Security (IDS), pp. 49\u201354 (2016)","DOI":"10.1109\/BigDataSecurity-HPSC-IDS.2016.79"},{"issue":"1","key":"16_CR24","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1016\/j.asoc.2009.06.019","volume":"10","author":"SX Wu","year":"2010","unstructured":"Wu, S.X., Banzhaf, W.: The use of computational intelligence in intrusion detection systems: a review. Appl. Soft Comput. 10(1), 1\u201335 (2010)","journal-title":"Appl. Soft Comput."},{"issue":"1","key":"16_CR25","doi-asserted-by":"crossref","first-page":"3","DOI":"10.1186\/s40537-015-0013-4","volume":"2","author":"R Zuech","year":"2015","unstructured":"Zuech, R., Khoshgoftaar, T.M., Wald, R.: Intrusion detection and big heterogeneous data: a survey. J. Big Data 2(1), 3 (2015)","journal-title":"J. Big Data"}],"container-title":["Lecture Notes in Computer Science","Flexible Query Answering Systems"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-59692-1_16","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,9,24]],"date-time":"2019-09-24T19:53:20Z","timestamp":1569354800000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-59692-1_16"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017]]},"ISBN":["9783319596914","9783319596921"],"references-count":25,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-59692-1_16","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2017]]}}}