{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,27]],"date-time":"2025-03-27T20:28:10Z","timestamp":1743107290377,"version":"3.40.3"},"publisher-location":"Berlin, Heidelberg","reference-count":30,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783540229872"},{"type":"electronic","value":"9783540301080"}],"license":[{"start":{"date-parts":[[2004,1,1]],"date-time":"2004-01-01T00:00:00Z","timestamp":1072915200000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2004]]},"DOI":"10.1007\/978-3-540-30108-0_27","type":"book-chapter","created":{"date-parts":[[2010,9,16]],"date-time":"2010-09-16T18:15:03Z","timestamp":1284660903000},"page":"439-456","source":"Crossref","is-referenced-by-count":26,"title":["Discovering Novel Attack Strategies from INFOSEC Alerts"],"prefix":"10.1007","author":[{"given":"Xinzhou","family":"Qin","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Wenke","family":"Lee","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"unstructured":"Bauer, E., Koller, D., Singer, Y.: Update rules for parameter estimation in Bayesian networks. In: Proceedings of the Thirteenth Conference on Uncertainty in Artificial Intelligence (UAI), Providence, RI, August 1997, pp. 3\u201313 (1997)","key":"27_CR1"},{"unstructured":"Cabrera, J.B.D., Lewis, L., Qin, X., Lee, W., Mehra, R.K.: Proactive intrusion detection and distributed denial of service attacks - a case study in security management. Journal of Network and Systems Management\u00a010(2) (June 2002)","key":"27_CR2"},{"unstructured":"Cabrera, J.B.D., Lewis, L., Qin, X., Lee, W., Prasanth, R.K., Ravichandran, B., Mehra, R.K.: Proactive detection of distributed denial of service attacks using mib traffic variables - a feasibility study. In: Proceedings of IFIP\/IEEE International Symposium on Integrated Network Management, IM 2001 (May 2001)","key":"27_CR3"},{"key":"27_CR4","doi-asserted-by":"publisher","first-page":"495","DOI":"10.1109\/TAC.1975.1101008","volume":"20","author":"P.E. Caines","year":"1975","unstructured":"Caines, P.E., Chan, C.W.: Feedback between stationary stastic process. IEEE Transactions on Automatic Control\u00a020, 495\u2013508 (1975)","journal-title":"IEEE Transactions on Automatic Control"},{"unstructured":"Cheung, S., Lindqvist, U., Fong, M.W.: Modeling multistep cyber attacks for scenario recognition. In: Proceedings of the Third DARPA Information Survivability Conference and Exposition (DISCEX III), Washington, D.C. (April 2003)","key":"27_CR5"},{"doi-asserted-by":"crossref","unstructured":"Cohen, I., Bronstein, A., Cozman, F.G.: Online learning of bayesian network parameters. Hewlett Packard Laboratories Technical Report, HPL-2001-55(R.1) (June 2001)","key":"27_CR6","DOI":"10.4271\/2001-01-2142"},{"doi-asserted-by":"crossref","unstructured":"Cuppens, F., Mi\u00e8ge, A.: Alert correlation in a cooperative intrusion detection framework. In: Proceedings of the 2002 IEEE Symposium on Security and Privacy, Oakland, CA, pp. 202\u2013215 (May 2002)","key":"27_CR7","DOI":"10.1109\/SECPRI.2002.1004372"},{"unstructured":"DAPRA Cyber Panel Program. DARPA cyber panel program grand challenge problem, GCP (2003), http:\/\/www.grandchallengeproblem.net\/","key":"27_CR8"},{"doi-asserted-by":"crossref","unstructured":"Debar, H., Wespi, A.: The intrusion-detection console correlation mechanism. In: 4th International Symposium on Recent Advances in Intrusion Detection (RAID) (October 2001)","key":"27_CR9","DOI":"10.1007\/3-540-39945-3"},{"unstructured":"Geib, C.W., Goldman, R.P.: Plan recognition in intrusion detection system. In: DARPA Information Survivability Conference and Exposition (DISCEX II) (June 2001)","key":"27_CR10"},{"key":"27_CR11","doi-asserted-by":"publisher","first-page":"777","DOI":"10.1080\/00207178108922956","volume":"33","author":"M.R. Gevers","year":"1981","unstructured":"Gevers, M.R., Anderson, B.D.O.: Representations of jointly stationary stochastic feedback processes. International Journal of Control\u00a033, 777\u2013809 (1981)","journal-title":"International Journal of Control"},{"unstructured":"Goldman, R.P., Heimerdinger, W., Harp, S.A.: Information modleing for intrusion report aggregation. In: DARPA Information Survivability Conference and Exposition (DISCEX II) (June 2001)","key":"27_CR12"},{"key":"27_CR13","doi-asserted-by":"publisher","first-page":"424","DOI":"10.2307\/1912791","volume":"34","author":"C.W.J. Granger","year":"1969","unstructured":"Granger, C.W.J.: Investigating causal relations by econometric methods and cross-spectral methods. Econometrica\u00a034, 424\u2013428 (1969)","journal-title":"Econometrica"},{"unstructured":"IETF Intrusion Detection Working Group. Intrusion detection message exchange format (2002), http:\/\/www.ietf.org\/internet-drafts\/draft-ietf-idwg-idmef-xml-09.txt","key":"27_CR14"},{"doi-asserted-by":"crossref","unstructured":"Haines, J., Ryder, D.K., Tinnel, L., Taylor, S.: Validation of sensor alert correlators. IEEE Security & Privacy Magazine (January\/February 2003)","key":"27_CR15","DOI":"10.1109\/MSECP.2003.1176995"},{"key":"27_CR16","first-page":"265","volume":"15","author":"W. Hesse","year":"2003","unstructured":"Hesse, W., Moller, E., Arnold, M., Witte, H., Schack, B.: Investigation of time-variant causal interactions between two eeg signals by means of the adaptive granger causality. Brain Topography\u00a015, 265\u2013266 (2003)","journal-title":"Brain Topography"},{"key":"27_CR17","doi-asserted-by":"publisher","first-page":"145","DOI":"10.1007\/s004220000235","volume":"85","author":"M. Kaminski","year":"2001","unstructured":"Kaminski, M., Ding, M., Truccolo, W.A., Bressler, S.L.: Evaluating causal relations in neural systems: Granger causality, direct transfer function (dtf) and statistical assessment of significance. Biological Cybernetics\u00a085, 145\u2013157 (2001)","journal-title":"Biological Cybernetics"},{"key":"27_CR18","doi-asserted-by":"publisher","first-page":"39","DOI":"10.1038\/40332","volume":"388","author":"R.K. Kaufamnn","year":"1997","unstructured":"Kaufamnn, R.K., Stern, D.I.: Evidence for human influence on climate from hemispheric temperature relations. Nature\u00a0388, 39\u201344 (1997)","journal-title":"Nature"},{"key":"27_CR19","doi-asserted-by":"publisher","first-page":"411","DOI":"10.1080\/13504850110088132","volume":"9","author":"H. Lee","year":"2002","unstructured":"Lee, H., Lin, K.S., Wu, J.: Pitfalls in using granger causality tests to find an engine of growth. Applied Economics Letters\u00a09, 411\u2013414 (2002)","journal-title":"Applied Economics Letters"},{"key":"27_CR20","doi-asserted-by":"publisher","first-page":"297","DOI":"10.1093\/biomet\/65.2.297","volume":"65","author":"G.M. Ljung","year":"1978","unstructured":"Ljung, G.M., Box, G.E.P.: On a measure of lack of fit in time series models. Biometrika\u00a065, 297\u2013303 (1978)","journal-title":"Biometrika"},{"key":"27_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"94","DOI":"10.1007\/978-3-540-45248-5_6","volume-title":"Recent Advances in Intrusion Detection","author":"B. Morin","year":"2003","unstructured":"Morin, B., Debar, H.: Correlation of intrusion symptoms: an application of chronicles. In: Vigna, G., Kr\u00fcgel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol.\u00a02820, pp. 94\u2013112. Springer, Heidelberg (2003)"},{"doi-asserted-by":"crossref","unstructured":"Ning, P., Cui, Y., Reeves, D.S.: Constructing attack scenarios through correlation of intrusion alerts. In: 9th ACM Conference on Computer and Communications Security (November 2002)","key":"27_CR22","DOI":"10.1145\/586110.586144"},{"doi-asserted-by":"crossref","unstructured":"Ning, P., Xu, D.: Learnign attack strategies from intrusion alerts. In: Proceedings of 10th ACM Conference on Computer and Communications Security, CCS 2003 (October 2003)","key":"27_CR23","DOI":"10.1145\/948134.948137"},{"unstructured":"Ning, P., Xu, D., Healey, C.G., Amant, R.A.: Building attack scenarios through integration of complementary alert correlation methods. In: Proceedings of the 11th Annual Network and Distributed System Security Symposium (NDSS 2004), San Diego, CA (February 2004)","key":"27_CR24"},{"key":"27_CR25","volume-title":"Probabilistic Reasoning in Intelligent Systems: Networks of Plausible Inference","author":"J. Pearl","year":"1988","unstructured":"Pearl, J.: Probabilistic Reasoning in Intelligent Systems: Networks of Plausible Inference. Morgan Kaufmann Publishers, Inc., San Francisco (1988)"},{"key":"27_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"95","DOI":"10.1007\/3-540-36084-0_6","volume-title":"Recent Advances in Intrusion Detection","author":"P.A. Porras","year":"2002","unstructured":"Porras, P.A., Fong, M.W., Valdes, A.: A Mission-Impact-Based approach to INFOSEC alarm correlation. In: Wespi, A., Vigna, G., Deri, L. (eds.) RAID 2002. LNCS, vol.\u00a02516, p. 95. Springer, Heidelberg (2002)"},{"key":"27_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"73","DOI":"10.1007\/978-3-540-45248-5_5","volume-title":"Recent Advances in Intrusion Detection","author":"X. Qin","year":"2003","unstructured":"Qin, X., Lee, W.: Statistical causality analysis of infosec alert data. In: Vigna, G., Kr\u00fcgel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol.\u00a02820, pp. 73\u201393. Springer, Heidelberg (2003)"},{"key":"27_CR28","volume-title":"Introduction to Probability Models","author":"S.M. Ross","year":"2000","unstructured":"Ross, S.M.: Introduction to Probability Models, 7th edn. Harcourt Academic Press, London (2000)","edition":"7"},{"key":"27_CR29","volume-title":"SNMP, SNMPv2, SNMPv3, and RMON 1 and 2","author":"W. Stallings","year":"1999","unstructured":"Stallings, W.: SNMP, SNMPv2, SNMPv3, and RMON 1 and 2. Addison-Wesley, Reading (1999)"},{"key":"27_CR30","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"54","DOI":"10.1007\/3-540-45474-8_4","volume-title":"Recent Advances in Intrusion Detection","author":"A. Valdes","year":"2001","unstructured":"Valdes, A., Skinner, K.: Probabilistic alert correlation. In: Lee, W., M\u00e9, L., Wespi, A. (eds.) RAID 2001. LNCS, vol.\u00a02212, p. 54. Springer, Heidelberg (2001)"}],"container-title":["Lecture Notes in Computer Science","Computer Security \u2013 ESORICS 2004"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-540-30108-0_27","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,2,25]],"date-time":"2025-02-25T21:52:08Z","timestamp":1740520328000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-540-30108-0_27"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2004]]},"ISBN":["9783540229872","9783540301080"],"references-count":30,"URL":"https:\/\/doi.org\/10.1007\/978-3-540-30108-0_27","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2004]]}}}