{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,28]],"date-time":"2026-03-28T05:19:03Z","timestamp":1774675143826,"version":"3.50.1"},"publisher-location":"Berlin, Heidelberg","reference-count":25,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783540231233","type":"print"},{"value":"9783540301431","type":"electronic"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2004]]},"DOI":"10.1007\/978-3-540-30143-1_11","type":"book-chapter","created":{"date-parts":[[2010,9,18]],"date-time":"2010-09-18T19:59:24Z","timestamp":1284839964000},"page":"203-222","source":"Crossref","is-referenced-by-count":394,"title":["Anomalous Payload-Based Network Intrusion Detection"],"prefix":"10.1007","author":[{"given":"Ke","family":"Wang","sequence":"first","affiliation":[]},{"given":"Salvatore J.","family":"Stolfo","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"11_CR1","doi-asserted-by":"crossref","unstructured":"Armstrong, D., Carter, S., Frazier, G., Frazier, T.: A Controller-Based Autonomic Defense System. In: Proc. of DISCEX (2003)","DOI":"10.1109\/DISCEX.2003.1194902"},{"issue":"5199","key":"11_CR2","doi-asserted-by":"publisher","first-page":"843","DOI":"10.1126\/science.267.5199.843","volume":"267","author":"M. Damashek","year":"1995","unstructured":"Damashek, M.: Gauging similarity with n-grams: language independent categorization of text. Science\u00a0267(5199), 843\u2013848 (1995)","journal-title":"Science"},{"key":"11_CR3","doi-asserted-by":"crossref","unstructured":"Forrest, S., Hofmeyr, S.A., Somayaji, A., Longstaff, T.A.: A Sense of self for Unix Processes. In: Proc. of IEEE Symposium on Computer Security and Privacy (1996)","DOI":"10.1109\/SECPRI.1996.502675"},{"key":"11_CR4","unstructured":"Ghosh, A.K., Schwartzbard, A.: A study in Using Neural Networks for Anomaly and Misuse Detection. In: Proc. 8th USENIX Security Symposium (1999)"},{"key":"11_CR5","unstructured":"Hoagland, J.: SPADE, Silican Defense, http:\/\/www.silicondefense.com\/software\/spice (2000)"},{"key":"11_CR6","unstructured":"Javits, H.S., Valdes, A.: The NIDES statistical component: Description and justification. Technical report, SRI International, Computer Science Laboratory (1993)"},{"key":"11_CR7","series-title":"Fundamental Algorithms","volume-title":"the Art of Computer Programming","author":"D.E. Knuth","year":"1973","unstructured":"Knuth, D.E.: the Art of Computer Programming, 2nd edn. Fundamental Algorithms, vol.\u00a01. Addison Wesley, Reading (1973)","edition":"2"},{"key":"11_CR8","doi-asserted-by":"crossref","unstructured":"Kruegel, C., Toth, T., Kirda, E.: Service Specific Anomaly Detection for Network Intrusion Detection. In: Symposium on Applied Computing (SAC), Spain (March 2002)","DOI":"10.1145\/508791.508835"},{"key":"11_CR9","doi-asserted-by":"crossref","unstructured":"Lee, W., Stolfo, S.: A Framework for Constructing Features and Models for Intrusion Detection Systems. ACM Transactions on Information and System Security\u00a03(4) (November 2000)","DOI":"10.1145\/382912.382914"},{"issue":"4","key":"11_CR10","doi-asserted-by":"publisher","first-page":"579","DOI":"10.1016\/S1389-1286(00)00139-0","volume":"34","author":"R. Lippmann","year":"2000","unstructured":"Lippmann, R., et al.: The 1999 DARPA Off-Line Intrusion Detection Evaluation. Computer Networks\u00a034(4), 579\u2013595 (2000)","journal-title":"Computer Networks"},{"key":"11_CR11","unstructured":"Locasto, M., Parekh, J., Stolfo, S., Keromytis, A., Malkin, T., Misra, V.: Collaborative Distributed Intrusion Detection, Columbia University Tech Report, CUCS-012-04 (2004)"},{"key":"11_CR12","doi-asserted-by":"crossref","unstructured":"Mahoney, M.: Network Traffic Anomaly Detection Based on Packet Bytes. In: Proc. ACMSAC (2003)","DOI":"10.1145\/952532.952601"},{"key":"11_CR13","doi-asserted-by":"crossref","unstructured":"Mahoney, M., Chan, P.K.: Learning Nonstationary Models of Normal Network Traffic for Detecting Novel Attacks. In: Proc. SIGKDD 2002, pp. 376\u2013385 (2002)","DOI":"10.1145\/775047.775102"},{"key":"11_CR14","doi-asserted-by":"crossref","unstructured":"Mahoney, M., Chan, P.K.: Learning Models of Network Traffic for Detecting Novel Attacks, Florida Tech, Technical report 2002-08, http:\/\/cs.fit.edu\/~tr","DOI":"10.1145\/775047.775102"},{"key":"11_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"220","DOI":"10.1007\/978-3-540-45248-5_13","volume-title":"Recent Advances in Intrusion Detection","author":"M. Mahoney","year":"2003","unstructured":"Mahoney, M., Chan, P.K.: An Analysis of the 1999 DARPA\/Lincoln Laboratory Evaluation Data for Network Anomaly Detection. In: Vigna, G., Kr\u00fcgel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol.\u00a02820, pp. 220\u2013237. Springer, Heidelberg (2003)"},{"key":"11_CR16","unstructured":"Moore, D., Shannon, C., Voelker, G., Savage, S.: Internet Quarantine: Requirements for Containing Selp-Propagating Code. In: Proc. Infocom (2003)"},{"key":"11_CR17","unstructured":"V. Paxson, Bro: A system for detecting network intruders in real-time. In: USENIX Security Symposium (1998)"},{"key":"11_CR18","unstructured":"Porras, P., Neumann, P.: EMERALD: Event Monitoring Enabled Responses to Anomalous Live Disturbances. In: National Information Systems Security Conference (1997)"},{"key":"11_CR19","doi-asserted-by":"crossref","unstructured":"Robertson, S., Siegel, E., Miller, M., Stolfo, S.: Surveillance Detection in High Bandwidth Environments. In: Proceedings of the 2003 DARPA DISCEX III Conference (2003)","DOI":"10.1109\/DISCEX.2003.1194879"},{"key":"11_CR20","unstructured":"Roesch, M.: Snort: Lightweight intrusion detection for networks. In: USENIX LISA Conference (1999)"},{"key":"11_CR21","unstructured":"Staniford, S., Paxson, V., Weaver, N.: How to Own the Internet in Your Spare Time. In: Proceedings of the 11th USENIX Security Symposium (2002)"},{"key":"11_CR22","doi-asserted-by":"crossref","unstructured":"Stolfo, S.: Worm and Attack Early Warning: Piercing Stealthy Reconnaissance. IEEE Privacy and Security (May\/June 2004) (to appear)","DOI":"10.1109\/MSP.2004.28"},{"key":"11_CR23","doi-asserted-by":"crossref","unstructured":"Taylor, C., Alves-Foss, J.: NATE \u2013 Network Analysis of Anomalous Traffic Events, A Low-Cost approach. In: New Security Paradigms Workshop (2001)","DOI":"10.1145\/508185.508186"},{"key":"11_CR24","doi-asserted-by":"crossref","unstructured":"Vigna, G., Kemmerer, R.: NetSTAT: A Network-based intrusion detection approach. In: Computer Security Application Conference (1998)","DOI":"10.1109\/CSAC.1998.738566"},{"key":"11_CR25","unstructured":"Lane, T., Broadley, C.E.: Approaches to online learning and concept drift for user identification in computer security. In: 4th International Conference on Knowledge Discovery and Data Mining (1998)"}],"container-title":["Lecture Notes in Computer Science","Recent Advances in Intrusion Detection"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-540-30143-1_11.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,11,18]],"date-time":"2020-11-18T23:44:50Z","timestamp":1605743090000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-540-30143-1_11"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2004]]},"ISBN":["9783540231233","9783540301431"],"references-count":25,"URL":"https:\/\/doi.org\/10.1007\/978-3-540-30143-1_11","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2004]]}}}