{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,5]],"date-time":"2024-09-05T19:56:19Z","timestamp":1725566179354},"publisher-location":"Berlin, Heidelberg","reference-count":25,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783540231233"},{"type":"electronic","value":"9783540301431"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2004]]},"DOI":"10.1007\/978-3-540-30143-1_15","type":"book-chapter","created":{"date-parts":[[2010,9,18]],"date-time":"2010-09-18T23:59:24Z","timestamp":1284854364000},"page":"278-295","source":"Crossref","is-referenced-by-count":5,"title":["Formal Reasoning About Intrusion Detection Systems"],"prefix":"10.1007","author":[{"given":"Tao","family":"Song","sequence":"first","affiliation":[]},{"given":"Calvin","family":"Ko","sequence":"additional","affiliation":[]},{"given":"Jim","family":"Alves-Foss","sequence":"additional","affiliation":[]},{"given":"Cui","family":"Zhang","sequence":"additional","affiliation":[]},{"given":"Karl","family":"Levitt","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"15_CR1","volume-title":"A computational logic","author":"R.S. Boyer","year":"1979","unstructured":"Boyer, R.S., Moore, J.S.: A computational logic. Academic Press, New York (1979)"},{"key":"15_CR2","unstructured":"Cert coordination center, advisory ca-1999-03, \n                    \n                      http:\/\/www.cert.org\/advisories\/CA-99-03.html"},{"key":"15_CR3","unstructured":"Ko, C.C.W.: Execution Monitoring of Security-Critical Programs in a Distributed System: A Specification-Based Approach. Ph.D. Thesis (August 1996)"},{"key":"15_CR4","doi-asserted-by":"crossref","unstructured":"Ko, C.: Logic induction of valid behavior specifications for intrusion detection. In: Proc. of IEEE Symposium on Security and Privacy (2000)","DOI":"10.1109\/SECPRI.2000.848452"},{"key":"15_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"190","DOI":"10.1007\/3-540-45474-8_12","volume-title":"Recent Advances in Intrusion Detection","author":"C. Ko","year":"2001","unstructured":"Ko, C., Rowe, J., Brutch, P., Levitt, K.: System Health and Intrusion Monitoring Using a hierarchy of Constraints. In: Lee, W., M\u00e9, L., Wespi, A. (eds.) RAID 2001. LNCS, vol.\u00a02212, p. 190. Springer, Heidelberg (2001)"},{"key":"15_CR6","unstructured":"Ghosh, A.K., Schwartzbard, A.: A Study in Using Neural Networks for Anomaly and Misuse Detection. In: Proc. of USENIX Security Symposium (1999)"},{"key":"15_CR7","doi-asserted-by":"publisher","first-page":"134","DOI":"10.1109\/CSAC.1994.367313","volume-title":"Proceedings of the Tenth Computer Security Applications Conference","author":"C. Ko","year":"1994","unstructured":"Ko, C., Fink, G., Levitt, K.: Automated detection of vulnerabilities in privileged programs by execution monitoring. In: Proceedings of the Tenth Computer Security Applications Conference, Orlando, FL, December 1994, pp. 134\u2013144. IEEE Computer Society Press, Los Alamitos (1994)"},{"key":"15_CR8","doi-asserted-by":"crossref","unstructured":"Ko, C., Ruschitzka, M., Levitt, K.: Execution Monitoring of Security-critical Programs in Distributed Systems: A Specification-based Approach. In: Proc. of the 1997 IEEE Symposium on Security and Privacy, Oakland, California, May 1997, pp. 134\u2013144 (1997)","DOI":"10.1109\/SECPRI.1997.601332"},{"key":"15_CR9","volume-title":"Computer-Aided Reasoning : An Approach","author":"M. Kaufmann","year":"2000","unstructured":"Kaufmann, M., Manolios, P., Moore, J.S.: Computer-Aided Reasoning: An Approach. Kluwer Academic Publishers, Dordrecht (2000)"},{"key":"15_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"190","DOI":"10.1007\/3-540-45474-8_12","volume-title":"Recent Advances in Intrusion Detection","author":"C. Ko","year":"2001","unstructured":"Ko, C., Rowe, J., Brutch, P., Levitt, K.: System Health and Intrusion Monitoring Using a hierarchy of Constraints. In: Lee, W., M\u00e9, L., Wespi, A. (eds.) RAID 2001. LNCS, vol.\u00a02212, p. 190. Springer, Heidelberg (2001)"},{"key":"15_CR11","unstructured":"Kim, G., Spafford, E.H.: The design of a system integrity monitor: Tripwire. Technical report CSD-TR-93-071, Purdue University (November 1993)"},{"key":"15_CR12","unstructured":"Lin, J.-L., Wang, X.S., Jajodia, S.: Abstraction-based misuse detection: highlevel specifications and adaptable strategies. In: Proc. of IEEE Computer Security Foundations Workshop (2002)"},{"key":"15_CR13","unstructured":"Lee, W., Stolfo, S.J., Mok, K.W.: A data mining framework for building intrusion detection models. In: Proc. of IEEE Symposium on Security and Privacy (1999)"},{"key":"15_CR14","volume-title":"Computer Security: Art and Science","author":"M.A. Bishop","year":"2002","unstructured":"Bishop, M.A.: Computer Security: Art and Science. Addison Wesley Longman, Amsterdam (2002)"},{"key":"15_CR15","volume-title":"Computer-Aided Reasoning: An Approach","author":"M. Kaufmann","year":"2000","unstructured":"Kaufmann, M., Manolios, P., Moore, J.S.: Computer-Aided Reasoning: An Approach. Kluwer Academic Publishers, Dordrecht (June 2000)"},{"key":"15_CR16","unstructured":"Roesch, M.: Snort: Lightweight Intrusion Detection for Networks. In: Proc. of USENIX LISA 1999, Seattle, Washington, November 1999, pp. 229\u2013238 (1999)"},{"key":"15_CR17","doi-asserted-by":"crossref","unstructured":"Pouzol, J.P., Ducasse, M.: Formal specication of intrusion signatures and detection rules. In: Proc. of IEEE Computer Security Foundations Workshop (2002)","DOI":"10.1109\/CSFW.2002.1021807"},{"key":"15_CR18","unstructured":"Porras, P.A., Neumann, P.G.: EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances. In: Proc. of the 20th National Information Systems Security Conference, Baltimore, Maryland, October 1997, pp. 353\u2013365 (1997)"},{"key":"15_CR19","doi-asserted-by":"crossref","unstructured":"Roger, M., Goubault-Larrecq, J.: Log auditing through model-checking. In: Proc.of 14th IEEE Computer Security Foundations Workshop, pp. 220\u2013234 (2001)","DOI":"10.1109\/CSFW.2001.930148"},{"key":"15_CR20","unstructured":"Sekar, R., Cai, Y., Segal, M.: A Specification-Based Approach for Building Survivable Systems. In: Proc. 21st NIST-NCSC National Information Systems Security Conference (1998)"},{"key":"15_CR21","doi-asserted-by":"crossref","unstructured":"Schultz, M.G., Eskin, E., Zadok, F., Stolfo, S.J.: Data mining methods for detection of new malicious executables. In: Proc. of IEEE Symposium on Security and Privacy (2001)","DOI":"10.1109\/SECPRI.2001.924286"},{"key":"15_CR22","doi-asserted-by":"crossref","unstructured":"Uppuluri, P., Sekar, R.: Experiences with Specification-based intrusion detection. In: Proc. of Recent Advances in Intrusion detection (2001)","DOI":"10.1007\/3-540-45474-8_11"},{"key":"15_CR23","doi-asserted-by":"crossref","unstructured":"Wagner, D., Dean, D.: Intrusion Detection via Static Analysis. In: IEEE Symposium on Security and Privacy (2001)","DOI":"10.1109\/SECPRI.2001.924296"},{"key":"15_CR24","unstructured":"Zerkle, D., Levitt, K.: NetKuang-A Multi-host Configuration Vulnerability Checker. In: Proc of Sixth USENIX Security Symposium (1996)"},{"key":"15_CR25","doi-asserted-by":"crossref","unstructured":"Mounji, A., Le Charlier, B.: Continuous Assessment of a Unix Configuration: Integrating Intrusion Detection and Configuration Analysis. In: Proc.of the ISOC 1997 Symposium on Network and Distributed System Security (1997)","DOI":"10.1109\/NDSS.1997.579216"}],"container-title":["Lecture Notes in Computer Science","Recent Advances in Intrusion Detection"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-540-30143-1_15.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,5,3]],"date-time":"2021-05-03T03:52:21Z","timestamp":1620013941000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-540-30143-1_15"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2004]]},"ISBN":["9783540231233","9783540301431"],"references-count":25,"URL":"https:\/\/doi.org\/10.1007\/978-3-540-30143-1_15","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2004]]}}}