{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,23]],"date-time":"2025-08-23T05:06:15Z","timestamp":1755925575202,"version":"3.38.0"},"publisher-location":"Berlin, Heidelberg","reference-count":27,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783540231233"},{"type":"electronic","value":"9783540301431"}],"license":[{"start":{"date-parts":[[2004,1,1]],"date-time":"2004-01-01T00:00:00Z","timestamp":1072915200000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2004]]},"DOI":"10.1007\/978-3-540-30143-1_4","type":"book-chapter","created":{"date-parts":[[2010,9,18]],"date-time":"2010-09-18T23:59:24Z","timestamp":1284854364000},"page":"59-81","source":"Crossref","is-referenced-by-count":122,"title":["Fast Detection of Scanning Worm Infections"],"prefix":"10.1007","author":[{"given":"Stuart E.","family":"Schechter","sequence":"first","affiliation":[]},{"given":"Jaeyeon","family":"Jung","sequence":"additional","affiliation":[]},{"given":"Arthur W.","family":"Berger","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"4_CR1","doi-asserted-by":"crossref","unstructured":"Bakos, G., Berk, V.: Early detection of internet worm activity by metering ICMP destination unreachable messages. In: Proceedings of the SPIE Aerosense (2002)","DOI":"10.1117\/12.479290"},{"key":"4_CR2","doi-asserted-by":"crossref","unstructured":"Berk, V., Bakos, G., Morris, R.: Designing a framework for active worm detection on global networks. In: Proceedings of the IEEE International Workshop on Information Assurance (March 2003)","DOI":"10.1109\/IWIAS.2003.1192455"},{"key":"4_CR3","doi-asserted-by":"crossref","unstructured":"Berk, V.H., Gray, R.S., Bakos, G.: Using sensor networks and data fusion for early detection of active worms. In: Proceedings of the SPIE Aerosense Conference (April 2003)","DOI":"10.1117\/12.500849"},{"key":"4_CR4","unstructured":"CERT. \u201cCode Red II:\u201d another worm exploiting buffer overflow in IIS indexing service DLL, http:\/\/tinyurl.com\/2lzgb"},{"key":"4_CR5","unstructured":"F-Secure. Computer virus information pages: Lovsan, http:\/\/tinyurl.com\/ojd1"},{"key":"4_CR6","unstructured":"F-Secure. Computer virus information pages: Mimail.J, http:\/\/tinyurl.com\/3ybsp"},{"key":"4_CR7","unstructured":"Jung, J., Paxson, V., Berger, A.W., Balakrishnan, H.: Fast portscan detection using sequential hypothesis testing. In: Proceedings of the IEEE Symposium on Security and Privacy, May 9-12 (2004)"},{"key":"4_CR8","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/948187.948189","volume-title":"Proceedings of the 2003 ACM Workshop on Rapid Malcode","author":"D.M. Kienzle","year":"2003","unstructured":"Kienzle, D.M., Elder, M.C.: Recent worms: a survey and trends. In: Proceedings of the 2003 ACM Workshop on Rapid Malcode, October 27, pp. 1\u201310. ACM Press, New York (2003)"},{"key":"4_CR9","doi-asserted-by":"crossref","first-page":"33","DOI":"10.1109\/MSECP.2003.1219056","volume":"1","author":"D. Moore","year":"2003","unstructured":"Moore, D., Paxson, V., Savage, S., Shannon, C., Staniford, S., Weaver, N.: Inside the Slammer worm. IEEE Security and Privacy\u00a01, 33\u201339 (2003)","journal-title":"IEEE Security and Privacy"},{"key":"4_CR10","doi-asserted-by":"crossref","unstructured":"Moore, D., Shannon, C., Voelker, G.M., Savage, S.: Internet quarantine: Requirements for containing self-propagating code. In: Proceedings of IEEE INFOCOM, April 1-3 (2003)","DOI":"10.1109\/INFCOM.2003.1209212"},{"key":"4_CR11","unstructured":"Network Associates Inc. Security threat report for W32\/MydoomMM, http:\/\/tinyurl.com\/2asgc"},{"key":"4_CR12","unstructured":"Paxson, V.: Bro: A system for detecting network intruders in real-time, http:\/\/www.icir.org\/vern\/bro-info.html"},{"issue":"23-24","key":"4_CR13","doi-asserted-by":"publisher","first-page":"2435","DOI":"10.1016\/S1389-1286(99)00112-7","volume":"31","author":"V. Paxson","year":"1999","unstructured":"Paxson, V.: Bro: a system for detecting network intruders in real-time. Computer Networks\u00a031(23-24), 2435\u20132463 (1999)","journal-title":"Computer Networks"},{"key":"4_CR14","unstructured":"Sidiroglou, S., Keromytis, A.D.: Countering network worms through automatic patch generation. Technical Report CUCS-029-03 (2003)"},{"key":"4_CR15","unstructured":"Sidiroglou, S., Keromytis, A.D.: A network worm vaccine architecture. In: Proceedings of the IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE), Workshop on Enterprise Security (June 2003)"},{"key":"4_CR16","unstructured":"Staniford, S.: Containment of scanning worms in enterprise networks. Journal of Computer Security (forthcoming)"},{"issue":"1","key":"4_CR17","doi-asserted-by":"crossref","first-page":"105","DOI":"10.3233\/JCS-2002-101-205","volume":"10","author":"S. Staniford","year":"2002","unstructured":"Staniford, S., Hoagland, J., McAlerney, J.: Practical automated detection of stealthy portscans. Journal of Computer Security\u00a010(1), 105\u2013136 (2002)","journal-title":"Journal of Computer Security"},{"key":"4_CR18","unstructured":"Staniford, S., Paxson, V., Weaver, N.: How to 0wn the Internet in your spare time. In: Proceedings of the 11th USENIX Security Symposium, August 7-9 (2002)"},{"key":"4_CR19","unstructured":"Staniford-Chen, S., Cheung, S., Crawford, R., Dilger, M., Frank, J., Hoagland, J., Levitt, K., Wee, C., Yip, R., Zerkle, D.: GrIDS \u2013 A graph-based intrusion detection system for large networks. In: Proceedings of the 19th National Information Systems Security Conference, October 1996, vol.\u00a01, pp. 361\u2013370 (1996)"},{"key":"4_CR20","unstructured":"Symantec. Security response \u2013 CodeRed II, http:\/\/tinyurl.com\/89t0"},{"key":"4_CR21","unstructured":"Symantec. Security response \u2013 W32.Novarg.Amm, http:\/\/tinyurl.com\/2lv95"},{"key":"4_CR22","unstructured":"Twycross, J., Williamson, M.M.: Implementing and testing a virus throttle. In: Proceedings of the 12th USENIX Security Symposium, August 4-8 (2003)"},{"key":"4_CR23","unstructured":"von Ahn, L., Blum, M., Langford, J.: Telling humans and computers apart (automatically) or how lazy cryptographers do AI. Technical Report CMUCS- 02-117 (February 2002)"},{"key":"4_CR24","volume-title":"Sequential Analysis","author":"A. Wald","year":"1947","unstructured":"Wald, A.: Sequential Analysis. J. Wiley & Sons, New York (1947)"},{"key":"4_CR25","doi-asserted-by":"publisher","first-page":"11","DOI":"10.1145\/948187.948190","volume-title":"Proceedings of the 2003 ACM Workshop on Rapid Malcode","author":"N. Weaver","year":"2003","unstructured":"Weaver, N., Paxson, V., Staniford, S., Cunningham, R.: A taxonomy of computer worms. In: Proceedings of the 2003 ACM Workshop on Rapid Malcode, October 27, pp. 11\u201318. ACM Press, New York (2003)"},{"key":"4_CR26","unstructured":"Weaver, N., Staniford, S., Paxson, V.: Very fast containment of scanning worms. In: Proceedings of the 13th USENIX Security Symposium, August 9-13 (2004)"},{"key":"4_CR27","unstructured":"Williamson, M.M.: Throttling viruses: Restricting propagation to defeat malicious mobile code. In: Proceedings of The 18th Annual Computer Security Applications Conference (ACSAC 2002), December 9-13 (2002)"}],"container-title":["Lecture Notes in Computer Science","Recent Advances in Intrusion Detection"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-540-30143-1_4","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,2,25]],"date-time":"2025-02-25T22:36:55Z","timestamp":1740523015000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-540-30143-1_4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2004]]},"ISBN":["9783540231233","9783540301431"],"references-count":27,"URL":"https:\/\/doi.org\/10.1007\/978-3-540-30143-1_4","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2004]]}}}