{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,7]],"date-time":"2026-02-07T04:01:08Z","timestamp":1770436868728,"version":"3.49.0"},"publisher-location":"Berlin, Heidelberg","reference-count":27,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783540203001","type":"print"},{"value":"9783540396505","type":"electronic"}],"license":[{"start":{"date-parts":[[2003,1,1]],"date-time":"2003-01-01T00:00:00Z","timestamp":1041379200000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2003]]},"DOI":"10.1007\/978-3-540-39650-5_19","type":"book-chapter","created":{"date-parts":[[2010,6,25]],"date-time":"2010-06-25T19:20:21Z","timestamp":1277493621000},"page":"326-343","source":"Crossref","is-referenced-by-count":94,"title":["On the Detection of Anomalous System Call Arguments"],"prefix":"10.1007","author":[{"given":"Christopher","family":"Kruegel","sequence":"first","affiliation":[]},{"given":"Darren","family":"Mutz","sequence":"additional","affiliation":[]},{"given":"Fredrik","family":"Valeur","sequence":"additional","affiliation":[]},{"given":"Giovanni","family":"Vigna","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"19_CR1","unstructured":"Advisory: Input validation problems in wuftpd (2000), http:\/\/www.cert.org\/advisories\/CA-2000-13.html"},{"key":"19_CR2","unstructured":"Advisory: Buffer overflow in linuxconf (2002), http:\/\/www.idefense.com\/advisory\/08.28.02.txt"},{"key":"19_CR3","doi-asserted-by":"crossref","unstructured":"Bernaschi, M., Gabrielli, E., Mancini, L.V.: REMUS: a Security-Enhanced Operating System. ACM Transactions on Information and System Security\u00a05(36) (February 2002)","DOI":"10.1145\/504909.504911"},{"key":"19_CR4","volume-title":"Probability and Measure","author":"P. Billingsley","year":"1995","unstructured":"Billingsley, P.: Probability and Measure, 3rd edn. Wiley-Interscience, Hoboken (April 1995)","edition":"3"},{"key":"19_CR5","unstructured":"Chari, S.N., Cheng, P.-C.: Bluebox: A policy-driven, host-based intrusion detection system. In: Proceedings of the 2002 ISOC Symposium on Network and Distributed System Security (NDSS 2002), San Diego, CA (2002)"},{"issue":"2","key":"19_CR6","doi-asserted-by":"publisher","first-page":"222","DOI":"10.1109\/TSE.1987.232894","volume":"13","author":"D.E. Denning","year":"1987","unstructured":"Denning, D.E.: An Intrusion Detection Model. IEEE Transactions on Software Engineering\u00a013(2), 222\u2013232 (1987)","journal-title":"IEEE Transactions on Software Engineering"},{"issue":"1\/2","key":"19_CR7","doi-asserted-by":"crossref","first-page":"71","DOI":"10.3233\/JCS-2002-101-204","volume":"10","author":"S.T. Eckmann","year":"2002","unstructured":"Eckmann, S.T., Vigna, G., Kemmerer, R.A.: STATL: An Attack Language for State-based Intrusion Detection. Journal of Computer Security\u00a010(1\/2), 71\u2013104 (2002)","journal-title":"Journal of Computer Security"},{"key":"19_CR8","unstructured":"Forrest, S.: A Sense of Self for UNIX Processes. In: Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, pp. 120\u2013128 (May 1996)"},{"key":"19_CR9","doi-asserted-by":"crossref","unstructured":"Ghosh, A.K., Wanken, J., Charron, F.: Detecting Anomalous and Unknown Intrusions Against Programs. In: Proceedings of the Annual Computer Security Application Conference (ACSAC 1998), Scottsdale, AZ, pp. 259\u2013267 (December 1998)","DOI":"10.21236\/ADA329518"},{"key":"19_CR10","unstructured":"Goldberg, I., Wagner, D., Thomas, R., Brewer, E.A.: A secure environment for untrusted helper applications. In: Proceedings of the 6th Usenix Security Symposium, San Jose, CA, USA (1996)"},{"key":"19_CR11","unstructured":"Javitz, H.S., Valdes, A.: The SRI IDES Statistical Anomaly Detector. In: Proceedings of the IEEE Symposium on Security and Privacy (May 1991)"},{"key":"19_CR12","doi-asserted-by":"crossref","unstructured":"Ko, C., Ruschitzka, M., Levitt, K.: Execution Monitoring of Security-Critical Programs in Distributed Systems: A Specification-based Approach. In: Proceedings of the 1997 IEEE Symposium on Security and Privacy, pp. 175\u2013187 (May 1997)","DOI":"10.1109\/SECPRI.1997.601332"},{"key":"19_CR13","unstructured":"MIT Lincoln Laboratory. DARPA Intrusion Detection Evaluation (1999), http:\/\/www.ll.mit.edu\/IST\/ideval\/"},{"key":"19_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"264","DOI":"10.1007\/3-540-45853-0_16","volume-title":"Computer Security - ESORICS 2002","author":"S.Y. Lee","year":"2002","unstructured":"Lee, S.Y., Low, W.L., Wong, P.Y.: Learning Fingerprints for a Database Intrusion Detection System. In: Gollmann, D., Karjoth, G., Waidner, M. (eds.) ESORICS 2002. LNCS, vol.\u00a02502, p. 264. Springer, Heidelberg (2002)"},{"key":"19_CR15","unstructured":"Lee, W., Stolfo, S., Chan, P.: Learning Patterns from Unix Process Execution Traces for Intrusion Detection. In: Proceedings of the AAAI Workshop: AI Approaches to Fraud Detection and Risk Management (July 1997)"},{"key":"19_CR16","doi-asserted-by":"crossref","unstructured":"Lee, W., Stolfo, S., Mok, K.: Mining in a Data-flow Environment: Experience in Network Intrusion Detection. In: Proceedings of the 5th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining (KDD 1999), San Diego, CA (August 1999)","DOI":"10.1145\/312129.312212"},{"key":"19_CR17","doi-asserted-by":"crossref","unstructured":"Lindqvist, U., Porras, P.A.: Detecting Computer and Network Misuse with the Production-Based Expert System Toolset (P-BEST). In: IEEE Symposium on Security and Privacy, Oakland, California, pp. 146\u2013161 (May 1999)","DOI":"10.1109\/SECPRI.1999.766911"},{"key":"19_CR18","unstructured":"Paxson, V.: Bro: A System for Detecting Network Intruders in Real-Time. In: Proceedings of the 7th USENIX Security Symposium, San Antonio, TX (January 1998)"},{"key":"19_CR19","unstructured":"Provos, N.: Improving host security with system call policies. In: Proceedings of the 12th Usenix Security Symposium, Washington, DC (2003)"},{"key":"19_CR20","unstructured":"SNARE - System iNtrusion Analysis and Reporting Environment, http:\/\/www.intersectalliance.com\/projects\/Snare"},{"key":"19_CR21","unstructured":"Stolcke, A., Omohundro, S.: HiddenMarkov Model Induction by Bayesian Model Merging. In: Advances in Neural Information Processing Systems (1993)"},{"key":"19_CR22","doi-asserted-by":"crossref","unstructured":"Stolcke, A., Omohundro, S.: Inducing probabilistic grammars by bayesian model merging. In: International Conference on Grammatical Inference (1994)","DOI":"10.1007\/3-540-58473-0_141"},{"key":"19_CR23","doi-asserted-by":"crossref","unstructured":"Tan, K., Maxion, R.: \u201cWhy 6?\u201d Defining the Operational Limits of Stide, an Anomaly-Based Intrusion Detector. In: Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, pp. 188\u2013202 (May 2002)","DOI":"10.1109\/SECPRI.2002.1004371"},{"key":"19_CR24","doi-asserted-by":"crossref","unstructured":"Tan, K.M.C., Killourhy, K.S., Maxion, R.A.: Undermining an Anomaly-Based Intrusion Detection System Using Common Exploits. In: Proceedings of the 5th International Symposium on Recent Advances in Intrusion Detection, Zurich, Switzerland, pp. 54\u201373 (October 2002)","DOI":"10.1007\/3-540-36084-0_4"},{"key":"19_CR25","volume-title":"Proceedings of the IEEE Symposium on Security and Privacy","author":"D. Wagner","year":"2001","unstructured":"Wagner, D., Dean, D.: Intrusion Detection via Static Analysis. In: Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA. IEEE Press, Los Alamitos (May 2001)"},{"key":"19_CR26","doi-asserted-by":"crossref","unstructured":"Wagner, D., Soto, P.: Mimicry Attacks on Host-Based Intrusion Detection Systems. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, Washington DC, USA, pp. 255\u2013264 (November 2002)","DOI":"10.1145\/586110.586145"},{"key":"19_CR27","doi-asserted-by":"crossref","unstructured":"Warrender, C., Forrest, S., Pearlmutter, B.A.: Detecting intrusions using system calls: Alternative data models. In: IEEE Symposium on Security and Privacy, pp. 133\u2013145 (1999)","DOI":"10.1109\/SECPRI.1999.766910"}],"container-title":["Lecture Notes in Computer Science","Computer Security \u2013 ESORICS 2003"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-540-39650-5_19","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,2,22]],"date-time":"2025-02-22T07:44:27Z","timestamp":1740210267000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-540-39650-5_19"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2003]]},"ISBN":["9783540203001","9783540396505"],"references-count":27,"URL":"https:\/\/doi.org\/10.1007\/978-3-540-39650-5_19","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2003]]}}}