{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,10]],"date-time":"2026-06-10T16:02:41Z","timestamp":1781107361368,"version":"3.54.1"},"publisher-location":"Berlin, Heidelberg","reference-count":33,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783540408789","type":"print"},{"value":"9783540452485","type":"electronic"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2003]]},"DOI":"10.1007\/978-3-540-45248-5_13","type":"book-chapter","created":{"date-parts":[[2010,6,28]],"date-time":"2010-06-28T04:40:20Z","timestamp":1277700020000},"page":"220-237","source":"Crossref","is-referenced-by-count":267,"title":["An Analysis of the 1999 DARPA\/Lincoln Laboratory Evaluation Data for Network Anomaly Detection"],"prefix":"10.1007","author":[{"given":"Matthew V.","family":"Mahoney","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Philip K.","family":"Chan","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","reference":[{"issue":"4","key":"13_CR1","doi-asserted-by":"publisher","first-page":"579","DOI":"10.1016\/S1389-1286(00)00139-0","volume":"34","author":"R. Lippmann","year":"2000","unstructured":"Lippmann, R., et al.: The 1999 DARPA Off-Line Intrusion Detection Evaluation. Computer Networks\u00a034(4), 579\u2013595 (2000), Data is available at http:\/\/www.ll.mit.edu\/IST\/ideval\/","journal-title":"Computer Networks"},{"key":"13_CR2","doi-asserted-by":"crossref","unstructured":"Lippmann, R.P., Haines, J.: Analysis and Results of the, DARPA Off-Line Intrusion Detection Evaluation, in Recent Advances in Intrusion Detection. In: Third International Workshop, Proc. RAID 2000, pp. 162\u2013182 (2000)","DOI":"10.1007\/3-540-39945-3_11"},{"key":"13_CR3","volume-title":"1999 DARPA Intrusion Detection Evaluation: Design and Procedures","author":"J.W. Haines","year":"2001","unstructured":"Haines, J.W., Lippmann, R.P., Fried, D.J., Zissman, M.A., Tran, E., Boswell, S.B.: 1999 DARPA Intrusion Detection Evaluation: Design and Procedures. MIT Lincoln Laboratory, Lexington (2001)"},{"key":"13_CR4","doi-asserted-by":"crossref","unstructured":"D. Barbara, Wu, S. Jajodia, \"Detecting Novel Network Attacks using Bayes Estimators\", Proc. SIAM Intl. Data Mining Conference, 2001.","DOI":"10.1137\/1.9781611972719.28"},{"key":"13_CR5","doi-asserted-by":"crossref","unstructured":"Valdes, A., Skinner, K.: Adaptive, Model-based Monitoring for Cyber Attack Detection. In: Proc. RAID 2000, pp. 80\u201392 (2000)","DOI":"10.1007\/3-540-39945-3_6"},{"key":"13_CR6","doi-asserted-by":"crossref","unstructured":"Mahoney, M., Chan, P.K.: PHAD: Packet Header Anomaly Detection for Identifying Hostile Network Traffic, Florida Tech. technical report CS-2001-2004, http:\/\/cs.fit.edu\/~tr\/","DOI":"10.1109\/ICDM.2003.1250987"},{"key":"13_CR7","doi-asserted-by":"crossref","unstructured":"Mahoney, M., Chan, P.K.: Learning Nonstationary Models of Normal Network Traffic for Detecting Novel Attacks. In: Proc. SIGKDD 2002, pp. 376\u2013385 (2002)","DOI":"10.1145\/775047.775102"},{"key":"13_CR8","doi-asserted-by":"crossref","unstructured":"Mahoney, M., Chan, P.K.: Learning Models of Network Traffic for Detecting Novel Attacks, Florida Tech. technical report CS-2002-2008, http:\/\/cs.fit.edu\/~tr\/","DOI":"10.1145\/775047.775102"},{"key":"13_CR9","doi-asserted-by":"crossref","unstructured":"Mahoney, M.: Network Traffic Anomaly Detection Based on Packet Bytes. In: Proc. ACMSAC (2003)","DOI":"10.1145\/952532.952601"},{"key":"13_CR10","unstructured":"Eskin, E.: Anomaly Detection over Noisy Data using Learned Probability Distributions. In: Proc. Intl. Conf. Machine Learning (2000)"},{"key":"13_CR11","volume-title":"Applications of Data Mining in Computer Security","author":"E. Eskin","year":"2002","unstructured":"Eskin, E., Arnold, A., Prerau, M., Portnoy, L., Stolfo, S.: A Geometric Framework for Unsupervised Anomaly Detection: Detecting Intrusions in Unlabeled Data. In: Barbara, D., Jajodia, S. (eds.) Applications of Data Mining in Computer Security, Kluwer, Dordrecht (2002)"},{"key":"13_CR12","unstructured":"Ghosh, A.K., Schwartzbard, A.: A Study in Using Neural Networks for Anomaly and Misuse Detection. In: Proc. 8\u2019th USENIX Security Symposium 1999 (1999)"},{"key":"13_CR13","unstructured":"Liao, Y., Vemuri, V.R.: Use of Text Categorization Techniques for Intrusion Detection. In: Proc. 11th USENIX Security Symposium, pp. 51\u201359 (2002)"},{"key":"13_CR14","unstructured":"Neumann, P.G., Porras, P.A.: Experience with EMERALD to DATE. In: Proc. 1st USENIX Workshop on Intrusion Detection and Network Monitoring, pp. 73\u201380 (1999)"},{"key":"13_CR15","unstructured":"Schwartzbard, A., Ghosh, A.K.: A Study in the Feasibility of Performing Host-based Anomaly Detection on Windows NT. In: Proc. RAID 1999 (1999)"},{"key":"13_CR16","doi-asserted-by":"crossref","unstructured":"Sekar, R., Gupta, A., Frullo, J., Shanbhag, T., Zhou, S., Tiwari, A., Yang, H.: Specification Based Anomaly Detection: A New Approach for Detecting Network Intrusions. In: Proc. ACM CCS (2002)","DOI":"10.1145\/586110.586146"},{"key":"13_CR17","doi-asserted-by":"crossref","unstructured":"Sekar, R., Uppuluri, P.: Synthesizing Fast Intrusion Prevention\/Detection Systems from High-Level Specifications. In: Proc. 8th USENIX Security Symposium 1999 (1999)","DOI":"10.1145\/319709.319712"},{"key":"13_CR18","unstructured":"Tyson, M., Berry, P., Williams, N., Moran, D., Blei, D.: DERBI: Diagnosis, Explanation and Recovery from computer Break-Ins. (2000), http:\/\/www.ai.sri.com\/~derbi\/"},{"key":"13_CR19","volume-title":"Proc. 2000 DARPA Information Survivability Conference and Exposition (DISCEX)","author":"G. Vigna","year":"2000","unstructured":"Vigna, G., Eckmann, S.T., Kemmerer, R.A.: The STAT Tool Suite. In: Proc. 2000 DARPA Information Survivability Conference and Exposition (DISCEX), IEEE Press, Los Alamitos (2000)"},{"key":"13_CR20","doi-asserted-by":"crossref","unstructured":"Vigna, G., Kemmerer, R.: NetSTAT: A Network-based Intrusion Detection System. Journal of Computer Security\u00a07(1), IOS Press (1999)","DOI":"10.3233\/JCS-1999-7103"},{"key":"13_CR21","unstructured":"Elkan, C.: Results of the KDD 1999 Classifier Learning Contest (1999), http:\/\/www.cs.ucsd.edu\/users\/elkan\/clresults.html"},{"key":"13_CR22","unstructured":"Portnoy, L.: Intrusion Detection with Unlabeled Data Using Clustering, Undergraduate Thesis, Columbia University (2000)"},{"key":"13_CR23","doi-asserted-by":"crossref","unstructured":"Yamanishi, K., Takeuchi, J., Williams, G.: On-line Unsupervised Outlier Detection Using Finite Mixtures with Discounting Learning Algorithms. In: Proc. KDD, pp. 320\u2013324 (2000)","DOI":"10.1145\/347090.347160"},{"key":"13_CR24","unstructured":"Paxson, V.: The Internet Traffic Archive (2002), http:\/\/ita.ee.lbl.gov\/"},{"key":"13_CR25","unstructured":"Forrest, S.: Computer Immune Systems, Data Sets and Software (2002), http:\/\/www.cs.unm.edu\/~immsec\/data-sets.htm"},{"key":"13_CR26","doi-asserted-by":"crossref","unstructured":"McHugh, J.: Testing Intrusion Detection Systems: A Critique of the 1998 and 1999 DARPA Intrusion Detection System Evaluations as Performed by Lincoln Laboratory. In: Proc. ACM TISSEC, vol.\u00a03(4), pp. 262\u2013294 (2000)","DOI":"10.1145\/382912.382923"},{"key":"13_CR27","unstructured":"Hoagland, J.: SPADE, Silicon Defense (2000), http:\/\/www.silicondefense.com\/software\/spice\/"},{"key":"13_CR28","unstructured":"Ptacek, T.H., Newsham, T.N.: Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection(1998), http:\/\/www.robertgraham.com\/mirror\/Ptacek-Newsham-Evasion-98.html"},{"key":"13_CR29","unstructured":"Roesch, M.: Snort - Lightweight Intrusion Detection for Networks. In: Proc. USENIX Lisa 1999 (1999)"},{"key":"13_CR30","unstructured":"Mahoney, M.: Source code for PHAD, ALAD, LERAD, NETAD, SAD, EVAL, TF, TM, and AFIL is available at, http:\/\/cs.fit.edu\/~mmahoney\/dist\/"},{"key":"13_CR31","unstructured":"Adamic, L.A.: Zipf, Power-laws, and Pareto - A Ranking Tutorial (2002), http:\/\/ginger.hpl.hp.com\/shl\/papers\/ranking\/ranking.html"},{"key":"13_CR32","unstructured":"Huberman, B.A., Adamic, L.A.: The Nature of Markets in the World Wide Web (1999), http:\/\/ideas.uqam.ca\/ideas\/data\/Papers\/scescecf9521.html"},{"key":"13_CR33","unstructured":"Mahoney, M.: A Machine Learning Approach to Detecting Attacks by Identifying Anomalies in Network Traffic, Ph.D. dissertation, Florida Institute of Technology (2003)"}],"container-title":["Lecture Notes in Computer Science","Recent Advances in Intrusion Detection"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-540-45248-5_13","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,2,22]],"date-time":"2025-02-22T08:38:18Z","timestamp":1740213498000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-540-45248-5_13"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2003]]},"ISBN":["9783540408789","9783540452485"],"references-count":33,"URL":"https:\/\/doi.org\/10.1007\/978-3-540-45248-5_13","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2003]]}}}