{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,2,23]],"date-time":"2025-02-23T05:12:34Z","timestamp":1740287554439,"version":"3.37.3"},"publisher-location":"Berlin, Heidelberg","reference-count":39,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783540408789"},{"type":"electronic","value":"9783540452485"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2003]]},"DOI":"10.1007\/978-3-540-45248-5_4","type":"book-chapter","created":{"date-parts":[[2010,6,28]],"date-time":"2010-06-28T04:40:20Z","timestamp":1277700020000},"page":"55-72","source":"Crossref","is-referenced-by-count":20,"title":["An Approach for Detecting Self-propagating Email Using Anomaly Detection"],"prefix":"10.1007","author":[{"given":"Ajay","family":"Gupta","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"R.","family":"Sekar","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"key":"4_CR1","unstructured":"CERT\/CC Co-ordination Center Advisories, Carnegie Mellon (1988-1998), http:\/\/www.cert.org\/advisories\/index.html"},{"key":"4_CR2","unstructured":"Spafford, E.H.: The Internet worm program: an analysis, Tech. Report CSD-TR-823, Department of Computer Science, Purdue University (1988)"},{"key":"4_CR3","doi-asserted-by":"crossref","unstructured":"Lane, T., Brodley, C.E.: Temporal Sequence Learning and Data Reduction forAnomaly Detection. ACM Transactions on Information and System Security (1998)","DOI":"10.1145\/288090.288122"},{"key":"4_CR4","unstructured":"Lunt, T., Tamaru, A., Gilham, F., Jagannathan, R., Neumann, P., Javitz, H., Valdes, A., Garvey, T.: A real-time intrusion detection expert system (IDES) - final technical report. Technical report, Computer Science Laboratory, SRI International, Menlo Park, California (February 1992)"},{"key":"4_CR5","doi-asserted-by":"crossref","unstructured":"Heberlein, T., Dias, G., Levitt, K., Mukherjee, B., Wood, J., Wobler, D.: A Network Security Monitor. In: Proceedings IEEE Symposium on Research in Computer Security and Privacy (1990)","DOI":"10.1109\/RISP.1990.63859"},{"key":"4_CR6","unstructured":"Schultz, M., Eskin, E., Stolfo, S.J.: Malicious Email Filter -AUNIX Mail Filter that Detects Malicious Windows Executables. In: Proceedings of USENIX Annual Technical Conference (2001)"},{"key":"4_CR7","doi-asserted-by":"crossref","unstructured":"Kephart, J.O., White, S.R.: Directed-graph Epidemiological Models of ComputerViruses, IBM T.J. Watson Research Center. In: IEEE Computer Society Symposium on Research in Security and Privacy, pp. 343\u2013359 (1991)","DOI":"10.1109\/RISP.1991.130801"},{"key":"4_CR8","doi-asserted-by":"crossref","unstructured":"Kephart, J.O., Chess, D.M., White, S.R.: Computers and Epidemiology, IBM T.J.Watson Research Center. IEEE Spectrum (May 1993)","DOI":"10.1109\/6.275061"},{"key":"4_CR9","unstructured":"Kephart, J.O., Sorkia, G.B., Swimmer, M., White, S.R.: Blueprint for a Computer Immune System. Technical report, IBM T.J. Watson Research Center, Yorktown Heights, New York (1997)"},{"key":"4_CR10","unstructured":"Wang, C., Knight, J.C., Elder, M.C.: On Computer Viral Infection and the Effect of Immunization, Department of Computer Science, University of Virginia, ACSAC (2000)"},{"key":"4_CR11","unstructured":"Julisch, K.: Mining Alarm Clusters to Improve Alarm Handling Efficiency, IBM Research, Zurich Research Laboratory, ACSAC (2001)"},{"key":"4_CR12","unstructured":"Staniford, S.: Analysis of spread of July infestation of the Code Red worm, UC Davis, http:\/\/www.silicondefense.com\/cr\/july.html"},{"key":"4_CR13","unstructured":"Anderson, D., Lunt, T., Javitz, H., Tamaru, A., Valdes, A.: Next-generation Intrusion Detection Expert System (NIDES): A Summary, SRI-CSL-95-07, SRI International (1995)"},{"key":"4_CR14","unstructured":"Staniford, S., Paxson, V., Weaver, N.: How to Own the Internet in Your Spare Time. In: Usenix Security Symposium (2002)"},{"key":"4_CR15","doi-asserted-by":"crossref","unstructured":"Jorgensen, J., Rossignol, P., Takikawa, M., Upper, D.: Cyber Ecology: Looking to Ecology for Insights into Information Assurance. In: DISCEX 2001, Proceedings, vol.\u00a02 (2001)","DOI":"10.1109\/DISCEX.2001.932180"},{"key":"4_CR16","doi-asserted-by":"crossref","unstructured":"Taylor, C., Alves-Foss, J.: NATE, Network Analysis of Anomalous Traffic Events. In: A Low-cost Approach, New Security Paradigms Workshop (2001)","DOI":"10.1145\/508185.508186"},{"key":"4_CR17","doi-asserted-by":"crossref","unstructured":"Bhattacharyya, M., Hershkop, S., Eskin, E., Stolfo, S.J.: MET: An Experimental System for Malicious Email Tracking. In: Workshop on New Security Paradigms (2002) (NSPW-2002)","DOI":"10.1145\/844102.844104"},{"key":"4_CR18","doi-asserted-by":"crossref","unstructured":"Lin, M.-J., Ricciardi, A.M., Marzullo, K.: A New Model for Availability in the Face of Self-Propagating Attacks. In: Workshop on New Security Paradigms (1998)","DOI":"10.1145\/310889.310928"},{"key":"4_CR19","unstructured":"Lee, W., Stolfo, S.J., Mok, K.: AData Mining Framework for Building Intrusion Detection Models. In: IEEE Symposium on Security and Privacy (1999)"},{"key":"4_CR20","doi-asserted-by":"crossref","unstructured":"Faloutsos, M., Faloutsos, P., Faloutsos, C.: On Power-Law Relationships of the Internet. ACM SIGCOMM (1999)","DOI":"10.1145\/316188.316229"},{"key":"4_CR21","doi-asserted-by":"crossref","unstructured":"Schultz, M.G., Eskin, E., Zadok, E.: Data Mining Methods for Detection of New Malicious Executables. In: IEEE Symposium on Security and Privacy (May 2001)","DOI":"10.1109\/SECPRI.2001.924286"},{"key":"4_CR22","unstructured":"Whalley, I., Arnold, B., Chess, D., Morar, J., Segal, A., Swimmer, M.: An Environment for Controlled Worm Replication and Analysis. IBM TJWatson Research Center (September 2000)"},{"key":"4_CR23","doi-asserted-by":"crossref","unstructured":"Heberlein, L., et al.: ANetwork Security Monitor. In: Symposium on Research Security and Privacy (1990)","DOI":"10.1109\/RISP.1990.63859"},{"key":"4_CR24","doi-asserted-by":"crossref","unstructured":"Hochberg, J., et al.: NADIR:AnAutomated System for Detecting Network Intrusion and Misuse. Computers and Security\u00a012(3) (May 1993)","DOI":"10.1016\/0167-4048(93)90110-Q"},{"key":"4_CR25","unstructured":"Lee, W., Stolfo, S.: Data Mining Approaches for Intrusion Detection. In: USENIX Security Symposium (1998)"},{"key":"4_CR26","unstructured":"Paxson, V.: Bro: A System for Detecting Network Intruders in Real-Time. In: USENIX Security Symposium (1998)"},{"key":"4_CR27","unstructured":"Porras, P., Neumann, P.: EMERALD: Event Monitoring Enabled Responses to Anomalous Live Disturbances. In: National Information Systems Security Conference (1997)"},{"key":"4_CR28","unstructured":"Inc. Network Flight Recorder. Network flight recorder (1997), http:\/\/www.nfr.com"},{"key":"4_CR29","doi-asserted-by":"crossref","unstructured":"Vigna, G., Kemmerer, R.: NetSTAT:A Network-based Intrusion Detection Approach. In: Computer Security Applications Conference (1998)","DOI":"10.3233\/JCS-1999-7103"},{"key":"4_CR30","volume-title":"Proceedings of DISCEX 2000","author":"G. Vigna","year":"2000","unstructured":"Vigna, G., Eckmann, S.T., Kemmerer, R.: The STAT Tool Suite. In: Proceedings of DISCEX 2000, IEEE Press, Los Alamitos (2000)"},{"key":"4_CR31","unstructured":"Staniford-Chen, S., et al.: GrIDS: A Graph-Based Intrusion Detection System for Large Networks. In: Proceedings of the 19th National Information Systems Security Conference, Baltimore (1996)"},{"key":"4_CR32","doi-asserted-by":"crossref","unstructured":"Forrest, S., Hofmeyr, S., Somayaji, A.: Computer Immunology. Comm. of ACM 40(10) (1997)","DOI":"10.1145\/262793.262811"},{"key":"4_CR33","unstructured":"Ghosh, A., Schwartzbard, A., Schatz, M.: Learning Program Behavior Profiles for Intrusion Detection. In: 1st USENIX Workshop on Intrusion Detection and Network Monitoring (1999)"},{"key":"4_CR34","unstructured":"Sekar, R., Bendre, M., Bollineni, P., Dhurjati, D.: A Fast Automaton-Based Approach for Learning Program Behaviors. In: IEEE Symposium on Security and Privacy (2001)"},{"key":"4_CR35","doi-asserted-by":"crossref","unstructured":"Stolfo, S.J., Hershkop, S., Wang, K., Nimeskern, O., Hu, C.-W.: Behavior Profiling of Email. Submitted to 1st NSF\/NIJ Symposium on Intelligence and Security Informatics (ISI 2003).","DOI":"10.1007\/3-540-44853-5_6"},{"key":"4_CR36","doi-asserted-by":"crossref","unstructured":"Sekar, R., Gupta, A., Frullo, J., Shanbhag, T., Tiwari, A., Yang, H., Zhou, S.: Specification-based anomaly detection: a new approach for detecting network intrusions. In: ACM Computer and Communication Security Conference (2002)","DOI":"10.1145\/586110.586146"},{"key":"4_CR37","doi-asserted-by":"crossref","unstructured":"Sekar, R., Guang, Y., Shanbhag, T., Verma, S.: A High-Performance Network Intrusion Detection System. In: ACM Computer and Communication Security Conference (1999)","DOI":"10.1145\/319709.319712"},{"key":"4_CR38","unstructured":"Sekar, R., Uppuluri, P.: Synthesizing Fast Intrusion Prevention\/Detection Systems from High-Level Specifications. In: USENIX Security Symposium (1999)"},{"key":"4_CR39","doi-asserted-by":"crossref","unstructured":"Zou, C.C., Gong, W., Towsley, D.: Code Red Worm Propagation Modeling and Analysis. In: ACM Computer and Communication Security Conference (2002)","DOI":"10.1145\/586110.586130"}],"container-title":["Lecture Notes in Computer Science","Recent Advances in Intrusion Detection"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-540-45248-5_4","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,2,22]],"date-time":"2025-02-22T08:38:47Z","timestamp":1740213527000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-540-45248-5_4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2003]]},"ISBN":["9783540408789","9783540452485"],"references-count":39,"URL":"https:\/\/doi.org\/10.1007\/978-3-540-45248-5_4","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2003]]}}}