{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,27]],"date-time":"2025-10-27T15:59:47Z","timestamp":1761580787763},"publisher-location":"Berlin, Heidelberg","reference-count":27,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783540408789"},{"type":"electronic","value":"9783540452485"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2003]]},"DOI":"10.1007\/978-3-540-45248-5_5","type":"book-chapter","created":{"date-parts":[[2010,6,28]],"date-time":"2010-06-28T04:40:20Z","timestamp":1277700020000},"page":"73-93","source":"Crossref","is-referenced-by-count":97,"title":["Statistical Causality Analysis of INFOSEC Alert Data"],"prefix":"10.1007","author":[{"given":"Xinzhou","family":"Qin","sequence":"first","affiliation":[]},{"given":"Wenke","family":"Lee","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"5_CR1","doi-asserted-by":"crossref","unstructured":"Cabrera, J.B.D., Lewis, L., Qin, X., Lee, W., Prasanth, R.K., Ravichandran, B., Mehra, R.K.: Proactive detection of distributed denial of service attacks using mib traffic variables - a feasibility study. In: Proceedings of IFIP\/IEEE International Symposium on Integrated Network Management, IM 2001 (May 2001)","DOI":"10.1109\/INM.2001.918069"},{"key":"5_CR2","doi-asserted-by":"crossref","unstructured":"Cabrera, J.B.D., Mehra, R.K.: Extracting precursor rules from time series - a classical statistical viewpoint. In: Proceedings of the Second SIAM International Conference on Data Mining, pp. 213\u2013228, Arlington, VA, USA (April 2002)","DOI":"10.1137\/1.9781611972726.13"},{"key":"5_CR3","doi-asserted-by":"crossref","unstructured":"Cabrera, J.B.D., Lewis, L., Qin, X., Lee, W., Mehra, R.K.: Proactive intrusion detection and distributed denial of service attacks - a case study in security management. Journal of Network and Systems Management\u00a010(2) (June 2002)","DOI":"10.1023\/A:1015910917349"},{"key":"5_CR4","doi-asserted-by":"crossref","unstructured":"Cheung, S., Lindqvist, U., Fong, M.W.: Modeling multistep cyber attacks for scenario recognition. In: Proceedings of the Third DARPA Information Survivability Conference and Exposition (DISCEX III), Washington, D.C. (April 2003)","DOI":"10.1109\/DISCEX.2003.1194892"},{"key":"5_CR5","doi-asserted-by":"crossref","unstructured":"Cuppens, F., Mi\u00e8ge, A.: Alert correlation in a cooperative intrusion detection framework. In: Proceedings of the 2002 IEEE Symposium on Security and Privacy, pp. 202\u2013215, Oakland, CA (May 2002)","DOI":"10.1109\/SECPRI.2002.1004372"},{"key":"5_CR6","unstructured":"DAPRA Cyber Panel Program. DARPA cyber panel program grand challenge problem, GCP (2003), http:\/\/ia.dc.teknowledge.com\/CyP\/GCP\/"},{"key":"5_CR7","doi-asserted-by":"crossref","unstructured":"Debar, H., Wespi, A.: The intrusion-detection console correlation mechanism. In: 4th International Symposium on Recent Advances in Intrusion Detection (RAID) (October 2001)","DOI":"10.1007\/3-540-45474-8_6"},{"key":"5_CR8","unstructured":"DEFCON. Def con capture the flag (ctf) contest (2000), http:\/\/www.defcon.org Archive accessible at http:\/\/wi2600.org\/mediawhore\/mirrors\/shmoo\/"},{"key":"5_CR9","unstructured":"DEFCON. Def con capture the flag (ctf) contest, http:\/\/www.defcon.org (2001), Archive accessible at http:\/\/smokeping.planetmirror.com\/pub\/cctf\/defcon9\/"},{"key":"5_CR10","unstructured":"Goldman, R.P., Heimerdinger, W., Harp, S.A.: Information modleing for intrusion report aggregation. In: DARPA Information Survivability Conference and Exposition (DISCEX II) (June 2001)"},{"key":"5_CR11","doi-asserted-by":"publisher","first-page":"424","DOI":"10.2307\/1912791","volume":"34","author":"C.W.J. Granger","year":"1969","unstructured":"Granger, C.W.J.: Investigating causal relations by econometric methods and crossspectral methods. Econometrica\u00a034, 424\u2013428 (1969)","journal-title":"Econometrica"},{"key":"5_CR12","unstructured":"IETF Intrusion Detection Working Group. Intrusion detection message exchange format (2002), http:\/\/www.ietf.org\/internet-drafts\/draft-ietf-idwg-idmef-xml-09.txt"},{"key":"5_CR13","doi-asserted-by":"crossref","unstructured":"Haines, J., Ryder, D.K., Tinnel, L., Taylor, S.: Validation of sensor alert correlators. IEEE Security & Privacy Magazine (January\/February 2003)","DOI":"10.1109\/MSECP.2003.1176995"},{"key":"5_CR14","doi-asserted-by":"crossref","DOI":"10.1515\/9780691218632","volume-title":"Time Series Analysis","author":"J. Hamilton","year":"1994","unstructured":"Hamilton, J.: Time Series Analysis. Princeton University Press, Princeton (1994)"},{"key":"5_CR15","unstructured":"Hayter, A.J.: Probability and Statistics for Engineers and Scientists. Duxbury Press (2002)"},{"key":"5_CR16","doi-asserted-by":"crossref","unstructured":"Jakobson, G., Weissman, M.D.: Alarm correlation. IEEE Network Magazine (November 1993)","DOI":"10.1109\/65.244794"},{"key":"5_CR17","doi-asserted-by":"crossref","unstructured":"Julisch, K., Dacier, M.: Mining intrusion detection alarms for actionable knowledge. In: The 8th ACM International Conference on Knowledge Discovery and Data Mining (July 2002)","DOI":"10.1145\/775047.775101"},{"key":"5_CR18","doi-asserted-by":"crossref","unstructured":"Kliger, S., Yemini, S., Yemini, Y., Oshie, D., Stolfo, S.: A coding approach to event correlations. In: Proceedings of the 6th IFIP\/IEEE International Symposium on Integrated Network Management (May 1995)","DOI":"10.1007\/978-0-387-34890-2_24"},{"key":"5_CR19","unstructured":"Lewis, L.: A case-based reasoning approach to the management of faults in communication networks. In: Proceedings of the IEEE INFOCOM (1993)"},{"key":"5_CR20","doi-asserted-by":"publisher","first-page":"297","DOI":"10.1093\/biomet\/65.2.297","volume":"65","author":"G.M. Ljung","year":"1978","unstructured":"Ljung, G.M., Box, G.E.P.: On a measure of lack of fit in time series models. Biometrika\u00a065, 297\u2013303 (1978)","journal-title":"Biometrika"},{"key":"5_CR21","doi-asserted-by":"crossref","unstructured":"Ning, P., Cui, Y., Reeves, D.S.: Analyzing intensive intrusion alerts via correlation. In: Proceedings of the 5th International Symposium on Recent Advances in Intrusion Detection (RAID) (October 2002)","DOI":"10.1007\/3-540-36084-0_5"},{"key":"5_CR22","doi-asserted-by":"crossref","unstructured":"Ning, P., Cui, Y., Reeves, D.S.: Constructing attack scenarios through correlation of intrusion alerts. In: 9th ACM Conference on Computer and Communications Security (November 2002)","DOI":"10.1145\/586110.586144"},{"key":"5_CR23","doi-asserted-by":"crossref","unstructured":"Nygate, Y.A.: Event correlation using rule and object based techniques. In: Proceedings of the 6th IFIP\/IEEE International Symposium on Integrated Network Management (May 1995)","DOI":"10.1007\/978-0-387-34890-2_25"},{"key":"5_CR24","volume-title":"Probabilistic Reasoning in Intelligent Systems: Networks of Plausible Inference","author":"J. Pearl","year":"1988","unstructured":"Pearl, J.: Probabilistic Reasoning in Intelligent Systems: Networks of Plausible Inference. Morgan Kaufmann Publishers, Inc., San Francisco (1988)"},{"key":"5_CR25","doi-asserted-by":"crossref","unstructured":"Porras, P.A., Fong, M.W., Valdes, A.: A Mission-Impact-Based approach to INFOSEC alarm correlation. In: Proceedings of the 5th International Symposium on Recent Advances in Intrusion Detection (RAID) (October 2002)","DOI":"10.1007\/3-540-36084-0_6"},{"key":"5_CR26","volume-title":"SNMP, SNMPv2, SNMPv3, and RMON 1 and 2.","author":"W. Stallings","year":"1999","unstructured":"Stallings, W.: SNMP, SNMPv2, SNMPv3, and RMON 1 and 2. Addison-Wesley, Reading (1999)"},{"key":"5_CR27","doi-asserted-by":"crossref","unstructured":"Valdes, A., Skinner, K.: Probabilistic alert correlation. In: Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection (RAID) (October 2001)","DOI":"10.1007\/3-540-45474-8_4"}],"container-title":["Lecture Notes in Computer Science","Recent Advances in Intrusion Detection"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-540-45248-5_5","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,10,30]],"date-time":"2021-10-30T07:17:36Z","timestamp":1635578256000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-540-45248-5_5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2003]]},"ISBN":["9783540408789","9783540452485"],"references-count":27,"URL":"https:\/\/doi.org\/10.1007\/978-3-540-45248-5_5","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2003]]}}}