{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,13]],"date-time":"2026-03-13T13:44:58Z","timestamp":1773409498673,"version":"3.50.1"},"publisher-location":"Berlin, Heidelberg","reference-count":49,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783540408789","type":"print"},{"value":"9783540452485","type":"electronic"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2003]]},"DOI":"10.1007\/978-3-540-45248-5_7","type":"book-chapter","created":{"date-parts":[[2010,6,28]],"date-time":"2010-06-28T04:40:20Z","timestamp":1277700020000},"page":"113-135","source":"Crossref","is-referenced-by-count":92,"title":["Modeling Computer Attacks: An Ontology for Intrusion Detection"],"prefix":"10.1007","author":[{"given":"Jeffrey","family":"Undercoffer","sequence":"first","affiliation":[]},{"given":"Anupam","family":"Joshi","sequence":"additional","affiliation":[]},{"given":"John","family":"Pinkston","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"7_CR1","doi-asserted-by":"crossref","unstructured":"Allen, J., Christie, A., Fithen, W., McHugh, J., Pickel, J., Stoner, E.: State of the Practice of Intrusion Detection Technologies. Technical Report 99tr028, Carnegie Mellon - Software Engineering Institute (2000)","DOI":"10.21236\/ADA375846"},{"key":"7_CR2","volume-title":"Fundamentals of Computer Security Technology","author":"E.G. Amoroso","year":"1994","unstructured":"Amoroso, E.G.: Fundamentals of Computer Security Technology. Prentice-Hall PTR, Englewood Cliffs (1994)"},{"key":"7_CR3","unstructured":"Aslam, T., Krusl, I., Spafford, E.: Use of a Taxonomy of Security Faults. In: Proceedings of the 19th National Information Systems Security Conference (October 1996)"},{"key":"7_CR4","unstructured":"Brickley, D., Guha, R.: RDF Vocabulary Description Language 1.0: RDF Schema (2003), http:\/\/www.w3c.org\/TR\/rdf-schema\/"},{"key":"7_CR5","unstructured":"Mahalanobis, P.C.: On Tests and Meassures of Groups Divergence. International Journal of the Asiatic Society of Bengal (1930)"},{"key":"7_CR6","unstructured":"Curry, D., Debar, H.: Intrusion detection message exchange format data model and extensible markup language (xml) document type definition (January 2003), http:\/\/www.ietf.org\/internetdrafts\/draft-ietf-idwg-idmef-xml-10.txt"},{"issue":"1","key":"7_CR7","first-page":"17","volume":"14","author":"R. Davis","year":"1993","unstructured":"Davis, R., Shrobe, H., Szolovits, P.: What is Knowledge Representation? AI Magazine\u00a014(1), 17\u201333 (1993)","journal-title":"AI Magazine"},{"key":"7_CR8","unstructured":"Doyle, J., Kohane, I., Long, W., Shrobe, H., Szolovits, P.: Event Recognition Beyond Signature and Anomaly. In: 2nd IEEE-SMC Information Assurance Workshop (June 2001)"},{"issue":"1\/2","key":"7_CR9","doi-asserted-by":"crossref","first-page":"71","DOI":"10.3233\/JCS-2002-101-204","volume":"10","author":"S. Eckmann","year":"2002","unstructured":"Eckmann, S., Vigna, G., Kemmerer, R.: STATL: An Attack Language for State-based Intrusion Detection. Journal of Computer Security\u00a010(1\/2), 71\u2013104 (2002)","journal-title":"Journal of Computer Security"},{"key":"7_CR10","unstructured":"Feiertag, R., Kahn, C., Porras, P., Schackenberg, D., Staniford-Chen, S., Tung, B.: A Common Intrusion Specification Language (June 1999), http:\/\/www.isi.edu\/brian\/cidf\/drafts\/language.txt"},{"key":"7_CR11","unstructured":"Fikes, R., McGuinness, D.L.: An Axiomatic Semantics for RDF, RDF-S, and DAML+OIL (December 2001), http:\/\/www.w3.org\/TR\/daml+oil-axioms"},{"key":"7_CR12","unstructured":"Frank, G., Jenkins, J., Fikes, R.: JTP: An Object Oriented Modular Reasoning System, http:\/\/kst.stanford.edu\/software\/jtp"},{"key":"7_CR13","unstructured":"Friedman-Hill, E.J.: Jess. The Java Expert System Shell (November 1977), http:\/\/herzberg.ca.sandia.gov\/jess\/docs\/52\/"},{"key":"7_CR14","doi-asserted-by":"crossref","unstructured":"Glass, R.L., Vessey, I.: Contemporary Application-Domain Taxonomies. IEEE Software, 63\u201376 (July 1995)","DOI":"10.1109\/52.391837"},{"key":"7_CR15","volume-title":"Matrix Computations","author":"G. Golub","year":"1989","unstructured":"Golub, G., Loan, C.: Matrix Computations. The Johns Hopkins University Press, Baltimore (1989)"},{"key":"7_CR16","unstructured":"Goubault-Larrecq, J.: An Introduction to LogWeaver (v2.8) (September 2001), http:\/\/www.lsv.ens-cachan.fr\/goubault\/DICO\/tutorial.pdf"},{"issue":"2","key":"7_CR17","doi-asserted-by":"publisher","first-page":"199","DOI":"10.1006\/knac.1993.1008","volume":"5","author":"T.F. Gruber","year":"1993","unstructured":"Gruber, T.F.: A Translation Approach to Portable Ontologies. Knowledge Acquisition\u00a05(2), 199\u2013220 (1993)","journal-title":"Knowledge Acquisition"},{"key":"7_CR18","first-page":"40","volume-title":"IEEE Networks","author":"B. Guha","year":"1997","unstructured":"Guha, B., Mukherjee, B.: Network Security via Reverse Engineering of TCP Code: Vulnerability Analysis and Proposed Solutions. In: IEEE Networks, July\/August 1997, pp. 40\u201348. IEEE, Los Alamitos (1997)"},{"key":"7_CR19","unstructured":"Haarslev, V., Moller, R.: RACER: Renamed ABox and Concept Expression Reasone (June 2001), http:\/\/www.cs.concordia.ca\/faculty\/haarslev\/racer\/index.html"},{"key":"7_CR20","doi-asserted-by":"publisher","first-page":"77","DOI":"10.1109\/DISCEX.2001.932194","volume-title":"DARPA Information Survivability Conference and Exposition II","author":"J.W. Haines","year":"2001","unstructured":"Haines, J.W., Rossey, L.M., Lippman, R.P., Cunningham, R.K.: Extending the DARPA Off-Line Intrusion Detection Evaluations. In: DARPA Information Survivability Conference and Exposition II, vol.\u00a01, pp. 77\u201388. IEEE, Los Alamitos (2001)"},{"key":"7_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","DOI":"10.1007\/10721959_39","volume-title":"Automated Deduction - CADE-17","author":"I. Horrocks","year":"2000","unstructured":"Horrocks, I., Sattler, U., Tobies, S.: Reasoning with Individuals for the Description Logic SHIQ. In: McAllester, D. (ed.) CADE 2000. LNCS, vol.\u00a01831, Springer, Heidelberg (2000)"},{"key":"7_CR22","unstructured":"Hendler, J.: DARPA Agent Markup Language+Ontology Interface Layer (2001), http:\/\/www.daml.org\/2001\/03\/daml+oil-index"},{"key":"7_CR23","unstructured":"Joshi, A., Undercoffer, J.: On web semantics and data mining: Intrusion detection as a case study. In: Proceedings of the National Science Foundation Workshop on Next Generation Data Mining (2002)"},{"key":"7_CR24","unstructured":"Kahn, C., Bolinger, D., Schackenberg, D.: Communication in the Common Intrusion Detection Framework v 0.7 (June 1998), http:\/\/www.isi.edu\/brian\/cidf\/drafts\/communication.txt"},{"key":"7_CR25","doi-asserted-by":"crossref","unstructured":"Kemmerer, R.A., Vigna, G.: Intrusion Detection: A Brief History and Overview. Security and Privacy a Supplement to IEEE Computer Magazine, 27\u201330 (April 2002)","DOI":"10.1109\/MC.2002.1012428"},{"key":"7_CR26","unstructured":"Kendall, K.: A Database of Computer Attacks for the Evaluation of Intrusion Detection Systems. Master\u2019s thesis, MIT (1999)"},{"key":"7_CR27","first-page":"580","volume-title":"Proceedings of the Fifteenth National Conference on Artifical Intelligence","author":"D. Koller","year":"1998","unstructured":"Koller, D., Pfeffer, A.: Probabilistic Frame-Based Systems. In: Proceedings of the Fifteenth National Conference on Artifical Intelligence, Madison, Wisconsin, July 1998, pp. 580\u2013587. AAAI, Menlo Park (1998)"},{"key":"7_CR28","unstructured":"Kopena, J.: DAMLJessKB (October 2002), http:\/\/edge.mcs.drexel.edu\/assemblies\/software\/damljesskb\/articles\/DAMLJessKB-2002.pdf"},{"key":"7_CR29","doi-asserted-by":"crossref","unstructured":"Krishnapuram, R., Joshi, A., Nasraoui, O., Yi, L.: Low-Complexity Fuzzy Relational Clustering Algorithms forWeb Mining. IEEE transactions on Fuzzy Systems\u00a09 ( August 2001)","DOI":"10.1109\/91.940971"},{"key":"7_CR30","unstructured":"Krusl, I.: Software Vulnerability Analysis. PhD thesis, Purdue (1998)"},{"issue":"3","key":"7_CR31","doi-asserted-by":"publisher","first-page":"211","DOI":"10.1145\/185403.185412","volume":"26","author":"C.E. Landwehr","year":"1994","unstructured":"Landwehr, C.E., Bull, A.R., McDermott, J.P., Choi, W.S.: A Taxonomy of Computer Program Security Flaws. ACM Computing Surveys\u00a026(3), 211\u2013254 (1994)","journal-title":"ACM Computing Surveys"},{"key":"7_CR32","unstructured":"Lassila, O., Swick, R.R.: Resource Description Framework (RDF) Model and Syntax Specification (February 1999), http:\/\/www.w3.org\/TR\/1999\/REC-rdf-syntax-19990222\/"},{"key":"7_CR33","doi-asserted-by":"crossref","unstructured":"Lindqvist, U., Jonsson, E.: How to Systematically Classify Computer Security Intrusions. In: Proceedings of the 1997 IEEE Symposium on Security and Privacy, May 1997, pp. 154 \u2013 163 (1997)","DOI":"10.1109\/SECPRI.1997.601330"},{"key":"7_CR34","first-page":"146","volume-title":"Proceedings of the 1999 IEEE Symposium on Security and Privacy","author":"U. Lindqvist","year":"1999","unstructured":"Lindqvist, U., Porras, P.A.: Detecting computer and network misuse through the productionbased system toolset (p-best). In: Proceedings of the 1999 IEEE Symposium on Security and Privacy, May 1999, pp. 146\u2013161. IEEE, Los Alamitos (1999)"},{"key":"7_CR35","doi-asserted-by":"crossref","unstructured":"Lippmann, R., Fried, D., Graf, I., Haines, J., Kendall, K., McClung, D., Weber, D., Webster, S., Wyschogrod, D., Cunningham, R., Zissman, M.: Evaluating Intrusion Detection Systems: The 1998 DARPA Off-line Intrusion Detection Evaluation. In: Proceedings of the DARPA Information Survivability Conference and Exposition, pp. 12\u201326 (2000)","DOI":"10.1109\/DISCEX.2000.821506"},{"key":"7_CR36","doi-asserted-by":"crossref","unstructured":"McHugh, J.: Testing Intrusion Detection Systems: A Critique of the 1998 and 1999 DARPA Intrusion Detection System Evaluations as Performed by Lincoln Laboratory. ACM Transactions on Information and System Security (November 2000)","DOI":"10.1145\/382912.382923"},{"issue":"4","key":"7_CR37","doi-asserted-by":"publisher","first-page":"407","DOI":"10.1145\/503339.503342","volume":"4","author":"P. Ning","year":"2001","unstructured":"Ning, P., Jajodia, S., Wang, X.S.: Abstraction-Based Intrusion in Distributed Environments. ACM Transactions on Information and Systems Security\u00a04(4), 407\u2013452 (2001)","journal-title":"ACM Transactions on Information and Systems Security"},{"key":"7_CR38","unstructured":"Noy, N.F., McGuinnes, D.L.: Ontology development 101: A guide to creating your fisrt ontology. Stanford University"},{"key":"7_CR39","unstructured":"Paxson, V.: Bro: A system for Detecting Network Intruders in Real Time. In: Proceedings of the 7th Symposium on USENIX Security (1998)"},{"key":"7_CR40","doi-asserted-by":"publisher","first-page":"53","DOI":"10.1145\/508171.508180","volume-title":"Proceedings of NSPW-2001","author":"V. Raskin","year":"2001","unstructured":"Raskin, V., Hempelmann, C.F., Triezenberg, K.E., Nirenburg, S.: Ontology in Information Security: A Useful Theoretical Foundation and Methodological Tool. In: Proceedings of NSPW-2001, pp. 53\u201359. ACM, New York (2001)"},{"key":"7_CR41","unstructured":"Roesch. M.: Snort, version 1.8.3. an open source NIDS (August 2001), availble via www.snort.org"},{"key":"7_CR42","doi-asserted-by":"crossref","unstructured":"Roger, M., Goubault-Larrecq, J.: Log Auditing through Model Checking. In: Proceedings of 14th the IEEE Computer Security Foundations Workshop (CSFW 2001), pp. 220\u2013236 (2001)","DOI":"10.1109\/CSFW.2001.930148"},{"key":"7_CR43","unstructured":"Staab, S., Maedche, A.: Ontology Engineering Beyond the Modeling of Concepts and Relations. In: Proceedings of the 14th European Congress on Artificial Intelligence (2000)"},{"key":"7_CR44","unstructured":"Sumpson, G.G.: Principals of Animal Taxonomy. Columbia University Press (1961)"},{"issue":"2","key":"7_CR45","doi-asserted-by":"publisher","first-page":"113","DOI":"10.1023\/A:1022224912300","volume":"8","author":"J. Undercoffer","year":"2003","unstructured":"Undercoffer, J., Perich, F., Cedilnik, A., Kagal, L., Joshi, A.: A Secure Infrastructure for Service Discovery and Access in Pervasive Computing. Mobile Networks and Applications: Special Issue on Security\u00a08(2), 113\u2013126 (2003)","journal-title":"Mobile Networks and Applications: Special Issue on Security"},{"key":"7_CR46","unstructured":"Undercoffer, J., Pinkston, J.: An Empirical Analysis of Computer Attacks and Intrusions. Technical Report TR-CS-03-11, University of Maryland, Baltimore County (2002)"},{"key":"7_CR47","unstructured":"W3C. Extensible Markup Language (2003), http:\/\/www.w3c.org\/XML\/"},{"key":"7_CR48","unstructured":"WEBSTERS. (ed.) Merriam-Webster\u2019s Collegiate Dictionary. Merriam-Webster, Inc., tenth edition (1993)"},{"key":"7_CR49","unstructured":"Welty, C.: Towards a Semantics for the Web (2000), www.cs.vassar.edu\/faculty\/welty\/papers\/dagstuhl-2000.pdf"}],"container-title":["Lecture Notes in Computer Science","Recent Advances in Intrusion Detection"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-540-45248-5_7","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,2,22]],"date-time":"2025-02-22T08:38:59Z","timestamp":1740213539000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-540-45248-5_7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2003]]},"ISBN":["9783540408789","9783540452485"],"references-count":49,"URL":"https:\/\/doi.org\/10.1007\/978-3-540-45248-5_7","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2003]]}}}