{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,10]],"date-time":"2025-09-10T22:48:18Z","timestamp":1757544498519,"version":"3.40.3"},"publisher-location":"Berlin, Heidelberg","reference-count":16,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783540688211"},{"type":"electronic","value":"9783540688259"}],"license":[{"start":{"date-parts":[[2008,1,1]],"date-time":"2008-01-01T00:00:00Z","timestamp":1199145600000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2008]]},"DOI":"10.1007\/978-3-540-68825-9_29","type":"book-chapter","created":{"date-parts":[[2008,5,19]],"date-time":"2008-05-19T08:05:55Z","timestamp":1211184355000},"page":"308-319","source":"Crossref","is-referenced-by-count":25,"title":["Using Unsupervised Learning for Network Alert Correlation"],"prefix":"10.1007","author":[{"given":"Reuben","family":"Smith","sequence":"first","affiliation":[]},{"given":"Nathalie","family":"Japkowicz","sequence":"additional","affiliation":[]},{"given":"Maxwell","family":"Dondo","sequence":"additional","affiliation":[]},{"given":"Peter","family":"Mason","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"29_CR1","unstructured":"Northcutt, S., et\u00a0al.: SHADOW: Second heuristic analysis for defensive online warfare"},{"key":"29_CR2","unstructured":"Danyliw, R.: ACID: Analysis console for intrusion detections"},{"key":"29_CR3","doi-asserted-by":"crossref","unstructured":"Haines, J., Ryder, D.K., Tinnel, L., Taylor, S.: Validation of sensor alert correlators. IEEE Security and Privacy, 46\u201356 (2003)","DOI":"10.1109\/MSECP.2003.1176995"},{"key":"29_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"54","DOI":"10.1007\/3-540-45474-8_4","volume-title":"Recent Advances in Intrusion Detection","author":"A. Valdes","year":"2001","unstructured":"Valdes, A., Skinner, K.: Probabilistic alert correlation. In: Lee, W., M\u00e9, L., Wespi, A. (eds.) RAID 2001. LNCS, vol.\u00a02212, pp. 54\u201368. Springer, Heidelberg (2001)"},{"key":"29_CR5","unstructured":"H\u00e4t\u00e4l\u00e4, A., S\u00e4rs, C., Addams-Moring, R., Virtanen, T.: Event data exchange and intrusion alert correlation in heterogeneous networks. In: Proceedings of the 8th Colloquium for Information Systems Security Education (CISSE), Westpoint, NY, CISSE, June 2004, pp. 84\u201392 (2004)"},{"key":"29_CR6","unstructured":"Smith, R., Japkowicz, N., Dondo, M.: Clustering using an autoassociator: A case study in network event correlation. In: Proceedings of the 17th IASTED International Conference on Parallel and Distributed Computing and Systems, Phoenix, AZ, November 2005, pp. 613\u2013618. ACTA Press (2005)"},{"key":"29_CR7","unstructured":"Japkowicz, N., Smith, R.: Autocorrel ii: Unsupervised network event correlation using neural networks. Contractor Report CR 2005-155, DRDC Ottawa, Ottawa, ON (October 2005)"},{"key":"29_CR8","doi-asserted-by":"publisher","first-page":"366","DOI":"10.1145\/775047.775101","volume-title":"Proceedings of SIGKDD 2002, the 8th International Conference on Knowledge Discovery and Data Mining, Edmonton","author":"K. Julisch","year":"2002","unstructured":"Julisch, K., Dacier, M.: Mining intrusion detection alarms for actionable knowledge. In: Proceedings of SIGKDD 2002, the 8th International Conference on Knowledge Discovery and Data Mining, Edmonton, Alberta, Canada, July 2002, pp. 366\u2013375. ACM Press, New York (2002)"},{"key":"29_CR9","first-page":"1","volume-title":"Proceedings of the 2001 ACM Workshop on Data Mining for Security Applications","author":"O. Dain","year":"2001","unstructured":"Dain, O., Cunningham, R.K.: Fusing a heterogeneous alert stream into scenarios. In: Proceedings of the 2001 ACM Workshop on Data Mining for Security Applications, Philadelphia, PA, November 2001, pp. 1\u201313. ACM Press, New York (2001)"},{"key":"29_CR10","doi-asserted-by":"publisher","first-page":"412","DOI":"10.1145\/967900.967988","volume-title":"Proceedings of the 2004 ACM Symposium on Applied Computing","author":"S. Zanero","year":"2004","unstructured":"Zanero, S., Savaresi, S.M.: Unsupervised learning techniques for an intrusion detection system. In: Proceedings of the 2004 ACM Symposium on Applied Computing, Nicosia, Cyprus, pp. 412\u2013419. ACM, New York (2004)"},{"key":"29_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"50","DOI":"10.1007\/11553595_6","volume-title":"Image Analysis and Processing \u2013 ICIAP 2005","author":"P. Laskov","year":"2005","unstructured":"Laskov, P., Dussel, P., Rieck, C.S.: Learning intrusion detection: Supervised or unsupervised? In: Roli, F., Vitulano, S. (eds.) ICIAP 2005. LNCS, vol.\u00a03617, pp. 50\u201357. Springer, Heidelberg (2005)"},{"issue":"1","key":"29_CR12","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1111\/j.2517-6161.1977.tb01600.x","volume":"39","author":"A. Dempster","year":"1977","unstructured":"Dempster, A., Laird, N., Rubin, D.: Maximum likelihood from incoming data via the EM algorithm. J. Royal Stat. Soc., Series B\u00a039(1), 1\u201336 (1977)","journal-title":"J. Royal Stat. Soc., Series B"},{"key":"29_CR13","series-title":"Springer Series in Information Sciences","doi-asserted-by":"crossref","DOI":"10.1007\/978-3-642-97610-0","volume-title":"Self-Organizing Maps","author":"T. Kohonen","year":"1995","unstructured":"Kohonen, T.: Self-Organizing Maps. Springer Series in Information Sciences, vol.\u00a030. Springer, Berlin (1995); (Second Extended Edition 1997)"},{"key":"29_CR14","unstructured":"Roesch, M.: Snort\u2014lightweight intrusion detection for networks. In: Proceedings of LISA 1999: 13th Systems Administration Conference, Seattle, Washington, November 7\u201312, 1999, pp. 229\u2013238. The USENIX Association (1999)"},{"issue":"4","key":"29_CR15","doi-asserted-by":"publisher","first-page":"579","DOI":"10.1016\/S1389-1286(00)00139-0","volume":"34","author":"R. Lippmann","year":"2000","unstructured":"Lippmann, R., Haines, J.W., Fried, D.J., Korba, J., Das, K.: The 1999 darpa off-line intrusion detection evaluation. Computer Networks\u00a034(4), 579\u2013595 (2000)","journal-title":"Computer Networks"},{"key":"29_CR16","volume-title":"Network Intrusion Detection: An Analyst\u2019s Handbook","author":"S. Northcutt","year":"1999","unstructured":"Northcutt, S.: Network Intrusion Detection: An Analyst\u2019s Handbook. New Riders Publishing, Indianapolis (1999)"}],"container-title":["Lecture Notes in Computer Science","Advances in Artificial Intelligence"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-540-68825-9_29","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,1,30]],"date-time":"2025-01-30T10:07:35Z","timestamp":1738231655000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-540-68825-9_29"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2008]]},"ISBN":["9783540688211","9783540688259"],"references-count":16,"URL":"https:\/\/doi.org\/10.1007\/978-3-540-68825-9_29","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2008]]}}}