{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,5]],"date-time":"2024-09-05T04:54:04Z","timestamp":1725512044347},"publisher-location":"Berlin, Heidelberg","reference-count":23,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783540715481"},{"type":"electronic","value":"9783540715498"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"DOI":"10.1007\/978-3-540-71549-8_14","type":"book-chapter","created":{"date-parts":[[2007,6,28]],"date-time":"2007-06-28T05:11:58Z","timestamp":1183007518000},"page":"160-171","source":"Crossref","is-referenced-by-count":4,"title":["Towards Identifying True Threat from Network Security Data"],"prefix":"10.1007","author":[{"given":"Zhi-tang","family":"Li","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jie","family":"Lei","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Li","family":"Wang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Dong","family":"Li","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yang-ming","family":"Ma","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"issue":"4","key":"14_CR1","doi-asserted-by":"publisher","first-page":"571","DOI":"10.1016\/S1389-1286(00)00138-9","volume":"34","author":"S. Manganaris","year":"2000","unstructured":"Manganaris, S., et al.: A data mining analysis of rtid alarms. Computer Networks\u00a034(4), 571\u2013577 (2000)","journal-title":"Computer Networks"},{"key":"14_CR2","doi-asserted-by":"crossref","first-page":"12","DOI":"10.1109\/ACSAC.2001.991517","volume-title":"Proceedings 17th Annual Computer Security Applications Conference","author":"K. Julisch","year":"2001","unstructured":"Julisch, K.: Mining alarm clusters to improve alarm handling efficiency. In: Proceedings 17th Annual Computer Security Applications Conference, New Orleans, LA, USA, pp. 12\u201313. IEEE Computer Society Press, Los Alamitos (2001)"},{"key":"14_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"95","DOI":"10.1007\/3-540-36084-0_6","volume-title":"Recent Advances in Intrusion Detection","author":"P.A. Porras","year":"2002","unstructured":"Porras, P.A., Fong, M.W., Valdes, A.: A mission-impact-based approach to infosec alarm correlation. In: Wespi, A., Vigna, G., Deri, L. (eds.) RAID 2002. LNCS, vol.\u00a02516, p. 95. Springer, Heidelberg (2002)"},{"key":"14_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"54","DOI":"10.1007\/3-540-45474-8_4","volume-title":"Recent Advances in Intrusion Detection","author":"A. Valdes","year":"2001","unstructured":"Valdes, A., Skinner, K.: Probabilistic alert correlation. In: Lee, W., M\u00e9, L., Wespi, A. (eds.) RAID 2001. LNCS, vol.\u00a02212, pp. 54\u201368. Springer, Heidelberg (2001)"},{"key":"14_CR5","doi-asserted-by":"crossref","unstructured":"Cuppens, F.: Managing alerts in a multi-intrusion detection environment. In: Proceedings of the 17th Annual Computer Security Applications Conference, New Orleans, Louisiana (2001)","DOI":"10.1109\/ACSAC.2001.991518"},{"key":"14_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-45474-8_6","volume-title":"Recent Advances in Intrusion Detection","author":"H. Debar","year":"2001","unstructured":"Debar, H., Wespi, A.: Aggregation and correlation of intrusion-detection alerts. In: Lee, W., M\u00e9, L., Wespi, A. (eds.) RAID 2001. LNCS, vol.\u00a02212, Springer, Heidelberg (2001)"},{"key":"14_CR7","doi-asserted-by":"publisher","first-page":"748","DOI":"10.1109\/NAFIPS.2005.1548632","volume-title":"2005 Annual Meeting of the North American Fuzzy Information Processing Society","author":"A. Siraj","year":"2005","unstructured":"Siraj, A., Vaughn, R.B.: Multi-level alert clustering for intrusion detection sensor data. In: 2005 Annual Meeting of the North American Fuzzy Information Processing Society, Detroit, MI, USA, pp. 748\u2013753. IEEE Computer Society Press, Los Alamitos (2005)"},{"key":"14_CR8","first-page":"31","volume-title":"Proceedings New Security Paradigm Workshop","author":"S.J. Templeton","year":"2001","unstructured":"Templeton, S.J., Levitt, K.: A requires\/provides model for computer attacks. In: Proceedings New Security Paradigm Workshop, Ballycotton, Ireland, p. 31. ACM, New York (2001)"},{"issue":"2","key":"14_CR9","doi-asserted-by":"publisher","first-page":"274","DOI":"10.1145\/996943.996947","volume":"7","author":"P. Ning","year":"2004","unstructured":"Ning, P., et al.: Techniques and tools for analyzing intrusion alerts. ACM Transactions on Information and System Security\u00a07(2), 274 (2004)","journal-title":"ACM Transactions on Information and System Security"},{"key":"14_CR10","first-page":"360","volume-title":"Proceedings of the 20th Annual Computer Security Applications Conference","author":"P. Ning","year":"2004","unstructured":"Ning, P., Xu, D.: Alert correlation through triggering events and common resources. In: Proceedings of the 20th Annual Computer Security Applications Conference, Tucson, AZ, USA, pp. 360\u2013361. IEEE Computer Society Press, Los Alamitos (2004)"},{"key":"14_CR11","doi-asserted-by":"publisher","first-page":"202","DOI":"10.1109\/SECPRI.2002.1004372","volume-title":"Proceedings 2002 IEEE Symposium on Security and Privacy","author":"F. Cuppens","year":"2002","unstructured":"Cuppens, F., Miege, A.: Alert correlation in a cooperative intrusion detection framework. In: Proceedings 2002 IEEE Symposium on Security and Privacy, Berkeley, CA, USA, 12\u201315 May 2002, p. 202. IEEE Computer Society Press, Los Alamitos (2002)"},{"key":"14_CR12","series-title":"Lecture Notes in Computer Science","first-page":"73","volume-title":"Recent Advances in Intrusion Detection","author":"W. Lee","year":"2003","unstructured":"Lee, W., Qin, X.: Statistical causality analysis of infosec alert data. In: Vigna, G., Kr\u00fcgel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol.\u00a02820, pp. 73\u201394. Springer, Heidelberg (2003)"},{"key":"14_CR13","unstructured":"Roesch, M.: Snort - lightweight intrusion detection for networks. In: Proceedings of the USENIX LISA 99 Conference (1999)"},{"key":"14_CR14","unstructured":"Sourcefire, I.: Realtime network awareness (2004), \n                      \n                        http:\/\/www.sourcefire.com"},{"key":"14_CR15","unstructured":"Kruegel, C., Robertson, W.: Alert verification: Determining the success of intrusion attempts. In: Proc. First Workshop the Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA 2004) (2004)"},{"key":"14_CR16","unstructured":"Nessus: Nessus vulnerability scanner, \n                      \n                        http:\/\/www.nessus.org\/"},{"key":"14_CR17","unstructured":"Desai, N.: Ids correlation of va data and ids alerts (June 2003), \n                      \n                        http:\/\/www.securityfocus.com\/infocus\/1708"},{"issue":"4","key":"14_CR18","doi-asserted-by":"crossref","first-page":"26","DOI":"10.1016\/S1363-4127(03)00004-9","volume":"8","author":"G. Eschelbeck","year":"2003","unstructured":"Eschelbeck, G., Krieger, M.: Eliminating noise from intrusion detection systems. Information Security Technical Report\u00a08(4), 26 (2003)","journal-title":"Information Security Technical Report"},{"key":"14_CR19","unstructured":"Gula, R.: Correlating ids alerts with vulnerability information. Technical report (Dec. 2002)"},{"key":"14_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"115","DOI":"10.1007\/3-540-36084-0_7","volume-title":"Recent Advances in Intrusion Detection","author":"B. Morin","year":"2002","unstructured":"Morin, B., et al.: M2d2: a formal data model for ids alert correlation. In: Wespi, A., Vigna, G., Deri, L. (eds.) RAID 2002. LNCS, vol.\u00a02516, p. 115. Springer, Heidelberg (2002)"},{"key":"14_CR21","doi-asserted-by":"publisher","first-page":"188","DOI":"10.1109\/IWNAS.2006.11","volume-title":"Proceedings. International Workshop on Networking, Architecture, and Storages","author":"L. Wang","year":"2006","unstructured":"Wang, L., Li, Z.-t., Wang, Q.-h.: A novel technique of recognizing multi-stage attack behaviour. In: Proceedings. International Workshop on Networking, Architecture, and Storages, ShenYang, China, 1-3 Aug. 2006, pp. 188\u2013193. IEEE Computer Society Press, Los Alamitos (2006)"},{"key":"14_CR22","unstructured":"CVE: Common vulnerabilities and exposures, \n                      \n                        http:\/\/www.cve.mitre.org\/"},{"key":"14_CR23","unstructured":"NVD: National vulnerability database, \n                      \n                        http:\/\/nvd.nist.gov\/"}],"container-title":["Lecture Notes in Computer Science","Intelligence and Security Informatics"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-540-71549-8_14.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,11,19]],"date-time":"2020-11-19T00:22:38Z","timestamp":1605745358000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-540-71549-8_14"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[null]]},"ISBN":["9783540715481","9783540715498"],"references-count":23,"URL":"https:\/\/doi.org\/10.1007\/978-3-540-71549-8_14","relation":{},"subject":[]}}