{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T12:10:09Z","timestamp":1763467809183},"publisher-location":"Berlin, Heidelberg","reference-count":36,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783540743194"},{"type":"electronic","value":"9783540743200"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"DOI":"10.1007\/978-3-540-74320-0_4","type":"book-chapter","created":{"date-parts":[[2007,8,16]],"date-time":"2007-08-16T13:47:48Z","timestamp":1187272068000},"page":"63-86","source":"Crossref","is-referenced-by-count":53,"title":["Swaddler: An Approach for the Anomaly-Based Detection of State Violations in Web Applications"],"prefix":"10.1007","author":[{"given":"Marco","family":"Cova","sequence":"first","affiliation":[]},{"given":"Davide","family":"Balzarotti","sequence":"additional","affiliation":[]},{"given":"Viktoria","family":"Felmetsger","sequence":"additional","affiliation":[]},{"given":"Giovanni","family":"Vigna","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"4_CR1","volume-title":"Compilers: Principles, Techniques, and Tools","author":"A.V. Aho","year":"1986","unstructured":"Aho, A.V., Sethi, R., Ullman, J.: Compilers: Principles, Techniques, and Tools. Addison-Wesley Longman Publishing Co., Inc., Redwood City,CA, USA (1986)"},{"key":"4_CR2","unstructured":"Almgren, M., Debar, H., Dacier, M.: A Lightweight Tool for Detecting Web Server Attacks. In: Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, CA (February 2000)"},{"key":"4_CR3","volume-title":"Probability and Measure","author":"P. Billingsley","year":"1995","unstructured":"Billingsley, P.: Probability and Measure, 3rd edn. Wiley-Interscience, Chichester (April 1995)","edition":"3"},{"issue":"2","key":"4_CR4","doi-asserted-by":"publisher","first-page":"222","DOI":"10.1109\/TSE.1987.232894","volume":"13","author":"D. Denning","year":"1987","unstructured":"Denning, D.: An Intrusion Detection Model. IEEE Transactions on Software Engineering\u00a013(2), 222\u2013232 (1987)","journal-title":"IEEE Transactions on Software Engineering"},{"issue":"2","key":"4_CR5","doi-asserted-by":"crossref","first-page":"99","DOI":"10.1109\/32.908957","volume":"27","author":"M.D. Ernst","year":"2001","unstructured":"Ernst, M.D., Cockrell, J., Griswold, W.G., Notkin, D.: Dynamically discovering likely program invariants to support program evolution. IEEE Transactions on Software Engineering\u00a027(2), 99\u2013123 (2001) (A previous version appeared in ICSE 1999, Proceedings of the 21st International Conference on Software Engineering, pp. 213\u2013224, Los Angeles, CA, USA (May\u00a019\u201321, 1999)","journal-title":"IEEE Transactions on Software Engineering"},{"key":"4_CR6","doi-asserted-by":"crossref","unstructured":"Ernst, M.D., Perkins, J.H., Guo, P.J., McCamant, S., Pacheco, C., Tschantz, M.S., Xiao, C.: The Daikon system for dynamic detection of likely invariants. Science of Computer Programming (2007)","DOI":"10.1016\/j.scico.2007.01.015"},{"key":"4_CR7","volume-title":"Proceedings of the IEEE Symposium on Security and Privacy","author":"H. Feng","year":"2004","unstructured":"Feng, H., Giffin, J., Huang, Y., Jha, S., Lee, W., Miller, B.: Formalizing Sensitivity in Static Analysis for Intrusion Detection. In: Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, May 2004, IEEE Computer Society Press, Los Alamitos (2004)"},{"key":"4_CR8","volume-title":"Proceedings of the IEEE Symposium on Security and Privacy","author":"H. Feng","year":"2003","unstructured":"Feng, H., Kolesnikov, O., Fogla, P., Lee, W., Gong, W.: Anomaly Detection Using Call Stack Information. In: Proceedings of the IEEE Symposium on Security and Privacy, May 2003, IEEE Computer Society Press, Los Alamitos (2003)"},{"key":"4_CR9","first-page":"120","volume-title":"Proceedings of the IEEE Symposium on Security and Privacy","author":"S. Forrest","year":"1996","unstructured":"Forrest, S.: A Sense of Self for UNIX Processes. In: Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, May 1996, pp. 120\u2013128. IEEE Computer Society Press, Los Alamitos (1996)"},{"key":"4_CR10","doi-asserted-by":"publisher","first-page":"318","DOI":"10.1145\/1030083.1030126","volume-title":"Proceedings of the 11th ACM Conference on Computer and Communication Security (CCS)","author":"D. Gao","year":"2004","unstructured":"Gao, D., Reiter, M., Song, D.: Gray-Box Extraction of Execution Graphs for Anomaly Detection. In: Proceedings of the 11th ACM Conference on Computer and Communication Security (CCS), Washington, DC, USA, October 2004, pp. 318\u2013329. ACM Press, New York (2004)"},{"key":"4_CR11","doi-asserted-by":"crossref","unstructured":"Ghosh, A., Wanken, J., Charron, F.: Detecting Anomalous and Unknown Intrusions Against Programs. In: Proceedings of the Annual Computer Security Application Conference (ACSAC 1998), Scottsdale, AZ, December 1998, pp. 259\u2013267 (1998)","DOI":"10.1109\/CSAC.1998.738646"},{"key":"4_CR12","unstructured":"Giffin, J., Jha, S., Miller, B.: Efficient Context-Sensitive Intrusion Detection. In: Proceedings of 11th Network an Distributed System Security Symposium, San Diego, California (February 2004)"},{"key":"4_CR13","doi-asserted-by":"crossref","unstructured":"Halfond, W., Orso, A.: AMNESIA: Analysis and Monitoring for NEutralizing SQL-Injection Attacks. In: Proceedings of the International Conference on Automated Software Engineering (ASE 2005), November 2005, pp. 174\u2013183 (2005)","DOI":"10.1145\/1101908.1101935"},{"key":"4_CR14","volume-title":"Proceedings of the IEEE Symposium on Security and Privacy","author":"H.S. Javitz","year":"1991","unstructured":"Javitz, H.S., Valdes, A.: The SRI IDES Statistical Anomaly Detector. In: Proceedings of the IEEE Symposium on Security and Privacy, May 1991, IEEE Computer Society Press, Los Alamitos (1991)"},{"key":"4_CR15","volume-title":"Proceedings of the IEEE Symposium on Security and Privacy","author":"N. Jovanovic","year":"2006","unstructured":"Jovanovic, N., Kruegel, C., Kirda, E.: Pixy: A Static Analysis Tool for Detecting Web Application Vulnerabilities. In: Proceedings of the IEEE Symposium on Security and Privacy, May 2006, IEEE Computer Society Press, Los Alamitos (2006)"},{"key":"4_CR16","unstructured":"KDE Project: KDE HTML widget, \n                    \n                      http:\/\/api.kde.org\/3.5-api\/kdelibs-apidocs\/khtml\/html\/"},{"key":"4_CR17","first-page":"175","volume-title":"Proceedings of the 1997 IEEE Symposium on Security and Privacy","author":"C. Ko","year":"1997","unstructured":"Ko, C., Ruschitzka, M., Levitt, K.: Execution Monitoring of Security-Critical Programs in Distributed Systems: A Specification-based Approach. In: Proceedings of the 1997 IEEE Symposium on Security and Privacy, Oakland, CA, May 1997, pp. 175\u2013187. IEEE Computer Society Press, Los Alamitos (1997)"},{"key":"4_CR18","series-title":"Lecture Notes in Computer Science","volume-title":"Advances in Computer Systems Architecture","author":"C. Kruegel","year":"2003","unstructured":"Kruegel, C., Mutz, D., Robertson, W., Valeur, F.: Bayesian Event Classification for Intrusion Detection. In: Omondi, A.R., Sedukhin, S. (eds.) ACSAC 2003. LNCS, vol.\u00a02823, Springer, Heidelberg (2003)"},{"key":"4_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"326","DOI":"10.1007\/978-3-540-39650-5_19","volume-title":"Computer Security \u2013 ESORICS 2003","author":"C. Kruegel","year":"2003","unstructured":"Kruegel, C., Mutz, D., Valeur, F., Vigna, G.: On the Detection of Anomalous System Call Arguments. In: Snekkenes, E., Gollmann, D. (eds.) ESORICS 2003. LNCS, vol.\u00a02808, pp. 326\u2013343. Springer, Heidelberg (2003)"},{"key":"4_CR20","doi-asserted-by":"publisher","first-page":"251","DOI":"10.1145\/948109.948144","volume-title":"Proceedings of the 10th ACM Conference on Computer and Communication Security (CCS 2003)","author":"C. Kruegel","year":"2003","unstructured":"Kruegel, C., Vigna, G.: Anomaly Detection of Web-based Attacks. In: Proceedings of the 10th ACM Conference on Computer and Communication Security (CCS 2003), Washington, DC, October 2003, pp. 251\u2013261. ACM Press, New York (2003)"},{"issue":"5","key":"4_CR21","doi-asserted-by":"publisher","first-page":"717","DOI":"10.1016\/j.comnet.2005.01.009","volume":"48","author":"C. Kruegel","year":"2005","unstructured":"Kruegel, C., Vigna, G., Robertson, W.: A Multi-model Approach to the Detection of Web-based Attacks. Computer Networks\u00a048(5), 717\u2013738 (2005)","journal-title":"Computer Networks"},{"key":"4_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-45853-0_16","volume-title":"Computer Security - ESORICS 2002","author":"S.Y. Lee","year":"2002","unstructured":"Lee, S.Y., Low, W.L., Wong, P.Y.: Learning Fingerprints for a Database Intrusion Detection System. In: Gollmann, D., Karjoth, G., Waidner, M. (eds.) ESORICS 2002. LNCS, vol.\u00a02502, Springer, Heidelberg (2002)"},{"key":"4_CR23","volume-title":"Proceedings of the 5 th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining (KDD 1999)","author":"W. Lee","year":"1999","unstructured":"Lee, W., Stolfo, S., Mok, K.: Mining in a Data-flow Environment: Experience in Network Intrusion Detection. In: Proceedings of the 5\n                    th\n                   ACM SIGKDD International Conference on Knowledge Discovery & Data Mining (KDD 1999), San Diego, CA, August 1999, ACM Press, New York (1999)"},{"key":"4_CR24","unstructured":"Mutz, D.: Context-sensitive Multi-model Anomaly Detection. PhD thesis, UCSB (June 2006)"},{"issue":"1","key":"4_CR25","doi-asserted-by":"publisher","first-page":"61","DOI":"10.1145\/1127345.1127348","volume":"9","author":"D. Mutz","year":"2006","unstructured":"Mutz, D., Valeur, F., Kruegel, C., Vigna, G.: Anomalous System Call Detection. ACM Transactions on Information and System Security\u00a09(1), 61\u201393 (2006)","journal-title":"ACM Transactions on Information and System Security"},{"key":"4_CR26","doi-asserted-by":"crossref","unstructured":"Nguyen-Tuong, A., Guarnieri, S., Greene, D., Evans, D.: Automatically Hardening Web Applications Using Precise Tainting. In: Proceedings of the 20th International Information Security Conference (SEC 2005), May 2005, pp. 372\u2013382 (2005)","DOI":"10.1007\/0-387-25660-1_20"},{"key":"4_CR27","unstructured":"PHP: Session Support in PHP, \n                    \n                      http:\/\/php.net\/manual\/en\/ref.session.php\/"},{"key":"4_CR28","volume-title":"Proceedings of the IEEE Symposium on Security and Privacy","author":"R. Sekar","year":"2001","unstructured":"Sekar, R., Bendre, M., Bollineni, P., Dhurjati, D.: A Fast Automaton-Based Method for Detecting Anomalous Program Behaviors. In: Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, May 2001, IEEE Computer Society Press, Los Alamitos (2001)"},{"key":"4_CR29","volume-title":"Proceedings of the ACM Symposium on Operating Systems Principles","author":"R. Sekar","year":"2003","unstructured":"Sekar, R., Venkatakrishnan, V., Basu, S., S, B., DuVarney, D.: Model-carrying code: A practical approach for safe execution of untrusted applications. In: Proceedings of the ACM Symposium on Operating Systems Principles, ACM Press, New York (2003)"},{"key":"4_CR30","doi-asserted-by":"crossref","unstructured":"Su, Z., Wassermann, G.: The Essence of Command Injection Attacks in Web Applications. In: Proceedings of the 33rd Annual Symposium on Principles of Programming Languages (POPL 2006), pp. 372\u2013382 (2006)","DOI":"10.1145\/1111037.1111070"},{"key":"4_CR31","unstructured":"The Computer Security Group at UCSB: libAnomaly Project Homepage, \n                    \n                      http:\/\/www.cs.ucsb.edu\/~seclab\/projects\/libanomaly"},{"key":"4_CR32","series-title":"Lecture Notes in Computer Science","volume-title":"Intrusion and Malware Detection and Vulnerability Assessment","author":"F. Valeur","year":"2005","unstructured":"Valeur, F., Mutz, D., Vigna, G.: A Learning-Based Approach to the Detection of SQL Attacks. In: Julisch, K., Kr\u00fcgel, C. (eds.) DIMVA 2005. LNCS, vol.\u00a03548, Springer, Heidelberg (2005)"},{"key":"4_CR33","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"34","DOI":"10.1007\/b13476","volume-title":"Advances in Computer Systems Architecture","author":"G. Vigna","year":"2003","unstructured":"Vigna, G., Robertson, W., Kher, V., Kemmerer, R.: A Stateful Intrusion Detection System for World-Wide Web Servers. In: Omondi, A.R., Sedukhin, S. (eds.) ACSAC 2003. LNCS, vol.\u00a02823, pp. 34\u201343. Springer, Heidelberg (2003)"},{"key":"4_CR34","doi-asserted-by":"publisher","first-page":"255","DOI":"10.1145\/586110.586145","volume-title":"Proceedings of the 9th ACM Conference on Computer and Communications Security","author":"D. Wagner","year":"2002","unstructured":"Wagner, D., Soto, P.: Mimicry Attacks on Host-Based Intrusion Detection Systems. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, Washington DC, USA, November 2002, pp. 255\u2013264. ACM Press, New York (2002)"},{"key":"4_CR35","unstructured":"Xie, Y., Aiken, A.: Static Detection of Security Vulnerabilities in Scripting Languages. In: Proceedings of the 15th USENIX Security Symposium (USENIX 2006) (August 2006)"},{"key":"4_CR36","unstructured":"Zend: Zend Engine, \n                    \n                      http:\/\/www.zend.com\/products\/zend_engine"}],"container-title":["Lecture Notes in Computer Science","Recent Advances in Intrusion Detection"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-540-74320-0_4.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,4,27]],"date-time":"2021-04-27T10:19:53Z","timestamp":1619518793000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-540-74320-0_4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[null]]},"ISBN":["9783540743194","9783540743200"],"references-count":36,"URL":"https:\/\/doi.org\/10.1007\/978-3-540-74320-0_4","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[]}}