{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,15]],"date-time":"2026-01-15T22:18:57Z","timestamp":1768515537500,"version":"3.49.0"},"publisher-location":"Berlin, Heidelberg","reference-count":19,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783540743194","type":"print"},{"value":"9783540743200","type":"electronic"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"DOI":"10.1007\/978-3-540-74320-0_8","type":"book-chapter","created":{"date-parts":[[2007,8,16]],"date-time":"2007-08-16T13:47:48Z","timestamp":1187272068000},"page":"146-166","source":"Crossref","is-referenced-by-count":55,"title":["elicit: A System for Detecting Insiders Who Violate Need-to-Know"],"prefix":"10.1007","author":[{"given":"Marcus A.","family":"Maloof","sequence":"first","affiliation":[]},{"given":"Gregory D.","family":"Stephens","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"8_CR1","unstructured":"United States v. Leandro Aragoncillo and Michael Ray Aquino: Criminal complaint. District of New Jersey (September 9, 2005)"},{"key":"8_CR2","unstructured":"Keeney, M., et al.: Insider threat study: Computer system sabotage in critical infrastructure sector. Technical report, US Secret Service and CERT Program, Software Engineering Institute, Carnegie Mellon University, Pittsburgh, PA (May 2005)"},{"issue":"4","key":"8_CR3","doi-asserted-by":"publisher","first-page":"227","DOI":"10.1145\/382912.382914","volume":"3","author":"W. Lee","year":"2000","unstructured":"Lee, W., Stolfo, S.J.: A framework for constructing features and models for intrusion detection systems. ACM Transactions on Information and System Security\u00a03(4), 227\u2013261 (2000)","journal-title":"ACM Transactions on Information and System Security"},{"key":"8_CR4","first-page":"353","volume-title":"Proceedings of the 20th NIST-NCSC National Information Systems Security Conference","author":"P.A. Porras","year":"1997","unstructured":"Porras, P.A., Neumann, P.G.: EMERALD: Event monitoring enabling responses to anomalous live disturbances. In: Proceedings of the 20th NIST-NCSC National Information Systems Security Conference, pp. 353\u2013365. National Institute of Standards and Technology, Gaithersburg, MD (1997)"},{"issue":"3","key":"8_CR5","doi-asserted-by":"publisher","first-page":"295","DOI":"10.1145\/322510.322526","volume":"2","author":"T. Lane","year":"1999","unstructured":"Lane, T., Brodley, C.E.: Temporal sequence learning and data reduction for anomaly detection. ACM Transactions on Information and System Security\u00a02(3), 295\u2013331 (1999)","journal-title":"ACM Transactions on Information and System Security"},{"issue":"3","key":"8_CR6","doi-asserted-by":"crossref","first-page":"151","DOI":"10.3233\/JCS-980109","volume":"6","author":"S.A. Hofmeyr","year":"1988","unstructured":"Hofmeyr, S.A., Forrest, S., Somayaji, A.: Intrusion detection using sequences of system calls. Journal of Computer Security\u00a06(3), 151\u2013180 (1988)","journal-title":"Journal of Computer Security"},{"key":"8_CR7","unstructured":"Ethereal, Inc.: Ethereal. Software (2007), \n                    \n                      http:\/\/www.ethereal.com"},{"issue":"4","key":"8_CR8","doi-asserted-by":"publisher","first-page":"543","DOI":"10.2307\/1266560","volume":"3","author":"F.C. Leone","year":"1961","unstructured":"Leone, F.C., Nelson, L.S., Nottingham, R.B.: The Folded Normal Distribution. Technometrics\u00a03(4), 543\u2013550 (1961)","journal-title":"Technometrics"},{"key":"8_CR9","volume-title":"Density estimation for statistics and data analysis","author":"B.W. Silverman","year":"1998","unstructured":"Silverman, B.W.: Density estimation for statistics and data analysis. Chapman & Hall\/CRC, Boca Raton, FL (1998)"},{"key":"8_CR10","series-title":"Statistics for Engineering and Information Science","doi-asserted-by":"crossref","DOI":"10.1007\/978-1-4757-3502-4","volume-title":"Bayesian networks and decision graphs","author":"F.V. Jensen","year":"2001","unstructured":"Jensen, F.V.: Bayesian networks and decision graphs. Statistics for Engineering and Information Science. Springer, New York, NY (2001)"},{"key":"8_CR11","doi-asserted-by":"publisher","first-page":"579","DOI":"10.1016\/S1389-1286(00)00139-0","volume":"34","author":"R. Lippmann","year":"2000","unstructured":"Lippmann, R., et al.: The 1999 DARPA off-line intrusion detection evaluation. Computer Networks\u00a034, 579\u2013595 (2000)","journal-title":"Computer Networks"},{"issue":"4","key":"8_CR12","doi-asserted-by":"publisher","first-page":"262","DOI":"10.1145\/382912.382923","volume":"3","author":"J. McHugh","year":"2000","unstructured":"McHugh, J.: Testing intrusion detection systems. ACM Transactions on Information and System Security\u00a03(4), 262\u2013294 (2000)","journal-title":"ACM Transactions on Information and System Security"},{"key":"8_CR13","volume-title":"Computer security","author":"M. Bishop","year":"2003","unstructured":"Bishop, M.: Computer security. Addison-Wesley, Boston, MA (2003)"},{"issue":"2","key":"8_CR14","doi-asserted-by":"publisher","first-page":"222","DOI":"10.1109\/TSE.1987.232894","volume":"SE-13","author":"D.E. Denning","year":"1987","unstructured":"Denning, D.E.: An intrusion-detection model. IEEE Transactions on Software Engineering\u00a0SE-13(2), 222\u2013232 (1987)","journal-title":"IEEE Transactions on Software Engineering"},{"key":"8_CR15","series-title":"Applied Computer Security Associates","doi-asserted-by":"publisher","first-page":"273","DOI":"10.1109\/CSAC.1990.143786","volume-title":"Proceedings of the Sixth Annual Computer Security Applications Conference","author":"T. Lunt","year":"1990","unstructured":"Lunt, T., et al.: IDES: A progress report. In: Proceedings of the Sixth Annual Computer Security Applications Conference. Applied Computer Security Associates, pp. 273\u2013285. Silver Spring, MD (1990)"},{"key":"8_CR16","doi-asserted-by":"publisher","first-page":"56","DOI":"10.1145\/224170.224363","volume-title":"Supercomputing 1995","author":"G.G. Christoph","year":"1995","unstructured":"Christoph, G.G., et al.: UNICORN: Misuse detection for UNICOSTM. In: Supercomputing 1995, p. 56. IEEE Press, Los Alamitos, CA (1995)"},{"issue":"1","key":"8_CR17","doi-asserted-by":"publisher","first-page":"58","DOI":"10.1214\/ss\/998929476","volume":"16","author":"M. Schonlau","year":"2001","unstructured":"Schonlau, M., et al.: Computer intrusion: Detecting masquerades. Statistical Science\u00a016(1), 58\u201374 (2001)","journal-title":"Statistical Science"},{"key":"8_CR18","doi-asserted-by":"publisher","first-page":"5","DOI":"10.1109\/DSN.2003.1209911","volume-title":"Proceedings of the International Conference on Dependable Systems and Networks","author":"R.A. Maxion","year":"2003","unstructured":"Maxion, R.A.: Masquerade detection using enriched command lines. In: Proceedings of the International Conference on Dependable Systems and Networks, pp. 5\u201314. IEEE Press, Los Alamitos, CA (2003)"},{"key":"8_CR19","unstructured":"Maybury, M., et al.: Analysis and detection of malicious insiders. In: Proceedings of the 2005 International Conference on Intelligence Analysis, The MITRE Corporation, McLean, VA (2005)"}],"container-title":["Lecture Notes in Computer Science","Recent Advances in Intrusion Detection"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-540-74320-0_8.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,4,27]],"date-time":"2021-04-27T10:19:54Z","timestamp":1619518794000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-540-74320-0_8"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[null]]},"ISBN":["9783540743194","9783540743200"],"references-count":19,"URL":"https:\/\/doi.org\/10.1007\/978-3-540-74320-0_8","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[]}}