{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,27]],"date-time":"2025-10-27T15:55:30Z","timestamp":1761580530623},"publisher-location":"Berlin, Heidelberg","reference-count":21,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783540743194"},{"type":"electronic","value":"9783540743200"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"DOI":"10.1007\/978-3-540-74320-0_9","type":"book-chapter","created":{"date-parts":[[2007,8,16]],"date-time":"2007-08-16T09:47:48Z","timestamp":1187257668000},"page":"167-177","source":"Crossref","is-referenced-by-count":7,"title":["On the Use of Different Statistical Tests for Alert Correlation \u2013 Short Paper"],"prefix":"10.1007","author":[{"given":"Federico","family":"Maggi","sequence":"first","affiliation":[]},{"given":"Stefano","family":"Zanero","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"issue":"6","key":"9_CR1","doi-asserted-by":"publisher","first-page":"716","DOI":"10.1109\/TAC.1974.1100705","volume":"19","author":"H. Akaike","year":"1974","unstructured":"Akaike, H.: A new look at the statistical model identification. Automatic Control, IEEE Transactions on\u00a019(6), 716\u2013723 (1974)","journal-title":"Automatic Control, IEEE Transactions on"},{"key":"9_CR2","first-page":"1","volume-title":"Proc. of the ACM Workshop on Data Mining for Security Applications","author":"O. Dain","year":"2001","unstructured":"Dain, O., Cunningham, R.: Fusing heterogeneous alert streams into scenarios. In: Proc. of the ACM Workshop on Data Mining for Security Applications, November 2001, pp. 1\u201313. ACM Press, New York (2001)"},{"key":"9_CR3","volume-title":"Proceedings of the ACM Workshop on Intrusion Detection","author":"S. Eckmann","year":"2000","unstructured":"Eckmann, S., Vigna, G., Kemmerer, R.: STATL: An attack language for state-based intrusion detection. In: Proceedings of the ACM Workshop on Intrusion Detection, Atene, November 2000, ACM Press, New York (2000)"},{"issue":"1","key":"9_CR4","doi-asserted-by":"publisher","first-page":"46","DOI":"10.1109\/MSECP.2003.1176995","volume":"01","author":"J. Haines","year":"2003","unstructured":"Haines, J., Ryder, D.K., Tinnel, L., Taylor, S.: Validation of sensor alert correlators. IEEE Security and Privacy\u00a001(1), 46\u201356 (2003)","journal-title":"IEEE Security and Privacy"},{"key":"9_CR5","first-page":"366","volume-title":"Proc. of the 8th ACM SIGKDD Int\u2019l Conf. on Knowledge Discovery and Data Mining","author":"K. Julisch","year":"2002","unstructured":"Julisch, K., Dacier, M.: Mining intrusion detection alarms for actionable knowledge. In: Proc. of the 8th ACM SIGKDD Int\u2019l Conf. on Knowledge Discovery and Data Mining, New York, NY, USA, pp. 366\u2013375. ACM Press, New York (2002)"},{"issue":"4","key":"9_CR6","doi-asserted-by":"publisher","first-page":"579","DOI":"10.1016\/S1389-1286(00)00139-0","volume":"34","author":"R. Lippmann","year":"2000","unstructured":"Lippmann, R., Haines, J.W., Fried, D.J., Korba, J., Das, K.: The 1999 darpa off-line intrusion detection evaluation. Comput. Networks\u00a034(4), 579\u2013595 (2000)","journal-title":"Comput. Networks"},{"key":"9_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-39945-3_11","volume-title":"Recent Advances in Intrusion Detection","author":"R. Lippmann","year":"2000","unstructured":"Lippmann, R., Haines, J.W., Fried, D.J., Korba, J., Das, K.: Analysis and results of the 1999 DARPA off-line intrusion detection evaluation. In: Debar, H., M\u00e9, L., Wu, S.F. (eds.) RAID 2000. LNCS, vol.\u00a01907, Springer, Heidelberg (2000)"},{"key":"9_CR8","unstructured":"Maggi, F., Matteucci, M., Zanero, S.: Detecting intrusions through system call sequence and argument analysis (submitted for publication, 2006)"},{"key":"9_CR9","unstructured":"Maggi, F., Matteucci, M., Zanero, S.: Reducing false positives in anomaly detectors through fuzzy alert aggregation (submitted for publication, 2006)"},{"key":"9_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"220","DOI":"10.1007\/978-3-540-45248-5_13","volume-title":"Recent Advances in Intrusion Detection","author":"M.V. Mahoney","year":"2003","unstructured":"Mahoney, M.V., Chan, P.K.: An analysis of the 1999 DARPA \/ Lincoln laboratory evaluation data for network anomaly detection. In: Vigna, G., Kr\u00fcgel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol.\u00a02820, pp. 220\u2013237. Springer, Heidelberg (2003)"},{"issue":"4","key":"9_CR11","doi-asserted-by":"publisher","first-page":"262","DOI":"10.1145\/382912.382923","volume":"3","author":"J. McHugh","year":"2000","unstructured":"McHugh, J.: Testing intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by lincoln laboratory. ACM Trans. on Information and System Security\u00a03(4), 262\u2013294 (2000)","journal-title":"ACM Trans. on Information and System Security"},{"issue":"2","key":"9_CR12","doi-asserted-by":"publisher","first-page":"274","DOI":"10.1145\/996943.996947","volume":"7","author":"P. Ning","year":"2004","unstructured":"Ning, P., Cui, Y., Reeves, D.S., Xu, D.: Techniques and tools for analyzing intrusion alerts. ACM Trans. Inf. Syst. Secur.\u00a07(2), 274\u2013318 (2004)","journal-title":"ACM Trans. Inf. Syst. Secur."},{"key":"9_CR13","doi-asserted-by":"crossref","DOI":"10.1515\/9783110809343","volume-title":"Mathematical Statistics: An Introduction","author":"W.R. Pestman","year":"1998","unstructured":"Pestman, W.R.: Mathematical Statistics: An Introduction. Walter de Gruyter, Berlin (1998)"},{"key":"9_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"73","DOI":"10.1007\/978-3-540-45248-5_5","volume-title":"Recent Advances in Intrusion Detection","author":"X. Qin","year":"2003","unstructured":"Qin, X., Lee, W.: Statistical causality analysis of INFOSEC alert data. In: Vigna, G., Kr\u00fcgel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol.\u00a02820, pp. 73\u201393. Springer, Heidelberg (2003)"},{"key":"9_CR15","doi-asserted-by":"publisher","first-page":"31","DOI":"10.1145\/366173.366187","volume-title":"NSPW 2000: Proceedings of the 2000 workshop on New security paradigms","author":"S.J. Templeton","year":"2000","unstructured":"Templeton, S.J., Levitt, K.: A requires\/provides model for computer attacks. In: NSPW 2000: Proceedings of the 2000 workshop on New security paradigms, New York, NY, USA, pp. 31\u201338. ACM Press, New York (2000)"},{"key":"9_CR16","unstructured":"Thurman, W.N., Fisher, M.E.: Chickens, eggs, and causality, or which came first? American Journal of Agricultural Economics (1998)"},{"issue":"3","key":"9_CR17","doi-asserted-by":"publisher","first-page":"146","DOI":"10.1109\/TDSC.2004.21","volume":"1","author":"F. Valeur","year":"2004","unstructured":"Valeur, F., Vigna, G., Kruegel, C., Kemmerer, R.A.: A comprehensive approach to intrusion detection alert correlation. IEEE Trans. Dependable Secur. Comput.\u00a01(3), 146\u2013169 (2004)","journal-title":"IEEE Trans. Dependable Secur. Comput."},{"key":"9_CR18","doi-asserted-by":"crossref","DOI":"10.1007\/978-0-387-21706-2","volume-title":"Modern Applied Statistics with S","author":"W. Venables","year":"2002","unstructured":"Venables, W., Ripley, B.: Modern Applied Statistics with S. Springer, Heidelberg (2002)"},{"key":"9_CR19","doi-asserted-by":"publisher","first-page":"102","DOI":"10.1145\/1128817.1128835","volume-title":"Proc. of the 2006 ACM Symp. on Information, computer and communications security","author":"J. Viinikka","year":"2006","unstructured":"Viinikka, J., Debar, H., M\u00e9, L., S\u00e9guier, R.: Time series modeling for IDS alert management. In: Proc. of the 2006 ACM Symp. on Information, computer and communications security, pp. 102\u2013113. ACM Press, New York (2006)"},{"key":"9_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"83","DOI":"10.1007\/11553595_10","volume-title":"Image Analysis and Processing \u2013 ICIAP 2005","author":"S. Zanero","year":"2005","unstructured":"Zanero, S.: Analyzing TCP traffic patterns using self organizing maps. In: Roli, F., Vitulano, S. (eds.) ICIAP 2005. LNCS, vol.\u00a03617, pp. 83\u201390. Springer, Heidelberg (2005)"},{"key":"9_CR21","unstructured":"Zanero, S.: Unsupervised Learning Algorithms for Intrusion Detection. PhD thesis, Politecnico di Milano T.U., Milano, Italy (May 2006)"}],"container-title":["Lecture Notes in Computer Science","Recent Advances in Intrusion Detection"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-540-74320-0_9.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,4,27]],"date-time":"2021-04-27T06:19:54Z","timestamp":1619504394000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-540-74320-0_9"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[null]]},"ISBN":["9783540743194","9783540743200"],"references-count":21,"URL":"https:\/\/doi.org\/10.1007\/978-3-540-74320-0_9","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[]}}