{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,5]],"date-time":"2024-09-05T06:45:56Z","timestamp":1725518756658},"publisher-location":"Berlin, Heidelberg","reference-count":25,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783540874027"},{"type":"electronic","value":"9783540874034"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"DOI":"10.1007\/978-3-540-87403-4_14","type":"book-chapter","created":{"date-parts":[[2008,9,17]],"date-time":"2008-09-17T11:42:05Z","timestamp":1221651725000},"page":"251-270","source":"Crossref","is-referenced-by-count":8,"title":["On the Limits of Payload-Oblivious Network Attack Detection"],"prefix":"10.1007","author":[{"given":"M. Patrick","family":"Collins","sequence":"first","affiliation":[]},{"given":"Michael K.","family":"Reiter","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"14_CR1","doi-asserted-by":"crossref","unstructured":"Alata, E., Nicomette, V., Kaaniche, M., Dacier, M., Herrb, M.: Lessons learned from the deployment of a high-interaction honeypot. In: Proceedings of the 2006 European Dependable Computing Conference (2006)","DOI":"10.1109\/EDCC.2006.17"},{"issue":"3","key":"14_CR2","doi-asserted-by":"publisher","first-page":"186","DOI":"10.1145\/357830.357849","volume":"3","author":"S. Axelsson","year":"2000","unstructured":"Axelsson, S.: The base rate fallacy and the difficulty of intrusion detection. ACM Transactions on Information and System Security\u00a03(3), 186\u2013205 (2000)","journal-title":"ACM Transactions on Information and System Security"},{"key":"14_CR3","unstructured":"Binkley, J.: An algorithm for anomaly-based botnet detection. In: Proceedings of the 2006 USENIX Workshop on Steps for Reducing Unwanted Traffic on the Internet (SRUTI) (2006)"},{"key":"14_CR4","doi-asserted-by":"crossref","unstructured":"C\u00e1rdenas, A., Baras, J., Seamon, K.: A framework for evaluation of intrusion detection systems. In: Proceedings of the 2006 IEEE Symposium on Security and Privacy (2006)","DOI":"10.1109\/SP.2006.2"},{"issue":"8","key":"14_CR5","doi-asserted-by":"publisher","first-page":"1481","DOI":"10.1109\/49.464717","volume":"13","author":"K. Claffy","year":"1995","unstructured":"Claffy, K., Braun, H., Polyzos, G.: A parameterizable methodology for internet traffic flow profiling. IEEE Journal on Selected Areas in Communications\u00a013(8), 1481\u20131494 (1995)","journal-title":"IEEE Journal on Selected Areas in Communications"},{"key":"14_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"276","DOI":"10.1007\/978-3-540-74320-0_15","volume-title":"Recent Advances in Intrusion Detection","author":"M.P. Collins","year":"2007","unstructured":"Collins, M.P., Reiter, M.: Hit-list worm detection and bot identification in large networks using protocol graphs. In: Kruegel, C., Lippmann, R., Clark, A. (eds.) RAID 2007. LNCS, vol.\u00a04637, pp. 276\u2013295. Springer, Heidelberg (2007)"},{"key":"14_CR7","unstructured":"Collins, M.P., Reiter, M.K.: Anomaly detection amidst constant anomalies: Training IDS on constantly attacked data. Technical Report CMU-CYLAB-08-006, Carnegie Mellon University, CyLab (2008)"},{"key":"14_CR8","doi-asserted-by":"crossref","unstructured":"Gaffney, J., Ulvila, J.: Evaluation of intrusion detectors: A decision theory approach. In: Proceedings of the 2001 IEEE Symposium on Security and Privacy (2001)","DOI":"10.1109\/SECPRI.2001.924287"},{"key":"14_CR9","doi-asserted-by":"crossref","unstructured":"Gates, C., Taylor, C.: Challenging the anomaly detection paradigm, a provocative discussion. In: Proceedings of the 2006 New Security Paradigms Workshop, pp. 22\u201329 (2006)","DOI":"10.1145\/1278940.1278945"},{"key":"14_CR10","unstructured":"Jung, J.: Real-Time Detection of Malicious Network Activity Using Stochastic Models. PhD thesis, Massachuesetts Institute of Technology (2006)"},{"key":"14_CR11","doi-asserted-by":"crossref","unstructured":"Jung, J., Paxson, V., Berger, A.W., Balakrishnan, H.: Fast portscan detection using sequential hypothesis testing. In: Proceedings of the 2004 IEEE Symposium on Security and Privacy (2004)","DOI":"10.1109\/SECPRI.2004.1301325"},{"key":"14_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"157","DOI":"10.1007\/978-3-540-73614-1_10","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"M. Kang","year":"2007","unstructured":"Kang, M., Caballero, J., Song, D.: Distributed evasive scan techniques and countermeasures. In: H\u00e4mmerli, B.M., Sommer, R. (eds.) DIMVA 2007. LNCS, vol.\u00a04579, pp. 157\u2013174. Springer, Heidelberg (2007)"},{"key":"14_CR13","doi-asserted-by":"crossref","unstructured":"Killourhy, K., Maxion, R., Tan, K.: A defense-centric taxonomy based on attack manifestations. In: Proceedings of the 2004 Conference on Dependable Systems and Networks (DSN) (2004)","DOI":"10.1109\/DSN.2004.1311881"},{"key":"14_CR14","volume-title":"Advanced Engineering Mathematics","author":"E. Kreyszig","year":"2005","unstructured":"Kreyszig, E.: Advanced Engineering Mathematics, 9th edn. J. Wiley and Sons, Chichester (2005)","edition":"9"},{"key":"14_CR15","doi-asserted-by":"crossref","unstructured":"Lakhina, A., Crovella, M., Diot, C.: Mining anomalies using traffic feature distributions. In: Proceedings of the 2005 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications (SIGCOMM), pp. 217\u2013228 (2005)","DOI":"10.1145\/1080091.1080118"},{"key":"14_CR16","unstructured":"Lippmann, R., Fried, D., Graf, I., Haines, J., Kendall, K., McClung, D., Weber, D., Webster, S., Wyschogrod, D., Cunningham, R., Zissman, M.: Evaluating intrusion detection systems: The 1998 DARPA off-line intrusion detection evaluation. In: Proceedings of the DARPA Information Survivability Conference and Exposition (2000)"},{"key":"14_CR17","doi-asserted-by":"crossref","unstructured":"Maxion, R., Tan, K.: Benchmarking anomaly-based detection systems. In: Proceedings of the 2000 Conference on Dependable Systems and Networks (DSN) (2000)","DOI":"10.1109\/ICDSN.2000.857599"},{"issue":"4","key":"14_CR18","doi-asserted-by":"publisher","first-page":"262","DOI":"10.1145\/382912.382923","volume":"3","author":"J. McHugh","year":"2000","unstructured":"McHugh, J.: Testing intrusion detection systems: A critique of the 1998 and 1998 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory. ACM Transactions on Information and Systems Security\u00a03(4), 262\u2013294 (2000)","journal-title":"ACM Transactions on Information and Systems Security"},{"key":"14_CR19","unstructured":"Northcutt, S.: Network Intrusion Detection: An Analyst\u2019s Handbook. New Riders (1999)"},{"key":"14_CR20","unstructured":"Paxson, V.: Bro: A system for detection network intruders in real time. In: Proceedings of the 2008 Usenix Security Symposium (1998)"},{"key":"14_CR21","doi-asserted-by":"crossref","unstructured":"Sekar, V., Xie, Y., Reiter, M.K., Zhang, H.: A multi-resolution approach for worm detection and containment. In: Proceedings of the 36th International Conference on Dependable Systems and Networks, June 2006, pp. 189\u2013198 (2006)","DOI":"10.1109\/DSN.2006.6"},{"issue":"3\u20134","key":"14_CR22","doi-asserted-by":"crossref","first-page":"591","DOI":"10.1093\/biomet\/52.3-4.591","volume":"52","author":"S. Shapiro","year":"1965","unstructured":"Shapiro, S., Wilk, M.: An analysis of variance test for normality (complete samples). Biometrika\u00a052(3\u20134), 591\u2013611 (1965)","journal-title":"Biometrika"},{"key":"14_CR23","unstructured":"Staniford-Chen, S., Cheung, S., Crawford, R., Dilger, M., Frank, J., Hoagland, J., Levitt, K., Wee, C., Yip, R., Zerkle, D.: GrIDS \u2013 A graph-based intrusion detection system for large networks. In: Proceedings of the 19th National Information Systems Security Conference, pp. 361\u2013370 (1996)"},{"key":"14_CR24","unstructured":"Stolfo, S., Fan, W., Lee, W., Prodromidis, A., Chan, P.: Cost-based modeling for fraud and intrusion detection: Results from the JAM project. In: Proceedings of the 2000 DARPA Information Survivability Conference and Exposition (2000)"},{"key":"14_CR25","doi-asserted-by":"crossref","unstructured":"Tan, K., Maxion, R.: The effects of algorithmic diversity on anomaly detector performance. In: Proceedings of the 2005 Conference on Dependable Systems and Networks (DSN) (2005)","DOI":"10.1109\/DSN.2005.91"}],"container-title":["Lecture Notes in Computer Science","Recent Advances in Intrusion Detection"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-540-87403-4_14.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,5,19]],"date-time":"2023-05-19T23:56:41Z","timestamp":1684540601000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-540-87403-4_14"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[null]]},"ISBN":["9783540874027","9783540874034"],"references-count":25,"URL":"https:\/\/doi.org\/10.1007\/978-3-540-87403-4_14","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[]}}