{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,5]],"date-time":"2024-09-05T06:46:04Z","timestamp":1725518764063},"publisher-location":"Berlin, Heidelberg","reference-count":23,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783540874027"},{"type":"electronic","value":"9783540874034"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"DOI":"10.1007\/978-3-540-87403-4_16","type":"book-chapter","created":{"date-parts":[[2008,9,17]],"date-time":"2008-09-17T11:42:05Z","timestamp":1221651725000},"page":"291-310","source":"Crossref","is-referenced-by-count":9,"title":["A Multi-Sensor Model to Improve Automated Attack Detection"],"prefix":"10.1007","author":[{"given":"Magnus","family":"Almgren","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ulf","family":"Lindqvist","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Erland","family":"Jonsson","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"key":"16_CR1","doi-asserted-by":"publisher","first-page":"255","DOI":"10.1109\/CSAC.2003.1254330","volume-title":"ACSAC 2003: Proceedings of the 19th Annual Computer Security Applications Conference","author":"C. Abad","year":"2003","unstructured":"Abad, C., Taylor, J., Sengul, C., Yurcik, W., Zhou, Y., Rowe, K.: Log correlation for intrusion detection: A proof of concept. In: ACSAC 2003: Proceedings of the 19th Annual Computer Security Applications Conference, p. 255. IEEE Computer Society, Los Alamitos (2003)"},{"key":"16_CR2","unstructured":"Almgren, M., Debar, H., Dacier, M.: A lightweight tool for detecting web server attacks. In: Tsudik, G., Rubin, A. (eds.) Network and Distributed System Security Symposium (NDSS 2000), San Diego, USA, Feburary 3\u20134, 2000, pp. 157\u2013170. Internet Society (2000)"},{"key":"16_CR3","first-page":"101","volume-title":"12th Nordic Workshop on Secure IT Systems (NordSec 2007)","author":"M. Almgren","year":"2007","unstructured":"Almgren, M., Jonsson, E., Lindqvist, U.: A comparison of alternative audit sources for web server attack detection. In: Erlingsson, \u00da., Sabelfeld, A. (eds.) 12th Nordic Workshop on Secure IT Systems (NordSec 2007), October\u00a011\u201312, pp. 101\u2013112. Reykjav\u00edk University, Iceland (2007)"},{"key":"16_CR4","doi-asserted-by":"crossref","unstructured":"Axelsson, S.: The base-rate fallacy and its implications for the difficulty of intrusion detection. In: Proceedings of the 6th ACM Conference on Computer and Communications Security, November 1999. Kent Ridge Digital Labs (1999)","DOI":"10.1145\/319709.319710"},{"key":"16_CR5","unstructured":"Breese, J., Koller, D.: Tutorial on Bayesian Networks. Internet (1997), \n                    \n                      http:\/\/robotics.stanford.edu\/~koller\/BNtut\/BNtut.ppt"},{"key":"16_CR6","doi-asserted-by":"crossref","unstructured":"Cheung, S., Lindqvist, U., Fong, M.W.: Modeling multistep cyber attacks for scenario recognition. In: DARPA Information Survivability Conference and Exposition (DISCEX III), Washington, DC, April 22\u201324, 2003, vol.\u00a0I, pp. 284\u2013292 (2003)","DOI":"10.1109\/DISCEX.2003.1194892"},{"key":"16_CR7","first-page":"202","volume-title":"Proceedings of the IEEE Symposium on Security and Privacy","author":"F. Cuppens","year":"2002","unstructured":"Cuppens, F., Miege, A.: Alert correlation in a cooperative intrusion detection framework. In: Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, May 2002, pp. 202\u2013215. IEEE Press, Los Alamitos (2002)"},{"key":"16_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"286","DOI":"10.1007\/11935070_20","volume-title":"Cryptology and Network Security","author":"N. Dagorn","year":"2006","unstructured":"Dagorn, N.: Cooperative intrusion detection for web applications. In: Pointcheval, D., Mu, Y., Chen, K. (eds.) CANS 2006. LNCS, vol.\u00a04301, pp. 286\u2013302. Springer, Heidelberg (2006)"},{"key":"16_CR9","first-page":"85","volume-title":"RAID 2000: Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection","author":"H. Debar","year":"2001","unstructured":"Debar, H., Wespi, A.: Aggregation and correlation of intrusion-detection alerts. In: RAID 2000: Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection, pp. 85\u2013103. Springer, Heidelberg (2001)"},{"key":"16_CR10","unstructured":"Decision Systems Laboratory, University of Pittsburgh. SMILE reasoning engine for graphical probabilistic model (2008), \n                    \n                      http:\/\/dsl.sis.pitt.edu"},{"issue":"2-3","key":"16_CR11","doi-asserted-by":"publisher","first-page":"103","DOI":"10.1023\/A:1007413511361","volume":"29","author":"P. Domingos","year":"1997","unstructured":"Domingos, P., Pazzani, M.: On the optimality of the simple Bayesian classifier under zero-one loss. Machine Learning\u00a029(2-3), 103\u2013130 (1997)","journal-title":"Machine Learning"},{"key":"16_CR12","unstructured":"Hernan, S.V.: \u2018phf\u2019 CGI script fails to guard against newline characters. CERT\/CC; Internet (January 2001), \n                    \n                      http:\/\/www.kb.cert.org\/vuls\/id\/20276"},{"key":"16_CR13","doi-asserted-by":"publisher","first-page":"14","DOI":"10.1109\/CSAC.2003.1254306","volume-title":"ACSAC 2003: Proceedings of the 19th Annual Computer Security Applications Conference","author":"C. Kruegel","year":"2003","unstructured":"Kruegel, C., Mutz, D., Robertson, W., Valeur, F.: Bayesian event classification for intrusion detection. In: ACSAC 2003: Proceedings of the 19th Annual Computer Security Applications Conference, p. 14. IEEE Computer Society, Los Alamitos (2003)"},{"key":"16_CR14","series-title":"Advances in Information Security","volume-title":"Intrusion Detection and Correlation","author":"C. Kruegel","year":"2005","unstructured":"Kruegel, C., Valeur, F., Vigna, G.: Intrusion Detection and Correlation. Advances in Information Security, vol.\u00a014. Springer, Heidelberg (2005)"},{"key":"16_CR15","unstructured":"Marty, R.: Thor - a tool to test intrusion detection systems by variations of attacks. Master\u2019s thesis, Swiss Federal Institute of Technology (ETH), Institut f\u00fcr Technische Informatik und Kommunikationsnetze (TIK), Zurich, Switzerland (2002), \n                    \n                      http:\/\/www.raffy.ch\/projects\/ids\/thor.ps.gz"},{"key":"16_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"94","DOI":"10.1007\/978-3-540-45248-5_6","volume-title":"Recent Advances in Intrusion Detection","author":"B. Morin","year":"2003","unstructured":"Morin, B., Debar, H.: Correlation of intrusion symptoms: An application of Chronicles. In: Vigna, G., Jonsson, E., Kruegel, C. (eds.) RAID 2003. LNCS, vol.\u00a02820, pp. 94\u2013112. Springer, Heidelberg (2003)"},{"key":"16_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"115","DOI":"10.1007\/3-540-36084-0_7","volume-title":"Recent Advances in Intrusion Detection","author":"B. Morin","year":"2002","unstructured":"Morin, B., M\u00e9, L., Debar, H., Ducass\u00e9, M.: M2D2: A formal data model for IDS alert correlation. In: Wespi, A., Vigna, G., Deri, L. (eds.) RAID 2002. LNCS, vol.\u00a02516, pp. 115\u2013137. Springer, Heidelberg (2002)"},{"key":"16_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"74","DOI":"10.1007\/3-540-36084-0_5","volume-title":"Recent Advances in Intrusion Detection","author":"P. Ning","year":"2002","unstructured":"Ning, P., Cui, Y., Reeves, D.S.: Analyzing intensive intrusion alerts via correlation. In: Wespi, A., Vigna, G., Deri, L. (eds.) RAID 2002. LNCS, vol.\u00a02516, pp. 74\u201394. Springer, Heidelberg (2002)"},{"issue":"4857","key":"16_CR19","doi-asserted-by":"publisher","first-page":"1285","DOI":"10.1126\/science.3287615","volume":"240","author":"J.A. Swets","year":"1988","unstructured":"Swets, J.A.: Measuring the accuracy of diagnostic systems. Science\u00a0240(4857), 1285\u20131293 (1988)","journal-title":"Science"},{"key":"16_CR20","volume-title":"ACSAC 2004: Proceedings of the 20th Annual Computer Security Applications Conference (ACSAC 2004)","author":"E. Tombini","year":"2004","unstructured":"Tombini, E., Debar, H., M\u00e9, L., Ducass\u00e9, M.: A serial combination of anomaly and misuse IDSes applied to HTTP traffic. In: ACSAC 2004: Proceedings of the 20th Annual Computer Security Applications Conference (ACSAC 2004). IEEE Computer Society, Los Alamitos (2004)"},{"issue":"3","key":"16_CR21","doi-asserted-by":"publisher","first-page":"632","DOI":"10.1016\/j.comnet.2006.05.008","volume":"51","author":"D. Yu","year":"2007","unstructured":"Yu, D., Frincke, D.: Improving the quality of alerts and predicting intruder\u2019s next goal with hidden colored petri-net. Comput. Netw.\u00a051(3), 632\u2013654 (2007)","journal-title":"Comput. Netw."},{"key":"16_CR22","first-page":"39","volume-title":"ACSAC 2004: Proceedings of the 20th Annual Computer Security Applications Conference","author":"Y. Zhai","year":"2004","unstructured":"Zhai, Y., Ning, P., Iyer, P., Reeves, D.S.: Reasoning about complementary intrusion evidence. In: ACSAC 2004: Proceedings of the 20th Annual Computer Security Applications Conference, Washington, DC, USA, pp. 39\u201348. IEEE Computer Society, Los Alamitos (2004)"},{"issue":"1","key":"16_CR23","doi-asserted-by":"publisher","first-page":"4","DOI":"10.1145\/1210263.1210267","volume":"10","author":"J. Zhou","year":"2007","unstructured":"Zhou, J., Heckman, M., Reynolds, B., Carlson, A., Bishop, M.: Modeling network intrusion detection alerts for correlation. ACM Trans. Inf. Syst. Secur.\u00a010(1), 4 (2007)","journal-title":"ACM Trans. Inf. Syst. Secur."}],"container-title":["Lecture Notes in Computer Science","Recent Advances in Intrusion Detection"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-540-87403-4_16.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,4,27]],"date-time":"2021-04-27T11:57:38Z","timestamp":1619524658000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-540-87403-4_16"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[null]]},"ISBN":["9783540874027","9783540874034"],"references-count":23,"URL":"https:\/\/doi.org\/10.1007\/978-3-540-87403-4_16","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[]}}