{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,2,1]],"date-time":"2025-02-01T00:10:14Z","timestamp":1738368614221,"version":"3.35.0"},"publisher-location":"Berlin, Heidelberg","reference-count":55,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783540874027"},{"type":"electronic","value":"9783540874034"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"DOI":"10.1007\/978-3-540-87403-4_19","type":"book-chapter","created":{"date-parts":[[2008,9,17]],"date-time":"2008-09-17T11:42:05Z","timestamp":1221651725000},"page":"351-371","source":"Crossref","is-referenced-by-count":15,"title":["A Comparative Evaluation of Anomaly Detectors under Portscan Attacks"],"prefix":"10.1007","author":[{"given":"Ayesha Binte","family":"Ashfaq","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Maria Joseph","family":"Robert","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Asma","family":"Mumtaz","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Muhammad Qasim","family":"Ali","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ali","family":"Sajjad","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Syed Ali","family":"Khayam","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"key":"19_CR1","unstructured":"Symantec Internet Security Threat Reports I\u2013XI (January 2002\u2013January 2008)"},{"key":"19_CR2","unstructured":"McAfee Corp., McAfee Virtual Criminology Report: North American Study into Organized Crime and the Internet (2005)"},{"key":"19_CR3","unstructured":"Computer Economics: Economic Impact of Malicious Code Attacks (2001), http:\/\/www.computereconomics.com\/cei\/press\/pr92101.html"},{"key":"19_CR4","unstructured":"Williamson, M.M.: Throttling viruses: Restricting propagation to defeat malicious mobile code. In: ACSAC (2002)"},{"key":"19_CR5","doi-asserted-by":"crossref","unstructured":"Twycross, J., Williamson, M.M.: Implementing and testing a virus throttle. In: Usenix Security (2003)","DOI":"10.1109\/CSAC.2003.1254312"},{"key":"19_CR6","doi-asserted-by":"crossref","unstructured":"Sellke, S., Shroff, N.B., Bagchi, S.: Modeling and automated containment of worms. In: DSN (2005)","DOI":"10.1109\/DSN.2005.66"},{"key":"19_CR7","doi-asserted-by":"crossref","unstructured":"Jung, J., Paxson, V., Berger, A.W., Balakrishnan, H.: Fast portscan detection using sequential hypothesis testing. In: IEEE Symp. Sec. and Priv. (2004)","DOI":"10.1109\/SECPRI.2004.1301325"},{"key":"19_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"59","DOI":"10.1007\/978-3-540-30143-1_4","volume-title":"Recent Advances in Intrusion Detection","author":"S.E. Schechter","year":"2004","unstructured":"Schechter, S.E., Jung, J., Berger, A.W.: Fast detection of scanning worm infections. In: Jonsson, E., Valdes, A., Almgren, M. (eds.) RAID 2004. LNCS, vol.\u00a03224, pp. 59\u201381. Springer, Heidelberg (2004)"},{"key":"19_CR9","unstructured":"Weaver, N., Staniford, S., Paxson, V.: Very fast containment of scanning worms. In: Usenix Security (2004)"},{"key":"19_CR10","doi-asserted-by":"crossref","unstructured":"Chen, S., Tang, Y.: Slowing Down Internet Worms. In: IEEE ICDCS (2004)","DOI":"10.1109\/ICDCS.2004.1281596"},{"key":"19_CR11","unstructured":"Ganger, G., Economou, G., Bielski, S.: Self-Securing Network Interfaces: What, Why, and How. Carnegie Mellon University Technical Report, CMU-CS-02-144 (2002)"},{"key":"19_CR12","doi-asserted-by":"crossref","unstructured":"Mahoney, M.V., Chan, P.K.: PHAD: Packet Header Anomaly Detection for Indentifying Hostile Network Traffic. Florida Tech. technical report CS-2001-4 (2001)","DOI":"10.1109\/ICDM.2003.1250987"},{"key":"19_CR13","doi-asserted-by":"crossref","unstructured":"Mahoney, M.V., Chan, P.K.: Learning Models of Network Traffic for Detecting Novel Attacks. Florida Tech. technical report CS-2002-08 (2002)","DOI":"10.1145\/775047.775102"},{"key":"19_CR14","doi-asserted-by":"crossref","unstructured":"Mahoney, M.V., Chan, P.K.: Network Traffic Anomaly Detection Based on Packet Bytes. In: ACM SAC (2003)","DOI":"10.1145\/952532.952601"},{"key":"19_CR15","doi-asserted-by":"crossref","unstructured":"Lakhina, A., Crovella, M., Diot, C.: Characterization of network-wide traffic anomalies in traffic flows. In: ACM Internet Measurement Conference (IMC) (2004)","DOI":"10.1145\/1028788.1028813"},{"key":"19_CR16","doi-asserted-by":"crossref","unstructured":"Lakhina, A., Crovella, M., Diot, C.: Diagnosing network-wide traffic anomalies. In: ACM SIGCOMM (2004)","DOI":"10.1145\/1015467.1015492"},{"key":"19_CR17","doi-asserted-by":"crossref","unstructured":"Lakhina, A., Crovella, M., Diot, C.: Mining anomalies using traffic feature distributions. In: ACM SIGCOMM (2005)","DOI":"10.1145\/1080091.1080118"},{"key":"19_CR18","doi-asserted-by":"crossref","unstructured":"Soule, A., Salamatian, K., Taft, N.: Combining Filtering and Statistical methods for anomaly detection. In: ACM\/Usenix IMC (2005)","DOI":"10.1145\/1330107.1330147"},{"key":"19_CR19","doi-asserted-by":"crossref","unstructured":"Zou, C.C., Gao, L., Gong, W., Towsley, D.: Monitoring and early warning of Internet worms. In: ACM CCS (2003)","DOI":"10.1145\/948109.948136"},{"key":"19_CR20","doi-asserted-by":"crossref","unstructured":"Gu, Y., McCullum, A., Towsley, D.: Detecting anomalies in network traffic using maximum entropy estimation. In: ACM\/Usenix IMC (2005)","DOI":"10.1145\/1330107.1330148"},{"key":"19_CR21","unstructured":"Next-Generation Intrusion Detection Expert System (NIDES), http:\/\/www.csl.sri.com\/projects\/nides\/"},{"key":"19_CR22","unstructured":"Peakflow-SP and Peakflow-X, http:\/\/www.arbornetworks.com\/peakflowsp , http:\/\/www.arbornetworks.com\/peakflowx"},{"key":"19_CR23","unstructured":"Cisco IOS Flexible Network Flow, http:\/\/www.cisco.com\/go\/netflow"},{"key":"19_CR24","unstructured":"LBNL\/ICSI Enterprise Tracing Project, http:\/\/www.icir.org\/enterprise-tracing\/download.html"},{"key":"19_CR25","unstructured":"WisNet ADS Comparison Homepage, http:\/\/wisnet.niit.edu.pk\/projects\/adeval"},{"key":"19_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"22","DOI":"10.1007\/11663812_2","volume-title":"Recent Advances in Intrusion Detection","author":"C. Wong","year":"2006","unstructured":"Wong, C., Bielski, S., Studer, A., Wang, C.: Empirical Analysis of Rate Limiting Mechanisms. In: Valdes, A., Zamboni, D. (eds.) RAID 2005. LNCS, vol.\u00a03858, pp. 22\u201342. Springer, Heidelberg (2006)"},{"key":"19_CR27","doi-asserted-by":"crossref","unstructured":"Shafiq, M.Z., Khayam, S.A., Farooq, M.: Improving Accuracy of Immune-inspired Malware Detectors by using Intelligent Features. In: ACM GECCO (2008)","DOI":"10.1145\/1389095.1389112"},{"key":"19_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"42","DOI":"10.1007\/978-3-540-74320-0_3","volume-title":"Recent Advances in Intrusion Detection","author":"K.L. Ingham","year":"2007","unstructured":"Ingham, K.L., Inoue, H.: Comparing Anomaly Detection Techniques for HTTP. In: Kruegel, C., Lippmann, R., Clark, A. (eds.) RAID 2007. LNCS, vol.\u00a04637, pp. 42\u201362. Springer, Heidelberg (2007)"},{"key":"19_CR29","doi-asserted-by":"crossref","unstructured":"Lazarevic, A., Ertoz, L., Kumar, V., Ozgur, A., Srivastava, J.: A Comparative Study of Anomaly Detection Schemes in Network Intrusion Detection. In: SIAM SDM (2003)","DOI":"10.1137\/1.9781611972733.3"},{"key":"19_CR30","unstructured":"Mueller, P., Shipley, G.: Dragon claws its way to the top. In: Network Computing (2001), http:\/\/www.networkcomputing.com\/1217\/1217f2.html"},{"key":"19_CR31","unstructured":"The NSS Group: Intrusion Detection Systems Group Test (Edition 2) (2001), http:\/\/nsslabs.com\/group-tests\/intrusion-detection-systems-ids-group-test-edition-2.html"},{"key":"19_CR32","unstructured":"Yocom, B., Brown, K.: Intrusion battleground evolves, Network World Fusion (2001), http:\/\/www.nwfusion.com\/reviews\/2001\/1008bg.html"},{"issue":"2","key":"19_CR33","doi-asserted-by":"publisher","first-page":"579","DOI":"10.1016\/S1389-1286(00)00139-0","volume":"34","author":"R.P. Lippmann","year":"2000","unstructured":"Lippmann, R.P., Haines, J.W., Fried, D.J., Korba, J., Das, K.: The 1999 DARPA OffLine Intrusion Detection Evaluation. Comp. Networks\u00a034(2), 579\u2013595 (2000)","journal-title":"Comp. Networks"},{"issue":"7","key":"19_CR34","doi-asserted-by":"publisher","first-page":"53","DOI":"10.1145\/306549.306571","volume":"42","author":"R. Durst","year":"1999","unstructured":"Durst, R., Champion, T., Witten, B., Miller, E., Spagnuolo, L.: Testing and Evaluating Computer Intrusion Detection Systems. Comm. of the ACM\u00a042(7), 53\u201361 (1999)","journal-title":"Comm. of the ACM"},{"key":"19_CR35","unstructured":"Shipley, G.: ISS RealSecure Pushes Past Newer IDS Players. In: Network Computing (1999), http:\/\/www.networkcomputing.com\/1010\/1010r1.html"},{"key":"19_CR36","unstructured":"Shipley, G.: Intrusion Detection, Take Two. In: Network Computing (1999), http:\/\/www.nwc.com\/1023\/1023f1.html"},{"key":"19_CR37","unstructured":"Roesch, M.: Snort \u2013 Lightweight Intrusion Detection for Networks. In: USENIX LISA (1999)"},{"key":"19_CR38","doi-asserted-by":"crossref","unstructured":"Lippmann, R.P., Fried, D.J., Graf, I., Haines, J.W., Kendall, K.R., McClung, D., Weber, D., Webster, S.E., Wyschogrod, D., Cunningham, R.K., Zissman, M.A.: Evaluating Intrusion Detection Systems: The 1998 DARPA Off-Line Intrusion Detection Evaluation. In: DISCEX, vol.\u00a0(2), pp. 12\u201326 (2000)","DOI":"10.1109\/DISCEX.2000.821506"},{"key":"19_CR39","unstructured":"DARPA-sponsored IDS Evaluation (1998 and 1999). MIT Lincoln Lab, Cambridge, www.ll.mit.edu\/IST\/ideval\/data\/data_index.html"},{"key":"19_CR40","unstructured":"Debar, H., Dacier, M., Wespi, A., Lampart, S.: A workbench for intrusion detection systems. IBM Zurich Research Laboratory (1998)"},{"key":"19_CR41","unstructured":"Denmac Systems, Inc.: Network Based Intrusion Detection: A Review of Technologies (1999)"},{"key":"19_CR42","unstructured":"Ptacek, T.H., Newsham, T.N.: Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection. Secure Networks, Inc. (1998)"},{"key":"19_CR43","unstructured":"Aguirre, S.J., Hill, W.H.: Intrusion Detection Fly-Off: Implications for the United States Navy. MITRE Technical Report MTR 97W096 (1997)"},{"issue":"5","key":"19_CR44","doi-asserted-by":"publisher","first-page":"43","DOI":"10.1109\/52.605930","volume":"14","author":"N. Puketza","year":"1997","unstructured":"Puketza, N., Chung, M., Olsson, R.A., Mukherjee, B.: A Software Platform for Testing Intrusion Detection Systems. IEEE Software\u00a014(5), 43\u201351 (1997)","journal-title":"IEEE Software"},{"issue":"22","key":"19_CR45","doi-asserted-by":"publisher","first-page":"719","DOI":"10.1109\/32.544350","volume":"10","author":"N.F. Puketza","year":"1996","unstructured":"Puketza, N.F., Zhang, K., Chung, M., Mukherjee, B., Olsson, R.A.: A Methodology for Testing Intrusion Detection Systems. IEEE Trans. Soft. Eng.\u00a010(22), 719\u2013729 (1996)","journal-title":"IEEE Trans. Soft. Eng."},{"key":"19_CR46","doi-asserted-by":"crossref","unstructured":"Mell, P., Hu, V., Lippmann, R., Haines, J., Zissman, M.: An Overview of Issues in Testing Intrusion Detection Systems. NIST IR 7007 (2003)","DOI":"10.6028\/NIST.IR.7007"},{"key":"19_CR47","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-39945-3_10","volume-title":"Recent Advances in Intrusion Detection","author":"J. McHugh","year":"2000","unstructured":"McHugh, J.: The 1998 Lincoln Laboratory IDS Evaluation (A Critique). In: Debar, H., M\u00e9, L., Wu, S.F. (eds.) RAID 2000. LNCS, vol.\u00a01907, Springer, Heidelberg (2000)"},{"key":"19_CR48","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"220","DOI":"10.1007\/978-3-540-45248-5_13","volume-title":"Recent Advances in Intrusion Detection","author":"M.V. Mahoney","year":"2003","unstructured":"Mahoney, M.V., Chan, P.K.: An Analysis of the 1999 DARPA\/Lincoln Laboratory Evaluation Data for Network Anomaly Detection. In: Vigna, G., Kr\u00fcgel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol.\u00a02820, pp. 220\u2013237. Springer, Heidelberg (2003)"},{"key":"19_CR49","doi-asserted-by":"crossref","unstructured":"Pang, R., Allman, M., Paxson, V., Lee, J.: The Devil and Packet Trace Anonymization. In: ACM CCR, vol.\u00a036(1) (2006)","DOI":"10.1145\/1111322.1111330"},{"key":"19_CR50","doi-asserted-by":"crossref","unstructured":"Pang, R., Allman, M., Bennett, M., Lee, J., Paxson, V., Tierney, B.: A First Look at Modern Enterprise Traffic. In: ACM\/USENIX IMC (2005)","DOI":"10.1145\/1330107.1330110"},{"key":"19_CR51","unstructured":"Winpcap homepage, http:\/\/www.winpcap.org\/"},{"key":"19_CR52","unstructured":"Symantec Security Response, http:\/\/securityresponse.symantec.com\/avcenter"},{"issue":"4","key":"19_CR53","doi-asserted-by":"publisher","first-page":"46","DOI":"10.1109\/MSP.2004.59","volume":"2","author":"C. Shannon","year":"2004","unstructured":"Shannon, C., Moore, D.: The spread of the Witty worm. IEEE Sec & Priv\u00a02(4), 46\u201350 (2004)","journal-title":"IEEE Sec & Priv"},{"key":"19_CR54","unstructured":"Axelsson, S.: Intrusion Detection Systems: A Survey and Taxonomy. Technical Report 99-15, Chalmers University (2000)"},{"key":"19_CR55","doi-asserted-by":"crossref","unstructured":"Ringberg, H., Rexford, J., Soule, A., Diot, C.: Sensitivity of PCA for Traffic Anomaly Detection. In: ACM SIGMETRICS (2007)","DOI":"10.1145\/1254882.1254895"}],"container-title":["Lecture Notes in Computer Science","Recent Advances in Intrusion Detection"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-540-87403-4_19.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,1,31]],"date-time":"2025-01-31T23:32:52Z","timestamp":1738366372000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-540-87403-4_19"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[null]]},"ISBN":["9783540874027","9783540874034"],"references-count":55,"URL":"https:\/\/doi.org\/10.1007\/978-3-540-87403-4_19","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[]}}