{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,2,5]],"date-time":"2025-02-05T05:30:29Z","timestamp":1738733429119,"version":"3.37.0"},"publisher-location":"Berlin, Heidelberg","reference-count":23,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783540898610"},{"type":"electronic","value":"9783540898627"}],"license":[{"start":{"date-parts":[[2008,1,1]],"date-time":"2008-01-01T00:00:00Z","timestamp":1199145600000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2008]]},"DOI":"10.1007\/978-3-540-89862-7_17","type":"book-chapter","created":{"date-parts":[[2008,12,3]],"date-time":"2008-12-03T09:01:00Z","timestamp":1228294860000},"page":"188-202","source":"Crossref","is-referenced-by-count":14,"title":["Incorporation of Application Layer Protocol Syntax into Anomaly Detection"],"prefix":"10.1007","author":[{"given":"Patrick","family":"D\u00fcssel","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Christian","family":"Gehl","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Pavel","family":"Laskov","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Konrad","family":"Rieck","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"key":"17_CR1","unstructured":"Borisov, N., Brumley, D., Wang, H., Dunagan, J., Joshi, P., Guo, C.: Generic application-level protocol analyzer and its language. In: Proc. of Network and Distributed System Security Symposium (NDSS) (2007)"},{"key":"17_CR2","unstructured":"Cretu, G., Stavrou, A., Locasto, M., Stolfo, S., Keromytis, A.: Casting out demons: Sanitizing training data for anomaly sensors. In: ieeesp (to appear, 2008)"},{"key":"17_CR3","doi-asserted-by":"crossref","unstructured":"Forrest, S., Hofmeyr, S., Somayaji, A., Longstaff, T.: A sense of self for unix processes. In: Proc. of IEEE Symposium on Security and Privacy, Oakland, CA, USA, pp. 120\u2013128 (1996)","DOI":"10.1109\/SECPRI.1996.502675"},{"key":"17_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"19","DOI":"10.1007\/11856214_2","volume-title":"Recent Advances in Intrusion Detection","author":"D. Gao","year":"2006","unstructured":"Gao, D., Reiter, M., Song, D.: Behavioral distance measurement using hidden markov models. In: Zamboni, D., Kr\u00fcgel, C. (eds.) RAID 2006. LNCS, vol.\u00a04219, pp. 19\u201340. Springer, Heidelberg (2006)"},{"key":"17_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"42","DOI":"10.1007\/978-3-540-74320-0_3","volume-title":"Recent Advances in Intrusion Detection","author":"K.L. Ingham","year":"2007","unstructured":"Ingham, K.L., Inoue, H.: Comparing anomaly detection techniques for http. In: Kruegel, C., Lippmann, R., Clark, A. (eds.) RAID 2007. LNCS, vol.\u00a04637, pp. 42\u201362. Springer, Heidelberg (2007)"},{"issue":"5","key":"17_CR6","doi-asserted-by":"publisher","first-page":"1239","DOI":"10.1016\/j.comnet.2006.09.016","volume":"51","author":"K.L. Ingham","year":"2007","unstructured":"Ingham, K.L., Somayaji, A., Burge, J., Forrest, S.: Learning dfa representations of http for protecting web applications. Computer Networks\u00a051(5), 1239\u20131255 (2007)","journal-title":"Computer Networks"},{"key":"17_CR7","doi-asserted-by":"crossref","unstructured":"Kruegel, C., Toth, T., Kirda, E.: Service specific anomaly detection for network intrusion detection. In: Proc. of ACM Symposium on Applied Computing, pp. 201\u2013208 (2002)","DOI":"10.1145\/508791.508835"},{"key":"17_CR8","doi-asserted-by":"crossref","unstructured":"Kruegel, C., Vigna, G.: Anomaly detection of web-based attacks. In: Proc. of 10th ACM Conf. on Computer and Communications Security, pp. 251\u2013261 (2003)","DOI":"10.1145\/948109.948144"},{"key":"17_CR9","doi-asserted-by":"publisher","first-page":"227","DOI":"10.1145\/382912.382914","volume":"3","author":"W. Lee","year":"2000","unstructured":"Lee, W., Stolfo, S.: A framework for constructing features and models for intrusion detection systems. ACM Transactions on Information Systems Security\u00a03, 227\u2013261 (2000)","journal-title":"ACM Transactions on Information Systems Security"},{"key":"17_CR10","doi-asserted-by":"crossref","unstructured":"Leslie, C., Eskin, E., Noble, W.: The spectrum kernel: A string kernel for SVM protein classification. In: Proc. Pacific Symp. Biocomputing, pp. 564\u2013575 (2002)","DOI":"10.1142\/9789812799623_0053"},{"key":"17_CR11","doi-asserted-by":"crossref","unstructured":"Mahoney, M., Chan, P.: PHAD: Packet header anomaly detection for identifying hostile network traffic. Technical Report CS-2001-2, Florida Institute of Technology (2001)","DOI":"10.1109\/ICDM.2003.1250987"},{"key":"17_CR12","doi-asserted-by":"crossref","unstructured":"Mahoney, M., Chan, P.: Learning nonstationary models of normal network traffic for detecting novel attacks. In: Proc. of ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (KDD), pp. 376\u2013385 (2002)","DOI":"10.1145\/775047.775102"},{"issue":"2","key":"17_CR13","doi-asserted-by":"publisher","first-page":"181","DOI":"10.1109\/72.914517","volume":"12","author":"K.-R. M\u00fcller","year":"2001","unstructured":"M\u00fcller, K.-R., Mika, S., R\u00e4tsch, G., Tsuda, K., Sch\u00f6lkopf, B.: An introduction to kernel-based learning algorithms. IEEE Neural Networks\u00a012(2), 181\u2013201 (2001)","journal-title":"IEEE Neural Networks"},{"key":"17_CR14","doi-asserted-by":"crossref","unstructured":"Pang, R., Paxson, V., Sommer, R., Peterson, L.: binpac: a yacc for writing application protocol parsers. In: Proc. of ACM Internet Measurement Conference, pp. 289\u2013300 (2006)","DOI":"10.1145\/1177080.1177119"},{"key":"17_CR15","doi-asserted-by":"crossref","unstructured":"Paxson, V.: Bro: a system for detecting network intruders in real-time. In: Proc. of USENIX Security Symposium, pp. 31\u201351 (1998)","DOI":"10.1016\/S1389-1286(99)00112-7"},{"key":"17_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"74","DOI":"10.1007\/11790754_5","volume-title":"Detection of Intrusions and Malware & Vulnerability Assessment","author":"K. Rieck","year":"2006","unstructured":"Rieck, K., Laskov, P.: Detecting unknown network attacks using language models. In: B\u00fcschkes, R., Laskov, P. (eds.) DIMVA 2006. LNCS, vol.\u00a04064, pp. 74\u201390. Springer, Heidelberg (2006)"},{"issue":"4","key":"17_CR17","doi-asserted-by":"publisher","first-page":"243","DOI":"10.1007\/s11416-006-0030-0","volume":"2","author":"K. Rieck","year":"2007","unstructured":"Rieck, K., Laskov, P.: Language models for detection of unknown attacks in network traffic. Journal in Computer Virology\u00a02(4), 243\u2013256 (2007)","journal-title":"Journal in Computer Virology"},{"key":"17_CR18","first-page":"23","volume":"9","author":"K. Rieck","year":"2008","unstructured":"Rieck, K., Laskov, P.: Linear-time computation of similarity measures for sequential data. Journal of Machine Learning Research\u00a09, 23\u201348 (2008)","journal-title":"Journal of Machine Learning Research"},{"key":"17_CR19","unstructured":"Roesch, M.: Snort: Lightweight intrusion detection for networks. In: Proc. of USENIX Large Installation System Administration Conference LISA, pp. 229\u2013238 (1999)"},{"key":"17_CR20","doi-asserted-by":"publisher","DOI":"10.1017\/CBO9780511809682","volume-title":"Kernel methods for pattern analysis","author":"J. Shawe-Taylor","year":"2004","unstructured":"Shawe-Taylor, J., Cristianini, N.: Kernel methods for pattern analysis. Cambridge University Press, Cambridge (2004)"},{"key":"17_CR21","unstructured":"Tax, D., Duin, R.: Data domain description by support vectors. In: Verleysen, M. (ed.) Proc.\u00a0ESANN, Brussels, pp. 251\u2013256. D.\u00a0Facto Press (1999)"},{"key":"17_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"226","DOI":"10.1007\/11856214_12","volume-title":"Recent Advances in Intrusion Detection","author":"K. Wang","year":"2006","unstructured":"Wang, K., Parekh, J., Stolfo, S.: Anagram: A content anomaly detector resistant to mimicry attack. In: Zamboni, D., Kr\u00fcgel, C. (eds.) RAID 2006. LNCS, vol.\u00a04219, pp. 226\u2013248. Springer, Heidelberg (2006)"},{"key":"17_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"203","DOI":"10.1007\/978-3-540-30143-1_11","volume-title":"Recent Advances in Intrusion Detection","author":"K. Wang","year":"2004","unstructured":"Wang, K., Stolfo, S.: Anomalous payload-based network intrusion detection. In: Jonsson, E., Valdes, A., Almgren, M. (eds.) RAID 2004. LNCS, vol.\u00a03224, pp. 203\u2013222. Springer, Heidelberg (2004)"}],"container-title":["Lecture Notes in Computer Science","Information Systems Security"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-540-89862-7_17","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,2,5]],"date-time":"2025-02-05T02:27:16Z","timestamp":1738722436000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-540-89862-7_17"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2008]]},"ISBN":["9783540898610","9783540898627"],"references-count":23,"URL":"https:\/\/doi.org\/10.1007\/978-3-540-89862-7_17","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2008]]}}}