{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,5]],"date-time":"2024-09-05T11:28:47Z","timestamp":1725535727404},"publisher-location":"Berlin, Heidelberg","reference-count":20,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642030062"},{"type":"electronic","value":"9783642030079"}],"license":[{"start":{"date-parts":[[2009,1,1]],"date-time":"2009-01-01T00:00:00Z","timestamp":1230768000000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2009]]},"DOI":"10.1007\/978-3-642-03007-9_21","type":"book-chapter","created":{"date-parts":[[2009,7,11]],"date-time":"2009-07-11T02:54:17Z","timestamp":1247280857000},"page":"299-306","source":"Crossref","is-referenced-by-count":3,"title":["Building an Application Data Behavior Model for Intrusion Detection"],"prefix":"10.1007","author":[{"given":"Olivier","family":"Sarrouy","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Eric","family":"Totel","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Bernard","family":"Jouga","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"unstructured":"Daikon, groups.csail.mit.edu\/pag\/daikon\/","key":"21_CR1"},{"unstructured":"Valgrind, http:\/\/www.valgrind.org","key":"21_CR2"},{"unstructured":"Cert advisory ca-2001-33 multiple vulnerabilities in wu-ftpd (2001), http:\/\/www.cert.org\/advisories\/CA-2001-33.html","key":"21_CR3"},{"unstructured":"Castro, M., Costa, M., Harris, T.: Securing software by enforcing data-flow integrity. In: Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation (2006)","key":"21_CR4"},{"unstructured":"Cavallaro, L., Sekar, R.: Anomalous taint detection. Technical report, Secure Systems Laboratory, Stony Brook University (2008)","key":"21_CR5"},{"unstructured":"Chen, S., Xu, J., Sezer, E., Gauriar, P., Iyer, R.: Non-control-data attacks are realistic threats. In: Usenix Security Symposium (2005)","key":"21_CR6"},{"key":"21_CR7","series-title":"Lecture Notes in Computer Science","volume-title":"Computer Security - ESORICS 94","author":"B. d\u2019Ausbourg","year":"1994","unstructured":"d\u2019Ausbourg, B.: Implementing secure dependencies over a network by designing a distributed security subsystem. In: Gollmann, D. (ed.) ESORICS 1994. LNCS, vol.\u00a0875. Springer, Heidelberg (1994)"},{"doi-asserted-by":"crossref","unstructured":"Denning, D.E.: A lattice model of secure information flow. Commun. ACM (1976)","key":"21_CR8","DOI":"10.1145\/360051.360056"},{"doi-asserted-by":"crossref","unstructured":"Ernst, M.D., Cockrell, J., Griswold, W.G., Notkin, D.: Dynamically discovering likely program invariants to support program evolution. IEEE Transactions on Software Engineering (2001)","key":"21_CR9","DOI":"10.1109\/32.908957"},{"doi-asserted-by":"crossref","unstructured":"Ernst, M.D., Perkins, J.H., Guo, P.J., McCamant, S., Pacheco, C., Tschantz, M.S., Xiao, C.: The daikon system for dynamic detection of likely invariants. Science of Computer Programming (2007)","key":"21_CR10","DOI":"10.1016\/j.scico.2007.01.015"},{"doi-asserted-by":"crossref","unstructured":"Forrest, S., Hofmeyr, S.A., Somayaji, A., Longstaff, T.A.: A Sense of Self for Unix Processes. In: Proceedings of the 1996 IEEE Symposium on Research in Security and Privacy (1996)","key":"21_CR11","DOI":"10.1109\/SECPRI.1996.502675"},{"doi-asserted-by":"crossref","unstructured":"Gao, D., Reiter, M.K., Song, D.: Gray-box extraction of execution graphs for anomaly detection. In: Proceedings of the 11th ACM conference on Computer and communications security (2004)","key":"21_CR12","DOI":"10.1145\/1030083.1030126"},{"doi-asserted-by":"crossref","unstructured":"Hofmeyr, S.A., Forrest, S., Somayaji, A.: Intrusion detection using sequences of system calls. Journal of Computer Security (1998)","key":"21_CR13","DOI":"10.3233\/JCS-980109"},{"unstructured":"Larson, E., Austin, T.: High coverage detection of input-related security faults. In: Proceedings of the 2003 Usenix Conference (Usenix 2003) (2003)","key":"21_CR14"},{"doi-asserted-by":"crossref","unstructured":"Nethercote, N., Seward, J.: How to shadow every byte of memory used by a program. In: Proceedings of the Third International ACM SIGPLAN\/SIGOPS Conference on Virtual Execution Environments (2007)","key":"21_CR15","DOI":"10.1145\/1254810.1254820"},{"doi-asserted-by":"crossref","unstructured":"Nethercote, N., Seward, J.: Valgrind: A framework for heavyweight dynamic binary instrumentation. In: Proceedings of ACM SIGPLAN 2007 Conference on Programming Language Design and Implementation (2007)","key":"21_CR16","DOI":"10.1145\/1250734.1250746"},{"unstructured":"Newsome, J., Song, D.: Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In: Proceedings of the 12th Annual Network and Distributed System Security Symposium (NDSS 2005) (2005)","key":"21_CR17"},{"doi-asserted-by":"crossref","unstructured":"Parampalli, C., Sekar, R., Johnson, R.: A practical mimicry attack against powerful system-call monitors. Technical report, Secure Systems Laboratory, Stony Brook University (2007)","key":"21_CR18","DOI":"10.1145\/1368310.1368334"},{"doi-asserted-by":"crossref","unstructured":"Sabelfeld, A., Myers, A.: Language-based information-flow security (2003)","key":"21_CR19","DOI":"10.1109\/JSAC.2002.806121"},{"doi-asserted-by":"crossref","unstructured":"Wagner, D., Soto, P.: Mimicry attacks on host-based intrusion detection systems. In: CCS 2002: Proceedings of the 9th ACM conference on Computer and communications security (2002)","key":"21_CR20","DOI":"10.1145\/586110.586145"}],"container-title":["Lecture Notes in Computer Science","Data and Applications Security XXIII"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-03007-9_21","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,21]],"date-time":"2019-05-21T07:05:12Z","timestamp":1558422312000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-03007-9_21"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2009]]},"ISBN":["9783642030062","9783642030079"],"references-count":20,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-03007-9_21","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2009]]}}}