{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,2,13]],"date-time":"2025-02-13T05:25:49Z","timestamp":1739424349640,"version":"3.37.0"},"publisher-location":"Berlin, Heidelberg","reference-count":37,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642052835"},{"type":"electronic","value":"9783642052842"}],"license":[{"start":{"date-parts":[[2009,1,1]],"date-time":"2009-01-01T00:00:00Z","timestamp":1230768000000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2009]]},"DOI":"10.1007\/978-3-642-05284-2_10","type":"book-chapter","created":{"date-parts":[[2009,10,13]],"date-time":"2009-10-13T12:06:00Z","timestamp":1255435560000},"page":"163-184","source":"Crossref","is-referenced-by-count":0,"title":["Ensemble: Community-Based Anomaly Detection for Popular Applications"],"prefix":"10.1007","author":[{"given":"Feng","family":"Qian","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Zhiyun","family":"Qian","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Z. Morley","family":"Mao","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Atul","family":"Prakash","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"key":"10_CR1","unstructured":"Address space layout randomization, http:\/\/blogs.msdn.com\/"},{"key":"10_CR2","unstructured":"Application Community, http:\/\/www.darpa.mil\/"},{"key":"10_CR3","unstructured":"C. CAN-2003-0245. Apache apr-psprintf memory corruption vulnerability, http:\/\/web.nvd.nist.gov\/"},{"key":"10_CR4","unstructured":"Gmail: We\u2019re working as a community, give your support!, http:\/\/news.softpedia.com\/"},{"key":"10_CR5","unstructured":"McAfee Anti-virus software, http:\/\/mcafee.com\/"},{"key":"10_CR6","unstructured":"Metasploit framework, http:\/\/www.metasploit.com"},{"key":"10_CR7","unstructured":"Microsoft Outlook Buffer Overflow in Processing TNEF Messages Lets Remote Users Execute Arbitrary Code, http:\/\/securitytracker.com\/"},{"key":"10_CR8","unstructured":"QQ Instant Messenger, http:\/\/im.qq.com"},{"key":"10_CR9","unstructured":"Serv-U FTP Server, http:\/\/www.serv-u.com\/"},{"key":"10_CR10","unstructured":"Should we be afraid of Skype, http:\/\/www.ossir.org\/"},{"key":"10_CR11","unstructured":"VirusScan Enterprise 8.5i Access Protection rule blocks outbound SMTP mail on Port 25, https:\/\/knowledge.mcafee.com\/"},{"key":"10_CR12","unstructured":"Malware flood driving new AV (December 2007), http:\/\/www.infoworld.com\/"},{"key":"10_CR13","doi-asserted-by":"crossref","unstructured":"Kruegel, C., Mutz, D., Valeur, F., Vigna, G.: On the Detection of Anomalous System Call Arguments (2003)","DOI":"10.1007\/978-3-540-39650-5_19"},{"key":"10_CR14","unstructured":"Arak, V.: On the worm that affects Skype for Windows users (September 2007), http:\/\/share.skype.com\/"},{"key":"10_CR15","doi-asserted-by":"crossref","unstructured":"Ball, T., Larus, J.: Efficient Path Profiling. In: 29th Annual IEEE\/ACM International Symposium on Microarchitecture (1996)","DOI":"10.1109\/MICRO.1996.566449"},{"key":"10_CR16","unstructured":"Ballardie, T., Crowcroft, J.: Multicast-specific Security Threats and Counter-measures. In: Proc. of the IEEE Symposium on Security and Privacy (1999)"},{"key":"10_CR17","doi-asserted-by":"crossref","unstructured":"Costa, M., Crowcroft, J., Castro, M., Rowstron, A., Zhou, L., Zhang, L., Barham, P.: Vigilante: end-to-end containment of internet worms. In: SOSP (2005)","DOI":"10.1145\/1095810.1095824"},{"key":"10_CR18","doi-asserted-by":"crossref","unstructured":"Douceur, J.R.: The Sybil Attack. In: Peer-To-Peer Systems: First International Workshop (2002)","DOI":"10.1007\/3-540-45748-8_24"},{"key":"10_CR19","unstructured":"Ernst, M.: Self-defending software: Collaborative learning for security, http:\/\/norfolk.cs.washington.edu\/"},{"key":"10_CR20","unstructured":"Eskin, E.: Anomarly Detection over Noisy Data using Learned Probability Distributions. In: International Conference on Machine Learning (2000)"},{"key":"10_CR21","doi-asserted-by":"crossref","unstructured":"Eskin, E., Lee, W., Stolfo, S.J.: Modeling system calls for intrusion detection with dynamic window sizes. In: Proceedings of DARPA Information Survivability Conference and Exposition II (DISCEX II) (2001)","DOI":"10.1109\/DISCEX.2001.932213"},{"key":"10_CR22","unstructured":"Feng, H.H., Kolesnikov, O.M., Fogla, P., Lee, W., Gong, W.: Anomaly Detection Using Call Stack Information (2003)"},{"key":"10_CR23","doi-asserted-by":"crossref","unstructured":"Forrest, S., Hofmeyr, S.A., Somayaji, A., Longstaff, T.A.: A Sense of Self for Unix Processes. In: IEEE Symposium on Security and Privacy (1996)","DOI":"10.1109\/SECPRI.1996.502675"},{"key":"10_CR24","doi-asserted-by":"crossref","unstructured":"Ghosh, A., Wanken, J., Charron, F.: Detecting anomalous and unknown intrusions against programs. In: Proc. of the 1998 Annual Computer Security Applications Conference, ACSAC 1998 (1998)","DOI":"10.1109\/CSAC.1998.738646"},{"key":"10_CR25","unstructured":"Ghosh, A.K., Schwartzbard, A., Schatz, M.: Learning program behavior profiles for intrusion detection. In: Proceedings of the 1st conference on Workshop on Intrusion Detection and Network Monitoring, vol.\u00a01 (1999)"},{"key":"10_CR26","doi-asserted-by":"crossref","unstructured":"Hofmeyr, S.A., Forrest, S., Somayaji, A.: Intrusion detection using sequences of system calls. Journal of Computer Security (1998)","DOI":"10.3233\/JCS-980109"},{"key":"10_CR27","unstructured":"Hunt, G., Brubacher, D.: Detours: Binary Interception of Win32 Functions. In: Proceedings of the 3rd USENIX Windows NT Symposium (1999)"},{"key":"10_CR28","unstructured":"Jon Oberheide, E.C., Jahanian, F.: CloudAV: N-Version Antivirus in the Network Cloud. In: Proceedings of 17th Usenix Security Symposium (2008)"},{"key":"10_CR29","doi-asserted-by":"crossref","unstructured":"King, S.T., Chen, P.M.: Backtracking intrusions. In: SOSP (2003)","DOI":"10.1145\/945445.945467"},{"key":"10_CR30","doi-asserted-by":"crossref","unstructured":"Liblit, B., Naik, M., Zheng, A.X., Aiken, A., Jordan, M.I.: Public deployment of cooperative bug isolation. In: Proceedings of the Second International Workshop on Remote Analysis and Measurement of Software Systems, RAMSS (2004)","DOI":"10.1049\/ic:20040352"},{"key":"10_CR31","doi-asserted-by":"crossref","unstructured":"Liblit, B.R.: Cooperative bug isolation. PhD thesis, Berkeley, CA, USA, Chair-Alexander Aiken (2004)","DOI":"10.1049\/ic:20040352"},{"key":"10_CR32","doi-asserted-by":"crossref","unstructured":"Orso, A., Liang, D., Harrold, M.J., Lipton, R.: Gamma system: continuous evolution of software after deployment. SIGSOFT Softw. Eng. Notes\u00a027(4) (2002)","DOI":"10.1145\/566171.566182"},{"key":"10_CR33","unstructured":"Sekar, R., Dhurjati, M.D., Bollineni, P.: A Fast Automation-Based Method for Detecting Anomalous Program Behaviors. In: IEEE Symposium on Security and Privacy (2001)"},{"key":"10_CR34","doi-asserted-by":"crossref","unstructured":"Tucek, J., Newsome, J., Lu, S., Huang, C., Xanthos, S., Brumley, D., Zhou, Y., Song, D.: Sweeper: a lightweight end-to-end system for defending against fast worms. In: EuroSys. (March 2007)","DOI":"10.1145\/1272996.1273010"},{"key":"10_CR35","unstructured":"Wang, H.J., Platt, J.C., Chen, Y., Zhang, R., Wang, Y.-M.: Automatic misconfiguration troubleshooting with peerpressure. In: OSDI (2004)"},{"key":"10_CR36","doi-asserted-by":"crossref","unstructured":"Warrender, C., Forrest, S., Pearlmutter, B.: Detecting Intrusions using System Calls: Alternative Data Models. In: IEEE Symposium on Security and Privacy (1999)","DOI":"10.1109\/SECPRI.1999.766910"},{"key":"10_CR37","doi-asserted-by":"crossref","unstructured":"Yeung, D.-Y., Ding, Y.: Host-based intrusion detection using dynamic and static behavioral models. Pattern Recognition\u00a036 (2003)","DOI":"10.1016\/S0031-3203(02)00026-2"}],"container-title":["Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering","Security and Privacy in Communication Networks"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-05284-2_10","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,2,12]],"date-time":"2025-02-12T18:49:37Z","timestamp":1739386177000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-05284-2_10"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2009]]},"ISBN":["9783642052835","9783642052842"],"references-count":37,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-05284-2_10","relation":{},"ISSN":["1867-8211","1867-822X"],"issn-type":[{"type":"print","value":"1867-8211"},{"type":"electronic","value":"1867-822X"}],"subject":[],"published":{"date-parts":[[2009]]}}}