{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,5]],"date-time":"2024-09-05T12:21:00Z","timestamp":1725538860162},"publisher-location":"Berlin, Heidelberg","reference-count":27,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642052835"},{"type":"electronic","value":"9783642052842"}],"license":[{"start":{"date-parts":[[2009,1,1]],"date-time":"2009-01-01T00:00:00Z","timestamp":1230768000000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2009]]},"DOI":"10.1007\/978-3-642-05284-2_5","type":"book-chapter","created":{"date-parts":[[2009,10,13]],"date-time":"2009-10-13T12:06:00Z","timestamp":1255435560000},"page":"71-90","source":"Crossref","is-referenced-by-count":0,"title":["MULAN: Multi-Level Adaptive Network Filter"],"prefix":"10.1007","author":[{"given":"Shimrit","family":"Tzur-David","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Danny","family":"Dolev","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Tal","family":"Anker","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"key":"5_CR1","doi-asserted-by":"crossref","unstructured":"Moore, D., Voelker, G.M., Savage, S.: Inferring internet denial-of-service activity. In: 10th Usenix Security Symposium, pp. 9\u201322 (2001)","DOI":"10.21236\/ADA400003"},{"key":"5_CR2","unstructured":"Mit darpa project data set, http:\/\/www.ll.mit.edu\/IST\/ideval\/index.html"},{"key":"5_CR3","doi-asserted-by":"crossref","unstructured":"Mahoney, M., Chan, P.: Phad: Packet header anomaly detection for identifying hostile network traffic. Technical report, Florida Tech., CS-2001-4 (2001)","DOI":"10.1109\/ICDM.2003.1250987"},{"key":"5_CR4","doi-asserted-by":"crossref","unstructured":"Gil, T.M., Poletto, M.: MULTOPS: A Data-Structure for bandwidth attack detection. In: Proceedings of USENIX Security Symposium, pp. 23\u201338 (2001)","DOI":"10.21236\/ADA401819"},{"issue":"10","key":"5_CR5","doi-asserted-by":"publisher","first-page":"1864","DOI":"10.1109\/JSAC.2006.877136","volume":"24","author":"P.E. Ayres","year":"2006","unstructured":"Ayres, P.E., Sun, H., Chao, H.J., Lau, W.C.: Alpi: A ddos defense system for high-speed networks. IEEE Journal on Selected Areas in Communications\u00a024(10), 1864\u20131876 (2006)","journal-title":"IEEE Journal on Selected Areas in Communications"},{"key":"5_CR6","unstructured":"Brownlee, N., Mills, C., Ruth, G.: Traffic flow measurement: Architecture, http:\/\/www.ietf.org\/rfc\/rfc2063.txt"},{"key":"5_CR7","unstructured":"Cisco netflow, http:\/\/www.cisco.com\/en\/US\/products\/sw\/netmgtsw\/ps1964\/index.html"},{"key":"5_CR8","doi-asserted-by":"crossref","unstructured":"Estan, C., Varghese, G.: New directions in traffic measurement and accounting. In: Proceedings of the 2001 ACM SIGCOMM Internet Measurement Workshop, pp. 75\u201380 (2002)","DOI":"10.1145\/633025.633056"},{"key":"5_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"301","DOI":"10.1007\/978-3-540-30117-2_32","volume-title":"Field Programmable Logic and Application","author":"D.V. Schuehler","year":"2004","unstructured":"Schuehler, D.V., Lockwood, J.W.: A modular system for FPGA-based TCP flow processing in high-speed networks. In: Becker, J., Platzner, M., Vernalde, S. (eds.) FPL 2004. LNCS, vol.\u00a03203, pp. 301\u2013310. Springer, Heidelberg (2004)"},{"issue":"1","key":"5_CR10","doi-asserted-by":"publisher","first-page":"14","DOI":"10.1109\/TNET.2006.890115","volume":"15","author":"R.R. Kompella","year":"2007","unstructured":"Kompella, R.R., Singh, S., Varghese, G.: On scalable attack detection in the network. IEEE\/ACM Trans. Netw.\u00a015(1), 14\u201325 (2007)","journal-title":"IEEE\/ACM Trans. Netw."},{"key":"5_CR11","doi-asserted-by":"crossref","unstructured":"Cert coordination center: tcp syn flooding and ip spoofing attacks, http:\/\/www.cert.org\/advisories\/CA-1996-21.html","DOI":"10.1016\/S1353-4858(96)90059-8"},{"key":"5_CR12","unstructured":"Eddy, W.M.: Cisco: Defenses against tcp syn flooding attacks, http:\/\/www.cisco.com\/web\/about\/ac123\/ac147\/archived_issues\/ipj_9-4\/syn_flooding_attacks.html"},{"key":"5_CR13","unstructured":"Bernstein, D.J.: Syn cookies, http:\/\/cr.yp.to\/syncookies.html"},{"key":"5_CR14","doi-asserted-by":"crossref","unstructured":"Cert coordination center: smurf ip denial-of-service attacks, http:\/\/www.cert.org\/advisories\/CA-1998-01.html","DOI":"10.1016\/S1353-4858(98)90152-0"},{"key":"5_CR15","unstructured":"Ferguson, P., Senie, D.: Rfc 2827. network ingress filtering: Defeating denial of service attacks which employ ip source address spoofing, http:\/\/www.faqs.org\/rfcs\/rfc2827.html"},{"key":"5_CR16","unstructured":"Kendall, K.: A database of computer attacks for the evaluation of intrusion detection systems. Master Thesis, MIT Department of Electrical Engineering and Computer Science (1999)"},{"key":"5_CR17","unstructured":"MacQueen, J.B.: Some methods for classification and analysis of multivariate observations. In: Cam, L.M.L., Neyman, J. (eds.) Proc. of the fifth 5th Berkeley Symposium on Mathematical Statistics and Probability, vol.\u00a01, pp. 281\u2013297. University of California (1967)"},{"key":"5_CR18","doi-asserted-by":"crossref","unstructured":"Bellovin, S.M.: Packets found on an Internet. Technical report, Computer Communications Review (1993)","DOI":"10.1145\/174194.174199"},{"issue":"23-24","key":"5_CR19","doi-asserted-by":"publisher","first-page":"2435","DOI":"10.1016\/S1389-1286(99)00112-7","volume":"31","author":"V. Paxson","year":"1999","unstructured":"Paxson, V.: Bro: a system for detecting network intruders in real-time. Computer Networks\u00a031(23-24), 2435\u20132463 (1999)","journal-title":"Computer Networks"},{"key":"5_CR20","unstructured":"Adamic, L.A.: Zipf, power-laws, and pareto - a ranking tutorial, http:\/\/www.hpl.hp.com\/research\/idl\/papers\/ranking\/ranking.html"},{"key":"5_CR21","unstructured":"Adamic, L.A., Huberman, B.A.: The nature of markets in the world wide web, http:\/\/www.hpl.hp.com\/research\/idl\/papers\/webmarkets\/webmarkets.pdf"},{"key":"5_CR22","doi-asserted-by":"crossref","unstructured":"Leland, W.E., Taqq, M.S., Willinger, W., Wilson, D.V.: On the self-similar nature of Ethernet traffic. In: Sidhu, D.P. (ed.) ACM SIGCOMM, San Francisco, California, pp. 183\u2013193 (1993)","DOI":"10.1145\/166237.166255"},{"issue":"3","key":"5_CR23","doi-asserted-by":"publisher","first-page":"226","DOI":"10.1109\/90.392383","volume":"3","author":"V. Paxson","year":"1995","unstructured":"Paxson, V., Floyd, S.: Wide area traffic: the failure of Poisson modeling. IEEE ACM Transactions on Networking\u00a03(3), 226\u2013244 (1995)","journal-title":"IEEE ACM Transactions on Networking"},{"key":"5_CR24","doi-asserted-by":"crossref","unstructured":"Arsovski, I., Chandler, T., Sheikholeslami, A.: A ternary content-addressable memory (tcam) based on 4t static storage and including a current-race sensing scheme. IEEE Journal of Solid-State Circuits\u00a038(1) (2003)","DOI":"10.1109\/JSSC.2002.806264"},{"key":"5_CR25","doi-asserted-by":"crossref","unstructured":"Weinsberg, Y., Tzur-David, S., Anker, T., Dolev, D.: High performance string matching algorithm for a network intrusion prevention system (nips). In: High Performance Switching and Routing, HPSR 2006 (2006)","DOI":"10.1109\/HPSR.2006.1709697"},{"key":"5_CR26","unstructured":"Snort, http:\/\/www.snort.org\/"},{"key":"5_CR27","unstructured":"Sekar, V., Duffield, N., Spatscheck, O., Merwe, J.V.D., Zhang, H.: Lads: Large-scale automated ddos detection system. In: USENIX ATC, pp. 171\u2013184 (2006)"}],"container-title":["Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering","Security and Privacy in Communication Networks"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-05284-2_5","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,5,27]],"date-time":"2023-05-27T04:35:20Z","timestamp":1685162120000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-05284-2_5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2009]]},"ISBN":["9783642052835","9783642052842"],"references-count":27,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-05284-2_5","relation":{},"ISSN":["1867-8211","1867-822X"],"issn-type":[{"type":"print","value":"1867-8211"},{"type":"electronic","value":"1867-822X"}],"subject":[],"published":{"date-parts":[[2009]]}}}