{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,23]],"date-time":"2026-03-23T11:08:44Z","timestamp":1774264124707,"version":"3.50.1"},"publisher-location":"Berlin, Heidelberg","reference-count":27,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783642107719","type":"print"},{"value":"9783642107726","type":"electronic"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2009]]},"DOI":"10.1007\/978-3-642-10772-6_3","type":"book-chapter","created":{"date-parts":[[2009,11,13]],"date-time":"2009-11-13T07:37:49Z","timestamp":1258097869000},"page":"19-37","source":"Crossref","is-referenced-by-count":20,"title":["The WOMBAT Attack Attribution Method: Some Results"],"prefix":"10.1007","author":[{"given":"Marc","family":"Dacier","sequence":"first","affiliation":[]},{"given":"Van-Hau","family":"Pham","sequence":"additional","affiliation":[]},{"given":"Olivier","family":"Thonnard","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"3_CR1","volume-title":"Detection of Abrupt Changes:Theory and Application","author":"M. Basseville","year":"1993","unstructured":"Basseville, M., Nikiforov, I.V.: Detection of Abrupt Changes:Theory and Application. Prentice Hall, Englewood Cliffs (1993)"},{"key":"3_CR2","volume-title":"Aggregation Functions: A Guide for Practitioners","author":"G. Beliakov","year":"2007","unstructured":"Beliakov, G., Pradera, A., Calvo, T.: Aggregation Functions: A Guide for Practitioners. Springer, Berlin (2007)"},{"key":"3_CR3","doi-asserted-by":"publisher","first-page":"93","DOI":"10.1145\/1298306.1298319","volume-title":"IMC 2007: Proceedings of the 7th ACM SIGCOMM conference on Internet measurement","author":"M.P. Collins","year":"2007","unstructured":"Collins, M.P., Shimeall, T.J., Faber, S., Janies, J., Weaver, R., De Shon, M., Kadane, J.: Using uncleanliness to predict future botnet addresses. In: IMC 2007: Proceedings of the 7th ACM SIGCOMM conference on Internet measurement, pp. 93\u2013104. ACM, New York (2007)"},{"key":"3_CR4","unstructured":"Dacier, M., Pouget, F., Debar, H.: Attack processes found on the internet. In: NATO Symposium IST-041\/RSY-013, Toulouse, France (April 2004)"},{"key":"3_CR5","unstructured":"Defrawy, K.E., Gjoka, M., Markopoulou, A.: Bottorrent: misusing bittorrent to launch ddos attacks. In: SRUTI 2007: Proceedings of the 3rd USENIX workshop on Steps to reducing unwanted traffic on the internet, Berkeley, CA, USA, pp. 1\u20136. USENIX Association (2007)"},{"key":"3_CR6","unstructured":"Jain, A.K., Dubes, R.C.: Algorithms for Clustering Data. Prentice-Hall advanced reference series (1988)"},{"key":"3_CR7","doi-asserted-by":"publisher","first-page":"79","DOI":"10.1214\/aoms\/1177729694","volume":"22","author":"S. Kullback","year":"1951","unstructured":"Kullback, S., Leibler, R.A.: On information and sufficiency. Annals of Mathematical Statistics\u00a022, 79\u201386 (1951)","journal-title":"Annals of Mathematical Statistics"},{"key":"3_CR8","doi-asserted-by":"crossref","unstructured":"Leita, C., Pham, V.H., Thonnard, O., Ramirez Silva, E., Pouget, F., Kirda, E., Dacier, M.: The leurre.com project: collecting internet threats information using a worldwide distributed honeynet. In: 1st WOMBAT workshop, April 21st-22nd, Amsterdam, The Netherlands (April 2008)","DOI":"10.1109\/WISTDCS.2008.8"},{"key":"3_CR9","doi-asserted-by":"crossref","unstructured":"Leita, C., Dacier, M.: Sgnet: a worldwide deployable framework to support the analysis of malware threat models. In: Proceedings of the 7th European Dependable Computing Conference (EDCC 2008) (May 2008)","DOI":"10.1109\/EDCC-7.2008.15"},{"key":"3_CR10","unstructured":"Leurre.com, Eurecom Honeypot Project (September 2009), http:\/\/www.leurrecom.org\/"},{"issue":"1","key":"3_CR11","doi-asserted-by":"publisher","first-page":"145","DOI":"10.1109\/18.61115","volume":"37","author":"J. Lin","year":"1991","unstructured":"Lin, J.: Divergence measures based on the shannon entropy. IEEE Transactions on Information Theory\u00a037(1), 145\u2013151 (1991)","journal-title":"IEEE Transactions on Information Theory"},{"key":"3_CR12","doi-asserted-by":"publisher","first-page":"47","DOI":"10.1145\/1146847.1146894","volume-title":"InfoScale 2006: Proceedings of the 1st international conference on Scalable information systems","author":"N. Naoumov","year":"2006","unstructured":"Naoumov, N., Ross, K.: Exploiting p2p systems for ddos attacks. In: InfoScale 2006: Proceedings of the 1st international conference on Scalable information systems, p. 47. ACM, New York (2006)"},{"key":"3_CR13","doi-asserted-by":"crossref","unstructured":"Pang, R., Yegneswaran, V., Barford, P., Paxson, V., Peterson, L.: Characteristics of Internet Background Radiation. In: Proceedings of the 4th ACM SIGCOMM conference on the Internet Measurement (2004)","DOI":"10.1145\/1028788.1028794"},{"key":"3_CR14","unstructured":"Pavan, M., Pelillo, M.: A new graph-theoretic approach to clustering and segmentation. In: Proceedings of IEEE Conference on Computer Vision and Pattern Recognition (2003)"},{"key":"3_CR15","unstructured":"Pham, V.-H.: Honeypot traces forensics by means of attack event identification. PhD thesis, TELECOM ParisTech (2009)"},{"key":"3_CR16","doi-asserted-by":"crossref","unstructured":"Pham, V.-H., Dacier, M.: Honeypot traces forensics: the observation view point matters. In: NSS 2009, 3rd International Conference on Network and System Security, October 19-21, Gold Coast, Australia (December 2009)","DOI":"10.1109\/NSS.2009.46"},{"key":"3_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"247","DOI":"10.1007\/978-3-540-70542-0_13","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"V.-H. Pham","year":"2008","unstructured":"Pham, V.-H., Dacier, M., Urvoy Keller, G., En Najjary, T.: The quest for multi-headed worms. In: Zamboni, D. (ed.) DIMVA 2008. LNCS, vol.\u00a05137, pp. 247\u2013266. Springer, Heidelberg (2008)"},{"key":"3_CR18","unstructured":"Pouget, F., Dacier, M., Debar, H.: Honeypot-based forensics. In: Proceedings of AusCERT Asia Pacific Information Technology Security Conference 2004, Brisbane, Australia (May 2004)"},{"key":"3_CR19","unstructured":"Pouget, F., Dacier, M., Pham, V.H.: Leurre.com: on the advantages of deploying a large scale distributed honeypot platform. In: ECCE 2005, E-Crime and Computer Conference, Monaco, March 29-30 (2005)"},{"key":"3_CR20","unstructured":"Provos, N.: A virtual honeypot framework. In: Proceedings of the 12th USENIX Security Symposium, August 2004, pp. 1\u201314 (2004)"},{"key":"3_CR21","doi-asserted-by":"publisher","first-page":"390","DOI":"10.1126\/science.210.4468.390","volume":"210","author":"R.N. Shepard","year":"1980","unstructured":"Shepard, R.N.: Multidimensional scaling, tree fitting, and clustering. Science\u00a0210, 390\u2013398 (1980)","journal-title":"Science"},{"key":"3_CR22","unstructured":"Thonnard, O., Dacier, M.: A framework for attack patterns\u2019 discovery in honeynet data. In: DFRWS 2008, 8th Digital Forensics Research Conference, Baltimore, USA, August 11- 13 (2008)"},{"key":"3_CR23","doi-asserted-by":"crossref","unstructured":"Thonnard, O., Dacier, M.: Actionable knowledge discovery for threats intelligence support using a multi-dimensional data mining methodology. In: ICDM 2008, 8th IEEE International Conference on Data Mining series, Pisa, Italy, December 15-19 (2008)","DOI":"10.1109\/ICDMW.2008.78"},{"key":"3_CR24","doi-asserted-by":"crossref","unstructured":"Thonnard, O., Mees, W., Dacier, M.: Addressing the attack attribution problem using knowledge discovery and multi-criteria fuzzy decision-making. In: KDD 2009, 15th ACM SIGKDD Conference on Knowledge Discovery and Data Mining, Workshop on CyberSecurity and Intelligence Informatics, Paris, France, June 28th - July 1st (2009)","DOI":"10.1145\/1599272.1599277"},{"key":"3_CR25","doi-asserted-by":"crossref","unstructured":"Wheeler, D., Larsen, G.: Techniques for Cyber Attack Attribution. Institute for Defense Analyses (October 2003)","DOI":"10.21236\/ADA468859"},{"issue":"1","key":"3_CR26","doi-asserted-by":"publisher","first-page":"183","DOI":"10.1109\/21.87068","volume":"18","author":"R.R. Yager","year":"1988","unstructured":"Yager, R.R.: On ordered weighted averaging aggregation operators in multicriteria decisionmaking. IEEE Trans. Syst. Man Cybern.\u00a018(1), 183\u2013190 (1988)","journal-title":"IEEE Trans. Syst. Man Cybern."},{"key":"3_CR27","unstructured":"Yegneswaran, V., Barford, P., Paxson, V.: Using honeynets for internet situational awareness. In: Fourth ACM Sigcomm Workshop on Hot Topics in Networking, Hotnets IV (2005)"}],"container-title":["Lecture Notes in Computer Science","Information Systems Security"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-10772-6_3.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,11,24]],"date-time":"2020-11-24T02:34:42Z","timestamp":1606185282000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-10772-6_3"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2009]]},"ISBN":["9783642107719","9783642107726"],"references-count":27,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-10772-6_3","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2009]]}}}