{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,4]],"date-time":"2025-09-04T13:34:08Z","timestamp":1756992848173,"version":"3.37.3"},"publisher-location":"Berlin, Heidelberg","reference-count":31,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642142147"},{"type":"electronic","value":"9783642142154"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2010]]},"DOI":"10.1007\/978-3-642-14215-4_10","type":"book-chapter","created":{"date-parts":[[2010,7,2]],"date-time":"2010-07-02T05:18:35Z","timestamp":1278047915000},"page":"173-182","source":"Crossref","is-referenced-by-count":8,"title":["KIDS \u2013 Keyed Intrusion Detection System"],"prefix":"10.1007","author":[{"given":"Sasa","family":"Mrdovic","sequence":"first","affiliation":[]},{"given":"Branislava","family":"Drazenovic","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"10_CR1","unstructured":"Rash, M., Orebaugh, A.D., Clark, G., Pinkard, B., Babbin, J.: Intrusion Prevention and Active Response: Deploying Network and Host IPS, Syngress (2005)"},{"key":"10_CR2","doi-asserted-by":"crossref","unstructured":"Mrdovic, S., Perunicic, B.: Kerckhoffs\u2019 Principle for Intrusion Detection. In: The 13th International Telecommunications Network Strategy and Planning Symposium, Networks 2008, pp. 1\u201314 (2008)","DOI":"10.1109\/NETWKS.2008.4763730"},{"key":"10_CR3","doi-asserted-by":"crossref","unstructured":"Mrdovic, S., Perunicic, B.: NIDS Based on Payload Word Frequencies and Anomaly of Transitions. In: Third International Conference on Digital Information Management, ICDIM 2008, pp. 334\u2013339 (2008)","DOI":"10.1109\/ICDIM.2008.4746821"},{"key":"10_CR4","first-page":"265","volume-title":"Specification-based anomaly detection: a new approach for detecting network intrusions","author":"R. Sekar","year":"2002","unstructured":"Sekar, R., Gupta, A., Frullo, J., Shanbhag, T., Tiwari, A., Yang, H., Zhou, S.: Specification-based anomaly detection: a new approach for detecting network intrusions, pp. 265\u2013274. ACM, Washington (2002)"},{"key":"10_CR5","first-page":"346","volume-title":"Network traffic anomaly detection based on packet bytes","author":"M.V. Mahoney","year":"2003","unstructured":"Mahoney, M.V.: Network traffic anomaly detection based on packet bytes, pp. 346\u2013350. ACM, Melbourne (2003)"},{"key":"10_CR6","first-page":"412","volume-title":"Unsupervised learning techniques for an intrusion detection system","author":"S. Zanero","year":"2004","unstructured":"Zanero, S., Savaresi, S.M.: Unsupervised learning techniques for an intrusion detection system, pp. 412\u2013419. ACM, Nicosia (2004)"},{"key":"10_CR7","first-page":"251","volume-title":"Anomaly detection of web-based attacks","author":"C. Kruegel","year":"2003","unstructured":"Kruegel, C., Vigna, G.: Anomaly detection of web-based attacks, pp. 251\u2013261. ACM, Washington D.C (2003)"},{"key":"10_CR8","doi-asserted-by":"publisher","first-page":"717","DOI":"10.1016\/j.comnet.2005.01.009","volume":"48","author":"C. Kruegel","year":"2005","unstructured":"Kruegel, C., Vigna, G., Robertson, W.: A multi-model approach to the detection of web-based attacks. Computer Networks\u00a048, 717\u2013738 (2005)","journal-title":"Computer Networks"},{"key":"10_CR9","unstructured":"Robertson, W., Vigna, G., Kruegel, C., Kemmerer, R.A.: Using Generalization and Characterization Techniques in the Anomaly-based Detection of Web Attacks (2006)"},{"key":"10_CR10","doi-asserted-by":"publisher","first-page":"1239","DOI":"10.1016\/j.comnet.2006.09.016","volume":"51","author":"K. Ingham","year":"2007","unstructured":"Ingham, K., Somayaji, A., Burge, J., Forrest, S.: Learning DFA representations of HTTP for protecting web applications. Computer Networks\u00a051, 1239\u20131255 (2007)","journal-title":"Computer Networks"},{"key":"10_CR11","doi-asserted-by":"crossref","unstructured":"Akritidis, P., Markatos, E.P., Polychronakis, M., Anagnostakis, K.: Stride: Polymorphic sled detection through instruction sequence analysis (2005)","DOI":"10.1007\/0-387-25660-1_25"},{"key":"10_CR12","doi-asserted-by":"crossref","unstructured":"Kruegel, C., Kirda, E., Mutz, D., Robertson, W., Vigna, G.: Polymorphic Worm Detection Using Structural Information of Executables (2005)","DOI":"10.1007\/11663812_11"},{"key":"10_CR13","first-page":"16","volume-title":"SigFree: a signature-free buffer overflow attack blocker","author":"X. Wang","year":"2006","unstructured":"Wang, X., Pan, C., Liu, P., Zhu, S.: SigFree: a signature-free buffer overflow attack blocker, p. 16. USENIX Association, Vancouver (2006)"},{"key":"10_CR14","unstructured":"Polychronakis, M., Anagnostakis, K.G., Markatos, E.P.: Emulation-based Detection of Non-self-contained Polymorphic Shellcode"},{"key":"10_CR15","first-page":"541","volume-title":"On the infeasibility of modeling polymorphic shellcode","author":"Y. Song","year":"2007","unstructured":"Song, Y., Locasto, M.E., Stavrou, A., Keromytis, A.D., Stolfo, S.J.: On the infeasibility of modeling polymorphic shellcode, pp. 541\u2013551. ACM, Alexandria (2007)"},{"key":"10_CR16","doi-asserted-by":"crossref","unstructured":"Wang, K., Stolfo, S.J.: Anomalous Payload-Based Network Intrusion Detection (2004)","DOI":"10.1007\/978-3-540-30143-1_11"},{"key":"10_CR17","doi-asserted-by":"crossref","unstructured":"Wang, K., Cretu, G., Stolfo, S.J.: Anomalous Payload-Based Worm Detection and Signature Generation (2005)","DOI":"10.1007\/11663812_12"},{"key":"10_CR18","doi-asserted-by":"crossref","unstructured":"Wang, K., Parekh, J., Stolfo, S.: Anagram: A Content Anomaly Detector Resistant to Mimicry Attack, pp. 226\u2013248 (2006)","DOI":"10.1007\/11856214_12"},{"key":"10_CR19","unstructured":"Vargiya, R., Chan, P.: Boundary Detection in Tokenizing Network Application Payload for Anomaly Detection (2003)"},{"key":"10_CR20","doi-asserted-by":"publisher","first-page":"243","DOI":"10.1007\/s11416-006-0030-0","volume":"2","author":"K. Rieck","year":"2007","unstructured":"Rieck, K., Laskov, P.: Language models for detection of unknown attacks in network traffic. Journal in Computer Virology\u00a02, 243\u2013256 (2007)","journal-title":"Journal in Computer Virology"},{"key":"10_CR21","first-page":"255","volume-title":"Mimicry attacks on host-based intrusion detection systems","author":"D. Wagner","year":"2002","unstructured":"Wagner, D., Soto, P.: Mimicry attacks on host-based intrusion detection systems, pp. 255\u2013264. ACM, Washington (2002)"},{"key":"10_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"54","DOI":"10.1007\/3-540-36084-0_4","volume-title":"Recent Advances in Intrusion Detection","author":"K. Tan","year":"2002","unstructured":"Tan, K., Killourhy, K., Maxion, R.: Undermining an Anomaly-Based Intrusion Detection System Using Common Exploits. In: Wespi, A., Vigna, G., Deri, L. (eds.) RAID 2002. LNCS, vol.\u00a02516, pp. 54\u201373. Springer, Heidelberg (2002)"},{"key":"10_CR23","unstructured":"Kolesnikov, O., Lee, W.: Advanced Polymorphic Worms: Evading IDS by Blending in with Normal Traffic, College of Computing, Georgia Tech. (2005)"},{"key":"10_CR24","first-page":"17","volume-title":"Polymorphic blending attacks","author":"P. Fogla","year":"2006","unstructured":"Fogla, P., Sharif, M., Perdisci, R., Kolesnikov, O., Lee, W.: Polymorphic blending attacks, p. 17. USENIX Association, Vancouver (2006)"},{"key":"10_CR25","first-page":"59","volume-title":"Evading network anomaly detection systems: formal reasoning and practical techniques","author":"P. Fogla","year":"2006","unstructured":"Fogla, P., Lee, W.: Evading network anomaly detection systems: formal reasoning and practical techniques, pp. 59\u201368. ACM, Alexandria (2006)"},{"key":"10_CR26","unstructured":"SANS Institute, SANS Top-20 2007, Security Risks, Annual Update (2007)"},{"key":"10_CR27","unstructured":"Internet Security Threat Report, Symantec Corporation (2008)"},{"key":"10_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"42","DOI":"10.1007\/978-3-540-74320-0_3","volume-title":"Recent Advances in Intrusion Detection","author":"K. Ingham","year":"2007","unstructured":"Ingham, K., Inoue, H.: Comparing Anomaly Detection Techniques for HTTP. In: Kruegel, C., Lippmann, R., Clark, A. (eds.) RAID 2007. LNCS, vol.\u00a04637, pp. 42\u201362. Springer, Heidelberg (2007)"},{"key":"10_CR29","doi-asserted-by":"crossref","unstructured":"Lippmann, R., Fried, D., Graf, I., Haines, J., Kendall, K., McClung, D., Weber, D., Webster, S., Wyschogrod, D., Cunningham, R., Zissman, M.: Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation, vol.\u00a02, pp. 12\u201326 (2000)","DOI":"10.1109\/DISCEX.2000.821506"},{"key":"10_CR30","doi-asserted-by":"publisher","first-page":"579","DOI":"10.1016\/S1389-1286(00)00139-0","volume":"34","author":"L. Richard","year":"2000","unstructured":"Richard, L., Haines, J.W., Fried, D.J., Korba, J., Das, K.: The 1999 DARPA off-line intrusion detection evaluation. Computer Networks\u00a034, 579\u2013595 (2000)","journal-title":"Computer Networks"},{"key":"10_CR31","first-page":"21","volume-title":"Challenging the anomaly detection paradigm: a provocative discussion","author":"C. Gates","year":"2006","unstructured":"Gates, C., Taylor, C.: Challenging the anomaly detection paradigm: a provocative discussion, pp. 21\u201329. ACM, Germany (2006)"}],"container-title":["Lecture Notes in Computer Science","Detection of Intrusions and Malware, and Vulnerability Assessment"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-14215-4_10.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,2,22]],"date-time":"2025-02-22T13:59:53Z","timestamp":1740232793000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-14215-4_10"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2010]]},"ISBN":["9783642142147","9783642142154"],"references-count":31,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-14215-4_10","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2010]]}}}