{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,28]],"date-time":"2025-09-28T20:28:48Z","timestamp":1759091328648},"publisher-location":"Berlin, Heidelberg","reference-count":26,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642142147"},{"type":"electronic","value":"9783642142154"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2010]]},"DOI":"10.1007\/978-3-642-14215-4_9","type":"book-chapter","created":{"date-parts":[[2010,7,2]],"date-time":"2010-07-02T05:18:35Z","timestamp":1278047915000},"page":"153-172","source":"Crossref","is-referenced-by-count":32,"title":["An Online Adaptive Approach to Alert Correlation"],"prefix":"10.1007","author":[{"given":"Hanli","family":"Ren","sequence":"first","affiliation":[]},{"given":"Natalia","family":"Stakhanova","sequence":"additional","affiliation":[]},{"given":"Ali A.","family":"Ghorbani","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"9_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"54","DOI":"10.1007\/3-540-45474-8_4","volume-title":"Recent Advances in Intrusion Detection","author":"A. Valdes","year":"2001","unstructured":"Valdes, A., Skinner, K.: Probabilistic alert correlation. In: Lee, W., M\u00e9, L., Wespi, A. (eds.) RAID 2001. LNCS, vol.\u00a02212, pp. 54\u201368. Springer, Heidelberg (2001)"},{"key":"9_CR2","doi-asserted-by":"crossref","unstructured":"Ning, P., Cui, Y., Reeves, D.S.: Constructing attacks scenarios through correlation of intrusion alerts. In: Proceedings of the 9th ACM conference on Computer and communications security, pp. 245\u2013254 (2002)","DOI":"10.1145\/586110.586144"},{"key":"9_CR3","doi-asserted-by":"crossref","unstructured":"Cheung, S., Lindqvist, U., Fong, M.: Modeling multistep cyber attacks for scenario recognition. In: DARPA Information Survivability Conference and Exposition, vol.\u00a01, pp. 284\u2013292 (2003)","DOI":"10.1109\/DISCEX.2003.1194892"},{"key":"9_CR4","doi-asserted-by":"crossref","unstructured":"Cuppens, F., Miege, A.: Alert correlation in a cooperative intrusion detection framework. In: Proceedings of the 2002 IEEE Symposium on Security and Privacy, pp. 202\u2013215 (2002)","DOI":"10.1109\/SECPRI.2002.1004372"},{"key":"9_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"197","DOI":"10.1007\/3-540-39945-3_13","volume-title":"Recent Advances in Intrusion Detection","author":"F. Cuppens","year":"2000","unstructured":"Cuppens, F., Ortalo, R.: A language to model a database for detection of attacks. In: Debar, H., M\u00e9, L., Wu, S.F. (eds.) RAID 2000. LNCS, vol.\u00a01907, pp. 197\u2013216. Springer, Heidelberg (2000)"},{"key":"9_CR6","doi-asserted-by":"crossref","first-page":"71","DOI":"10.3233\/JCS-2002-101-204","volume":"10","author":"S.T. Eckmann","year":"2002","unstructured":"Eckmann, S.T., Vigna, G., Kemmerer, R.A.: Statl: An attack language for state-based intrusion detection. Journal of Computer Security\u00a010, 71\u2013103 (2002)","journal-title":"Journal of Computer Security"},{"key":"9_CR7","doi-asserted-by":"crossref","unstructured":"Totel, E., Vivinis, B., M\u00e9, L.: A language driven IDS for event and alert correlation. In: SEC, pp. 209\u2013224 (2004)","DOI":"10.1007\/1-4020-8143-X_14"},{"key":"9_CR8","doi-asserted-by":"crossref","unstructured":"Qin, X.: A probabilistic-based framework for INFOSEC alert correlation. In: Proceedings of the Symposium on Recent Advances in Intrusion Detection, vol.\u00a02820, pp. 73\u201393 (2003)","DOI":"10.1007\/978-3-540-45248-5_5"},{"key":"9_CR9","unstructured":"Zhu, B., Ghorbani, A.A.: Alert correlation for extracting attack strategies. International Journal of Network Security, 244\u2013258 (2006)"},{"key":"9_CR10","doi-asserted-by":"publisher","first-page":"153","DOI":"10.1016\/j.cose.2008.11.010","volume":"28","author":"R. Sadoddin","year":"2009","unstructured":"Sadoddin, R., Ghorbani, A.A.: An incremental frequent structure mining framework for real-time alert correlation. Computers and Security\u00a028, 153\u2013173 (2009)","journal-title":"Computers and Security"},{"key":"9_CR11","doi-asserted-by":"publisher","first-page":"188","DOI":"10.1016\/j.cose.2008.05.005","volume":"27","author":"S. Zhang","year":"2008","unstructured":"Zhang, S., Li, J., Chen, X., Fan, L.: Building network attack graph for alert causal correlation. Computers and Security\u00a027, 188\u2013196 (2008)","journal-title":"Computers and Security"},{"key":"9_CR12","doi-asserted-by":"publisher","first-page":"300","DOI":"10.1016\/j.inffus.2009.01.004","volume":"10","author":"F. Maggia","year":"2009","unstructured":"Maggia, F., Matteuccia, M., Zanero, S.: Reducing false positives in anomaly detectors through fuzzy alert aggregation. Information Fusion\u00a010, 300\u2013311 (2009)","journal-title":"Information Fusion"},{"key":"9_CR13","doi-asserted-by":"publisher","first-page":"443","DOI":"10.1145\/950191.950192","volume":"6","author":"K. Julisch","year":"2002","unstructured":"Julisch, K.: Clustering intrusion detection alarms to support root cause analysis. ACM Transactions on Information and System Security\u00a06, 443\u2013471 (2002)","journal-title":"ACM Transactions on Information and System Security"},{"key":"9_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"102","DOI":"10.1007\/978-3-540-30143-1_6","volume-title":"Recent Advances in Intrusion Detection","author":"T. Pietraszek","year":"2004","unstructured":"Pietraszek, T.: Using adaptive alert classification to reduce false positives in intrusion detection. In: Jonsson, E., Valdes, A., Almgren, M. (eds.) RAID 2004. LNCS, vol.\u00a03224, pp. 102\u2013124. Springer, Heidelberg (2004)"},{"key":"9_CR15","doi-asserted-by":"crossref","first-page":"571","DOI":"10.1016\/S1389-1286(00)00138-9","volume":"34","author":"S. Manganaris","year":"2000","unstructured":"Manganaris, S., Christensen, M., Zerkle, D., Hermiz, K.: A data mining analysis of rtid alarms. Computer Networks: The International Journal of Computer and Telecommunications Networking\u00a034, 571\u2013577 (2000)","journal-title":"Computer Networks: The International Journal of Computer and Telecommunications Networking"},{"key":"9_CR16","doi-asserted-by":"publisher","first-page":"312","DOI":"10.1016\/j.inffus.2009.01.003","volume":"10","author":"J. Viinikka","year":"2009","unstructured":"Viinikka, J., Debar, H., M\u00e9, L.: Processing intrusion detection alert aggregates with time series modeling. Information Fusion\u00a010, 312\u2013324 (2009)","journal-title":"Information Fusion"},{"key":"9_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"115","DOI":"10.1007\/3-540-36084-0_7","volume-title":"Recent Advances in Intrusion Detection","author":"B. Morin","year":"2002","unstructured":"Morin, B., M\u00e9, L., Debar, H., Ducasse, M.: M2d2: A formal data model for IDS alert correlation. In: Wespi, A., Vigna, G., Deri, L. (eds.) RAID 2002. LNCS, vol.\u00a02516, pp. 115\u2013137. Springer, Heidelberg (2002)"},{"key":"9_CR18","doi-asserted-by":"publisher","first-page":"285","DOI":"10.1016\/j.inffus.2009.01.005","volume":"10","author":"B. Morin","year":"2009","unstructured":"Morin, B., M\u00e9, L., Debar, H., Ducasse, M.: A logic-based model to support alert correlation in intrusion detection. Information Fusion\u00a010, 285\u2013299 (2009)","journal-title":"Information Fusion"},{"key":"9_CR19","doi-asserted-by":"crossref","unstructured":"Porras, P.A., Fong, M.W., Valdes, A.: A mission-impact-based approach to infosec alarm correlation. In: Proceedings of the 5th International Symposium on Recent Advances in Intrusion Detection, pp. 95\u2013114 (2002)","DOI":"10.1007\/3-540-36084-0_6"},{"key":"9_CR20","unstructured":"Dain, O.M., Cunningham, R.K.: Fusing a heterogeneous alert stream into scenarios. In: Proceeding of the 2001 ACM Workshop on Data Mining for Security Applications, pp. 1\u201313 (2001)"},{"key":"9_CR21","doi-asserted-by":"crossref","unstructured":"Qin, X., Lee, W.: Discovering novel attack strategies from INFOSEC alerts. In: Proceedings of the 9th European Symposium on Research in Computer Security, Sophia Antipolis, pp. 439\u2013456 (2004)","DOI":"10.1007\/978-3-540-30108-0_27"},{"key":"9_CR22","unstructured":"Haykin, S.: Neural networks: A comprehensive foundation, 2nd edn. (1998)"},{"key":"9_CR23","doi-asserted-by":"crossref","unstructured":"Cristianini, N., Taylor, J.S.: An introduction to support vector machines and other kernel-based learning methods (2000)","DOI":"10.1017\/CBO9780511801389"},{"key":"9_CR24","doi-asserted-by":"crossref","unstructured":"Heckerman, D.: A tutorial on learning with bayesian networks. Technical Report MSR-TR-95-06, Microsoft Research (1995)","DOI":"10.1016\/B978-1-55860-377-6.50079-7"},{"key":"9_CR25","unstructured":"Laboratory, M.L.: 2000 darpa intrusion detection scenario specific datasets (2000)"},{"key":"9_CR26","unstructured":"netForensics Honeynet\u00a0team: Honeynet traffic logs, http:\/\/old.honeynet.org\/scans\/scan34\/"}],"container-title":["Lecture Notes in Computer Science","Detection of Intrusions and Malware, and Vulnerability Assessment"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-14215-4_9.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,10,30]],"date-time":"2021-10-30T15:03:40Z","timestamp":1635606220000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-14215-4_9"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2010]]},"ISBN":["9783642142147","9783642142154"],"references-count":26,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-14215-4_9","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2010]]}}}