{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,19]],"date-time":"2025-03-19T11:55:49Z","timestamp":1742385349532},"publisher-location":"Berlin, Heidelberg","reference-count":44,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642155116"},{"type":"electronic","value":"9783642155123"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2010]]},"DOI":"10.1007\/978-3-642-15512-3_19","type":"book-chapter","created":{"date-parts":[[2010,8,31]],"date-time":"2010-08-31T12:27:39Z","timestamp":1283257659000},"page":"360-381","source":"Crossref","is-referenced-by-count":10,"title":["Community Epidemic Detection Using Time-Correlated Anomalies"],"prefix":"10.1007","author":[{"given":"Adam J.","family":"Oliner","sequence":"first","affiliation":[]},{"given":"Ashutosh V.","family":"Kulkarni","sequence":"additional","affiliation":[]},{"given":"Alex","family":"Aiken","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"19_CR1","doi-asserted-by":"crossref","unstructured":"Bouloutas, A., Calo, S., Finkel, A.: Alarm correlation and fault identification in communication networks. IEEE Transactions on Communications (1994)","DOI":"10.1109\/TCOMM.1994.577079"},{"key":"19_CR2","unstructured":"Brumley, D., Newsome, J., Song, D.: Sting: An end-to-end self-healing system for defending against internet worms. In: Malware Detection and Defense (2007)"},{"key":"19_CR3","doi-asserted-by":"crossref","unstructured":"Costa, M., Crowcroft, J., Castro, M., Rowstron, A., Zhou, L., Zhang, L., Barham, P.: Vigilante: End-to-end containment of internet worms. In: SOSP (2005)","DOI":"10.1145\/1095810.1095824"},{"key":"19_CR4","doi-asserted-by":"crossref","unstructured":"Cuppens, F., Miege, A.: Alert correlation in a cooperative intrusion detection framework. In: IEEE Symposium on Security and Privacy, pp. 202\u2013215 (2002)","DOI":"10.1109\/SECPRI.2002.1004372"},{"key":"19_CR5","doi-asserted-by":"crossref","unstructured":"Debar, H., Becker, M., Siboni, D.: A neural network component for an intrusion detection system. In: IEEE Symposium on Security and Privacy (1992)","DOI":"10.1109\/RISP.1992.213257"},{"key":"19_CR6","doi-asserted-by":"crossref","unstructured":"Ellis, D.: Worm anatomy and model. In: WORM (2003)","DOI":"10.1145\/948187.948196"},{"key":"19_CR7","unstructured":"Eskin, E.: Anomaly detection over noisy data using learned probability distributions. In: ICML (2000)"},{"key":"19_CR8","doi-asserted-by":"crossref","unstructured":"Feng, H.H., Kolesnikov, O.M., Fogla, P., Lee, W., Gong, W.: Anomaly detection using call stack information. In: IEEE Symposium on Security and Privacy (2003)","DOI":"10.1109\/SECPRI.2003.1199328"},{"key":"19_CR9","doi-asserted-by":"crossref","unstructured":"Forrest, S., Hofmeyr, S.A., Somayaji, A., Longstaff, T.A.: A sense of self for unix processes. In: IEEE Symposium on Security and Privacy (1996)","DOI":"10.1109\/SECPRI.1996.502675"},{"key":"19_CR10","doi-asserted-by":"crossref","unstructured":"Gao, D., Reiter, M.K., Song, D.: Gray-box extraction of execution graphs for anomaly detection. In: CCS (2004)","DOI":"10.1145\/1030083.1030126"},{"key":"19_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"19","DOI":"10.1007\/11856214_2","volume-title":"Recent Advances in Intrusion Detection","author":"D. Gao","year":"2006","unstructured":"Gao, D., Reiter, M.K., Song, D.: Behavioral distance for intrusion detection. In: Zamboni, D., Kr\u00fcgel, C. (eds.) RAID 2006. LNCS, vol.\u00a04219, pp. 19\u201340. Springer, Heidelberg (2006)"},{"key":"19_CR12","unstructured":"Giffin, J.T., Jha, S., Miller, B.P.: Detecting manipulated remote call streams. In: USENIX Security, pp. 61\u201379 (2002)"},{"key":"19_CR13","doi-asserted-by":"crossref","unstructured":"Gu, G., C\u00e1rdenas, A.A., Lee, W.: Principled reasoning and practical applications of alert fusion in intrusion detection systems. In: ASIACCS (2008)","DOI":"10.1145\/1368310.1368332"},{"issue":"3","key":"19_CR14","doi-asserted-by":"crossref","first-page":"151","DOI":"10.3233\/JCS-980109","volume":"6","author":"S.A. Hofmeyr","year":"1998","unstructured":"Hofmeyr, S.A., Forrest, S., Somayaji, A.: Intrusion detection using sequences of system calls. Journal of Computer Security\u00a06(3), 151\u2013180 (1998)","journal-title":"Journal of Computer Security"},{"key":"19_CR15","doi-asserted-by":"crossref","unstructured":"Huang, L., Garofalakis, M., Joseph, A.D., Taft, N.: Communication-efficient tracking of distributed cumulative triggers. In: Intl. Conf. on Distributed Computing Systems (ICDCS) (June 2007)","DOI":"10.1109\/ICDCS.2007.93"},{"key":"19_CR16","doi-asserted-by":"crossref","unstructured":"Huang, L., Nguyen, X.L., Garofalakis, M., Hellerstein, J., Jordan, M., Joseph, A., Taft, N.: Communication-efficient online detection of network-wide anomalies. In: IEEE INFOCOM (2007)","DOI":"10.1109\/INFCOM.2007.24"},{"key":"19_CR17","doi-asserted-by":"crossref","unstructured":"Jakobson, G., Weissman, M.: Alarm correlation. IEEE Network (1993)","DOI":"10.1109\/65.244794"},{"key":"19_CR18","doi-asserted-by":"crossref","unstructured":"Javitz, H.S., Valdes, A.: The SRI IDES statistical anomaly detector. In: IEEE Symposium on Security and Privacy (1991)","DOI":"10.1109\/RISP.1991.130799"},{"key":"19_CR19","doi-asserted-by":"crossref","unstructured":"King, S.T., Mao, Z.M., Lucchetti, D.G., Chen, P.M.: Constructing attack scenarios through correlation of intrusion alerts. In: CCS (2002)","DOI":"10.1145\/586143.586144"},{"key":"19_CR20","unstructured":"Lincoln, P., et al.: Virtualized Execution Realizing Network Infrastructures Enhancing Reliability (VERNIER), http:\/\/www.sdl.sri.com\/projects\/vernier\/"},{"key":"19_CR21","unstructured":"Locasto, M.E., Sidiroglou, S., Keromytis, A.D.: Software self-healing using collaborative application communities. In: NDSS (2005)"},{"key":"19_CR22","doi-asserted-by":"crossref","unstructured":"Malan, D.J., Smith, M.D.: Host-based detection of worms through peer-to-peer cooperation. In: ACM Workshop on Rapid Malcode (2005)","DOI":"10.1145\/1103626.1103641"},{"key":"19_CR23","doi-asserted-by":"crossref","unstructured":"Malan, D.J., Smith, M.D.: Exploiting temporal consistency to reduce false positives in host-based, collaborative detection of worms. In: WORM (2006)","DOI":"10.1145\/1179542.1179548"},{"key":"19_CR24","doi-asserted-by":"crossref","unstructured":"Mutz, D., Valeur, F., Vigna, G., Kruegel, C.: Anomalous system call detection. In: TISSEC (2006)","DOI":"10.1145\/1127345.1127348"},{"key":"19_CR25","unstructured":"Newsome, J., Brumley, D., Song, D.: Vulnerability-specific execution filtering for exploit prevention on commodity software. In: NDSS (2006)"},{"key":"19_CR26","doi-asserted-by":"crossref","unstructured":"Ning, P., Cui, Y., Reeves, D.S.: Constructing attack scenarios through correlation of intrusion alerts. In: CCS (2002)","DOI":"10.1145\/586110.586144"},{"key":"19_CR27","doi-asserted-by":"crossref","unstructured":"Paxson, V.: Bro: a system for detecting network intruders in real-time. Computer Networks\u00a031 (1999)","DOI":"10.1016\/S1389-1286(99)00112-7"},{"key":"19_CR28","unstructured":"Porras, P.A., Neumann, P.G.: Emerald: event monitoring enabling responses to anomalous live disturbances. In: National Computer Security Conference, NIST\/NCSC (1997)"},{"key":"19_CR29","unstructured":"Sebring, M.M., Whitehurst, R.A.: Expert systems in intrusion detection: a case study. In: National Computer Security Conference (1988)"},{"key":"19_CR30","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"21","DOI":"10.1007\/978-3-540-74320-0_2","volume-title":"Recent Advances in Intrusion Detection","author":"M. Sharif","year":"2007","unstructured":"Sharif, M., Singh, K., Giffin, J., Lee, W.: Understanding precision in host based intrusion detection. In: Kruegel, C., Lippmann, R., Clark, A. (eds.) RAID 2007. LNCS, vol.\u00a04637, pp. 21\u201341. Springer, Heidelberg (2007)"},{"key":"19_CR31","doi-asserted-by":"crossref","unstructured":"Smaha, S.: Haystack: an intrusion detection system. In: Aerospace Computer Security Applications Conference (1988)","DOI":"10.1109\/ACSAC.1988.113412"},{"key":"19_CR32","unstructured":"Staniford-chen, S., Cheung, S., Crawford, R., Dilger, M., Frank, J., Hoagl, J., Levitt, K., Wee, C., Yip, R., Zerkle, D.: Grids\u2014a graph based intrusion detection system for large networks. In: NIST\/NCSC (1996)"},{"key":"19_CR33","doi-asserted-by":"crossref","unstructured":"Tan, K.M.C., Maxion, R.A.: \u201cWhy 6?\u201d Defining the operational limits of stide, an anomaly-based intrusion detector. In: IEEE Symposium on Security and Privacy (2002)","DOI":"10.1109\/SECPRI.2002.1004371"},{"key":"19_CR34","unstructured":"Ullrich, J.: DShield\u2014distributed intrusion detection system, http:\/\/www.dshield.org"},{"key":"19_CR35","doi-asserted-by":"crossref","unstructured":"Vaccaro, H., Liepins, G.: Detection of anomalous computer session activity. In: IEEE Symposium on Security and Privacy (1989)","DOI":"10.1109\/SECPRI.1989.36302"},{"key":"19_CR36","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"54","DOI":"10.1007\/3-540-45474-8_4","volume-title":"Recent Advances in Intrusion Detection","author":"A. Valdes","year":"2001","unstructured":"Valdes, A., Skinner, K.: Probabilistic alert correlation. In: Lee, W., M\u00e9, L., Wespi, A. (eds.) RAID 2001. LNCS, vol.\u00a02212, p. 54. Springer, Heidelberg (2001)"},{"key":"19_CR37","unstructured":"Wadge, W.W., Ashcroft, E.A.: Lucid, the dataflow programming language. A.P.I.C. Studies in Data Processing (1985)"},{"key":"19_CR38","doi-asserted-by":"crossref","unstructured":"Wagner, D., Soto, P.: Mimicry attacks on host-based intrusion detection systems. In: CCS (2002)","DOI":"10.1145\/586110.586145"},{"key":"19_CR39","unstructured":"Wang, H.J., Platt, J.C., Chen, Y., Zhang, R., Wang, Y.-M.: Automatic misconfiguration troubleshooting with PeerPressure. In: OSDI (2004)"},{"key":"19_CR40","doi-asserted-by":"crossref","unstructured":"Weaver, N., Paxson, V., Staniford, S., Cunningham, R.: A taxonomy of computer worms. In: WORM (2003)","DOI":"10.1145\/948187.948190"},{"key":"19_CR41","unstructured":"Weaver, N., Staniford, S., Paxson, V.: Very fast containment of scanning worms. In: USENIX Security (2004)"},{"key":"19_CR42","unstructured":"Williamson, M.M.: Throttling viruses: Restricting propagation to defeat malicious mobile code. In: ACSAC (2002)"},{"key":"19_CR43","series-title":"Lecture Notes in Computer Science","first-page":"238","volume-title":"Recent Advances in Intrusion Detection","author":"Y. Xie","year":"2004","unstructured":"Xie, Y., Kim, H., O\u2019Hallaron, D., Reiter, M., Zhang, H.: Seurat: a pointillist approach to anomaly detection. In: Jonsson, E., Valdes, A., Almgren, M. (eds.) RAID 2004. LNCS, vol.\u00a03224, pp. 238\u2013257. Springer, Heidelberg (2004)"},{"key":"19_CR44","unstructured":"Yegneswaran, V., Barford, P., Jha, S.: Global intrusion detection in the DOMINO overlay system. In: NDSS (2004)"}],"container-title":["Lecture Notes in Computer Science","Recent Advances in Intrusion Detection"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-15512-3_19.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,11,24]],"date-time":"2020-11-24T03:09:19Z","timestamp":1606187359000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-15512-3_19"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2010]]},"ISBN":["9783642155116","9783642155123"],"references-count":44,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-15512-3_19","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2010]]}}}