{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T12:13:17Z","timestamp":1763467997005},"publisher-location":"Berlin, Heidelberg","reference-count":32,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642155116"},{"type":"electronic","value":"9783642155123"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2010]]},"DOI":"10.1007\/978-3-642-15512-3_3","type":"book-chapter","created":{"date-parts":[[2010,8,31]],"date-time":"2010-08-31T12:27:39Z","timestamp":1283257659000},"page":"38-57","source":"Crossref","is-referenced-by-count":16,"title":["Behavior-Based Worm Detectors Compared"],"prefix":"10.1007","author":[{"given":"Shad","family":"Stafford","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jun","family":"Li","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"issue":"6","key":"3_CR1","doi-asserted-by":"publisher","first-page":"706","DOI":"10.1145\/63526.63530","volume":"32","author":"T. Eisenberg","year":"1989","unstructured":"Eisenberg, T., Gries, D., Hartmanis, J., Holcomb, D., Lynn, M.S., Santoro, T.: The Cornell commission: on Morris and the worm. Communications of the ACM\u00a032(6), 706\u2013709 (1989)","journal-title":"Communications of the ACM"},{"key":"3_CR2","doi-asserted-by":"crossref","unstructured":"Moore, D., Shannon, C., Claffy, K.C.: Code-red: A case study on the spread and victims of an Internet worm. In: Proceedings of the ACM Internet Measurement Workshop, pp. 273\u2013284 (2002)","DOI":"10.1145\/637201.637244"},{"issue":"4","key":"3_CR3","doi-asserted-by":"publisher","first-page":"33","DOI":"10.1109\/MSECP.2003.1219056","volume":"1","author":"D. Moore","year":"2003","unstructured":"Moore, D., Paxson, V., Savage, S., Shannon, C., Staniford, S., Weaver, N.: Inside the slammer worm. IEEE Security and Privacy\u00a01(4), 33\u201339 (2003)","journal-title":"IEEE Security and Privacy"},{"key":"3_CR4","unstructured":"Symantec, I.: The downadup codex. Technical report, Symantec (March 2009)"},{"key":"3_CR5","unstructured":"Porras, P.A., Saidi, H., Yegneswaran, V.: An analysis of the ikee.b (duh) iPhone botnet. Technical report, SRI International (December 2009)"},{"key":"3_CR6","doi-asserted-by":"crossref","unstructured":"Sekar, V., Xie, Y., Reiter, M.K., Zhang, H.: A multi-resolution approach for worm detection and containment. In: Proceedings of the International Conference on Dependable Systems and Networks (2006)","DOI":"10.1109\/DSN.2006.6"},{"key":"3_CR7","doi-asserted-by":"crossref","unstructured":"Schechter, S.E., Jung, J., Berger, A.W.: Fast detection of scanning worm infections. In: Proceedings of the Symposium on Recent Advances in Intrusion Detection (2004)","DOI":"10.1007\/978-3-540-30143-1_4"},{"key":"3_CR8","unstructured":"Gu, G., Sharif, M., Qin, X., Dagon, D., Lee, W., Riley, G.: Worm detection, early warning and response based on local victim information. In: Proceedings of the Annual Computer Security Applications Conference (2004)"},{"key":"3_CR9","doi-asserted-by":"crossref","unstructured":"Liang, Z., Sekar, R.: Fast and automated generation of attack signatures: A basis for building self-protecting servers. In: Proceedings of the Conference on Computer and Communications Security (2005)","DOI":"10.1145\/1102120.1102150"},{"key":"3_CR10","doi-asserted-by":"crossref","unstructured":"Crandall, J.R., Su, Z., Wu, S.F., Chong, F.T.: On deriving unknown vulnerabilities from zero-day polymorphic and metamorphic worm exploits. In: Proceedings of the Conference on Computer and Communications Security (2005)","DOI":"10.1145\/1102120.1102152"},{"key":"3_CR11","unstructured":"Newsome, J., Song, D.: Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In: Proceedings of the Network and Distributed System Security Symposium (February 2005)"},{"key":"3_CR12","doi-asserted-by":"crossref","unstructured":"Tucek, J., Newsome, J., Lu, S., Huang, C., Xanthos, S., Brumley, D., Zhou, Y., Song, D.: Sweeper: A lightweight end-to-end system for defending against fast worms. In: Proceedings of the EuroSys Conference (2007)","DOI":"10.1145\/1272996.1273010"},{"key":"3_CR13","unstructured":"Kim, H.A., Karp, B.: Autograph: Toward automated, distributed worm signature detection. In: Proceedings of the USENIX Security Symposium, pp. 271\u2013286 (August 2004)"},{"key":"3_CR14","unstructured":"Singh, S., Estan, C., Varghese, G., Savage, S.: Automated worm fingerprinting. In: Proceedings of the Symposium on Operating System Design and Implementation, pp. 45\u201360 (2004)"},{"key":"3_CR15","doi-asserted-by":"crossref","unstructured":"Wang, K., Cretu, G., Stolfo, S.J.: Anomalous payload-based worm detection and signature generation. In: Proceedings of the Symposium on Recent Advances in Intrusion Detection (2005)","DOI":"10.1007\/11663812_12"},{"key":"3_CR16","doi-asserted-by":"crossref","unstructured":"Wang, K., Parekh, J.J., Stolfo, S.J.: Anagram: A content anomaly detector resistant to mimicry attack. In: Proceedings of the Symposium on Recent Advances in Intrusion Detection (2006)","DOI":"10.1007\/11856214_12"},{"key":"3_CR17","doi-asserted-by":"crossref","unstructured":"Li, Z., Wang, L., Chen, Y., Fu, Z.: Network-based and attack-resilient length signature generation for zero-day polymorphic worms. In: Proceedings of the IEEE International Conference on Network Protocols, pp. 164\u2013173 (October 2007)","DOI":"10.1109\/ICNP.2007.4375847"},{"key":"3_CR18","doi-asserted-by":"crossref","unstructured":"Newsome, J., Karp, B., Song, D.: Polygraph: Automatically generating signatures for polymorphic worms. In: Proceedings of the IEEE Symposium on Security and Privacy (2005)","DOI":"10.1109\/SP.2005.15"},{"key":"3_CR19","doi-asserted-by":"crossref","unstructured":"Mason, J., Small, S., Monrose, F., MacManus, G.: English shellcode. In: Proceedings of the Conference on Computer and Communications Security, pp. 524\u2013533 (2009)","DOI":"10.1145\/1653662.1653725"},{"key":"3_CR20","doi-asserted-by":"crossref","unstructured":"Jung, J., Milito, R., Paxson, V.: On the adaptive real-time detection of fast-propagating network worms. In: Proceedings of the Conference on Detection of Intrusions and Malware and Vulnerability Assessment, pp. 175\u2013192 (July 2007)","DOI":"10.1007\/978-3-540-73614-1_11"},{"key":"3_CR21","doi-asserted-by":"crossref","unstructured":"Collins, M.P., Reiter, M.K.: Hit-list worm detection and bot identification in large networks using protocol graphs. In: Proceedings of the Symposium on Recent Advances in Intrusion Detection, pp. 276\u2013295 (September 2007)","DOI":"10.1007\/978-3-540-74320-0_15"},{"key":"3_CR22","unstructured":"Wu, J., Vangala, S., Gao, L., Kwiat, K.: An effective architecture and algorithm for detecting worms with various scan techniques. In: Proceedings of the Network and Distributed System Security Symposium (2004)"},{"key":"3_CR23","doi-asserted-by":"crossref","unstructured":"Zou, C.C., Gong, W., Towsley, D., Gao, L.: The monitoring and early detection of Internet worms. ACM Transactions on Networking (2005)","DOI":"10.1109\/TNET.2005.857113"},{"key":"3_CR24","unstructured":"Weaver, N., Staniford, S., Paxson, V.: Very fast containment of scanning worms. In: Proceedings of the USENIX Security Symposium, pp. 29\u201344 (2004)"},{"key":"3_CR25","unstructured":"DETER: Cyber defense technology experiment research (DETER) network, http:\/\/www.isi.edu\/deter\/"},{"key":"3_CR26","unstructured":"Stafford, S., Li, J., Ehrenkranz, T., Knickerbocker, P.: GLOWS: A high-fidelity worm simulator. Technical Report CIS-TR-2006-11, University of Oregon (2006)"},{"key":"3_CR27","unstructured":"LBNL\/ICSI enterprise tracing project (2005), http:\/\/www.icir.org\/enterprise-tracing\/"},{"key":"3_CR28","unstructured":"Group, W.N.R.: WAND WITS: Auckland-IV trace data (April 2001), http:\/\/wand.cs.waikato.ac.nz\/wand\/wits\/auck\/4\/"},{"key":"3_CR29","unstructured":"Umass trace repository, http:\/\/traces.cs.umass.edu\/"},{"key":"3_CR30","doi-asserted-by":"crossref","unstructured":"Collins, M.P., Reiter, M.K.: On the limits of payload-oblivious network attack detection. In: Proceedings of the Symposium on Recent Advances in Intrusion Detection, pp. 251\u2013270 (September 2008)","DOI":"10.1007\/978-3-540-87403-4_14"},{"key":"3_CR31","doi-asserted-by":"crossref","unstructured":"Allman, M., Paxson, V., Terrell, J.: A brief history of scanning. In: Proceedings of the ACM Internet Measurement Conference, pp. 77\u201382 (October 2007)","DOI":"10.1145\/1298306.1298316"},{"issue":"1","key":"3_CR32","doi-asserted-by":"publisher","first-page":"20","DOI":"10.1109\/COMST.2008.4483668","volume":"10","author":"P. Li","year":"2008","unstructured":"Li, P., Salour, M., Su, X.: A survey of internet worm detection and containment. IEEE Communications Society Surveys and Tutorials\u00a010(1), 20\u201335 (2008)","journal-title":"IEEE Communications Society Surveys and Tutorials"}],"container-title":["Lecture Notes in Computer Science","Recent Advances in Intrusion Detection"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-15512-3_3.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,11,24]],"date-time":"2020-11-24T03:09:21Z","timestamp":1606187361000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-15512-3_3"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2010]]},"ISBN":["9783642155116","9783642155123"],"references-count":32,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-15512-3_3","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2010]]}}}