{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,26]],"date-time":"2025-09-26T00:06:26Z","timestamp":1758845186486,"version":"3.40.3"},"publisher-location":"Berlin, Heidelberg","reference-count":35,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642198953"},{"type":"electronic","value":"9783642198960"}],"license":[{"start":{"date-parts":[[2011,1,1]],"date-time":"2011-01-01T00:00:00Z","timestamp":1293840000000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2011]]},"DOI":"10.1007\/978-3-642-19896-0_5","type":"book-chapter","created":{"date-parts":[[2011,4,16]],"date-time":"2011-04-16T07:43:17Z","timestamp":1302939797000},"page":"50-63","source":"Crossref","is-referenced-by-count":17,"title":["ASAP: Automatic Semantics-Aware Analysis of Network Payloads"],"prefix":"10.1007","author":[{"given":"Tammo","family":"Krueger","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Nicole","family":"Kr\u00e4mer","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Konrad","family":"Rieck","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"key":"5_CR1","unstructured":"Roesch, M.: Snort: Lightweight intrusion detection for networks. In: Proc. of USENIX Large Installation System Administration Conference LISA, pp. 229\u2013238 (1999)"},{"issue":"23-24","key":"5_CR2","doi-asserted-by":"publisher","first-page":"2435","DOI":"10.1016\/S1389-1286(99)00112-7","volume":"31","author":"V. Paxson","year":"1999","unstructured":"Paxson, V.: Bro: A system for detecting network intruders in real-time. Computer Networks\u00a031(23-24), 2435\u20132466 (1999)","journal-title":"Computer Networks"},{"issue":"1","key":"5_CR3","doi-asserted-by":"publisher","first-page":"37","DOI":"10.3233\/JCS-1999-7103","volume":"7","author":"G. Vigna","year":"1999","unstructured":"Vigna, G., Kemmerer, R.A.: NetSTAT: a network-based intrusion detection system. Journal of Computer Security\u00a07(1), 37\u201371 (1999)","journal-title":"Journal of Computer Security"},{"key":"5_CR4","doi-asserted-by":"publisher","first-page":"25","DOI":"10.1002\/stvr.264","volume":"13","author":"J. Offutt","year":"2003","unstructured":"Offutt, J., Liu, S., Abdurazik, A., Ammann, P.: Generating test data from state-based specifications. The Journal of Software Testing, Verification and Reliability\u00a013, 25\u201353 (2003)","journal-title":"The Journal of Software Testing, Verification and Reliability"},{"key":"5_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"191","DOI":"10.1007\/978-3-540-87403-4_11","volume-title":"Recent Advances in Intrusion Detection","author":"S. McAllister","year":"2008","unstructured":"McAllister, S., Kirda, E., Kruegel, C.: Leveraging user interactions for in-depth testing of web applications. In: Lippmann, R., Kirda, E., Trachtenberg, A. (eds.) RAID 2008. LNCS, vol.\u00a05230, pp. 191\u2013210. Springer, Heidelberg (2008)"},{"issue":"1","key":"5_CR6","doi-asserted-by":"publisher","first-page":"57","DOI":"10.1007\/s11416-009-0123-7","volume":"6","author":"H.J. Abdelnur","year":"2010","unstructured":"Abdelnur, H.J., State, R., Festor, O.: Advanced fuzzing in the voip space. Journal in Computer Virology\u00a06(1), 57\u201364 (2010)","journal-title":"Journal in Computer Virology"},{"key":"5_CR7","volume-title":"Network Forensics: Tapping the Internet","author":"S. Garfinkel","year":"2002","unstructured":"Garfinkel, S.: Network Forensics: Tapping the Internet. O\u2019Reilly, Sebastopol (2002)"},{"key":"5_CR8","doi-asserted-by":"crossref","unstructured":"Moore, D., Shannon, C., Brown, J.: Code-Red: a case study on the spread and victims of an internet worm. In: Proc. of Internet Measurement Workshop (IMW), pp. 273\u2013284 (2002)","DOI":"10.1145\/637241.637244"},{"key":"5_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"228","DOI":"10.1007\/978-3-540-70542-0_12","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"C. Gates","year":"2008","unstructured":"Gates, C., McHugh, J.: The contact surface: A technique for exploring internet scale emergent behaviors. In: Zamboni, D. (ed.) DIMVA 2008. LNCS, vol.\u00a05137, pp. 228\u2013246. Springer, Heidelberg (2008)"},{"key":"5_CR10","unstructured":"Cui, W., Kannan, J., Wang, H.J.: Discoverer: automatic protocol reverse engineering from network traces. In: Proc. of 16th USENIX Security Symposium, pp. 1\u201314 (2007)"},{"key":"5_CR11","unstructured":"Wondracek, G., Comparetti, P.M., Kr\u00fcgel, C., Kirda, E.: Automatic network protocol analysis. In: Proc. of Network and Distributed System Security Symposium, NDSS (2008)"},{"key":"5_CR12","doi-asserted-by":"crossref","unstructured":"Comparetti, P.M., Wondracek, G., Kruegel, C., Kirda, E.: Prospex: Protocol specification extraction. In: Proc. of the 30th IEEE Symposium on Security and Privacy, pp. 110\u2013125 (2009)","DOI":"10.1109\/SP.2009.14"},{"key":"5_CR13","first-page":"65","volume":"6","author":"S. Holm","year":"1979","unstructured":"Holm, S.: A simple sequentially rejective multiple test procedure. Scandinavian Journal of Statistics\u00a06, 65\u201370 (1979)","journal-title":"Scandinavian Journal of Statistics"},{"key":"5_CR14","first-page":"23","volume":"9","author":"K. Rieck","year":"2008","unstructured":"Rieck, K., Laskov, P.: Linear-time computation of similarity measures for sequential data. Journal of Machine Learning Research\u00a09, 23\u201348 (2008)","journal-title":"Journal of Machine Learning Research"},{"key":"5_CR15","volume-title":"Principal Component Analysis","author":"I. Jolliffe","year":"2002","unstructured":"Jolliffe, I.: Principal Component Analysis. Springer, Heidelberg (2002)"},{"key":"5_CR16","doi-asserted-by":"publisher","first-page":"1299","DOI":"10.1162\/089976698300017467","volume":"10","author":"B. Sch\u00f6lkopf","year":"1998","unstructured":"Sch\u00f6lkopf, B., Smola, A., M\u00fcller, K.R.: Nonlinear component analysis as a kernel eigenvalue problem. Neural Computation\u00a010, 1299\u20131319 (1998)","journal-title":"Neural Computation"},{"key":"5_CR17","unstructured":"Lee, D.D., Seung, H.S.: Algorithms for non-negative matrix factorization. In: Advances in Neural Information Processing Systems, vol.\u00a013, pp. 556\u2013562 (2000)"},{"key":"5_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"165","DOI":"10.1007\/11856214_9","volume-title":"Recent Advances in Intrusion Detection","author":"P. Baecher","year":"2006","unstructured":"Baecher, P., Koetter, M., Holz, T., Dornseif, M., Freiling, F.C.: The nepenthes platform: An efficient approach to collect malware. In: Zamboni, D., Kr\u00fcgel, C. (eds.) RAID 2006. LNCS, vol.\u00a04219, pp. 165\u2013184. Springer, Heidelberg (2006)"},{"key":"5_CR19","doi-asserted-by":"crossref","unstructured":"Leita, C., Mermoud, K., Dacier, M.: Scriptgen: an automated script generation tool for honeyd. In: Proc. of Annual Computer Security Applications Conference (ACSAC), pp. 203\u2013214 (2005)","DOI":"10.1109\/CSAC.2005.49"},{"key":"5_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"185","DOI":"10.1007\/11856214_10","volume-title":"Recent Advances in Intrusion Detection","author":"C. Leita","year":"2006","unstructured":"Leita, C., Dacier, M., Massicotte, F.: Automatic handling of protocol dependencies and reaction to 0-day attacks with scriptGen based honeypots. In: Zamboni, D., Kr\u00fcgel, C. (eds.) RAID 2006. LNCS, vol.\u00a04219, pp. 185\u2013205. Springer, Heidelberg (2006)"},{"issue":"1","key":"5_CR21","doi-asserted-by":"publisher","first-page":"67","DOI":"10.1007\/s11416-006-0012-2","volume":"2","author":"U. Bayer","year":"2006","unstructured":"Bayer, U., Moser, A., Kruegel, C., Kirda, E.: Dynamic analysis of malicious code. Journal in Computer Virology\u00a02(1), 67\u201377 (2006)","journal-title":"Journal in Computer Virology"},{"key":"5_CR22","doi-asserted-by":"crossref","unstructured":"Rieck, K., Schwenk, G., Limmer, T., Holz, T., Laskov, P.: Botzilla: Detecting the \u201dphoning home\u201d of malicious software. In: Proc. of 25th ACM Symposium on Applied Computing, SAC (2010)","DOI":"10.1145\/1774088.1774506"},{"key":"5_CR23","doi-asserted-by":"crossref","unstructured":"Paxson, V., Pang, R.: A high-level programming environment for packet trace anonymization and transformation. In: Proc. of ACM SIGCOMM, pp. 339\u2013351 (2003)","DOI":"10.1145\/863955.863994"},{"key":"5_CR24","doi-asserted-by":"crossref","unstructured":"Krueger, T., Gehl, C., Rieck, K., Laskov, P.: TokDoc: A self-healing web application firewall. In: Proc. of 25th ACM Symposium on Applied Computing, SAC (2010)","DOI":"10.1145\/1774088.1774480"},{"key":"5_CR25","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"74","DOI":"10.1007\/11790754_5","volume-title":"Detection of Intrusions and Malware & Vulnerability Assessment","author":"K. Rieck","year":"2006","unstructured":"Rieck, K., Laskov, P.: Detecting unknown network attacks using language models. In: B\u00fcschkes, R., Laskov, P. (eds.) DIMVA 2006. LNCS, vol.\u00a04064, pp. 74\u201390. Springer, Heidelberg (2006)"},{"key":"5_CR26","unstructured":"Cui, W., Paxson, V., Weaver, N., Katz, R.H.: Protocol-independent adaptive replay of application dialog. In: Proc. of Network and Distributed System Security Symposium, NDSS (2006)"},{"key":"5_CR27","doi-asserted-by":"crossref","unstructured":"Newsome, J., Brumley, D., Franklin, J., Song, D.: Replayer: automatic protocol replay by binary analysis. In: Conference on Computer and Communications Security (CCS), pp. 311\u2013321 (2006)","DOI":"10.1145\/1180405.1180444"},{"key":"5_CR28","doi-asserted-by":"crossref","unstructured":"Patwari, N., Hero III, A.O., Pacholski, A.: Manifold learning visualization of network traffic data. In: Proc. of the ACM SIGCOMM Workshop on Mining Network Data, pp. 191\u2013196 (2005)","DOI":"10.1145\/1080173.1080182"},{"key":"5_CR29","doi-asserted-by":"crossref","unstructured":"Lakhina, A., Crovella, M., Diot, C.: Diagnosing network-wide traffic anomalies. In: Proc. of ACM SIGCOMM, pp. 219\u2013230 (2004)","DOI":"10.1145\/1030194.1015492"},{"key":"5_CR30","doi-asserted-by":"crossref","unstructured":"Ringberg, H., Soule, A., Rexford, J., Diot, C.: Sensitivity of PCA for traffic anomaly detection. In: Proc. of the ACM SIGMETRICS, pp. 109\u2013120 (2007)","DOI":"10.1145\/1269899.1254895"},{"issue":"12","key":"5_CR31","doi-asserted-by":"publisher","first-page":"1974","DOI":"10.1016\/j.jss.2009.06.040","volume":"82","author":"W. Wang","year":"2009","unstructured":"Wang, W., Zhang, X., Gombault, S.: Constructing attribute weights from computer audit data for effective intrusion detection. J. Syst. Softw.\u00a082(12), 1974\u20131981 (2009)","journal-title":"J. Syst. Softw."},{"key":"5_CR32","doi-asserted-by":"crossref","unstructured":"Guan, X., Wang, W., Zhang, X.: Fast intrusion detection based on a non-negative matrix factorization model. J. Netw. Comput. Appl. 32(1) (2009)","DOI":"10.1016\/j.jnca.2008.04.006"},{"key":"5_CR33","doi-asserted-by":"crossref","unstructured":"Wang, D., Li, T., Zhu, S., Ding, C.: Multi-document summarization via sentence-level semantic analysis and symmetric matrix factorization. In: Proc. of the 31st ACM SIGIR, pp. 307\u2013314 (2008)","DOI":"10.1145\/1390334.1390387"},{"key":"5_CR34","first-page":"1457","volume":"5","author":"P.O. Hoyer","year":"2004","unstructured":"Hoyer, P.O.: Non-negative matrix factorization with sparseness constraints. J. Mach. Learn. Res.\u00a05, 1457\u20131469 (2004)","journal-title":"J. Mach. Learn. Res."},{"key":"5_CR35","first-page":"2006","volume":"15","author":"H. Zou","year":"2004","unstructured":"Zou, H., Hastie, T., Tibshirani, R.: Sparse principal component analysis. Journal of Computational and Graphical Statistics\u00a015, 2006\u20132035 (2004)","journal-title":"Journal of Computational and Graphical Statistics"}],"container-title":["Lecture Notes in Computer Science","Privacy and Security Issues in Data Mining and Machine Learning"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-19896-0_5","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,3,5]],"date-time":"2025-03-05T03:39:12Z","timestamp":1741145952000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-19896-0_5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2011]]},"ISBN":["9783642198953","9783642198960"],"references-count":35,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-19896-0_5","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2011]]}}}