{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,20]],"date-time":"2026-02-20T15:54:58Z","timestamp":1771602898809,"version":"3.50.1"},"publisher-location":"Berlin, Heidelberg","reference-count":17,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783642224232","type":"print"},{"value":"9783642224249","type":"electronic"}],"license":[{"start":{"date-parts":[[2011,1,1]],"date-time":"2011-01-01T00:00:00Z","timestamp":1293840000000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2011]]},"DOI":"10.1007\/978-3-642-22424-9_3","type":"book-chapter","created":{"date-parts":[[2011,6,20]],"date-time":"2011-06-20T02:37:35Z","timestamp":1308537455000},"page":"35-54","source":"Crossref","is-referenced-by-count":26,"title":["Decoy Document Deployment for Effective Masquerade Attack Detection"],"prefix":"10.1007","author":[{"given":"Malek","family":"Ben Salem","sequence":"first","affiliation":[]},{"given":"Salvatore J.","family":"Stolfo","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"3_CR1","unstructured":"Ben-Salem, M.: DDA Sensor, \n                    \n                      http:\/\/www1.cs.columbia.edu\/ids\/ruu\/data\/"},{"key":"3_CR2","volume-title":"Insider Attack and Cyber Security: Beyond the Hacker","author":"M. Ben-Salem","year":"2008","unstructured":"Ben-Salem, M., Hershkop, S., Stolfo, S.J.: A survey of insider attack detection research. In: Insider Attack and Cyber Security: Beyond the Hacker. Springer, Heidelberg (2008)"},{"key":"3_CR3","unstructured":"Bowen, B., and Hershkop, S. Decoy.: Document Distributor, \n                    \n                      http:\/\/sneakers.cs.columbia.edu\/ids\/ruu\/dcubed\/"},{"key":"3_CR4","doi-asserted-by":"crossref","unstructured":"Bowen, B.M., Hershkop, S., Keromytis, A.D., Stolfo, S.J.: Baiting inside attackers using decoy documents. In: SecureComm 2009: Proceedings of the 5th International ICST Conference on Security and Privacy in Communication Networks (2009)","DOI":"10.1007\/978-3-642-05284-2_4"},{"key":"3_CR5","doi-asserted-by":"crossref","unstructured":"Chinchani, R., Upadhyaya, S., Kwiat, K.: A tamper-resistant framework for unambiguous detection of attacks in user space using process monitors. In: Proceedings of First IEEE International Workshop on Information Assurance (IWIAS 2003), pp. 25\u201334 (2003)","DOI":"10.1109\/IWIAS.2003.1192456"},{"key":"3_CR6","unstructured":"Greenberg, A.: ID Theft: Don\u2019t Take it Personally (February 2010), \n                    \n                      http:\/\/www.forbes.com\/2010\/02\/09\/banks-consumers-fraud-technology-security-id-theft.html,"},{"key":"3_CR7","unstructured":"Higgins, K.\u00a0J.: Widespread Confickr\/Downadup Worm Hard To Kill (January 2009), \n                    \n                      http:\/\/www.darkreading.com\/security\/attacks-breaches\/212901489\/index.html"},{"key":"3_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"242","DOI":"10.1007\/11832072_17","volume-title":"Security and Cryptography for Networks","author":"J.-S. Kim","year":"2006","unstructured":"Kim, J.-S., Biryukov, A., Preneel, B., Hong, S.H.: On the Security of HMAC and NMAC Based on HAVAL, MD4, MD5, SHA-0 and SHA-1 (Extended Abstract). In: De Prisco, R., Yung, M. (eds.) SCN 2006. LNCS, vol.\u00a04116, pp. 242\u2013256. Springer, Heidelberg (2006)"},{"key":"3_CR9","unstructured":"Krawczyk, H., Bellare, M., Canetti, R.: RFC2104, HMAC: Keyed-Hashing for Message Authentication. The Internet Engineering Task Force (IETF)"},{"key":"3_CR10","doi-asserted-by":"crossref","unstructured":"Maxion, R.A., Townsend, T.N.: Masquerade detection using truncated command lines. In: DSN 2002: Proceedings of the International Conference on Dependable Systems and Networks (2002)","DOI":"10.1109\/DSN.2002.1028903"},{"key":"3_CR11","volume-title":"Obedience to Authority: An Experimental View","author":"S. Milgram","year":"1974","unstructured":"Milgram, S.: Obedience to Authority: An Experimental View. Harpercollins, New York (1974)"},{"key":"3_CR12","doi-asserted-by":"publisher","first-page":"58","DOI":"10.1214\/ss\/998929476","volume":"16","author":"M. Schonlau","year":"2001","unstructured":"Schonlau, M., Dumouchel, W., Ju, W., Karr, A.F., Theus, M., Vardi, Y.: Computer intrusion: Detecting masquerades. Statistical Science\u00a016, 58\u201374 (2001)","journal-title":"Statistical Science"},{"key":"3_CR13","doi-asserted-by":"crossref","unstructured":"Spitzner, L.: Honeypots: Catching the insider threat. In: Proceedings of the 19th Annual Computer Security Applications Conference, pp. 170\u2013179 (December 2003)","DOI":"10.1109\/CSAC.2003.1254322"},{"key":"3_CR14","unstructured":"Stolfo, S.J., Greenbaum, I., Sethumadhavan, S.: Self-monitoring monitors. In: Columbia University Computer Science Department, Technical Report # cucs-026-09 (2009)"},{"key":"3_CR15","first-page":"635","volume-title":"CCS 2009: Proceedings of the 16th ACM conference on Computer and communications security","author":"B. Stone-Gross","year":"2009","unstructured":"Stone-Gross, B., Cova, M., Cavallaro, L., Gilbert, B., Szydlowski, M., Kemmerer, R., Kruegel, C., Vigna, G.: Your botnet is my botnet: analysis of a botnet takeover. In: CCS 2009: Proceedings of the 16th ACM conference on Computer and communications security, pp. 635\u2013647. ACM Press, New York (2009)"},{"key":"3_CR16","unstructured":"Wang, K., Stolfo, S.J.: One-class training for masquerade detection. In: Proceedings of the 3rd IEEE Workshop on Data Mining for Computer Security (2003)"},{"key":"3_CR17","doi-asserted-by":"crossref","unstructured":"Yuill, J., Zappe, M., Denning, D., Feer, F.: Honeyfiles: deceptive files for intrusion detection. In: Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, pp. 116\u2013122 (June 2004)","DOI":"10.1109\/IAW.2004.1437806"}],"container-title":["Lecture Notes in Computer Science","Detection of Intrusions and Malware, and Vulnerability Assessment"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-22424-9_3","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,1,25]],"date-time":"2019-01-25T20:46:05Z","timestamp":1548449165000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-22424-9_3"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2011]]},"ISBN":["9783642224232","9783642224249"],"references-count":17,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-22424-9_3","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2011]]}}}