{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,25]],"date-time":"2025-03-25T14:23:41Z","timestamp":1742912621226,"version":"3.40.3"},"publisher-location":"Berlin, Heidelberg","reference-count":35,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642242694"},{"type":"electronic","value":"9783642242700"}],"license":[{"start":{"date-parts":[[2011,1,1]],"date-time":"2011-01-01T00:00:00Z","timestamp":1293840000000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2011]]},"DOI":"10.1007\/978-3-642-24270-0_25","type":"book-chapter","created":{"date-parts":[[2011,9,7]],"date-time":"2011-09-07T10:51:44Z","timestamp":1315392704000},"page":"338-354","source":"Crossref","is-referenced-by-count":3,"title":["FloGuard: Cost-Aware Systemwide Intrusion Defense via Online Forensics and On-Demand IDS Deployment"],"prefix":"10.1007","author":[{"given":"Saman Aliari","family":"Zonouz","sequence":"first","affiliation":[]},{"given":"Kaustubh R.","family":"Joshi","sequence":"additional","affiliation":[]},{"given":"William H.","family":"Sanders","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"25_CR1","unstructured":"HTTPTrafficGen (2008), http:\/\/www.nsauditor.com\/"},{"key":"25_CR2","unstructured":"John the Ripper (2008), http:\/\/www.openwall.com\/john\/"},{"key":"25_CR3","unstructured":"RoomPHPlanning (2008), http:\/\/www.beaussier.com\/"},{"key":"25_CR4","unstructured":"e-Vision (2009), http:\/\/sourceforge.net\/projects\/e-vision\/"},{"key":"25_CR5","unstructured":"Zabbix (2010), http:\/\/www.zabbix.org\/"},{"key":"25_CR6","unstructured":"Anagnostakis, K., Sidiroglou, S., Akritidis, P., Xinidis, K., Markatos, E., Keromytis, A.: Detecting targeted attacks using shadow honeypots. In: USENIX-Security, p. 9 (2005)"},{"key":"25_CR7","unstructured":"Baratloo, A., Singh, N., Tsai, T.: Transparent run-time defense against stack smashing attacks. In: USENIX-ATC, pp. 251\u2013262 (2000)"},{"key":"25_CR8","unstructured":"Bellard, F.: Qemu, a fast and portable dynamic translator. In: USENIX-ATC, p. 41 (2005)"},{"key":"25_CR9","volume-title":"File System Forensic Analysis","author":"B. Carrier","year":"2005","unstructured":"Carrier, B.: File System Forensic Analysis. Addison-Wesley Prof., Reading (2005)"},{"key":"25_CR10","doi-asserted-by":"crossref","unstructured":"Costa, M., Castro, M., Zhou, L., Zhang, L., Peinado, M.: Bouncer: Securing software by blocking bad input. In: SOSP, pp. 117\u2013130 (2007)","DOI":"10.1145\/1323293.1294274"},{"key":"25_CR11","doi-asserted-by":"crossref","unstructured":"Costa, M., Crowcroft, J., Castro, M., Rowstron, A., Zhou, L., Zhang, L., Barham, P.: Vigilante: End-to-end containment of internet worms. In: SOSP, pp. 133\u2013147 (2005)","DOI":"10.1145\/1095809.1095824"},{"key":"25_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"85","DOI":"10.1007\/3-540-45474-8_6","volume-title":"Recent Advances in Intrusion Detection","author":"H. Debar","year":"2001","unstructured":"Debar, H., Wespi, A.: Aggregation and correlation of intrusion-detection alerts. In: Lee, W., M\u00e9, L., Wespi, A. (eds.) RAID 2001. LNCS, vol.\u00a02212, pp. 85\u2013103. Springer, Heidelberg (2001)"},{"key":"25_CR13","doi-asserted-by":"crossref","unstructured":"Gao, Q., Zhang, W., Tang, Y., Qin, F.: First-aid: Surviving and preventing memory management bugs during production runs. In: EuroSys, pp. 159\u2013172 (2009)","DOI":"10.1145\/1519065.1519083"},{"key":"25_CR14","doi-asserted-by":"crossref","unstructured":"Goel, A., Po, K., Farhadi, K., Li, Z., de Lara, E.: The taser intrusion recovery system. In: SOSP, pp. 163\u2013176 (2005)","DOI":"10.1145\/1095810.1095826"},{"key":"25_CR15","unstructured":"Gu, G., Porras, P., Yegneswaran, V., Fong, M., Lee, W.: BotHunter: Detecting malware infection through IDS-driven dialog correlation. In: USENIX-Security, pp. 1\u201316 (2007)"},{"key":"25_CR16","doi-asserted-by":"crossref","unstructured":"King, S.T., Chen, P.M.: Backtracking intrusions. In: SOSP, vol.\u00a037(5), pp. 223\u2013236 (2003)","DOI":"10.1145\/945445.945467"},{"key":"25_CR17","unstructured":"Kojm, T.: ClamAV (2009), http:\/\/www.clamav.net\/"},{"key":"25_CR18","first-page":"50","volume-title":"CCS","author":"S. Krishnan","year":"2010","unstructured":"Krishnan, S., Snow, K.Z., Monrose, F.: Trail of bytes: Efficient support for forensic analysis. In: CCS, pp. 50\u201360. ACM, New York (2010)"},{"issue":"7","key":"25_CR19","doi-asserted-by":"publisher","first-page":"558","DOI":"10.1145\/359545.359563","volume":"21","author":"L. Lamport","year":"1978","unstructured":"Lamport, L.: Time, clocks, and the ordering of events in a distributed system. ACM-Comm.\u00a021(7), 558\u2013565 (1978)","journal-title":"ACM-Comm."},{"key":"25_CR20","doi-asserted-by":"crossref","unstructured":"Li, C., Jiang, W., Zou, X.: Botnet: Survey and case study. In: ICICIC, pp. 1184\u20131187 (2009)","DOI":"10.1109\/ICICIC.2009.127"},{"key":"25_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"82","DOI":"10.1007\/11663812_5","volume-title":"Recent Advances in Intrusion Detection","author":"M. Locasto","year":"2006","unstructured":"Locasto, M., Wang, K., Keromytis, A.D., Stolfo, S.J.: FLIPS: Hybrid adaptive intrusion prevention. In: Valdes, A., Zamboni, D. (eds.) RAID 2005. LNCS, vol.\u00a03858, pp. 82\u2013101. Springer, Heidelberg (2006)"},{"key":"25_CR22","unstructured":"Mukkamala, S., Sung, A.H.: Identifying significant features for network forensic analysis using artificial intelligent techniques. IJDE, 1 (2003)"},{"key":"25_CR23","unstructured":"Nagaraja, S., Mittal, P., Yao Hong, C., Caesar, M., Borisov, N.: BotGrep: Finding P2P bots with structured graph analysis"},{"key":"25_CR24","doi-asserted-by":"crossref","unstructured":"Nethercote, N., Seward, J.: Valgrind: A program supervision framework. In: Runtime-Verification WS (2003)","DOI":"10.1016\/S1571-0661(04)81042-9"},{"key":"25_CR25","unstructured":"Porras, P., Neumann, P.: EMERALD: Event monitoring enabling responses to anomalous live disturbances. In: Proc. of the Info. Systems Security Conf., pp. 353\u2013365 (1997)"},{"key":"25_CR26","doi-asserted-by":"crossref","unstructured":"Qin, F., Tucek, J., Sundaresan, J., Zhou, Y.: Rx: Treating bugs as allergies: A safe method to survive software failures. In: SOSP, pp. 235\u2013248 (2005)","DOI":"10.1145\/1095809.1095833"},{"key":"25_CR27","unstructured":"Roesch, M.: Snort: Lightweight intrusion detection for networks. In: USENIX-LISA, pp. 229\u2013238 (1999)"},{"key":"25_CR28","unstructured":"Ruwase, O., Lam, M.S.: A practical dynamic buffer overflow detector. In: NDSS, pp. 159\u2013169 (2004)"},{"key":"25_CR29","unstructured":"Schneier, B.: Attack trees. Dr. Dobb\u2019s Journal (1999)"},{"key":"25_CR30","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-540-89862-7_1","volume-title":"Information Systems Security","author":"D. Song","year":"2008","unstructured":"Song, D., Brumley, D., Yin, H., Caballero, J., Jager, I., Kang, M.G., Liang, Z., Newsome, J., Poosankam, P., Saxena, P.: BitBlaze: A new approach to computer security via binary analysis. In: Sekar, R., Pujari, A.K. (eds.) ICISS 2008. LNCS, vol.\u00a05352, pp. 1\u201325. Springer, Heidelberg (2008)"},{"issue":"3","key":"25_CR31","doi-asserted-by":"publisher","first-page":"115","DOI":"10.1145\/1272996.1273010","volume":"41","author":"J. Tucek","year":"2007","unstructured":"Tucek, J., Newsome, J., Lu, S., Huang, C., Xanthos, S., Brumley, D., Zhou, Y., Song, D.: Sweeper: A lightweight end-to-end system for defending against fast worms. EuroSys\u00a041(3), 115\u2013128 (2007)","journal-title":"EuroSys"},{"key":"25_CR32","unstructured":"Wotring, B., Potter, B., Ranum, M., Wichmann, R.: Host Integrity Monitoring Using Osiris and Samhain. Syngress Publishing (2005)"},{"key":"25_CR33","doi-asserted-by":"crossref","unstructured":"Yin, H., Song, D., Egele, M., Kruegel, C., Kirda, E.: Panorama: Capturing system-wide information flow for malware detection and analysis. In: CCS, pp. 116\u2013127 (2007)","DOI":"10.1145\/1315245.1315261"},{"key":"25_CR34","doi-asserted-by":"crossref","unstructured":"Zonouz, S.A., Joshi, K.R., Sanders, W.H.: Cost-aware systemwide intrusion defense via online forensics and on-demand detector deployment. In: CCS-SafeConfig, pp. 71\u201374 (2010)","DOI":"10.1145\/1866898.1866910"},{"key":"25_CR35","doi-asserted-by":"crossref","unstructured":"Zonouz, S.A., Khurana, H., Sanders, W.H., Yardley, T.M.: RRE: A game-theoretic intrusion Response and Recovery Engine. In: DSN, pp. 439\u2013448 (2009)","DOI":"10.1109\/DSN.2009.5270307"}],"container-title":["Lecture Notes in Computer Science","Computer Safety, Reliability, and Security"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-24270-0_25","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,6,14]],"date-time":"2019-06-14T22:50:02Z","timestamp":1560552602000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-24270-0_25"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2011]]},"ISBN":["9783642242694","9783642242700"],"references-count":35,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-24270-0_25","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2011]]}}}