{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,7]],"date-time":"2024-09-07T16:43:35Z","timestamp":1725727415791},"publisher-location":"Berlin, Heidelberg","reference-count":27,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642386305"},{"type":"electronic","value":"9783642386312"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2013]]},"DOI":"10.1007\/978-3-642-38631-2_10","type":"book-chapter","created":{"date-parts":[[2013,5,27]],"date-time":"2013-05-27T00:37:49Z","timestamp":1369615069000},"page":"122-134","source":"Crossref","is-referenced-by-count":2,"title":["Tracing Sources of Anonymous Slow Suspicious Activities"],"prefix":"10.1007","author":[{"given":"Harsha K.","family":"Kalutarage","sequence":"first","affiliation":[]},{"given":"Siraj A.","family":"Shaikh","sequence":"additional","affiliation":[]},{"given":"Qin","family":"Zhou","sequence":"additional","affiliation":[]},{"given":"Anne E.","family":"James","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"10_CR1","unstructured":"Baseline Security Requirements for Network Security Zones in the Government of Canada (June 2007), \n \n http:\/\/www.cse-cst.gc.ca\/its-sti\/publications\/itsg-csti\/itsg22-eng.html#a42"},{"key":"10_CR2","unstructured":"Defend your network from slow scanning (March 2013), \n \n http:\/\/www.techrepublic.com\/blog\/security\/defend-your-network-from-slow-scanning\/361"},{"key":"10_CR3","unstructured":"Slowloris http dos (March 2013), \n \n http:\/\/ha.ckers.org\/slowloris\/"},{"key":"10_CR4","unstructured":"John, A., Sivakumar, T.: DDoS: Survey of Traceback Methods. International Journal of Recent Trends in Engineering\u00a01(2) (May 2009)"},{"key":"10_CR5","doi-asserted-by":"crossref","unstructured":"Snoeren, A.C., Partridge, C., Sanchez, L.A., Jones, C.E., Tchakountio, F., Schwartz, B., Kent, S.T., Strayer, W.T.: Single-packet ip traceback. IEEE\/ACM Trans. Netw. (2002)","DOI":"10.1109\/TNET.2002.804827"},{"key":"10_CR6","unstructured":"Argus: Argus, the network audit record generation and utilization system (December 2012), \n \n http:\/\/www.qosient.com\/argus\/"},{"key":"10_CR7","doi-asserted-by":"crossref","unstructured":"Bradford, P.G., Brown, M., Self, B., Perdue, J.: Towards proactive computer system forensics. In: International Conference on Information Technology: Coding and Computing. IEEE Computer Society (2004)","DOI":"10.1109\/ITCC.2004.1286727"},{"key":"10_CR8","unstructured":"Burch, H., Cheswick, B.: Tracing Anonymous Packets to Their Approximate Source. In: Proc. 2000 of USENIX LISA Conference (2000)"},{"key":"10_CR9","unstructured":"CERT Network Situational Awareness Team, Silk, the system for internet-level knowledge (December 2012), \n \n http:\/\/tools.netsa.cert.org\/silk"},{"issue":"1","key":"10_CR10","doi-asserted-by":"publisher","first-page":"17","DOI":"10.1007\/s10796-010-9268-7","volume":"15","author":"H. Chivers","year":"2013","unstructured":"Chivers, H., Clark, J.A., Nobles, P., Shaikh, S.A., Chen, H.: Knowing who to watch: Identifying attackers whose actions are hidden within false alarms and background noise. Information Systems Frontiers\u00a015(1), 17\u201334 (2013)","journal-title":"Information Systems Frontiers"},{"key":"10_CR11","unstructured":"Chivers, H., Nobles, P., Shaikh, S.A., Clark, J., Chen, H.: Accumulating evidence of insider attacks. In: MIST 2009 (In conjunction with IFIPTM 2009) CEUR Workshop Proceedings (2009)"},{"key":"10_CR12","unstructured":"Miller, D.: Softflowd, flow-based network traffic analyser (December 2012), \n \n http:\/\/www.mindrot.org\/projects\/softflowd\/"},{"key":"10_CR13","unstructured":"Davidoff, S., Ham, J.: Network Forensics: Tracking Hackers through Cyberspace. Prentice Hall (2012)"},{"key":"10_CR14","unstructured":"de Tangil Rotaeche, G.S., Palomar, E., Garnacho, A.R., \u00c1lvarez, B.R.: Anonymity in the service of attackers. In: UPGRADE 2010, pp. 27\u201330 (2010)"},{"key":"10_CR15","doi-asserted-by":"publisher","first-page":"88","DOI":"10.2307\/2987595","volume":"32","author":"S.E. Fienberg","year":"1983","unstructured":"Fienberg, S.E., Kadane, J.B.: The presentation of bayesian statistical analysis in legal proceedings. The Statistician\u00a032, 88\u201398 (1983)","journal-title":"The Statistician"},{"key":"10_CR16","unstructured":"Sager, G.: Security fun with ocxmon and cflowd. In: Internet 2 Working Group (1998)"},{"key":"10_CR17","unstructured":"Kalutarage, H.K., Shaikh, S.A., Zhou, Q., James, A.E.: Sensing for suspicion at scale: A bayesian approach for cyber conflict attribution and reasoning. In: 4th International Conference on Cyber Conflict (CYCON 2012), pp. 1\u201319 (2012)"},{"key":"10_CR18","unstructured":"Kalutarage, H.K., Shaikh, S.A., Zhou, Q., James, A.E.: How do we effectively monitor for slow suspicious activities? In: Proceedings of the International Symposium on Engineering Secure Software and Systems (ESSoS-DS 2013) CEUR Workshop Proceedings (2013), \n \n http:\/\/ceur-ws.org\/Vol-965\/paper06-essos2013.pdf"},{"key":"10_CR19","unstructured":"Mitropoulos, S.: Network forensics: towards a classification of traceback mechanisms. In: Workshop of the 1st International Conference on Security and Privacy for Emerging Areas in Communication Networks (2005)"},{"key":"10_CR20","unstructured":"NS3 Development Team, Ns3 discrete-event network simulator for internet systems (2011), \n \n http:\/\/www.nsnam.org\/"},{"key":"10_CR21","unstructured":"ProQueSys, Flowtraq, for effective monitoring, security, and forensics in a network environment (December 2012), \n \n http:\/\/www.flowtraq.com\/corporate\/product\/flowtraq"},{"key":"10_CR22","unstructured":"Schultz, E.E., Shumway, R.: Incident response: A strategic guide for system and network security breaches Indianapolis. New Riders (2001)"},{"issue":"2","key":"10_CR23","doi-asserted-by":"publisher","first-page":"245","DOI":"10.2307\/2981680","volume":"147","author":"A.F.M. Smith","year":"1984","unstructured":"Smith, A.F.M.: Present position and potential developments: Some personal views bayesian statistics. Journal of the Royal Statistical Society\u00a0147(2), 245\u2013259 (1984)","journal-title":"Journal of the Royal Statistical Society"},{"issue":"3","key":"10_CR24","doi-asserted-by":"publisher","first-page":"226","DOI":"10.1109\/90.929847","volume":"9","author":"S. Stefan","year":"2001","unstructured":"Stefan, S., David, W., Anna, K., Tom, A.: Network support for ip traceback. IEEE\/ACM Transactions on Networking\u00a09(3), 226\u2013237 (2001)","journal-title":"IEEE\/ACM Transactions on Networking"},{"key":"10_CR25","unstructured":"Stone, R.: CenterTrack: An IP overlay network for tracking DoS floods. In: USENIX Security Symposium (2000)"},{"key":"10_CR26","unstructured":"Streilein, W.W., Cunningham, R.K., Webster, S.E.: Improved detection of low profile probe and novel denial of service attacks. In: Workshop on Statistical and Machine Learning Techniques in Computer Intrusion Detection (2002)"},{"key":"10_CR27","unstructured":"Heberlein, T.: Tactical operations and strategic intelligence: Sensor purpose and placement. Net Squared Inc., Tech. Rep. TR-2002-04.02 (2002)"}],"container-title":["Lecture Notes in Computer Science","Network and System Security"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-38631-2_10","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,13]],"date-time":"2019-05-13T03:19:37Z","timestamp":1557717577000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-38631-2_10"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2013]]},"ISBN":["9783642386305","9783642386312"],"references-count":27,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-38631-2_10","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2013]]}}}