{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,4]],"date-time":"2026-02-04T15:35:57Z","timestamp":1770219357831,"version":"3.49.0"},"publisher-location":"Berlin, Heidelberg","reference-count":38,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783642402029","type":"print"},{"value":"9783642402036","type":"electronic"}],"license":[{"start":{"date-parts":[[2013,1,1]],"date-time":"2013-01-01T00:00:00Z","timestamp":1356998400000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2013]]},"DOI":"10.1007\/978-3-642-40203-6_30","type":"book-chapter","created":{"date-parts":[[2013,8,14]],"date-time":"2013-08-14T06:48:53Z","timestamp":1376462933000},"page":"536-555","source":"Crossref","is-referenced-by-count":17,"title":["Patrol: Revealing Zero-Day Attack Paths through Network-Wide System Object Dependencies"],"prefix":"10.1007","author":[{"given":"Jun","family":"Dai","sequence":"first","affiliation":[]},{"given":"Xiaoyan","family":"Sun","sequence":"additional","affiliation":[]},{"given":"Peng","family":"Liu","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"30_CR1","unstructured":"Sheyner, O., Haines, J., Jha, S.: Automated generation and analysis of attack graphs. IEEE Oakland (2002)"},{"key":"30_CR2","unstructured":"Jajodia, S., Noel, S., O\u2019Berry, B.: Topological analysis of network attack vulnerability. Managing Cyber Threats: Issues, Approaches and Challanges (2003)"},{"key":"30_CR3","unstructured":"Ou, X., Govindavajhala, S., Appel, A.W.: MulVAL: A logic-based network security analyzer. In: USENIX Security (2005)"},{"key":"30_CR4","doi-asserted-by":"crossref","unstructured":"Wang, L., Jajodia, S., Singhal, A., Cheng, P., Noel, S.: k-Zero day safety: A network security metric for measuring the risk of unknown vulnerabilities. In: TDSC (2013)","DOI":"10.1109\/TDSC.2013.24"},{"key":"30_CR5","doi-asserted-by":"crossref","unstructured":"Albanese, M., Jajodia, S., Singhal, A., Wang, L.: An efficient approach to assessing the risk of zero-day vulnerabilities. In: SECRYPT (2013)","DOI":"10.1007\/978-3-662-44788-8_19"},{"key":"30_CR6","doi-asserted-by":"crossref","unstructured":"Long, J.: Google Hacking for Penetration Testers. Syngress (2007)","DOI":"10.1016\/B978-159749176-1.50006-0"},{"key":"30_CR7","unstructured":"McClure, S.: Hacking Exposed: Network Security Secrets and Solutions. McGraw-Hill (2009)"},{"key":"30_CR8","unstructured":"Network Penetration Testing. MosaicSecurity.com. https:\/\/mosaicsecurity.com\/categories"},{"key":"30_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"85","DOI":"10.1007\/3-540-45474-8_6","volume-title":"Recent Advances in Intrusion Detection","author":"H. Debar","year":"2001","unstructured":"Debar, H., Wespi, A.: Aggregation and correlation of intrusion-detection alerts. In: Lee, W., M\u00e9, L., Wespi, A. (eds.) RAID 2001. LNCS, vol.\u00a02212, pp. 85\u2013103. Springer, Heidelberg (2001)"},{"key":"30_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"54","DOI":"10.1007\/3-540-45474-8_4","volume-title":"Recent Advances in Intrusion Detection","author":"A. Valdes","year":"2001","unstructured":"Valdes, A., Skinner, K.: Probabilistic alert correlation. In: Lee, W., M\u00e9, L., Wespi, A. (eds.) RAID 2001. LNCS, vol.\u00a02212, pp. 54\u201368. Springer, Heidelberg (2001)"},{"key":"30_CR11","unstructured":"Forrest, S., Hofmeyr, S.A., Somayaji, A., Longstaff, T.A.: A sense of self for unix processes. IEEE Oakland (1996)"},{"key":"30_CR12","unstructured":"Lee, W., Stolfo, S.J., Chan, P.K.: Learning patterns from unix process execution traces for intrusion detection. In: AI Approaches to Fraud Detection and Risk Management (1997)"},{"key":"30_CR13","doi-asserted-by":"crossref","unstructured":"Kosoresow, A.P., Hofmeyer, S.A.: Intrusion detection via system call traces. IEEE Software (1997)","DOI":"10.1109\/52.605929"},{"key":"30_CR14","doi-asserted-by":"crossref","unstructured":"Hofmeyr, S.A., Forrest, S., Somayaji, A.: Intrusion detection using sequences of system calls. Journal of Computer Security (1998)","DOI":"10.3233\/JCS-980109"},{"key":"30_CR15","unstructured":"Wagner, D., Dean, D.: Intrusion Detection via Static Analysis. IEEE Oakland (2001)"},{"key":"30_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"326","DOI":"10.1007\/978-3-540-39650-5_19","volume-title":"Computer Security \u2013 ESORICS 2003","author":"C. Kruegel","year":"2003","unstructured":"Kruegel, C., Mutz, D., Valeur, F., Vigna, G.: On the detection of anomalous system call arguments. In: Snekkenes, E., Gollmann, D. (eds.) ESORICS 2003. LNCS, vol.\u00a02808, pp. 326\u2013343. Springer, Heidelberg (2003)"},{"key":"30_CR17","unstructured":"Tandon, G., Chan, P.: Learning rules from system call arguments and sequences for anomaly detection. In: ICDM DMSEC (2003)"},{"key":"30_CR18","doi-asserted-by":"crossref","unstructured":"Bhatkar, S., Chaturvedi, A., Sekar, R.: Dataflow anomaly detection. IEEE Oakland (2006)","DOI":"10.1109\/SP.2006.12"},{"key":"30_CR19","doi-asserted-by":"crossref","unstructured":"Sekar, R., Gupta, A., Frullo, J., Shanbhag, T.: Specification-based Anomaly Detection: A New Approach for Detecting Network Intrusions. In: ACM CCS (2002)","DOI":"10.1145\/586143.586146"},{"key":"30_CR20","unstructured":"Ko, C., Ruschitzka, M., Levitt, K.: Execution Monitoring of Security-Critical Programs in Distributed Systems: A Specification-Based Approach. IEEE Oakland (1997)"},{"key":"30_CR21","unstructured":"Snort. Sourcefire, Inc., http:\/\/www.snort.org"},{"key":"30_CR22","unstructured":"Tripwire. Tripwire, Inc., http:\/\/www.tripwire.com"},{"key":"30_CR23","doi-asserted-by":"crossref","unstructured":"King, S.T., Chen, P.M.: Backtracking intrusions. In: ACM SOSP (2003)","DOI":"10.1145\/945445.945467"},{"key":"30_CR24","doi-asserted-by":"crossref","unstructured":"Xiong, X., Jia, X., Liu, P.: Shelf: Preserving business continuity and availability in an intrusion recovery system. In: ACSAC (2009)","DOI":"10.1109\/ACSAC.2009.52"},{"key":"30_CR25","doi-asserted-by":"crossref","unstructured":"Goel, A., Po, K., Farhadi, K., Li, Z., de Lara, E.: The taser intrusion recovery system. In: ACM SOSP (2005)","DOI":"10.1145\/1095810.1095826"},{"key":"30_CR26","unstructured":"Knuth, D.E.: The Art Of Computer Programming (1997)"},{"key":"30_CR27","unstructured":"CWE. MITRE, http:\/\/cwe.mitre.org"},{"key":"30_CR28","unstructured":"CAPEC. MITRE, http:\/\/capec.mitre.org"},{"key":"30_CR29","unstructured":"Graphviz, http:\/\/www.graphviz.org"},{"key":"30_CR30","unstructured":"Nessus. Tenable Network Security, http:\/\/www.tenable.com"},{"key":"30_CR31","unstructured":"Oval. MITRE, http:\/\/oval.mitre.org"},{"key":"30_CR32","unstructured":"Wireshark. Wireshark Foundation, http:\/\/www.wireshark.org"},{"key":"30_CR33","unstructured":"Ntop, http:\/\/www.ntop.org"},{"key":"30_CR34","unstructured":"Bilge, L., Dumitras, T.: An Empirical Study of Zero-Day Attacks In The Real World. In: ACM CCS (2012)"},{"key":"30_CR35","unstructured":"NVD. MITRE, http:\/\/nvd.nist.gov"},{"key":"30_CR36","unstructured":"McVoy, L.W., Staelin, C.: lmbench: Portable Tools for Performance Analysis. In: USENIX (1996)"},{"key":"30_CR37","unstructured":"King, S.T., Mao, Z.M., Lucchetti, D.G., Chen, P.M.: Enriching intrusion alerts through multi-host causality. In: NDSS (2005)"},{"key":"30_CR38","doi-asserted-by":"crossref","unstructured":"Zhai, Y., Ning, P., Xu, J.: Integrating IDS alert correlation and OS-Level dependency tracking. In: IEEE Intelligence and Security Informatics (2006)","DOI":"10.1007\/11760146_24"}],"container-title":["Lecture Notes in Computer Science","Computer Security \u2013 ESORICS 2013"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-40203-6_30","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,3,3]],"date-time":"2022-03-03T18:43:22Z","timestamp":1646333002000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-40203-6_30"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2013]]},"ISBN":["9783642402029","9783642402036"],"references-count":38,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-40203-6_30","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2013]]}}}