{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,31]],"date-time":"2025-10-31T07:29:10Z","timestamp":1761895750611,"version":"3.40.4"},"publisher-location":"Berlin, Heidelberg","reference-count":29,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642412837"},{"type":"electronic","value":"9783642412844"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2013]]},"DOI":"10.1007\/978-3-642-41284-4_15","type":"book-chapter","created":{"date-parts":[[2013,10,22]],"date-time":"2013-10-22T17:35:11Z","timestamp":1382463311000},"page":"286-306","source":"Crossref","is-referenced-by-count":11,"title":["Deconstructing the Assessment of Anomaly-based Intrusion Detectors"],"prefix":"10.1007","author":[{"given":"Arun","family":"Viswanathan","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Kymie","family":"Tan","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Clifford","family":"Neuman","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"issue":"2","key":"15_CR1","doi-asserted-by":"publisher","first-page":"222","DOI":"10.1109\/TSE.1987.232894","volume":"SE-13","author":"D.E. Denning","year":"1987","unstructured":"Denning, D.E.: An Intrusion-Detection Model. IEEE Trans. on Software Engineering\u00a0SE-13(2), 222\u2013232 (1987)","journal-title":"IEEE Trans. on Software Engineering"},{"key":"15_CR2","series-title":"IFIP","doi-asserted-by":"publisher","first-page":"141","DOI":"10.1007\/978-0-387-73269-5_19","volume-title":"Fifth World Conference on Information Security Education","author":"S. Peisert","year":"2007","unstructured":"Peisert, S., Bishop, M.: How to Design Computer Security Experiments. In: Futcher, L., Dodge, R. (eds.) Fifth World Conference on Information Security Education. IFIP, vol.\u00a0237, pp. 141\u2013148. Springer, Boston (2007)"},{"key":"15_CR3","doi-asserted-by":"crossref","unstructured":"Maxion, R.: Making experiments dependable. In: Jones, C.B., Lloyd, J.L. (eds.) Festschrift Randell. LNCS, vol.\u00a06875, pp. 344\u2013357. Springer, Heidelberg (2011)","DOI":"10.1007\/978-3-642-24541-1_26"},{"key":"15_CR4","first-page":"21","volume-title":"Proc. of the Workshop on New Sec.","author":"C. Gates","year":"2006","unstructured":"Gates, C., Taylor, C.: Challenging the Anomaly Detection Paradigm: a Provocative Discussion. In: Proc. of the Workshop on New Sec., pp. 21\u201329. ACM, Paradigms (2006)"},{"key":"15_CR5","doi-asserted-by":"crossref","unstructured":"Sommer, R., Paxson, V.: Outside the Closed World: On Using Machine Learning for Network Intrusion Detection. In: Proc. of IEEE Symp. on Security and Privacy, pp. 305\u2013316 (May 2010)","DOI":"10.1109\/SP.2010.25"},{"key":"15_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"256","DOI":"10.1007\/978-3-642-15512-3_14","volume-title":"Recent Advances in Intrusion Detection","author":"K. Killourhy","year":"2010","unstructured":"Killourhy, K., Maxion, R.: Why Did My Detector Do That?! In: Jha, S., Sommer, R., Kreibich, C. (eds.) RAID 2010. LNCS, vol.\u00a06307, pp. 256\u2013276. Springer, Heidelberg (2010)"},{"key":"15_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"42","DOI":"10.1007\/978-3-540-74320-0_3","volume-title":"Recent Advances in Intrusion Detection","author":"K.L. Ingham","year":"2007","unstructured":"Ingham, K.L., Inoue, H.: Comparing Anomaly Detection Techniques for HTTP. In: Kruegel, C., Lippmann, R., Clark, A. (eds.) RAID 2007. LNCS, vol.\u00a04637, pp. 42\u201362. Springer, Heidelberg (2007)"},{"key":"15_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"354","DOI":"10.1007\/978-3-642-33338-5_18","volume-title":"Research in Attacks, Intrusions, and Defenses","author":"D. Had\u017eiosmanovi\u0107","year":"2012","unstructured":"Had\u017eiosmanovi\u0107, D., Simionato, L., Bolzoni, D., Zambon, E., Etalle, S.: N-Gram against the Machine: On the Feasibility of the N-Gram Network Analysis for Binary Protocols. In: Balzarotti, D., Stolfo, S.J., Cova, M. (eds.) RAID 2012. LNCS, vol.\u00a07462, pp. 354\u2013373. Springer, Heidelberg (2012)"},{"key":"15_CR9","unstructured":"Lee, W., Xiang, D.: Information-theoretic Measures for Anomaly Detection. In: Proc. of the IEEE Symp. on Security and Privacy, pp. 130\u2013143 (2001)"},{"key":"15_CR10","doi-asserted-by":"crossref","unstructured":"Mai, J., Chuah, C.N., Sridharan, A., Ye, T., Zang, H.: Is sampled data sufficient for anomaly detection? In: Proc. of the 6th ACM SIGCOMM Conf. on Internet measurement, pp. 165\u2013176. ACM (2006)","DOI":"10.1145\/1177080.1177102"},{"key":"15_CR11","doi-asserted-by":"crossref","unstructured":"Ringberg, H., Roughan, M., Rexford, J.: The Need for Simulation in Evaluating Anomaly Detectors. SIGCOMM Comp. Comm. Rev. (CCR)\u00a038(1), 55\u201359 (2008)","DOI":"10.1145\/1341431.1341443"},{"key":"15_CR12","doi-asserted-by":"crossref","unstructured":"Tan, K.M.C., Maxion, R.A.: \u201cWhy 6?\u201d Defining the Operational Limits of Stide, an Anomaly-Based Intrusion Detector. In: Proc. of the IEEE Symp. on Security and Privacy, pp. 188\u2013201 (2002)","DOI":"10.1109\/SECPRI.2002.1004371"},{"issue":"5","key":"15_CR13","doi-asserted-by":"publisher","first-page":"516","DOI":"10.1109\/TSMCC.2010.2048428","volume":"40","author":"M. Tavallaee","year":"2010","unstructured":"Tavallaee, M., Stakhanova, N., Ghorbani, A.: Toward Credible Evaluation of Anomaly-Based Intrusion-Detection Methods. IEEE Trans. on Systems, Man, and Cybernetics, Part C: Applications and Reviews\u00a040(5), 516\u2013524 (2010)","journal-title":"IEEE Trans. on Systems, Man, and Cybernetics, Part C: Applications and Reviews"},{"key":"15_CR14","unstructured":"Forrest, S., Hofmeyr, S.A., Somayaji, A., Longstaff, T.A.: A Sense of Self for Unix Processes. In: Proc. of the IEEE Symp. on Security and Privacy. IEEE (1996)"},{"key":"15_CR15","doi-asserted-by":"crossref","unstructured":"Fogla, P., Lee, W.: Evading Network Anomaly Detection Systems: Formal Reasoning and Practical Techniques. In: Proc. of the 13th ACM Conf. on Comp. and Comm. Sec. (CCS), pp. 59\u201368. ACM (2006)","DOI":"10.1145\/1180405.1180414"},{"key":"15_CR16","doi-asserted-by":"crossref","unstructured":"Wagner, D., Soto, P.: Mimicry Attacks on Host-based Intrusion Detection Systems. In: Proc. of the 9th ACM Conf. on Comp. and Comm. Sec. (CCS), pp. 255\u2013264. ACM (2002)","DOI":"10.1145\/586143.586145"},{"issue":"3","key":"15_CR17","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/1541880.1541882","volume":"41","author":"V. Chandola","year":"2009","unstructured":"Chandola, V., Banerjee, A., Kumar, V.: Anomaly Detection: A Survey. ACM Computing Surveys\u00a041(3), 15:1\u201315:58 (2009)","journal-title":"ACM Computing Surveys"},{"issue":"4","key":"15_CR18","doi-asserted-by":"publisher","first-page":"262","DOI":"10.1145\/382912.382923","volume":"3","author":"J. McHugh","year":"2000","unstructured":"McHugh, J.: Testing Intrusion Detection Systems: A Critique of the 1998 and 1999 DARPA Intrusion Detection System Evaluations as Performed by Lincoln Laboratory. ACM Trans. on Info. System Security\u00a03(4), 262\u2013294 (2000)","journal-title":"ACM Trans. on Info. System Security"},{"key":"15_CR19","unstructured":"Horky, J.: Corrupted Strace Output. In: Bug Report (2010), http:\/\/www.mail-archive.com\/strace-devel@lists.sourceforge.net\/msg01595.html"},{"key":"15_CR20","doi-asserted-by":"crossref","unstructured":"Cretu, G.F., Stavrou, A., et al.: Casting Out Demons: Sanitizing Training Data for Anomaly Sensors. In: Proc. of the IEEE Symp. on Security and Privacy, pp. 81\u201395. IEEE (2008)","DOI":"10.1109\/SP.2008.11"},{"key":"15_CR21","unstructured":"Kohavi, R., et al.: A Study of Cross-Validation and Bootstrap for Accuracy Estimation and Model Selection. In: Intl. Joint Conf. on Artificial Intelligence, vol.\u00a014, pp. 1137\u20131145 (1995)"},{"key":"15_CR22","unstructured":"Data Mining: Practical Machine Learning Tools and Techniques. Morgan Kaufmann (2005)"},{"key":"15_CR23","unstructured":"Javitz, H., Valdes, A.: The SRI IDES Statistical Anomaly Detector. In: Proc. of the IEEE Comp. Soc. Symp. on Research in Security and Privacy, pp. 316\u2013326 (1991)"},{"key":"15_CR24","unstructured":"Lane, T., Brodley, C.E.: Approaches to Online Learning and Concept Drift for User Identification in Computer Security. In: Proc. of the 4th Intl. Conf. on Knowledge Discovery and Data Mining, pp. 259\u2013263 (1998)"},{"key":"15_CR25","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"226","DOI":"10.1007\/11856214_12","volume-title":"Recent Advances in Intrusion Detection","author":"K. Wang","year":"2006","unstructured":"Wang, K., Parekh, J.J., Stolfo, S.J.: Anagram: A content anomaly detector resistant to mimicry attack. In: Zamboni, D., Kruegel, C. (eds.) RAID 2006. LNCS, vol.\u00a04219, pp. 226\u2013248. Springer, Heidelberg (2006)"},{"key":"15_CR26","doi-asserted-by":"crossref","unstructured":"Kruegel, C., Vigna, G.: Anomaly Detection of Web-based Attacks. In: Proc. of the 10th ACM Conf. on Comp. and Comms. Security (CCS), pp. 251\u2013261. ACM (2003)","DOI":"10.1145\/948109.948144"},{"issue":"3","key":"15_CR27","doi-asserted-by":"publisher","first-page":"186","DOI":"10.1145\/357830.357849","volume":"3","author":"S. Axelsson","year":"2000","unstructured":"Axelsson, S.: The Base-rate Fallacy and the Difficulty of Intrusion Detection. ACM Trans. on Info. Systems Security\u00a03(3), 186\u2013205 (2000)","journal-title":"ACM Trans. on Info. Systems Security"},{"key":"15_CR28","doi-asserted-by":"crossref","unstructured":"Mahoney, M.V.: Network Traffic Anomaly Detection Based on Packet Bytes. In: Proc. of the ACM Symp. on Applied computing, pp. 346\u2013350. ACM (2003)","DOI":"10.1145\/952589.952601"},{"key":"15_CR29","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"203","DOI":"10.1007\/978-3-540-30143-1_11","volume-title":"Recent Advances in Intrusion Detection","author":"K. Wang","year":"2004","unstructured":"Wang, K., Stolfo, S.: Anomalous payload-based network intrusion detection. In: Jonsson, E., Valdes, A., Almgren, M. (eds.) RAID 2004. LNCS, vol.\u00a03224, pp. 203\u2013222. Springer, Heidelberg (2004)"}],"container-title":["Lecture Notes in Computer Science","Research in Attacks, Intrusions, and Defenses"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-41284-4_15","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,4,30]],"date-time":"2025-04-30T17:53:16Z","timestamp":1746035596000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-41284-4_15"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2013]]},"ISBN":["9783642412837","9783642412844"],"references-count":29,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-41284-4_15","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2013]]}}}