{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,27]],"date-time":"2025-03-27T03:01:52Z","timestamp":1743044512336,"version":"3.40.3"},"publisher-location":"Singapore","reference-count":26,"publisher":"Springer Singapore","isbn-type":[{"type":"print","value":"9789811375606"},{"type":"electronic","value":"9789811375613"}],"license":[{"start":{"date-parts":[[2019,1,1]],"date-time":"2019-01-01T00:00:00Z","timestamp":1546300800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2019]]},"DOI":"10.1007\/978-981-13-7561-3_15","type":"book-chapter","created":{"date-parts":[[2019,4,30]],"date-time":"2019-04-30T02:12:18Z","timestamp":1556590338000},"page":"193-216","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["An Approach to Meta-Alert Generation for Anomalous TCP Traffic"],"prefix":"10.1007","author":[{"given":"Deeksha","family":"Kushwah","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Rajni Ranjan","family":"Singh","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Deepak Singh","family":"Tomar","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2019,4,30]]},"reference":[{"unstructured":"Saraswat, V.K.: Cyber Security Presentation [PowerPoint slides] (2018). Accessed \n                    http:\/\/www.niti.gov.in\/writereaddata\/files\/document_publication\/NationalStrategy-for-AI-Discussion-Paper.pdf","key":"15_CR1"},{"key":"15_CR2","volume-title":"TCP\/IP Protocol Suite","author":"BA Forouzan","year":"2010","unstructured":"Forouzan, B.A.: TCP\/IP Protocol Suite, 4th edn. McGraw Hill Education, Delhi (2010)","edition":"4"},{"unstructured":"Jacobson, V., Leres, C., McCanne, S.: LIBPCAP. Lawrence Berkeley Laboratory, Berkeley, CA (1994). Initial public release June","key":"15_CR3"},{"unstructured":"Roesch, M.: Snort: lightweight intrusion detection for networks. In: Lisa, vol. 99, no. 1, pp. 229\u2013238, November 1999","key":"15_CR4"},{"key":"15_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"85","DOI":"10.1007\/3-540-45474-8_6","volume-title":"Recent Advances in Intrusion Detection","author":"H Debar","year":"2001","unstructured":"Debar, H., Wespi, A.: Aggregation and correlation of intrusion-detection alerts. In: Lee, W., M\u00e9, L., Wespi, A. (eds.) RAID 2001. LNCS, vol. 2212, pp. 85\u2013103. Springer, Heidelberg (2001). \n                    https:\/\/doi.org\/10.1007\/3-540-45474-8_6"},{"key":"15_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"218","DOI":"10.1007\/11427995_18","volume-title":"Intelligence and Security Informatics","author":"A Siraj","year":"2005","unstructured":"Siraj, A., Vaughn, R.B.: A cognitive model for alert correlation in a distributed environment. In: Kantor, P., et al. (eds.) ISI 2005. LNCS, vol. 3495, pp. 218\u2013230. Springer, Heidelberg (2005). \n                    https:\/\/doi.org\/10.1007\/11427995_18"},{"issue":"8","key":"15_CR7","first-page":"8","volume":"7","author":"A Siraj","year":"2007","unstructured":"Siraj, A., Vaughn, R.B.: Alert correlation with abstract incident modeling in a multi-sensor environment. IJCSNS Int. J. Comput. Sci. Netw. Secur. 7(8), 8\u201319 (2007)","journal-title":"IJCSNS Int. J. Comput. Sci. Netw. Secur."},{"unstructured":"Tedesco, G., Aickelin, U.: Data reduction in intrusion alert correlation. arXiv preprint \n                    arXiv:0804.1281\n                    \n                   (2008)","key":"15_CR8"},{"doi-asserted-by":"crossref","unstructured":"Harang, R., Guarino, P.: Clustering of Snort alerts to identify patterns and reduce analyst workload. In: Military Communications Conference, MILCOM 2012, pp. 1\u20136. IEEE, October 2012","key":"15_CR9","DOI":"10.1109\/MILCOM.2012.6415777"},{"unstructured":"Cuppens, F.: Managing alerts in a multi-intrusion detection environment. In: ACSAC, p. 0022. IEEE, December 2001","key":"15_CR10"},{"unstructured":"Cuppens, F., Miege, A.: Alert correlation in a cooperative intrusion detection framework. In: Proceedings 2002 IEEE Symposium on Security and Privacy, p. 202. IEEE, May 2002","key":"15_CR11"},{"issue":"2","key":"15_CR12","first-page":"77","volume":"3","author":"H Farhadi","year":"2011","unstructured":"Farhadi, H., AmirHaeri, M., Khansari, M.: Alert correlation and prediction using data mining and HMM. ISC Int. J. Inf. Secur. 3(2), 77\u2013101 (2011)","journal-title":"ISC Int. J. Inf. Secur."},{"doi-asserted-by":"crossref","unstructured":"Julisch, K., Dacier, M.: Mining intrusion detection alarms for actionable knowledge. In: Proceedings of the Eighth ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 366\u2013375. ACM, July 2002","key":"15_CR13","DOI":"10.1145\/775047.775101"},{"key":"15_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/11856214_1","volume-title":"Recent Advances in Intrusion Detection","author":"JJ Treinen","year":"2006","unstructured":"Treinen, J.J., Thurimella, R.: A framework for the application of association rule mining in large intrusion detection infrastructures. In: Zamboni, D., Kruegel, C. (eds.) RAID 2006. LNCS, vol. 4219, pp. 1\u201318. Springer, Heidelberg (2006). \n                    https:\/\/doi.org\/10.1007\/11856214_1"},{"unstructured":"Chyssler, T., Burschka, S., Semling, M., Lingvall, T., Burbeck, K.: Alarm reduction and correlation in intrusion detection systems. In: Detection of Intrusion and Malware & Vulnerability Assessment, DIMVA, pp. 9\u201324, June 2004","key":"15_CR15"},{"issue":"3","key":"15_CR16","doi-asserted-by":"publisher","first-page":"146","DOI":"10.1109\/TDSC.2004.21","volume":"1","author":"F Valeur","year":"2004","unstructured":"Valeur, F., Vigna, G., Kruegel, C., Kemmerer, R.A.: Comprehensive approach to intrusion detection alert correlation. IEEE Trans. Dependable Secure Comput. 1(3), 146\u2013169 (2004)","journal-title":"IEEE Trans. Dependable Secure Comput."},{"issue":"2","key":"15_CR17","doi-asserted-by":"publisher","first-page":"282","DOI":"10.1109\/TDSC.2009.36","volume":"8","author":"A Hofmann","year":"2011","unstructured":"Hofmann, A., Sick, B.: Online intrusion alert aggregation with generative data stream modeling. IEEE Trans. Dependable Secure Comput. 8(2), 282\u2013294 (2011)","journal-title":"IEEE Trans. Dependable Secure Comput."},{"key":"15_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"115","DOI":"10.1007\/3-540-36084-0_7","volume-title":"Recent Advances in Intrusion Detection","author":"B Morin","year":"2002","unstructured":"Morin, B., M\u00e9, L., Debar, H., Ducass\u00e9, M.: M2D2: a formal data model for IDS alert correlation. In: Wespi, A., Vigna, G., Deri, L. (eds.) RAID 2002. LNCS, vol. 2516, pp. 115\u2013137. Springer, Heidelberg (2002). \n                    https:\/\/doi.org\/10.1007\/3-540-36084-0_7"},{"key":"15_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"74","DOI":"10.1007\/3-540-36084-0_5","volume-title":"Recent Advances in Intrusion Detection","author":"P Ning","year":"2002","unstructured":"Ning, P., Cui, Y., Reeves, D.S.: Analyzing intensive intrusion alerts via correlation. In: Wespi, A., Vigna, G., Deri, L. (eds.) RAID 2002. LNCS, vol. 2516, pp. 74\u201394. Springer, Heidelberg (2002). \n                    https:\/\/doi.org\/10.1007\/3-540-36084-0_5"},{"issue":"2","key":"15_CR20","doi-asserted-by":"publisher","first-page":"274","DOI":"10.1145\/996943.996947","volume":"7","author":"P Ning","year":"2004","unstructured":"Ning, P., Cui, Y., Reeves, D.S., Xu, D.: Techniques and tools for analyzing intrusion alerts. ACM Trans. Inf. Syst. Secur. (TISSEC) 7(2), 274\u2013318 (2004)","journal-title":"ACM Trans. Inf. Syst. Secur. (TISSEC)"},{"unstructured":"Siraj, A., Bridges, S.M., Vaughn, R.B.: Fuzzy cognitive maps for decision support in an intelligent intrusion detection system. In: 2001 Joint 9th IFSA World Congress and 20th NAFIPS International Conference, vol. 4, pp. 2165\u20132170. IEEE, July 2001","key":"15_CR21"},{"unstructured":"M.I.T. Lincoln Laboratory: 1998 DARPA Intrusion Detection Evaluation Dataset. \n                    https:\/\/www.ll.mit.edu\/r-d\/datasets\/1998-darpa-intrusion-detection-evaluation-data-set\n                    \n                  . Accessed 05 May 2018","key":"15_CR22"},{"unstructured":"M.I.T. Lincoln Laboratory: 1999 DARPA Intrusion Detection Evaluation Dataset. \n                    https:\/\/www.ll.mit.edu\/r-d\/datasets\/1999-darpa-intrusion-detection-evaluation-data-set\n                    \n                  . Accessed 05 May 2018","key":"15_CR23"},{"unstructured":"The Honeynet Project. \n                    http:\/\/www.honeynet.org\/\n                    \n                  . Accessed 05 May 2018","key":"15_CR24"},{"unstructured":"Mid-Atlantic Collegiate Cyber Defense Competition (MACCDC). \n                    http:\/\/www.netresec.com\/?page=MACCDC\n                    \n                  . Accessed 05 May 2018","key":"15_CR25"},{"unstructured":"Lyon, G.: Nmap\u2013free security scanner for network exploration & security audits (2009)","key":"15_CR26"}],"container-title":["Communications in Computer and Information Science","Security and Privacy"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-981-13-7561-3_15","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,21]],"date-time":"2019-05-21T00:21:48Z","timestamp":1558398108000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-981-13-7561-3_15"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019]]},"ISBN":["9789811375606","9789811375613"],"references-count":26,"URL":"https:\/\/doi.org\/10.1007\/978-981-13-7561-3_15","relation":{},"ISSN":["1865-0929","1865-0937"],"issn-type":[{"type":"print","value":"1865-0929"},{"type":"electronic","value":"1865-0937"}],"subject":[],"published":{"date-parts":[[2019]]},"assertion":[{"value":"30 April 2019","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ISEA-ISAP","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Security & Privacy","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Jaipur","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"India","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2019","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"9 January 2019","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"11 January 2019","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"iseaisap2019","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.isea-sp.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"easychair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"88","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"21","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"24% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"3-5","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"2","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"No","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}}]}}