{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,27]],"date-time":"2025-03-27T09:35:37Z","timestamp":1743068137618,"version":"3.40.3"},"publisher-location":"Singapore","reference-count":59,"publisher":"Springer Nature Singapore","isbn-type":[{"type":"print","value":"9789819635306"},{"type":"electronic","value":"9789819635313"}],"license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-981-96-3531-3_2","type":"book-chapter","created":{"date-parts":[[2025,3,13]],"date-time":"2025-03-13T12:09:14Z","timestamp":1741867754000},"page":"21-38","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Enhancing Network Security Through Vulnerability Monitoring"],"prefix":"10.1007","author":[{"given":"Ryan","family":"Williams","sequence":"first","affiliation":[]},{"given":"Anthony","family":"Gavazzi","sequence":"additional","affiliation":[]},{"given":"Engin","family":"Kirda","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,3,14]]},"reference":[{"key":"2_CR1","unstructured":"cve-search - a tool to perform local searches for known vulnerabilities, November 2021. https:\/\/github.com\/cve-search\/cve-search"},{"key":"2_CR2","unstructured":"kpatch, October 2021. https:\/\/github.com\/dynup\/kpatch"},{"key":"2_CR3","unstructured":"Shodan, January 2021. https:\/\/www.shodan.io\/"},{"key":"2_CR4","unstructured":"Libtooling is a library to support writing standalone tools based on clang (2022). https:\/\/clang.llvm.org\/docs\/LibTooling.html"},{"key":"2_CR5","unstructured":"The mission of the CVE program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities, October 2022. http:\/\/cve.mitre.org"},{"key":"2_CR6","unstructured":"Yara - the pattern matching swiss knife for malware researchers, June 2022. http:\/\/virustotal.github.io\/yara\/"},{"key":"2_CR7","doi-asserted-by":"publisher","first-page":"19","DOI":"10.1016\/j.jnca.2015.11.016","volume":"60","author":"M Ahmed","year":"2016","unstructured":"Ahmed, M., Mahmood, A.N., Hu, J.: A survey of network anomaly detection techniques. J. Netw. Comput. Appl. 60, 19\u201331 (2016)","journal-title":"J. Netw. Comput. Appl."},{"key":"2_CR8","doi-asserted-by":"crossref","unstructured":"Araujo, F., Hamlen, K.W., Biedermann, S., Katzenbeisser, S.: From patches to honey-patches: lightweight attacker misdirection, deception, and disinformation. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 942\u2013953 (2014)","DOI":"10.1145\/2660267.2660329"},{"key":"2_CR9","doi-asserted-by":"crossref","unstructured":"Arnold, J., Kaashoek, M.F.: Ksplice: automatic rebootless kernel updates. In: Proceedings of the 4th ACM European conference on Computer Systems, pp. 187\u2013198 (2009)","DOI":"10.1145\/1519065.1519085"},{"key":"2_CR10","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/s10009-021-00644-w","volume":"24","author":"PA Arras","year":"2022","unstructured":"Arras, P.A., et al.: SaBRe: load-time selective binary rewriting. Int. J. Softw. Tools Technol. Transfer 24, 1\u201319 (2022)","journal-title":"Int. J. Softw. Tools Technol. Transfer"},{"key":"2_CR11","doi-asserted-by":"crossref","unstructured":"Barbara, D., Wu, N., Jajodia, S.: Detecting novel network intrusions using Bayes estimators. In: Proceedings of the 2001 SIAM International Conference on Data Mining, pp. 1\u201317. SIAM (2001)","DOI":"10.1137\/1.9781611972719.28"},{"issue":"1","key":"2_CR12","doi-asserted-by":"publisher","first-page":"303","DOI":"10.1109\/SURV.2013.052213.00046","volume":"16","author":"MH Bhuyan","year":"2013","unstructured":"Bhuyan, M.H., Bhattacharyya, D.K., Kalita, J.K.: Network anomaly detection: methods, systems and tools. IEEE Commun. Surv. Tutor. 16(1), 303\u2013336 (2013)","journal-title":"IEEE Commun. Surv. Tutor."},{"issue":"3","key":"2_CR13","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/1541880.1541882","volume":"41","author":"V Chandola","year":"2009","unstructured":"Chandola, V., Banerjee, A., Kumar, V.: Anomaly detection: a survey. ACM Comput. Surv. (CSUR) 41(3), 1\u201358 (2009)","journal-title":"ACM Comput. Surv. (CSUR)"},{"key":"2_CR14","unstructured":"Chen, Y., Zhang, Y., Wang, Z., Xia, L., Bao, C., Wei, T.: Adaptive android kernel live patching. In: 26th $$\\{$$USENIX$$\\}$$ Security Symposium ($$\\{$$USENIX$$\\}$$ Security 2017), pp. 1253\u20131270 (2017)"},{"key":"2_CR15","unstructured":"Cuppens, F., Miege, A.: Alert correlation in a cooperative intrusion detection framework. In: IEEE Symposium on Security and Privacy (2002)"},{"key":"2_CR16","unstructured":"DeGonia, T.: Cyber kill chain model and framework explained, March 2020. https:\/\/cybersecurity.att.com\/blogs\/security-essentials\/the-internal-cyber-kill-chain-model"},{"key":"2_CR17","doi-asserted-by":"crossref","unstructured":"Duan, R., et al.: Automating patching of vulnerable open-source software versions in application binaries. In: NDSS (2019)","DOI":"10.14722\/ndss.2019.23126"},{"key":"2_CR18","doi-asserted-by":"crossref","unstructured":"Duck, G.J., Gao, X., Roychoudhury, A.: Binary rewriting without control flow recovery. In: Proceedings of the 41st ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 151\u2013163 (2020)","DOI":"10.1145\/3385412.3385972"},{"key":"2_CR19","doi-asserted-by":"crossref","unstructured":"Fawaz, A., Bohara, A., Cheh, C., Sanders, W.H.: Lateral movement detection using distributed data fusion. In: 2016 IEEE 35th Symposium on Reliable Distributed Systems (SRDS), pp. 21\u201330. IEEE (2016)","DOI":"10.1109\/SRDS.2016.014"},{"key":"2_CR20","doi-asserted-by":"crossref","unstructured":"Friedman, S.E., Musliner, D.J.: Automatically repairing stripped executables with CFG microsurgery. In: 2015 IEEE International Conference on Self-Adaptive and Self-Organizing Systems Workshops, pp. 102\u2013107. IEEE (2015)","DOI":"10.1109\/SASOW.2015.21"},{"issue":"12","key":"2_CR21","doi-asserted-by":"publisher","first-page":"56","DOI":"10.1145\/3318162","volume":"62","author":"CL Goues","year":"2019","unstructured":"Goues, C.L., Pradel, M., Roychoudhury, A.: Automated program repair. Commun. ACM 62(12), 56\u201365 (2019)","journal-title":"Commun. ACM"},{"key":"2_CR22","unstructured":"Gu, G., Perdisci, R., Zhang, J., Lee, W.: BotMiner: clustering analysis of network traffic for protocol-and structure-independent botnet detection (2008)"},{"key":"2_CR23","unstructured":"Gu, G., Porras, P.A., Yegneswaran, V., Fong, M.W., Lee, W.: BotHunter: detecting malware infection through ids-driven dialog correlation. In: USENIX Security Symposium (2007)"},{"key":"2_CR24","doi-asserted-by":"crossref","unstructured":"Heinricher, A., Williams, R., Klingbeil, A., Jordan, A.: Weldr: fusing binaries for simplified analysis. In: Proceedings of the 10th ACM SIGPLAN International Workshop on the State of the Art in Program Analysis, pp. 25\u201330 (2021)","DOI":"10.1145\/3460946.3464320"},{"key":"2_CR25","unstructured":"Ho, G., et al.: Detecting and characterizing lateral phishing at scale. In: 28th USENIX Security Symposium (USENIX Security 2019), pp. 1273\u20131290 (2019)"},{"key":"2_CR26","doi-asserted-by":"crossref","unstructured":"Huang, Z., Lie, D., Tan, G., Jaeger, T.: Using safety properties to generate vulnerability patches. In: 2019 IEEE Symposium on Security and Privacy (SP), pp. 539\u2013554. IEEE (2019)","DOI":"10.1109\/SP.2019.00071"},{"key":"2_CR27","unstructured":"Janakiraman, R., Waldvogel, M., Zhang, Q.: Indra: a peer-to-peer approach to network intrusion detection and prevention. In: WET ICE (2003)"},{"key":"2_CR28","doi-asserted-by":"crossref","unstructured":"Jiang, J., Xiong, Y., Zhang, H., Gao, Q., Chen, X.: Shaping program repair space with existing patches and similar code. In: Proceedings of the 27th ACM SIGSOFT International Symposium on Software Testing and Analysis, pp. 298\u2013309 (2018)","DOI":"10.1145\/3213846.3213871"},{"key":"2_CR29","unstructured":"Kannadiga, P., Zulkernine, M.: DIDMA: a distributed intrusion detection system using mobile agents. In: SNPD-SAWN (2005)"},{"issue":"4","key":"2_CR30","doi-asserted-by":"publisher","first-page":"603","DOI":"10.1111\/j.1937-5956.2010.01189.x","volume":"20","author":"BC Kim","year":"2011","unstructured":"Kim, B.C., Chen, P.Y., Mukhopadhyay, T.: The effect of liability and patch release on software security: the monopoly case. Prod. Oper. Manag. 20(4), 603\u2013617 (2011)","journal-title":"Prod. Oper. Manag."},{"key":"2_CR31","doi-asserted-by":"crossref","unstructured":"Kruegel, C., Vigna, G.: Anomaly detection of web-based attacks. In: ACM SIGSAC Conference on Computer and Communications Security (CCS) (2003)","DOI":"10.1145\/948143.948144"},{"key":"2_CR32","doi-asserted-by":"crossref","unstructured":"Lazarevic, A., Ertoz, L., Kumar, V., Ozgur, A., Srivastava, J.: A comparative study of anomaly detection schemes in network intrusion detection. In: Proceedings of the 2003 SIAM International Conference on Data Mining, pp. 25\u201336. SIAM (2003)","DOI":"10.1137\/1.9781611972733.3"},{"key":"2_CR33","unstructured":"Lee, W., Stolfo, S.: Data mining approaches for intrusion detection (1998)"},{"key":"2_CR34","unstructured":"Lee, W., Xiang, D.: Information-theoretic measures for anomaly detection. In: Proceedings 2001 IEEE Symposium on Security and Privacy. S &P 2001, pp. 130\u2013143. IEEE (2000)"},{"key":"2_CR35","doi-asserted-by":"crossref","unstructured":"Liu, Q., et al.: Latte: large-scale lateral movement detection. In: MILCOM 2018-2018 IEEE Military Communications Conference (MILCOM), pp.\u00a01\u20136. IEEE (2018)","DOI":"10.1109\/MILCOM.2018.8599748"},{"key":"2_CR36","doi-asserted-by":"crossref","unstructured":"Long, F., Rinard, M.: Automatic patch generation by learning correct code. In: Proceedings of the 43rd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 298\u2013312 (2016)","DOI":"10.1145\/2837614.2837617"},{"key":"2_CR37","unstructured":"Mitre: Mitre ATT &CK. https:\/\/attack.mitre.org\/"},{"key":"2_CR38","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"337","DOI":"10.1007\/978-3-540-78800-3_24","volume-title":"Tools and Algorithms for the Construction and Analysis of Systems","author":"L de Moura","year":"2008","unstructured":"de Moura, L., Bj\u00f8rner, N.: Z3: an efficient SMT solver. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 337\u2013340. Springer, Heidelberg (2008). https:\/\/doi.org\/10.1007\/978-3-540-78800-3_24"},{"issue":"3","key":"2_CR39","doi-asserted-by":"publisher","first-page":"26","DOI":"10.1109\/65.283931","volume":"8","author":"B Mukherjee","year":"1994","unstructured":"Mukherjee, B., Heberlein, L.T., Levitt, K.N.: Network intrusion detection. IEEE Netw. 8(3), 26\u201341 (1994)","journal-title":"IEEE Netw."},{"key":"2_CR40","unstructured":"Nachenberg, C., Wilhelm, J., Wright, A., Faloutsos, C.: Polonium: tera-scale graph mining and inference for malware detection. In: SIAM International Conference on Data Mining (2011)"},{"key":"2_CR41","doi-asserted-by":"crossref","unstructured":"Nguyen, H.D.T., Qi, D., Roychoudhury, A., Chandra, S.: SemFix: program repair via semantic analysis. In: 2013 35th International Conference on Software Engineering (ICSE), pp. 772\u2013781. IEEE (2013)","DOI":"10.1109\/ICSE.2013.6606623"},{"key":"2_CR42","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"294","DOI":"10.1007\/978-3-319-47413-7_17","volume-title":"Decision and Game Theory for Security","author":"MA Noureddine","year":"2016","unstructured":"Noureddine, M.A., Fawaz, A., Sanders, W.H., Ba\u015far, T.: A game-theoretic approach to respond to attacker lateral movement. In: Zhu, Q., Alpcan, T., Panaousis, E., Tambe, M., Casey, W. (eds.) GameSec 2016. LNCS, vol. 9996, pp. 294\u2013313. Springer, Cham (2016). https:\/\/doi.org\/10.1007\/978-3-319-47413-7_17"},{"key":"2_CR43","doi-asserted-by":"crossref","unstructured":"Rahbarinia, B., Balduzzi, M., Perdisci, R.: Real-time detection of malware downloads via large-scale url$$->$$ file$$->$$ machine graph mining. In: ACM ASIA Conference on Computer and Communications Security (ASIACCS) (2016)","DOI":"10.1145\/2897845.2897918"},{"key":"2_CR44","unstructured":"Rajab, M.A., Ballard, L., Lutz, N., Mavrommatis, P., Provos, N.: CAMP: content-agnostic malware protection. In: ISOC Network and Distributed Systems Security Symposium (NDSS) (2013)"},{"key":"2_CR45","unstructured":"Roesch, M., et\u00a0al.: Snort: lightweight intrusion detection for networks. In: LISA, vol.\u00a099, pp. 229\u2013238 (1999)"},{"key":"2_CR46","unstructured":"Shen, Y., Stringhini, G.: Attack2vec: leveraging temporal word embeddings to understand the evolution of cyberattacks. In: USENIX Security Symposium, pp. 905\u2013921 (2019)"},{"issue":"2","key":"2_CR47","first-page":"211","volume":"6","author":"I Steinwart","year":"2005","unstructured":"Steinwart, I., Hush, D., Scovel, C.: A classification framework for anomaly detection. J. Mach. Learn. Res. 6(2), 211\u2013232 (2005)","journal-title":"J. Mach. Learn. Res."},{"issue":"7","key":"2_CR48","doi-asserted-by":"publisher","first-page":"4285","DOI":"10.1109\/TII.2019.2907754","volume":"15","author":"Z Tian","year":"2019","unstructured":"Tian, Z., et al.: Real-time lateral movement detection based on evidence reasoning network for edge computing environment. IEEE Trans. Industr. Inf. 15(7), 4285\u20134294 (2019)","journal-title":"IEEE Trans. Industr. Inf."},{"key":"2_CR49","unstructured":"Tripwire: The MITRE ATT &CK Framework: Lateral Movement. https:\/\/www.tripwire.com\/state-of-security\/mitre-framework\/the-mitre-attck-framework-lateral-movement\/"},{"issue":"3","key":"2_CR50","doi-asserted-by":"publisher","first-page":"146","DOI":"10.1109\/TDSC.2004.21","volume":"1","author":"F Valeur","year":"2004","unstructured":"Valeur, F., Vigna, G., Kruegel, C., Kemmerer, R.A.: Comprehensive approach to intrusion detection alert correlation. IEEE Trans. Depend. Secure Comput. 1(3), 146\u2013169 (2004)","journal-title":"IEEE Trans. Depend. Secure Comput."},{"issue":"4","key":"2_CR51","first-page":"55","volume":"47","author":"E Vasilomanolakis","year":"2015","unstructured":"Vasilomanolakis, E., Karuppayah, S., M\u00fchlh\u00e4user, M., Fischer, M.: Taxonomy and survey of collaborative intrusion detection. ACM CSUR 47(4), 55 (2015)","journal-title":"ACM CSUR"},{"key":"2_CR52","doi-asserted-by":"crossref","unstructured":"Vigna, G., Kemmerer, R.A.: Netstat: a network-based intrusion detection approach. In: Proceedings 14th Annual Computer Security Applications Conference (Cat. No. 98EX217), pp. 25\u201334. IEEE (1998)","DOI":"10.1109\/CSAC.1998.738566"},{"key":"2_CR53","doi-asserted-by":"crossref","unstructured":"Wang, R., et al.: Ramblr: making reassembly great again. In: NDSS (2017)","DOI":"10.14722\/ndss.2017.23225"},{"key":"2_CR54","doi-asserted-by":"crossref","unstructured":"Wang, S., Wen, M., Chen, L., Yi, X., Mao, X.: How different is it between machine-generated and developer-provided patches?: an empirical study on the correct patches generated by automated program repair techniques. In: 2019 ACM\/IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM), pp. 1\u201312. IEEE (2019)","DOI":"10.1109\/ESEM.2019.8870172"},{"key":"2_CR55","doi-asserted-by":"crossref","unstructured":"Wei, Y., et al.: Automated fixing of programs with contracts. In: Proceedings of the 19th International Symposium on Software Testing and Analysis, pp. 61\u201372 (2010)","DOI":"10.1145\/1831708.1831716"},{"issue":"2","key":"2_CR56","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3487568","volume":"31","author":"R Williams","year":"2021","unstructured":"Williams, R., Ren, T., De Carli, L., Lu, L., Smith, G.: Guided feature identification and removal for resource-constrained firmware. ACM Trans. Softw. Eng. Methodol. (TOSEM) 31(2), 1\u201325 (2021)","journal-title":"ACM Trans. Softw. Eng. Methodol. (TOSEM)"},{"issue":"8","key":"2_CR57","doi-asserted-by":"publisher","first-page":"707","DOI":"10.1109\/TSE.2016.2521368","volume":"42","author":"WE Wong","year":"2016","unstructured":"Wong, W.E., Gao, R., Li, Y., Abreu, R., Wotawa, F.: A survey on software fault localization. IEEE Trans. Software Eng. 42(8), 707\u2013740 (2016)","journal-title":"IEEE Trans. Software Eng."},{"key":"2_CR58","doi-asserted-by":"crossref","unstructured":"Xie, J., Fu, X., Du, X., Luo, B., Guizani, M.: Autopatchdroid: a framework for patching inter-app vulnerabilities in android application. In: 2017 IEEE International Conference on Communications (ICC), pp.\u00a01\u20136. IEEE (2017)","DOI":"10.1109\/ICC.2017.7996682"},{"key":"2_CR59","doi-asserted-by":"crossref","unstructured":"Zhang, X., Zhang, Y., Li, J., Hu, Y., Li, H., Gu, D.: Embroidery: patching vulnerable binary code of fragmentized android devices. In: 2017 IEEE International Conference on Software Maintenance and Evolution (ICSME), pp. 47\u201357. IEEE (2017)","DOI":"10.1109\/ICSME.2017.15"}],"container-title":["Lecture Notes in Computer Science","Network and System Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-981-96-3531-3_2","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,3,13]],"date-time":"2025-03-13T12:09:43Z","timestamp":1741867783000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-981-96-3531-3_2"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"ISBN":["9789819635306","9789819635313"],"references-count":59,"URL":"https:\/\/doi.org\/10.1007\/978-981-96-3531-3_2","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2025]]},"assertion":[{"value":"14 March 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"NSS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Network and System Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Abu Dhabi","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"United Arab Emirates","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2024","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"21 November 2024","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"23 November 2024","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"18","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"nss2024","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/nsclab.org\/nss-socialsec2024\/index.html","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}