{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2023,10,15]],"date-time":"2023-10-15T13:53:24Z","timestamp":1697378004343},"reference-count":61,"publisher":"Springer Science and Business Media LLC","issue":"2","license":[{"start":{"date-parts":[[2008,5,8]],"date-time":"2008-05-08T00:00:00Z","timestamp":1210204800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Knowl Inf Syst"],"published-print":{"date-parts":[[2009,2]]},"DOI":"10.1007\/s10115-008-0137-3","type":"journal-article","created":{"date-parts":[[2008,5,7]],"date-time":"2008-05-07T12:44:27Z","timestamp":1210164267000},"page":"231-262","source":"Crossref","is-referenced-by-count":17,"title":["vEye: behavioral footprinting for self-propagating worm detection and profiling"],"prefix":"10.1007","volume":"18","author":[{"given":"Xuxian","family":"Jiang","sequence":"first","affiliation":[]},{"given":"Xingquan","family":"Zhu","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2008,5,8]]},"reference":[{"key":"137_CR1","unstructured":"Agobot Backdoor. http:\/\/www.viruslist.com\/en\/viruses\/encyclopedia?virusid=42101"},{"key":"137_CR2","unstructured":"Arbor Networks: PeakFlow X. http:\/\/www.arbornetworks.com\/products_x.php"},{"key":"137_CR3","unstructured":"Bailey M, Cooke E, Jahanian F, Nazario J, Watson D (2005) The Internet motion sensor: a distributed blackhole monitoring system. In: Proceedings of the 12th network and distributed system security symposium (NDSS), San Diego, CA, February 2005"},{"key":"137_CR4","unstructured":"Bailey M, Cooke E, Watson D, Jahanian F, Provos N (2004) A hybrid honeypot architecture for scalable network monitoring. CSE Technical Report CSE-TR-499-04. University of Michigan, Ann Arbor"},{"key":"137_CR5","volume-title":"Applications of data mining in computer sceurity","author":"D Barbara","year":"2005","unstructured":"Barbara D, Jajodia S (2005) Applications of data mining in computer sceurity. Springer, New York"},{"key":"137_CR6","unstructured":"Bo C, Fang B-X, Yun X-C (2005) A new approach for early detection of internet worms based on connection degree. In: Proceedings of 2005 international conference on machine learning and cybernetics, August 2005"},{"key":"137_CR7","unstructured":"Brodley CE, Chan P (2003) Tutorial: Data mining for computer security. In: Proceedings of the ACM SIGKDD Conference, August 2003"},{"key":"137_CR8","doi-asserted-by":"crossref","unstructured":"Dagon D, Qin X, Gu G, Lee W, Grizzard J, Levine J, Owen H (2004) HoneyStat: local worm detection using honeypots. In: Proceedings of the 7th international symposium on recent advances in intrusion detection (RAID 2004), Sophia Antipolis, French Riviera, France, September 2004","DOI":"10.1007\/978-3-540-30143-1_3"},{"key":"137_CR9","unstructured":"Dike J User mode Linux. http:\/\/user-mode-linux.sourceforge.net"},{"key":"137_CR10","doi-asserted-by":"crossref","unstructured":"Durbin R, Eddy S, Krogh A (1998) Biological sequence analysis. Cambridge University Press, London. ISBN: 0521629713, 1998","DOI":"10.1017\/CBO9780511790492"},{"key":"137_CR11","doi-asserted-by":"crossref","unstructured":"Ellis DR, Aiken JG, Attwood KS, Tenaglia SD (2004) A behavioral approach to worm detection. In: Proceedings of the 2004 ACM workshop on Rapid malcode, October 2004","DOI":"10.1145\/1029618.1029625"},{"key":"137_CR12","doi-asserted-by":"crossref","unstructured":"Estan C, Savage S, Varghese G (2003) Automatically inferring patterns of resource consumption in network traffic. In: Proceedings of the ACM SIGCOMM conference, Karlsruhe, Germany, August 2003","DOI":"10.1145\/863955.863972"},{"key":"137_CR13","unstructured":"Gu G, Sharif M, Qin X, Dagon D, Lee W, Riley G (2004) Worm detection, early warning and response based on local victim information. In: Proceedings of the 20th annual computer security applications conference (ACSAC\u201904), December 2004"},{"key":"137_CR14","unstructured":"Jiang X, Xu D (2004) Collapsar: a VM-based architecture for network attack detention center. In: Proceedings of the 13th USENIX security symposium, August 2004"},{"key":"137_CR15","unstructured":"Jiang X, Xu D, Wang HJ, Spafford EH (2005) Virtual playgrounds for worm behavior investigation. In: Proceedings of the 8th RAID, Seattle, USA, September 2005"},{"key":"137_CR16","doi-asserted-by":"crossref","unstructured":"Jung J, Paxson V, Berger AW, Balakrishnan H (2004) Fast portscan detection using sequential hypothesis testing. In: Proceedings of IEEE symposium on security and privacy, Oakland, CA, May 2004","DOI":"10.1109\/SECPRI.2004.1301325"},{"key":"137_CR17","unstructured":"Kephart JO, Arnold WC (1994) Automatic extraction of computer virus signatures. In: Proceedings of the 4th international virus bulletin conference, September 1994"},{"key":"137_CR18","unstructured":"Kim HA, Karp B (2004) Autograph: toward automated, distributed worm signature detection. In: Proceedings of the 13th usenix security symposium (Security 2004), San Diego, CA, August 2004"},{"key":"137_CR19","unstructured":"Kolesnikov O, Lee W Advanced polymorphic worms: evading IDS by blending in with normal traffic. http:\/\/www.cc.gatech.edu\/~ok\/w\/ok_pw.pdf"},{"key":"137_CR20","doi-asserted-by":"crossref","unstructured":"Kreibich C, Crowcroft J (2004) Honeycomb: creating intrusion detection signatures using honeypots. In: ACM SIGCOMM computer communication review","DOI":"10.1145\/972374.972384"},{"key":"137_CR21","unstructured":"Lee W, Stolfo SJ, Mok K (1999) A data mining framework for building intrusion detection models. In: Proceedings of the IEEE symposium on security and privacy, 1999"},{"key":"137_CR22","unstructured":"Linux Lion Worms. http:\/\/www.whitehats.com\/library\/worms\/lion . Accessed 2001"},{"key":"137_CR23","unstructured":"MSBlaster Worms. CERT advisory CA-2003-20 W32\/Blaster worms. http:\/\/www.cert.org\/advisories\/CA-2003-20.htm . Accessed August 2003"},{"issue":"4","key":"137_CR24","doi-asserted-by":"crossref","first-page":"33","DOI":"10.1109\/MSECP.2003.1219056","volume":"1","author":"D Moore","year":"2003","unstructured":"Moore D, Paxson V, Savage S, Shannon C, Staniford S, Weaver N (2003) The spread of the Sapphire\/Slammer worm. IEEE Secur Priv 1(4): 33\u2013","journal-title":"IEEE Secur Priv"},{"key":"137_CR25","doi-asserted-by":"crossref","unstructured":"Moore D, Shannon C, Brown J (2002) Code-Red: a case study on the spread and victims of an internet worm. In: Proceedings of the ACM internet measurement workshop, November 2002","DOI":"10.1145\/637201.637244"},{"key":"137_CR26","doi-asserted-by":"crossref","unstructured":"Moore D, Voelker G, Savage S (2001) Inferring Internet denial-of-service activity. In: Proceedings of the 10th USENIX security symposium, August 2001","DOI":"10.21236\/ADA400003"},{"key":"137_CR27","unstructured":"Moore D (2002) Network telescopes: observing small or distant security events. In: Proceedings of the 11th USENIX security symposium, August 2002"},{"key":"137_CR28","doi-asserted-by":"crossref","unstructured":"Mukkamala S, Janoski G, Sung A (2002) Intrusion detection using neural networks and support vector machines. In: Proceedings of IEEE international joint conference on neural networks, May 2002","DOI":"10.1109\/IJCNN.2002.1007774"},{"key":"137_CR29","doi-asserted-by":"crossref","unstructured":"Newsome J, Karp B, Song D (2005) Polygraph: automatically generating signatures for polymorphic worms. In: Proceedings of the 2005 IEEE symposium on security and privacy, May 2005","DOI":"10.1109\/SP.2005.15"},{"key":"137_CR30","doi-asserted-by":"crossref","unstructured":"Newsome J, Karp B, Song D (2006) Paragraph: thwarting signature learning by training maliciously. In: Proceedings of the 9th international symposium on recent advances in intrusion detection (RAID 2006), Hamburg, Germany, September 2006","DOI":"10.1007\/11856214_5"},{"key":"137_CR31","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1203\/00006450-197201000-00001","volume":"6","author":"WL Nyhan","year":"1972","unstructured":"Nyhan WL (1972) Behavioral phenotypes in organic genetic disease. Pediatr Res 6: 1\u2013","journal-title":"Pediatr Res"},{"key":"137_CR32","doi-asserted-by":"crossref","unstructured":"Otey M, Parthasarathy S, Ghoting A, Li G, Narravula S, Panda D (2003) Towards NIC-based intrusion detection. In: Proceedings of the 2004 ACM KDD conference, 2003","DOI":"10.1145\/956750.956847"},{"key":"137_CR33","unstructured":"Pei J, Upadhyaya S (2004) Tutorial: data mining for intrusion detection, techniques, applications, and systems. In: Proceedings of the IEEE international conference on data engineering, March 2004"},{"key":"137_CR34","doi-asserted-by":"crossref","unstructured":"Perdisci R, Dagon D, Lee W, Fogla P, Sharif M (2006) Misleading worm signature generators using deliberate noise injection. In: Proceedings of the 2006 IEEE symposium on security and privacy, May 2006","DOI":"10.1109\/SP.2006.26"},{"key":"137_CR35","unstructured":"Perriot F, Szor P An analysis of the Slapper worm exploit. Symantec White Paper. http:\/\/securityresponse.symantec.com\/avcenter\/reference\/analysis.slapper.worm.pdf"},{"key":"137_CR36","unstructured":"Provos N (2004) A virtual honeypot framework. In: Proceedings of the 13th USENIX security symposium, August 2004"},{"key":"137_CR37","unstructured":"Rajab MA, Monrose F, Terzis A (2005) A behavioral approach to worm detection. In: Proceedings of the 2005 ACM workshop on rapid malcode, November 2005"},{"key":"137_CR38","doi-asserted-by":"crossref","unstructured":"Sekar R, Gupta A, Frullo J, Shanbhag T, Tiwari A, Yang H, Zhou S (2002) Specification-based anomaly detection: a new approach for detecting network intrusions. In: Proceedings of 9th ACM conference on computer and communications security, October 2002","DOI":"10.1145\/586110.586146"},{"key":"137_CR39","unstructured":"Singh S, Estan C, Varghese G, Savage S (2004) Automated worm fingerprinting. In: Proceedings of the ACM\/USENIX symposium on operating system design and implementation, San Francisco, CA, December 2004"},{"key":"137_CR40","doi-asserted-by":"crossref","unstructured":"Sommer R, Paxson V (2003) Enhancing byte-level network intrusion detection signatures with context. In: Proceedings of 9th ACM conference on computer and communications security, October 2003","DOI":"10.1145\/948109.948145"},{"key":"137_CR41","unstructured":"Spitzner L (2003) Honeytokens: the other honeypot. http:\/\/www.securityfocus.com\/infocus\/171 . Accessed July 2003"},{"key":"137_CR42","unstructured":"Sundararaj A, Dinda P (2004) Towards virtual networks for virtual machine grid computing. In: Proceedings of the third USENIX virtual machine technology symposium (VM 2004), August 2004"},{"key":"137_CR43","unstructured":"Sasser Worms. http:\/\/www.microsoft.com\/security\/incident\/sasser.as . Accessed May 2004"},{"key":"137_CR44","unstructured":"Snort-inline. http:\/\/sourceforge.net\/projects\/snort-inline\/"},{"key":"137_CR45","unstructured":"The DETER Project. http:\/\/www.isi.edu\/deter\/"},{"key":"137_CR46","unstructured":"The Honeynet Project. http:\/\/www.honeynet.org"},{"key":"137_CR47","doi-asserted-by":"crossref","unstructured":"Touch J (2000) Dynamic Internet overlay deployment and management Using the X-Bone. In: Procedings of IEEE ICNP 2000, November 2000","DOI":"10.1109\/ICNP.2000.896292"},{"key":"137_CR48","unstructured":"Venkataraman S, Blum A, Song D (2008) Limits of learning-based signature generation with adversaries. In: Proceedings of the 15th network and distributed security symposium (NDSS 2008), San Diego, February 2008"},{"key":"137_CR49","unstructured":"Vigna G, Robertson W, Balzarotti D (2004) Testing intrusion detection signatures using mutant exploits. In: Proceedings of the ACM conference on computer and communication security (ACM CCS) 21\u201330 Washington, DC, October 2004"},{"key":"137_CR50","doi-asserted-by":"crossref","unstructured":"Vrable M, Ma J, Chen J, Moore D, Vandekieft E, Snoeren AC, Voelker GM, Savage S (2005) Scalability, fidelity and containment in the potemkin virtual honeyfarm. In: Proceedings of the 20th ACM symposium on operating systems principles, October 2005","DOI":"10.1145\/1095810.1095825"},{"key":"137_CR51","unstructured":"VMware. http:\/\/www.vmware.com\/"},{"key":"137_CR52","unstructured":"Welchia Worm. http:\/\/securityresponse.symantec.com\/avcenter\/venc\/data\/w32.welchia.worm.htm . Accessed August 2003"},{"key":"137_CR53","doi-asserted-by":"crossref","unstructured":"Wang HJ, Guo C, Simon DR, Zugenmaier A (2004) Shield: vulnerability-driven network filters for preventing known vulnerability exploits. SIGCOMM 2004, September 2004","DOI":"10.1145\/1015467.1015489"},{"key":"137_CR54","doi-asserted-by":"crossref","unstructured":"Wang K, Stolfo SJ (2004) Anomalous payload-based network intrusion detection. In: Proceedings of the 7th international symposium on recent advances in intrusion detection (RAID 2004), Sophia Antipolis, French Riviera, France, September 2004","DOI":"10.1007\/978-3-540-30143-1_11"},{"key":"137_CR55","unstructured":"Whalley I, Arnold B, Chess D, Morar J, Segal A (2000) An environment for controlled worm replication and analysis (Internet-inna-Box). In: Proceedings of virus bulletin conference, September 2000"},{"key":"137_CR56","unstructured":"Yegneswaran V, Barford P, Jha S (2004) Global intrusion detection in the DOMINO overlay system. In: Proceedings of network and distributed security symposium (NDSS), San Diego, February 2004"},{"key":"137_CR57","doi-asserted-by":"crossref","unstructured":"Yegneswaran V, Barford P, Plonka D (2004) On the design and use of internet sinks for network abuse monitoring. In: Proceedings of 7th international symposium on recent advances in intrusion detection, September 2004","DOI":"10.1007\/978-3-540-30143-1_8"},{"key":"137_CR58","doi-asserted-by":"crossref","unstructured":"Zanero S, Savaresi SM (2004) Unsupervised learning techniques for an intrusion detection system. In: Proceedings of the 2004 ACM symposium on applied computing, March 2004","DOI":"10.1145\/967900.967988"},{"key":"137_CR59","unstructured":"Zeltser L (2001) Reverse-Engineering Malware. http:\/\/www.zeltser.com\/reverse-malware-paper"},{"key":"137_CR60","unstructured":"Zhu X, Wu X (2007) Mining complex patterns across sequences with gap requirements. In: Proceedings of the twentieth international joint conference on artificial intelligence, January 2007"},{"key":"137_CR61","doi-asserted-by":"crossref","unstructured":"Zou CC, Gong W, Towsley D (2002) Code red worm propagation modeling and analysis. In: Proceedings of 9th ACM conference on computer and communications security, October 2002","DOI":"10.1145\/586110.586130"}],"container-title":["Knowledge and Information Systems"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10115-008-0137-3.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s10115-008-0137-3\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10115-008-0137-3","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,29]],"date-time":"2019-05-29T06:10:17Z","timestamp":1559110217000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s10115-008-0137-3"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2008,5,8]]},"references-count":61,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2009,2]]}},"alternative-id":["137"],"URL":"https:\/\/doi.org\/10.1007\/s10115-008-0137-3","relation":{},"ISSN":["0219-1377","0219-3116"],"issn-type":[{"value":"0219-1377","type":"print"},{"value":"0219-3116","type":"electronic"}],"subject":[],"published":{"date-parts":[[2008,5,8]]}}}