{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,2,3]],"date-time":"2024-02-03T06:10:24Z","timestamp":1706940624834},"reference-count":63,"publisher":"Springer Science and Business Media LLC","issue":"3","license":[{"start":{"date-parts":[[2006,3,8]],"date-time":"2006-03-08T00:00:00Z","timestamp":1141776000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2006,3,8]],"date-time":"2006-03-08T00:00:00Z","timestamp":1141776000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Int. J. Inf. Secur."],"published-print":{"date-parts":[[2006,7]]},"DOI":"10.1007\/s10207-006-0081-8","type":"journal-article","created":{"date-parts":[[2006,3,3]],"date-time":"2006-03-03T16:44:58Z","timestamp":1141404298000},"page":"186-199","update-policy":"http:\/\/dx.doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":7,"title":["A monitoring system for detecting repeated packets with applications to computer worms"],"prefix":"10.1007","volume":"5","author":[{"given":"Paul C.","family":"van Oorschot","sequence":"first","affiliation":[]},{"given":"Jean-Marc","family":"Robert","sequence":"additional","affiliation":[]},{"given":"Miguel Vargas","family":"Martin","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2006,3,8]]},"reference":[{"key":"81_CR1","unstructured":"Anderson, T., Mahajan, R., Spring, N., Wetherall, D.: Rocketfuel: An ISP topology mapping engine (2003). http:\/\/www.cs.washington.edu\/research\/networking\/rocketfuel\/ [Accessed: August 2, 2003]"},{"key":"81_CR2","doi-asserted-by":"crossref","DOI":"10.1093\/oso\/9780198522355.001.0001","volume-title":"Poisson Approximation","author":"A. Barbour","year":"1992","unstructured":"Barbour, A., Holst, L., Janson, S.: Poisson Approximation. Oxford University Press, New York (1992)"},{"key":"81_CR3","volume-title":"Data Networks","author":"D. Bertsekas","year":"1992","unstructured":"Bertsekas, D., Gallager, R.: Data Networks. Prentice Hall, Englewood Cliffs, NJ (1992)"},{"issue":"17","key":"81_CR4","doi-asserted-by":"publisher","first-page":"422","DOI":"10.1145\/362686.362692","volume":"13","author":"B. Bloom","year":"1970","unstructured":"Bloom, B.: Space\/time trade-offs in hash coding with allowable errors. Commun. ACM 13(17), 422\u2013426 (1970)","journal-title":"Commun. ACM"},{"key":"81_CR5","doi-asserted-by":"publisher","first-page":"259","DOI":"10.1016\/S0378-3758(01)00263-4","volume":"104","author":"M. Boutsikas","year":"2002","unstructured":"Boutsikas, M., Koutras, M.: On the number of overflown urns and excess balls in an allocation model with limited urn capacity. Stat. Plan. Inference 104, 259\u2013286 (2002)","journal-title":"Stat. Plan. Inference"},{"issue":"1\u20136","key":"81_CR6","doi-asserted-by":"publisher","first-page":"309","DOI":"10.1016\/S1389-1286(00)00083-9","volume":"33","author":"A. Broder","year":"2000","unstructured":"Broder, A., Kumar, R., Maghoul, F., Raghavan, P., Rajagopalan, S., Stata, R., Tomkins, A., Wiener, J.: Graph structure in the Web. Newblock Comput. Netw. 33(1\u20136), 309\u2013320 (2000)","journal-title":"Newblock Comput. Netw."},{"issue":"4","key":"81_CR7","doi-asserted-by":"crossref","first-page":"485","DOI":"10.1080\/15427951.2004.10129096","volume":"1","author":"A. Broder","year":"2003\u20132004","unstructured":"Broder, A., Mitzenmacher, M.: Network applications of Bloom filters: A survey. Internet Math. 1(4), 485\u2013509 (2003\u20132004)","journal-title":"Internet Math."},{"key":"81_CR8","unstructured":"CERIAS Intrusion Detection Research Group, T.: Digging for worms, fishing for answers. In: Proceedings of the Annual Computer Security Application Conference (ACSAC'02). Las Vegas (2002)"},{"key":"81_CR9","unstructured":"Chen, X., Heidemann, J.: Detecting early worm propagation through packet matching. Tech. Rep. ISI-TR-2004-585, University of Southern California (2004)"},{"key":"81_CR10","volume-title":"Introduction to Algorithms","author":"T. Cormen","year":"2001","unstructured":"Cormen, T., Leiserson, C., Rivest, R., Stein, C.: Introduction to Algorithms, 2nd edn. MIT Press, McGraw-Hill, New York (2001)","edition":"2"},{"key":"81_CR11","unstructured":"Crosby, S., Wallach, D.: Denial of service via algorithmic complexity attacks. In: Proceedings of the 12th USENIX Security Symposium. Washington, DC (2003)"},{"key":"81_CR12","volume-title":"Epidemic Modelling: An Introduction","author":"D. Daley","year":"1999","unstructured":"Daley, D., Gani, J.: Epidemic Modelling: An Introduction. Cambridge University Press, Cambridge, UK (1999)"},{"key":"81_CR13","unstructured":"Dharmapurikar, S., Krishnamurthy, P., Sproull, T., Lockwood, J.: Deep packet inspection using parallel Bloom filters. In: Symposium on High Performance Interconnects (HotI), pp. 44\u201351. Stanford, CA (2003)"},{"key":"81_CR14","doi-asserted-by":"crossref","unstructured":"Dharmapurikar, S., Krishnamurthy, P., Taylor, D.: Longest prefix matching using Bloom filters. In: Proceedings of the Special Interest Group on Data Communication (SIGCOMM'03), pp. 201\u2013212. Karlsruhe, Germany (2003)","DOI":"10.1145\/863955.863979"},{"key":"81_CR15","unstructured":"Dharmapurikar, S., Paxson, V.: Robust TCP stream reassembly in the presence of adversaries. In: Proceedings of the 14th USENIX Security Symposium. Baltimore (2005)"},{"key":"81_CR16","doi-asserted-by":"crossref","unstructured":"Faloutsos, M., Faloutsos, P., Faloutsos, C.: On power-law relationships of the Internet topology. In: Proceedings of the Special Interest Group on Data Communication (SIGCOMM'99), pp. 251\u2013262. Boston\/Cambridge, MA (1999)","DOI":"10.1145\/316188.316229"},{"issue":"3","key":"81_CR17","doi-asserted-by":"publisher","first-page":"281","DOI":"10.1109\/90.851975","volume":"8","author":"L. Fan","year":"2000","unstructured":"Fan, L., Cao, P., Almeida, J., Broder, A.: Summary cache: A scalable wide-area Web cache sharing protocol. IEEE\/ACM Trans. Netw. 8(3), 281\u2013293 (2000)","journal-title":"IEEE\/ACM Trans. Netw."},{"key":"81_CR18","volume-title":"An Introduction to Probability Theory and its Applications, vol. 1","author":"W. Feller","year":"1968","unstructured":"Feller, W.: An Introduction to Probability Theory and its Applications, vol. 1, 3rd edn. Wiley, New York (1968)","edition":"3"},{"key":"81_CR19","unstructured":"Fyodor: The art of port scanning. Phrack Mag. 7(51) (1997). URL: http:\/\/www.phrack.org [Accessed: March 6, 2003]"},{"key":"81_CR20","volume-title":"Computers and Intractability: A Guide to the Theory of NP-Completeness","author":"M. Garey","year":"1979","unstructured":"Garey, M., Johnson, D.: Computers and Intractability: A Guide to the Theory of NP-Completeness. W. H. Freeman, New York (1979)"},{"key":"81_CR21","unstructured":"Goh, E.J.: Secure indexes. Cryptology ePrint Archive, Report 2003\/216 (2003). URL: http:\/\/eprint.iacr.org\/2003\/216\/ [Accessed: January 7, 2004]"},{"key":"81_CR22","doi-asserted-by":"crossref","unstructured":"Grembowski, T., Lien, R., Gaj, K., Nguyen, N., Bellows, P., Flidr, J., Lehman, T., Schott, B.: Comparative analysis of the hardware implementations of hash functions SHA-1 and SHA-512. In: Proceedings of Information Security Conference (ISC 2002), Lecture Notes in Computer Science, vol. 2433, pp. 75\u201389. Springer, Sao Paulo, Brazil (2002)","DOI":"10.1007\/3-540-45811-5_6"},{"key":"81_CR23","unstructured":"Handley, M., Kreibich, C., Paxson, V.: Network intrusion detection: Evasion, traffic normalization, and end-to-end protocol semantics. In: Proceedings of the 10th USENIX Security Symposium. Washington, DC (2001)"},{"key":"81_CR24","doi-asserted-by":"crossref","unstructured":"Horne, B., Matheson, L., Sheehan, C., Tarjan, R.: Dynamic self-checking techniques for improved tamper resistance. In: Proceedings of the First ACM Workshop on Digital Rights Management (DRM 2001), Lecture Notes in Computer Science, vol. 2320, pp. 141\u2013159. Springer, Berlin Heidelberg New York (2002)","DOI":"10.1007\/3-540-47870-1_9"},{"issue":"1","key":"81_CR25","doi-asserted-by":"crossref","first-page":"286","DOI":"10.1214\/aos\/1176346079","volume":"11","author":"K. Joag-Dev","year":"1983","unstructured":"Joag-Dev, K., Proschan, F.: Negative association of random variables, with applications. Ann. Stat. 11(1), 286\u2013295 (1983)","journal-title":"Ann. Stat"},{"key":"81_CR26","unstructured":"Jung, J., Paxson, V., Berger, A., Balakrishnan, H.: Fast portscan detection using sequential hypothesis testing. In: Proceedings of the 2004 IEEE Symposium on Security and Privacy. Oakland (2004)"},{"key":"81_CR27","unstructured":"Kim, H.A., Karp, B.: Autograph: Toward automated, distributed worm signature detection. In: Proceedings of 13th USENIX Security Symposium. San Diego, CA (2004)"},{"key":"81_CR28","doi-asserted-by":"crossref","unstructured":"Kumar, A., Xu, J., Li, L., Wang, J.: Space-code Bloom filter for efficient traffic flow measurement. In: Proceedings of IMC. Miami Beach, FL (2003)","DOI":"10.1145\/948205.948226"},{"issue":"2","key":"81_CR29","doi-asserted-by":"publisher","first-page":"63","DOI":"10.1109\/MSP.2005.57","volume":"3","author":"E. Levy","year":"2005","unstructured":"Levy, E.: Worm propagation and generic attacks. IEEE Secur. Priv. 3(2), 63\u201365 (2005)","journal-title":"IEEE Secur. Priv."},{"key":"81_CR30","unstructured":"Liljenstam, M.: Modeling of security and systems. A network worm modeling package for SSFNet (2003). http:\/\/www.crhc.uiuc.edu\/mili\/research\/ssf\/worm\/ [Accessed: September 10, 2004]"},{"key":"81_CR31","doi-asserted-by":"crossref","unstructured":"Mahajan, R., Spring, N., Wetherall, D., Anderson, T.: Inferring link weight using end-to-end measurements. In: Proceedings of the Internet Measurement Workshop 2002 (IMW'02). Marseille, France (2002)","DOI":"10.1145\/637201.637237"},{"key":"81_CR32","doi-asserted-by":"crossref","unstructured":"Matrawy, A., van Oorschot, P., Somayaji, A.: Mitigating network denial-of-service through diversity-based traffic management. In: Proceedings of the 3rd Annual Conference on Applied Cryptography and Network Security (ACNS 2005), Lecture Notes in Computer Science, vol. 3531, pp. 104\u2013121. Springer, New York (2005)","DOI":"10.1007\/11496137_8"},{"issue":"4","key":"81_CR33","doi-asserted-by":"publisher","first-page":"262","DOI":"10.1145\/382912.382923","volume":"3","author":"J. McHugh","year":"2000","unstructured":"McHugh, J.: Testing intrusion detection systems: A critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory. ACM Trans. Inf. Syst. Secur. (TISSEC) 3(4), 262\u2013294 (2000)","journal-title":"ACM Trans. Inf. Syst. Secur. (TISSEC)"},{"key":"81_CR34","unstructured":"MIT Lincoln Laboratory: DARPA intrusion detection evaluation: Data sets (1999). http:\/\/www.ll.mit.edu\/IST\/ideval\/data\/data_index.html [Accessed: April 1, 2004]"},{"key":"81_CR35","doi-asserted-by":"crossref","unstructured":"Mitzenmacher, M.: Compressed Bloom filters. In: Proceedings of the 20th Annual ACM Symposium on Principles of Distributed Computing (PODC 2001), pp. 144\u2013150. Newport, RI (2001)","DOI":"10.1145\/383962.384004"},{"issue":"4","key":"81_CR36","doi-asserted-by":"publisher","first-page":"33","DOI":"10.1109\/MSECP.2003.1219056","volume":"1","author":"D. Moore","year":"2003","unstructured":"Moore, D., Paxon, V., Savage, S., Shannon, C., Staniford, S., Weaver, N.: Inside the Slammer worm. IEEE Secur. Priv. 1(4), 33\u201339 (2003)","journal-title":"IEEE Secur. Priv."},{"issue":"1","key":"81_CR37","doi-asserted-by":"publisher","first-page":"46","DOI":"10.1145\/242857.242869","volume":"40","author":"C. Nachenberg","year":"1997","unstructured":"Nachenberg, C.: Computer virus-antivirus coevolution. Commun. ACM 40(1), 46\u201351 (1997)","journal-title":"Commun. ACM"},{"key":"81_CR38","doi-asserted-by":"crossref","unstructured":"Nevelsteen, W., Preneel, B.: Software performance of universal hash functions. In: Proceedings of Eurocrypt'99, pp. 24\u201341. Prague, Czech Republic (1999)","DOI":"10.1007\/3-540-48910-X_3"},{"key":"81_CR39","unstructured":"Newsome, J., Karp, B., Song, D.: Polygraph: Automatically generating signatures for polymorphic worms. In: Proceedings of the 2005 IEEE Symposium on Security and Privacy. Oakland, CA (2005)"},{"key":"81_CR40","unstructured":"NS-2: The network simulator \u2013 NS-2 (2003). http:\/\/www.isi.edu\/nsnam\/ns\/ [Accessed: September 10, 2003]"},{"key":"81_CR41","unstructured":"Onut, I.V., Zhu, B., Ghorbani, A.: A novel visualization technique for network anomaly detection. In: Proceedings of the 2nd Annual Conference on Privacy, Security and Trust. Fredericton, Canada (2004)"},{"key":"81_CR42","unstructured":"OPNET Technologies Inc.: Opnet modeler (2003). http:\/\/www.opnet.com [Accessed: September 10, 2003]"},{"key":"81_CR43","doi-asserted-by":"crossref","unstructured":"Park, K., Lee, H.: On the effectiveness of route-based packet filtering for distributed DoS attack prevention in power-law internets. In: Proceedings of the Special Interest Group on Data Communication (SIGCOMM'01). San Diego, CA (2001)","DOI":"10.1145\/383059.383061"},{"key":"81_CR44","unstructured":"Ptacek, T.H., Newsham, T.N.: Insertion, evasion and denial of service: Eluding network intrusion detection. Tech. rep., Secure Networks, Inc. (1998). http:\/\/www.aciri.org\/vern\/Ptacek-Newsham-Evasion-98.ps [Accessed: November 6, 2005]"},{"key":"81_CR45","volume-title":"Fingerprinting by random polynomials. Technical Report TR-15-81, Center for Research in Computing Technology","author":"M. Rabin","year":"1981","unstructured":"Rabin, M.: Fingerprinting by random polynomials. Technical Report TR-15-81, Center for Research in Computing Technology, Harvard University, Cambridge, MA (1981)"},{"key":"81_CR46","doi-asserted-by":"crossref","unstructured":"Shanmugasundaram, K., Br\u00f6nnimann, H., Memon, N.: Payload attribution via hierarchical Bloom filters. In: Proceedings of the 11th ACM Conference on Computer and Communications Security (CCS'04). Washington, DC (2004)","DOI":"10.1145\/1030083.1030089"},{"key":"81_CR47","doi-asserted-by":"crossref","unstructured":"Shannon, C., Moore, D.: The spread of the Witty worm (2004). http:\/\/www.caida.org\/analysis\/security\/witty\/ [Accessed: June 18, 2004]","DOI":"10.1109\/MSP.2004.59"},{"key":"81_CR48","volume-title":"The EarlyBird system for real-time detection of unknown worms. Technical Report CS2003-0761","author":"S. Singh","year":"2003","unstructured":"Singh, S., Estan, C., Varghese, G., Savage, S.: The EarlyBird system for real-time detection of unknown worms. Technical Report CS2003-0761, University of California, San Diego, CA (2003)"},{"key":"81_CR49","unstructured":"Singh, S., Estan, C., Varghese, G., Savage, S.: Automated worm fingerprinting. In: Proceedings of the 6th USENIX Symposium on Operating Systems Design & Implementation (OSDI'04). San Francisco (2004)"},{"key":"81_CR50","doi-asserted-by":"crossref","unstructured":"Snoeren, A., Partridge, C., Sanchez, L., Jones, C., Tchakountio, F., Kent, S., Strayer, W.: Hash-based IP traceback. In: Proceedings of the Special Interest Group on Data Communication (SIGCOMM'01). San Diego, CA (2001)","DOI":"10.1145\/964723.383060"},{"key":"81_CR51","doi-asserted-by":"crossref","unstructured":"Spring, N., Mahajan, R., Wetherall, D.: Measuring ISP topologies with Rocketfuel. In: Proceedings of the Special Interest Group on Data Communication (SIGCOMM'02). Pittsburgh, PA (2002)","DOI":"10.1145\/633025.633039"},{"key":"81_CR52","unstructured":"SSFNet: Scalable simulation framework network models (2003). http:\/\/www.ssfnet.org\/homePage.html [Accessed: September 10, 2003]"},{"key":"81_CR53","unstructured":"Toth, T., Kruegel, C.: Connection-history based anomaly detection. In: Proceedings of the 2002 IEEE Workshop on Information Assurance and Security. New York (2002)"},{"key":"81_CR54","doi-asserted-by":"crossref","unstructured":"Twycross, J., Williamson, M.: Implementing and testing a virus throttle. In: Proceedings of the 12th USENIX Security Symposium. Washington, DC (2003)","DOI":"10.1109\/CSAC.2003.1254312"},{"key":"81_CR55","doi-asserted-by":"crossref","unstructured":"Valdes, A., Fong, M.: Scalable visualization of propagating Internet phenomena. In: Proceedings of the ACM Workshop on Visualization and Data Mining for Computer Security. Washington, DC (2004)","DOI":"10.1145\/1029208.1029228"},{"key":"81_CR56","unstructured":"Vargas Martin, M.: A monitoring system for mitigating fast propagating worms in the network infrastructure. In: Proceedings of the 18th IEEE Canadian Conference on Electrical and Computing Engineering (CCECE'05). Saskatoon, Canada (2005)"},{"key":"81_CR57","doi-asserted-by":"crossref","unstructured":"Venkataraman, S., Song, D., Gibbons, P., Blum, A.: New streaming algorithms for fast detection of superspreaders. In: The Internet Society Proceedings of the Network and Distributed System Security Symposium (NDSS'05). San Diego, CA (2005)","DOI":"10.21236\/ADA461026"},{"key":"81_CR58","doi-asserted-by":"crossref","unstructured":"Wang, K., Stolfo, S.: Anomalous payload-based network intrusion detection. In: Proceedings of the Seventh International Symposium on Recent Advances in Intrusion Detection (RAID 2004). Sophia Antipolis, France (2004)","DOI":"10.1007\/978-3-540-30143-1_11"},{"key":"81_CR59","doi-asserted-by":"crossref","DOI":"10.1515\/9780691188331","volume-title":"Small Worlds: The Dynamics of Networks Between Order and Randomness","author":"D. Watts","year":"1999","unstructured":"Watts, D.: Small Worlds: The Dynamics of Networks Between Order and Randomness. Princeton University Press, Princeton, NJ (1999)"},{"key":"81_CR60","doi-asserted-by":"crossref","unstructured":"Weaver, N., Paxson, V., Staniford, S., Cunningham, R.: A taxonomy of computer worms. In: Proceedings of ACM WORM'03. Washington, DC (2003)","DOI":"10.1145\/948187.948190"},{"key":"81_CR61","unstructured":"Weaver, N., Staniford, S., Paxson, V.: Very fast containment of scanning worms. In: Proceedings of the 13th USENIX Security Symposium. San Diego, CA (2004)"},{"key":"81_CR62","unstructured":"Williamson, M.: Throttling viruses: Restricting propagation to defeat malicious mobile code. In: Proceedings of the Annual Computer Security Application Conference (ACSAC'02). Las Vegas (2002)"},{"key":"81_CR63","doi-asserted-by":"crossref","unstructured":"Zou, C., Gong, W., Towsley, D.: Code Red worm propagation modeling and analysis. In: Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS'02). Washington, DC (2002)","DOI":"10.1145\/586110.586130"}],"container-title":["International Journal of Information Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-006-0081-8.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10207-006-0081-8\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-006-0081-8","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-006-0081-8.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,2,3]],"date-time":"2024-02-03T05:33:31Z","timestamp":1706938411000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10207-006-0081-8"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2006,3,8]]},"references-count":63,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2006,7]]}},"alternative-id":["81"],"URL":"https:\/\/doi.org\/10.1007\/s10207-006-0081-8","relation":{},"ISSN":["1615-5262","1615-5270"],"issn-type":[{"value":"1615-5262","type":"print"},{"value":"1615-5270","type":"electronic"}],"subject":[],"published":{"date-parts":[[2006,3,8]]},"assertion":[{"value":"8 March 2006","order":1,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}]}}