{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,10]],"date-time":"2025-12-10T12:14:52Z","timestamp":1765368892381},"reference-count":20,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2013,8,2]],"date-time":"2013-08-02T00:00:00Z","timestamp":1375401600000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["J Intell Inf Syst"],"published-print":{"date-parts":[[2014,2]]},"DOI":"10.1007\/s10844-013-0266-3","type":"journal-article","created":{"date-parts":[[2013,8,1]],"date-time":"2013-08-01T02:51:17Z","timestamp":1375325477000},"page":"133-153","source":"Crossref","is-referenced-by-count":10,"title":["Human perspective to anomaly detection for cybersecurity"],"prefix":"10.1007","volume":"42","author":[{"given":"Song","family":"Chen","sequence":"first","affiliation":[]},{"given":"Vandana P.","family":"Janeja","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2013,8,2]]},"reference":[{"key":"266_CR1","unstructured":"Anwar, F., Anwar, Z., et al. (2011). Digital forensics for eucalyptus. In Frontiers of Information Technology (FIT), 2011 (pp. 110\u2013116). IEEE."},{"key":"266_CR2","doi-asserted-by":"crossref","unstructured":"Cheung, S., Lindqvist, U., Fong, M.W. (2003). Modeling multistep cyber attacks for scenario recognition. In DARPA information survivability conference and exposition, 2003. Proceedings (vol. 1, pp. 284\u2013292). IEEE.","DOI":"10.1109\/DISCEX.2003.1194892"},{"key":"266_CR3","doi-asserted-by":"crossref","unstructured":"Cuppens, F., & Mi\u00e8ge, A. (2002). Alert correlation in a cooperative intrusion detection framework. In 2002 IEEE symposium on security and privacy, 2002. Proceedings (pp. 202\u2013215). IEEE.","DOI":"10.1109\/SECPRI.2002.1004372"},{"issue":"2","key":"266_CR4","doi-asserted-by":"crossref","first-page":"222","DOI":"10.1109\/TSE.1987.232894","volume":"13","author":"DE Denning","year":"1987","unstructured":"Denning, D.E. (1987). An intrusion-detection model. IEEE Transactions on Software Engineering, SE-13(2), 222\u2013232.","journal-title":"IEEE Transactions on Software Engineering"},{"key":"266_CR5","doi-asserted-by":"crossref","unstructured":"Dey, S., Janeja, V.P., Gangopadhyay, A. (2009). Temporal neighborhood discovery through unequal depth binning. In IEEE International Conference on Data Mining (ICDM\u201909).","DOI":"10.1109\/ICDM.2009.26"},{"key":"266_CR6","unstructured":"Dodge Jr, R.C., & Wilson, T. (2003). Network traffic analysis from the cyber defense exercise. In IEEE international conference on systems, man and cybernetics, 2003 (vol. 5, pp. 4317\u20134321). IEEE."},{"key":"266_CR7","unstructured":"Fanelli, R. (2010). The value of competition. SC Magazine."},{"key":"266_CR8","unstructured":"Kim, S.J., & Hong, S. (2011). Study on the development of early warning model for cyber attack. In 2011 International Conference on Information Science and Applications (ICISA) (pp. 1\u20138). IEEE."},{"key":"266_CR9","doi-asserted-by":"crossref","unstructured":"Liu, Z., Wang, C., Chen, S. (2008). Correlating multi-step attack and constructing attack scenarios based on attack pattern modeling. In International conference on information security and assurance, 2008. ISA 2008 (pp. 214\u2013219). IEEE.","DOI":"10.1109\/ISA.2008.11"},{"key":"266_CR21","unstructured":"Miles, W. (2001). Hack proofing sun solaris 8\u2014protect your solaris network from attack (1st ed., pp. 83\u201385, 257). New York: Syngress."},{"key":"266_CR10","doi-asserted-by":"crossref","unstructured":"Namayanja, J.M., & Janeja, V.P. (2013). Discovery of persistent threat structures through temporal and geo-spatial characterization in evolving networks. In IEEE Intelligence and Security Informatics (ISI).","DOI":"10.1109\/ISI.2013.6578817"},{"key":"266_CR11","doi-asserted-by":"crossref","unstructured":"Nguyen, H.D., Gutta, S., Cheng, Q. (2010). An active distributed approach for cyber attack detection. In 2010 conference record of the forty fourth asilomar conference on signals, systems and computers (ASILOMAR) (pp. 1540\u20131544). IEEE.","DOI":"10.1109\/ACSSC.2010.5757795"},{"issue":"2","key":"266_CR12","doi-asserted-by":"crossref","first-page":"274","DOI":"10.1145\/996943.996947","volume":"7","author":"P Ning","year":"2004","unstructured":"Ning, P., Cui, Y., Reeves, D.S., Xu, D. (2004). Techniques and tools for analyzing intrusion alerts. ACM Transactions on Information and System Security (TISSEC), 7(2), 274\u2013318.","journal-title":"ACM Transactions on Information and System Security (TISSEC)"},{"key":"266_CR13","unstructured":"Orebaugh, A.D., Biles, S., Babbin, J. (2005). Snort cookbook. O\u2019Reilly Media, Inc."},{"key":"266_CR14","unstructured":"Rehman, R.U. (2003). Intrusion detection systems with Snort: Advanced IDS techniques using Snort, Apache, MySQL, PHP, and ACID. Prentice Hall PTR."},{"key":"266_CR15","unstructured":"Roesch, M., & Green, C. (2003). Snort users manual 2.9.3. (pp. 1\u20132, 179\u2013180)."},{"key":"266_CR16","unstructured":"Sangster, B., O\u2019Connor, T.J., Cook, T., Fanelli, R., Dean, E., Adams, W.J., Morrell, C., Conti, G. (2009). Toward instrumenting network warfare competitions to generate labeled datasets. In Proceedings of the 2nd conference on cyber security experimentation and test (pp. 9\u20139). USENIX Association."},{"key":"266_CR17","unstructured":"Snort (software) (2013). Wikipedia.com ID: 551979534."},{"key":"266_CR19","doi-asserted-by":"crossref","unstructured":"Valdes, A., & Skinner, K. (2001). Probabilistic alert correlation. In Recent advances in intrusion detection (pp. 54\u201368). Springer.","DOI":"10.1007\/3-540-45474-8_4"},{"key":"266_CR20","unstructured":"Youssef, A., & Emam, A. (2012). Network intrusion detection using data mining and network behaviour analysis. International Journal of Computer Science & Information Technology, 3.6, 87\u201398."}],"container-title":["Journal of Intelligent Information Systems"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10844-013-0266-3.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s10844-013-0266-3\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10844-013-0266-3","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,7,20]],"date-time":"2019-07-20T01:21:20Z","timestamp":1563585680000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s10844-013-0266-3"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2013,8,2]]},"references-count":20,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2014,2]]}},"alternative-id":["266"],"URL":"https:\/\/doi.org\/10.1007\/s10844-013-0266-3","relation":{},"ISSN":["0925-9902","1573-7675"],"issn-type":[{"value":"0925-9902","type":"print"},{"value":"1573-7675","type":"electronic"}],"subject":[],"published":{"date-parts":[[2013,8,2]]}}}