{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2023,3,2]],"date-time":"2023-03-02T16:52:59Z","timestamp":1677775979268},"reference-count":59,"publisher":"Springer Science and Business Media LLC","issue":"2","license":[{"start":{"date-parts":[[2010,7,27]],"date-time":"2010-07-27T00:00:00Z","timestamp":1280188800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["J Comput Virol"],"published-print":{"date-parts":[[2011,5]]},"DOI":"10.1007\/s11416-010-0145-1","type":"journal-article","created":{"date-parts":[[2010,7,26]],"date-time":"2010-07-26T01:12:05Z","timestamp":1280106725000},"page":"159-172","source":"Crossref","is-referenced-by-count":2,"title":["Joint network-host based malware detection using information-theoretic tools"],"prefix":"10.1007","volume":"7","author":[{"given":"Syed Ali","family":"Khayam","sequence":"first","affiliation":[]},{"given":"Ayesha Binte","family":"Ashfaq","sequence":"additional","affiliation":[]},{"given":"Hayder","family":"Radha","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2010,7,27]]},"reference":[{"key":"145_CR1","doi-asserted-by":"crossref","unstructured":"Khayam, S.A., Radha, H.: Using session-keystroke mutual information to detect self-propagating malicious codes. In: IEEE ICC, June 2007","DOI":"10.1109\/ICC.2007.233"},{"key":"145_CR2","doi-asserted-by":"crossref","unstructured":"Ellis, D., Aiken, J.G., Attwood, K.S., Tenaglia, S.D.: A behavioral approach to worm detection. In: ACM Workshop on Rapid Malcode (WORM), October 2004","DOI":"10.1145\/1029618.1029625"},{"key":"145_CR3","doi-asserted-by":"crossref","unstructured":"Zou, C.C., Gao, L., Gong, W., Towsley, D.: Monitoring and early warning of Internet worms. In: ACM Conference on Computer and Communications Security (CCS), October 2003","DOI":"10.1145\/948134.948136"},{"key":"145_CR4","unstructured":"Wu, J., Vangala, S., Gao, L.: An effective architecture and algorithm for detecting worms with various scan techniques. In: Network and Distributed System Security Symposium (NDSS), February 2004"},{"key":"145_CR5","unstructured":"Jung, J., Paxson, V., Berger, A.W., Balakrishnan, H.: Fast portscan detection using sequential hypothesis testing. In: IEEE Oakland Symposium on Security and Privacy, May 2004"},{"key":"145_CR6","unstructured":"Weaver, N., Staniford, S., Paxson, V.: Very fast containment of scanning worms. In: Usenix Security Symposium, August 2004"},{"key":"145_CR7","doi-asserted-by":"crossref","unstructured":"Lakhina, A., Crovella, M., Diot, C.: Diagnosing network-wide traffic anomalies. In: ACM SIGCOMM, August\/September 2004","DOI":"10.1145\/1015467.1015492"},{"key":"145_CR8","doi-asserted-by":"crossref","unstructured":"Lakhina, A., Crovella, M., Diot, C.: Characterization of network-wide traffic anomalies in traffic flows. In: ACM Internet Measurement Conference (IMC), October 2004","DOI":"10.1145\/1028788.1028813"},{"key":"145_CR9","doi-asserted-by":"crossref","unstructured":"Barford, P., Kline, J., Plonka, D., Ron, A.: A signal analysis of network traffic anomalies. In: ACM Internet Measurement Conference (IMC), November 2002","DOI":"10.1145\/637209.637210"},{"key":"145_CR10","doi-asserted-by":"crossref","unstructured":"Krishnamurthy, B., Sen, S., Zhang, Y., Chen, Y.: Sketch-based change detection: methods, evaluation, and applications. ACM Internet Measurement Conference (IMC), October 2003","DOI":"10.1145\/948234.948236"},{"key":"145_CR11","doi-asserted-by":"crossref","unstructured":"Soule, A., Salamatian, K., Taft, N.: Combining filtering and statistical methods for anomaly detection. In: ACM\/Usenix Internet Measurement Conference (IMC), October 2005","DOI":"10.1145\/1330107.1330147"},{"key":"145_CR12","unstructured":"Kim, Y., Lau, W.C., Chuah, M.C., Chao, H.J.: PacketScore: statistics-based overload control against distributed denial-of-service attacks. In: IEEE INFOCOM, March 2004"},{"key":"145_CR13","doi-asserted-by":"crossref","unstructured":"Lakhina, A., Crovella, M., Diot, C.: Mining anomalies using traffic feature distributions. In: ACM SIGCOMM, August 2005","DOI":"10.1145\/1080091.1080118"},{"key":"145_CR14","doi-asserted-by":"crossref","unstructured":"Gu, Y., McCullum, A., Towsley, D.: Detecting anomalies in network traffic using maximum entropy estimation. In: ACM\/Usenix Internet Measurement Conference (IMC), October 2005","DOI":"10.1145\/1330107.1330148"},{"key":"145_CR15","unstructured":"Moore, D., Shannon, C., Voelker, G.M., Savage, S.: Network telescopes. CAIDA technical report. http:\/\/www.caida.org\/outreach\/papers\/2004\/tr-2004-04\/"},{"key":"145_CR16","doi-asserted-by":"crossref","unstructured":"Cooke, E., Bailey, M., Mao, Z.M., Watson, D., Jahanian, F., McPherson, D.: Toward understanding distributed blackhole placement. In: ACM Workshop on Rapid Malcode (WORM), October 2004","DOI":"10.1145\/1029618.1029627"},{"key":"145_CR17","unstructured":"Bailey, M., Cooke, E., Jahanian, F., Nazario, J., Watson, D.: The Internet motion sensor: a distributed blackhole monitoring system. In: Network and Distributed System Security Symposium (NDSS), February 2005"},{"key":"145_CR18","doi-asserted-by":"crossref","unstructured":"Dagon, D., Qin, X., Gu, G., Lee, W.: HoneyStat: local worm detection using honeypots. In: International Symposium on Recent Advances in Intrusion Detection (RAID), September 2004","DOI":"10.1007\/978-3-540-30143-1_3"},{"key":"145_CR19","doi-asserted-by":"crossref","unstructured":"Twycross, J., Williamson, M.M.: Implementing and testing a virus throttle. In: Usenix Security Symposium, August 2003","DOI":"10.1109\/CSAC.2003.1254312"},{"key":"145_CR20","doi-asserted-by":"crossref","unstructured":"Schechter, S.E., Jung, J., Berger, A.W.: Fast detection of scanning worm infections. In: RAID (2004)","DOI":"10.1007\/978-3-540-30143-1_4"},{"key":"145_CR21","unstructured":"Williamson, M.M.: Throttling viruses: restricting propagation to defeat malicious mobile code. In: Annual Computer Security Applications Conference (ACSAC), December 2002"},{"key":"145_CR22","unstructured":"Sellke, S., Shroff, N.B., Bagchi, S.: Modeling and automated containment of worms. In: International Conference on Dependable Systems and Networks (DSN), June\/July 2005"},{"key":"145_CR23","unstructured":"Whyte, D., Kranakis, E., van Oorschot, P.C.: DNS-based detection of scanning worms in an enterprise network. In: Network and Distributed System Security Symposium (NDSS), February 2005"},{"key":"145_CR24","doi-asserted-by":"crossref","unstructured":"Gupta, A., Sekar, R.: An approach for detecting self-propagating email using anomaly detection. In: International Symposium on Recent Advances in Intrusion Detection (RAID), September 2003","DOI":"10.1007\/978-3-540-45248-5_4"},{"key":"145_CR25","doi-asserted-by":"crossref","unstructured":"Xiong, J.: ACT: attachment chain tracing scheme for email virus detection and control. In: ACM Workshop on Rapid Malcode (WORM), October 2004","DOI":"10.1145\/1029618.1029621"},{"key":"145_CR26","unstructured":"Me, L., Michel, C.: Intrusion detection: a bibliography. Tech. Rep. SSIR-2001-01, September 2001"},{"key":"145_CR27","unstructured":"Cui, W., Katz, R.H., Tan, W.-T.: BINDER: an extrusion-based break-in detector for personal computers. In: Usenix Security Symposium, April 2005"},{"issue":"3","key":"145_CR28","doi-asserted-by":"crossref","first-page":"181","DOI":"10.1109\/32.372146","volume":"21","author":"K. Ilgun","year":"1995","unstructured":"Ilgun K., Kemmerer R.A., Porras P.A.: State transition analysis: a rule-based intrusion detection approach. IEEE Trans. Softw. Eng. 21(3), 181\u2013199 (1995)","journal-title":"IEEE Trans. Softw. Eng."},{"key":"145_CR29","unstructured":"Jha, S., Tan, K., Maxion, R.A.: Markov Chains, classifiers, and intrusion detection. In: IEEE CSFW, June 2001"},{"key":"145_CR30","unstructured":"Ye, N.: A Markov Chain model of temporal behavior for anomaly detection. In: IEEE Workshop on Information Assurance and Security, June 2000"},{"key":"145_CR31","unstructured":"DuMouchel, W.: Computer intrusion detection based on bayes factors for comparing command transition probabilities. Tech. Rep. 91, National Institute of Statistical Sciences (1999)"},{"key":"145_CR32","doi-asserted-by":"crossref","unstructured":"Lazarevic, A., Ozgur, A., Ertoz, L., Srivastava, J., Kumar, V.: A comparative study of anomaly detection schemes in network intrusion detection. In: SIAM Conference on Data Mining, May 2003","DOI":"10.1137\/1.9781611972733.3"},{"key":"145_CR33","unstructured":"Lippmann, R.P., et\u00a0al.: The 1998 DARPA\/AFRL off-line intrusion detection evaluation. In: RAID, September 1998"},{"issue":"4","key":"145_CR34","doi-asserted-by":"crossref","first-page":"579","DOI":"10.1016\/S1389-1286(00)00139-0","volume":"34","author":"R.P. Lippmann","year":"2000","unstructured":"Lippmann R.P., Haines J.W., Fried D.J., Korba J., Das K.: The 1999 DARPA off-line intrusion detection evaluation. ACM Comput Netw 34(4), 579\u2013595 (2000)","journal-title":"ACM Comput Netw"},{"key":"145_CR35","unstructured":"Endpoint Security Homepage. http:\/\/www.endpointsecurity.org\/"},{"key":"145_CR36","unstructured":"Symantec Internet Security Threat Report XI. Trends for July\u2013December 07. March 2007"},{"key":"145_CR37","unstructured":"Raschke, T.: The new security challenge: endpoints. IDC\/F-Secure, August 2005"},{"key":"145_CR38","unstructured":"Weaver, N., Ellis, D., Staniford, S., Paxson, V.: Worms vs. perimeters: the case for hard-LANs. In: IEEE Symposium on High Performance Interconnects (Hot Interconnects), August 2004"},{"key":"145_CR39","doi-asserted-by":"crossref","unstructured":"Wong, C., Wang, C., Song, D., Bielski, S., Ganger, G.R.: Dynamic quarantine of Internet worms. In: International Conference on Dependable Systems and Networks (DSN), July 2004","DOI":"10.1109\/DSN.2004.1311878"},{"key":"145_CR40","doi-asserted-by":"crossref","unstructured":"Wong, C., Bielski, S., Studer, A., Wang, C.: Empirical analysis of rate limiting mechanisms. In: International Symposium on Recent Advances in Intrusion Detection (RAID), September 2005","DOI":"10.1007\/11663812_2"},{"key":"145_CR41","unstructured":"Li, Q., Chang, E.-C., Chan, M.C.: On effectiveness of DDOS attacks on statistical filtering. IEEE Infocom, March 2005"},{"key":"145_CR42","doi-asserted-by":"crossref","unstructured":"Kuzmanovic, A., Knightly, E.W.: Low-rate TCP-targeted denial of service attacks. In: ACM SIGCOMM, August 2003","DOI":"10.1145\/863955.863966"},{"key":"145_CR43","unstructured":"Staniford, S., Paxson, V., Weaver, N.: How to own the Internet in your spare time. In: Usenix Security Symposium, August 2002"},{"key":"145_CR44","unstructured":"Panjwani, S., Tan, S., Jarrin, K.M., Cukier, M.: An experimental evaluation to determine if port scans are precursor to an attack. In: International Conference on Dependable Systems and Networks (DSN), June\/July 2005"},{"key":"145_CR45","doi-asserted-by":"crossref","DOI":"10.1002\/0471200611","volume-title":"Elements of Information Theory","author":"T.M. Cover","year":"1991","unstructured":"Cover T.M., Thomas J.A.: Elements of Information Theory. Wiley-Interscience, New York (1991)"},{"key":"145_CR46","unstructured":"SHA-1. The Secure Hash Algorithm. FIPS PUB 180-1, April 1995"},{"key":"145_CR47","unstructured":"MSDN Library. http:\/\/msdn.microsft.com"},{"key":"145_CR48","unstructured":"Microsoft Virtual PC 2004. http:\/\/www.microsoft.com\/Windows\/virtualpc"},{"key":"145_CR49","unstructured":"Sophos Virus Info. http:\/\/www.sophos.com\/virusinfo\/"},{"key":"145_CR50","unstructured":"Symantec Security Response. http:\/\/securityresponse.symantec.com\/avcenter"},{"key":"145_CR51","unstructured":"TrendMicro Virus Encyclopedia. http:\/\/au.trendmicro-europe.com\/smb\/vinfo"},{"key":"145_CR52","doi-asserted-by":"crossref","unstructured":"Kumar, A., Paxson, V., Weaver, N.: Exploiting underlying structure for detailed reconstruction of an Internet-scale event. In: ACM\/ Usenix Internet Measurement Conference (IMC), October 2005","DOI":"10.1145\/1330107.1330150"},{"key":"145_CR53","doi-asserted-by":"crossref","unstructured":"Wagner, D., Soto, P.: Mimicry attacks on host-based intrusion detection systems. In: ACM CCS, November 2002","DOI":"10.1145\/586110.586145"},{"key":"145_CR54","unstructured":"Trusted Computing Alliance. https:\/\/www.trustedcomputinggroup.org"},{"key":"145_CR55","doi-asserted-by":"crossref","unstructured":"Dunlap, G., King, S., Cinar, S., Basrai, M., Chen, P.: ReVirt: enabling intrusion analysis through virtual-machine logging and replay. Usenix OSDI, December 2002","DOI":"10.1145\/1060289.1060309"},{"key":"145_CR56","doi-asserted-by":"crossref","unstructured":"Garfinkel, T., Pfaff, B., Chow, J., Rosenblum, M., Boneh, D.: Terra: a virtual machine-based platform for trusted computing. ACM SOSP, October 2003","DOI":"10.1145\/945445.945464"},{"issue":"6","key":"145_CR57","doi-asserted-by":"crossref","first-page":"37","DOI":"10.1109\/MC.2004.17","volume":"37","author":"B.W. Lampson","year":"2004","unstructured":"Lampson B.W.: Computer security in the real world. IEEE Comput. 37(6), 37\u201346 (2004)","journal-title":"IEEE Comput."},{"issue":"5","key":"145_CR58","doi-asserted-by":"crossref","first-page":"39","DOI":"10.1109\/MC.2005.176","volume":"38","author":"M. Rosenblum","year":"2005","unstructured":"Rosenblum M., Garfinkel T.: Virtual machine monitors: current technology and future trends. IEEE Comput. 38(5), 39\u201347 (2005)","journal-title":"IEEE Comput."},{"key":"145_CR59","doi-asserted-by":"crossref","unstructured":"Wong, C., Bielski, S., Studer, A., Wang, C.: Empirical analysis of rate limiting mechanisms. In: RAID (2005)","DOI":"10.1007\/11663812_2"}],"container-title":["Journal in Computer Virology"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s11416-010-0145-1.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s11416-010-0145-1\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s11416-010-0145-1","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,6,7]],"date-time":"2020-06-07T14:42:56Z","timestamp":1591540976000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s11416-010-0145-1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2010,7,27]]},"references-count":59,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2011,5]]}},"alternative-id":["145"],"URL":"https:\/\/doi.org\/10.1007\/s11416-010-0145-1","relation":{},"ISSN":["1772-9890","1772-9904"],"issn-type":[{"value":"1772-9890","type":"print"},{"value":"1772-9904","type":"electronic"}],"subject":[],"published":{"date-parts":[[2010,7,27]]}}}