{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2022,3,29]],"date-time":"2022-03-29T06:35:43Z","timestamp":1648535743229},"reference-count":25,"publisher":"Springer Science and Business Media LLC","issue":"4","license":[{"start":{"date-parts":[[2011,4,1]],"date-time":"2011-04-01T00:00:00Z","timestamp":1301616000000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["DuD"],"published-print":{"date-parts":[[2011,4]]},"DOI":"10.1007\/s11623-011-0059-1","type":"journal-article","created":{"date-parts":[[2011,4,5]],"date-time":"2011-04-05T17:58:35Z","timestamp":1302026315000},"source":"Crossref","is-referenced-by-count":1,"title":["Anomalieerkennung in Computernetzen"],"prefix":"10.1007","volume":"35","author":[{"given":"Philipp","family":"Winter","sequence":"first","affiliation":[]},{"given":"Harald","family":"Lampesberger","sequence":"additional","affiliation":[]},{"given":"Markus","family":"Zeilinger","sequence":"additional","affiliation":[]},{"given":"Eckehard","family":"Hermann","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2011,4,6]]},"reference":[{"key":"59_CR1","unstructured":"Snort, \n                    http:\/\/www.snort.org\n                    \n                  ."},{"key":"59_CR2","unstructured":"Bro Intrusion Detection System, \n                    http:\/\/www.bro-ids.org\n                    \n                  ."},{"key":"59_CR3","doi-asserted-by":"publisher","first-page":"222","DOI":"10.1109\/TSE.1987.232894","volume":"13","author":"D. E. Denning","year":"1987","unstructured":"D. E. Denning, \u201eAn intrusion-detection model,\u201c IEEE Trans. Softw. Eng., vol. 13, pp. 222\u2013232, February 1987.","journal-title":"IEEE Trans. Softw. Eng."},{"key":"59_CR4","doi-asserted-by":"crossref","unstructured":"R. Sommer and V. Paxson, \u201cOutside the closed world: On using machine learning for network intrusion detection,\u201d IEEE Symposium on Security and Privacy, pp. 305\u2013316, 2010.","DOI":"10.1109\/SP.2010.25"},{"key":"59_CR5","first-page":"1","volume-title":"CCS\u2019 99: Proceedings of the 6th ACM conference on Computer and Communications Security","author":"S. Axelsson","year":"1999","unstructured":"S. Axelsson, \u201cThe base-rate fallacy and its implications for the difficulty of intrusion detection,\u201d in CCS\u2019 99: Proceedings of the 6th ACM conference on Computer and Communications Security. New York, NY, USA: ACM, 1999, pp. 1\u20137."},{"key":"59_CR6","unstructured":"D. J. Fried, I. Graf, J. W. Haines, K. R. Kendall, D. Mcclung, D. Weber, S. E. Webster, D. Wyschogrod, R. K. Cunningham, and M. A. Zissman, \u201cEvaluating intrusion detection systems: The 1998 darpa off-line intrusion detection evaluation,\u201d in Proceedings of the 2000 DARPA Information Survivability Conference and Exposition, 2000, pp. 12\u201326."},{"issue":"4","key":"59_CR7","doi-asserted-by":"publisher","first-page":"579","DOI":"10.1016\/S1389-1286(00)00139-0","volume":"34","author":"R. Lippmann","year":"2000","unstructured":"R. Lippmann, J. W. Haines, D. J. Fried, J. Korba, and K. Das, \u201cThe 1999 darpa off-line intrusion detection evaluation,\u201d Computer Networks, vol. 34, no. 4, pp. 579\u2013595, 2000.","journal-title":"Computer Networks"},{"key":"59_CR8","doi-asserted-by":"publisher","first-page":"376","DOI":"10.1145\/775047.775102","volume-title":"KDD\u2019 02: Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining","author":"M. V. Mahoney","year":"2002","unstructured":"M. V. Mahoney and P. K. Chan, \u201cLearning nonstationary models of normal network traffic for detecting novel attacks,\u201d in KDD\u2019 02: Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining. New York, NY, USA: ACM, 2002, pp. 376\u2013385."},{"key":"59_CR9","doi-asserted-by":"publisher","first-page":"346","DOI":"10.1145\/952532.952601","volume-title":"SAC\u2019 03: Proceedings of the 2003 ACM symposium on Applied computing","author":"M. V. Mahoney","year":"2003","unstructured":"M. V. Mahoney, \u201cNetwork traffic anomaly detection based on packet bytes,\u201d in SAC\u2019 03: Proceedings of the 2003 ACM symposium on Applied computing. New York, NY, USA: ACM, 2003, pp. 346\u2013350."},{"key":"59_CR10","doi-asserted-by":"publisher","first-page":"231","DOI":"10.1109\/ISECS.2009.174","volume-title":"ISECS\u2019 09: Proceedings of the 2009 Second International Symposium on Electronic Commerce and Security","author":"Y.-l. Zhang","year":"2009","unstructured":"Y.-l. Zhang, Z.-g. Han, and J.-x. Ren, \u201cA network anomaly detection method based on relative entropy theory,\u201d in ISECS\u2019 09: Proceedings of the 2009 Second International Symposium on Electronic Commerce and Security. Washington, DC, USA: IEEE Computer Society, 2009, pp. 231\u2013235."},{"key":"59_CR11","first-page":"220","volume-title":"Lecture Notes in Computer Science","author":"Matthew V. Mahoney","year":"2003","unstructured":"M. V. Mahoney and P. K. Chan, \u201cAn analysis of the 1999 darpa\/lincoln laboratory evaluation data for network anomaly detection,\u201d in Proceedings of the Sixth International Symposium on Recent Advances in Intrusion Detection. Springer, 2003, pp. 220\u2013237."},{"issue":"4","key":"59_CR12","doi-asserted-by":"publisher","first-page":"262","DOI":"10.1145\/382912.382923","volume":"3","author":"J. McHugh","year":"2000","unstructured":"J. McHugh, \u201cTesting intrusion detection systems: a critique of the 1998 and 1999 darpa intrusion detection system evaluations as performed by lincoln laboratory,\u201d ACM Trans. Inf. Syst. Secur., vol. 3, no. 4, pp. 262\u2013294, 2000.","journal-title":"ACM Trans. Inf. Syst. Secur."},{"key":"59_CR13","first-page":"21","volume-title":"Proceedings of the 2006 workshop on New security paradigms","author":"C. Gates","year":"2007","unstructured":"C. Gates and C. Taylor, \u201cChallenging the anomaly detection paradigm: a provocative discussion,\u201d in Proceedings of the 2006 workshop on New security paradigms, ser. NSPW\u2019 06. New York, NY, USA: ACM, 2007, pp. 21\u201329."},{"key":"59_CR14","unstructured":"Early Warning Research Lab (ewrl), \n                    http:\/\/www.fruehwarnung.at\n                    \n                  ."},{"key":"59_CR15","first-page":"172","volume-title":"Proceedings of the 14th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprise","author":"A. Wagner","year":"2005","unstructured":"A. Wagner and B. Plattner, \u201cEntropy based worm and anomaly detection in fast ip networks,\u201d in Proceedings of the 14th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprise. Washington, DC, USA: IEEE Computer Society, 2005, pp. 172\u2013177."},{"key":"59_CR16","doi-asserted-by":"publisher","first-page":"151","DOI":"10.1145\/1452520.1452539","volume-title":"Proceedings of the 8th ACM SIGCOMM Conference on Internet Measurement","author":"G. Nychis","year":"2008","unstructured":"G. Nychis, V. Sekar, D. G. Andersen, H. Kim, and H. Zhang, \u201cAn empirical evaluation of entropy-based traffic anomaly detection,\u201d in Proceedings of the 8th ACM SIGCOMM Conference on Internet Measurement, ser. IMC\u2019 08. New York, NY, USA: ACM, 2008, pp. 151\u2013156."},{"key":"59_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"208","DOI":"10.1007\/978-3-642-03700-9_22","volume-title":"Proceedings of the 15th Open European Summer School and IFIP TC6.6 Workshop, EUNICE 2009","author":"A. Sperotto","year":"2009","unstructured":"A. Sperotto, G. Vliek, R. Sadre, and A. Pras, \u201cDetecting spam at the network level,\u201d in Proceedings of the 15th Open European Summer School and IFIP TC6.6 Workshop, EUNICE 2009, Barcelona, ser. Lecture Notes in Computer Science, vol. 5733. Berlin: Springer Verlag, August 2009, pp. 208\u2013216."},{"key":"59_CR18","unstructured":"2010 CWE\/SANS Top 25 Most Dangerous Software Errors, \n                    http:\/\/cwe.mitre.org\/top25\/\n                    \n                  ."},{"key":"59_CR19","doi-asserted-by":"publisher","first-page":"251","DOI":"10.1145\/948109.948144","volume-title":"CCS\u2019 03: Proceedings of the 10th ACM conference on Computer and communications security","author":"C. Kruegel","year":"2003","unstructured":"C. Kruegel and G. Vigna, \u201cAnomaly detection of web-based attacks,\u201d in CCS\u2019 03: Proceedings of the 10th ACM conference on Computer and communications security. New York, NY, USA: ACM, 2003, pp. 251\u2013261."},{"key":"59_CR20","first-page":"203","volume-title":"Lecture Notes in Computer Science","author":"Ke Wang","year":"2004","unstructured":"K. Wang and S. J. Stolfo, \u201cAnomalous payloadbased network intrusion detection,\u201d in Recent Advances in Intrusion Detection, ser. Lecture Notes in Computer Science, vol. 3224. Springer Berlin \/ Heidelberg, 2004, pp. 203\u2013222."},{"key":"59_CR21","first-page":"226","volume-title":"Lecture Notes in Computer Science","author":"Ke Wang","year":"2006","unstructured":"K. Wang, J. J. Parekh, and S. J. Stolfo, \u201cAnagram: A content anomaly detector resistant to mimicry attack,\u201d in Recent Advances in Intrusion Detection, ser. Lecture Notes in Computer Science, vol. 4219. Springer Berlin \/ Heidelberg, 2006, pp. 226\u2013248."},{"issue":"6","key":"59_CR22","doi-asserted-by":"publisher","first-page":"864","DOI":"10.1016\/j.comnet.2008.11.011","volume":"53","author":"R. Perdisci","year":"2009","unstructured":"R. Perdisci, D. Ariu, P. Fogla, G. Giacinto, and W. Lee, \u201cMcpad: A multiple classifier system for accurate payload-based anomaly detection,\u201d Computer Networks, vol. 53, no. 6, pp. 864\u2013881, 2009, traffic Classification and Its Applications to Modern Networks.","journal-title":"Computer Networks"},{"key":"59_CR23","unstructured":"Y. Song, A. D. Keromytis, and S. J. Stolfo, \u201cSpectrogram: A mixture-of-markov-chains model for anomaly detection in web traffic,\u201d in Proc. of Network and Distributed System Security Symposium (NDSS), 2009."},{"key":"59_CR24","doi-asserted-by":"publisher","first-page":"1846","DOI":"10.1145\/1774088.1774480","volume-title":"SAC\u2019 10: Proceedings of the 2010 ACM Symposium on Applied Computing","author":"T. Krueger","year":"2010","unstructured":"T. Krueger, C. Gehl, K. Rieck, and P. Laskov, \u201cTokdoc: a self-healing web application firewall,\u201d in SAC\u2019 10: Proceedings of the 2010 ACM Symposium on Applied Computing. New York, NY, USA: ACM, 2010, pp. 1846\u20131853."},{"issue":"1","key":"59_CR25","first-page":"385","volume":"22","author":"R. Begleiter","year":"2004","unstructured":"R. Begleiter, R. El-Yaniv, and G. Yona, \u201cOn prediction using variable order markov models,\u201d J. Artif.Int. Res., vol. 22, no. 1, pp. 385\u2013421, 2004.","journal-title":"J. Artif.Int. Res."}],"container-title":["Datenschutz und Datensicherheit - DuD"],"original-title":[],"language":"de","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s11623-011-0059-1.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s11623-011-0059-1\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s11623-011-0059-1","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s11623-011-0059-1.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,6,1]],"date-time":"2019-06-01T18:21:02Z","timestamp":1559413262000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s11623-011-0059-1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2011,4]]},"references-count":25,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2011,4]]}},"alternative-id":["59"],"URL":"https:\/\/doi.org\/10.1007\/s11623-011-0059-1","relation":{},"ISSN":["1614-0702","1862-2607"],"issn-type":[{"value":"1614-0702","type":"print"},{"value":"1862-2607","type":"electronic"}],"subject":[],"published":{"date-parts":[[2011,4]]},"article-number":"235"}}