{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,15]],"date-time":"2026-04-15T17:55:03Z","timestamp":1776275703372,"version":"3.50.1"},"reference-count":24,"publisher":"Elsevier BV","issue":"4","license":[{"start":{"date-parts":[[2000,10,1]],"date-time":"2000-10-01T00:00:00Z","timestamp":970358400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/tdm\/userlicense\/1.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Computer Networks"],"published-print":{"date-parts":[[2000,10]]},"DOI":"10.1016\/s1389-1286(00)00139-0","type":"journal-article","created":{"date-parts":[[2003,4,7]],"date-time":"2003-04-07T17:19:33Z","timestamp":1049735973000},"page":"579-595","source":"Crossref","is-referenced-by-count":585,"title":["The 1999 DARPA off-line intrusion detection evaluation"],"prefix":"10.1016","volume":"34","author":[{"given":"Richard","family":"Lippmann","sequence":"first","affiliation":[]},{"given":"Joshua W","family":"Haines","sequence":"additional","affiliation":[]},{"given":"David J","family":"Fried","sequence":"additional","affiliation":[]},{"given":"Jonathan","family":"Korba","sequence":"additional","affiliation":[]},{"given":"Kumar","family":"Das","sequence":"additional","affiliation":[]}],"member":"78","reference":[{"key":"10.1016\/S1389-1286(00)00139-0_BIB1","doi-asserted-by":"crossref","unstructured":"J. Allen, A. Christie, W. Fithen, J. McHugh, J. Pickel, E. Stoner, State of the practice of intrusion detection technologies, Carnegie Mellon University\/Software Engineering Institute Technical Report CMU\/SEI-99-TR-028, January 2000","DOI":"10.1109\/52.877859"},{"key":"10.1016\/S1389-1286(00)00139-0_BIB2","unstructured":"E.G. Amoroso, Intrusion Detection: An Introduction to Internet Surveillance, Correlation, Trace Back, Traps, and Response, Intrusion.Net Books, 1999"},{"key":"10.1016\/S1389-1286(00)00139-0_BIB3","unstructured":"K. Das, The development of stealthy attacks to evaluate intrusion detection systems, S.M. Thesis, MIT Department of Electrical Engineering and Computer Science, June 2000"},{"key":"10.1016\/S1389-1286(00)00139-0_BIB4","doi-asserted-by":"crossref","unstructured":"H. Debar, M. Dacier, A. Wespi, S. Lampart, An experimental workbench for intrusion detection systems, Research Report RZ 2998 (#93044), IBM Research Division, Zurich Research Laboratory, 8803 Ruschlikon, Switzerland, 9 March 1999, http:\/\/www.zurich.ibm.com\/Technology\/Security\/extern\/gsal\/docs\/index.html","DOI":"10.1016\/S1389-1286(98)00017-6"},{"key":"10.1016\/S1389-1286(00)00139-0_BIB5","doi-asserted-by":"crossref","first-page":"53","DOI":"10.1145\/306549.306571","article-title":"Testing and evaluating computer intrusion detection systems","volume":"42","author":"Durst","year":"1999","journal-title":"Communications of the ACM"},{"key":"10.1016\/S1389-1286(00)00139-0_BIB6","doi-asserted-by":"crossref","unstructured":"C. Elkan, Results of the KDD'99 Classifier Learning Contest, Sponsored by the International Conference on Knowledge Discovery in Databases, September 1999, http:\/\/www-cse.ucsd.edu\/users\/elkan\/clresults.html","DOI":"10.1145\/846183.846199"},{"key":"10.1016\/S1389-1286(00)00139-0_BIB7","unstructured":"A.K. Ghosh, A. Schwartzbard, A study in using neural networks for anomaly and misuse detection, in: Proceedings of the USENIX Security Symposium, 23\u201326 August 1999, Washington, DC, http:\/\/www.rstcorp.com\/$\\sim$anup\/"},{"key":"10.1016\/S1389-1286(00)00139-0_BIB8","unstructured":"S. Jajodia, D. Barbara, B. Speegle, N. Wu, Audit Data Analysis and Mining (ADAM), project described in http:\/\/www.isse.gmu.edu\/$\\sim$dbarbara\/adam.html, April 2000"},{"key":"10.1016\/S1389-1286(00)00139-0_BIB9","unstructured":"K. Kendall, A database of computer attacks for the evaluation of intrusion detection systems, S.M. Thesis, MIT Department of Electrical Engineering and Computer Science, June 1999"},{"key":"10.1016\/S1389-1286(00)00139-0_BIB10","unstructured":"J. Korba, Windows NT attacks for the evaluation of intrusion detection systems, S.M. Thesis, MIT Department of Electrical Engineering and Computer Science, June 2000"},{"key":"10.1016\/S1389-1286(00)00139-0_BIB11","doi-asserted-by":"crossref","unstructured":"R.P. Lippmann, David J. Fried, Isaac Graf, Joshua W. Haines, Kristopher R. Kendall, David McClung, Dan Weber, Seth E. Webster, Dan Wyschogrod, Robert K. Cunningham, Marc A. Zissman, Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation, in: Proceedings of the 2000 DARPA Information Survivability Conference and Exposition (DISCEX), vol. 2, IEEE Press, New York, January 2000","DOI":"10.1109\/DISCEX.2000.821506"},{"key":"10.1016\/S1389-1286(00)00139-0_BIB12","unstructured":"R.P. Lippmann, R.K. Cunningham, Guide to creating stealthy attacks for the 1999 DARPA off-line intrusion detection evaluation, MIT Lincoln Laboratory Project Report IDDE-1, June 1999"},{"key":"10.1016\/S1389-1286(00)00139-0_BIB13","unstructured":"P. Neumann, P. Porras, Experience with EMERALD to DATE, in: Proceedings of the First USENIX Workshop on Intrusion Detection and Network Monitoring, Santa Clara, CA, April 1999, pp. 73\u201380, http:\/\/www.sdl.sri.com\/emerald\/index.html"},{"key":"10.1016\/S1389-1286(00)00139-0_BIB14","series-title":"Network Intrusion Detection; An Analysis Handbook","author":"Northcutt","year":"1999"},{"key":"10.1016\/S1389-1286(00)00139-0_BIB15","unstructured":"T.H. Ptacek, T.N. Newsham, Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection, Secure Networks, Inc. Report, January 1998"},{"key":"10.1016\/S1389-1286(00)00139-0_BIB16","doi-asserted-by":"crossref","first-page":"719","DOI":"10.1109\/32.544350","article-title":"A methodology for testing intrusion detection systems","volume":"22","author":"Puketza","year":"1996","journal-title":"IEEE Transactions on Software Engineering"},{"key":"10.1016\/S1389-1286(00)00139-0_BIB17","doi-asserted-by":"crossref","unstructured":"N. Puketza, M. Chung, R.A. Olsson, B. Mukherjee, A software platform for testing intrusion detection systems, IEEE Software (September\/October 1997) 43\u201351","DOI":"10.1109\/52.605930"},{"key":"10.1016\/S1389-1286(00)00139-0_BIB18","unstructured":"A. Schwartzbard, A.K. Ghosh, A study in the feasibility of performing host-based anomaly detection on Windows NT, in: Proceedings of the Second Recent Advances in Intrusion Detection (RAID 1999) Workshop, West Lafayette, IN, 7\u20139 September 1999"},{"key":"10.1016\/S1389-1286(00)00139-0_BIB19","unstructured":"R. Sekar, P. Uppuluri, Synthesizing fast intrusion prevention\/detection systems from high-level specifications, in: Proceedings of the Eighth Usenix Security Symposium, Washington, DC, August 1999, http:\/\/rcs-sgi.cs.iastate.edu\/sekar\/abs\/usenixsec99.htm"},{"key":"10.1016\/S1389-1286(00)00139-0_BIB20","unstructured":"G. Shipley, Intrusion detection, take two, Network Computing, 15 November 1999, http:\/\/www.nwc.com\/1023\/10231.html"},{"key":"10.1016\/S1389-1286(00)00139-0_BIB21","unstructured":"D. Song, G. Shaffer, M. Undy, Nidsbench\u2014A network intrusion detection system test suite, in: The Second International Workshop on Recent Advances in Intrusion Detection (RAID), September 1999, http:\/\/www.anzen.com\/research\/nidsbench\/nidsbench-slides\/nidsbench-slides.html"},{"key":"10.1016\/S1389-1286(00)00139-0_BIB22","unstructured":"M. Tyson, P. Berry, N. Williams, D. Moran, D. Blei, DERBI: Diagnosis, Explanation and Recovery from Computer Break-Ins, project described in http:\/\/www.ai.sri.com\/$\\sim$derbi\/, April 2000"},{"key":"10.1016\/S1389-1286(00)00139-0_BIB23","unstructured":"G. Vigna, S.T. Eckmann, R.A. Kemmerer, The STAT tool suite, in: Proceedings of the 2000 DARPA Information Survivability Conference and Exposition (DISCEX), IEEE Press, New York, January 2000"},{"key":"10.1016\/S1389-1286(00)00139-0_BIB24","doi-asserted-by":"crossref","unstructured":"G. Vigna, R. Kemmerer, NetSTAT: a network-based intrusion detection system, Journal of Computer Security 7(1) (1999)","DOI":"10.3233\/JCS-1999-7103"}],"container-title":["Computer Networks"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S1389128600001390?httpAccept=text\/xml","content-type":"text\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S1389128600001390?httpAccept=text\/plain","content-type":"text\/plain","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2024,12,4]],"date-time":"2024-12-04T01:36:36Z","timestamp":1733276196000},"score":1,"resource":{"primary":{"URL":"https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/S1389128600001390"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2000,10]]},"references-count":24,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2000,10]]}},"alternative-id":["S1389128600001390"],"URL":"https:\/\/doi.org\/10.1016\/s1389-1286(00)00139-0","relation":{},"ISSN":["1389-1286"],"issn-type":[{"value":"1389-1286","type":"print"}],"subject":[],"published":{"date-parts":[[2000,10]]}}}