{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,5]],"date-time":"2025-11-05T10:45:25Z","timestamp":1762339525338},"reference-count":36,"publisher":"Elsevier BV","issue":"4","license":[{"start":{"date-parts":[[2000,10,1]],"date-time":"2000-10-01T00:00:00Z","timestamp":970358400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/tdm\/userlicense\/1.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Computer Networks"],"published-print":{"date-parts":[[2000,10]]},"DOI":"10.1016\/s1389-1286(00)00142-0","type":"journal-article","created":{"date-parts":[[2003,4,7]],"date-time":"2003-04-07T17:19:33Z","timestamp":1049735973000},"page":"671-697","source":"Crossref","is-referenced-by-count":18,"title":["Intrusion-detection for incident-response, using a military battlefield-intelligence process"],"prefix":"10.1016","volume":"34","author":[{"given":"J","family":"Yuill","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"F","family":"Wu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"J","family":"Settle","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"F","family":"Gong","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"R","family":"Forno","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"M","family":"Huang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"J","family":"Asbery","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"78","reference":[{"key":"10.1016\/S1389-1286(00)00142-0_BIB1","unstructured":"E. Amoroso, Intrusion Detection, Intrusion.Net Books, 1999"},{"key":"10.1016\/S1389-1286(00)00142-0_BIB2","unstructured":"Maximum Security: A Hacker's Guide to Protecting Your Internet Site and Network, Sams.net Publishing, 1997"},{"key":"10.1016\/S1389-1286(00)00142-0_BIB3","unstructured":"T. Aslam et al., Use of a taxonomy of security faults, COAST Laboratory, Technical Report TR-96-051, Purdue University, 1996"},{"key":"10.1016\/S1389-1286(00)00142-0_BIB4","unstructured":"J. Cameron, Method in Software Development, JSP & JSD: The Jackson Approach to Software Development, IEEE Computer Society, Silver Spring, MD, 1983"},{"key":"10.1016\/S1389-1286(00)00142-0_BIB5","series-title":"On War","author":"von Clausewitz","year":"1832"},{"key":"10.1016\/S1389-1286(00)00142-0_BIB6","series-title":"Cryptography and Data Security","author":"Denning","year":"1982"},{"key":"10.1016\/S1389-1286(00)00142-0_BIB7","unstructured":"DilDog, Back Orifice 2000, http:\/\/www.bo2k.com\/, 2000"},{"key":"10.1016\/S1389-1286(00)00142-0_BIB8","unstructured":"D. Farmer et al., Improving the security of your site by breaking into it, full text at http:\/\/www.cerias.purdue.edu, comp.security.unix, December 1993"},{"key":"10.1016\/S1389-1286(00)00142-0_BIB9","doi-asserted-by":"crossref","unstructured":"R. Firth et al., Detecting signs of intrusion, Full text at http:\/\/www.cert.org, Carnegie Mellon University, Software Engineering Institute, Security Improvement Module CMU\/SEI-SIM-001, 1997","DOI":"10.21236\/ADA329629"},{"key":"10.1016\/S1389-1286(00)00142-0_BIB10","unstructured":"US Army Intelligence Center, FM 34-130 Intelligence Preparation of the Battlefield, Full-text at http:\/\/155.217.58.58\/atdls.htm, US Army, 1994"},{"key":"10.1016\/S1389-1286(00)00142-0_BIB11","unstructured":"R. Forno et al., The art of information warfare: insight into the knowledge warrior philosophy, Full text at http:\/\/www.upublish.com, Upublish.com, 1999"},{"key":"10.1016\/S1389-1286(00)00142-0_BIB12","series-title":"At Large: The Strange Case of the World's Biggest Internet Invasion","author":"Freedman","year":"1997"},{"key":"10.1016\/S1389-1286(00)00142-0_BIB13","unstructured":"Fyodor, nmap, http:\/\/www.insecure.org\/, 2000"},{"key":"10.1016\/S1389-1286(00)00142-0_BIB14","unstructured":"R. Heuer, Psychology of intelligence analysis, Full text at http:\/\/www.odci.gov\/csi\/, CIA, Center for the Study of Intelligence, 1999"},{"key":"10.1016\/S1389-1286(00)00142-0_BIB15","doi-asserted-by":"crossref","unstructured":"D. Icove, Collaring the cybercrook: an investigator's view, IEEE Spectrum, 1997","DOI":"10.1109\/6.591662"},{"key":"10.1016\/S1389-1286(00)00142-0_BIB16","unstructured":"Invisible Evil, Hacking Kit v2.0.b, distributed on the Internet, 1997"},{"key":"10.1016\/S1389-1286(00)00142-0_BIB17","series-title":"Hunting Serial Predators","author":"Godwin","year":"2000"},{"key":"10.1016\/S1389-1286(00)00142-0_BIB18","unstructured":"A.A. Jalali et al., The other side of the mountain: Mujahideen tactics in the Soviet\u2013Afghan war, US Marine Corps, Studies and Analysis Division, 1999"},{"key":"10.1016\/S1389-1286(00)00142-0_BIB19","unstructured":"G. Kim et al., The design of a system integrity monitor: Tripwire, Full text at http:\/\/www.cerias.purdue.edu\/, COAST TR 93-01, Department of Computer Sciences, Purdue University, 1993"},{"key":"10.1016\/S1389-1286(00)00142-0_BIB20","doi-asserted-by":"crossref","unstructured":"K.P. Kossakowski et al., Responding to intrusions, Full text at http:\/\/www.cert.org, Carnegie Mellon University, Software Engineering Institute, Security Improvement Module CMU\/SEI-SIM-006, 1999","DOI":"10.21236\/ADA360500"},{"key":"10.1016\/S1389-1286(00)00142-0_BIB21","doi-asserted-by":"crossref","unstructured":"U. Lindqvist et al., How to systematically classify computer security intrusions, in: Proceedings of the 1997 IEEE Symposium on Security and Privacy, IEEE Computer Society Press, Silver Spring, MD, 1997","DOI":"10.1109\/SECPRI.1997.601330"},{"key":"10.1016\/S1389-1286(00)00142-0_BIB22","series-title":"Hacking Exposed: Network Security Secrets and Solutions","author":"McClure","year":"1999"},{"key":"10.1016\/S1389-1286(00)00142-0_BIB23","unstructured":"Doctrine Division, MCDP 1-3 Tactics, Full text at http:\/\/www.doctrine.usmc.mil, US Marine Corps, MCCDC, 1997"},{"key":"10.1016\/S1389-1286(00)00142-0_BIB24","unstructured":"Doctrine Division, MCDP 2 Intelligence, Full text at http:\/\/www.doctrine.usmc.mil, US Marine Corps, MCCDC, 1997"},{"key":"10.1016\/S1389-1286(00)00142-0_BIB25","unstructured":"MCI 7510B Tactical Fundamentals, US Marine Corps, Marine Corps Institute, 1984"},{"key":"10.1016\/S1389-1286(00)00142-0_BIB26","unstructured":"Doctrine Division, MCWP 2-1 Intelligence Operations, Full text at http:\/\/www.doctrine.usmc.mil, US Marine Corps, MCCDC, 1998"},{"key":"10.1016\/S1389-1286(00)00142-0_BIB27","unstructured":"C4I & MCIA, MCWP 2-12 MAGTF Intelligence Analysis and Production, Full text at http:\/\/www.doctrine.usmc.mil, US Marine Corps, MCCDC, Doctrine Division, 1999"},{"key":"10.1016\/S1389-1286(00)00142-0_BIB28","unstructured":"L. von Mises, Human Action, first ed., Ludwig von Mises Institute, 1949"},{"key":"10.1016\/S1389-1286(00)00142-0_BIB29","series-title":"Fundamentals of Criminal Investigation","author":"O'Hara","year":"1994"},{"key":"10.1016\/S1389-1286(00)00142-0_BIB30","unstructured":"M. Reynolds, Crime by choice: An economic analysis, Fisher Institute, 1985"},{"key":"10.1016\/S1389-1286(00)00142-0_BIB31","unstructured":"S. Romig, State of the hack, Full text at ftp:\/\/ftp.net.ohio-state.edu:\/users\/romig\/talks\/state-of-the-hack, Ohio State University, UTS Network Security Group"},{"key":"10.1016\/S1389-1286(00)00142-0_BIB32","series-title":"Web Security Sourcebook","author":"Rubin","year":"1997"},{"key":"10.1016\/S1389-1286(00)00142-0_BIB33","unstructured":"E.E. Schultz et al., Responding to computer security incidents: guidelines for incident handling, Full text at ftp:\/\/ciac.llnl.gov\/pub\/ciac\/ciacdocs\/ihg.txt, Technical report from Department of Energy, LLNL, 1990"},{"key":"10.1016\/S1389-1286(00)00142-0_BIB34","unstructured":"M. Slatalla, Masters of Deception: The Gang That Ruled Cyberspace, HarperCollins, 1995"},{"key":"10.1016\/S1389-1286(00)00142-0_BIB35","unstructured":"Super et al., The Undernet Botdocs: An Introduction to IRC Bots, http:\/\/www.undernet.org\/documents\/, Internet document, circa 1997"},{"key":"10.1016\/S1389-1286(00)00142-0_BIB36","doi-asserted-by":"crossref","unstructured":"West-Brown et al., Handbook for Computer Security Incident Response Teams (CSIRTS), Full text at http:\/\/www.sei.cmu.edu\/, Carnegie Mellon, Software Engineering Institute, Handbook CMU\/SEI-98-HB-001, 1998","DOI":"10.21236\/ADA358945"}],"container-title":["Computer Networks"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S1389128600001420?httpAccept=text\/xml","content-type":"text\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S1389128600001420?httpAccept=text\/plain","content-type":"text\/plain","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2020,1,9]],"date-time":"2020-01-09T01:46:23Z","timestamp":1578534383000},"score":1,"resource":{"primary":{"URL":"https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/S1389128600001420"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2000,10]]},"references-count":36,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2000,10]]}},"alternative-id":["S1389128600001420"],"URL":"https:\/\/doi.org\/10.1016\/s1389-1286(00)00142-0","relation":{},"ISSN":["1389-1286"],"issn-type":[{"value":"1389-1286","type":"print"}],"subject":[],"published":{"date-parts":[[2000,10]]}}}