{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,16]],"date-time":"2026-03-16T09:44:04Z","timestamp":1773654244394,"version":"3.50.1"},"reference-count":14,"publisher":"Elsevier BV","issue":"23-24","license":[{"start":{"date-parts":[[1999,12,1]],"date-time":"1999-12-01T00:00:00Z","timestamp":944006400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/tdm\/userlicense\/1.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Computer Networks"],"published-print":{"date-parts":[[1999,12]]},"DOI":"10.1016\/s1389-1286(99)00114-0","type":"journal-article","created":{"date-parts":[[2003,3,25]],"date-time":"2003-03-25T17:25:53Z","timestamp":1048613153000},"page":"2465-2475","source":"Crossref","is-referenced-by-count":70,"title":["A large scale distributed intrusion detection framework based on attack strategy analysis"],"prefix":"10.1016","volume":"31","author":[{"given":"Ming-Yuh","family":"Huang","sequence":"first","affiliation":[]},{"given":"Robert J.","family":"Jasper","sequence":"additional","affiliation":[]},{"given":"Thomas M.","family":"Wicks","sequence":"additional","affiliation":[]}],"member":"78","reference":[{"key":"10.1016\/S1389-1286(99)00114-0_BIB1","unstructured":"D. Zamboni, E.H. Spafford, A prototype for a distributed intrusion detection system, Purdue University, Coast Lab, Coast TR 98-06, 1998"},{"key":"10.1016\/S1389-1286(99)00114-0_BIB2","unstructured":"M. Bishop, C. Wee, J. Frank, Goal-oriented auditing and logging, IEEE Trans. Comput. Sys. http:\/\/seclab.cs.ucdavis.edu\/papers.html"},{"key":"10.1016\/S1389-1286(99)00114-0_BIB3","unstructured":"J.M. Bradshaw et al., KAoS: Toward an industrial-strength open agent architecture, in: J. Bradshaw (Ed.), Software Agents, MIT Press, Cambridge, 1997"},{"key":"10.1016\/S1389-1286(99)00114-0_BIB4","unstructured":"M. Crosbie, E.H. Spafford, Active defense of computer systems using autonomous agents, in: Proceedings of the 18th National Information Security Conference, October 1995"},{"key":"10.1016\/S1389-1286(99)00114-0_BIB5","unstructured":"M. Crosbie, E.H. Spafford, Defending a computer system using autonomous agents, Purdue University, COAST Lab, CSD-TR-95-022, Coast TR 95-02, 1995"},{"key":"10.1016\/S1389-1286(99)00114-0_BIB6","unstructured":"EMERALD: Event monitoring enabling responses to anomalous live disturbances, in: P.A. Porras, P.G. Neumann (Eds.), National Information Systems Security Conference, 1997"},{"key":"10.1016\/S1389-1286(99)00114-0_BIB7","unstructured":"G.W. Hoglund, E.M. Valcarce, The ESSENSE of intrusion detection: A knowledge-based approach to security monitoring and control"},{"key":"10.1016\/S1389-1286(99)00114-0_BIB8","unstructured":"M. Fowler, K. Scott, Uml Distilled: Applying the Standard Object Modeling Language, Addison-Wesley, New York, 1997"},{"key":"10.1016\/S1389-1286(99)00114-0_BIB9","unstructured":"S. Kumar, E.H. Spafford, A pattern matching model for misuse intrusion detection, a pattern-matching model for instrusion detection, in: Proceedings of the National Computer Security Conference, October 1994, pp. 11\u201321"},{"key":"10.1016\/S1389-1286(99)00114-0_BIB10","unstructured":"D. Anderson, T. Lunt, H. Javitz, A. Tamaru, A. Valdes, Detecting unusual program behavior using the statistical component of the next-generation intrusion detection expert system (NIDES), SRI-CSL-95-06, May 1995"},{"key":"10.1016\/S1389-1286(99)00114-0_BIB11","unstructured":"Digital Equipment Corporation, Polycenter Software Product Description. http:\/\/www.digital.com\/info\/security\/id_spds.htm"},{"key":"10.1016\/S1389-1286(99)00114-0_BIB12","unstructured":"A. Sundaram, An introduction to intrusion detection, http:\/\/www.cs.purdue.edu\/coast\/archive\/data\/author_index.html"},{"key":"10.1016\/S1389-1286(99)00114-0_BIB13","unstructured":"H.S. Teng, J. Chen. Adaptive real-time anomaly detection using inductively generated sequential patterns"},{"key":"10.1016\/S1389-1286(99)00114-0_BIB14","unstructured":"E.M. Valcarce, G.W. Hoglund, L. Jansen, L. Baillie, ESSENSE: An experiment in knowledge-based security monitoring and control"}],"container-title":["Computer Networks"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S1389128699001140?httpAccept=text\/xml","content-type":"text\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S1389128699001140?httpAccept=text\/plain","content-type":"text\/plain","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2019,4,13]],"date-time":"2019-04-13T22:25:08Z","timestamp":1555194308000},"score":1,"resource":{"primary":{"URL":"https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/S1389128699001140"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[1999,12]]},"references-count":14,"journal-issue":{"issue":"23-24","published-print":{"date-parts":[[1999,12]]}},"alternative-id":["S1389128699001140"],"URL":"https:\/\/doi.org\/10.1016\/s1389-1286(99)00114-0","relation":{},"ISSN":["1389-1286"],"issn-type":[{"value":"1389-1286","type":"print"}],"subject":[],"published":{"date-parts":[[1999,12]]}}}