{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,7,5]],"date-time":"2025-07-05T04:07:06Z","timestamp":1751688426060,"version":"3.41.0"},"reference-count":35,"publisher":"Springer Science and Business Media LLC","issue":"2","license":[{"start":{"date-parts":[[2002,6,1]],"date-time":"2002-06-01T00:00:00Z","timestamp":1022889600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2002,6,1]],"date-time":"2002-06-01T00:00:00Z","timestamp":1022889600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Journal of Network and Systems Management"],"published-print":{"date-parts":[[2002,6]]},"DOI":"10.1023\/a:1015910917349","type":"journal-article","created":{"date-parts":[[2002,12,29]],"date-time":"2002-12-29T01:32:18Z","timestamp":1041125538000},"page":"225-254","source":"Crossref","is-referenced-by-count":28,"title":["Proactive Intrusion Detection and Distributed Denial of Service Attacks\u2014A Case Study in Security Management"],"prefix":"10.1007","volume":"10","author":[{"given":"Jo\u00e3o B. D.","family":"Cabrera","sequence":"first","affiliation":[]},{"given":"Lundy","family":"Lewis","sequence":"additional","affiliation":[]},{"given":"Xinzhou","family":"Qin","sequence":"additional","affiliation":[]},{"given":"Wenke","family":"Lee","sequence":"additional","affiliation":[]},{"given":"Raman K.","family":"Mehra","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"issue":"2","key":"374308_CR1","doi-asserted-by":"crossref","first-page":"222","DOI":"10.1109\/TSE.1987.232894","volume":"13","author":"D. Denning","year":"1987","unstructured":"D. Denning, An intrusion detection model, IEEE Transactions on Software Engineering, Vol. 13, No. 2, pp. 222\u2013232, February 1987.","journal-title":"IEEE Transactions on Software Engineering"},{"key":"374308_CR2","unstructured":"B. Schneier, Secrets and Lies: Digital Security in a Networked World, John Wiley, 2000."},{"key":"374308_CR3","doi-asserted-by":"crossref","unstructured":"S. Kent, On the trail of intrusions into information systems, IEEE Spectrum, pp. 52\u201356, December 2000.","DOI":"10.1109\/6.887597"},{"key":"374308_CR4","unstructured":"F. B. Schneider, ed., Trust in Cyberspace, National Academy Press, 1998."},{"key":"374308_CR5","doi-asserted-by":"crossref","unstructured":"J. Allen, A. Christie,W. Fithen, J. McHugh, J. Pickel, and E. Stoner, State of the practice of intrusion detection technologies, Technical Report CMU\/SEI-99\u2013TR-028, Carnegie Mellon University, Software Engineering Institute, January 2000.","DOI":"10.21236\/ADA375846"},{"key":"374308_CR6","unstructured":"L. Lewis, Managing Business and Service Networks, Kluwer Academic Press, 2001."},{"key":"374308_CR7","unstructured":"E. Amoroso, Intrusion Detection: An Introduction to Internet Surveillance, Correlation, Traps, Trace Back and Response, Intrusion. Net Books, First Edition, 1999."},{"key":"374308_CR8","unstructured":"M. Subramanian, Network Management-Principles and Practice, Addison-Wesley, 2000."},{"key":"374308_CR9","unstructured":"X. Qin, W. Lee, L. Lewis, and J. B. D. Cabrera, Integrating intrusion detection and network management, Proceedings of the Eighth IEEE\/IFIP Network Operations and Management Symposium, Florence, Italy, pp. 329\u2013344, April 2002."},{"key":"374308_CR10","volume-title":"Applications of Data Mining in Computer Security","author":"X. Qin","year":"2002","unstructured":"X. Qin, W. Lee, L. Lewis, and J. B. D. Cabrera, Using MIB II variables for network intrusion detection. D. Barbar\u00e1 and S. Jajodia, eds., Applications of Data Mining in Computer Security, Kluwer Academic Publishers, Boston, 2002 (in press)."},{"key":"374308_CR11","volume-title":"Applications of Data Mining in Computer Security","author":"J. B. D. Cabrera","year":"2002","unstructured":"J. B. D. Cabrera, L. Lewis, X. Qin, W. Lee, and R. K. Mehra, Proactive intrusion detection-A study on temporal data mining. D. Barbar\u00e1 and S. Jajodia, eds., Applications of Data Mining in Computer Security, Kluwer Academic Publishers, Boston, 2002 (in press)."},{"key":"374308_CR12","doi-asserted-by":"crossref","unstructured":"J. B. D. Cabrera and R. K. Mehra, Extracting precursor rules from time series-A classical statistical viewpoint, Proceedings of the Second SIAM International Conference on Data Mining, Arlington, Virginia, pp. 213\u2013228, April 2002.","DOI":"10.1137\/1.9781611972726.13"},{"key":"374308_CR13","unstructured":"G. Das, K.-I. Lin, H. Mannila, G. Renganathan, and P. Smyth, Rule discovery from time series, Proceedings of the Fourth International Conference on Knowledge Discovery and Data Mining, pp. 16\u201322, 1998."},{"key":"374308_CR14","unstructured":"Science and Technology Section, Internet security-Anatomy of an attack, The Economist, pp. 80\u201381, February 19, 2000."},{"key":"374308_CR15","doi-asserted-by":"crossref","unstructured":"D. Moore, G. M. Voelker, and S. Savage, Inferring Internet Denial-of-Service Activity, Proceedings of USENIX Security Symposium, Washington, D.C., 2001.","DOI":"10.21236\/ADA400003"},{"key":"374308_CR16","doi-asserted-by":"crossref","unstructured":"P. J. Criscuolo, Distributed denial of service-Trin00, Tribe flood network, tribe flood network 2000, and Stacheldraht, Technical Report CIAC-2319, Department of Energy-Computer Incident Advisory Capability, (CIAC) February 2000.","DOI":"10.2172\/792253"},{"key":"374308_CR17","unstructured":"K. Kendall, A database of computer attacks for the evaluation of intrusion detection systems, Master's thesis, Massachusetts Institute of Technology, June 1999."},{"key":"374308_CR18","first-page":"466","volume-title":"Proceedings of the Eighth International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunications Systems","author":"J. B. D. Cabrera","year":"2000","unstructured":"J. B. D. Cabrera, B. Ravichandran, and R. K. Mehra, Statistical traffic modeling for network intrusion detection, Proceedings of the Eighth International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunications Systems, IEEE Computer Society, San Francisco, California, pp. 466\u2013473, August 2000."},{"key":"374308_CR19","unstructured":"W. R. Stevens, TCP\/IP Illustrated, Volume 1: The Protocols, Addison-Wesley, pp. 363\u2013388, 1994."},{"issue":"3","key":"374308_CR20","doi-asserted-by":"crossref","first-page":"259","DOI":"10.1023\/A:1009748302351","volume":"1","author":"H. Mannila","year":"1997","unstructured":"H. Mannila, H. Toivonen, and A. I. Verkamo, Discovery of frequent episodes in event sequences, Data Mining and Knowledge Discovery, Vol. 1, No. 3, pp. 259\u2013289, 1997.","journal-title":"Data Mining and Knowledge Discovery"},{"issue":"6","key":"374308_CR21","doi-asserted-by":"crossref","first-page":"914","DOI":"10.1109\/69.250074","volume":"5","author":"R. Agrawal","year":"1993","unstructured":"R. Agrawal, T. Imielinski, and A. Swami, Database mining: A performance perspective, IEEE Transactions on Knowledge and Data Engineering, Vol. 5, No. 6, pp. 914\u2013925, December 1993.","journal-title":"IEEE Transactions on Knowledge and Data Engineering"},{"key":"374308_CR22","doi-asserted-by":"crossref","first-page":"424","DOI":"10.2307\/1912791","volume":"34","author":"C. J. Granger","year":"1969","unstructured":"C.W. J. Granger, Investigating causal relations by econometric models and cross-spectral methods, Econometrica, Vol. 34, pp. 424\u2013438, 1969.","journal-title":"Econometrica"},{"key":"374308_CR23","doi-asserted-by":"crossref","unstructured":"J. Hamilton, Time Series Analysis, Princeton University Press, 1994.","DOI":"10.1515\/9780691218632"},{"key":"374308_CR24","volume-title":"Statistical Distributions","author":"M. Evans","year":"1993","unstructured":"M. Evans, N. Hastings, and B. Peacock, Statistical Distributions. John Wiley, New York, Second Edition, 1993.","edition":"Second Edition"},{"key":"374308_CR25","unstructured":"G. Casella and R. L. Berger, Statistical Inference, Duxbury Press, Belmont, California, p. 364, 1990."},{"key":"374308_CR26","doi-asserted-by":"crossref","unstructured":"M. Thottan and C. Ji, Proactive anomaly detection using distributed agents, IEEE Network, pp. 21\u201327, September 1998.","DOI":"10.1109\/65.730748"},{"key":"374308_CR27","first-page":"549","volume-title":"Proceedings of the Eighth International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunications Systems","author":"F. Zhang","year":"2000","unstructured":"F. Zhang and J. Hellerstein, An approach to on-line predictive detection, Proceedings of the Eighth International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunications Systems, IEEE Computer Society, San Francisco, California, pp. 549\u2013556, August 2000."},{"key":"374308_CR28","unstructured":"J. B. D. Cabrera, L. J. Popyack, Jr., L. Lewis, B. Ravichandran, and R. K. Mehra, The monitoring, detection, interpretation and response paradigm for the security of battlespace networks, Proceedings of IEEE MILCOM 2001, Washington, D.C., October 2001."},{"key":"374308_CR29","unstructured":"D. Schnackenberg, K. Djahandari, and D. Sterne, Infrastructure for intrusion detection and response, Proceedings of DARPA Information Survivability Conference and Exposition, Hilton Head Island, South Carolina, January 2000."},{"key":"374308_CR30","unstructured":"S. Northcutt, Network Intrusion Detection-An Analyst's Handbook, NewRiders Publishing, 1999."},{"key":"374308_CR31","doi-asserted-by":"crossref","unstructured":"S. Axelsson, The base-rate fallacy and its implications for the difficulty of intrusion detection, Proceedings of the Sixth ACMConference on Computer and Communications Security, Singapore, November 1999.","DOI":"10.1145\/319709.319710"},{"key":"374308_CR32","unstructured":"J. E. Gaffney, Jr., and J. W. Ulvila, Evaluation of intrusion detectors: A decision theory approach, Proceedings of the IEEE Symposium on Security and Privacy, May 2001."},{"key":"374308_CR33","doi-asserted-by":"crossref","unstructured":"W. Lee,W. Fan, M. Miller, S. J. Stolfo, and E. Zadok, Toward cost-sensitive modeling for intrusion detection and response, Journal of Computer Security, 2002 (in press).","DOI":"10.3233\/JCS-2002-101-202"},{"key":"374308_CR34","unstructured":"K. Boudaoud, H. Labiod, R. Boutaba, and Z. Guessoum, Network security management with intelligent agents, IEEE Publishing, Proceedings of NOMS, 2000."},{"key":"374308_CR35","unstructured":"Z. Fu, H. Huang, T.Wu, S.Wu, F. Gong, C. Xu, and I. Baldine, ISCP: Design and implementation of an inter-domain Security Management Agent (SMA) coordination protocol, IEEE Publishing, Proceedings of NOMS, 2000."}],"container-title":["Journal of Network and Systems Management"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1023\/A:1015910917349.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1023\/A:1015910917349\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1023\/A:1015910917349.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,4]],"date-time":"2025-07-04T09:39:47Z","timestamp":1751621987000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1023\/A:1015910917349"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2002,6]]},"references-count":35,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2002,6]]}},"alternative-id":["374308"],"URL":"https:\/\/doi.org\/10.1023\/a:1015910917349","relation":{},"ISSN":["1064-7570","1573-7705"],"issn-type":[{"type":"print","value":"1064-7570"},{"type":"electronic","value":"1573-7705"}],"subject":[],"published":{"date-parts":[[2002,6]]}}}