{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,24]],"date-time":"2026-02-24T16:30:04Z","timestamp":1771950604611,"version":"3.50.1"},"reference-count":26,"publisher":"IEEE","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"DOI":"10.1109\/csac.2003.1254306","type":"proceedings-article","created":{"date-parts":[[2004,7,8]],"date-time":"2004-07-08T20:05:44Z","timestamp":1089317144000},"page":"14-23","source":"Crossref","is-referenced-by-count":156,"title":["Bayesian event classification for intrusion detection"],"prefix":"10.1109","author":[{"given":"C.","family":"Kruegel","sequence":"first","affiliation":[]},{"given":"D.","family":"Mutz","sequence":"additional","affiliation":[]},{"given":"W.","family":"Robertson","sequence":"additional","affiliation":[]},{"given":"F.","family":"Valeur","sequence":"additional","affiliation":[]}],"member":"263","reference":[{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1145\/508791.508835"},{"key":"ref11","article-title":"DARPA Intrusion Detection Evaluation","author":"lincoln","year":"1999"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1145\/382912.382923"},{"key":"ref13","author":"pearl","year":"1997","journal-title":"Probabilistic Reasoning in Intelligent Systems Networks of Plausible Inference"},{"key":"ref14","article-title":"EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances","author":"porras","year":"1997","journal-title":"Proc 1997 National Information Systems Security Conf"},{"key":"ref15","article-title":"Live traffic analysis of TCP\/IP gateways","author":"porras","year":"1998","journal-title":"Proceedings of the 1998 ISOC Symposium on Network and Distributed System Security (NDSS'98)"},{"key":"ref16","article-title":"Bayesian Classification Model for Real-Time Intrusion Detection","author":"puttini","year":"2002","journal-title":"22th International Workshop on Bayesian Inference and Maximum Entropy Methods in Science and Engineering"},{"key":"ref17","year":"0","journal-title":"RealSecure"},{"key":"ref18","article-title":"Snort - Lightweight Intrusion Detection for Networks","author":"roesch","year":"1999","journal-title":"Usenix LISA"},{"key":"ref19","article-title":"Active Platform Security through Intrusion Detection Using Naive Bayesian Network for Anomaly Detection","author":"sebyala","year":"2002"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.1987.232894"},{"key":"ref3","year":"0","journal-title":"Basic Security Module Guide - SunSHIELD BSM"},{"key":"ref6","doi-asserted-by":"crossref","DOI":"10.1007\/3-540-36084-0_11","article-title":"A Stochastic Model for Intrusions","author":"goldman","year":"2002","journal-title":"Symposium on Recent Advances in Intrusion Detection (RAID)"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1109\/SECPRI.1996.502675"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1109\/RISP.1991.130799"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1109\/RISP.1993.287646"},{"key":"ref2","author":"billingsley","year":"1995","journal-title":"Probability and Measure"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1007\/978-1-4757-3502-4"},{"key":"ref1","article-title":"The Base-Rate Fallacy and its Implications for the Difficulty of Intrusion Detection","author":"axelsson","year":"1999","journal-title":"6th ACM Conference on Computer and Communications Security"},{"key":"ref20","year":"0","journal-title":"Smile Structural Modeling Inference and Learning Engine"},{"key":"ref22","doi-asserted-by":"crossref","DOI":"10.1007\/3-540-58473-0_141","article-title":"Inducing probabilistic grammars by bayesian model merging","author":"stolcke","year":"1994","journal-title":"In International Conference on Grammatical Inference"},{"key":"ref21","year":"0","journal-title":"SNARE - System INtrusion Analysis and Reporting Environment"},{"key":"ref24","article-title":"Adaptive, Model-based Monitoring for Cyber Attack Detection","author":"valdes","year":"2000","journal-title":"Proceedings of RAID 2000"},{"key":"ref23","year":"0","journal-title":"Swatch Simple Watchdog"},{"key":"ref26","first-page":"133","article-title":"Detecting intrusions using system calls: Alternative data models","author":"warrender","year":"1999","journal-title":"IEEE Symposium on Security and Privacy"},{"key":"ref25","doi-asserted-by":"crossref","first-page":"37","DOI":"10.3233\/JCS-1999-7103","article-title":"NetSTAT: A Network-based Intrusion Detection System","volume":"7","author":"vigna","year":"1999","journal-title":"Journal of Computer Security"}],"event":{"name":"19th Annual Computer Security Applications Conference, 2003.","location":"Las Vegas, Nevada, USA"},"container-title":["19th Annual Computer Security Applications Conference, 2003. Proceedings."],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx5\/8882\/28060\/01254306.pdf?arnumber=1254306","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2018,6,11]],"date-time":"2018-06-11T18:16:52Z","timestamp":1528741012000},"score":1,"resource":{"primary":{"URL":"http:\/\/ieeexplore.ieee.org\/document\/1254306\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[null]]},"references-count":26,"URL":"https:\/\/doi.org\/10.1109\/csac.2003.1254306","relation":{},"subject":[]}}