{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,10]],"date-time":"2026-06-10T18:31:23Z","timestamp":1781116283244,"version":"3.54.1"},"reference-count":49,"publisher":"IEEE","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2015,5]]},"DOI":"10.1109\/inm.2015.7140300","type":"proceedings-article","created":{"date-parts":[[2015,7,6]],"date-time":"2015-07-06T21:19:27Z","timestamp":1436217567000},"page":"261-269","source":"Crossref","is-referenced-by-count":39,"title":["How to exchange security events? Overview and evaluation of formats and protocols"],"prefix":"10.1109","author":[{"given":"Jessica","family":"Steinberger","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Anna","family":"Sperotto","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Mario","family":"Golling","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Harald","family":"Baier","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"263","reference":[{"key":"ref39","article-title":"IAP: Intrusion Alert Protocol Internet-Draft","author":"gupta","year":"2001","journal-title":"IETF"},{"key":"ref38","article-title":"Intrusion Detection Message Exchange Requirements","author":"wood","year":"2007","journal-title":"RFC 4766 (Informational) IETF"},{"key":"ref33","article-title":"In Syslog we trust","year":"2012","journal-title":"Assuria Ltd"},{"key":"ref32","article-title":"The Syslog Protocol","author":"gerhards","year":"2009","journal-title":"RFC 5424 (Proposed Standard)"},{"key":"ref31","article-title":"The BSD Syslog Protocol","author":"lonvick","year":"2001","journal-title":"RFC 3164 (Informational) IETF"},{"key":"ref30","article-title":"X-ARF: A Reporting and Exchange Format for the Data Exchange of Netflow and Honeypot Data","author":"kohlrausch","year":"2011"},{"key":"ref37","article-title":"Transport of Real-time Inter-network Defense (RID) Messages over HTTP\/TLS","author":"trammell","year":"2012","journal-title":"RFC 6546 (Proposed Standard) IETF"},{"key":"ref36","article-title":"Real-time Inter-network Defense (RID)","author":"moriarty","year":"2012","journal-title":"RFC 6545 (Proposed Standard) IETF"},{"key":"ref35","article-title":"Communication in the Common Intrusion Detection Framework","author":"kahn","year":"1998"},{"key":"ref34","article-title":"Definitions of Managed Objects for the Delegation of Management Scripts","author":"levi","year":"2001","journal-title":"RFC 3165 (Proposed Standard) IETF"},{"key":"ref28","article-title":"An Extensible Format for Email Feedback Reports RFC 5965 (Proposed Standard)","author":"shafranovich","year":"2010"},{"key":"ref27","article-title":"ARF is Now an IETF Standard","author":"levine","year":"2010"},{"key":"ref29","article-title":"Network Incident Reporting: Provider verst&#x00E4;rken Zusammenarbeit","year":"2012","journal-title":"eco-Verband der deutschen Internetwirtschaft e V"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1145\/2076450.2076456"},{"key":"ref1","article-title":"Internet Security Threat Report","year":"2013","journal-title":"Symantec Corporation"},{"key":"ref20","article-title":"The Incident Object Description Exchange Format RFC 5070 (Proposed Standard)","author":"danyliw","year":"2007","journal-title":"IETF"},{"key":"ref22","article-title":"XEP-0268: Incident Handling","author":"hefczyc","year":"2012"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1145\/2663876.2663883"},{"key":"ref24","article-title":"The Intrusion Detection Message Exchange Format (IDMEF) RFC 4765 (Experimental)","author":"debar","year":"2007"},{"key":"ref23","article-title":"CAIF-Common Announcement Interchange Format","year":"2004","journal-title":"RUS-CERT University of Stuttgart"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1109\/MIC.2010.133"},{"key":"ref25","article-title":"Common Event Expression","year":"2013","journal-title":"The MITRE Corporation"},{"key":"ref10","article-title":"Making Security Measurable and Manageable","author":"martin","year":"2013"},{"key":"ref11","doi-asserted-by":"crossref","DOI":"10.17487\/rfc0791","article-title":"Internet Protocol","author":"postel","year":"1981"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2001.991519"},{"key":"ref12","author":"kerrisk","year":"2010","journal-title":"The Linux Programming Interface- M&#x00FC;nchen No Starch Press"},{"key":"ref13","article-title":"Information technology-Security techniques-Information security risk management","year":"2011","journal-title":"ISO\/IEC 27005 2011 International Organization for Standardization"},{"key":"ref14","first-page":"800","article-title":"Computer Security Incident Handling Guide","author":"cichonski","year":"2012","journal-title":"Special publication"},{"key":"ref15","article-title":"Common Intrusion Detection Framework","author":"tung","year":"1999"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1109\/DISCEX.2000.821505"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1109\/DISCEX.2001.932189"},{"key":"ref18","article-title":"Intrusion Detection FAQ: What open standards exist for Intrusion Detection?","author":"staniford-chen","year":"2008"},{"key":"ref19","article-title":"Common Event Expression","author":"shields","year":"2009","journal-title":"NIST's 5th Annual IT Security Automation Conference"},{"key":"ref4","article-title":"The Role of Internet Service Providers in Botnet Mitigation: An Empirical Analysis Based on Spam Data","author":"van eeten","year":"0","journal-title":"The Tenth Workshop on the Economics of Information Security 2010"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2012.07.021"},{"key":"ref6","doi-asserted-by":"crossref","DOI":"10.1109\/TNET.2012.2194508","article-title":"Firecol: A collaborative protection network for the detection of flooding DDoS attacks","volume":"20","author":"fran\u00e7ois","year":"2012","journal-title":"Networking IEEE\/ACM Transactions on"},{"key":"ref5","article-title":"Worldwide Infrastructure Security Report","author":"anstee","year":"2013","journal-title":"Arbor Networks Inc Tech Rep VIII"},{"key":"ref8","article-title":"Evaluation of state of the art ids message exchange protocols","author":"koch","year":"0","journal-title":"International Conference on Communication and Network Security (CNS 2013) 2013"},{"key":"ref7","doi-asserted-by":"crossref","DOI":"10.1007\/978-3-642-38998-6_7","article-title":"Anomaly Detection and Mitigation at Internet Scale: A Survey","volume":"7943","author":"steinberger","year":"2013","journal-title":"Emerging Management Mechanisms for the Future Internet Springer Berlin Heidelberg"},{"key":"ref49","doi-asserted-by":"crossref","first-page":"49","DOI":"10.1007\/3-540-39945-3_4","article-title":"A Data Mining and CIDF Based Approach for Detecting Novel and Distributed Intrusions","volume":"1907","author":"lee","year":"2000","journal-title":"Recent Advances in Intrusion Detection Springer Berlin Heidelberg"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2014.99"},{"key":"ref46","article-title":"Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies","author":"freed","year":"1996","journal-title":"RFC 2045 (Draft Standard) IETF"},{"key":"ref45","article-title":"Simple Mail Transfer Protocol","author":"klensin","year":"2008","journal-title":"RFC 5321 (Draft Standard)"},{"key":"ref48","article-title":"Transmission of Syslog Messages over UDP","author":"okmianski","year":"2009","journal-title":"RFC 5426 (Proposed Standard) IETF"},{"key":"ref47","article-title":"Transport Layer Security (TLS) Transport Mapping for Syslog","author":"miao","year":"2009","journal-title":"RFC 5425 (Proposed Standard) IETF"},{"key":"ref42","article-title":"XML Watch: Bird's-eye BEEP","author":"dumbill","year":"2001"},{"key":"ref41","doi-asserted-by":"crossref","DOI":"10.17487\/rfc3080","article-title":"The Blocks Extensible Exchange Protocol Core","author":"rose","year":"2001"},{"key":"ref44","article-title":"CEE Log Transport (CLT) Specification","year":"2012","journal-title":"The MITRE Corporation"},{"key":"ref43","article-title":"The Intrusion Detection Exchange Protocol (IDXP)","author":"feinstein","year":"2007","journal-title":"RFC 4767 (Experimental) IETF"}],"event":{"name":"2015 IFIP\/IEEE International Symposium on Integrated Network Management (IM)","location":"Ottawa, ON, Canada","start":{"date-parts":[[2015,5,11]]},"end":{"date-parts":[[2015,5,15]]}},"container-title":["2015 IFIP\/IEEE International Symposium on Integrated Network Management (IM)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/7121095\/7140257\/07140300.pdf?arnumber=7140300","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,8,28]],"date-time":"2019-08-28T01:25:56Z","timestamp":1566955556000},"score":1,"resource":{"primary":{"URL":"http:\/\/ieeexplore.ieee.org\/document\/7140300\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015,5]]},"references-count":49,"URL":"https:\/\/doi.org\/10.1109\/inm.2015.7140300","relation":{},"subject":[],"published":{"date-parts":[[2015,5]]}}}