{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,24]],"date-time":"2026-01-24T19:38:17Z","timestamp":1769283497748,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":28,"publisher":"ACM","license":[{"start":{"date-parts":[[2004,10,25]],"date-time":"2004-10-25T00:00:00Z","timestamp":1098662400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2004,10,25]]},"DOI":"10.1145\/1030083.1030086","type":"proceedings-article","created":{"date-parts":[[2005,1,30]],"date-time":"2005-01-30T17:55:16Z","timestamp":1107107716000},"page":"2-11","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":96,"title":["Operational experiences with high-volume network intrusion detection"],"prefix":"10.1145","author":[{"given":"Holger","family":"Dreger","sequence":"first","affiliation":[{"name":"TU M\u00fcnchen"}]},{"given":"Anja","family":"Feldmann","sequence":"additional","affiliation":[{"name":"TU M\u00fcnchen"}]},{"given":"Vern","family":"Paxson","sequence":"additional","affiliation":[{"name":"ICSI \/ LBNL"}]},{"given":"Robin","family":"Sommer","sequence":"additional","affiliation":[{"name":"TU M\u00fcnchen"}]}],"member":"320","published-online":{"date-parts":[[2004,10,25]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"Proc. Passive and Active Measurement Workshop","author":"Agarwal D.","year":"2003","unstructured":"D. Agarwal , J. M. Gonzalez , G. Jin , and B. Tierney . An infrastructure for passive network monitoring of application data streams . In Proc. Passive and Active Measurement Workshop , 2003 .]] D. Agarwal, J. M. Gonzalez, G. Jin, and B. Tierney. An infrastructure for passive network monitoring of application data streams. In Proc. Passive and Active Measurement Workshop, 2003.]]"},{"key":"e_1_3_2_1_2_1","volume-title":"Proc. 12th USENIX Security Symposium","author":"Crosby S. A.","year":"2003","unstructured":"S. A. Crosby and D. S. Wallach . Denial of service via algorithmic complexity attacks . In Proc. 12th USENIX Security Symposium , 2003 .]] S. A. Crosby and D. S. Wallach. Denial of service via algorithmic complexity attacks. In Proc. 12th USENIX Security Symposium, 2003.]]"},{"key":"e_1_3_2_1_3_1","volume-title":"Improving passive packet capture: Beyond device polling. Technical report","author":"Deri L.","year":"2003","unstructured":"L. Deri . Improving passive packet capture: Beyond device polling. Technical report , University of Pisa , 2003 .]] L. Deri. Improving passive packet capture: Beyond device polling. Technical report, University of Pisa, 2003.]]"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/285237.285256"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1109\/90.944338"},{"key":"e_1_3_2_1_6_1","unstructured":"GNU Binutils. http:\/\/www.gnu.org\/software\/binutils.]]  GNU Binutils. http:\/\/www.gnu.org\/software\/binutils.]]"},{"key":"e_1_3_2_1_7_1","volume-title":"Proc. Recent Advances in Intrusion Detection, number 2516 in Lecture Notes in Computer Science","author":"Hall M.","year":"2002","unstructured":"M. Hall and K. Wiley . Capacity verification for high speed network intrusion detection systems . In Proc. Recent Advances in Intrusion Detection, number 2516 in Lecture Notes in Computer Science . Springer-Verlag , 2002 .]] M. Hall and K. Wiley. Capacity verification for high speed network intrusion detection systems. In Proc. Recent Advances in Intrusion Detection, number 2516 in Lecture Notes in Computer Science. Springer-Verlag, 2002.]]"},{"key":"e_1_3_2_1_8_1","volume-title":"Proc. IEEE Symposium on Security and Privacy","author":"Kr\u00fcgel C.","year":"2002","unstructured":"C. Kr\u00fcgel , F. Valeur , G. Vigna , and R. A. Kemmerer . Stateful intrusion detection for high-speed networks . In Proc. IEEE Symposium on Security and Privacy , 2002 .]] C. Kr\u00fcgel, F. Valeur, G. Vigna, and R. A. Kemmerer. Stateful intrusion detection for high-speed networks. In Proc. IEEE Symposium on Security and Privacy, 2002.]]"},{"key":"e_1_3_2_1_9_1","volume-title":"Proc. Recent Advances in Intrusion Detection, number 2516 in Lecture Notes in Computer Science","author":"Lee W.","year":"2002","unstructured":"W. Lee , J. B. Cabrera , A. Thomas , N. Balwalli , S. Saluja , and Y. Zhang . Performance adaptation in real-time intrusion detection systems . In Proc. Recent Advances in Intrusion Detection, number 2516 in Lecture Notes in Computer Science . Springer-Verlag , 2002 .]] W. Lee, J. B. Cabrera, A. Thomas, N. Balwalli, S. Saluja, and Y. Zhang. Performance adaptation in real-time intrusion detection systems. In Proc. Recent Advances in Intrusion Detection, number 2516 in Lecture Notes in Computer Science. Springer-Verlag, 2002.]]"},{"key":"e_1_3_2_1_10_1","volume-title":"Proc.","author":"McCanne S.","year":"1993","unstructured":"S. McCanne and V. Jacobson . The BSD packet filter: A new architecture for user-level packet capture . In Proc. Winter 1993 USENIX Conference , 1993.]] S. McCanne and V. Jacobson. The BSD packet filter: A new architecture for user-level packet capture. In Proc. Winter 1993 USENIX Conference, 1993.]]"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSECP.2003.1219056"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"crossref","unstructured":"D. Moore and C. Shannon. The spread of the Witty. http:\/\/www.caida.org\/analysis\/security\/witty 2004.]]  D. Moore and C. Shannon. The spread of the Witty. http:\/\/www.caida.org\/analysis\/security\/witty 2004.]]","DOI":"10.1109\/MSP.2004.59"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.5555\/1251327.1251329"},{"key":"e_1_3_2_1_14_1","unstructured":"mpatrol. http:\/\/www.cbmamiga.demon.co.uk\/mpatrol.]]  mpatrol. http:\/\/www.cbmamiga.demon.co.uk\/mpatrol.]]"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/90.330413"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1016\/S1389-1286(99)00112-7"},{"key":"e_1_3_2_1_17_1","volume-title":"Secure Networks","author":"Ptacek T. H.","year":"1998","unstructured":"T. H. Ptacek and T. N. Newsham . Insertion, evasion, and denial of service: Eluding network intrusion detection. Technical report , Secure Networks , Inc ., 1998 .]] T. H. Ptacek and T. N. Newsham. Insertion, evasion, and denial of service: Eluding network intrusion detection. Technical report, Secure Networks, Inc., 1998.]]"},{"key":"e_1_3_2_1_18_1","volume-title":"NFR Security","author":"Ranum M. J.","year":"2001","unstructured":"M. J. Ranum . Experiences benchmarking intrusion detection systems. Technical report , NFR Security , Inc ., http:\/\/www.itsecurity.com\/papers\/nfr2.htm, 2001 .]] M. J. Ranum. Experiences benchmarking intrusion detection systems. Technical report, NFR Security, Inc., http:\/\/www.itsecurity.com\/papers\/nfr2.htm, 2001.]]"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.5555\/1039834.1039864"},{"key":"e_1_3_2_1_20_1","unstructured":"Configuring SPAN and RSPAN (Cisco Catalyst 6500 Series). http:\/\/www.cisco.com\/univercd\/cc\/td\/doc\/product\/lan\/cat6000\/sw_7_5\/conf%g_gd\/span.pdf.]]  Configuring SPAN and RSPAN (Cisco Catalyst 6500 Series). http:\/\/www.cisco.com\/univercd\/cc\/td\/doc\/product\/lan\/cat6000\/sw_7_5\/conf%g_gd\/span.pdf.]]"},{"key":"e_1_3_2_1_21_1","unstructured":"Snot. http:\/\/www.stolenshoes.net\/sniph\/index.html.]]  Snot. http:\/\/www.stolenshoes.net\/sniph\/index.html.]]"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/948109.948145"},{"key":"e_1_3_2_1_23_1","volume-title":"TU M\u00fcnchen","author":"Sommer R.","year":"2004","unstructured":"R. Sommer and V. Paxson . Exploiting independent state for network intrusion detection. Technical report , TU M\u00fcnchen , 2004 .]] R. Sommer and V. Paxson. Exploiting independent state for network intrusion detection. Technical report, TU M\u00fcnchen, 2004.]]"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.5555\/647253.720288"},{"key":"e_1_3_2_1_25_1","unstructured":"Stick. http:\/\/packetstormsecurity.nl\/distributed\/stick.htm.]]  Stick. http:\/\/packetstormsecurity.nl\/distributed\/stick.htm.]]"},{"key":"e_1_3_2_1_26_1","unstructured":"tcpdump. http:\/\/www.tcpdump.org.]]  tcpdump. http:\/\/www.tcpdump.org.]]"},{"key":"e_1_3_2_1_27_1","unstructured":"Valgrind. http:\/\/developer.kde.org\/sewardj\/.]]  Valgrind. http:\/\/developer.kde.org\/sewardj\/.]]"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/90.554723"}],"event":{"name":"CCS04: 11th ACM Conference on Computer and Communications Security 2004","location":"Washington DC USA","acronym":"CCS04","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control","ACM Association for Computing Machinery"]},"container-title":["Proceedings of the 11th ACM conference on Computer and communications security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1030083.1030086","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1030083.1030086","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T16:25:07Z","timestamp":1750263907000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1030083.1030086"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2004,10,25]]},"references-count":28,"alternative-id":["10.1145\/1030083.1030086","10.1145\/1030083"],"URL":"https:\/\/doi.org\/10.1145\/1030083.1030086","relation":{},"subject":[],"published":{"date-parts":[[2004,10,25]]},"assertion":[{"value":"2004-10-25","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}