{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T04:43:23Z","timestamp":1750308203363,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":31,"publisher":"ACM","license":[{"start":{"date-parts":[[2004,10,25]],"date-time":"2004-10-25T00:00:00Z","timestamp":1098662400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2004,10,25]]},"DOI":"10.1145\/1030083.1030087","type":"proceedings-article","created":{"date-parts":[[2005,1,30]],"date-time":"2005-01-30T17:55:16Z","timestamp":1107107716000},"page":"12-20","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":16,"title":["On the difficulty of scalably detecting network attacks"],"prefix":"10.1145","author":[{"given":"Kirill","family":"Levchenko","sequence":"first","affiliation":[{"name":"University of California at San Diego"}]},{"given":"Ramamohan","family":"Paturi","sequence":"additional","affiliation":[{"name":"University of California at San Diego"}]},{"given":"George","family":"Varghese","sequence":"additional","affiliation":[{"name":"University of California at San Diego"}]}],"member":"320","published-online":{"date-parts":[[2004,10,25]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/237814.237823"},{"key":"e_1_3_2_1_2_1","unstructured":"CERT. http:\/\/www.cert.org\/]]  CERT. http:\/\/www.cert.org\/]]"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"crossref","unstructured":"CERT. \"CERT Advisory CA-1996-21 TCP SYN Flooding and IP Spoofing Attacks.\" 1996.]]  CERT. \"CERT Advisory CA-1996-21 TCP SYN Flooding and IP Spoofing Attacks.\" 1996.]]","DOI":"10.1016\/S1353-4858(96)90059-8"},{"key":"e_1_3_2_1_4_1","unstructured":"CERT. \"CERT Advisory CA-1997-28 IP Denial-of-Service Attacks.\" 1997.]]  CERT. \"CERT Advisory CA-1997-28 IP Denial-of-Service Attacks.\" 1997.]]"},{"key":"e_1_3_2_1_5_1","unstructured":"Check Point Software Technologies Ltd. http:\/\/www.checkpoint.com\/]]  Check Point Software Technologies Ltd. http:\/\/www.checkpoint.com\/]]"},{"key":"e_1_3_2_1_6_1","unstructured":"Cisco Systems. http:\/\/www.cisco.com\/]]  Cisco Systems. http:\/\/www.cisco.com\/]]"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1016\/S0167-4048(00)06026-0"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/859716.859719"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/948205.948225"},{"key":"e_1_3_2_1_10_1","unstructured":"ForeScout Technologies. http:\/\/www.forescout.com\/]]  ForeScout Technologies. http:\/\/www.forescout.com\/]]"},{"key":"e_1_3_2_1_11_1","unstructured":"Fortinet Inc.. http:\/\/www.fortinet.com\/]]  Fortinet Inc.. http:\/\/www.fortinet.com\/]]"},{"key":"e_1_3_2_1_12_1","unstructured":"Fyodor. \"Remote OS detection via TCP\/IP Stack FingerPrinting.\" http:\/\/www.insecure.org\/nmap\/nmap-fingerprinting-article.html]]  Fyodor. \"Remote OS detection via TCP\/IP Stack FingerPrinting.\" http:\/\/www.insecure.org\/nmap\/nmap-fingerprinting-article.html]]"},{"key":"e_1_3_2_1_13_1","first-page":"115","volume-title":"Traffic Normalization, and End-to-End Protocol Semantics.\" 10th USENIX Security Symposium","author":"Handley M.","unstructured":"M. Handley , V. Paxson . \" Network Intrusion Detection : Evasion , Traffic Normalization, and End-to-End Protocol Semantics.\" 10th USENIX Security Symposium , pp. 115 -- 131 .]] M. Handley, V. Paxson. \"Network Intrusion Detection: Evasion, Traffic Normalization, and End-to-End Protocol Semantics.\" 10th USENIX Security Symposium, pp. 115--131.]]"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/948109.948116"},{"key":"e_1_3_2_1_15_1","unstructured":"Juniper Networks. http:\/\/www.juniper.net\/]]  Juniper Networks. http:\/\/www.juniper.net\/]]"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1137\/0405044"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/1028788.1028812"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.5555\/264772"},{"key":"e_1_3_2_1_19_1","unstructured":"Mazu Networks. http:\/\/www.mazunetworks.com\/]]  Mazu Networks. http:\/\/www.mazunetworks.com\/]]"},{"key":"e_1_3_2_1_20_1","first-page":"9","volume-title":"Inferring Internet Denial-of-Service Activity.\" 10th USENIX Security Symposium","author":"Moore D.","unstructured":"D. Moore , G. Voelker , and S. Savage . \" Inferring Internet Denial-of-Service Activity.\" 10th USENIX Security Symposium , pp. 9 -- 22 .]] D. Moore, G. Voelker, and S. Savage. \"Inferring Internet Denial-of-Service Activity.\" 10th USENIX Security Symposium, pp. 9--22.]]"},{"key":"e_1_3_2_1_21_1","unstructured":"Norton Internet Security 2004. http:\/\/www.symantec.com\/sabu\/nis\/nis_pe\/]]  Norton Internet Security 2004. http:\/\/www.symantec.com\/sabu\/nis\/nis_pe\/]]"},{"key":"e_1_3_2_1_22_1","unstructured":"Network Associates Inc. http:\/\/www.nai.com\/]]  Network Associates Inc. http:\/\/www.nai.com\/]]"},{"key":"e_1_3_2_1_23_1","unstructured":"NetScreen Technologies Inc. http:\/\/www.netscreen.com\/]]  NetScreen Technologies Inc. http:\/\/www.netscreen.com\/]]"},{"key":"e_1_3_2_1_24_1","first-page":"31","volume-title":"A System for Detecting Network Intruders in Real-Time.\" 7th USENIX Security Symposium","author":"Paxson V.","unstructured":"V. Paxson . \"Bro : A System for Detecting Network Intruders in Real-Time.\" 7th USENIX Security Symposium , pp. 31 -- 52 .]] V. Paxson. \"Bro: A System for Detecting Network Intruders in Real-Time.\" 7th USENIX Security Symposium, pp. 31--52.]]"},{"key":"e_1_3_2_1_25_1","unstructured":"J. Postel. \"Transmission Control Protocol.\" RFC 793.]]  J. Postel. \"Transmission Control Protocol.\" RFC 793.]]"},{"key":"e_1_3_2_1_26_1","unstructured":"J. Postel. \"Internet Control Message Protocol.\" RFC 792.]]   J. Postel. \"Internet Control Message Protocol.\" RFC 792.]]"},{"key":"e_1_3_2_1_27_1","unstructured":"Silicon Defense. http:\/\/www.silicondefense.com\/]]  Silicon Defense. http:\/\/www.silicondefense.com\/]]"},{"key":"e_1_3_2_1_28_1","unstructured":"Snort. http:\/\/www.snort.org\/]]  Snort. http:\/\/www.snort.org\/]]"},{"key":"e_1_3_2_1_29_1","unstructured":"TINY Software. http:\/\/www.tinysoftware.com\/home\/pg=tpf5_home]]  TINY Software. http:\/\/www.tinysoftware.com\/home\/pg=tpf5_home]]"},{"key":"e_1_3_2_1_30_1","unstructured":"TippingPoint Technologies. http:\/\/www.tippingpoint.com\/]]  TippingPoint Technologies. http:\/\/www.tippingpoint.com\/]]"},{"key":"e_1_3_2_1_31_1","volume-title":"Detecting SYN Flooding Attacks.\" IEEE INFOCOM","author":"Wang H.","year":"2002","unstructured":"H. Wang , D. Zhang , and K. Shin . \" Detecting SYN Flooding Attacks.\" IEEE INFOCOM , 2002 .]] H. Wang, D. Zhang, and K. Shin. \"Detecting SYN Flooding Attacks.\" IEEE INFOCOM, 2002.]]"}],"event":{"name":"CCS04: 11th ACM Conference on Computer and Communications Security 2004","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control","ACM Association for Computing Machinery"],"location":"Washington DC USA","acronym":"CCS04"},"container-title":["Proceedings of the 11th ACM conference on Computer and communications security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1030083.1030087","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1030083.1030087","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T16:25:07Z","timestamp":1750263907000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1030083.1030087"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2004,10,25]]},"references-count":31,"alternative-id":["10.1145\/1030083.1030087","10.1145\/1030083"],"URL":"https:\/\/doi.org\/10.1145\/1030083.1030087","relation":{},"subject":[],"published":{"date-parts":[[2004,10,25]]},"assertion":[{"value":"2004-10-25","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}