{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T04:32:50Z","timestamp":1750307570486,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":22,"publisher":"ACM","license":[{"start":{"date-parts":[[2009,11,9]],"date-time":"2009-11-09T00:00:00Z","timestamp":1257724800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2009,11,9]]},"DOI":"10.1145\/1654988.1655000","type":"proceedings-article","created":{"date-parts":[[2009,11,17]],"date-time":"2009-11-17T13:30:15Z","timestamp":1258464615000},"page":"39-46","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":5,"title":["Keep your friends close"],"prefix":"10.1145","author":[{"given":"Angelos","family":"Stavrou","sequence":"first","affiliation":[{"name":"George Mason University, Fairfax, VA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Gabriela F.","family":"Cretu-Ciocarlie","sequence":"additional","affiliation":[{"name":"Columbia University, New York, NY, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Michael E.","family":"Locasto","sequence":"additional","affiliation":[{"name":"George Mason University, Fairfax, VA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Salvatore J.","family":"Stolfo","sequence":"additional","affiliation":[{"name":"Columbia University, New York, NY, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2009,11,9]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Apache mod_rewrite Buffer Overflow Vulnerability. http:\/\/www.securityfocus.com\/archive\/1\/archive\/1\/441487\/100\/0\/threaded.  Apache mod_rewrite Buffer Overflow Vulnerability. http:\/\/www.securityfocus.com\/archive\/1\/archive\/1\/441487\/100\/0\/threaded."},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2008.11"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-04342-0_3"},{"key":"e_1_3_2_1_4_1","unstructured":"CVS Heap Overflow Vulnerability. http:\/\/www.us-cert.gov\/cas\/techalerts\/TA04-147A.html.  CVS Heap Overflow Vulnerability. http:\/\/www.us-cert.gov\/cas\/techalerts\/TA04-147A.html."},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1007\/11663812_4"},{"key":"e_1_3_2_1_6_1","unstructured":"ghttpd Log() Function Buffer Overflow Vulnerability. http:\/\/www.securityfocus.com\/bid\/5960.  ghttpd Log() Function Buffer Overflow Vulnerability. http:\/\/www.securityfocus.com\/bid\/5960."},{"key":"e_1_3_2_1_7_1","unstructured":"Known Vulnerabilities in Mozilla Products. http:\/\/www.mozilla.org\/projects\/security\/known-vulnerabilities.  Known Vulnerabilities in Mozilla Products. http:\/\/www.mozilla.org\/projects\/security\/known-vulnerabilities."},{"key":"e_1_3_2_1_8_1","volume-title":"Proceedings of the 4th International Conference on Knowledge Discovery and Data Mining (KDD)","author":"Lane T.","year":"1998","unstructured":"T. Lane and C. E. Broadley . Approaches to online learning and concept drift for user identification in computer security . In Proceedings of the 4th International Conference on Knowledge Discovery and Data Mining (KDD) , 1998 . T. Lane and C. E. Broadley. Approaches to online learning and concept drift for user identification in computer security. In Proceedings of the 4th International Conference on Knowledge Discovery and Data Mining (KDD), 1998."},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-04342-0_8"},{"key":"e_1_3_2_1_10_1","unstructured":"Local DoS Attack in Linux Kernel. http:\/\/www.sfu.ca\/~siegert\/linux-security\/msg00047.html.  Local DoS Attack in Linux Kernel. http:\/\/www.sfu.ca\/~siegert\/linux-security\/msg00047.html."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-04342-0_2"},{"key":"e_1_3_2_1_12_1","unstructured":"R. McGovern. Inotify-tools. http:\/\/inotify-tools.sourceforge.net\/.  R. McGovern. Inotify-tools. http:\/\/inotify-tools.sourceforge.net\/."},{"key":"e_1_3_2_1_13_1","unstructured":"Multiple Vulnerabilities in libpng. http:\/\/www.us-cert.gov\/cas\/techalerts\/TA04-217A.html.  Multiple Vulnerabilities in libpng. http:\/\/www.us-cert.gov\/cas\/techalerts\/TA04-217A.html."},{"key":"e_1_3_2_1_14_1","unstructured":"MySQL 5.0 Reference Manual: Using Triggers. http:\/\/dev.mysql.com\/doc\/refman\/5.0\/en\/triggers.html.  MySQL 5.0 Reference Manual: Using Triggers. http:\/\/dev.mysql.com\/doc\/refman\/5.0\/en\/triggers.html."},{"key":"e_1_3_2_1_15_1","unstructured":"Null httpd Remote Heap Overflow Vulnerability. http:\/\/www.securityfocus.com\/bid\/5774.  Null httpd Remote Heap Overflow Vulnerability. http:\/\/www.securityfocus.com\/bid\/5774."},{"key":"e_1_3_2_1_16_1","first-page":"207","volume-title":"Proceedings of the 12th USENIX Security Symposium","author":"Provos N.","year":"2003","unstructured":"N. Provos . Improving Host Security with System Call Policies . In Proceedings of the 12th USENIX Security Symposium , pages 207 -- 225 , August 2003 . N. Provos. Improving Host Security with System Call Policies. In Proceedings of the 12th USENIX Security Symposium, pages 207--225, August 2003."},{"key":"e_1_3_2_1_17_1","unstructured":"Remote Code Injection Vulnerability in fetchmail. http:\/\/fetchmail.berlios.de\/fetchmail-SA-2005-01.txt.  Remote Code Injection Vulnerability in fetchmail. http:\/\/fetchmail.berlios.de\/fetchmail-SA-2005-01.txt."},{"key":"e_1_3_2_1_18_1","unstructured":"Samba Security Releases. http:\/\/samba.org\/samba\/samba\/history\/security.html.  Samba Security Releases. http:\/\/samba.org\/samba\/samba\/history\/security.html."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.5555\/1239367.1239370"},{"key":"e_1_3_2_1_20_1","unstructured":"STunnel Client Negotiation Protocol Format String Vulnerability. http:\/\/www.securityfocus.com\/bid\/3748.  STunnel Client Negotiation Protocol Format String Vulnerability. http:\/\/www.securityfocus.com\/bid\/3748."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1007\/11663812_12"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1007\/11856214_12"}],"event":{"name":"CCS '09: 16th ACM Conference on Computer and Communications Security 2009","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"Chicago Illinois USA","acronym":"CCS '09"},"container-title":["Proceedings of the 2nd ACM workshop on Security and artificial intelligence"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1654988.1655000","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1654988.1655000","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T12:41:00Z","timestamp":1750250460000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1654988.1655000"}},"subtitle":["the necessity for updating an anomaly sensor with legitimate environment changes"],"short-title":[],"issued":{"date-parts":[[2009,11,9]]},"references-count":22,"alternative-id":["10.1145\/1654988.1655000","10.1145\/1654988"],"URL":"https:\/\/doi.org\/10.1145\/1654988.1655000","relation":{},"subject":[],"published":{"date-parts":[[2009,11,9]]},"assertion":[{"value":"2009-11-09","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}