{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,21]],"date-time":"2026-02-21T03:54:23Z","timestamp":1771646063700,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":25,"publisher":"ACM","license":[{"start":{"date-parts":[[2010,3,22]],"date-time":"2010-03-22T00:00:00Z","timestamp":1269216000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/501100002347","name":"Bundesministerium f\u00fcr Bildung und Forschung","doi-asserted-by":"publisher","award":["FKZ 01-IS07007A"],"award-info":[{"award-number":["FKZ 01-IS07007A"]}],"id":[{"id":"10.13039\/501100002347","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2010,3,22]]},"DOI":"10.1145\/1774088.1774480","type":"proceedings-article","created":{"date-parts":[[2010,4,27]],"date-time":"2010-04-27T12:45:48Z","timestamp":1272372348000},"page":"1846-1853","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":33,"title":["TokDoc"],"prefix":"10.1145","author":[{"given":"Tammo","family":"Krueger","sequence":"first","affiliation":[{"name":"Fraunhofer Institute FIRST, Berlin, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Christian","family":"Gehl","sequence":"additional","affiliation":[{"name":"Fraunhofer Institute FIRST, Berlin, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Konrad","family":"Rieck","sequence":"additional","affiliation":[{"name":"Berlin Institute of Technology, Berlin, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Pavel","family":"Laskov","sequence":"additional","affiliation":[{"name":"Fraunhofer Institute FIRST, Berlin, Germany and University of T\u00fcbingen, T\u00fcbingen, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2010,3,22]]},"reference":[{"key":"e_1_3_2_1_1_1","first-page":"129","volume-title":"Proc. of USENIX Security Symposium","author":"Anagnostakis K. G.","year":"2005","unstructured":"K. G. Anagnostakis , S. Sidiroglou , P. Akritidis , K. Xinidis , E. Markatos , and A. D. Keromytis . Detecting targeted attacks using shadow honeypots . In Proc. of USENIX Security Symposium , pages 129 -- 144 , 2005 . K. G. Anagnostakis, S. Sidiroglou, P. Akritidis, K. Xinidis, E. Markatos, and A. D. Keromytis. Detecting targeted attacks using shadow honeypots. In Proc. of USENIX Security Symposium, pages 129--144, 2005."},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.5555\/1776434.1776440"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-89862-7_17"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2003.12.016"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.5555\/1947337.1947356"},{"key":"e_1_3_2_1_6_1","volume-title":"Proc. of USENIX Security Symposium","author":"Handley M.","year":"2001","unstructured":"M. Handley , V. Paxson , and C. Kreibich . Network intrusion detection: Evasion, traffic normalization and end-to-end protocol semantics . In Proc. of USENIX Security Symposium , 2001 . M. Handley, V. Paxson, and C. Kreibich. Network intrusion detection: Evasion, traffic normalization and end-to-end protocol semantics. In Proc. of USENIX Security Symposium, 2001."},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2006.09.016"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/948109.948144"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2005.01.009"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1109\/EC2ND.2008.8"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1007\/11663812_5"},{"key":"e_1_3_2_1_12_1","volume-title":"Microsoft security intelligence report: January to","year":"2008","unstructured":"Microsoft. Microsoft security intelligence report: January to June 2008 . Microsoft Corporation , 2008. Microsoft. Microsoft security intelligence report: January to June 2008. Microsoft Corporation, 2008."},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1016\/S1389-1286(99)00112-7"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2008.11.011"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1007\/11790754_5"},{"key":"e_1_3_2_1_16_1","volume-title":"Linear-time computation of similarity measures for sequential data. Journal of Machine Learning Research, 9(Jan):23--48","author":"Rieck K.","year":"2008","unstructured":"K. Rieck and P. Laskov . Linear-time computation of similarity measures for sequential data. Journal of Machine Learning Research, 9(Jan):23--48 , 2008 . K. Rieck and P. Laskov. Linear-time computation of similarity measures for sequential data. Journal of Machine Learning Research, 9(Jan):23--48, 2008."},{"key":"e_1_3_2_1_17_1","volume-title":"Proc. of Network and Distributed System Security Symposium (NDSS)","author":"Robertson W.","year":"2006","unstructured":"W. Robertson , G. Vigna , C. Kruegel , and R. A. Kemmerer . Using generalization and characterization techniques in the anomaly-based detection of web attacks . In Proc. of Network and Distributed System Security Symposium (NDSS) , 2006 . W. Robertson, G. Vigna, C. Kruegel, and R. A. Kemmerer. Using generalization and characterization techniques in the anomaly-based detection of web attacks. In Proc. of Network and Distributed System Security Symposium (NDSS), 2006."},{"key":"e_1_3_2_1_18_1","first-page":"229","volume-title":"Proc. of USENIX Large Installation System Administration Conference LISA","author":"Roesch M.","year":"1999","unstructured":"M. Roesch . Snort : Lightweight intrusion detection for networks . In Proc. of USENIX Large Installation System Administration Conference LISA , pages 229 -- 238 , 1999 . M. Roesch. Snort: Lightweight intrusion detection for networks. In Proc. of USENIX Large Installation System Administration Conference LISA, pages 229--238, 1999."},{"key":"e_1_3_2_1_19_1","volume-title":"Density Estimation for Statistics and Data Analysis","author":"Silverman B. W.","year":"1986","unstructured":"B. W. Silverman . Density Estimation for Statistics and Data Analysis . Chapman & amp; Hall\/CRC, 1986 . B. W. Silverman. Density Estimation for Statistics and Data Analysis. Chapman &amp; Hall\/CRC, 1986."},{"key":"e_1_3_2_1_20_1","volume-title":"Proc. of Network and Distributed System Security Symposium (NDSS)","author":"Song Y.","year":"2009","unstructured":"Y. Song , A. D. Keromytis , and S. J. Stolfo . Spectrogram: A mixture-of-markov-chains model for anomaly detection in web traffic . In Proc. of Network and Distributed System Security Symposium (NDSS) , 2009 . Y. Song, A. D. Keromytis, and S. J. Stolfo. Spectrogram: A mixture-of-markov-chains model for anomaly detection in web traffic. In Proc. of Network and Distributed System Security Symposium (NDSS), 2009."},{"key":"e_1_3_2_1_21_1","volume-title":"Symantec global internet security report: Trends for July--December 07","year":"2008","unstructured":"Symantec. Symantec global internet security report: Trends for July--December 07 . Volume XIII , Symantec Corporation , Apr. 2008 . Symantec. Symantec global internet security report: Trends for July--December 07. Volume XIII, Symantec Corporation, Apr. 2008."},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/1141277.1141361"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.5555\/1544138.1544140"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1007\/11856214_12"},{"key":"e_1_3_2_1_25_1","volume-title":"Introduction to Robust Estimation and Hypothesis Testing","author":"Wilcox R. R.","year":"1997","unstructured":"R. R. Wilcox . Introduction to Robust Estimation and Hypothesis Testing . Academic Press , 1997 . R. R. Wilcox. Introduction to Robust Estimation and Hypothesis Testing. Academic Press, 1997."}],"event":{"name":"SAC'10: The 2010 ACM Symposium on Applied Computing","location":"Sierre Switzerland","acronym":"SAC'10","sponsor":["SIGAPP ACM Special Interest Group on Applied Computing"]},"container-title":["Proceedings of the 2010 ACM Symposium on Applied Computing"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1774088.1774480","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1774088.1774480","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T12:41:33Z","timestamp":1750250493000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1774088.1774480"}},"subtitle":["a self-healing web application firewall"],"short-title":[],"issued":{"date-parts":[[2010,3,22]]},"references-count":25,"alternative-id":["10.1145\/1774088.1774480","10.1145\/1774088"],"URL":"https:\/\/doi.org\/10.1145\/1774088.1774480","relation":{},"subject":[],"published":{"date-parts":[[2010,3,22]]},"assertion":[{"value":"2010-03-22","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}