{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,24]],"date-time":"2025-08-24T01:41:21Z","timestamp":1755999681288,"version":"3.37.3"},"reference-count":36,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2013,12,1]],"date-time":"2013-12-01T00:00:00Z","timestamp":1385856000000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by\/2.0"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["EURASIP J. on Info. Security"],"published-print":{"date-parts":[[2013,12]]},"DOI":"10.1186\/1687-417x-2013-7","type":"journal-article","created":{"date-parts":[[2013,12,19]],"date-time":"2013-12-19T21:02:33Z","timestamp":1387486953000},"source":"Crossref","is-referenced-by-count":4,"title":["A quality metric for IDS signatures: in the wild the size matters"],"prefix":"10.1186","volume":"2013","author":[{"given":"Elias","family":"Raftopoulos","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Xenofontas","family":"Dimitropoulos","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2013,12,20]]},"reference":[{"key":"14_CR1","unstructured":"Emerging threats , Accessed 17 December 2013 http:\/\/www.emergingthreats.net"},{"key":"14_CR2","unstructured":"Bleeding edge snort rules . Accessed 17 December 2013 http:\/\/www.bleedingsnort.com"},{"key":"14_CR3","unstructured":"SRI Malware threat center . Accessed 17 December 2013 http:\/\/www.snort.org\/vrt"},{"key":"14_CR4","unstructured":"The Nessus vulnerability scanner . Accessed 17 December 2013 http:\/\/www.tenable.com\/products\/nessus"},{"key":"14_CR5","unstructured":"The open vulnerability assessment system . Accessed 17 December 2013 http:\/\/www.openvas.org"},{"key":"14_CR6","doi-asserted-by":"crossref","unstructured":"Raftopoulos E, Dimitropoulos X: Technical report: shedding light on data correlation during network forensics analysis. Tech. Rep. 346 (2012)","DOI":"10.1007\/978-3-642-37300-8_14"},{"key":"14_CR7","unstructured":"A free lightweight network intrusion detection system for UNIX and Windows . Accessed 17 December 2013 http:\/\/www.snort.org"},{"key":"14_CR8","unstructured":"The case for open source IDS . Accessed 17 December 2013 http:\/\/www.itsecurity.com\/features\/the-case-for-open-source-ids-022607\/"},{"key":"14_CR9","unstructured":"Best IDS\/IPS solution . Accessed 17 December 2013 http:\/\/www.scmagazine.com\/best-idsips-solution\/article\/130871\/"},{"key":"14_CR10","volume-title":"ACM SIGCOMM IMC","author":"E Raftopoulos","year":"2011","unstructured":"Raftopoulos E, Dimitropoulos X: Detecting, validating and characterizing computer infections in the wild. In ACM SIGCOMM IMC. Berlin; 2011."},{"key":"14_CR11","unstructured":"Anonymous postmasters early warning system . Accessed 17 December 2013 http:\/\/www.apews.org"},{"key":"14_CR12","unstructured":"The Urlblacklist web page . Accessed 17 December 2013 http:\/\/www.urlblacklist.com"},{"key":"14_CR13","unstructured":"Shadowserver Foundation . Accessed 17 December 2013 http:\/\/www.shadowserver.org"},{"key":"14_CR14","unstructured":"Cooperative Network Security Community - Internet Security . Accessed 17 December 2013 http:\/\/www.dshield.org"},{"key":"14_CR15","unstructured":"Advanced automated threat analysis system . Accessed 17 December 2013 http:\/\/www.threatexpert.com"},{"key":"14_CR16","unstructured":"Trestian I, Ranjan S, Kuzmanovi A, Nucci A: Unconstrained endpoint profiling (googling the internet). ACM SIGCOMM\u201908, NY, USA http:\/\/doi.acm.org\/10.1145\/1402958.1402991"},{"key":"14_CR17","unstructured":"Raftopoulos E, Dimitropoulos X: Shedding light on log correlation in network forensics analysis. DIMVA\u201912"},{"key":"14_CR18","unstructured":"Sinha S, Bailey M, Jahanian F: Shades of grey: on the effectiveness of reputation-based blacklists. MALWARE\u201908 (Fairfax) 57-64."},{"issue":"2-3","key":"14_CR19","first-page":"233","volume":"9","author":"K Ellul","year":"2004","unstructured":"Ellul K, Krawetz B, Shallit J, Wang Mw: Regular expressions: new results and open problems. J. Autom. Lang. Comb 2004, 9(2-3):233-256. http:\/\/dl.acm.org\/citation.cfm?id=1103362.1103368","journal-title":"J. Autom. Lang. Comb"},{"key":"14_CR20","volume-title":"Jmp for Basic Univariate and Multivariate Statistics: Methods for Researchers and Social Scientists, Second Edition","author":"A Lehman","year":"2013","unstructured":"Lehman A, O\u2019Rourke N, Hatcher L: Jmp for Basic Univariate and Multivariate Statistics: Methods for Researchers and Social Scientists, Second Edition. Cary: SAS Institute; 2013. http:\/\/books.google.ch\/books?id=Zh4iD8V2sTsC"},{"key":"14_CR21","unstructured":"Chatterjee S, Price B: Regression Analysis by Example. Wiley; http:\/\/eu.wiley.com\/WileyCDA\/WileyTitle\/productCd-0470905840.html"},{"key":"14_CR22","unstructured":"Sourcefire Vulnerability Research Team . Accessed 17 December 2013 http:\/\/www.snort.org\/vrt"},{"key":"14_CR23","first-page":"141","volume-title":"NSDI","author":"S Saroiu","year":"2004","unstructured":"Saroiu S, Gribble SD, Levy HM: Measurement and analysis of Spyware in a university environment. NSDI 2004, 141-153."},{"key":"14_CR24","volume-title":"Proceedings of the 5th International Conference on DIMVA","author":"TF Yen","year":"2008","unstructured":"Yen TF, Reiter MK: Traffic aggregation for Malware detection. In Proceedings of the 5th International Conference on DIMVA. Berlin, Heidelberg; 10\u201311 July 2008. http:\/\/dx.doi.org\/10.1007\/978-3-540-70542-0_11"},{"key":"14_CR25","volume-title":"DIMVA","author":"G Maier","year":"2011","unstructured":"Maier G, Feldmann A, Paxson V, Sommer R, Vallentin M: An assessment of overt malicious activity manifest in residential networks. DIMVA 2011."},{"key":"14_CR26","doi-asserted-by":"crossref","unstructured":"Sharma A, Kalbarczyk Z, Barlow J, Iyer RK: Analysis of security data from a large computing organization. IEEE\/IFIP 41st International Conference on DSN, 27-30 June 2011","DOI":"10.1109\/DSN.2011.5958263"},{"key":"14_CR27","doi-asserted-by":"publisher","first-page":"S65","DOI":"10.1016\/j.diin.2008.05.008","volume":"5","author":"A Case","year":"2008","unstructured":"Case A, Cristina A, Marziale L, Richard GG, Roussev V: FACE: automated digital evidence discovery and correlation. Digit. Investig 2008, 5: S65-S75. http:\/\/dx.doi.org\/10.1016\/j.diin.2008.05.008","journal-title":"Digit. Investig"},{"key":"14_CR28","doi-asserted-by":"publisher","first-page":"71","DOI":"10.1016\/j.diin.2006.06.007","volume":"3","author":"SL Garfinkel","year":"2006","unstructured":"Garfinkel SL: Forensic feature extraction and cross-drive analysis. Digit. Investig 2006, 3: 71-81. http:\/\/dx.doi.org\/10.1016\/j.diin.2006.06.007","journal-title":"Digit. Investig"},{"key":"14_CR29","first-page":"291","volume-title":"IEEE\/IFIP International Conference on DSN\u201910, Chicago, 28 June to 1","author":"Y Zeng","year":"2010","unstructured":"Zeng Y, Hu X, Shin K: Detection of botnets using combined host- and network-level information. IEEE\/IFIP International Conference on DSN\u201910, Chicago, 28 June to 1 July 2010 291-300."},{"key":"14_CR30","volume-title":"Fourth International IEEE Workshop on Systematic Approaches to Digital Forensic Engineering 2009","author":"S Garfinkel","year":"2009","unstructured":"Garfinkel S: Automating disk forensic processing with SleuthKit, XML and Python. In Fourth International IEEE Workshop on Systematic Approaches to Digital Forensic Engineering 2009. Berkeley; 21\u201321 May 2009."},{"key":"14_CR31","volume-title":"Investigative Data Mining for Security and Criminal Detection","author":"J Mena J","year":"2003","unstructured":"Mena J J: Investigative Data Mining for Security and Criminal Detection. Butterworth-Heinemann Limited; 2003. http:\/\/books.google.ch\/books?id=WbSNpYHoNWMC"},{"issue":"12","key":"14_CR32","doi-asserted-by":"publisher","first-page":"886","DOI":"10.1109\/32.553637","volume":"22","author":"N Ohlsson","year":"1996","unstructured":"Ohlsson N, Alberg H: Predicting fault-prone software modules in telephone switches. IEEE Trans. Softw. Eng 1996, 22(12):886-894. http:\/\/dx.doi.org\/10.1109\/32.553637 10.1109\/32.553637","journal-title":"IEEE Trans. Softw. Eng"},{"key":"14_CR33","doi-asserted-by":"publisher","first-page":"897","DOI":"10.1109\/TSE.2005.112","volume":"31","author":"T Gyim\u00f3thy","year":"2005","unstructured":"Gyim\u00f3thy T, Ferenc R, Siket I: Empirical validation of object-oriented metrics on open source software for fault prediction. IEEE Trans. Softw. Eng 2005, 31: 897-910.","journal-title":"IEEE Trans. Softw. Eng"},{"key":"14_CR34","doi-asserted-by":"publisher","first-page":"529","DOI":"10.1145\/1315245.1315311","volume-title":"Proceedings of the 14th ACM Conference on Computer and Communications Security","author":"S Neuhaus","year":"2007","unstructured":"Neuhaus S, Zimmermann T, Holler C, Zeller A: Predicting vulnerable software components. In Proceedings of the 14th ACM Conference on Computer and Communications Security. New York: ACM; 2007:529-540."},{"key":"14_CR35","doi-asserted-by":"publisher","first-page":"452","DOI":"10.1145\/1134285.1134349","volume-title":"Proceedings of the 28th International Conference on Software Engineering, ICSE \u201906","author":"N Nagappan","year":"2006","unstructured":"Nagappan N, Ball T, Zeller A: Mining metrics to predict component failures. In Proceedings of the 28th International Conference on Software Engineering, ICSE \u201906. New York: ACM; 2006:452-461. http:\/\/doi.acm.org\/10.1145\/1134285.1134349"},{"key":"14_CR36","volume-title":"Proceedings of the Third International Workshop on Predictor Models in Software Engineering","author":"T Zimmermann","year":"2007","unstructured":"Zimmermann T, Premraj R, Zeller A: Predicting defects for eclipse. In Proceedings of the Third International Workshop on Predictor Models in Software Engineering. Washington; 20\u201326 May 2007."}],"container-title":["EURASIP Journal on Information Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/article\/10.1186\/1687-417X-2013-7\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1186\/1687-417X-2013-7.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1186\/1687-417X-2013-7.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,8,5]],"date-time":"2019-08-05T01:14:56Z","timestamp":1564967696000},"score":1,"resource":{"primary":{"URL":"https:\/\/jis-eurasipjournals.springeropen.com\/articles\/10.1186\/1687-417X-2013-7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2013,12]]},"references-count":36,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2013,12]]}},"alternative-id":["14"],"URL":"https:\/\/doi.org\/10.1186\/1687-417x-2013-7","relation":{},"ISSN":["1687-417X"],"issn-type":[{"type":"electronic","value":"1687-417X"}],"subject":[],"published":{"date-parts":[[2013,12]]},"article-number":"7"}}