乐胖代购免代理版

{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,6,18]],"date-time":"2024-06-18T19:21:21Z","timestamp":1718738481096},"reference-count":41,"publisher":"Wiley","issue":"6","license":[{"start":{"date-parts":[[2009,3,23]],"date-time":"2009-03-23T00:00:00Z","timestamp":1237766400000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/onlinelibrary.wiley.com\/termsAndConditions#vor"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Security Comm Networks"],"published-print":{"date-parts":[[2009,11]]},"abstract":"Abstract<\/jats:title>Computer security is a growing problem. Over the last years, the number and variety of security attacks in IP\u2010 based network infrastructures have increasingly grown, leading to the need of developing new security architectures. In this scenario, the use of intrusion detection systems (IDSs) has emerged as a key element, since it permits to tackle security threats by masquerader, misfeasor, and clandestine users. In this paper, we address the problem considering some new statistical techniques for detecting network anomalies. In more detail, the paper discusses the use of several statistical models to characterize the normal behavior of the network traffic running over TCP, so that anomalies can be revealed as significant deviations from such behavior. Namely, our proposal is based on the use of Markov chains, co\u2010 occurrence matrices, and compression algorithms, for modeling the TCP connections, in terms of statistical analysis of some of the packet header fields. The performance analysis, presented in this paper, demonstrates the effectiveness of the proposed methods. Copyright \u00a9 2009 John Wiley & Sons, Ltd.<\/jats:p>","DOI":"10.1002\/sec.104","type":"journal-article","created":{"date-parts":[[2009,3,23]],"date-time":"2009-03-23T10:25:55Z","timestamp":1237803955000},"page":"611-634","source":"Crossref","is-referenced-by-count":9,"title":["New statistical approaches for anomaly detection"],"prefix":"10.1002","volume":"2","author":[{"given":"Christian","family":"Callegari","sequence":"first","affiliation":[]},{"given":"Stefano","family":"Giordano","sequence":"additional","affiliation":[]},{"given":"Michele","family":"Pagano","sequence":"additional","affiliation":[]}],"member":"311","published-online":{"date-parts":[[2009,3,23]]},"reference":[{"key":"e_1_2_1_2_2","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.1987.232894"},{"key":"e_1_2_1_3_2","doi-asserted-by":"publisher","DOI":"10.1109\/TR.2004.823851"},{"key":"e_1_2_1_4_2","unstructured":"JuW\u2010H VardiY.A hybrid high\u2010order Markov chain model for computer intrusion detection.Technical Report 92 NISS 1999."},{"key":"e_1_2_1_5_2","unstructured":"SchonlauM DuMouchelW JuW\u2010H KarrA TheusM VardiY.Computer intrusion: detecting masquerades.Technical Report 95 NISS 1999."},{"key":"e_1_2_1_6_2","doi-asserted-by":"publisher","DOI":"10.1002\/qre.478"},{"key":"e_1_2_1_7_2","unstructured":"TurkM PentlandA.Face recognition using eigenfaces. InProceedings of IEEE Computer Society Conference on Computer Vision and Pattern Recognition (CVPR) 1991."},{"key":"e_1_2_1_8_2","doi-asserted-by":"publisher","DOI":"10.1162\/jocn.1991.3.1.71"},{"key":"e_1_2_1_9_2","doi-asserted-by":"crossref","unstructured":"PentlandA MoghaddamB StarnerT.View\u2010based and modular eigenspaces for face recognition. InProceedings of IEEE Computer Society Conference on Computer Vision and Pattern Recognition (CVPR) 1994.","DOI":"10.1109\/CVPR.1994.323814"},{"key":"e_1_2_1_10_2","doi-asserted-by":"crossref","unstructured":"OkaM OyamaY AbeH KatoK.Anomaly detection using layered networks based on eigen co\u2010occurrence matrix. InProceedings of the International Symposium on Recent Advances in Intrusion Detection (RAID) 2004;223\u2013237.","DOI":"10.1007\/978-3-540-30143-1_12"},{"key":"e_1_2_1_11_2","unstructured":"OkaM OyamaY KatoK.Eigen co\u2010occurrence matrix method for masquerade detection. InProceedings of the 7th JSSST SIGSYS Workshop on Systems for Programming and Applications (SPA) 2004."},{"key":"e_1_2_1_12_2","doi-asserted-by":"publisher","DOI":"10.1103\/PhysRevLett.88.048702"},{"key":"e_1_2_1_13_2","unstructured":"PuglisiA.Data compression and learning in time sequences analysis.2002."},{"key":"e_1_2_1_14_2","doi-asserted-by":"crossref","unstructured":"WagnerD SotoP.Mimicry attacks on host based intrusion detection systems. InProceedings of Ninth ACM Conference on Computer and Communications Security 2002.","DOI":"10.1145\/586110.586145"},{"key":"e_1_2_1_15_2","unstructured":"pcap(format) http:\/\/imdc.datcat.org\/format\/1\u2010002W\u2010D=pcap(accessed on 28 June2008)."},{"key":"e_1_2_1_16_2","unstructured":"Tcpdump http:\/\/www.tcpdump.org\/(accessed on 28 June2008)."},{"key":"e_1_2_1_17_2","unstructured":"Wireshark http:\/\/www.wireshark.org\/\/(accessed on 28 June2008)."},{"key":"e_1_2_1_18_2","volume-title":"Wireshark & Ethereal Network Protocol Analyzer Toolkit (Jay Beale's Open Source Security)","author":"Orebaugh A","year":"2006"},{"key":"e_1_2_1_19_2","doi-asserted-by":"publisher","DOI":"10.17487\/rfc0793"},{"key":"e_1_2_1_20_2","unstructured":"CallegariC VatonS PaganoM.A new statistical approach to network anomaly detection. InProceedings of the International Symposium on Performance Evaluation of Computer and Telecommunication Systems (SPECTS) 2008."},{"key":"e_1_2_1_21_2","doi-asserted-by":"crossref","unstructured":"DahmouniH VatonS Ross\u00e9D.A markovian signature\u2010based approach to ip traffic classification. InMineNet'07: Proceedings of the 3rd Annual ACM Workshop on Mining Network Data New York NY USA ACM 2007;29\u201334.","DOI":"10.1145\/1269880.1269889"},{"key":"e_1_2_1_22_2","first-page":"528","article-title":"A model for high\u2010order markov chains","volume":"47","author":"Raftery A","year":"1985","journal-title":"Journal of the Royal Statistical Society, series B"},{"key":"e_1_2_1_23_2","doi-asserted-by":"publisher","DOI":"10.2307\/2986120"},{"key":"e_1_2_1_24_2","first-page":"569","article-title":"From image deblurring to optimal investments: Maximum likelihood solutions for positive linear inverse problem","volume":"55","author":"Vardi Y","year":"1993","journal-title":"Journal of the Royal Statistical Society, series B"},{"key":"e_1_2_1_25_2","doi-asserted-by":"publisher","DOI":"10.1007\/BF01189476"},{"key":"e_1_2_1_26_2","volume-title":"Introduction to the Theory of Statistics","author":"Mood A","year":"1974"},{"key":"e_1_2_1_27_2","doi-asserted-by":"publisher","DOI":"10.1109\/TSMC.1973.4309314"},{"key":"e_1_2_1_28_2","unstructured":"WalkerR JackwayP LongstaffD.Recent developments in the use of the co\u2010occurrence matrix for texture recognition. InProceedings of the 13th International Conference on Digital Signal Processing (ICDSP) 1997."},{"key":"e_1_2_1_29_2","volume-title":"Elements of Information Theory","author":"Cover T","year":"2006"},{"key":"e_1_2_1_30_2","volume-title":"Information Theory and Reliable Communication","author":"Gallager R","year":"1968"},{"key":"e_1_2_1_31_2","doi-asserted-by":"publisher","DOI":"10.1002\/j.1538-7305.1948.tb01338.x"},{"key":"e_1_2_1_32_2","volume-title":"A Mathematical Theory of Communication","author":"Shannon C","year":"1963"},{"key":"e_1_2_1_33_2","doi-asserted-by":"crossref","unstructured":"HuffmanD.A method for the construction of minimum\u2010redundancy codes. InProceedings of the Institute of Radio Engineers vol. 40 no 9 1952.","DOI":"10.1109\/JRPROC.1952.273898"},{"key":"e_1_2_1_34_2","doi-asserted-by":"publisher","DOI":"10.1093\/comjnl\/30.6.541"},{"key":"e_1_2_1_35_2","doi-asserted-by":"publisher","DOI":"10.1145\/214762.214771"},{"key":"e_1_2_1_36_2","doi-asserted-by":"publisher","DOI":"10.1147\/rd.232.0149"},{"issue":"6","key":"e_1_2_1_37_2","doi-asserted-by":"crossref","first-page":"8","DOI":"10.1109\/MC.1984.1659158","article-title":"A technique for high\u2010performance data compression","volume":"17","author":"Welch T","year":"1984","journal-title":"IEEE Computer Magazine"},{"key":"e_1_2_1_38_2","doi-asserted-by":"publisher","DOI":"10.1109\/TIT.1978.1055934"},{"key":"e_1_2_1_39_2","doi-asserted-by":"publisher","DOI":"10.1109\/TIT.1977.1055714"},{"key":"e_1_2_1_40_2","unstructured":"MIT Lincoln laboratory DARPA evaluation intrusion detection http:\/\/www.ll.mit.edu\/IST\/ideval\/(accessed on 28 June2008)."},{"key":"e_1_2_1_41_2","doi-asserted-by":"publisher","DOI":"10.1016\/S1389-1286(00)00139-0"},{"key":"e_1_2_1_42_2","unstructured":"HainesJ LippmannR FriedD TranE BoswellS ZissmanM.1999 DARPA intrusion detection system evaluation: design and procedures.Technical Report 1062 MIT Lincoln Laboratory 2001."}],"container-title":["Security and Communication Networks"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/api.wiley.com\/onlinelibrary\/tdm\/v1\/articles\/10.1002%2Fsec.104","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/onlinelibrary.wiley.com\/doi\/pdf\/10.1002\/sec.104","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,10,17]],"date-time":"2023-10-17T20:33:09Z","timestamp":1697574789000},"score":1,"resource":{"primary":{"URL":"https:\/\/onlinelibrary.wiley.com\/doi\/10.1002\/sec.104"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2009,3,23]]},"references-count":41,"journal-issue":{"issue":"6","published-print":{"date-parts":[[2009,11]]}},"alternative-id":["10.1002\/sec.104"],"URL":"https:\/\/doi.org\/10.1002\/sec.104","archive":["Portico"],"relation":{},"ISSN":["1939-0114","1939-0122"],"issn-type":[{"value":"1939-0114","type":"print"},{"value":"1939-0122","type":"electronic"}],"subject":[],"published":{"date-parts":[[2009,3,23]]}}}