乐胖代购免代理版

{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,19]],"date-time":"2024-09-19T15:15:10Z","timestamp":1726758910273},"reference-count":49,"publisher":"Elsevier BV","issue":"4","license":[{"start":{"date-parts":[[2009,10,1]],"date-time":"2009-10-01T00:00:00Z","timestamp":1254355200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/tdm\/userlicense\/1.0\/"}],"funder":[{"DOI":"10.13039\/501100003407","name":"Ministero dell\u2019Istruzione, dell\u2019Universit\u00e0 e della Ricerca","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100003407","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Information Fusion"],"published-print":{"date-parts":[[2009,10]]},"DOI":"10.1016\/j.inffus.2009.01.004","type":"journal-article","created":{"date-parts":[[2009,2,7]],"date-time":"2009-02-07T11:10:31Z","timestamp":1234005031000},"page":"300-311","source":"Crossref","is-referenced-by-count":28,"title":["Reducing false positives in anomaly detectors through fuzzy alert aggregation"],"prefix":"10.1016","volume":"10","author":[{"given":"Federico","family":"Maggi","sequence":"first","affiliation":[]},{"given":"Matteo","family":"Matteucci","sequence":"additional","affiliation":[]},{"given":"Stefano","family":"Zanero","sequence":"additional","affiliation":[]}],"member":"78","reference":[{"key":"10.1016\/j.inffus.2009.01.004_bib1","unstructured":"S. Zanero, Detecting 0-day attacks with learning intrusion detection systems, in: Blackhat USA, Briefings, 2004."},{"key":"10.1016\/j.inffus.2009.01.004_bib2","unstructured":"T.H. Ptacek, T.N. Newsham, Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection, Technical Report T2R-0Y6, Secure Networks, Calgary, Canada, 1998."},{"key":"10.1016\/j.inffus.2009.01.004_bib3","doi-asserted-by":"crossref","unstructured":"G. Vigna, W. Robertson, D. Balzarotti, Testing network-based intrusion detection signatures using mutant exploits, in: Proceedings of the ACM Conference on Computer and Communication Security (ACM CCS), Washington, DC, 2004, pp. 21\u201330.","DOI":"10.1145\/1030083.1030088"},{"issue":"2","key":"10.1016\/j.inffus.2009.01.004_bib4","doi-asserted-by":"crossref","first-page":"222","DOI":"10.1109\/TSE.1987.232894","article-title":"An intrusion-detection model","volume":"13","author":"Denning","year":"1987","journal-title":"IEEE Trans. Software Eng. SE"},{"key":"10.1016\/j.inffus.2009.01.004_bib5","unstructured":"J.P. Anderson, Computer Security Threat Monitoring and Surveillance, Technical Report, J.P. Anderson Co., Ft. Washington, Pennsylvania, April 1980."},{"issue":"3","key":"10.1016\/j.inffus.2009.01.004_bib6","doi-asserted-by":"crossref","first-page":"146","DOI":"10.1109\/TDSC.2004.21","article-title":"A comprehensive approach to intrusion detection alert correlation","volume":"1","author":"Valeur","year":"2004","journal-title":"IEEE Trans. Dependable Secur. Comput."},{"key":"10.1016\/j.inffus.2009.01.004_bib7","series-title":"Fuzzy Measure Theory","author":"Wang","year":"1993"},{"key":"10.1016\/j.inffus.2009.01.004_bib8","series-title":"Fuzzy Sets Uncertainty and Information","author":"Klir","year":"1987"},{"key":"10.1016\/j.inffus.2009.01.004_bib9","series-title":"Intrusion Detection","author":"Bace","year":"2000"},{"key":"10.1016\/j.inffus.2009.01.004_bib10","unstructured":"S. Eckmann, G. Vigna, R. Kemmerer, STATL: an attack language for state-based intrusion detection, in: Proceedings of the ACM Workshop on Intrusion Detection, Athens, 2000."},{"key":"10.1016\/j.inffus.2009.01.004_bib11","doi-asserted-by":"crossref","unstructured":"S.J. Templeton, K. Levitt, A requires\/provides model for computer attacks, in: NSPW\u201900: Proceedings of the 2000 Workshop on New Security Paradigms, ACM Press, New York, NY, USA, 2000, pp. 31\u201338.","DOI":"10.1145\/366173.366187"},{"key":"10.1016\/j.inffus.2009.01.004_bib12","unstructured":"F. Cuppens, A. MiTge, Alert correlation in a cooperative intrusion detection framework, in: SP\u201902: Proceedings of the 2002 IEEE Symposium on Security and Privacy, IEEE Computer Society, Washington, DC, USA, 2002, p. 202."},{"issue":"2","key":"10.1016\/j.inffus.2009.01.004_bib13","doi-asserted-by":"crossref","first-page":"274","DOI":"10.1145\/996943.996947","article-title":"Techniques and tools for analyzing intrusion alerts","volume":"7","author":"Ning","year":"2004","journal-title":"ACM Trans. Inf Syst. Secur."},{"key":"10.1016\/j.inffus.2009.01.004_bib14","unstructured":"P.A. Porras, P.G. Neumann, EMERALD: event monitoring enabling responses to anomalous live disturbances, in: Proceedings of the 20th NIST-NCSC National Information Systems Security Conference, 1997, pp. 353\u2013365."},{"key":"10.1016\/j.inffus.2009.01.004_bib15","doi-asserted-by":"crossref","unstructured":"A. Valdes, K. Skinner, Probabilistic alert correlation, in: RAID\u201900: Proceedings of the Fourth International Symposium on Recent Advances in Intrusion Detection, Springer-Verlag, London, UK, 2001, pp. 54\u201368.","DOI":"10.1007\/3-540-45474-8_4"},{"key":"10.1016\/j.inffus.2009.01.004_bib16","doi-asserted-by":"crossref","unstructured":"J. Viinikka, H. Debar, L. M\u00e9, R. S\u00e9guier, Time series modeling for IDS alert management, in: ASIACCS\u201906: Proceedings of the 2006 ACM Symposium on Information, Computer and Communications Security, ACM Press, New York, NY, USA, 2006, pp. 102\u2013113.","DOI":"10.1145\/1128817.1128835"},{"key":"10.1016\/j.inffus.2009.01.004_bib17","doi-asserted-by":"crossref","unstructured":"X. Qin, W. Lee, Statistical causality analysis of infosec alert data, in: RAID, 2003, pp. 73\u201393.","DOI":"10.1007\/978-3-540-45248-5_5"},{"key":"10.1016\/j.inffus.2009.01.004_bib18","doi-asserted-by":"crossref","first-page":"424","DOI":"10.2307\/1912791","article-title":"Investigating causal relations by econometric methods and cross-spectral methods","volume":"34","author":"Granger","year":"1969","journal-title":"Econometrica"},{"key":"10.1016\/j.inffus.2009.01.004_bib19","doi-asserted-by":"crossref","unstructured":"F. Maggi, S. Zanero, On the use of different statistical tests for alert correlation \u2013 short paper, in: C. Kr\u00fcgel, R. Lippmann, A. Clark (Eds.), RAID, Lecture Notes in Computer Science, vol. 4637, Springer, 2007, pp. 167\u2013177.","DOI":"10.1007\/978-3-540-74320-0_9"},{"key":"10.1016\/j.inffus.2009.01.004_bib20","doi-asserted-by":"crossref","unstructured":"K. Julisch, M. Dacier, Mining intrusion detection alarms for actionable knowledge, in: KDD\u201902: Proceedings of the Eighth ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, ACM Press, New York, NY, USA, 2002, pp. 366\u2013375.","DOI":"10.1145\/775047.775101"},{"key":"10.1016\/j.inffus.2009.01.004_bib21","doi-asserted-by":"crossref","unstructured":"O. Dain, R. Cunningham, Fusing heterogeneous alert streams into scenarios, in: Proceedings of the ACM Workshop on Data Mining for Security Applications, 2001, pp. 1\u201313.","DOI":"10.1007\/978-1-4615-0953-0_5"},{"key":"10.1016\/j.inffus.2009.01.004_bib22","doi-asserted-by":"crossref","unstructured":"H. Debar, A. Wespi, Aggregation and correlation of intrusion-detection alerts, in: RAID\u201900: Proceedings of the Fourth International Symposium on Recent Advances in Intrusion Detection, Springer-Verlag, London, UK, 2001, pp. 85\u2013103.","DOI":"10.1007\/3-540-45474-8_6"},{"key":"10.1016\/j.inffus.2009.01.004_bib23","first-page":"35","article-title":"A mission-impact-based approach to infosec alarm correlation","volume":"2516\/2002","author":"Porras","year":"2002","journal-title":"Lecture Notes in Computer Science"},{"key":"10.1016\/j.inffus.2009.01.004_bib24","series-title":"Computer-based medical consultations: MYCIN","author":"Shortliffe","year":"1976"},{"key":"10.1016\/j.inffus.2009.01.004_bib25","doi-asserted-by":"crossref","unstructured":"H. Debar, D. Curry, B. Feinstein, The Intrusion Detection Message Exchange Format, Technical Report, France Telecom and Guardian and TNT, March 2006.","DOI":"10.17487\/rfc4765"},{"key":"10.1016\/j.inffus.2009.01.004_bib26","unstructured":"Snort, 2006. ."},{"key":"10.1016\/j.inffus.2009.01.004_bib27","doi-asserted-by":"crossref","unstructured":"D.L. Mills, Rfc1305: Network Time Protocol (version 3), 1992. .","DOI":"10.17487\/rfc1361"},{"issue":"1","key":"10.1016\/j.inffus.2009.01.004_bib28","doi-asserted-by":"crossref","first-page":"46","DOI":"10.1109\/MSECP.2003.1176995","article-title":"Validation of sensor alert correlators","volume":"01","author":"Haines","year":"2003","journal-title":"IEEE Security and Privacy"},{"key":"10.1016\/j.inffus.2009.01.004_bib29","doi-asserted-by":"crossref","unstructured":"S. Zanero, S.M. Savaresi, Unsupervised learning techniques for an intrusion detection system, in: Proceedings of the 2004 ACM Symposium on Applied Computing, ACM Press, 2004, pp. 412\u2013419.","DOI":"10.1145\/967900.967988"},{"key":"10.1016\/j.inffus.2009.01.004_bib30","doi-asserted-by":"crossref","unstructured":"S. Zanero, Analyzing tcp traffic patterns using self organizing maps, in: F. Roli, S. Vitulano (Eds.), Proceedings of the 13th International Conference on Image Analysis and Processing \u2013 ICIAP 2005, Lecture Notes in Computer Science, vol. 3617, Springer, Cagliari, Italy, 2005, pp. 83\u201390.","DOI":"10.1007\/11553595_10"},{"key":"10.1016\/j.inffus.2009.01.004_bib31","unstructured":"S. Zanero, Improving self organizing map performance for network intrusion detection, in: SDM 2005 Workshop on \u201cClustering High Dimensional Data and its Applications\u201d, 2005."},{"key":"10.1016\/j.inffus.2009.01.004_bib32","unstructured":"S. Zanero, Unsupervised Learning Algorithms for Intrusion Detection, Ph.D. Thesis, Politecnico di Milano T.U., Milano, Italy, May 2006."},{"key":"10.1016\/j.inffus.2009.01.004_bib33","unstructured":"M. Mahoney, P. Chan, Detecting Novel Attacks by Identifying Anomalous Network Packet Headers, Technical Report CS-2001-2, Florida Institute of Technology, 2001."},{"key":"10.1016\/j.inffus.2009.01.004_bib34","unstructured":"C. Chow, Parzen-Window network intrusion detectors, in: ICPR\u201902: Proceedings of the 16th International Conference on Pattern Recognition (ICPR\u201902), IEEE Computer Society, vol. 4, Washington, DC, USA, 2002, pp. 385\u2013388."},{"key":"10.1016\/j.inffus.2009.01.004_bib35","unstructured":"K. Labib, R. Vemuri, NSOM: a real-time network-based intrusion detection system using self-organizing maps, Technical Report, Department of Applied Science, University of California, Davis, 2002."},{"key":"10.1016\/j.inffus.2009.01.004_bib36","unstructured":"M.V. Mahoney, P.K. Chan, A machine learning approach to detecting attacks by identifying anomalies in network traffic, Technical Report CS-2002-08, Florida Institute of Technology, 2002."},{"key":"10.1016\/j.inffus.2009.01.004_bib37","doi-asserted-by":"crossref","unstructured":"M.V. Mahoney, Network traffic anomaly detection based on packet bytes, in: Proceedings of the 19th Annual ACM Symposium on Applied Computing, 2003.","DOI":"10.1145\/952532.952601"},{"key":"10.1016\/j.inffus.2009.01.004_bib38","series-title":"Self-Organizing Maps","author":"Kohonen","year":"2001"},{"issue":"3","key":"10.1016\/j.inffus.2009.01.004_bib39","doi-asserted-by":"crossref","first-page":"275","DOI":"10.1023\/B:DAMI.0000023676.72185.7c","article-title":"On-line unsupervised outlier detection using finite mixtures with discounting learning algorithms","volume":"8","author":"Yamanishi","year":"2004","journal-title":"Data Min. Knowledge Discov."},{"issue":"3","key":"10.1016\/j.inffus.2009.01.004_bib40","doi-asserted-by":"crossref","first-page":"275","DOI":"10.1023\/B:DAMI.0000023676.72185.7c","article-title":"Online unsupervised outlier detection using finite mixtures with discounting learning algorithms","volume":"8","author":"Yamanishi","year":"2004","journal-title":"Knowledge Discov. Data Min."},{"key":"10.1016\/j.inffus.2009.01.004_bib41","doi-asserted-by":"crossref","unstructured":"K. Wang, S.J. Stolfo, Anomalous payload-based network intrusion detection, in: RAID Symposium, 2004.","DOI":"10.1007\/978-3-540-30143-1_11"},{"key":"10.1016\/j.inffus.2009.01.004_bib42","unstructured":"F. Maggi, M. Matteucci, S. Zanero, Detecting intrusions through system call sequence and argument analysis, IEEE Transactions on Dependable and Secure Computing, accepted for publication."},{"key":"10.1016\/j.inffus.2009.01.004_bib43","doi-asserted-by":"crossref","unstructured":"C. Kruegel, D. Mutz, F. Valeur, G. Vigna, On the detection of anomalous system call arguments, in: Proceedings of the 2003 European Symposium on Research in Computer Security, Gj\u00f8vik, Norway, 2003.","DOI":"10.1007\/978-3-540-39650-5_19"},{"key":"10.1016\/j.inffus.2009.01.004_bib44","unstructured":"R.N.M. Watson, W. Salamon, The FreeBSD audit system, in: UKUUG LISA Conference, Durham, UK, 2006."},{"key":"10.1016\/j.inffus.2009.01.004_bib45","unstructured":"M. Zissman, Darpa intrusion detection evaluation, 1999. ."},{"key":"10.1016\/j.inffus.2009.01.004_bib46","unstructured":"B. Potter, The Shmoo Group Capture the CTF project, 2006. ."},{"key":"10.1016\/j.inffus.2009.01.004_bib47","doi-asserted-by":"crossref","unstructured":"R. Lippmann, J.W. Haines, D.J. Fried, J. Korba, K. Das, Analysis and results of the 1999 DARPA off-line intrusion detection evaluation, in: Proceedings of the Third International Workshop on Recent Advances in Intrusion Detection, Springer-Verlag, London, UK, 2000, pp. 162\u2013182.","DOI":"10.1007\/3-540-39945-3_11"},{"issue":"4","key":"10.1016\/j.inffus.2009.01.004_bib48","doi-asserted-by":"crossref","first-page":"262","DOI":"10.1145\/382912.382923","article-title":"Testing intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln laboratory","volume":"3","author":"McHugh","year":"2000","journal-title":"ACM Trans. Inf. Syst. Secur."},{"key":"10.1016\/j.inffus.2009.01.004_bib49","doi-asserted-by":"crossref","unstructured":"M.V. Mahoney, P.K. Chan, An analysis of the 1999 DARPA\/Lincoln laboratory evaluation data for network anomaly detection, in: Proceedings of the Sixth International Symposium on Recent Advances in Intrusion Detection (RAID 2003), Pittsburgh, PA, USA, 2003, pp. 220\u2013237.","DOI":"10.1007\/978-3-540-45248-5_13"}],"container-title":["Information Fusion"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S156625350900013X?httpAccept=text\/xml","content-type":"text\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S156625350900013X?httpAccept=text\/plain","content-type":"text\/plain","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2022,7,13]],"date-time":"2022-07-13T22:50:29Z","timestamp":1657752629000},"score":1,"resource":{"primary":{"URL":"https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/S156625350900013X"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2009,10]]},"references-count":49,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2009,10]]}},"alternative-id":["S156625350900013X"],"URL":"https:\/\/doi.org\/10.1016\/j.inffus.2009.01.004","relation":{},"ISSN":["1566-2535"],"issn-type":[{"value":"1566-2535","type":"print"}],"subject":[],"published":{"date-parts":[[2009,10]]}}}