Corpus
Istex
Racine
Corpus
Checkpoint
Istex
Racine
Istex
Exploration
Accueil
Racine
Racine

Serveur d'exploration sur la télématique

Attention, ce site est en cours de développement !
Attention, site généré par des moyens informatiques à partir de corpus bruts.
Les informations ne sont donc pas validées.

Hybrid Detection of Application Layer Attacks Using Markov Models for Normality and Attacks

Identifieur interne : 005C20 ( Istex/Corpus ); précédent : 005C19; suivant : 005C21

Hybrid Detection of Application Layer Attacks Using Markov Models for Normality and Attacks

Auteurs : Rolando Salazar-Hernández ; Jesús E. Díaz-Verdejo

Source :

RBID : ISTEX:822F38610A97D7AE36BBE901C8DD38FF8225B5B1

Abstract

Abstract: Previous works has shown that Markov modelling can be used to model the payloads of the observed packets from a selected protocol with applications to anomaly-based intrusion detection. The detection is made based on a normality score derived from the model and a tunable threshold, which allows the choice of the operating point in terms of detection and false positive rates. In this work a hybrid system is proposed and evaluated based on this approach. The detection is made by explicit modelling of both the attack and the normal payloads and the joint use of a recognizer and a threshold based detector. First, the recognizer evaluates the probabilities of a payload being normal or attack and a probability of missclassification. The dubious results are passed through the detector, which evaluates the normality score. The system allows the choice of the operating point and improves the performance of the basic system.

Url:
DOI: 10.1007/978-3-642-17650-0_29

Links to Exploration step

ISTEX:822F38610A97D7AE36BBE901C8DD38FF8225B5B1

Le document en format XML

<record>
<TEI wicri:istexFullTextTei="biblStruct">
<teiHeader>
<fileDesc>
<titleStmt>
<title xml:lang="en">Hybrid Detection of Application Layer Attacks Using Markov Models for Normality and Attacks</title>
<author>
<name sortKey="Salazar Hernandez, Rolando" sort="Salazar Hernandez, Rolando" uniqKey="Salazar Hernandez R" first="Rolando" last="Salazar-Hernández">Rolando Salazar-Hernández</name>
<affiliation>
<mods:affiliation>CTIC - Dpt. of Signal Theory, Telematics and Communications, University of Granada, Spain</mods:affiliation>
</affiliation>
<affiliation>
<mods:affiliation>E-mail: rsalaza@correo.ugr.es</mods:affiliation>
</affiliation>
</author>
<author>
<name sortKey="Diaz Verdejo, Jesus E" sort="Diaz Verdejo, Jesus E" uniqKey="Diaz Verdejo J" first="Jesús E." last="Díaz-Verdejo">Jesús E. Díaz-Verdejo</name>
<affiliation>
<mods:affiliation>CTIC - Dpt. of Signal Theory, Telematics and Communications, University of Granada, Spain</mods:affiliation>
</affiliation>
<affiliation>
<mods:affiliation>E-mail: jedv@ugr.es</mods:affiliation>
</affiliation>
</author>
</titleStmt>
<publicationStmt>
<idno type="wicri:source">ISTEX</idno>
<idno type="RBID">ISTEX:822F38610A97D7AE36BBE901C8DD38FF8225B5B1</idno>
<date when="2010" year="2010">2010</date>
<idno type="doi">10.1007/978-3-642-17650-0_29</idno>
<idno type="url">https://api.istex.fr/document/822F38610A97D7AE36BBE901C8DD38FF8225B5B1/fulltext/pdf</idno>
<idno type="wicri:Area/Istex/Corpus">005C20</idno>
<idno type="wicri:explorRef" wicri:stream="Istex" wicri:step="Corpus" wicri:corpus="ISTEX">005C20</idno>
</publicationStmt>
<sourceDesc>
<biblStruct>
<analytic>
<title level="a" type="main" xml:lang="en">Hybrid Detection of Application Layer Attacks Using Markov Models for Normality and Attacks</title>
<author>
<name sortKey="Salazar Hernandez, Rolando" sort="Salazar Hernandez, Rolando" uniqKey="Salazar Hernandez R" first="Rolando" last="Salazar-Hernández">Rolando Salazar-Hernández</name>
<affiliation>
<mods:affiliation>CTIC - Dpt. of Signal Theory, Telematics and Communications, University of Granada, Spain</mods:affiliation>
</affiliation>
<affiliation>
<mods:affiliation>E-mail: rsalaza@correo.ugr.es</mods:affiliation>
</affiliation>
</author>
<author>
<name sortKey="Diaz Verdejo, Jesus E" sort="Diaz Verdejo, Jesus E" uniqKey="Diaz Verdejo J" first="Jesús E." last="Díaz-Verdejo">Jesús E. Díaz-Verdejo</name>
<affiliation>
<mods:affiliation>CTIC - Dpt. of Signal Theory, Telematics and Communications, University of Granada, Spain</mods:affiliation>
</affiliation>
<affiliation>
<mods:affiliation>E-mail: jedv@ugr.es</mods:affiliation>
</affiliation>
</author>
</analytic>
<monogr></monogr>
<series>
<title level="s">Lecture Notes in Computer Science</title>
<imprint>
<date>2010</date>
</imprint>
<idno type="ISSN">0302-9743</idno>
<idno type="eISSN">1611-3349</idno>
<idno type="ISSN">0302-9743</idno>
</series>
<idno type="istex">822F38610A97D7AE36BBE901C8DD38FF8225B5B1</idno>
<idno type="DOI">10.1007/978-3-642-17650-0_29</idno>
<idno type="ChapterID">29</idno>
<idno type="ChapterID">Chap29</idno>
</biblStruct>
</sourceDesc>
<seriesStmt>
<idno type="ISSN">0302-9743</idno>
</seriesStmt>
</fileDesc>
<profileDesc>
<textClass></textClass>
<langUsage>
<language ident="en">en</language>
</langUsage>
</profileDesc>
</teiHeader>
<front>
<div type="abstract" xml:lang="en">Abstract: Previous works has shown that Markov modelling can be used to model the payloads of the observed packets from a selected protocol with applications to anomaly-based intrusion detection. The detection is made based on a normality score derived from the model and a tunable threshold, which allows the choice of the operating point in terms of detection and false positive rates. In this work a hybrid system is proposed and evaluated based on this approach. The detection is made by explicit modelling of both the attack and the normal payloads and the joint use of a recognizer and a threshold based detector. First, the recognizer evaluates the probabilities of a payload being normal or attack and a probability of missclassification. The dubious results are passed through the detector, which evaluates the normality score. The system allows the choice of the operating point and improves the performance of the basic system.</div>
</front>
</TEI>
<istex>
<corpusName>springer</corpusName>
<author>
<json:item>
<name>Rolando Salazar-Hernández</name>
<affiliations>
<json:string>CTIC - Dpt. of Signal Theory, Telematics and Communications, University of Granada, Spain</json:string>
<json:string>E-mail: rsalaza@correo.ugr.es</json:string>
</affiliations>
</json:item>
<json:item>
<name>Jesús E. Díaz-Verdejo</name>
<affiliations>
<json:string>CTIC - Dpt. of Signal Theory, Telematics and Communications, University of Granada, Spain</json:string>
<json:string>E-mail: jedv@ugr.es</json:string>
</affiliations>
</json:item>
</author>
<language>
<json:string>eng</json:string>
</language>
<abstract>Abstract: Previous works has shown that Markov modelling can be used to model the payloads of the observed packets from a selected protocol with applications to anomaly-based intrusion detection. The detection is made based on a normality score derived from the model and a tunable threshold, which allows the choice of the operating point in terms of detection and false positive rates. In this work a hybrid system is proposed and evaluated based on this approach. The detection is made by explicit modelling of both the attack and the normal payloads and the joint use of a recognizer and a threshold based detector. First, the recognizer evaluates the probabilities of a payload being normal or attack and a probability of missclassification. The dubious results are passed through the detector, which evaluates the normality score. The system allows the choice of the operating point and improves the performance of the basic system.</abstract>
<qualityIndicators>
<score>7.958</score>
<pdfVersion>1.6</pdfVersion>
<pdfPageSize>429.725 x 659.895 pts</pdfPageSize>
<refBibsNative>false</refBibsNative>
<keywordCount>0</keywordCount>
<abstractCharCount>938</abstractCharCount>
<pdfWordCount>4646</pdfWordCount>
<pdfCharCount>26906</pdfCharCount>
<pdfPageCount>14</pdfPageCount>
<abstractWordCount>151</abstractWordCount>
</qualityIndicators>
<title>Hybrid Detection of Application Layer Attacks Using Markov Models for Normality and Attacks</title>
<genre.original>
<json:string>OriginalPaper</json:string>
</genre.original>
<chapterId>
<json:string>29</json:string>
<json:string>Chap29</json:string>
</chapterId>
<genre>
<json:string>conference [eBooks]</json:string>
</genre>
<serie>
<editor>
<json:item>
<name>David Hutchison</name>
<affiliations>
<json:string>Lancaster University, Lancaster, UK</json:string>
</affiliations>
</json:item>
<json:item>
<name>Takeo Kanade</name>
<affiliations>
<json:string>Carnegie Mellon University, Pittsburgh, PA, USA</json:string>
</affiliations>
</json:item>
<json:item>
<name>Josef Kittler</name>
<affiliations>
<json:string>University of Surrey, Guildford, UK</json:string>
</affiliations>
</json:item>
<json:item>
<name>Jon M. Kleinberg</name>
<affiliations>
<json:string>Cornell University, Ithaca, NY, USA</json:string>
</affiliations>
</json:item>
<json:item>
<name>Friedemann Mattern</name>
<affiliations>
<json:string>ETH Zurich, Zurich, Switzerland</json:string>
</affiliations>
</json:item>
<json:item>
<name>John C. Mitchell</name>
<affiliations>
<json:string>Stanford University, Stanford, CA, USA</json:string>
</affiliations>
</json:item>
<json:item>
<name>Moni Naor</name>
<affiliations>
<json:string>Weizmann Institute of Science, Rehovot, Israel</json:string>
</affiliations>
</json:item>
<json:item>
<name>Oscar Nierstrasz</name>
<affiliations>
<json:string>University of Bern, Bern, Switzerland</json:string>
</affiliations>
</json:item>
<json:item>
<name>C. Pandu Rangan</name>
<affiliations>
<json:string>Indian Institute of Technology, Madras, India</json:string>
</affiliations>
</json:item>
<json:item>
<name>Bernhard Steffen</name>
<affiliations>
<json:string>University of Dortmund, Dortmund, Germany</json:string>
</affiliations>
</json:item>
<json:item>
<name>Madhu Sudan</name>
<affiliations>
<json:string>Massachusetts Institute of Technology, MA, USA</json:string>
</affiliations>
</json:item>
<json:item>
<name>Demetri Terzopoulos</name>
<affiliations>
<json:string>University of California, Los Angeles, CA, USA</json:string>
</affiliations>
</json:item>
<json:item>
<name>Doug Tygar</name>
<affiliations>
<json:string>University of California, Berkeley, CA, USA</json:string>
</affiliations>
</json:item>
<json:item>
<name>Moshe Y. Vardi</name>
<affiliations>
<json:string>Rice University, Houston, TX, USA</json:string>
</affiliations>
</json:item>
<json:item>
<name>Gerhard Weikum</name>
<affiliations>
<json:string>Max-Planck Institute of Computer Science, Saarbrücken, Germany</json:string>
</affiliations>
</json:item>
</editor>
<issn>
<json:string>0302-9743</json:string>
</issn>
<language>
<json:string>unknown</json:string>
</language>
<eissn>
<json:string>1611-3349</json:string>
</eissn>
<title>Lecture Notes in Computer Science</title>
<copyrightDate>2010</copyrightDate>
</serie>
<host>
<editor>
<json:item>
<name>Miguel Soriano</name>
<affiliations>
<json:string>Information Security Group, Universitat Politècnica de Catalunya, Campus Nord, Jordi Girona 1-3, 08034, Barcelona, Spain</json:string>
<json:string>E-mail: soriano@entel.upc.edu</json:string>
</affiliations>
</json:item>
<json:item>
<name>Sihan Qing</name>
<affiliations>
<json:string>Institute of Software, Chinese Academy of Sciences, 100080, Beijing, China</json:string>
<json:string>E-mail: qsihan@ss.pku.edu.cn</json:string>
</affiliations>
</json:item>
<json:item>
<name>Javier López</name>
<affiliations>
<json:string>III-LIDI(Instituto de Investigación en Informática LIDI) School of Computer Sciences, National University of La Plata, La Plata, Buenos Aires, Argentina</json:string>
<json:string>E-mail: jlm@lcc.uma.es</json:string>
</affiliations>
</json:item>
</editor>
<subject>
<json:item>
<value>Computer Science</value>
</json:item>
<json:item>
<value>Computer Science</value>
</json:item>
<json:item>
<value>Data Encryption</value>
</json:item>
<json:item>
<value>Data Structures, Cryptology and Information Theory</value>
</json:item>
<json:item>
<value>Coding and Information Theory</value>
</json:item>
<json:item>
<value>Systems and Data Security</value>
</json:item>
<json:item>
<value>Algorithm Analysis and Problem Complexity</value>
</json:item>
<json:item>
<value>Computer Communication Networks</value>
</json:item>
</subject>
<isbn>
<json:string>978-3-642-17649-4</json:string>
</isbn>
<language>
<json:string>unknown</json:string>
</language>
<eissn>
<json:string>1611-3349</json:string>
</eissn>
<title>Information and Communications Security</title>
<genre.original>
<json:string>Proceedings</json:string>
</genre.original>
<bookId>
<json:string>978-3-642-17650-0</json:string>
</bookId>
<volume>6476</volume>
<pages>
<last>429</last>
<first>416</first>
</pages>
<issn>
<json:string>0302-9743</json:string>
</issn>
<genre>
<json:string>Book Series</json:string>
</genre>
<eisbn>
<json:string>978-3-642-17650-0</json:string>
</eisbn>
<copyrightDate>2010</copyrightDate>
<doi>
<json:string>10.1007/978-3-642-17650-0</json:string>
</doi>
</host>
<publicationDate>2010</publicationDate>
<copyrightDate>2010</copyrightDate>
<doi>
<json:string>10.1007/978-3-642-17650-0_29</json:string>
</doi>
<id>822F38610A97D7AE36BBE901C8DD38FF8225B5B1</id>
<score>1</score>
<fulltext>
<json:item>
<original>true</original>
<mimetype>application/pdf</mimetype>
<extension>pdf</extension>
<uri>https://api.istex.fr/document/822F38610A97D7AE36BBE901C8DD38FF8225B5B1/fulltext/pdf</uri>
</json:item>
<json:item>
<original>false</original>
<mimetype>application/zip</mimetype>
<extension>zip</extension>
<uri>https://api.istex.fr/document/822F38610A97D7AE36BBE901C8DD38FF8225B5B1/fulltext/zip</uri>
</json:item>
<istex:fulltextTEI uri="https://api.istex.fr/document/822F38610A97D7AE36BBE901C8DD38FF8225B5B1/fulltext/tei">
<teiHeader>
<fileDesc>
<titleStmt>
<title level="a" type="main" xml:lang="en">Hybrid Detection of Application Layer Attacks Using Markov Models for Normality and Attacks</title>
<respStmt xml:id="ISTEX-API" resp="Références bibliographiques récupérées via GROBID" name="ISTEX-API (INIST-CNRS)"></respStmt>
</titleStmt>
<publicationStmt>
<authority>ISTEX</authority>
<publisher>Springer Berlin Heidelberg</publisher>
<pubPlace>Berlin, Heidelberg</pubPlace>
<availability>
<p>SPRINGER</p>
</availability>
<date>2010</date>
</publicationStmt>
<sourceDesc>
<biblStruct type="inbook">
<analytic>
<title level="a" type="main" xml:lang="en">Hybrid Detection of Application Layer Attacks Using Markov Models for Normality and Attacks</title>
<author>
<persName>
<forename type="first">Rolando</forename>
<surname>Salazar-Hernández</surname>
</persName>
<email>rsalaza@correo.ugr.es</email>
<affiliation>CTIC - Dpt. of Signal Theory, Telematics and Communications, University of Granada, Spain</affiliation>
</author>
<author>
<persName>
<forename type="first">Jesús</forename>
<surname>Díaz-Verdejo</surname>
</persName>
<email>jedv@ugr.es</email>
<affiliation>CTIC - Dpt. of Signal Theory, Telematics and Communications, University of Granada, Spain</affiliation>
</author>
</analytic>
<monogr>
<title level="m">Information and Communications Security</title>
<title level="m" type="sub">12th International Conference, ICICS 2010, Barcelona, Spain, December 15-17, 2010. Proceedings</title>
<idno type="pISBN">978-3-642-17649-4</idno>
<idno type="eISBN">978-3-642-17650-0</idno>
<idno type="pISSN">0302-9743</idno>
<idno type="eISSN">1611-3349</idno>
<idno type="DOI">10.1007/978-3-642-17650-0</idno>
<idno type="BookID">978-3-642-17650-0</idno>
<idno type="BookTitleID">215662</idno>
<idno type="BookSequenceNumber">6476</idno>
<idno type="BookVolumeNumber">6476</idno>
<idno type="BookChapterCount">32</idno>
<editor>
<persName>
<forename type="first">Miguel</forename>
<surname>Soriano</surname>
</persName>
<email>soriano@entel.upc.edu</email>
<affiliation>Information Security Group, Universitat Politècnica de Catalunya, Campus Nord, Jordi Girona 1-3, 08034, Barcelona, Spain</affiliation>
</editor>
<editor>
<persName>
<forename type="first">Sihan</forename>
<surname>Qing</surname>
</persName>
<email>qsihan@ss.pku.edu.cn</email>
<affiliation>Institute of Software, Chinese Academy of Sciences, 100080, Beijing, China</affiliation>
</editor>
<editor>
<persName>
<forename type="first">Javier</forename>
<surname>López</surname>
</persName>
<email>jlm@lcc.uma.es</email>
<affiliation>III-LIDI(Instituto de Investigación en Informática LIDI) School of Computer Sciences, National University of La Plata, La Plata, Buenos Aires, Argentina</affiliation>
</editor>
<imprint>
<publisher>Springer Berlin Heidelberg</publisher>
<pubPlace>Berlin, Heidelberg</pubPlace>
<date type="published" when="2010"></date>
<biblScope unit="volume">6476</biblScope>
<biblScope unit="page" from="416">416</biblScope>
<biblScope unit="page" to="429">429</biblScope>
</imprint>
</monogr>
<series>
<title level="s">Lecture Notes in Computer Science</title>
<editor>
<persName>
<forename type="first">David</forename>
<surname>Hutchison</surname>
</persName>
<affiliation>Lancaster University, Lancaster, UK</affiliation>
</editor>
<editor>
<persName>
<forename type="first">Takeo</forename>
<surname>Kanade</surname>
</persName>
<affiliation>Carnegie Mellon University, Pittsburgh, PA, USA</affiliation>
</editor>
<editor>
<persName>
<forename type="first">Josef</forename>
<surname>Kittler</surname>
</persName>
<affiliation>University of Surrey, Guildford, UK</affiliation>
</editor>
<editor>
<persName>
<forename type="first">Jon</forename>
<forename type="first">M.</forename>
<surname>Kleinberg</surname>
</persName>
<affiliation>Cornell University, Ithaca, NY, USA</affiliation>
</editor>
<editor>
<persName>
<forename type="first">Friedemann</forename>
<surname>Mattern</surname>
</persName>
<affiliation>ETH Zurich, Zurich, Switzerland</affiliation>
</editor>
<editor>
<persName>
<forename type="first">John</forename>
<forename type="first">C.</forename>
<surname>Mitchell</surname>
</persName>
<affiliation>Stanford University, Stanford, CA, USA</affiliation>
</editor>
<editor>
<persName>
<forename type="first">Moni</forename>
<surname>Naor</surname>
</persName>
<affiliation>Weizmann Institute of Science, Rehovot, Israel</affiliation>
</editor>
<editor>
<persName>
<forename type="first">Oscar</forename>
<surname>Nierstrasz</surname>
</persName>
<affiliation>University of Bern, Bern, Switzerland</affiliation>
</editor>
<editor>
<persName>
<forename type="first">C.</forename>
<surname>Pandu Rangan</surname>
</persName>
<affiliation>Indian Institute of Technology, Madras, India</affiliation>
</editor>
<editor>
<persName>
<forename type="first">Bernhard</forename>
<surname>Steffen</surname>
</persName>
<affiliation>University of Dortmund, Dortmund, Germany</affiliation>
</editor>
<editor>
<persName>
<forename type="first">Madhu</forename>
<surname>Sudan</surname>
</persName>
<affiliation>Massachusetts Institute of Technology, MA, USA</affiliation>
</editor>
<editor>
<persName>
<forename type="first">Demetri</forename>
<surname>Terzopoulos</surname>
</persName>
<affiliation>University of California, Los Angeles, CA, USA</affiliation>
</editor>
<editor>
<persName>
<forename type="first">Doug</forename>
<surname>Tygar</surname>
</persName>
<affiliation>University of California, Berkeley, CA, USA</affiliation>
</editor>
<editor>
<persName>
<forename type="first">Moshe</forename>
<forename type="first">Y.</forename>
<surname>Vardi</surname>
</persName>
<affiliation>Rice University, Houston, TX, USA</affiliation>
</editor>
<editor>
<persName>
<forename type="first">Gerhard</forename>
<surname>Weikum</surname>
</persName>
<affiliation>Max-Planck Institute of Computer Science, Saarbrücken, Germany</affiliation>
</editor>
<biblScope>
<date>2010</date>
</biblScope>
<idno type="pISSN">0302-9743</idno>
<idno type="eISSN">1611-3349</idno>
<idno type="seriesId">558</idno>
</series>
<idno type="istex">822F38610A97D7AE36BBE901C8DD38FF8225B5B1</idno>
<idno type="DOI">10.1007/978-3-642-17650-0_29</idno>
<idno type="ChapterID">29</idno>
<idno type="ChapterID">Chap29</idno>
</biblStruct>
</sourceDesc>
</fileDesc>
<profileDesc>
<creation>
<date>2010</date>
</creation>
<langUsage>
<language ident="en">en</language>
</langUsage>
<abstract xml:lang="en">
<p>Abstract: Previous works has shown that Markov modelling can be used to model the payloads of the observed packets from a selected protocol with applications to anomaly-based intrusion detection. The detection is made based on a normality score derived from the model and a tunable threshold, which allows the choice of the operating point in terms of detection and false positive rates. In this work a hybrid system is proposed and evaluated based on this approach. The detection is made by explicit modelling of both the attack and the normal payloads and the joint use of a recognizer and a threshold based detector. First, the recognizer evaluates the probabilities of a payload being normal or attack and a probability of missclassification. The dubious results are passed through the detector, which evaluates the normality score. The system allows the choice of the operating point and improves the performance of the basic system.</p>
</abstract>
<textClass>
<keywords scheme="Book Subject Collection">
<list>
<label>SUCO11645</label>
<item>
<term>Computer Science</term>
</item>
</list>
</keywords>
</textClass>
<textClass>
<keywords scheme="Book Subject Group">
<list>
<label>I</label>
<label>I15033</label>
<label>I15009</label>
<label>I15041</label>
<label>I14050</label>
<label>I16021</label>
<label>I13022</label>
<item>
<term>Computer Science</term>
</item>
<item>
<term>Data Encryption</term>
</item>
<item>
<term>Data Structures, Cryptology and Information Theory</term>
</item>
<item>
<term>Coding and Information Theory</term>
</item>
<item>
<term>Systems and Data Security</term>
</item>
<item>
<term>Algorithm Analysis and Problem Complexity</term>
</item>
<item>
<term>Computer Communication Networks</term>
</item>
</list>
</keywords>
</textClass>
</profileDesc>
<revisionDesc>
<change when="2010">Published</change>
<change xml:id="refBibs-istex" who="#ISTEX-API" when="2016-3-20">References added</change>
</revisionDesc>
</teiHeader>
</istex:fulltextTEI>
<json:item>
<original>false</original>
<mimetype>text/plain</mimetype>
<extension>txt</extension>
<uri>https://api.istex.fr/document/822F38610A97D7AE36BBE901C8DD38FF8225B5B1/fulltext/txt</uri>
</json:item>
</fulltext>
<metadata>
<istex:metadataXml wicri:clean="Springer, Publisher found" wicri:toSee="no header">
<istex:xmlDeclaration>version="1.0" encoding="UTF-8"</istex:xmlDeclaration>
<istex:docType PUBLIC="-//Springer-Verlag//DTD A++ V2.4//EN" URI="http://devel.springer.de/A++/V2.4/DTD/A++V2.4.dtd" name="istex:docType"></istex:docType>
<istex:document>
<Publisher>
<PublisherInfo>
<PublisherName>Springer Berlin Heidelberg</PublisherName>
<PublisherLocation>Berlin, Heidelberg</PublisherLocation>
</PublisherInfo>
<Series>
<SeriesInfo SeriesType="Series" TocLevels="0">
<SeriesID>558</SeriesID>
<SeriesPrintISSN>0302-9743</SeriesPrintISSN>
<SeriesElectronicISSN>1611-3349</SeriesElectronicISSN>
<SeriesTitle Language="En">Lecture Notes in Computer Science</SeriesTitle>
</SeriesInfo>
<SeriesHeader>
<EditorGroup>
<Editor AffiliationIDS="Aff1">
<EditorName DisplayOrder="Western">
<GivenName>David</GivenName>
<FamilyName>Hutchison</FamilyName>
</EditorName>
</Editor>
<Editor AffiliationIDS="Aff2">
<EditorName DisplayOrder="Western">
<GivenName>Takeo</GivenName>
<FamilyName>Kanade</FamilyName>
</EditorName>
</Editor>
<Editor AffiliationIDS="Aff3">
<EditorName DisplayOrder="Western">
<GivenName>Josef</GivenName>
<FamilyName>Kittler</FamilyName>
</EditorName>
</Editor>
<Editor AffiliationIDS="Aff4">
<EditorName DisplayOrder="Western">
<GivenName>Jon</GivenName>
<GivenName>M.</GivenName>
<FamilyName>Kleinberg</FamilyName>
</EditorName>
</Editor>
<Editor AffiliationIDS="Aff5">
<EditorName DisplayOrder="Western">
<GivenName>Friedemann</GivenName>
<FamilyName>Mattern</FamilyName>
</EditorName>
</Editor>
<Editor AffiliationIDS="Aff6">
<EditorName DisplayOrder="Western">
<GivenName>John</GivenName>
<GivenName>C.</GivenName>
<FamilyName>Mitchell</FamilyName>
</EditorName>
</Editor>
<Editor AffiliationIDS="Aff7">
<EditorName DisplayOrder="Western">
<GivenName>Moni</GivenName>
<FamilyName>Naor</FamilyName>
</EditorName>
</Editor>
<Editor AffiliationIDS="Aff8">
<EditorName DisplayOrder="Western">
<GivenName>Oscar</GivenName>
<FamilyName>Nierstrasz</FamilyName>
</EditorName>
</Editor>
<Editor AffiliationIDS="Aff9">
<EditorName DisplayOrder="Western">
<GivenName>C.</GivenName>
<FamilyName>Pandu Rangan</FamilyName>
</EditorName>
</Editor>
<Editor AffiliationIDS="Aff10">
<EditorName DisplayOrder="Western">
<GivenName>Bernhard</GivenName>
<FamilyName>Steffen</FamilyName>
</EditorName>
</Editor>
<Editor AffiliationIDS="Aff11">
<EditorName DisplayOrder="Western">
<GivenName>Madhu</GivenName>
<FamilyName>Sudan</FamilyName>
</EditorName>
</Editor>
<Editor AffiliationIDS="Aff12">
<EditorName DisplayOrder="Western">
<GivenName>Demetri</GivenName>
<FamilyName>Terzopoulos</FamilyName>
</EditorName>
</Editor>
<Editor AffiliationIDS="Aff13">
<EditorName DisplayOrder="Western">
<GivenName>Doug</GivenName>
<FamilyName>Tygar</FamilyName>
</EditorName>
</Editor>
<Editor AffiliationIDS="Aff14">
<EditorName DisplayOrder="Western">
<GivenName>Moshe</GivenName>
<GivenName>Y.</GivenName>
<FamilyName>Vardi</FamilyName>
</EditorName>
</Editor>
<Editor AffiliationIDS="Aff15">
<EditorName DisplayOrder="Western">
<GivenName>Gerhard</GivenName>
<FamilyName>Weikum</FamilyName>
</EditorName>
</Editor>
<Affiliation ID="Aff1">
<OrgName>Lancaster University</OrgName>
<OrgAddress>
<City>Lancaster</City>
<Country>UK</Country>
</OrgAddress>
</Affiliation>
<Affiliation ID="Aff2">
<OrgName>Carnegie Mellon University</OrgName>
<OrgAddress>
<City>Pittsburgh</City>
<State>PA</State>
<Country>USA</Country>
</OrgAddress>
</Affiliation>
<Affiliation ID="Aff3">
<OrgName>University of Surrey</OrgName>
<OrgAddress>
<City>Guildford</City>
<Country>UK</Country>
</OrgAddress>
</Affiliation>
<Affiliation ID="Aff4">
<OrgName>Cornell University</OrgName>
<OrgAddress>
<City>Ithaca</City>
<State>NY</State>
<Country>USA</Country>
</OrgAddress>
</Affiliation>
<Affiliation ID="Aff5">
<OrgName>ETH Zurich</OrgName>
<OrgAddress>
<City>Zurich</City>
<Country>Switzerland</Country>
</OrgAddress>
</Affiliation>
<Affiliation ID="Aff6">
<OrgName>Stanford University</OrgName>
<OrgAddress>
<City>Stanford</City>
<State>CA</State>
<Country>USA</Country>
</OrgAddress>
</Affiliation>
<Affiliation ID="Aff7">
<OrgName>Weizmann Institute of Science</OrgName>
<OrgAddress>
<City>Rehovot</City>
<Country>Israel</Country>
</OrgAddress>
</Affiliation>
<Affiliation ID="Aff8">
<OrgName>University of Bern</OrgName>
<OrgAddress>
<City>Bern</City>
<Country>Switzerland</Country>
</OrgAddress>
</Affiliation>
<Affiliation ID="Aff9">
<OrgName>Indian Institute of Technology</OrgName>
<OrgAddress>
<City>Madras</City>
<Country>India</Country>
</OrgAddress>
</Affiliation>
<Affiliation ID="Aff10">
<OrgName>University of Dortmund</OrgName>
<OrgAddress>
<City>Dortmund</City>
<Country>Germany</Country>
</OrgAddress>
</Affiliation>
<Affiliation ID="Aff11">
<OrgName>Massachusetts Institute of Technology</OrgName>
<OrgAddress>
<State>MA</State>
<Country>USA</Country>
</OrgAddress>
</Affiliation>
<Affiliation ID="Aff12">
<OrgName>University of California</OrgName>
<OrgAddress>
<City>Los Angeles</City>
<State>CA</State>
<Country>USA</Country>
</OrgAddress>
</Affiliation>
<Affiliation ID="Aff13">
<OrgName>University of California</OrgName>
<OrgAddress>
<City>Berkeley</City>
<State>CA</State>
<Country>USA</Country>
</OrgAddress>
</Affiliation>
<Affiliation ID="Aff14">
<OrgName>Rice University</OrgName>
<OrgAddress>
<City>Houston</City>
<State>TX</State>
<Country>USA</Country>
</OrgAddress>
</Affiliation>
<Affiliation ID="Aff15">
<OrgName>Max-Planck Institute of Computer Science</OrgName>
<OrgAddress>
<City>Saarbrücken</City>
<Country>Germany</Country>
</OrgAddress>
</Affiliation>
</EditorGroup>
</SeriesHeader>
<Book Language="En">
<BookInfo BookProductType="Proceedings" ContainsESM="No" Language="En" MediaType="eBook" NumberingDepth="2" NumberingStyle="ContentOnly" OutputMedium="All" TocLevels="0">
<BookID>978-3-642-17650-0</BookID>
<BookTitle>Information and Communications Security</BookTitle>
<BookSubTitle>12th International Conference, ICICS 2010, Barcelona, Spain, December 15-17, 2010. Proceedings</BookSubTitle>
<BookVolumeNumber>6476</BookVolumeNumber>
<BookSequenceNumber>6476</BookSequenceNumber>
<BookDOI>10.1007/978-3-642-17650-0</BookDOI>
<BookTitleID>215662</BookTitleID>
<BookPrintISBN>978-3-642-17649-4</BookPrintISBN>
<BookElectronicISBN>978-3-642-17650-0</BookElectronicISBN>
<BookChapterCount>32</BookChapterCount>
<BookCopyright>
<CopyrightHolderName>Springer Berlin Heidelberg</CopyrightHolderName>
<CopyrightYear>2010</CopyrightYear>
</BookCopyright>
<BookSubjectGroup>
<BookSubject Code="I" Type="Primary">Computer Science</BookSubject>
<BookSubject Code="I15033" Priority="1" Type="Secondary">Data Encryption</BookSubject>
<BookSubject Code="I15009" Priority="2" Type="Secondary">Data Structures, Cryptology and Information Theory</BookSubject>
<BookSubject Code="I15041" Priority="3" Type="Secondary">Coding and Information Theory</BookSubject>
<BookSubject Code="I14050" Priority="4" Type="Secondary">Systems and Data Security</BookSubject>
<BookSubject Code="I16021" Priority="5" Type="Secondary">Algorithm Analysis and Problem Complexity</BookSubject>
<BookSubject Code="I13022" Priority="6" Type="Secondary">Computer Communication Networks</BookSubject>
<SubjectCollection Code="SUCO11645">Computer Science</SubjectCollection>
</BookSubjectGroup>
<BookContext>
<SeriesID>558</SeriesID>
</BookContext>
</BookInfo>
<BookHeader>
<EditorGroup>
<Editor AffiliationIDS="Aff16">
<EditorName DisplayOrder="Western">
<GivenName>Miguel</GivenName>
<FamilyName>Soriano</FamilyName>
</EditorName>
<Contact>
<Email>soriano@entel.upc.edu</Email>
</Contact>
</Editor>
<Editor AffiliationIDS="Aff17">
<EditorName DisplayOrder="Western">
<GivenName>Sihan</GivenName>
<FamilyName>Qing</FamilyName>
</EditorName>
<Contact>
<Email>qsihan@ss.pku.edu.cn</Email>
</Contact>
</Editor>
<Editor AffiliationIDS="Aff18">
<EditorName DisplayOrder="Western">
<GivenName>Javier</GivenName>
<FamilyName>López</FamilyName>
</EditorName>
<Contact>
<Email>jlm@lcc.uma.es</Email>
</Contact>
</Editor>
<Affiliation ID="Aff16">
<OrgDivision>Information Security Group</OrgDivision>
<OrgName>Universitat Politècnica de Catalunya</OrgName>
<OrgAddress>
<Street>Campus Nord, Jordi Girona 1-3</Street>
<Postcode>08034</Postcode>
<City>Barcelona</City>
<Country>Spain</Country>
</OrgAddress>
</Affiliation>
<Affiliation ID="Aff17">
<OrgDivision>Institute of Software</OrgDivision>
<OrgName>Chinese Academy of Sciences</OrgName>
<OrgAddress>
<Postcode>100080</Postcode>
<City>Beijing</City>
<Country>China</Country>
</OrgAddress>
</Affiliation>
<Affiliation ID="Aff18">
<OrgDivision>III-LIDI(Instituto de Investigación en Informática LIDI) School of Computer Sciences</OrgDivision>
<OrgName>National University of La Plata</OrgName>
<OrgAddress>
<City>La Plata</City>
<State>Buenos Aires</State>
<Country>Argentina</Country>
</OrgAddress>
</Affiliation>
</EditorGroup>
</BookHeader>
<Part ID="Part11">
<PartInfo TocLevels="0">
<PartID>11</PartID>
<PartSequenceNumber>11</PartSequenceNumber>
<PartTitle>Session 3B. Intrusion Detection Systems</PartTitle>
<PartChapterCount>4</PartChapterCount>
<PartContext>
<SeriesID>558</SeriesID>
<BookTitle>Information and Communications Security</BookTitle>
</PartContext>
</PartInfo>
<Chapter ID="Chap29" Language="En">
<ChapterInfo ChapterType="OriginalPaper" ContainsESM="No" NumberingDepth="2" NumberingStyle="ContentOnly" TocLevels="0">
<ChapterID>29</ChapterID>
<ChapterDOI>10.1007/978-3-642-17650-0_29</ChapterDOI>
<ChapterSequenceNumber>29</ChapterSequenceNumber>
<ChapterTitle Language="En">Hybrid Detection of Application Layer Attacks Using Markov Models for Normality and Attacks</ChapterTitle>
<ChapterFirstPage>416</ChapterFirstPage>
<ChapterLastPage>429</ChapterLastPage>
<ChapterCopyright>
<CopyrightHolderName>Springer-Verlag Berlin Heidelberg</CopyrightHolderName>
<CopyrightYear>2010</CopyrightYear>
</ChapterCopyright>
<ChapterGrants Type="Regular">
<MetadataGrant Grant="OpenAccess"></MetadataGrant>
<AbstractGrant Grant="OpenAccess"></AbstractGrant>
<BodyPDFGrant Grant="Restricted"></BodyPDFGrant>
<BodyHTMLGrant Grant="Restricted"></BodyHTMLGrant>
<BibliographyGrant Grant="Restricted"></BibliographyGrant>
<ESMGrant Grant="Restricted"></ESMGrant>
</ChapterGrants>
<ChapterContext>
<SeriesID>558</SeriesID>
<PartID>11</PartID>
<BookID>978-3-642-17650-0</BookID>
<BookTitle>Information and Communications Security</BookTitle>
</ChapterContext>
</ChapterInfo>
<ChapterHeader>
<AuthorGroup>
<Author AffiliationIDS="Aff19">
<AuthorName DisplayOrder="Western">
<GivenName>Rolando</GivenName>
<FamilyName>Salazar-Hernández</FamilyName>
</AuthorName>
<Contact>
<Email>rsalaza@correo.ugr.es</Email>
</Contact>
</Author>
<Author AffiliationIDS="Aff19">
<AuthorName DisplayOrder="Western">
<GivenName>Jesús</GivenName>
<GivenName>E.</GivenName>
<FamilyName>Díaz-Verdejo</FamilyName>
</AuthorName>
<Contact>
<Email>jedv@ugr.es</Email>
</Contact>
</Author>
<Affiliation ID="Aff19">
<OrgDivision>CTIC - Dpt. of Signal Theory, Telematics and Communications</OrgDivision>
<OrgName>University of Granada</OrgName>
<OrgAddress>
<Country>Spain</Country>
</OrgAddress>
</Affiliation>
</AuthorGroup>
<Abstract ID="Abs1" Language="En">
<Heading>Abstract</Heading>
<Para>Previous works has shown that Markov modelling can be used to model the payloads of the observed packets from a selected protocol with applications to anomaly-based intrusion detection. The detection is made based on a normality score derived from the model and a tunable threshold, which allows the choice of the operating point in terms of detection and false positive rates. In this work a hybrid system is proposed and evaluated based on this approach. The detection is made by explicit modelling of both the attack and the normal payloads and the joint use of a recognizer and a threshold based detector. First, the recognizer evaluates the probabilities of a payload being normal or attack and a probability of missclassification. The dubious results are passed through the detector, which evaluates the normality score. The system allows the choice of the operating point and improves the performance of the basic system.</Para>
</Abstract>
<KeywordGroup Language="En">
<Heading>Keywords</Heading>
<Keyword>network security</Keyword>
<Keyword>intrusion detection systems</Keyword>
<Keyword>markov models</Keyword>
</KeywordGroup>
</ChapterHeader>
<NoBody></NoBody>
</Chapter>
</Part>
</Book>
</Series>
</Publisher>
</istex:document>
</istex:metadataXml>
<mods version="3.6">
<titleInfo lang="en">
<title>Hybrid Detection of Application Layer Attacks Using Markov Models for Normality and Attacks</title>
</titleInfo>
<titleInfo type="alternative" contentType="CDATA" lang="en">
<title>Hybrid Detection of Application Layer Attacks Using Markov Models for Normality and Attacks</title>
</titleInfo>
<name type="personal">
<namePart type="given">Rolando</namePart>
<namePart type="family">Salazar-Hernández</namePart>
<affiliation>CTIC - Dpt. of Signal Theory, Telematics and Communications, University of Granada, Spain</affiliation>
<affiliation>E-mail: rsalaza@correo.ugr.es</affiliation>
<role>
<roleTerm type="text">author</roleTerm>
</role>
</name>
<name type="personal">
<namePart type="given">Jesús</namePart>
<namePart type="given">E.</namePart>
<namePart type="family">Díaz-Verdejo</namePart>
<affiliation>CTIC - Dpt. of Signal Theory, Telematics and Communications, University of Granada, Spain</affiliation>
<affiliation>E-mail: jedv@ugr.es</affiliation>
<role>
<roleTerm type="text">author</roleTerm>
</role>
</name>
<typeOfResource>text</typeOfResource>
<genre type="conference [eBooks]" displayLabel="OriginalPaper"></genre>
<originInfo>
<publisher>Springer Berlin Heidelberg</publisher>
<place>
<placeTerm type="text">Berlin, Heidelberg</placeTerm>
</place>
<dateIssued encoding="w3cdtf">2010</dateIssued>
<copyrightDate encoding="w3cdtf">2010</copyrightDate>
</originInfo>
<language>
<languageTerm type="code" authority="rfc3066">en</languageTerm>
<languageTerm type="code" authority="iso639-2b">eng</languageTerm>
</language>
<physicalDescription>
<internetMediaType>text/html</internetMediaType>
</physicalDescription>
<abstract lang="en">Abstract: Previous works has shown that Markov modelling can be used to model the payloads of the observed packets from a selected protocol with applications to anomaly-based intrusion detection. The detection is made based on a normality score derived from the model and a tunable threshold, which allows the choice of the operating point in terms of detection and false positive rates. In this work a hybrid system is proposed and evaluated based on this approach. The detection is made by explicit modelling of both the attack and the normal payloads and the joint use of a recognizer and a threshold based detector. First, the recognizer evaluates the probabilities of a payload being normal or attack and a probability of missclassification. The dubious results are passed through the detector, which evaluates the normality score. The system allows the choice of the operating point and improves the performance of the basic system.</abstract>
<relatedItem type="host">
<titleInfo>
<title>Information and Communications Security</title>
<subTitle>12th International Conference, ICICS 2010, Barcelona, Spain, December 15-17, 2010. Proceedings</subTitle>
</titleInfo>
<name type="personal">
<namePart type="given">Miguel</namePart>
<namePart type="family">Soriano</namePart>
<affiliation>Information Security Group, Universitat Politècnica de Catalunya, Campus Nord, Jordi Girona 1-3, 08034, Barcelona, Spain</affiliation>
<affiliation>E-mail: soriano@entel.upc.edu</affiliation>
<role>
<roleTerm type="text">editor</roleTerm>
</role>
</name>
<name type="personal">
<namePart type="given">Sihan</namePart>
<namePart type="family">Qing</namePart>
<affiliation>Institute of Software, Chinese Academy of Sciences, 100080, Beijing, China</affiliation>
<affiliation>E-mail: qsihan@ss.pku.edu.cn</affiliation>
<role>
<roleTerm type="text">editor</roleTerm>
</role>
</name>
<name type="personal">
<namePart type="given">Javier</namePart>
<namePart type="family">López</namePart>
<affiliation>III-LIDI(Instituto de Investigación en Informática LIDI) School of Computer Sciences, National University of La Plata, La Plata, Buenos Aires, Argentina</affiliation>
<affiliation>E-mail: jlm@lcc.uma.es</affiliation>
<role>
<roleTerm type="text">editor</roleTerm>
</role>
</name>
<genre type="Book Series" displayLabel="Proceedings"></genre>
<originInfo>
<copyrightDate encoding="w3cdtf">2010</copyrightDate>
<issuance>monographic</issuance>
</originInfo>
<subject>
<genre>Book Subject Collection</genre>
<topic authority="SpringerSubjectCodes" authorityURI="SUCO11645">Computer Science</topic>
</subject>
<subject>
<genre>Book Subject Group</genre>
<topic authority="SpringerSubjectCodes" authorityURI="I">Computer Science</topic>
<topic authority="SpringerSubjectCodes" authorityURI="I15033">Data Encryption</topic>
<topic authority="SpringerSubjectCodes" authorityURI="I15009">Data Structures, Cryptology and Information Theory</topic>
<topic authority="SpringerSubjectCodes" authorityURI="I15041">Coding and Information Theory</topic>
<topic authority="SpringerSubjectCodes" authorityURI="I14050">Systems and Data Security</topic>
<topic authority="SpringerSubjectCodes" authorityURI="I16021">Algorithm Analysis and Problem Complexity</topic>
<topic authority="SpringerSubjectCodes" authorityURI="I13022">Computer Communication Networks</topic>
</subject>
<identifier type="DOI">10.1007/978-3-642-17650-0</identifier>
<identifier type="ISBN">978-3-642-17649-4</identifier>
<identifier type="eISBN">978-3-642-17650-0</identifier>
<identifier type="ISSN">0302-9743</identifier>
<identifier type="eISSN">1611-3349</identifier>
<identifier type="BookTitleID">215662</identifier>
<identifier type="BookID">978-3-642-17650-0</identifier>
<identifier type="BookChapterCount">32</identifier>
<identifier type="BookVolumeNumber">6476</identifier>
<identifier type="BookSequenceNumber">6476</identifier>
<identifier type="PartChapterCount">4</identifier>
<part>
<date>2010</date>
<detail type="part">
<title>Session 3B. Intrusion Detection Systems</title>
</detail>
<detail type="volume">
<number>6476</number>
<caption>vol.</caption>
</detail>
<extent unit="pages">
<start>416</start>
<end>429</end>
</extent>
</part>
<recordInfo>
<recordOrigin>Springer Berlin Heidelberg, 2010</recordOrigin>
</recordInfo>
</relatedItem>
<relatedItem type="series">
<titleInfo>
<title>Lecture Notes in Computer Science</title>
</titleInfo>
<name type="personal">
<namePart type="given">David</namePart>
<namePart type="family">Hutchison</namePart>
<affiliation>Lancaster University, Lancaster, UK</affiliation>
<role>
<roleTerm type="text">editor</roleTerm>
</role>
</name>
<name type="personal">
<namePart type="given">Takeo</namePart>
<namePart type="family">Kanade</namePart>
<affiliation>Carnegie Mellon University, Pittsburgh, PA, USA</affiliation>
<role>
<roleTerm type="text">editor</roleTerm>
</role>
</name>
<name type="personal">
<namePart type="given">Josef</namePart>
<namePart type="family">Kittler</namePart>
<affiliation>University of Surrey, Guildford, UK</affiliation>
<role>
<roleTerm type="text">editor</roleTerm>
</role>
</name>
<name type="personal">
<namePart type="given">Jon</namePart>
<namePart type="given">M.</namePart>
<namePart type="family">Kleinberg</namePart>
<affiliation>Cornell University, Ithaca, NY, USA</affiliation>
<role>
<roleTerm type="text">editor</roleTerm>
</role>
</name>
<name type="personal">
<namePart type="given">Friedemann</namePart>
<namePart type="family">Mattern</namePart>
<affiliation>ETH Zurich, Zurich, Switzerland</affiliation>
<role>
<roleTerm type="text">editor</roleTerm>
</role>
</name>
<name type="personal">
<namePart type="given">John</namePart>
<namePart type="given">C.</namePart>
<namePart type="family">Mitchell</namePart>
<affiliation>Stanford University, Stanford, CA, USA</affiliation>
<role>
<roleTerm type="text">editor</roleTerm>
</role>
</name>
<name type="personal">
<namePart type="given">Moni</namePart>
<namePart type="family">Naor</namePart>
<affiliation>Weizmann Institute of Science, Rehovot, Israel</affiliation>
<role>
<roleTerm type="text">editor</roleTerm>
</role>
</name>
<name type="personal">
<namePart type="given">Oscar</namePart>
<namePart type="family">Nierstrasz</namePart>
<affiliation>University of Bern, Bern, Switzerland</affiliation>
<role>
<roleTerm type="text">editor</roleTerm>
</role>
</name>
<name type="personal">
<namePart type="given">C.</namePart>
<namePart type="family">Pandu Rangan</namePart>
<affiliation>Indian Institute of Technology, Madras, India</affiliation>
<role>
<roleTerm type="text">editor</roleTerm>
</role>
</name>
<name type="personal">
<namePart type="given">Bernhard</namePart>
<namePart type="family">Steffen</namePart>
<affiliation>University of Dortmund, Dortmund, Germany</affiliation>
<role>
<roleTerm type="text">editor</roleTerm>
</role>
</name>
<name type="personal">
<namePart type="given">Madhu</namePart>
<namePart type="family">Sudan</namePart>
<affiliation>Massachusetts Institute of Technology, MA, USA</affiliation>
<role>
<roleTerm type="text">editor</roleTerm>
</role>
</name>
<name type="personal">
<namePart type="given">Demetri</namePart>
<namePart type="family">Terzopoulos</namePart>
<affiliation>University of California, Los Angeles, CA, USA</affiliation>
<role>
<roleTerm type="text">editor</roleTerm>
</role>
</name>
<name type="personal">
<namePart type="given">Doug</namePart>
<namePart type="family">Tygar</namePart>
<affiliation>University of California, Berkeley, CA, USA</affiliation>
<role>
<roleTerm type="text">editor</roleTerm>
</role>
</name>
<name type="personal">
<namePart type="given">Moshe</namePart>
<namePart type="given">Y.</namePart>
<namePart type="family">Vardi</namePart>
<affiliation>Rice University, Houston, TX, USA</affiliation>
<role>
<roleTerm type="text">editor</roleTerm>
</role>
</name>
<name type="personal">
<namePart type="given">Gerhard</namePart>
<namePart type="family">Weikum</namePart>
<affiliation>Max-Planck Institute of Computer Science, Saarbrücken, Germany</affiliation>
<role>
<roleTerm type="text">editor</roleTerm>
</role>
</name>
<originInfo>
<copyrightDate encoding="w3cdtf">2010</copyrightDate>
<issuance>serial</issuance>
</originInfo>
<identifier type="ISSN">0302-9743</identifier>
<identifier type="eISSN">1611-3349</identifier>
<identifier type="SeriesID">558</identifier>
<recordInfo>
<recordOrigin>Springer Berlin Heidelberg, 2010</recordOrigin>
</recordInfo>
</relatedItem>
<identifier type="istex">822F38610A97D7AE36BBE901C8DD38FF8225B5B1</identifier>
<identifier type="DOI">10.1007/978-3-642-17650-0_29</identifier>
<identifier type="ChapterID">29</identifier>
<identifier type="ChapterID">Chap29</identifier>
<accessCondition type="use and reproduction" contentType="copyright">Springer Berlin Heidelberg, 2010</accessCondition>
<recordInfo>
<recordContentSource>SPRINGER</recordContentSource>
<recordOrigin>Springer-Verlag Berlin Heidelberg, 2010</recordOrigin>
</recordInfo>
</mods>
</metadata>
</istex>
</record>

Pour manipuler ce document sous Unix (Dilib)

EXPLOR_STEP=$WICRI_ROOT/Ticri/CIDE/explor/TelematiV1/Data/Istex/Corpus

HfdSelect -h $EXPLOR_STEP/biblio.hfd -nk 005C20 | SxmlIndent | more

Ou

HfdSelect -h $EXPLOR_AREA/Data/Istex/Corpus/biblio.hfd -nk 005C20 | SxmlIndent | more

Pour mettre un lien sur cette page dans le réseau Wicri

{{Explor lien
   |wiki=    Ticri/CIDE
   |area=    TelematiV1
   |flux=    Istex
   |étape=   Corpus
   |type=    RBID
   |clé=     ISTEX:822F38610A97D7AE36BBE901C8DD38FF8225B5B1
   |texte=   Hybrid Detection of Application Layer Attacks Using Markov Models for Normality and Attacks
}}
Wicri

This area was generated with Dilib version V0.6.31.
Data generation: Thu Nov 2 16:09:04 2017. Site generation: Sun Mar 10 16:42:28 2024