Identification of Host Audit Data to Detect Attacks (1999)

by Thomas Daniels, Eugene Spafford
Venue:on Low-Level IP Vulnerabilities”, Journal of Computer Security