@inproceedings{wang_jiang_cui_wang_2008, title={Countering persistent kernel rootkits through systematic hook discovery}, volume={5230}, booktitle={Recent advances in intrusion detection, raid 2008}, author={Wang, Z. and Jiang, X. X. and Cui, W. D. and Wang, X. Y.}, year={2008}, pages={21–38} }
 @article{ning_jajodia_wang_2002, title={Design and implementation of a decentralized prototype system for detecting distributed attacks}, volume={25}, ISSN={["1873-703X"]}, DOI={10.1016/S0140-3664(02)00039-7}, abstractNote={This paper presents the design and implementation of a decentralized research prototype intrusion detection system (IDS) named coordinated attacks response and detection system (CARDS), which aims at detecting distributed attacks that cannot be detected using data collected at any single place. CARDS adopts a signature-based approach. It consists of three kinds of independent but cooperative components: signature manager, monitor, and directory service. Unlike traditional distributed IDSs, CARDS decomposes global representations of distributed attacks into smaller units (called detection tasks) that correspond to the distributed events indicating the attacks, and then executes and coordinates the detection tasks in the places where the corresponding events are observed.}, number={15}, journal={COMPUTER COMMUNICATIONS}, author={Ning, P and Jajodia, S and Wang, XYS}, year={2002}, month={Sep}, pages={1374–1391} }
 @inproceedings{wang_reeves_wu_2002, title={Inter-packet delay based correlation for tracing encrypted connections through stepping stones}, volume={2502}, ISBN={0750306114}, booktitle={Computer security--ESORICS 2002: 7th European Symposium on Research in Computer Security, Zurich, Switzerland, October 14-16, 2002: proceedings  (Lecture notes in computer science ; 2502)}, publisher={New York: Springer}, author={Wang, X. Y. and Reeves, D. S. and Wu, S. F.}, editor={D. Gollmann, G. Karjoth and Waidner, M.Editors}, year={2002}, pages={244–263} }
 @inbook{chang_narayan_saryor_jou_wu_vetter_gong_wang_brown_yuill, title={DecIdUouS: decentralized source identification for network-based intrusions}, booktitle={Integrated network management VI: Distributed management for the networked millennium}, publisher={Piscataway, NJ: IEEE Pub.}, author={Chang, H. Y. and Narayan, R. and Saryor, C. and Jou, P. and Wu, S. F. and Vetter, B. M. and Gong, F. and Wang, X. and Brown, M. and Yuill, J. J.}, editor={M. Sloman, S. Mazumdar and Lupu, E.Editors}, pages={701–714} }