BibTeX for papers by David Kotz; for complete/updated list see
https://www.cs.dartmouth.edu/~kotz/research/papers.html

@Article{aslam:kerf-news,
  author =        {Javed Aslam and Sergey Bratus and David Kotz and Ronald Peterson and Daniela Rus},
  title =         {{The Kerf toolkit for intrusion analysis}},
  journal =       {IAnewsletter},
  year =          2005,
  month =         {Summer},
  volume =        8,
  number =        2,
  pages =         {12--16},
  publisher =     {Information Assurance Technology Analysis Center (IATAC)},
  copyright =     {IATAC},
  URL =           {https://www.cs.dartmouth.edu/~kotz/research/aslam-kerf-news/index.html},
}

@InProceedings{aslam:kerf-WIP,
  author =        {Javed Aslam and Sergey Bratus and David Kotz and Ron Peterson and Daniela Rus},
  title =         {{Kerf: Machine Learning to Aid Intrusion Analysts}},
  booktitle =     {{Proceedings of the USENIX Security Symposium}},
  year =          2004,
  month =         {August},
  numpages =      1,
  publisher =     {USENIX Association},
  copyright =     {the authors},
  URL =           {https://www.cs.dartmouth.edu/~kotz/research/aslam-kerf-WIP/index.html},
  note =          {Work-in-progress report.},
}

@TechReport{aslam:toolkit-tr,
  author =        {Javed Aslam and Sergey Bratus and David Kotz and Ron Peterson and Daniela Rus and Brett Tofel},
  title =         {{The Kerf toolkit for intrusion analysis}},
  institution =   {Dartmouth Computer Science},
  year =          2004,
  month =         {March},
  number =        {TR2004-493},
  copyright =     {the authors},
  URL =           {https://www.cs.dartmouth.edu/~kotz/research/aslam-toolkit-tr/index.html},
  abstract =      {We consider the problem of intrusion analysis and present the Kerf Toolkit, whose purpose is to provide an efficient and flexible infrastructure for the analysis of attacks. The Kerf Toolkit includes a mechanism for securely recording host and network logging information for a network of workstations, a domain-specific language for querying this stored data, and an interface for viewing the results of such a query, providing feedback on these results, and generating new queries in an iterative fashion. We describe the architecture of Kerf, present examples to demonstrate the power of our query language, and discuss the performance of our implementation of this system.},
}

@Article{aslam:toolkit,
  author =        {Javed Aslam and Sergey Bratus and David Kotz and Ron Peterson and Daniela Rus and Brett Tofel},
  title =         {{The Kerf toolkit for intrusion analysis}},
  journal =       {IEEE Security and Privacy},
  year =          2004,
  month =         {November},
  volume =        2,
  number =        6,
  pages =         {42--52},
  publisher =     {IEEE},
  copyright =     {IEEE},
  DOI =           {10.1109/MSP.2004.113},
  URL =           {https://www.cs.dartmouth.edu/~kotz/research/aslam-toolkit/index.html},
  abstract =      {We consider the problem of intrusion analysis and present the Kerf Toolkit, whose purpose is to provide an efficient and flexible infrastructure for the analysis of attacks. The Kerf Toolkit includes a mechanism for securely recording host and network logging information for a network of workstations, a domain-specific language for querying this stored data, and an interface for viewing the results of such a query, providing feedback on these results, and generating new queries in an iterative fashion. We describe the architecture of Kerf, present examples to demonstrate the power of our query language, and discuss the performance of our implementation of this system.},
}

@InProceedings{aslam:toolkit-p,
  author =        {Javed Aslam and Sergey Bratus and David Kotz and Ron Peterson and Daniela Rus and Brett Tofel},
  title =         {{The Kerf toolkit for intrusion analysis (Poster abstract)}},
  booktitle =     {{Proceedings of the IEEE Workshop on Information Assurance}},
  year =          2003,
  month =         {June},
  pages =         {301--303},
  publisher =     {IEEE},
  copyright =     {IEEE},
  address =       {West Point, NY},
  DOI =           {10.1109/SMCSIA.2003.1232441},
  URL =           {https://www.cs.dartmouth.edu/~kotz/research/aslam-toolkit-p/index.html},
  abstract =      {We consider the problem of intrusion analysis and present the Kerf toolkit, whose purpose is to provide an efficient and flexible infrastructure for the analysis of attacks. The Kerf toolkit includes a mechanism for securely recording host and network logging information for a network of workstations, a domain-specific language for querying this stored data, and an interface for viewing the results of such a query, providing feedback on these results, and generating new queries in an iterative fashion. We describe the architecture of Kerf in detail, present examples to demonstrate the power of our query language, and discuss the performance of our implementation of this system.},
}