D. G. Coderre, Fraud Detection: Using Data Analysis Techniques to Detect Fraud, Global Audit Publications Canada, 1999.

P. A. Porras and R. A. Kemmerer, Penetration state transition analysis: A rule-based intrusion detection approach, [1992] Proceedings Eighth Annual Computer Security Application Conference, 1992.
DOI : 10.1109/CSAC.1992.228217

C. Michel and L. Mé, ADeLe: An Attack Description Language for Knowledge-Based Intrusion Detection, Kluwer, pp.353-368, 2001.
DOI : 10.1007/0-306-46998-7_25

F. Cuppens and R. Ortalo, LAMBDA: A Language to Model a Database for Detection of Attacks, RAID, pp.197-216, 2000.
DOI : 10.1007/3-540-39945-3_13

J. Pouzol and M. Ducasé, From Declarative Signatures to Misuse IDS, RAID, LNCS, pp.1-21, 2001.
DOI : 10.1007/3-540-45474-8_1

M. Meier, A Model for the Semantics of Attack Signatures in Misuse Detection Systems, 7th Information Security Conference, pp.158-169, 2004.
DOI : 10.1007/978-3-540-30144-8_14

K. Ilgun, USTAT: a real-time intrusion detection system for UNIX, Proceedings 1993 IEEE Computer Society Symposium on Research in Security and Privacy, p.16, 1993.
DOI : 10.1109/RISP.1993.287646

G. Vigna and R. A. Kemmerer, NetSTAT: a network-based intrusion detection approach, Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217), p.25, 1998.
DOI : 10.1109/CSAC.1998.738566

P. A. Porras and P. G. Neumann, EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances, National Information Systems Security Conference, pp.353-365, 1997.

S. Cheung, U. Lindqvist, and M. W. Fong, Modeling multistep cyber attacks for scenario recognition, Proceedings DARPA Information Survivability Conference and Exposition, pp.284-292, 2003.
DOI : 10.1109/DISCEX.2003.1194892

J. Yang, P. Ning, X. S. Wang, and S. Jajodia, Cards: A Distributed System for Detecting Coordinated Attacks, IFIP TC11 16th Annual Working Conference on Information Security, pp.171-180, 2000.
DOI : 10.1007/978-0-387-35515-3_18

S. T. Eckmann, G. Vigna, and R. A. Kemmerer, STATL: An attack language for state-based intrusion detection, Journal of Computer Security, vol.10, issue.1-2, 2000.
DOI : 10.3233/JCS-2002-101-204

M. Meier, S. Schmerl, and H. Koenig, Improving the Efficiency of Misuse Detection, DIMVA. LNCS, pp.188-205, 2005.
DOI : 10.1007/11506881_12

S. Schmerl, H. Koenig, U. Flegel, and M. Meier, Simplifying Signature Engineering by Reuse, Emerging Trends in Information and Communication Security, pp.436-450, 2006.
DOI : 10.1007/11766155_31
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.94.8689

J. Abbott, J. Bell, A. Clark, O. De-vel, and G. Mohay, Automated recognition of event scenarios for digital forensics, Proceedings of the 2006 ACM symposium on Applied computing , SAC '06, pp.293-300, 2006.
DOI : 10.1145/1141277.1141346

U. Flegel, Privacy-Respecting Intrusion Detection, In: Advances in Information Security, vol.35, p.307, 2007.

D. Zimmer, A Meta-Model for the Definition of the Semantics of Complex Events in Active Database Management Systems, 1998.