{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,26]],"date-time":"2026-03-26T11:41:16Z","timestamp":1774525276282,"version":"3.50.1"},"publisher-location":"Berlin, Heidelberg","reference-count":19,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783540410850","type":"print"},{"value":"9783540399452","type":"electronic"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2000]]},"DOI":"10.1007\/3-540-39945-3_7","type":"book-chapter","created":{"date-parts":[[2007,4,14]],"date-time":"2007-04-14T06:38:33Z","timestamp":1176532713000},"page":"93-109","source":"Crossref","is-referenced-by-count":29,"title":["A Real-Time Intrusion Detection System Based on Learning Program Behavior"],"prefix":"10.1007","author":[{"given":"Anup K.","family":"Ghosh","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Christoph","family":"Michael","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Michael","family":"Schatz","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2000,11,11]]},"reference":[{"key":"7_CR1","volume-title":"Detection of Abrupt Changes-Theory and Application","author":"M. Basseville","year":"1993","unstructured":"Mich\u00e8le Basseville and Igor V. Nikiforov. Detection of Abrupt Changes-Theory and Application. Prentice-Hall, Inc., Englewood Cliffs, NJ, 1993."},{"key":"7_CR2","doi-asserted-by":"crossref","unstructured":"B. Pearlmutter C. Warrender, S. Forrest. Detecting intrusions using system calls: Alternative data models. In 1999 IEEE Symposium on Security and Privacy, pages 133\u2013145, 1999.","DOI":"10.1109\/SECPRI.1999.766910"},{"key":"7_CR3","doi-asserted-by":"crossref","unstructured":"B. Pearlmutter C. Warrender, S. Forrest. Detecting intrusions using system calls: Alternative data models. In 1999 IEEE Symposium on Security and Privacy, pages 133\u2013145, 1999.","DOI":"10.1109\/SECPRI.1999.766910"},{"key":"7_CR4","unstructured":"P. D\u2019haeseleer, S. Forrest, and P. Helman. An immunological approach to change detection: Algorithms, analysis and implications. In IEEE Symposium on Security and Privacy, 1996."},{"key":"7_CR5","doi-asserted-by":"publisher","first-page":"179","DOI":"10.1016\/0364-0213(90)90002-E","volume":"14","author":"J. L. Elman","year":"1990","unstructured":"J. L. Elman Finding structure in time. Cognitive Science, 14:179\u2013211, 1990.","journal-title":"Cognitive Science"},{"key":"7_CR6","doi-asserted-by":"crossref","unstructured":"S. Forrest, S. A. Hofmeyr, and A. Somayaji. Computer immunology. Communications of the ACM, 40(10):88\u201396, October 1997.","DOI":"10.1145\/262793.262811"},{"key":"7_CR7","doi-asserted-by":"crossref","unstructured":"S. Forrest, S. A. Hofmeyr, A. Somayaji, and T. A. Longstaff. A sense of self for unix processes. In Proceedings of the 1996 IEEE Symposium on Security and Privacy, pages 120\u2013128. IEEE, May 1996.","DOI":"10.1109\/SECPRI.1996.502675"},{"key":"7_CR8","doi-asserted-by":"crossref","unstructured":"Stephanie Forrest, Steven A. Hofmeyr, Anil Somayaji, and Thomas A. Longstaff. A sense of self for unix processes. In Proceedinges of the 1996 IEEE Symposium on Research in Security and Privacy, pages 120\u2013128. IEEE Computer Society, IEEE Computer Society Press, May 1996.","DOI":"10.1109\/SECPRI.1996.502675"},{"key":"7_CR9","doi-asserted-by":"crossref","unstructured":"Yoav Freund, Michael Kearns, Dana Ron, Ronitt Rubinfeld, Robert E. Schapire, and Linda Sellie. Efficient learning of typical finite automata from random walks. Information and Computation, 138(1):23\u201348, 10 October 1997.","DOI":"10.1006\/inco.1997.2648"},{"key":"7_CR10","unstructured":"A. K. Ghosh, A. Schwartzbard, and M. Schatz. Learning program behavior profiles for intrusion detection. In Proceedings of the 1st USENIX Workshop on Intrusion Detection and Network Monitoring. USENIX Association, April 11\u201312 1999. To appear."},{"key":"7_CR11","doi-asserted-by":"crossref","unstructured":"A. K. Ghosh, J. Wanken, and F. Charron. Detecting anomalous and unknown intrusions against programs. In Proceedings of the 1998 Annual Computer Security Applications Conference (ACSAC\u201998), December 1998.","DOI":"10.1109\/CSAC.1998.738646"},{"key":"7_CR12","doi-asserted-by":"crossref","unstructured":"M. Kearns and L. G. Valiant. Cryptographic limitations on learning boolean formulae and finite automata. In Proceedings of the Twenty First Annual ACM Symposium on Theory of Computing, pages 433\u2013444, New York, NY, 1989. ACM.","DOI":"10.1145\/73007.73049"},{"key":"7_CR13","doi-asserted-by":"crossref","unstructured":"Andrew P. Kosoresow and Steven A. Hofmeyr. Intrusion detection via system call traces. IEEE Software, 14(5):24\u201342, September\/October 1997.","DOI":"10.1109\/52.605929"},{"key":"7_CR14","doi-asserted-by":"crossref","unstructured":"A. P. Kosoresow and S. A. Hofmeyr. Intrusion detection via system call traces. Software, 14(5):35\u201342, September\u2013October 1997. IEEE Computer Society.","DOI":"10.1109\/52.605929"},{"issue":"7","key":"7_CR15","doi-asserted-by":"publisher","first-page":"2917","DOI":"10.1109\/18.737522","volume":"44","author":"T. L. Lai","year":"1998","unstructured":"T. L. Lai. Information bounds and quick detection of parameter changes in stochastic systems. IEEE Transactions on Information Theory, 44(7):2917\u20132929, 1998.","journal-title":"IEEE Transactions on Information Theory"},{"key":"7_CR16","unstructured":"W. Lee, S. Stolfo, and P. K. Chan. Learning patterns from unix process execution traces for intrusion detection. In Proceedings of AAAI97 Workshop on AI Methods in Fraud and Risk Management, 1997."},{"key":"7_CR17","unstructured":"L. Rabiner and B.-H. Juang. Fundamentals of Speech Recognition. Prentice Hall (Signal Processing Series), Englewood Cliffs, NJ, 1993."},{"key":"7_CR18","unstructured":"R. Sekar, Y. Cai, and M. Segal. A specification-based approach for building survivable systems. In Proceedings of the 1998 National Information Systems Security Conference (NISSC\u201998), pages 338\u2013347, October 1998."},{"key":"7_CR19","doi-asserted-by":"crossref","DOI":"10.1007\/978-1-4757-2440-0","volume-title":"The Nature of Statistical Learning Theory","author":"V. N. Vapnik","year":"1995","unstructured":"V. N. Vapnik. The Nature of Statistical Learning Theory. Springer, New York, 1995."}],"container-title":["Lecture Notes in Computer Science","Recent Advances in Intrusion Detection"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/3-540-39945-3_7","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,1,15]],"date-time":"2025-01-15T20:03:32Z","timestamp":1736971412000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/3-540-39945-3_7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2000]]},"ISBN":["9783540410850","9783540399452"],"references-count":19,"URL":"https:\/\/doi.org\/10.1007\/3-540-39945-3_7","relation":{},"ISSN":["0302-9743"],"issn-type":[{"value":"0302-9743","type":"print"}],"subject":[],"published":{"date-parts":[[2000]]}}}