{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,9]],"date-time":"2026-06-09T15:37:10Z","timestamp":1781019430421,"version":"3.54.1"},"publisher-location":"Boston, MA","reference-count":31,"publisher":"Springer US","isbn-type":[{"value":"9781461353218","type":"print"},{"value":"9781461509530","type":"electronic"}],"license":[{"start":{"date-parts":[[2002,1,1]],"date-time":"2002-01-01T00:00:00Z","timestamp":1009843200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2002,1,1]],"date-time":"2002-01-01T00:00:00Z","timestamp":1009843200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2002]]},"DOI":"10.1007\/978-1-4615-0953-0_4","type":"book-chapter","created":{"date-parts":[[2011,6,19]],"date-time":"2011-06-19T21:35:58Z","timestamp":1308519358000},"page":"77-101","source":"Crossref","is-referenced-by-count":486,"title":["A Geometric Framework for Unsupervised Anomaly Detection"],"prefix":"10.1007","author":[{"given":"Eleazar","family":"Eskin","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Andrew","family":"Arnold","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Michael","family":"Prerau","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Leonid","family":"Portnoy","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Sal","family":"Stolfo","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","reference":[{"key":"4_CR1","volume-title":"Outliers in Statistical Data","author":"V Barnett","year":"1994","unstructured":"Barnett, V. and Lewis, T. (1994). Outliers in Statistical Data. John Wiley and Sons."},{"key":"4_CR2","first-page":"93","volume-title":"LOF: identifying density-based local outliers","author":"MM Breunig","year":"2000","unstructured":"Breunig, M. M., Kriegel, H.-P., Ng, R. T., and Sander, J. (2000). LOF: identifying density-based local outliers. In ACM SIGMOD Int. Conf. on Management of Data, pages 93\u2013104."},{"key":"4_CR3","unstructured":"Christina Leslie, E. E. and Noble, W. S. (2002). The spectrum kernel: A string kernel for SVM protein classification. In Proceedings of the Pacific Symposium on Biocomputing (PSB-2002), Kaua\u2019i, Hawaii."},{"key":"4_CR4","volume-title":"An Introduction to Support Vector Machines","author":"N Cristianini","year":"2000","unstructured":"Cristianini, N. and Shawe-Taylor, J. (2000). An Introduction to Support Vector Machines. Cambridge University Press, Cambridge, UK."},{"key":"4_CR5","doi-asserted-by":"publisher","first-page":"222","DOI":"10.1109\/TSE.1987.232894","volume":"SE-13","author":"D Denning","year":"1987","unstructured":"Denning, D. (1987). An intrusion detection model. IEEE Transactions on Software Engineering, SE-13:222\u2013232.","journal-title":"IEEE Transactions on Software Engineering"},{"key":"4_CR6","volume-title":"Anomaly detection over noisy data using learned probability distributions","author":"E Eskin","year":"2000","unstructured":"Eskin, E. (2000). Anomaly detection over noisy data using learned probability distributions. In Proceedings of the International Conference on Machine Learning."},{"key":"4_CR7","volume-title":"Modeling system calls for intrusion detection with dynamic window sizes","author":"E Eskin","year":"2001","unstructured":"Eskin, E., Lee, W., and Stolfo, S. J. (2001). Modeling system calls for intrusion detection with dynamic window sizes. ln Proceedings of DARPA Information Survivabilty Conference and Exposition II (DISCEX II), Anaheim, CA."},{"key":"4_CR8","volume-title":"Ensemble-based adaptive intrusion detection","author":"W Fan","year":"2002","unstructured":"Fan, W. and Stolfo, S. (2002). Ensemble-based adaptive intrusion detection. In Proceedings of 2002 SIAM International Conference on Data Mining, Arlington, VA."},{"key":"4_CR9","first-page":"120","volume-title":"A sense of self for unix processes","author":"S Forrest","year":"1996","unstructured":"Forrest, S., Hofmeyr, S. A., Somayaji, A., and Longstaff, T. A. (1996). A sense of self for unix processes. In 1996 IEEE Symposium on Security and Privacy, pages 120\u2013128. IEEE Computer Society."},{"key":"4_CR10","volume-title":"A study in using neural networks for anomaly and misuse detection","author":"A Ghosh","year":"1999","unstructured":"Ghosh, A. and Schwartzbard, A. (1999). A study in using neural networks for anomaly and misuse detection. In Proceedings of the 8th USENIX Security Symposium."},{"key":"4_CR11","volume-title":"Convolution kernels on discrete structures. Technical Report UCS-CRL-99-10, UC Santa Cruz.","author":"D Haussler","year":"1999","unstructured":"Haussler, D. (1999). Convolution kernels on discrete structures. Technical Report UCS-CRL-99\u201310, UC Santa Cruz."},{"issue":"4","key":"4_CR12","doi-asserted-by":"publisher","first-page":"449","DOI":"10.1109\/3468.594912","volume":"27","author":"P Helman","year":"1997","unstructured":"Helman, P. and Bhangoo, J. (1997). A statistically base system for prioritizing information exploration under uncertainty. IEEE Transactions on Systems,Man and Cybernetics, Part A: Systems and Humans, 27(4):449\u2013466.","journal-title":"Part A: Systems and Humans"},{"key":"4_CR13","first-page":"151","volume":"6","author":"S. A. Hofmeyr","year":"1998","unstructured":"Hofmeyr, S. A., Forrest, S., and Somayaji, A. (1998). Intrusion detect using sequences of system calls. Journal of Computer Security, 6:151\u2013180.","journal-title":"Journal of Computer Security"},{"key":"4_CR14","volume-title":"The NIDES statistical component: description and justification","author":"HS Javitz","year":"1993","unstructured":"Javitz, H. S. and Valdes, A. (1993). The NIDES statistical component: description and justification. In Technical Report,Computer Science Laboratory, SRI International."},{"key":"4_CR15","volume-title":"The third international knowledge discovery and data mining tools competition dataset","author":"KDD99-Cup","year":"1999","unstructured":"KDD99-Cup (1999). The third international knowledge discovery and data mining tools competition dataset http:\/\/kdd.ics.uci.edu\/databases\/kddcup99\/kddcup99.htm1."},{"key":"4_CR16","unstructured":"Knorr, E. M. and Ng, R. T. (1998). Algorithms for mining distance-based outliers in large datasets. In Proc. 24th Int. Conf. Very Large Data Bases, VLDB, pages 392\u2013403."},{"key":"4_CR17","unstructured":"Knorr, E. M. and Ng, R. T. (1999). Finding intentional knowledge of distance-based outliers. The VLDB Journal, pages 211\u2013222."},{"key":"4_CR18","first-page":"43","volume-title":"Sequence matching and learning in anomaly detection for computer security","author":"T Lane","year":"1997","unstructured":"Lane, T. and Brodley, C. E. (1997). Sequence matching and learning in anomaly detection for computer security. In AAAI Workshop: AI Approaches to Fraud Detection and Risk Management, pages 43\u201349. AAAI Press."},{"key":"4_CR19","volume-title":"Data mining approaches for intrusion detection","author":"W Lee","year":"1998","unstructured":"Lee, W. and Stolfo, S. J. (1998). Data mining approaches for intrusion detection. In Proceedings of the 1998 USENIX Security Symposium."},{"key":"4_CR20","first-page":"50","volume-title":"Learning patterns from unix processes execution traces for intrusion detection","author":"W Lee","year":"1997","unstructured":"Lee, W., Stolfo, S. J., and Chan, P. K. (1997). Learning patterns from unix processes execution traces for intrusion detection. In AAAI Workshop on AI Approaches to Fraud Detection and Risk Management, pages 50\u201356. AAAI Press."},{"key":"4_CR21","volume-title":"Data mining in work flow environments: Experiences in intrusion detection","author":"W Lee","year":"1999","unstructured":"Lee, W., Stolfo, S. J., and Mok, K. (1999). Data mining in work flow environments: Experiences in intrusion detection. In Proceedings of the 1999 Conference on Knowledge Discovery and Data Mining (KDD99)."},{"key":"4_CR22","volume-title":"Results of the 1999 darpa off-line intrusion detection evaluation","author":"RP Lippmann","year":"1999","unstructured":"Lippmann, R. P., Cunningham, R. K., Fried, D. J., Graf, I., Kendall, K. R., Webster, S. W., and Zissman, M. (1999). Results of the 1999 darpa off-line intrusion detection evaluation. In Second International Workshop on Recent Advances in Intrusion Detection (RAID 1999), West Lafayette, IN."},{"key":"4_CR23","first-page":"169","volume-title":"Efficient clustering of high-dimensional data sets with application to reference matching","author":"A McCallum","year":"2000","unstructured":"McCallum, A., Nigam, K., and Ungar, L. H. (2000). Efficient clustering of high-dimensional data sets with application to reference matching. In Knowledge Discovery and Data Mining, pages 169\u2013178."},{"key":"4_CR24","volume-title":"Bro: A system for detecting network intruders in real-time","author":"V Paxson","year":"1998","unstructured":"Paxson, V. (1998). Bro: A system for detecting network intruders in real-time. In Proceedings of the 7th USENIX Security Symposium, San Antonio, TX."},{"key":"4_CR25","first-page":"185","volume-title":"Advances in Kernel Methods \u2014 Support Vector Learning","author":"J Platt","year":"1999","unstructured":"Platt, J. (1999). Fast training of support vector machines using sequential minimal optimization. In Sch\u00f6lkopf, B., Burges, C. J. C., and Smola, A. J., editors, Advances in Kernel Methods \u2014 Support Vector Learning, pages 185\u2013208, Cambridge, MA. MIT Press."},{"key":"4_CR26","volume-title":"Intrusion detection with unlabeled data using clustering","author":"L Portnoy","year":"2001","unstructured":"Portnoy, L., Eskin, E., and Stolfo, S. J. (2001). Intrusion detection with unlabeled data using clustering. In Proceedings of ACM CSS Workshop on Data Mining Applied to Security (DMSA-2001), Philadelphia, PA."},{"key":"4_CR27","volume-title":"The case against accuracy estimation for comparing induction algorithms","author":"F Provost","year":"1998","unstructured":"Provost, F., Fawcett, T., and Kohavi, R. (1998). The case against accuracy estimation for comparing induction algorithms. In Proceedings of the Fifteenth International Conference on Machine Learning."},{"key":"4_CR28","unstructured":"Sch\u00f6lkopf, B., Platt, J., Shawe-Taylor, J., Smola, A. J., and Williamson, R. C. (1999). Estimating the support of a high-dimensional distribution. Technical Report 99\u201387, Microsoft Research. To appear in Neural Computation, 2001."},{"key":"4_CR29","first-page":"133","volume-title":"Detecting intrusions using system calls: alternative data models","author":"C Warrender","year":"1999","unstructured":"Warrender, C., Forrest, S., and Pearlmutter, B. (1999). Detecting intrusions using system calls: alternative data models. In 1999 IEEE Symposium on Security and Privacy, pages 133\u2013145. IEEE Computer Society."},{"key":"4_CR30","first-page":"39","volume-title":"Advances in Large Margin Classifiers","author":"C Watkins","year":"2000","unstructured":"Watkins, C. (2000). Dynamic alignment kernels. In Smola, A., Bartlett, P., Sch\u00f6lkopf, B., and Schuurmans, D., editors, Advances in Large Margin Classifiers, pages 39\u201350, Cambridge, MA. MIT Press."},{"key":"4_CR31","volume-title":"A markov chain model of temporal behavior for anomaly detection","author":"N Ye","year":"2000","unstructured":"Ye, N. (2000). A markov chain model of temporal behavior for anomaly detection,. In Proceedings of the 2000 IEEE Systems, Man, and Cybernetics Information Assurance and Security Workshop."}],"container-title":["Advances in Information Security","Applications of Data Mining in Computer Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-1-4615-0953-0_4","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,5,8]],"date-time":"2026-05-08T17:34:11Z","timestamp":1778261651000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-1-4615-0953-0_4"}},"subtitle":["Detecting Intrusions in Unlabeled Data"],"short-title":[],"issued":{"date-parts":[[2002]]},"ISBN":["9781461353218","9781461509530"],"references-count":31,"URL":"https:\/\/doi.org\/10.1007\/978-1-4615-0953-0_4","relation":{},"ISSN":["1568-2633"],"issn-type":[{"value":"1568-2633","type":"print"}],"subject":[],"published":{"date-parts":[[2002]]}}}