{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,28]],"date-time":"2025-03-28T07:52:21Z","timestamp":1743148341612,"version":"3.40.3"},"publisher-location":"Cham","reference-count":48,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030780852"},{"type":"electronic","value":"9783030780869"}],"license":[{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021]]},"DOI":"10.1007\/978-3-030-78086-9_33","type":"book-chapter","created":{"date-parts":[[2021,7,1]],"date-time":"2021-07-01T00:45:53Z","timestamp":1625100353000},"page":"451-466","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Using a Neural Network to Detect Anomalies Given an N-gram Profile"],"prefix":"10.1007","author":[{"given":"Byunggu","family":"Yu","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Junwhan","family":"Kim","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2021,7,1]]},"reference":[{"issue":"1","key":"33_CR1","doi-asserted-by":"publisher","first-page":"4","DOI":"10.1145\/1609956.1609960","volume":"13","author":"M Abadi","year":"2009","unstructured":"Abadi, M., Budiu, M., Erlingsson, U., Ligatti, J.: Control-flow integrity principles, implementations, and applications. ACM Trans. Inf. Syst. Secur. 13(1), 4 (2009)","journal-title":"ACM Trans. Inf. Syst. Secur."},{"key":"33_CR2","doi-asserted-by":"crossref","unstructured":"Anderson, D., Frivold, T., Valdes, A.: Next-generation intrusion detection expert system (NIDES): a summary. Technical Report. Menlo Park, CA: SRI-CSL-95-07. Computer Science Laboratory, SRI International Breiman, L. (1996). Bagging Predictors. Mach. Learn. 24, 123\u2013140 (1995)","DOI":"10.1007\/BF00058655"},{"key":"33_CR3","unstructured":"Anderson, D., Frivold, T., Valdes, A.: Next-generation Intrusion Detection Expert System (NIDES): A Summary. Technical Report. Menlo Park, CA: SRI-CSL-95-07. Computer Science Laboratory, SRI International (1995)"},{"key":"33_CR4","first-page":"123","volume":"24","author":"L Breiman","year":"1996","unstructured":"Breiman, L.: Bagging predictors. Mach. Learn. 24, 123\u2013140 (1996)","journal-title":"Mach. Learn."},{"key":"33_CR5","doi-asserted-by":"crossref","unstructured":"Carter, K.M., Streilein, W.W.: Probabilistic reasoning for streaming anomaly detection. In: Proceedings of Signal Processing Workshop on Statistical Signal and Array Processing, SSP 2012, pp. 377\u2013380. IEEE(2012)","DOI":"10.1109\/SSP.2012.6319708"},{"key":"33_CR6","doi-asserted-by":"crossref","unstructured":"Chandola, V., Banerjee, A., Kumar, V.: Anomaly detection: a survey. ACM Comput. Surv. 41(3), 15:1\u201315:58 (2009)","DOI":"10.1145\/1541880.1541882"},{"key":"33_CR7","unstructured":"Codenomicon. Heartbleed Bug (2014). http:\/\/heartbleed.com\/. Accessed 25 Aug 2015"},{"key":"33_CR8","series-title":"Lecture Notes in Computer Science (Lecture Notes in Artificial Intelligence)","doi-asserted-by":"publisher","first-page":"103","DOI":"10.1007\/978-3-642-40846-5_11","volume-title":"Hybrid Artificial Intelligent Systems","author":"E de la Hoz","year":"2013","unstructured":"de la Hoz, E., Ortiz, A., Ortega, J., de la Hoz, E.: Network anomaly classification by support vector classifiers ensemble and non-linear projection techniques. In: Pan, J.-S., Polycarpou, M.M., Wo\u017aniak, M., de Carvalho, A.C.P.L.F., Quinti\u00e1n, H., Corchado, E. (eds.) HAIS 2013. LNCS (LNAI), vol. 8073, pp. 103\u2013111. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-40846-5_11"},{"key":"33_CR9","doi-asserted-by":"crossref","unstructured":"Denning, D.E.: An intrusion detection model. IEEE Trans. Softw. Eng. Vol SE-13. 2, 222\u2013232 (1987)","DOI":"10.1109\/TSE.1987.232894"},{"key":"33_CR10","doi-asserted-by":"crossref","unstructured":"Elgraini, M., Assem, N., Rachidi, T.: Host intrusion detection for long stealthy system call sequences. In: Proceedings of 2012 Colloquium in Information Science and Technology, CIST 2012, 22\u201324 October 2012, pp. 96\u2013100. IEEE (2012)","DOI":"10.1109\/CIST.2012.6388070"},{"key":"33_CR11","unstructured":"Eskin, E.: Anomaly detection over noisy data using learned probability distributions. In: Proceedings of the International Conference on Machine Learning, pp. 255\u2013262. Morgan Kaufmann (2000)"},{"key":"33_CR12","doi-asserted-by":"publisher","first-page":"77","DOI":"10.1007\/978-1-4615-0953-0_4","volume":"6","author":"E Eskin","year":"2002","unstructured":"Eskin, E., Arnold, A., Prerau, M., Portnoy, L., Stolfo, S.: A geometric framework for unsupervised anomaly detection: detecting intrusions in unlabeled data. Adv. Inf. Secur. 6, 77\u2013101 (2002)","journal-title":"Adv. Inf. Secur."},{"key":"33_CR13","unstructured":"Ewell, B.: New Round of Email Worm, Here you have (2010). http:\/\/www.symantec.com\/connect\/blogs\/new-round-email-worm-here-you-have. Accessed 25 Aug 2015"},{"key":"33_CR14","unstructured":"Feng, H.H., Kolesnikov, O.M., Fogla, P., Lee, W., Gong, W.: Anomaly detection using call stack information. In: Proceedings of Symposium on Security and Privacy, SP 2003, 11\u201314 May 2003, Oakland, California, USA, pp. 62\u201375. IEEE (2003)"},{"key":"33_CR15","unstructured":"Forrest, S., Longstaff, T.A.: A sense of self for unix processes. In: Proceedings of Symposium on Security and Privacy, SP 1996, 6\u20138 May 1996, Oakland, California, USA, pp. 120\u2013128. IEEE (1996)"},{"key":"33_CR16","doi-asserted-by":"crossref","unstructured":"Forrest, S., Hofmeyr, S., Somayaji, A., (2008). The evolution of system-call monitoring. In: Proceedings of Annual Computer Security Applications Conference, ACSAC 2008, 8\u201312 December, Anaheim, California, USA, pp. 418\u2013430. IEEE, Washington DC (2008)","DOI":"10.1109\/ACSAC.2008.54"},{"key":"33_CR17","unstructured":"Gao, D., Reiter, M.K., Song, D.: On gray-box program tracking for anomaly detection. In: Proceedings of the 14th USENIX Security Symposium, 9\u201313 August 2004, San Diego, California, USA, USENIX, pp. 103\u2013118 (2004)"},{"key":"33_CR18","unstructured":"Gareth, J.: Majority Vote Classifiers: Theory and Applications (Ph.D. Thesis). Stanford University, May 1998"},{"key":"33_CR19","unstructured":"Heller, K., Svore, K., Keromytis, A., Stolfo, S.: One class support vector machines for detecting anomalous windows registry accesses. In: Proceedings of the Workshop on Data Mining for Computer Security in conjunction with the 3rd IEEE International Conference on Data Mining, DMSEC03, 19\u201322 November 2003, Melbourne, Florida, USA, pp. 2\u20139 (2003). (www.cs.fit.edu\/ pkc\/dmsec03)"},{"key":"33_CR20","doi-asserted-by":"crossref","unstructured":"Henao, R.J., Espinosa, O.J.: Machine learning techniques applied to intruder detection in networks. Proceedings of the 47th International Carnahan Conference on Security Technology, ICCST 2013, 8\u201311 October 2013, Medelin, pp. 1\u20136. IEEE (2013)","DOI":"10.1109\/CCST.2013.6922081"},{"key":"33_CR21","doi-asserted-by":"crossref","unstructured":"Ho, T.: Multiple classifier combiation: lessons and next steps. In: Hybrid Methods in Pattern Recognition. World Scientific Press (2002)","DOI":"10.1142\/9789812778147_0007"},{"key":"33_CR22","unstructured":"Hu, W., Liao, Y., Vemuri, V.: Robust anomaly detection using support vector machines. In: Proceedings of the International Conference on Machine Learning, pp. 282\u2013289 (2003)"},{"issue":"3","key":"33_CR23","doi-asserted-by":"publisher","first-page":"181","DOI":"10.1109\/32.372146","volume":"21","author":"K Ilgun","year":"1995","unstructured":"Ilgun, K., Kemmerer, R.A., Porras, P.A.: State transition analysis: a rule-based intrusion detection approach. IEEE Trans. Softw. Eng. 21(3), 181\u2013199 (1995)","journal-title":"IEEE Trans. Softw. Eng."},{"key":"33_CR24","unstructured":"Kaspersky Lab. What You Should Know About the \u2019Here You Have\u2019 Worm (2010). http:\/\/usa.kaspersky.com\/resources\/virus\/what-you-should-know-about-here-you-have-worm. Accessed 25 Aug 2015"},{"key":"33_CR25","unstructured":"Ko, C.: Logic induction of valid behavior specifications for intrusion detection. In: Proceedings of IEEE Symposium on Security and Privacy, Berkeley, CA, pp. 142\u2013153. IEEE (2000)"},{"key":"33_CR26","unstructured":"Kruegel, C., Kirda, E., Mutz, D., Robertson, W., Vigna, G.: Automating mimicry attacks using static binary analysis. In: Proceedings of the 14th USENIX Security Symposium, 31 July - 5 Aug 2005, Baltimore, MD, USENIX, pp. 161\u2013176 (2005)"},{"key":"33_CR27","doi-asserted-by":"crossref","unstructured":"Kuang, L., Zulkernine, M.: An anomaly intrusion detection method using the CSI-KNN algorithm. In: Proceedings of ACM Symposium on Applied Computing, SAC 2008, Fortaleza, Ceara, Brazil, pp. 921\u2013926. ACM (2008)","DOI":"10.1145\/1363686.1363897"},{"key":"33_CR28","unstructured":"Kumar, S., Spafford, E.H.: A software architecture to support misuse intrusion detection. In: Proceedings of the 18th National Information Security Conference, NISC 1995, 10\u201313 October 1995, Baltimore, Maryland, USA, NIST\/NCSC, Gaithersburg, MD, pp. 194\u2013204 (1995)"},{"key":"33_CR29","unstructured":"Lee, W., Stolfo, S.: Data mining approaches for intrusion detection. In: Proceedings of the 7th USENIX Security Symposium, 26\u201329 January 1998, San Antonio, Texas, USA.: USENIX, pp. 79\u201394 (1998)"},{"key":"33_CR30","unstructured":"Lee, W., Xiang, D.: Information-theoretic measures for anomaly detection. In: Proceedings of Symposium on Security and Privacy, SP 2001, 14\u201316 May 2001, Oakland, California, USA, pp. 130\u2013143. IEEE (2001)"},{"issue":"5","key":"33_CR31","doi-asserted-by":"publisher","first-page":"439","DOI":"10.1016\/S0167-4048(02)00514-X","volume":"21","author":"Y Liao","year":"2002","unstructured":"Liao, Y., Vemuri, V.: Use of K-nearest neighbor classifier for intrusion detection. Comput. Secur. 21(5), 439\u2013448 (2002)","journal-title":"Comput. Secur."},{"key":"33_CR32","unstructured":"Lunt, T., et al.: A Real-time Intrusion Detection Expert System (IDES). Technical Report. Menlo Park, CA: Computer Science Laboratory, SRI International (1992)"},{"key":"33_CR33","unstructured":"Michmerhuizen, D.: Here You Have Spam Teaches an Old Worm a New Trick (2010). https:\/\/barracudalabs.com\/2010\/09\/here-you-have-spam-teaches-an-old-worm-a-new-trick\/. Accessed 25 Aug 2015"},{"issue":"3","key":"33_CR34","doi-asserted-by":"publisher","first-page":"239","DOI":"10.1080\/00401706.1959.10489860","volume":"1","author":"S Roberts","year":"1959","unstructured":"Roberts, S.: Control chart tests based on geometric moving averages. Technometrics 1(3), 239\u2013250 (1959)","journal-title":"Technometrics"},{"key":"33_CR35","unstructured":"Roesch, M.: Snort - Lightweight intrusion detection for networks. In: LISA 1999: 13th Systems Administration Conference, 7\u201312 November 1999, Seattle, Washington, USA: USENIX, pp. 229\u2013238 (1999)"},{"key":"33_CR36","unstructured":"Sekar, R., Bendre, M., Dhurjati, D., Bollineni, P.: A fast automaton-based method for detecting anomalous program behaviors. In: Proceedings of Symposium on Security and Privacy, SP 2001, 14\u201316 May 2001, Oakland, California, USA, pp. 144\u2013155. IEEE (2001)"},{"issue":"3","key":"33_CR37","doi-asserted-by":"publisher","first-page":"549","DOI":"10.1137\/S0040585X97982591","volume":"51","author":"I Shevtsova","year":"2007","unstructured":"Shevtsova, I.: Sharpening of the upper bound of the absolute constant in the Berry-Esseen inequality. Theor. Probab. Appl. 51(3), 549\u2013553 (2007)","journal-title":"Theor. Probab. Appl."},{"key":"33_CR38","unstructured":"Tan, K., Maxion, R.: Why 6? defining the operational limits of stide, an anomaly-based intrusion detector. In: Proceedings of Symposium on Security and Privacy, SP 2002, 12\u201315 May 2002, Oakland, California, USA, pp. 188\u2013201. IEEE (2002)"},{"key":"33_CR39","unstructured":"US-CERT. Malicious Email Campaign Circulating (2009). https:\/\/www.us-cert.gov\/ncas\/current-activity\/2010\/09\/09\/Malicious-Email-Campaign-Circulating. Accessed 25 August 2015"},{"key":"33_CR40","unstructured":"US-CERT. Vulnerability Note VU720951 (2014). http:\/\/www.kb.cert.org\/vuls\/id\/720951. Accessed 25 Aug 2015"},{"key":"33_CR41","unstructured":"Wagner, D., Dean, D.: Intrusion detection via static analysis. In: Proceedings of Symposium on Security and Privacy, 14\u201316 May 2001, Oakland, California, pp. 156\u2013168. IEEE (2001)"},{"key":"33_CR42","doi-asserted-by":"crossref","unstructured":"Wagner, D., Soto, P.: Mimicry attacks on host-based intrusion detection systems. In: Proceedings of the 9th ACM conference on Computer and Communications Security, CCS 2002, 17\u201321 November 2002, Washington, DC, USA, pp. 255\u2013264. ACM, New York, NY (2001)","DOI":"10.1145\/586110.586145"},{"key":"33_CR43","unstructured":"Warrender, C., Forrest, S., Pearlmutter, B.: Detecting intrusions using system calls: alternative data models. In: Proceedings of Symposium on Security and Privacy, SP 1999, May 9\u201312, 1999, Oakland, California, USA, pp. 133\u2013145. IEEE (1999)"},{"key":"33_CR44","doi-asserted-by":"crossref","unstructured":"Webb, G. (2000). MultiBoosting: a technique for combining boosting and wagging. Mach. Learn. 40, 159\u2013197 (1999)","DOI":"10.1023\/A:1007659514849"},{"key":"33_CR45","unstructured":"Wheeler, D.A.: How to Prevent the next Heartbleed (2014). http:\/\/www.dwheeler.com\/essays\/heartbleed.html. Accessed 25 Aug 2015"},{"key":"33_CR46","unstructured":"Xie, F., Xie., L.: Using information theory to measure call site information of system call in anomaly detection. In: Proceedings of the 15th IEEE International Conference on Communication Technology, ICCT 2013, 17 Nov-19 Nov 2013, Guilin, China, pp. 6\u201310. IEEE (2013)"},{"key":"33_CR47","doi-asserted-by":"crossref","unstructured":"Yolacan, E., Dy, J., Kaeli, D.: System call anomaly detection using multi-HMMs. In: Proceedings of the 8th IEEE International Conference on Software Security and Reliability-Companion, SERE-C 2014, San Francisco, California, USA, 2014, pp. 25\u201330. IEEE (2014)","DOI":"10.1109\/SERE-C.2014.19"},{"key":"33_CR48","doi-asserted-by":"crossref","unstructured":"Gers, F.A., Schmidhuber, J.: LSTM recurrent networks learn simple context free and context sensitive languages (PDF). IEEE Trans. Neural Netw. 12(6), 1333\u20131340. PMID 18249962 doi: 10.1109\/72.963769 (2001)","DOI":"10.1109\/72.963769"}],"container-title":["Lecture Notes in Computer Science","Cyber Security Cryptography and Machine Learning"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-78086-9_33","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,7,1]],"date-time":"2021-07-01T01:47:17Z","timestamp":1625104037000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-78086-9_33"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021]]},"ISBN":["9783030780852","9783030780869"],"references-count":48,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-78086-9_33","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2021]]},"assertion":[{"value":"1 July 2021","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"CSCML","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Symposium on Cyber Security Cryptography and Machine Learning","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Be'er Sheva","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Israel","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2021","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"8 July 2021","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"9 July 2021","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"5","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"cscml2021","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.cs.bgu.ac.il\/~fradmin\/cscml21\/index.html","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Open","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"48","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"22","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"13","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"46% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"1 keynote paper is also included.","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}