{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,26]],"date-time":"2025-03-26T02:16:50Z","timestamp":1742955410847,"version":"3.40.3"},"publisher-location":"Cham","reference-count":35,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030939557"},{"type":"electronic","value":"9783030939564"}],"license":[{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2022]]},"DOI":"10.1007\/978-3-030-93956-4_10","type":"book-chapter","created":{"date-parts":[[2022,1,12]],"date-time":"2022-01-12T08:03:00Z","timestamp":1641974580000},"page":"159-177","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["Improving Host-Based Intrusion Detection Using Thread Information"],"prefix":"10.1007","author":[{"given":"Martin","family":"Grimmer","sequence":"first","affiliation":[]},{"given":"Tim","family":"Kaelble","sequence":"additional","affiliation":[]},{"given":"Erhard","family":"Rahm","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2022,1,12]]},"reference":[{"key":"10_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"123","DOI":"10.1007\/978-3-319-24858-5_8","volume-title":"Security and Trust Management","author":"AS Abed","year":"2015","unstructured":"Abed, A.S., Clancy, C., Levy, D.S.: Intrusion detection system for applications using Linux containers. In: Foresti, S. (ed.) STM 2015. LNCS, vol. 9331, pp. 123\u2013135. Springer, Cham (2015). https:\/\/doi.org\/10.1007\/978-3-319-24858-5_8"},{"key":"10_CR2","unstructured":"Accenture: Securing the digital economy (2019). https:\/\/www.accenture.com\/gb-en\/insights\/cybersecurity\/_acnmedia\/Thought-Leadership-Assets\/PDF\/Accenture-Securing-the-Digital-Economy-Reinventing-the-Internet-for-Trust.pdf"},{"key":"10_CR3","unstructured":"Australian Center for Cyber Security (ACCS): The ADFA intrusion detection datasets (2013). https:\/\/www.unsw.adfa.edu.au\/australian-centre-for-cyber-security\/cybersecurity\/ADFA-IDS-Datasets\/"},{"key":"10_CR4","unstructured":"Computer Science Department Farris Engineering Center; University of New Mexico: Computer immune systems - data sets and software (1999). https:\/\/www.cs.unm.edu\/~immsec\/systemcalls.htm"},{"key":"10_CR5","doi-asserted-by":"crossref","unstructured":"Creech, G., Hu, J.: Generation of a new ids test dataset: time to retire the KDD collection. In: 2013 IEEE Wireless Communications and Networking Conference (WCNC), pp. 4487\u20134492. IEEE (2013)","DOI":"10.1109\/WCNC.2013.6555301"},{"issue":"8","key":"10_CR6","doi-asserted-by":"publisher","first-page":"805","DOI":"10.1016\/S1389-1286(98)00017-6","volume":"31","author":"H Debar","year":"1999","unstructured":"Debar, H., Dacier, M., Wespi, A.: Towards a taxonomy of intrusion-detection systems. Comput. Netw. 31(8), 805\u2013822 (1999)","journal-title":"Comput. Netw."},{"key":"10_CR7","doi-asserted-by":"crossref","unstructured":"Eskin, E., Lee, W., Stolfo, S.J.: Modeling system calls for intrusion detection with dynamic window sizes. In: Proceedings DARPA Information Survivability Conference and Exposition II, DISCEX 2001, vol. 1, pp. 165\u2013175. IEEE (2001)","DOI":"10.1109\/DISCEX.2001.932213"},{"key":"10_CR8","unstructured":"European Union: Regulation (eu) 2016\/679 of the european parliament and of the council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing directive 95\/46\/ec (general data protection regulation) (2016). https:\/\/eur-lex.europa.eu\/legal-content\/EN\/TXT\/?uri=CELEX:02016R0679-20160504"},{"key":"10_CR9","unstructured":"Forrest, S., Hofmeyr, S.A., Somayaji, A., Longstaff, T.A.: A sense of self for unix processes. In: Proceedings 1996 IEEE Symposium on Security and Privacy, pp. 120\u2013128. IEEE (1996)"},{"key":"10_CR10","unstructured":"Grimmer, M., R\u00f6hling, M.M., Kreusel, D., Ganz, S.: A modern and sophisticated host based intrusion detection data set. IT-Sicherheit als Voraussetzung f\u00fcr eine erfolgreiche Digitalisierung, pp. 135\u2013145 (2019)"},{"key":"10_CR11","doi-asserted-by":"crossref","unstructured":"Grimmer, M., R\u00f6hling, M.M., Kricke, M., Franczyk, B., Rahm, E.: Intrusion detection on system call graphs. Sicherheit in vernetzten Systemen, pp. G1\u2013G18 (2018)","DOI":"10.15439\/2019F212"},{"key":"10_CR12","doi-asserted-by":"publisher","first-page":"185","DOI":"10.1016\/j.jnca.2017.03.018","volume":"87","author":"W Haider","year":"2017","unstructured":"Haider, W., Hu, J., Slay, J., Turnbull, B.P., Xie, Y.: Generating realistic intrusion detection system dataset based on fuzzy qualitative modeling. J. Netw. Comput. Appl. 87, 185\u2013192 (2017)","journal-title":"J. Netw. Comput. Appl."},{"issue":"3","key":"10_CR13","doi-asserted-by":"publisher","first-page":"151","DOI":"10.3233\/JCS-980109","volume":"6","author":"SA Hofmeyr","year":"1998","unstructured":"Hofmeyr, S.A., Forrest, S., Somayaji, A.: Intrusion detection using sequences of system calls. J. Comput. Secur. 6(3), 151\u2013180 (1998)","journal-title":"J. Comput. Secur."},{"key":"10_CR14","unstructured":"International Data Group: CSO: 2018 u.s. state of cybercrime (2018). https:\/\/www.idg.com\/tools-for-marketers\/2018-u-s-state-of-cybercrime\/"},{"key":"10_CR15","unstructured":"Jewell, B., Beaver, J.: Host-based data exfiltration detection via system call sequences. In: ICIW2011-Proceedings of the 6th International Conference on Information Warfare and Secuirty: ICIW, p. 134. Academic Conferences Limited (2011)"},{"key":"10_CR16","unstructured":"Kang, D.K., Fuller, D., Honavar, V.: Learning classifiers for misuse and anomaly detection using a bag of system calls representation. In: Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop, pp. 118\u2013125. IEEE (2005)"},{"key":"10_CR17","doi-asserted-by":"crossref","unstructured":"Kim, Y.: Convolutional neural networks for sentence classification. arXiv preprint arXiv:1408.5882 (2014)","DOI":"10.3115\/v1\/D14-1181"},{"issue":"2","key":"10_CR18","doi-asserted-by":"publisher","first-page":"233","DOI":"10.1002\/aic.690370209","volume":"37","author":"MA Kramer","year":"1991","unstructured":"Kramer, M.A.: Nonlinear principal component analysis using autoassociative neural networks. AIChE J. 37(2), 233\u2013243 (1991)","journal-title":"AIChE J."},{"key":"10_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"326","DOI":"10.1007\/978-3-540-39650-5_19","volume-title":"Computer Security \u2013 ESORICS 2003","author":"C Kruegel","year":"2003","unstructured":"Kruegel, C., Mutz, D., Valeur, F., Vigna, G.: On the detection of anomalous system call arguments. In: Snekkenes, E., Gollmann, D. (eds.) ESORICS 2003. LNCS, vol. 2808, pp. 326\u2013343. Springer, Heidelberg (2003). https:\/\/doi.org\/10.1007\/978-3-540-39650-5_19"},{"key":"10_CR20","unstructured":"Lincoln Laboratory MIT: Darpa intrusion detection evaluation data set (1998\u20132000). https:\/\/www.ll.mit.edu\/r-d\/datasets"},{"issue":"4","key":"10_CR21","doi-asserted-by":"publisher","first-page":"381","DOI":"10.1109\/TDSC.2008.69","volume":"7","author":"F Maggi","year":"2008","unstructured":"Maggi, F., Matteucci, M., Zanero, S.: Detecting intrusions through system call sequence and argument analysis. IEEE Trans. Dependable Secur. Comput. 7(4), 381\u2013395 (2008)","journal-title":"IEEE Trans. Dependable Secur. Comput."},{"key":"10_CR22","doi-asserted-by":"crossref","unstructured":"Marceau, C.: Characterizing the behavior of a program using multiple-length n-grams. In: Proceedings of the 2000 Workshop on New Security Paradigms, pp. 101\u2013110 (2001)","DOI":"10.1145\/366173.366197"},{"key":"10_CR23","unstructured":"Mikolov, T., Chen, K., Corrado, G., Dean, J.: Word2vec - tools for computing distributed representation of words, https:\/\/github.com\/tmikolov\/word2vec"},{"key":"10_CR24","unstructured":"Mikolov, T., Chen, K., Corrado, G., Dean, J.: Efficient estimation of word representations in vector space. arXiv preprint arXiv:1301.3781 (2013)"},{"issue":"1","key":"10_CR25","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/2808691","volume":"48","author":"A Milenkoski","year":"2015","unstructured":"Milenkoski, A., Vieira, M., Kounev, S., Avritzer, A., Payne, B.: Evaluating computer intrusion detection systems: a survey of common practices. ACM Comput. Surv. 48(1), 1\u201349 (2015). https:\/\/doi.org\/10.1145\/2808691","journal-title":"ACM Comput. Surv."},{"key":"10_CR26","unstructured":"MITRE: Common weakness enumeration - a community-developed list of software and hardware weakness types. https:\/\/cwe.mitre.org\/"},{"key":"10_CR27","unstructured":"MITRE: Cve - common vulnerabilities and exposures. https:\/\/cve.mitre.org\/"},{"issue":"1","key":"10_CR28","doi-asserted-by":"publisher","first-page":"61","DOI":"10.1145\/1127345.1127348","volume":"9","author":"D Mutz","year":"2006","unstructured":"Mutz, D., Valeur, F., Vigna, G., Kruegel, C.: Anomalous system call detection. ACM Trans. Inf. Syst. Secur. (TISSEC) 9(1), 61\u201393 (2006)","journal-title":"ACM Trans. Inf. Syst. Secur. (TISSEC)"},{"key":"10_CR29","doi-asserted-by":"crossref","unstructured":"Pendleton, M., Xu, S.: A dataset generator for next generation system call host intrusion detection systems. In: MILCOM 2017\u20132017 IEEE Military Communications Conference (MILCOM), pp. 231\u2013236. IEEE (2017)","DOI":"10.1109\/MILCOM.2017.8170835"},{"key":"10_CR30","doi-asserted-by":"crossref","unstructured":"R\u00f6hling, M.M., Grimmer, M., Kreubel, D., Hoffmann, J., Franczyk, B.: Standardized container virtualization approach for collecting host intrusion detection data. In: 2019 Federated Conference on Computer Science and Information Systems (FedCSIS). pp. 459\u2013463. IEEE (2019)","DOI":"10.15439\/2019F212"},{"key":"10_CR31","first-page":"582","volume":"12","author":"B Sch\u00f6lkopf","year":"1999","unstructured":"Sch\u00f6lkopf, B., Williamson, R.C., Smola, A., Shawe-Taylor, J., Platt, J.: Support vector method for novelty detection. Adv. Neural Inf. Process. Syst. 12, 582\u2013588 (1999)","journal-title":"Adv. Neural Inf. Process. Syst."},{"key":"10_CR32","unstructured":"Vaswani, A., et al.: Attention is all you need. In: Advances in Neural Information Processing Systems, pp. 5998\u20136008 (2017)"},{"key":"10_CR33","unstructured":"Warrender, C., Forrest, S., Pearlmutter, B.: Detecting intrusions using system calls: Alternative data models. In: Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No. 99CB36344), pp. 133\u2013145. IEEE (1999)"},{"key":"10_CR34","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"542","DOI":"10.1007\/978-3-319-11698-3_44","volume-title":"Network and System Security","author":"M Xie","year":"2014","unstructured":"Xie, M., Hu, J., Yu, X., Chang, E.: Evaluating host-based anomaly detection systems: application of the frequency-based algorithms to ADFA-LD. In: Au, M.H., Carminati, B., Kuo, C.-C.J. (eds.) NSS 2014. LNCS, vol. 8792, pp. 542\u2013549. Springer, Cham (2014). https:\/\/doi.org\/10.1007\/978-3-319-11698-3_44"},{"key":"10_CR35","unstructured":"Zhao, Y., Chu, S., Zhou, Y., Tu, K.: Sequence prediction using neural network classiers. In: International Conference on Grammatical Inference, pp. 164\u2013169 (2017)"}],"container-title":["Communications in Computer and Information Science","Emerging Information Security and Applications"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-93956-4_10","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,9,16]],"date-time":"2024-09-16T03:46:29Z","timestamp":1726458389000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-93956-4_10"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022]]},"ISBN":["9783030939557","9783030939564"],"references-count":35,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-93956-4_10","relation":{},"ISSN":["1865-0929","1865-0937"],"issn-type":[{"type":"print","value":"1865-0929"},{"type":"electronic","value":"1865-0937"}],"subject":[],"published":{"date-parts":[[2022]]},"assertion":[{"value":"12 January 2022","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"EISA","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Symposium on Emerging Information Security and Applications","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Copenhagen","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Denmark","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2021","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"12 November 2021","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"13 November 2021","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"eisa2021","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/eisa.compute.dtu.dk\/2021\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"36","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"10","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"1","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"28% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"4","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Due to the COVID-19 pandemic the conference was held online.","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}