{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,5]],"date-time":"2026-04-05T23:11:23Z","timestamp":1775430683989,"version":"3.50.1"},"publisher-location":"Cham","reference-count":33,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783032147813","type":"print"},{"value":"9783032147820","type":"electronic"}],"license":[{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2026]]},"DOI":"10.1007\/978-3-032-14782-0_19","type":"book-chapter","created":{"date-parts":[[2026,4,5]],"date-time":"2026-04-05T22:43:12Z","timestamp":1775428992000},"page":"347-365","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["An Empirical Evaluation of\u00a0Intrusion Detection Systems Based on\u00a0System Calls"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0009-0003-3717-5250","authenticated-orcid":false,"given":"Lalie","family":"Arnoud","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9338-0185","authenticated-orcid":false,"given":"Victor","family":"Breux","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4390-5622","authenticated-orcid":false,"given":"Pierre-Henri","family":"Thevenon","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8858-3233","authenticated-orcid":false,"given":"Eric","family":"Gaussier","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2026,4,1]]},"reference":[{"key":"19_CR1","unstructured":"CVE-2012-0911. Available from MITRE, CVE-ID CVE,pp. 2012-0911. (2012). https:\/\/www.cve.org\/CVERecord?id=CVE-2012-0911, Accessed 02 Nov 2025"},{"key":"19_CR2","doi-asserted-by":"publisher","unstructured":"Axelsson, S.: The base-rate fallacy and the difficulty of intrusion detection. ACM Trans. Inf. Syst. Secur. 3(3), 186\u2013205 (2000). https:\/\/doi.org\/10.1145\/357830.357849","DOI":"10.1145\/357830.357849"},{"key":"19_CR3","doi-asserted-by":"publisher","unstructured":"Bouzar-Benlabiod, L., Rubin, S.H., Belaidi, K., Haddar, N.E.: Rnn-ved for reducing false positive alerts in host-based anomaly detection systems. In: 2020 IEEE 21st International Conference on Information Reuse and Integration for Data Science (IRI), pp. 17\u201324 (2020). https:\/\/doi.org\/10.1109\/IRI49571.2020.00011","DOI":"10.1109\/IRI49571.2020.00011"},{"key":"19_CR4","doi-asserted-by":"publisher","unstructured":"Creech, G.: Developing a high-accuracy cross platform host-based intrusion detection system capable of reliably detecting zero-day attacks. Ph.D. thesis, UNSW Sydney (2014). https:\/\/doi.org\/10.26190\/UNSWORKS\/16615","DOI":"10.26190\/UNSWORKS\/16615"},{"key":"19_CR5","doi-asserted-by":"publisher","unstructured":"Creech, G., Hu, J.: Generation of a new IDS test dataset: time to retire the KDD collection. In: 2013 IEEE Wireless Communications and Networking Conference (WCNC), pp. 4487\u20134492. IEEE, Shanghai, Shanghai, China (2013). https:\/\/doi.org\/10.1109\/WCNC.2013.6555301","DOI":"10.1109\/WCNC.2013.6555301"},{"issue":"4","key":"19_CR6","doi-asserted-by":"publisher","first-page":"807","DOI":"10.1109\/TC.2013.13","volume":"63","author":"G Creech","year":"2014","unstructured":"Creech, G., Hu, J.: A semantic approach to host-based intrusion detection systems using contiguousand discontiguous system call patterns. IEEE Trans. Comput. 63(4), 807\u2013819 (2014). https:\/\/doi.org\/10.1109\/TC.2013.13","journal-title":"IEEE Trans. Comput."},{"key":"19_CR7","doi-asserted-by":"publisher","unstructured":"Forrest, S., Hofmeyr, S., Somayaji, A., Longstaff, T.: A sense of self for Unix processes. In: Proceedings 1996 IEEE Symposium on Security and Privacy, pp. 120\u2013128 (1996). https:\/\/doi.org\/10.1109\/SECPRI.1996.502675","DOI":"10.1109\/SECPRI.1996.502675"},{"key":"19_CR8","first-page":"135","volume":"11","author":"M Grimmer","year":"2019","unstructured":"Grimmer, M., R\u00f6hling, M.M., Kreusel, D., Ganz, S.: A modern and sophisticated host based intrusion detection data set. IT-Sicherheit als Voraussetzung f\u00fcr eine erfolgreiche Digitalisierung 11, 135\u2013145 (2019)","journal-title":"IT-Sicherheit als Voraussetzung f\u00fcr eine erfolgreiche Digitalisierung"},{"key":"19_CR9","doi-asserted-by":"publisher","unstructured":"Haider, W., Hu, J., Slay, J., Turnbull, B., Xie, Y.: Generating realistic intrusion detection system dataset based on fuzzy qualitative modeling. J. Netw. Comput. Appl. 87, 185\u2013192 (2017). https:\/\/doi.org\/10.1016\/j.jnca.2017.03.018","DOI":"10.1016\/j.jnca.2017.03.018"},{"key":"19_CR10","doi-asserted-by":"publisher","unstructured":"Haider, W., Hu, J., Xie, M.: Towards reliable data feature retrieval and decision engine in host-based anomaly detection systems. In: 2015 IEEE 10th Conference on Industrial Electronics and Applications (ICIEA), pp. 513\u2013517 (2015). https:\/\/doi.org\/10.1109\/ICIEA.2015.7334166","DOI":"10.1109\/ICIEA.2015.7334166"},{"issue":"3","key":"19_CR11","doi-asserted-by":"publisher","first-page":"151","DOI":"10.3233\/JCS-980109","volume":"6","author":"SA Hofmeyr","year":"1998","unstructured":"Hofmeyr, S.A., Forrest, S., Somayaji, A.: Intrusion detection using sequences of system calls. J. Comput. Secur. 6(3), 151\u2013180 (1998). https:\/\/doi.org\/10.3233\/JCS-980109","journal-title":"J. Comput. Secur."},{"key":"19_CR12","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2020.102022","volume":"99","author":"A Kenyon","year":"2020","unstructured":"Kenyon, A., Deka, L., Elizondo, D.: Are public intrusion datasets fit for purpose characterising the state of the art in intrusion event datasets. Comput. Secur. 99, 102022 (2020). https:\/\/doi.org\/10.1016\/j.cose.2020.102022","journal-title":"Comput. Secur."},{"key":"19_CR13","doi-asserted-by":"publisher","unstructured":"Khandelwal, P., Likhar, P., Yadav, R.S.: Machine learning methods leveraging ADFA-LD dataset for anomaly detection in linux host systems. In: 2022 2nd International Conference on Intelligent Technologies (CONIT), pp.\u00a01\u20138 (2022). https:\/\/doi.org\/10.1109\/CONIT55038.2022.9848305","DOI":"10.1109\/CONIT55038.2022.9848305"},{"issue":"1","key":"19_CR14","doi-asserted-by":"publisher","first-page":"20","DOI":"10.1186\/s42400-019-0038-7","volume":"2","author":"A Khraisat","year":"2019","unstructured":"Khraisat, A., Gondal, I., Vamplew, P., Kamruzzaman, J.: Survey of intrusion detection systems: techniques, datasets and challenges. Cybersecurity 2(1), 20 (2019). https:\/\/doi.org\/10.1186\/s42400-019-0038-7","journal-title":"Cybersecurity"},{"key":"19_CR15","unstructured":"Kitchenham, B., et\u00a0al.: Guidelines for performing systematic literature reviews in software engineering (2007)"},{"key":"19_CR16","unstructured":"Laboratory, M.L.: 1998 darpa intrusion detection evaluation dataset. https:\/\/www.ll.mit.edu\/r-d\/datasets\/1998-darpa-intrusion-detection-evaluation-dataset, Accessed 21 Jan 2025"},{"key":"19_CR17","unstructured":"(via\u00a0the Linux Kernel Mailing List\u00a0Archive), G.K.: Linux 2.6.38.8. https:\/\/lkml.iu.edu\/hypermail\/linux\/kernel\/1106.0\/01226.html, Accessed 21 Jan 2025"},{"key":"19_CR18","doi-asserted-by":"publisher","unstructured":"Liu, M., Xue, Z., Xu, X., Zhong, C., Chen, J.: Host-based intrusion detection system with system calls: review and future trends. Acm Comput. Surv. 51(5) (2018). https:\/\/doi.org\/10.1145\/3214304","DOI":"10.1145\/3214304"},{"key":"19_CR19","doi-asserted-by":"publisher","unstructured":"Liu, Z., et al.: A statistical pattern based feature extraction method on system call traces for anomaly detection. Inf. Softw. Technol. 126, 106348 (2020). https:\/\/doi.org\/10.1016\/j.infsof.2020.106348","DOI":"10.1016\/j.infsof.2020.106348"},{"issue":"4","key":"19_CR20","doi-asserted-by":"publisher","first-page":"994","DOI":"10.1109\/TIFS.2018.2868614","volume":"14","author":"PF Marteau","year":"2019","unstructured":"Marteau, P.F.: Sequence covering for efficient host-based intrusion detection. IEEE Trans. Inf. Forensics Secur. 14(4), 994\u20131006 (2019). https:\/\/doi.org\/10.1109\/TIFS.2018.2868614","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"19_CR21","doi-asserted-by":"publisher","unstructured":"Murtaza, S.S., Khreich, W., Hamou-Lhadj, A., Couture, M.: A host-based anomaly detection approach by representing system calls as states of kernel modules. In: 2013 IEEE 24th International Symposium on Software Reliability Engineering (ISSRE), pp. 431\u2013440. IEEE, Pasadena, CA, USA (2013). https:\/\/doi.org\/10.1109\/ISSRE.2013.6698896","DOI":"10.1109\/ISSRE.2013.6698896"},{"key":"19_CR22","doi-asserted-by":"publisher","unstructured":"Nauman, M., Azam, N., Yao, J.: A three-way decision making approach to malware analysis using probabilistic rough sets. Inf. Sci. 374, 193\u2013209 (2016). https:\/\/doi.org\/10.1016\/j.ins.2016.09.037","DOI":"10.1016\/j.ins.2016.09.037"},{"key":"19_CR23","unstructured":"Oord, A.v.d., et al.: Wavenet: a generative model for raw audio. arXiv preprint arXiv:1609.03499 (2016)"},{"issue":"1","key":"19_CR24","doi-asserted-by":"publisher","first-page":"6086","DOI":"10.1038\/s41598-024-56706-x","volume":"14","author":"O Rainio","year":"2024","unstructured":"Rainio, O., Teuho, J., Kl\u00e9n, R.: Evaluation metrics and statistical tests for machine learning. Sci. Rep. 14(1), 6086 (2024). https:\/\/doi.org\/10.1038\/s41598-024-56706-x","journal-title":"Sci. Rep."},{"issue":"1","key":"19_CR25","first-page":"43","volume":"1","author":"S Rawat","year":"2006","unstructured":"Rawat, S., Gulati, V.P., Pujari, A.K., Vemuri, V.R.: Intrusion detection using text processing techniques with a binary-weighted cosine metric. J. Inf. Assurance Secur. 1(1), 43\u201350 (2006)","journal-title":"J. Inf. Assurance Secur."},{"issue":"4","key":"19_CR26","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3461462","volume":"2","author":"JH Ring","year":"2021","unstructured":"Ring, J.H., et al.: Methods for host-based intrusion detection with deep learning. Digital Threats: Res. Pract. 2(4), 1\u201329 (2021). https:\/\/doi.org\/10.1145\/3461462","journal-title":"Digital Threats: Res. Pract."},{"key":"19_CR27","doi-asserted-by":"publisher","first-page":"27237","DOI":"10.1109\/ACCESS.2024.3367004","volume":"12","author":"H Satilmi\u015f","year":"2024","unstructured":"Satilmi\u015f, H., Akleylek, S., Tok, Z.Y.: A systematic literature review on host-based intrusion detection systems. IEEE access\u202f: practical innovations, open solutions 12, 27237\u201327266 (2024). https:\/\/doi.org\/10.1109\/ACCESS.2024.3367004","journal-title":"IEEE access : practical innovations, open solutions"},{"issue":"7\u20138","key":"19_CR28","doi-asserted-by":"publisher","first-page":"488","DOI":"10.1016\/j.cose.2007.10.003","volume":"26","author":"A Sharma","year":"2007","unstructured":"Sharma, A., Pujari, A.K., Paliwal, K.K.: Intrusion detection using text processing techniques with a kernel based similarity measure. Comput. Secur. 26(7\u20138), 488\u2013495 (2007). https:\/\/doi.org\/10.1016\/j.cose.2007.10.003","journal-title":"Comput. Secur."},{"key":"19_CR29","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2020.102084","volume":"100","author":"B Subba","year":"2021","unstructured":"Subba, B., Gupta, P.: A tfidfvectorizer and singular value decomposition based host intrusion detection system framework for detecting anomalous system processes. Comput. Secur. 100, 102084 (2021). https:\/\/doi.org\/10.1016\/j.cose.2020.102084","journal-title":"Comput. Secur."},{"key":"19_CR30","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2023.103761","volume":"220","author":"ZT Sworna","year":"2023","unstructured":"Sworna, Z.T., Mousavi, Z., Babar, M.A.: NLP methods in host-based intrusion detection systems: A systematic review and future directions. J. Netw. Comput. Appl. 220, 103761 (2023). https:\/\/doi.org\/10.1016\/j.jnca.2023.103761","journal-title":"J. Netw. Comput. Appl."},{"key":"19_CR31","doi-asserted-by":"publisher","unstructured":"Wagner, D., Soto, P.: Mimicry attacks on host-based intrusion detection systems. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, pp. 255\u2013264. ACM, Washington, DC USA (2002). https:\/\/doi.org\/10.1145\/586110.586145","DOI":"10.1145\/586110.586145"},{"key":"19_CR32","doi-asserted-by":"publisher","unstructured":"Wunderlich, S., Ring, M., Landes, D., Hotho, A.: Comparison of System Call Representations for Intrusion Detection. In: Mart\u00ednez \u00c1lvarez, F., Troncoso Lora, A., S\u00e1ez Mu\u00f1oz, J.A., Quinti\u00e1n, H., Corchado, E. (eds.) CISIS\/ICEUTE -2019. AISC, vol. 951, pp. 14\u201324. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-20005-3_2","DOI":"10.1007\/978-3-030-20005-3_2"},{"issue":"1","key":"19_CR33","doi-asserted-by":"publisher","first-page":"229","DOI":"10.1016\/S0031-3203(02)00026-2","volume":"36","author":"DY Yeung","year":"2003","unstructured":"Yeung, D.Y., Ding, Y.: Host-based intrusion detection using dynamic and static behavioral models. Pattern Recogn. 36(1), 229\u2013243 (2003). https:\/\/doi.org\/10.1016\/S0031-3203(02)00026-2","journal-title":"Pattern Recogn."}],"container-title":["Lecture Notes in Computer Science","Secure IT Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-032-14782-0_19","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,4,5]],"date-time":"2026-04-05T22:43:14Z","timestamp":1775428994000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-032-14782-0_19"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026]]},"ISBN":["9783032147813","9783032147820"],"references-count":33,"URL":"https:\/\/doi.org\/10.1007\/978-3-032-14782-0_19","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026]]},"assertion":[{"value":"1 April 2026","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"NordSec","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Nordic Conference on Secure IT Systems","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Tartu","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Estonia","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"12 November 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"13 November 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"30","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"nordsec2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/nordsec2025.cs.ut.ee\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}