{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,11]],"date-time":"2026-03-11T13:46:10Z","timestamp":1773236770500,"version":"3.50.1"},"publisher-location":"Berlin, Heidelberg","reference-count":31,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783642029172","type":"print"},{"value":"9783642029189","type":"electronic"}],"license":[{"start":{"date-parts":[[2009,1,1]],"date-time":"2009-01-01T00:00:00Z","timestamp":1230768000000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2009]]},"DOI":"10.1007\/978-3-642-02918-9_13","type":"book-chapter","created":{"date-parts":[[2009,6,26]],"date-time":"2009-06-26T14:15:11Z","timestamp":1246025711000},"page":"206-223","source":"Crossref","is-referenced-by-count":23,"title":["Selecting and Improving System Call Models for Anomaly Detection"],"prefix":"10.1007","author":[{"given":"Alessandro","family":"Frossi","sequence":"first","affiliation":[]},{"given":"Federico","family":"Maggi","sequence":"additional","affiliation":[]},{"given":"Gian Luigi","family":"Rizzo","sequence":"additional","affiliation":[]},{"given":"Stefano","family":"Zanero","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"issue":"3","key":"13_CR1","doi-asserted-by":"publisher","first-page":"151","DOI":"10.3233\/JCS-980109","volume":"6","author":"S.A. Hofmeyr","year":"1998","unstructured":"Hofmeyr, S.A., Forrest, S., Somayaji, A.: Intrusion detection using sequences of system calls. Journal of Computer Security\u00a06(3), 151\u2013180 (1998)","journal-title":"Journal of Computer Security"},{"key":"13_CR2","doi-asserted-by":"crossref","unstructured":"Bhatkar, S., Chaturvedi, A., Sekar, R.: Dataflow anomaly detection. In: IEEE Symposium on Security and Privacy, May 2006, pp. 15\u201362 (May 2006)","DOI":"10.1109\/SP.2006.12"},{"key":"13_CR3","doi-asserted-by":"crossref","unstructured":"Maggi, F., Matteucci, M., Zanero, S.: Detecting intrusions through system call sequence and argument analysis. IEEE Transactions on Dependable and Secure Computing (accepted for publication)","DOI":"10.1109\/TDSC.2008.69"},{"key":"13_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"21","DOI":"10.1007\/978-3-540-74320-0_2","volume-title":"Recent Advances in Intrusion Detection","author":"M.I. Sharif","year":"2007","unstructured":"Sharif, M.I., Singh, K., Giffin, J.T., Lee, W.: Understanding precision in host based intrusion detection. In: Kruegel, C., Lippmann, R., Clark, A. (eds.) RAID 2007. LNCS, vol.\u00a04637, pp. 21\u201341. Springer, Heidelberg (2007)"},{"key":"13_CR5","unstructured":"Zanero, S.: Unsupervised Learning Algorithms for Intrusion Detection. PhD thesis, Politecnico di Milano T.U., Milano, Italy (May 2006)"},{"key":"13_CR6","volume-title":"Data Mining: concepts and techniques","author":"J. Han","year":"2000","unstructured":"Han, J., Kamber, M.: Data Mining: concepts and techniques. Morgan-Kauffman, San Francisco (2000)"},{"key":"13_CR7","doi-asserted-by":"crossref","unstructured":"Cabrera, J.B.D., Lewis, L., Mehara, R.: Detection and classification of intrusion and faults using sequences of system calls. ACM SIGMOD Record\u00a030(4) (2001)","DOI":"10.1145\/604264.604269"},{"key":"13_CR8","unstructured":"Casas-Garriga, G., D\u00edaz, P., Balc\u00e1zar, J.: ISSA: An integrated system for sequence analysis. Technical Report DELIS-TR-0103, Universitat Paderborn (2005)"},{"key":"13_CR9","doi-asserted-by":"crossref","unstructured":"Ourston, D., Matzner, S., Stump, W., Hopkins, B.: Applications of hidden markov models to detecting multi-stage network attacks. In: HICSS, p. 334 (2003)","DOI":"10.1109\/HICSS.2003.1174909"},{"key":"13_CR10","doi-asserted-by":"publisher","first-page":"206","DOI":"10.1109\/CSFW.2001.930147","volume-title":"Proceedings of the 14th IEEE Workshop on Computer Security Foundations (CSFW 2001)","author":"S. Jha","year":"2001","unstructured":"Jha, S., Tan, K., Maxion, R.A.: Markov chains, classifiers, and intrusion detection. In: Proceedings of the 14th IEEE Workshop on Computer Security Foundations (CSFW 2001), Washington, DC, USA, June 2001, pp. 206\u2013219. IEEE Computer Society Press, Los Alamitos (2001)"},{"issue":"1","key":"13_CR11","doi-asserted-by":"crossref","first-page":"183","DOI":"10.1111\/1467-9884.00122","volume":"47","author":"D. Joanes","year":"1998","unstructured":"Joanes, D., Gill, C.: Comparing Measures of Sample Skewness and Kurtosis. The Statistician\u00a047(1), 183\u2013189 (1998)","journal-title":"The Statistician"},{"issue":"1","key":"13_CR12","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1109\/TKDE.2007.250581","volume":"19","author":"A. Elmagarmid","year":"2007","unstructured":"Elmagarmid, A., Ipeirotis, P., Verykios, V.: Duplicate Record Detection: A Survey. IEEE Transactions on Knowledge and Data Engineering\u00a019(1), 1\u201316 (2007)","journal-title":"IEEE Transactions on Knowledge and Data Engineering"},{"issue":"8-9","key":"13_CR13","doi-asserted-by":"publisher","first-page":"1231","DOI":"10.1016\/j.neunet.2004.08.004","volume":"17","author":"P.J. Somervuo","year":"2004","unstructured":"Somervuo, P.J.: Online algorithm for the self-organizing map of symbol strings. Neural Netw.\u00a017(8-9), 1231\u20131239 (2004)","journal-title":"Neural Netw."},{"issue":"1-3","key":"13_CR14","doi-asserted-by":"publisher","first-page":"19","DOI":"10.1016\/S0925-2312(98)00031-9","volume":"21","author":"T. Kohonen","year":"1998","unstructured":"Kohonen, T., Somervuo, P.: Self-organizing maps of symbol strings. Neurocomputing\u00a021(1-3), 19\u201330 (1998)","journal-title":"Neurocomputing"},{"key":"13_CR15","unstructured":"Zanero, S.: Flaws and frauds in the evaluation of IDS\/IPS technologies. In: Proc. of FIRST 2007 - Forum of Incident Response and Security Teams, Sevilla, Spain (June 2007)"},{"key":"13_CR16","doi-asserted-by":"crossref","unstructured":"Maggi, F., Zanero, S., Iozzo, V.: Seeing the invisible - forensic uses of anomaly detection and machine learning. ACM Operating Systems Review (April 2008)","DOI":"10.1145\/1368506.1368514"},{"key":"13_CR17","volume-title":"Intrusion detection","author":"R.G. Bace","year":"2000","unstructured":"Bace, R.G.: Intrusion detection. Macmillan Publishing Co., Inc., Indianapolis (2000)"},{"key":"13_CR18","volume-title":"Proceedings of the 1996 IEEE Symposium on Security and Privacy","author":"S. Forrest","year":"1996","unstructured":"Forrest, S., Hofmeyr, S.A., Somayaji, A., Longstaff, T.A.: A sense of self for Unix processes. In: Proceedings of the 1996 IEEE Symposium on Security and Privacy, Washington, DC, USA. IEEE Computer Society, Los Alamitos (1996)"},{"key":"13_CR19","doi-asserted-by":"publisher","first-page":"202","DOI":"10.1109\/RISP.1994.296580","volume-title":"SP 1994: Proceedings of the 1994 IEEE Symposium on Security and Privacy","author":"S. Forrest","year":"1994","unstructured":"Forrest, S., Perelson, A.S., Allen, L., Cherukuri, R.: Self-nonself discrimination in a computer. In: SP 1994: Proceedings of the 1994 IEEE Symposium on Security and Privacy, Washington, DC, USA, p. 202. IEEE Computer Society, Los Alamitos (1994)"},{"key":"13_CR20","unstructured":"Somayaji, A., Forrest, S.: Automated response using system\u2013call delays. In: Proceedings of the 9th USENIX Security Symposium, Denver, CO (August 2000)"},{"issue":"3","key":"13_CR21","doi-asserted-by":"publisher","first-page":"203","DOI":"10.1145\/545186.545187","volume":"5","author":"C.C. Michael","year":"2002","unstructured":"Michael, C.C., Ghosh, A.: Simple, state-based approaches to program-based anomaly detection. ACM Trans. Inf. Syst. Secur.\u00a05(3), 203\u2013237 (2002)","journal-title":"ACM Trans. Inf. Syst. Secur."},{"key":"13_CR22","volume-title":"Proceedings of the 2001 IEEE Symposium on Security and Privacy","author":"R. Sekar","year":"2001","unstructured":"Sekar, R., Bendre, M., Dhurjati, D., Bollineni, P.: A fast automaton-based method for detecting anomalous program behaviors. In: Proceedings of the 2001 IEEE Symposium on Security and Privacy, Washington, DC, USA. IEEE Computer Society Press, Los Alamitos (2001)"},{"key":"13_CR23","doi-asserted-by":"publisher","first-page":"156","DOI":"10.1109\/SECPRI.2001.924296","volume-title":"SP 2001: Proceedings of the 2001 IEEE Symposium on Security and Privacy","author":"D. Wagner","year":"2001","unstructured":"Wagner, D., Dean, D.: Intrusion detection via static analysis. In: SP 2001: Proceedings of the 2001 IEEE Symposium on Security and Privacy, Washington, DC, USA, pp. 156\u2013168. IEEE Computer Society Press, Los Alamitos (2001)"},{"key":"13_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"185","DOI":"10.1007\/11663812_10","volume-title":"Recent Advances in Intrusion Detection","author":"J.T. Giffin","year":"2006","unstructured":"Giffin, J.T., Dagon, D., Jha, S., Lee, W., Miller, B.P.: Environment-sensitive intrusion detection. In: Valdes, A., Zamboni, D. (eds.) RAID 2005. LNCS, vol.\u00a03858, pp. 185\u2013206. Springer, Heidelberg (2006)"},{"key":"13_CR25","doi-asserted-by":"crossref","unstructured":"Feng, H., Kolesnikov, O., Fogla, P., Lee, W., Gong, W.: Anomaly detection using call stack information. In: Proceedings. 2003 Symposium on Security and Privacy, 2003, May 11-14, pp. 62\u201375 (2003)","DOI":"10.1109\/SECPRI.2003.1199328"},{"key":"13_CR26","doi-asserted-by":"crossref","unstructured":"Warrender, C., Forrest, S., Pearlmutter, B.A.: Detecting intrusions using system calls: Alternative data models. In: IEEE Symposium on Security and Privacy, pp. 133\u2013145 (1999)","DOI":"10.1109\/SECPRI.1999.766910"},{"key":"13_CR27","doi-asserted-by":"publisher","first-page":"206","DOI":"10.1109\/CSFW.2001.930147","volume-title":"CSFW 2001: Proceedings of the 14th IEEE Workshop on Computer Security Foundations","author":"S. Jha","year":"2001","unstructured":"Jha, S., Tan, K., Maxion, R.A.: Markov chains, classifiers, and intrusion detection. In: CSFW 2001: Proceedings of the 14th IEEE Workshop on Computer Security Foundations, pp. 206\u2013219. IEEE Computer Society, Washington (2001)"},{"key":"13_CR28","doi-asserted-by":"publisher","first-page":"229","DOI":"10.1016\/S0031-3203(02)00026-2","volume":"36","author":"D.Y. Yeung","year":"2003","unstructured":"Yeung, D.Y., Ding, Y.: Host-based intrusion detection using dynamic and static behavioral models. Pattern Recognition\u00a036, 229\u2013243 (2003)","journal-title":"Pattern Recognition"},{"key":"13_CR29","first-page":"255","volume-title":"CCS 2002: Proceedings of the 9th ACM conference on Computer and communications security","author":"D. Wagner","year":"2002","unstructured":"Wagner, D., Soto, P.: Mimicry attacks on host-based intrusion detection systems. In: CCS 2002: Proceedings of the 9th ACM conference on Computer and communications security, pp. 255\u2013264. ACM, New York (2002)"},{"key":"13_CR30","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"326","DOI":"10.1007\/978-3-540-39650-5_19","volume-title":"Computer Security \u2013 ESORICS 2003","author":"C. Kr\u00fcgel","year":"2003","unstructured":"Kr\u00fcgel, C., Mutz, D., Valeur, F., Vigna, G.: On the detection of anomalous system call arguments. In: Snekkenes, E., Gollmann, D. (eds.) ESORICS 2003. LNCS, vol.\u00a02808, pp. 326\u2013343. Springer, Heidelberg (2003)"},{"key":"13_CR31","unstructured":"Tandon, G., Chan, P.: Learning rules from system call arguments and sequences for anomaly detection. In: ICDM Workshop on Data Mining for Computer Security (DMSEC), pp. 20\u201329 (2003)"}],"container-title":["Lecture Notes in Computer Science","Detection of Intrusions and Malware, and Vulnerability Assessment"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-02918-9_13","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,5,25]],"date-time":"2023-05-25T20:22:17Z","timestamp":1685046137000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-02918-9_13"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2009]]},"ISBN":["9783642029172","9783642029189"],"references-count":31,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-02918-9_13","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2009]]}}}