{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,19]],"date-time":"2025-09-19T11:01:35Z","timestamp":1758279695499},"publisher-location":"Berlin, Heidelberg","reference-count":36,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642041167"},{"type":"electronic","value":"9783642041174"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2010]]},"DOI":"10.1007\/978-3-642-04117-4_13","type":"book-chapter","created":{"date-parts":[[2010,2,22]],"date-time":"2010-02-22T16:44:00Z","timestamp":1266857040000},"page":"235-255","source":"Crossref","is-referenced-by-count":33,"title":["Host-Based Anomaly Intrusion Detection"],"prefix":"10.1007","author":[{"given":"Jiankun","family":"Hu","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"key":"13_CR1","unstructured":"A.S.\u00a0Tanenbaum, A.S.\u00a0Woodhull: Operating Systems: Design and Implementation, 3rd edn. (Pearson, NJ, USA 2006)"},{"key":"13_CR2","unstructured":"J.M.\u00a0Garrido: Principles of modern operating systems (Jones and Barlett, MA, USA 2008)"},{"key":"13_CR3","unstructured":"A.S.\u00a0Tanenbaum: Computer Networks, 3rd edn. (Prentice-Hall, NJ, USA 1996)"},{"key":"13_CR4","unstructured":"W.R.\u00a0Stevens: TCP\/IP Illustrated: the protocols (Addison Wesley Longman, MA, USA 1994)"},{"key":"13_CR5","volume-title":"Information Assurance: Dependability and Security in Networked Systems","author":"J. Joshi","year":"2008","unstructured":"J.\u00a0Joshi, P.\u00a0Krishnamurthy: Network Security. In: Information Assurance: Dependability and Security in Networked Systems, ed. by Y.\u00a0Qian (Elsevier, Amsterdam, The Netherlands 2008), Chap. 2"},{"key":"13_CR6","unstructured":"B.\u00a0Schneier: Applied Cryptography, Protocols, Algorithms, and Source Code in C (Wiley, NJ, USA 1996)"},{"issue":"4","key":"13_CR7","first-page":"13","volume":"29","author":"Y. Wang","year":"2007","unstructured":"Y.\u00a0Wang, J.\u00a0Hu, D.\u00a0Philips: A fingerprint orientation model based on 2D Fourier expansion (FOMFE) and its application to singular-point detection and fingerprint indexing, IEEE Trans. Pattern Anal. Mach. Intell. 29(4), 13 (2007)","journal-title":"IEEE Trans. Pattern Anal. Mach. Intell."},{"key":"13_CR8","volume-title":"Springer Handbook on Communication and Information Security","author":"K. Xi","year":"2009","unstructured":"K.\u00a0Xi, J.\u00a0Hu: Introduction to bio-cryptography. In: Springer Handbook on Communication and Information Security, ed. by P.\u00a0Stavroulakis (Springer, Berlin, Germany 2009), Chap. 6"},{"key":"13_CR9","volume-title":"Information Assurance: Dependability and Security in Networked Systems","author":"J. Hu","year":"2008","unstructured":"J.\u00a0Hu, P.\u00a0Bertok, Z.\u00a0Tari: Taxonomy and framework for integrating dependability and security. In: Information Assurance: Dependability and Security in Networked Systems, ed. by Y.\u00a0Qian (Elsevier, Berlin, Germany 2008), Chap. 6"},{"key":"13_CR10","unstructured":"P.E.\u00a0Proctor: The Practical Intrusion Detection Handbook (Prentice Hall PTR, NJ, USA 2001)"},{"key":"13_CR11","unstructured":"CNN.com: Worm strikes down Windows 200 systems (2005), available from: http:\/\/www.cnn.com\/2005\/TECH\/internet\/08\/16\/computer:worm\/ (last accessed November 25, 2008)"},{"key":"13_CR12","unstructured":"Sophos: Breaking news: worm attacks CNN, ABC, The Financial Times, and The New York Times (2005), http:\/\/www.sophos.com\/pressoffice\/news\/articles\/2005\/08\/va_breakingnews.html (last accessed November 25, 2008)"},{"key":"13_CR13","doi-asserted-by":"crossref","unstructured":"D.\u00a0Denning: An intrusion detection model, IEEE Symposium on Security and Privacy (IEEE, NJ, USA 1986) pp. 118\u2013131","DOI":"10.1109\/SP.1986.10010"},{"issue":"1","key":"13_CR14","doi-asserted-by":"publisher","first-page":"42","DOI":"10.1109\/MNET.2009.4804323","volume":"23","author":"J. Hu","year":"2009","unstructured":"J.\u00a0Hu, Q.\u00a0Dong, X.\u00a0Yu, H.H.\u00a0Chen: A simple and efficient hidden Markov model scheme for host-based anomaly intrusion detection, IEEE Netw. 23(1), 42\u201347 (2009)","journal-title":"IEEE Netw."},{"issue":"1","key":"13_CR15","doi-asserted-by":"publisher","first-page":"14","DOI":"10.1109\/TNET.2006.890115","volume":"15","author":"R.R. Kompella","year":"2007","unstructured":"R.R.\u00a0Kompella, S.\u00a0Singh, G.\u00a0Varghese: On scalable attack decision in the network, IEEE\/ACM Trans. Netw. 15(1), 14\u201325 (2007)","journal-title":"IEEE\/ACM Trans. Netw."},{"issue":"3","key":"13_CR16","doi-asserted-by":"crossref","first-page":"151","DOI":"10.3233\/JCS-980109","volume":"6","author":"S.A. Hofmeyr","year":"1998","unstructured":"S.A.\u00a0Hofmeyr, S.\u00a0Forrest, A.\u00a0Somayaji: Intrusion detection using sequences of system calls, J. Comput. Secur. 6(3), 151\u2013180 (1998)","journal-title":"J. Comput. Secur."},{"key":"13_CR17","unstructured":"D.\u00a0Hoang, J.\u00a0Hu, P.\u00a0Bertok: Intrusion detection based on data mining, 5th Int. Conference on Enterprise Information Systems (Angers 1998) pp. 341\u2013346"},{"key":"13_CR18","doi-asserted-by":"crossref","unstructured":"X.D.\u00a0Hoang, J.\u00a0Hu: An efficient hidden Markov model training scheme for anomaly intrusion detection of server applications based on system calls, IEEE Int. Conference on Networks (ICON 2004) (Singapore 2004) pp. 470\u2013474","DOI":"10.1109\/ICON.2004.1409210"},{"key":"13_CR19","unstructured":"X.D.\u00a0Hoang, J.\u00a0Hu, P.\u00a0Bertok: A multi-layer model for anomaly intrusion detection using program sequences of system calls, 11th IEEE Int. Conference on Network (ICON 2003) (Sydney 2003) pp. 531\u2013536"},{"issue":"4","key":"13_CR20","doi-asserted-by":"publisher","first-page":"227","DOI":"10.1145\/382912.382914","volume":"3","author":"W. Lee","year":"2000","unstructured":"W.\u00a0Lee, S.I.\u00a0Stolfo: A framework for constructing features and models for intrusion detection systems, ACM Trans. Inf. Syst. Secur. 3(4), 227\u2013261 (2000)","journal-title":"ACM Trans. Inf. Syst. Secur."},{"key":"13_CR21","unstructured":"W.\u00a0Lee, S.J.\u00a0Stolfo: Data mining approaches for intrusion detection, Proc. 7th USENIX Security Symposium (San Antonio 1998)"},{"key":"13_CR22","doi-asserted-by":"crossref","unstructured":"C.\u00a0Warrender, S.\u00a0Forrest, B.\u00a0Perlmutter: Detecting intrusions using system calls: alternative data models, IEEE Computer Society Symposium on Research in Security and Privacy (1999) pp. 257\u2013286","DOI":"10.1109\/SECPRI.1999.766910"},{"key":"13_CR23","doi-asserted-by":"crossref","unstructured":"J.L.\u00a0Gauvain, C.H.\u00a0Lee: Bayesian learning of Gaussian mixture densities for hidden Markov models, Proc. DARPA Speech and Natural Language Workshop (1991)","DOI":"10.3115\/112405.112457"},{"key":"13_CR24","doi-asserted-by":"crossref","unstructured":"S.\u00a0Forrest: A sense of self for Unix processes, IEEE Symposium on Computer Security and Privacy (1996)","DOI":"10.1109\/SECPRI.1996.502675"},{"key":"13_CR25","unstructured":"X.H.\u00a0Dau: E-Commerce Security Enhancement and Anomaly Intrusion Detection Using Machine Learning Techniques. Ph.D. Thesis (RMIT University, Melbourne 2006)"},{"issue":"2","key":"13_CR26","doi-asserted-by":"publisher","first-page":"257","DOI":"10.1109\/5.18626","volume":"77","author":"L.R. Rabiner","year":"1989","unstructured":"L.R.\u00a0Rabiner: A tutorial on hidden Markov model and selected applications in speech recognition, Proc. IEEE 77(2), 257\u2013286 (1989)","journal-title":"Proc. IEEE"},{"key":"13_CR27","unstructured":"X.H.\u00a0Dau: Intrusion detection, School of Computer Science and IT (RMIT University, Melbourne 2007)"},{"key":"13_CR28","volume-title":"Optimizing hidden Markov model learning","author":"J. Langford","year":"2007","unstructured":"J.\u00a0Langford: Optimizing hidden Markov model learning, Technical Report (Toyota Technological Institute at Chicago, Chicago 2007)"},{"key":"13_CR29","volume-title":"A tutorial on hidden Markov models","author":"R. Dugad","year":"1996","unstructured":"R. Dugad, U.B. Desai: A tutorial on hidden Markov models, Technical Report No: SPANN-96.1, Indian Institute of Technology, Bombay (1996)"},{"key":"13_CR30","doi-asserted-by":"crossref","unstructured":"J.L.\u00a0Gauvain, C.H.\u00a0Lee: MAP estimation of continuous density HMM: Theory and Applications, Proceedings of the DARPA Speech and Natural Language Workshop (1992)","DOI":"10.3115\/1075527.1075568"},{"issue":"2","key":"13_CR31","doi-asserted-by":"publisher","first-page":"291","DOI":"10.1109\/89.279278","volume":"1","author":"J.L. Gauvain","year":"1994","unstructured":"J.L.\u00a0Gauvain, C.H.\u00a0Lee: A posteriori estimation for multivariate Gaussian mixture observations of Markov chains, IEEE Trans. Speech Audio Process. 1(2), 291\u2013298 (1994)","journal-title":"IEEE Trans. Speech Audio Process."},{"issue":"6","key":"13_CR32","doi-asserted-by":"publisher","first-page":"539","DOI":"10.1109\/89.725320","volume":"6","author":"Y. Gotoh","year":"1998","unstructured":"Y.\u00a0Gotoh, M.M.\u00a0Hochberg, H.F.\u00a0Silverman: Efficient training algorithm for HMM\u2019s using incremental estimation, IEEE Trans. Speech Audio Process. 6(6), 539\u2013548 (1998)","journal-title":"IEEE Trans. Speech Audio Process."},{"key":"13_CR33","doi-asserted-by":"crossref","unstructured":"R.I.A.\u00a0Davis, B.C.\u00a0Lovell, T.\u00a0Caelli: Improved estimation of hidden Markov model parameters from multiple observation sequences, 16th Int. Conference on Pattern Recognition (2002) pp. 168\u2013171","DOI":"10.1109\/ICPR.2002.1048264"},{"issue":"4","key":"13_CR34","doi-asserted-by":"publisher","first-page":"371","DOI":"10.1109\/34.845379","volume":"22","author":"X. Li","year":"2000","unstructured":"X.\u00a0Li, M.\u00a0Parizean, R.\u00a0Plamondon: Training hidden Markov models with multiple observations\u2013A combinatorial method, IEEE Trans. Pattern Anal. Mach. Int. 22(4), 371\u2013377 (2000)","journal-title":"IEEE Trans. Pattern Anal. Mach. Int."},{"key":"13_CR35","volume-title":"Understanding correlation","author":"R.J. Rummel","year":"1976","unstructured":"R.J.\u00a0Rummel: Understanding correlation (Department of Political Science University of Hawaii, Honolulu 1976)"},{"key":"13_CR36","doi-asserted-by":"crossref","unstructured":"H.\u00a0Mannila, H.\u00a0Toivonen, I.\u00a0Verkamo: Discovery of frequent episodes in event sequences, Data Mining and Knowledge Discovery, Vol. 1 (Springer, MA, USA 1997)","DOI":"10.1023\/A:1009748302351"}],"container-title":["Handbook of Information and Communication Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-04117-4_13.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,11,24]],"date-time":"2020-11-24T02:39:20Z","timestamp":1606185560000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-04117-4_13"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2010]]},"ISBN":["9783642041167","9783642041174"],"references-count":36,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-04117-4_13","relation":{},"subject":[],"published":{"date-parts":[[2010]]}}}