{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T04:53:58Z","timestamp":1750308838263,"version":"3.41.0"},"reference-count":46,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2017,5,29]],"date-time":"2017-05-29T00:00:00Z","timestamp":1496016000000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Cluster Comput"],"published-print":{"date-parts":[[2018,3]]},"DOI":"10.1007\/s10586-017-0878-4","type":"journal-article","created":{"date-parts":[[2017,5,29]],"date-time":"2017-05-29T05:19:58Z","timestamp":1496035198000},"page":"423-441","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":6,"title":["A prudent based approach for compromised user credentials detection"],"prefix":"10.1007","volume":"21","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-0852-8833","authenticated-orcid":false,"given":"Adnan","family":"Amin","sequence":"first","affiliation":[]},{"given":"Babar","family":"Shah","sequence":"additional","affiliation":[]},{"given":"Sajid","family":"Anwar","sequence":"additional","affiliation":[]},{"given":"Feras","family":"Al-Obeidat","sequence":"additional","affiliation":[]},{"given":"Asad Masood","family":"Khattak","sequence":"additional","affiliation":[]},{"given":"Awais","family":"Adnan","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2017,5,29]]},"reference":[{"key":"878_CR1","doi-asserted-by":"crossref","unstructured":"Pecchia, A., Sharma, A., Kalbarczyk, Z., Cotroneo, D., Iyer, R.K.: Identifying compromised users in shared computing infrastructures: a data-driven Bayesian network approach. In: Proceedings of the IEEE Symposium on Reliable Distributed Systems. pp. 127\u2013136 (2011)","DOI":"10.1109\/SRDS.2011.24"},{"key":"878_CR2","unstructured":"Egele, M., Kruegel, C., Vigna, G.: COMPA?: detecting compromised accounts on social networks. In: 20th Annual Network and Distributed System Security Symposium, San Diego, CA, USA, pp. 1\u201317 (2013)"},{"key":"878_CR3","doi-asserted-by":"crossref","unstructured":"Stone-Gross, B., Cova, M., Cavallaro, L., Gilbert, B., Szydlowski, M., Kemmerer, R., Kruegel, C., Vigna, G.: Your botnet is my botnet: analysis of a botnet takeover. In: ACM Conference on Computer and Communications Security (2009)","DOI":"10.1145\/1653662.1653738"},{"key":"878_CR4","unstructured":"Viswanath, B., Muhammad Ahmad, B., Crovella, M., Guha, S., Gummadi, K., Krishnamurthy, B., Mislove, A.: Towards detecting anomalous user behavior in online social networks. In: Proceedings of the 23rd USENIX Security Symposium (USENIX Security), pp. 223\u2013238 (2014)"},{"key":"878_CR5","doi-asserted-by":"crossref","first-page":"2:1","DOI":"10.1145\/2556609","volume":"8","author":"Z Yang","year":"2014","unstructured":"Yang, Z., Wilson, C., Wang, X., Gao, T., Zhao, B.Y., Dai, Y.: Uncovering social network Sybils in the wild. ACM Trans. Knowl. Discov. Data 8, 2:1\u20132:29 (2014)","journal-title":"ACM Trans. Knowl. Discov. Data"},{"key":"878_CR6","first-page":"307","volume":"9","author":"K Singh","year":"2012","unstructured":"Singh, K., Cantt, M.: Outlier detection? Applications and techniques. Int. J. Comput. Sci. Issues 9, 307\u2013323 (2012)","journal-title":"Int. J. Comput. Sci. Issues"},{"key":"878_CR7","doi-asserted-by":"crossref","first-page":"77","DOI":"10.1016\/j.patrec.2014.06.012","volume":"49","author":"A Daneshpazhouh","year":"2014","unstructured":"Daneshpazhouh, A., Sami, A.: Entropy-based outlier detection using semi-supervised approach with few positive examples. Pattern Recognit. Lett. 49, 77\u201384 (2014)","journal-title":"Pattern Recognit. Lett."},{"key":"878_CR8","doi-asserted-by":"crossref","DOI":"10.1007\/978-94-015-3994-4","volume-title":"Identification of Outliers","author":"DM Hawkins","year":"1980","unstructured":"Hawkins, D.M.: Identification of Outliers. Chapman and Hall, London (1980)"},{"key":"878_CR9","doi-asserted-by":"crossref","first-page":"85","DOI":"10.1023\/B:AIRE.0000045502.10941.a9","volume":"22","author":"VJ Hodge","year":"2004","unstructured":"Hodge, V.J., Austin, J.: A survey of outlier detection methodologies. Artif. Intell. Rev. 22, 85\u2013126 (2004)","journal-title":"Artif. Intell. Rev."},{"key":"878_CR10","doi-asserted-by":"crossref","first-page":"159","DOI":"10.1109\/SURV.2010.021510.00088","volume":"12","author":"Y Zhang","year":"2010","unstructured":"Zhang, Y., Meratnia, N., Havinga, P.: Outlier detection techniques for wireless sensor networks: a survey. IEEE Commun. Surv. Tutor. 12, 159\u2013170 (2010)","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"878_CR11","first-page":"8445","volume":"3","author":"N Gupta","year":"2014","unstructured":"Gupta, N.: A study of existing cross site scripting detection and prevention techniques in web applications. Int. J. Eng. Comput. Sci. 3, 8445\u20138450 (2014)","journal-title":"Int. J. Eng. Comput. Sci."},{"key":"878_CR12","first-page":"1","volume":"25","author":"M Gupta","year":"2014","unstructured":"Gupta, M., Gao, J., Aggarwal, C.C.: Outlier detection for temporal data? A survey. IEEE Trans. Knowl. Data Eng. 25, 1\u201320 (2014)","journal-title":"IEEE Trans. Knowl. Data Eng."},{"key":"878_CR13","unstructured":"Kumar, S.: Classification and detection of computer intrusions. Doctoral Dissertation, Department of Computer Science, Purdue University, West Lafayette, IN (1995)"},{"key":"878_CR14","doi-asserted-by":"crossref","unstructured":"Sekar, R., Bendre, M., Dhurjati, D., Bollineni, P.: A fast automaton-based method for detecting anomalous program behaviors. In: Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001, pp. 144\u2013155. IEEE Computer Society (2001)","DOI":"10.1109\/SECPRI.2001.924295"},{"key":"878_CR15","doi-asserted-by":"crossref","unstructured":"Thomas, K., Li, F., Grier, C., Paxson, V.: Consequences of connectivity? Characterizing account hijacking on Twitter. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 489\u2013500 (2014)","DOI":"10.1145\/2660267.2660282"},{"key":"878_CR16","doi-asserted-by":"crossref","first-page":"1911","DOI":"10.1016\/j.matcom.2010.02.007","volume":"80","author":"Z Xue","year":"2010","unstructured":"Xue, Z., Shang, Y., Feng, A.: Semi-supervised outlier detection based on fuzzy rough C-means clustering. Math. Comput. Simul. 80, 1911\u20131921 (2010)","journal-title":"Math. Comput. Simul."},{"key":"878_CR17","doi-asserted-by":"crossref","unstructured":"Gao, H., Hu, J., Wilson, C., Li, Z., Chen, Y., Zhao, B.Y.: Detecting and characterizing social spam campaigns. In: Proceedings of the 10th Annual Conference on Internet Measurement\u2014IMC \u201910, p. 35. ACM Press, New York (2010)","DOI":"10.1145\/1879141.1879147"},{"key":"878_CR18","doi-asserted-by":"crossref","unstructured":"Gao, B., Ma, H.-Y., Yang, Y.-H.: HMMs (Hidden Markov models) based on anomaly intrusion detection method. In: Proceedings of the International Conference on Machine Learning and Cybernetics, pp. 381\u2013385. IEEE (2002)","DOI":"10.1109\/ICMLC.2002.1176779"},{"key":"878_CR19","doi-asserted-by":"crossref","first-page":"25","DOI":"10.1145\/604264.604269","volume":"30","author":"JBD Cabrera","year":"2001","unstructured":"Cabrera, J.B.D., Lewis, L., Mehra, R.K.: Detection and classification of intrusions and faults using sequences of system calls. ACM SIGMOD Rec. 30, 25\u201334 (2001)","journal-title":"ACM SIGMOD Rec."},{"key":"878_CR20","doi-asserted-by":"crossref","unstructured":"Endler, D.: Intrusion detection. Applying machine learning to Solaris audit data. In: Proceedings 14th Annual Computer Security Applications Conference (Cat. No. 98EX217), pp. 268\u2013279. IEEE Computer Society (1998)","DOI":"10.1109\/CSAC.1998.738647"},{"key":"878_CR21","unstructured":"Ghosh, A.K., Schwartzbard, A., Schatz, M.: Learning program behavior profiles for intrusion detection learning program behavior profiles for intrusion detection. In: Proceedings of the 1st USENIX Workshop on Intrusion Detection and Network Monitoring, pp. 51\u201362 (1999)"},{"key":"878_CR22","doi-asserted-by":"crossref","unstructured":"Kang, D., Fuller, D., Honavar, V.: Learning classifiers for misuse detection using a bag of system calls. In: Proceedings of the 3rd IEEE International Conference on Intelligence and Security Informatics, pp. 511\u2013516 (2005)","DOI":"10.1007\/11427995_51"},{"key":"878_CR23","doi-asserted-by":"crossref","first-page":"859","DOI":"10.1016\/j.neucom.2006.10.017","volume":"70","author":"S Tian","year":"2007","unstructured":"Tian, S., Mu, S., Yin, C.: Sequence-similarity kernels for SVMs to detect anomalies in system calls. Neurocomputing 70, 859\u2013866 (2007)","journal-title":"Neurocomputing"},{"key":"878_CR24","doi-asserted-by":"crossref","unstructured":"Wang, M., Zhang, C., Yu, J.: Native API based windows anomaly intrusion detection method Using SVM. In: IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing (SUTC\u201906), vol. 1, pp. 514\u2013519. IEEE (2006)","DOI":"10.1109\/SUTC.2006.1636219"},{"key":"878_CR25","unstructured":"Ghosh, A.K., Schwartzbard, A.: A study in using neural networks for anomaly and misuse detection. In: Proceedings of the 8th USENIX Security Symposium, Washington, DC, pp. 141\u2013152. USENIX Association (1999)"},{"key":"878_CR26","doi-asserted-by":"crossref","unstructured":"Dasgupta, K., Singh, R., Viswanathan, B., Chakraborty, D., Mukherjea, S., Nanavati, A.A., Joshi, A.: Social ties and their relevance to churn in mobile telecom networks. In: Proceedings of the 11th International Conference on Extending Database Technology Advances in Database Technology\u2014EDBT \u201908, pp. 668\u2013677. ACM Press, New York (2008)","DOI":"10.1145\/1353343.1353424"},{"key":"878_CR27","doi-asserted-by":"crossref","unstructured":"Hayati, P., Potdar, V., Chai, K., Talevski, A.: Web spambot detection based on web navigation behaviour. In: 2010 24th IEEE International Conference on Advanced Information Networking and Applications, pp. 797\u2013803. IEEE, Washington, DC (2010)","DOI":"10.1109\/AINA.2010.92"},{"key":"878_CR28","doi-asserted-by":"crossref","first-page":"243","DOI":"10.1145\/1039621.1039625","volume":"3","author":"L Zhang","year":"2004","unstructured":"Zhang, L., Zhu, J., Yao, T.: An evaluation of statistical spam filtering techniques. ACM Trans. Asian Lang. Inf. Process. 3, 243\u2013269 (2004)","journal-title":"ACM Trans. Asian Lang. Inf. Process."},{"key":"878_CR29","doi-asserted-by":"crossref","unstructured":"Compton, P., Jansen, R.: Knowledge in context: a strategy for expert system maintenance. http:\/\/dl.acm.org\/citation.cfm?id=89411.89756 (1990)","DOI":"10.1007\/3-540-52062-7_86"},{"key":"878_CR30","doi-asserted-by":"crossref","first-page":"211","DOI":"10.1007\/BF00962234","volume":"5","author":"BR Gaines","year":"1995","unstructured":"Gaines, B.R., Compton, P.: Induction of ripple-down rules applied to modeling large databases. J. Intell. Inf. Syst. 5, 211\u2013228 (1995)","journal-title":"J. Intell. Inf. Syst."},{"key":"878_CR31","first-page":"366","volume-title":"Applications of Expert Systems","author":"C Pau","year":"1989","unstructured":"Pau, C., Horn, K.A., Quinlan, J.R., Lazarus, L.: Maintaining an expert system. In: Quinlan, J.R. (ed.) Applications of Expert Systems, vol. 2, pp. 366\u2013385. Addison-Wesley, London (1989)"},{"key":"878_CR32","doi-asserted-by":"crossref","first-page":"895","DOI":"10.1006\/ijhc.1998.0231","volume":"49","author":"D Richards","year":"1998","unstructured":"Richards, D., Compton, P.: Taking up the situated cognition challenge with ripple down rules. Int. J. Hum. Comput. Stud. 49, 895\u2013926 (1998)","journal-title":"Int. J. Hum. Comput. Stud."},{"key":"878_CR33","unstructured":"Tobias, S.: Algebraic foundation and improved methods of induction of ripple down rules. In: Pacific Knowledge Acquisition Workshop, Sydney, pp. 23\u201325 (1996)"},{"key":"878_CR34","doi-asserted-by":"crossref","first-page":"71","DOI":"10.2307\/1252074","volume":"59","author":"SM Keaveney","year":"1995","unstructured":"Keaveney, S.M.: Customer switching behavior in service industries: an exploratory study. J. Mark. 59, 71\u201382 (1995)","journal-title":"J. Mark."},{"key":"878_CR35","unstructured":"Pham, K.C., Sammut, C.: RDRVision\u2014learning vision recognition with ripple down rules. In: Proceedings of the Australasian Conference on Robotics and Automation, pp. 7\u20138 (2005)"},{"key":"878_CR36","doi-asserted-by":"crossref","first-page":"289","DOI":"10.1016\/0004-3702(85)90016-5","volume":"27","author":"WJ Clancey","year":"1985","unstructured":"Clancey, W.J.: Heuristic classification. Artif. Intell. 27, 289\u2013350 (1985)","journal-title":"Artif. Intell."},{"key":"878_CR37","doi-asserted-by":"crossref","unstructured":"Gomez-Prerez, A.: Ontology evaluation. In: Handbook on Ontologies, pp. 293\u2013313. Springer, Berlin (2004)","DOI":"10.1007\/978-3-540-24750-0_13"},{"key":"878_CR38","volume-title":"Evaluation of Incremental Knowledge Acquisition with Simulated Experts","author":"P Compton","year":"2006","unstructured":"Compton, P., Cao, T.M.: Evaluation of Incremental Knowledge Acquisition with Simulated Experts. Springer, Berlin (2006)"},{"key":"878_CR39","unstructured":"Compton, P., Preston, P., Edwards, G., Kang, B.: Knowledge based systems that have some idea of their limits. In: Tenth Knowledge Acquisition and Knowledge-Based Systems Workshop (1996)"},{"key":"878_CR40","doi-asserted-by":"crossref","unstructured":"Amin, A., Rahim,F., Ramzan,M., Anwar, S.: A prudent based approach for customer churn prediction. In: BDAS: Beyond Databases, Architectures and Structures, pp. 320\u2013332. Springer (2015)","DOI":"10.1007\/978-3-319-18422-7_29"},{"key":"878_CR41","doi-asserted-by":"crossref","unstructured":"Maruatona, O.O., Vamplew, P., Dazeley, R.: Prudent fraud detection in Internet banking. In: 2012 Third Cybercrime and Trustworthy Computing Workshop, pp. 60\u201365. IEEE (2012)","DOI":"10.1109\/CTC.2012.13"},{"key":"878_CR42","volume-title":"Knowledge Management and Acquisition for Intelligent Systems","author":"O Maruatona","year":"2012","unstructured":"Maruatona, O., Vamplew, P., Dazeley, R.: Knowledge Management and Acquisition for Intelligent Systems. Springer, Berlin (2012)"},{"key":"878_CR43","unstructured":"Compton, P., Preston, P., Kang, B.: The Use of Simulated Experts in Evaluating Knowledge Acquisition, pp. 1\u201318. University of Calgary (1995)"},{"key":"878_CR44","doi-asserted-by":"crossref","first-page":"7940","DOI":"10.1109\/ACCESS.2016.2619719","volume":"4","author":"A Amin","year":"2016","unstructured":"Amin, A., Anwar, S., Adnan, A., Nawaz, M., Howard, N., Qadir, J., Hawalah, A., Hussain, A.: Comparing oversampling techniques to handle the class imbalance problem: a customer churn prediction case study. Journal of IEEE Access 4, 7940\u20137957 (2016)","journal-title":"Journal of IEEE Access"},{"key":"878_CR45","volume-title":"Practical Statistics for the Analytical Scientist","author":"SLR Ellison","year":"2009","unstructured":"Ellison, S.L.R., Barwick, V.J., Farrant, T.J.: Practical Statistics for the Analytical Scientist. Royal Society of Chemistry, Cambridge (2009)"},{"key":"878_CR46","doi-asserted-by":"crossref","first-page":"7948","DOI":"10.1039\/C5AY90053K","volume":"7","author":"JN Miller","year":"2015","unstructured":"Miller, J.N.: Using the Grubbs and Cochran tests to identify outliers. Anal. Methods Commun. 7, 7948\u20137950 (2015)","journal-title":"Anal. Methods Commun."}],"container-title":["Cluster Computing"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s10586-017-0878-4\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10586-017-0878-4.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10586-017-0878-4.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T20:46:35Z","timestamp":1750279595000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s10586-017-0878-4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,5,29]]},"references-count":46,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2018,3]]}},"alternative-id":["878"],"URL":"https:\/\/doi.org\/10.1007\/s10586-017-0878-4","relation":{},"ISSN":["1386-7857","1573-7543"],"issn-type":[{"type":"print","value":"1386-7857"},{"type":"electronic","value":"1573-7543"}],"subject":[],"published":{"date-parts":[[2017,5,29]]}}}