{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,14]],"date-time":"2025-10-14T01:09:04Z","timestamp":1760404144467,"version":"3.40.4"},"reference-count":30,"publisher":"Springer Science and Business Media LLC","issue":"3","license":[{"start":{"date-parts":[[2013,4,30]],"date-time":"2013-04-30T00:00:00Z","timestamp":1367280000000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Data Min Knowl Disc"],"published-print":{"date-parts":[[2014,5]]},"DOI":"10.1007\/s10618-013-0315-0","type":"journal-article","created":{"date-parts":[[2013,4,30]],"date-time":"2013-04-30T18:23:04Z","timestamp":1367346184000},"page":"702-735","source":"Crossref","is-referenced-by-count":4,"title":["A reference based analysis framework for understanding anomaly detection techniques for symbolic sequences"],"prefix":"10.1007","volume":"28","author":[{"given":"Varun","family":"Chandola","sequence":"first","affiliation":[]},{"given":"Varun","family":"Mithal","sequence":"additional","affiliation":[]},{"given":"Vipin","family":"Kumar","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2013,4,30]]},"reference":[{"key":"315_CR1","doi-asserted-by":"crossref","first-page":"263","DOI":"10.1093\/nar\/28.1.263","volume":"28","author":"A Bateman","year":"2000","unstructured":"Bateman A, Birney E, Durbin R, Eddy SR, Howe KL, Sonnhammer EL (2000) The pfam protein families database. Nucleic Acids Res 28:263\u2013266","journal-title":"Nucleic Acids Res"},{"issue":"1","key":"315_CR2","doi-asserted-by":"crossref","first-page":"164","DOI":"10.1214\/aoms\/1177697196","volume":"41","author":"LE Baum","year":"1970","unstructured":"Baum LE, Petrie T, Soules G, Weiss N (1970) A maximization technique occuring in the statistical analysis of probabilistic functions of markov chains. Ann Math Stat 41(1):164\u2013171","journal-title":"Ann Math Stat"},{"key":"315_CR3","unstructured":"Budalakoti S, Srivastava A, Otey M (2007) Anomaly detection and diagnosis algorithms for discrete symbol sequences with applications to airline safety. In: Proceedings of the IEEE International Conference on Systems, Man, and, Cybernetics, vol 37"},{"issue":"3","key":"315_CR4","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/1541880.1541882","volume":"41","author":"V Chandola","year":"2009","unstructured":"Chandola V, Banerjee A, Kumar V (2009) Anomaly detection\u2014a survey. ACM Comput Surv 41(3):1\u201358","journal-title":"ACM Comput Surv"},{"key":"315_CR5","doi-asserted-by":"crossref","first-page":"823","DOI":"10.1109\/TKDE.2010.235","volume":"24","author":"V Chandola","year":"2012","unstructured":"Chandola V, Banerjee A, Kumar V (2012) Anomaly detection for discrete sequences: a survey. IEEE Trans Knowl Data Eng 24:823\u2013839","journal-title":"IEEE Trans Knowl Data Eng"},{"key":"315_CR6","doi-asserted-by":"crossref","unstructured":"Chandola V, Boriah S, Kumar V (2009) A framework for exploring categorical data. In: Proceedings of the ninth SIAM International Conference on Data Mining","DOI":"10.1137\/1.9781611972795.17"},{"key":"315_CR7","doi-asserted-by":"crossref","unstructured":"Chandola V, Boriah S, Kumar V (2010) A reference based analysis framework for analyzing system call traces. In: CSIIRW \u201910: Proceedings of the 6th Annual Workshop on Cyber Security and Information Intelligence Research, New York, NY, USA, ACM","DOI":"10.1145\/1852666.1852703"},{"key":"315_CR8","doi-asserted-by":"crossref","unstructured":"Chandola V, Mithal V, Kumar V (2008) A comparative evaluation of anomaly detection techniques for sequence data. In: Proceedings of International Conference on Data Mining","DOI":"10.1109\/ICDM.2008.151"},{"key":"315_CR9","unstructured":"Chandola V, Mithal V, Kumar V (2008) Comparing anomaly detection techniques for sequence data. Technical Report 08\u2013021, University of Minnesota, Computer Science Department, July 2008"},{"key":"315_CR10","doi-asserted-by":"crossref","unstructured":"Cohen WW (1995) Fast effective rule induction. In: Prieditis A, Russell S (eds) Proceedings of the 12th International Conference on Machine Learning. Morgan Kaufmann, Tahoe City, pp 115\u2013123","DOI":"10.1016\/B978-1-55860-377-6.50023-2"},{"key":"315_CR11","unstructured":"Eskin E, Lee W, Stolfo S (2001) Modeling system call for intrusion detection using dynamic window sizes. In: Proceedings of DISCEX"},{"key":"315_CR12","doi-asserted-by":"crossref","unstructured":"Forney GD Jr (1973) The viterbi algorithm. Proc IEEE 61(3):268\u2013278","DOI":"10.1109\/PROC.1973.9030"},{"key":"315_CR13","doi-asserted-by":"crossref","unstructured":"Forrest S, Hofmeyr SA, Somayaji A, Longstaff TA (1996) A sense of self for unix processes. In: Proceedinges of the ISRSP96, pp 120\u2013128","DOI":"10.1109\/SECPRI.1996.502675"},{"key":"315_CR14","doi-asserted-by":"crossref","unstructured":"Forrest S, Warrender C, Pearlmutter B (1999) Detecting intrusions using system calls: Alternate data models. In: Proceedings of the 1999 IEEE ISRSP, Washington, DC, USA, pp 133\u2013145, 1999. IEEE Computer Society","DOI":"10.1109\/SECPRI.1999.766910"},{"key":"315_CR15","doi-asserted-by":"crossref","unstructured":"Gao B, Ma H-Y, Yang Y-H (2002) Hmms (hidden markov models) based on anomaly intrusion detection method. In: Proceedings of International Conference on Machine Learning and Cybernetics, pp 381\u2013385. IEEE","DOI":"10.1109\/ICMLC.2002.1176779"},{"issue":"4","key":"315_CR16","doi-asserted-by":"crossref","first-page":"383","DOI":"10.1023\/A:1026195112518","volume":"4","author":"FA Gonzalez","year":"2003","unstructured":"Gonzalez FA, Dasgupta D (2003) Anomaly detection using real-valued negative selection. Genet Program Evolvable Mach 4(4):383\u2013403","journal-title":"Genet Program Evolvable Mach"},{"issue":"2","key":"315_CR17","doi-asserted-by":"crossref","first-page":"85","DOI":"10.1023\/B:AIRE.0000045502.10941.a9","volume":"22","author":"V Hodge","year":"2004","unstructured":"Hodge V, Austin J (2004) A survey of outlier detection methodologies. Artif Intell Rev 22(2):85\u2013126","journal-title":"Artif Intell Rev"},{"issue":"3","key":"315_CR18","doi-asserted-by":"crossref","first-page":"151","DOI":"10.3233\/JCS-980109","volume":"6","author":"SA Hofmeyr","year":"1998","unstructured":"Hofmeyr SA, Forrest S, Somayaji A (1998) Intrusion detection using sequences of system calls. J Comput Secur 6(3):151\u2013180","journal-title":"J Comput Secur"},{"key":"315_CR19","doi-asserted-by":"crossref","unstructured":"Lazarevic A, Ertoz L, Kumar V, Ozgur A, Srivastava J (2003) A comparative study of anomaly detection schemes in network intrusion detection. In: Proceedings of SIAM International Conference on Data Mining. SIAM, May 2003","DOI":"10.1137\/1.9781611972733.3"},{"key":"315_CR20","unstructured":"Lee W, Stolfo S (1998) Data mining approaches for intrusion detection. In: Proceedings of the 7th USENIX Security Symposium, San Antonio, TX"},{"key":"315_CR21","unstructured":"Lee W, Stolfo S, Chan P (1997) Learning patterns from unix process execution traces for intrusion detection. In: Proceedings of the AAAI 97 workshop on AI methods in Fraud and risk management"},{"key":"315_CR22","doi-asserted-by":"crossref","unstructured":"Lippmann RP, et al. (2000) Evaluating intrusion detection systems\u2014the 1998 darpa off-line intrusion detection evaluation. In: DARPA Information Survivability Conference and Exposition (DISCEX) vol 2, pp 12\u201326. IEEE Computer Society Press","DOI":"10.1109\/DISCEX.2000.821506"},{"key":"315_CR23","unstructured":"MacQueen JB (1967) Some methods for classification and analysis of multivariate observations. In: Cam LM, Neyman J (eds) Proc. of the fifth Berkeley Symposium on Mathematical Statistics and Probability, vol 1. University of California Press, Berkeley, pp 281\u2013297"},{"key":"315_CR24","doi-asserted-by":"crossref","unstructured":"Michael CC, Ghosh A (2000) Two state-based approaches to program-based anomaly detection. In: Proceedings of the 16th Annual Computer Security Applications Conference, pp 21. IEEE Computer Society","DOI":"10.1109\/ACSAC.2000.898854"},{"issue":"13","key":"315_CR25","doi-asserted-by":"crossref","first-page":"663","DOI":"10.1049\/el:20020467","volume":"38","author":"Y Qiao","year":"2002","unstructured":"Qiao Y, Xin XW, Bin Y, Ge S (2002) Anomaly intrusion detection method based on HMM. Electron Lett 38(13):663\u2013664","journal-title":"Electron Lett"},{"key":"315_CR26","doi-asserted-by":"crossref","unstructured":"Ramaswamy S, Rastogi R, Shim K (2000) Efficient algorithms for mining outliers from large data sets. In: Proceedings of the ACM SIGMOD international conference on Management of data, ACM","DOI":"10.1145\/342009.335437"},{"issue":"7","key":"315_CR27","doi-asserted-by":"crossref","first-page":"1115","DOI":"10.1016\/j.sigpro.2004.03.011","volume":"84","author":"A Ray","year":"2004","unstructured":"Ray A (2004) Symbolic dynamic analysis of complex systems for anomaly detection. Signal Process 84(7):1115\u20131130","journal-title":"Signal Process"},{"key":"315_CR28","unstructured":"Shalizi CR, Klinkner KL (2004) Blind construction of optimal nonlinear recursive predictors for discrete sequences. In: Chickering M, Halpern JY (eds) Uncertainty in Artificial Intelligence: Proceedings of the Twentieth Conference (UAI 2004). AUAI Press, Arlington, Virginia, pp 504\u2013511"},{"key":"315_CR29","unstructured":"Srivastava AN (2005) Discovering system health anomalies using data mining techniques. In: Proceedings of 2005 Joint Army Navy NASA Airforce Conference on Propulsion"},{"key":"315_CR30","doi-asserted-by":"crossref","unstructured":"Sun P, Chawla S, Arunasalam B (2006) Mining for outliers in sequential databases. In In SIAM International Conference on Data Mining","DOI":"10.1137\/1.9781611972764.9"}],"container-title":["Data Mining and Knowledge Discovery"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10618-013-0315-0.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s10618-013-0315-0\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10618-013-0315-0","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,4,30]],"date-time":"2025-04-30T07:39:19Z","timestamp":1745998759000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s10618-013-0315-0"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2013,4,30]]},"references-count":30,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2014,5]]}},"alternative-id":["315"],"URL":"https:\/\/doi.org\/10.1007\/s10618-013-0315-0","relation":{},"ISSN":["1384-5810","1573-756X"],"issn-type":[{"type":"print","value":"1384-5810"},{"type":"electronic","value":"1573-756X"}],"subject":[],"published":{"date-parts":[[2013,4,30]]}}}