{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,2,21]],"date-time":"2025-02-21T21:59:47Z","timestamp":1740175187671,"version":"3.37.3"},"reference-count":46,"publisher":"Springer Science and Business Media LLC","issue":"3","license":[{"start":{"date-parts":[[2020,11,22]],"date-time":"2020-11-22T00:00:00Z","timestamp":1606003200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2020,11,22]],"date-time":"2020-11-22T00:00:00Z","timestamp":1606003200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["61063042"],"award-info":[{"award-number":["61063042"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Int. J. Fuzzy Syst."],"published-print":{"date-parts":[[2021,4]]},"DOI":"10.1007\/s40815-020-00947-1","type":"journal-article","created":{"date-parts":[[2020,11,22]],"date-time":"2020-11-22T14:02:41Z","timestamp":1606053761000},"page":"862-877","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":4,"title":["A Fuzzy Approach to User-level Intrusion Detection"],"prefix":"10.1007","volume":"23","author":[{"given":"Wei","family":"Liu","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yu","family":"Mao","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Linlin","family":"Ci","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Fuquan","family":"Zhang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2020,11,22]]},"reference":[{"key":"947_CR1","volume-title":"Lane: Machine learning techniques for the computer security domain of anomaly detection","author":"D Terran","year":"2001","unstructured":"Terran, D.: Lane: Machine learning techniques for the computer security domain of anomaly detection. Purdue University, West Lafayette (2001)"},{"issue":"1","key":"947_CR2","first-page":"58","volume":"16","author":"M Schonlau","year":"2001","unstructured":"Schonlau, M.: Computer intrusion: detecting masquerades. Stat. Sci. 16(1), 58\u201374 (2001)","journal-title":"Stat. Sci."},{"issue":"1","key":"947_CR3","doi-asserted-by":"publisher","first-page":"116","DOI":"10.1109\/TR.2004.823851","volume":"53","author":"N Ye","year":"2004","unstructured":"Ye, N., Zhang, Y., Borror, C.M.: Robustness of the Markov-chain model for cyber-attack detection. IEEE. T. Reliab. 53(1), 116\u2013123 (2004)","journal-title":"IEEE. T. Reliab."},{"issue":"8","key":"947_CR4","doi-asserted-by":"publisher","first-page":"732","DOI":"10.1016\/j.cose.2011.08.003","volume":"30","author":"L Huang","year":"2011","unstructured":"Huang, L., Stamp, M.: Masquerade detection using profile hidden Markov models. Comput. Secur. 30(8), 732\u2013747 (2011)","journal-title":"Comput. Secur."},{"issue":"1","key":"947_CR5","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1371\/journal.pone.0190938","volume":"13","author":"Z Bzhalava","year":"2018","unstructured":"Bzhalava, Z., Hultin, E., Dillner, J.: Extension of the viral ecology in humans using viral profile hidden Markov models. PLoS ONE 13(1), 1\u201312 (2018)","journal-title":"PLoS ONE"},{"key":"947_CR6","first-page":"41","volume":"6","author":"S Vemparala","year":"2016","unstructured":"Vemparala, S., Di Troia, F., Corrado, V.A., et al.: Malware detection using dynamic birthmarks. IWSPA. 6, 41\u201346 (2016)","journal-title":"Malware detection using dynamic birthmarks. IWSPA."},{"issue":"8","key":"947_CR7","first-page":"1555","volume":"39","author":"W Yu","year":"2016","unstructured":"Yu, W., Wei-Ping, W., Dan, M.: Mining user cross-domain behavior patterns for insider threat detection. Chin. J. Comput. 39(8), 1555\u20131569 (2016)","journal-title":"Chin. J. Comput."},{"issue":"2","key":"947_CR8","doi-asserted-by":"publisher","first-page":"85","DOI":"10.1023\/B:AIRE.0000045502.10941.a9","volume":"22","author":"VJ Hodge","year":"2013","unstructured":"Hodge, V.J., Austin, J.: A survey of outlier detection methodologies. Artif. Intellig. Rev. 22(2), 85\u2013126 (2013)","journal-title":"Artif. Intellig. Rev."},{"issue":"9","key":"947_CR9","doi-asserted-by":"publisher","first-page":"2250","DOI":"10.1109\/TKDE.2013.184","volume":"26","author":"M Gupta","year":"2014","unstructured":"Gupta, M., Gao, J., Aggarwal, C., et al.: Outlier detection for temporal data: a survey. IEEE Knowl. Data En 26(9), 2250\u20132267 (2014)","journal-title":"IEEE Knowl. Data En"},{"key":"947_CR10","doi-asserted-by":"publisher","first-page":"353","DOI":"10.1016\/B978-0-444-53859-8.00014-X","volume":"31","author":"A Garg","year":"2013","unstructured":"Garg, A., Upadhyaya, S., Kwiat, K.: A user behavior monitoring and profiling scheme for masquerade detection. Handbook Stat. 31, 353\u2013379 (2013)","journal-title":"Handbook Stat."},{"key":"947_CR11","unstructured":"Stolfo S J, Ben Salem M, Hershkop S. Methods, systems, and media for masquerade attack detection by monitoring computer user behavior: US, US9311476, 2016."},{"key":"947_CR12","first-page":"16","volume":"23","author":"AF Emmott","year":"2015","unstructured":"Emmott, A.F., Das, S., Dietterich, T., et al.: Systematic construction of anomaly detection benchmarks from real data. SIGKDD. 23, 16\u201321 (2015)","journal-title":"SIGKDD."},{"issue":"5","key":"947_CR13","doi-asserted-by":"publisher","first-page":"44","DOI":"10.1109\/MSP.2014.2329428","volume":"31","author":"A Tajer","year":"2014","unstructured":"Tajer, A., Veeravalli, V.V., Poor, H.V.: Outlying sequence detection in large data sets: a data-driven approach. IEEE Signal Proc. Mag. 31(5), 44\u201356 (2014)","journal-title":"IEEE Signal Proc. Mag."},{"issue":"4","key":"947_CR14","doi-asserted-by":"publisher","first-page":"2367","DOI":"10.3390\/e17042367","volume":"17","author":"P Berezinski","year":"2015","unstructured":"Berezinski, P., Jasiul, B., Szpyrka, M.: An entropy-based network anomaly detection method. Entropy. 17(4), 2367\u20132408 (2015)","journal-title":"Entropy."},{"issue":"5","key":"947_CR15","doi-asserted-by":"publisher","first-page":"575","DOI":"10.1016\/j.comcom.2012.12.002","volume":"36","author":"Y Kanda","year":"2013","unstructured":"Kanda, Y., Fontugne, R., Fukuda, K., et al.: ADMIRE: Anomaly detection method using entropy-based PCA with three-step sketches. Comput. Commun. 36(5), 575\u2013588 (2013)","journal-title":"Comput. Commun."},{"key":"947_CR16","first-page":"80","volume":"28","author":"M Yin","year":"2014","unstructured":"Yin, M., Yao, D., Luo, J., et al.: Network backbone anomaly detection using double random forests based on non-extensive entropy feature extraction. ICNC. 28, 80\u201384 (2014)","journal-title":"ICNC."},{"key":"947_CR17","first-page":"171","volume":"15","author":"D Liu","year":"2014","unstructured":"Liu, D., Lung, C.H., Seddigh, N., et al.: Entropy-based robust PCA for communication network anomaly detection. ICCC. 15, 171\u2013175 (2014)","journal-title":"ICCC."},{"key":"947_CR18","doi-asserted-by":"publisher","first-page":"103","DOI":"10.1016\/j.knosys.2014.06.018","volume":"70","author":"W Wang","year":"2014","unstructured":"Wang, W., Guyet, T., Quiniou, R., et al.: Autonomic intrusion detection: adaptively detecting anomalies over unlabeled audit data streams in computer networks. Knowl-based. Syst. 70, 103\u2013117 (2014)","journal-title":"Knowl-based. Syst."},{"key":"947_CR19","first-page":"175","volume":"16","author":"Z Wang","year":"2014","unstructured":"Wang, Z., Yang, J., Li, F.: An on-line anomaly detection method based on a new stationary metric-entropy-ratio. TrustCom. 16, 175\u2013192 (2014)","journal-title":"TrustCom."},{"key":"947_CR20","unstructured":"Przemys\u0142aw B, Szpyrka M, Jasiul B, et al.: Network anomaly detection using parameterized entropy. CISIM. (2014)"},{"issue":"5","key":"947_CR21","doi-asserted-by":"publisher","first-page":"122","DOI":"10.1016\/j.bjp.2013.10.014","volume":"62","author":"K Giotis","year":"2014","unstructured":"Giotis, K., Argyropoulos, C., Androulidakis, G., et al.: Combining OpenFlow and sFlow for an effective and scalable anomaly detection and mitigation mechanism on SDN environments. Comput. Netw. 62(5), 122\u2013136 (2014)","journal-title":"Comput. Netw."},{"issue":"5","key":"947_CR22","doi-asserted-by":"publisher","first-page":"500","DOI":"10.1109\/TST.2016.7590319","volume":"21","author":"M Ding","year":"2016","unstructured":"Ding, M., Tian, H.: PCA-based network traffic anomaly detection. Tsinghua Sci. Technol. 21(5), 500\u2013509 (2016)","journal-title":"Tsinghua Sci. Technol."},{"key":"947_CR23","first-page":"1","volume":"13","author":"Y Tang","year":"2018","unstructured":"Tang, Y., Liu, Z., Pan, M., et al.: Detection of magnetic anomaly signal based on information entropy of differential signal. IEEE Geosci. 13, 1\u20135 (2018)","journal-title":"IEEE Geosci."},{"issue":"4","key":"947_CR24","first-page":"1319","volume":"29","author":"IS Thaseen","year":"2016","unstructured":"Thaseen, I.S., Kumar, C.A.: Intrusion detection model using fusion of chi-square feature selection and multi class SVM. JKSU-CIS. 29(4), 1319\u20131578 (2016)","journal-title":"JKSU-CIS."},{"key":"947_CR25","first-page":"879","volume":"12","author":"IS Thaseen","year":"2015","unstructured":"Thaseen, I.S., Kumar, C.A.: Intrusion detection model using fusion of PCA and optimized SVM. IC3I. 12, 879\u2013884 (2015)","journal-title":"IC3I."},{"issue":"2","key":"947_CR26","doi-asserted-by":"publisher","first-page":"160","DOI":"10.1016\/j.cose.2004.08.007","volume":"24","author":"HS Kim","year":"2005","unstructured":"Kim, H.S., Cha, S.D.: Empirical evaluation of SVM-based masquerade detection using UNIX commands. Comput. Secur. 24(2), 160\u2013168 (2005)","journal-title":"Comput. Secur."},{"issue":"2","key":"947_CR27","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1155\/2015\/294761","volume":"2015","author":"WL Al-Yaseen","year":"2015","unstructured":"Al-Yaseen, W.L., Othman, Z.A., Nazri, M.Z.A.: Hybrid modified K-Means with C4.5 for intrusion detection systems in multiagent systems. Sci. World J. 2015(2), 1\u201314 (2015)","journal-title":"Sci. World J."},{"key":"947_CR28","doi-asserted-by":"crossref","unstructured":"Sahu S K, Jena S K. A multiclass SVM classification approach for Intrusion detection. IDCS (2016)","DOI":"10.1007\/978-3-319-28034-9_23"},{"key":"947_CR29","first-page":"37","volume":"32","author":"A Abdullah","year":"2018","unstructured":"Abdullah, A., Ponnan, R., Asirvatham, D.: Improving multiclass classification in intrusion detection using clustered linear separator analytics. ISMS. 32, 37 (2018)","journal-title":"ISMS."},{"key":"947_CR30","doi-asserted-by":"crossref","unstructured":"Pan J, Liu S, Sun D, et al. Learning Dual Convolutional Neural Networks for Low-Level Vision. In: The IEEE conference on computer vision and pattern recognition (CVPR), 3070\u20133079 (2018).","DOI":"10.1109\/CVPR.2018.00324"},{"key":"947_CR31","doi-asserted-by":"crossref","unstructured":"Xiaolong Wang, Ross Girshick, Abhinav Gupta et al. Non-local neural networks. In: The IEEE conference on computer vision and pattern recognition (CVPR), 7794\u20137803 (2018).","DOI":"10.1109\/CVPR.2018.00813"},{"issue":"6245","key":"947_CR32","doi-asserted-by":"publisher","first-page":"261","DOI":"10.1126\/science.aaa8685","volume":"349","author":"J Hirschberg","year":"2015","unstructured":"Hirschberg, J., Manning, C.D.: Advances in natural language processing. Science 349(6245), 261\u2013266 (2015)","journal-title":"Science"},{"key":"947_CR33","doi-asserted-by":"crossref","unstructured":"Goldberg Y. A Primer on Neural Network Models for Natural Language Processing. Comput. Sci. 2015.","DOI":"10.1613\/jair.4992"},{"key":"947_CR34","unstructured":"Kim G, Yi H, Lee J, et al. LSTM-based system-call language modeling and robust ensemble method for designing host-based intrusion detection systems. 2016."},{"issue":"7553","key":"947_CR35","doi-asserted-by":"publisher","first-page":"436","DOI":"10.1038\/nature14539","volume":"521","author":"Y LeCun","year":"2015","unstructured":"LeCun, Y., Bengio, Y., Hinton, G.: Deep learning[J]. Nature 521(7553), 436\u2013444 (2015)","journal-title":"Nature"},{"key":"947_CR36","doi-asserted-by":"publisher","DOI":"10.1109\/SPW.2018.00025","author":"L Chen","year":"2018","unstructured":"Chen, L., Sultana, S., Sahita, R.: HeNet: a deep learning approach on intel circled processor trace for effective exploit detection. IEEE. (2018). https:\/\/doi.org\/10.1109\/SPW.2018.00025","journal-title":"IEEE."},{"issue":"10","key":"947_CR37","first-page":"5159","volume":"12","author":"S Naseer","year":"2018","unstructured":"Naseer, S., Saleem, Y.: Enhanced network intrusion detection using deep convolutional neural networks[J]. KSII Trans Internet Inf Syst 12(10), 5159\u20135178 (2018)","journal-title":"KSII Trans Internet Inf Syst"},{"key":"947_CR38","unstructured":"Carrettoni F, Castano S, Martella G, et al.: RETISS: a real time security system for threat detection using fuzzy logic. IEEE CCST. 161\u2013167 (1991)"},{"issue":"4","key":"947_CR39","doi-asserted-by":"crossref","first-page":"175","DOI":"10.1108\/09685220310489544","volume":"11","author":"JS Sherif","year":"2013","unstructured":"Sherif, J.S., Ayers, R., Dearmond, T.G.: IMCS. 11(4), 175\u2013186 (2013)","journal-title":"IMCS."},{"key":"947_CR40","doi-asserted-by":"publisher","first-page":"338","DOI":"10.1016\/S0019-9958(65)90241-X","volume":"8","author":"LA Zadeh","year":"1965","unstructured":"Zadeh, L.A.: Fuzzy sets. Inf. Control 8, 338\u2013353 (1965)","journal-title":"Inf. Control"},{"key":"947_CR41","doi-asserted-by":"publisher","first-page":"164","DOI":"10.1016\/j.engappai.2017.02.008","volume":"60","author":"H Garg","year":"2017","unstructured":"Garg, H.: Novel intuitionistic fuzzy decision making method based on an improved operation laws and its application. Eng. Appl. Artif. Intell. 60, 164\u2013174 (2017)","journal-title":"Eng. Appl. Artif. Intell."},{"issue":"6","key":"947_CR42","doi-asserted-by":"publisher","first-page":"3213","DOI":"10.1007\/s13369-017-2986-0","volume":"43","author":"H Garg","year":"2018","unstructured":"Garg, H., Kumar, K.: Some aggregation operators for linguistic intuitionistic fuzzy set and its application to group decisionmaking process using the set pair analysis. Arab. J. Sci. Eng. 43(6), 3213\u20133227 (2018)","journal-title":"Arab. J. Sci. Eng."},{"issue":"3","key":"947_CR43","doi-asserted-by":"publisher","first-page":"189","DOI":"10.1007\/s40096-017-0213-5","volume":"11","author":"MA Firozja","year":"2017","unstructured":"Firozja, M.A., Balf, F.R., Firouzian, S.: Vague ranking of fuzzy numbers. Math. Sci. 11(3), 189\u2013193 (2017)","journal-title":"Math. Sci."},{"key":"947_CR44","unstructured":"Maxion R A, Townsend T N.: Masquerade detection using truncated command lines. In: IEEE international conference on dependable systems and networks. 219\u2013228 (2002)"},{"issue":"6","key":"947_CR45","first-page":"1225","volume":"42","author":"X Wang","year":"2014","unstructured":"Wang, X., Wang, Y.: Masquerader detection based on command closeness model. Acta Electronica Sinica. 42(6), 1225\u20131229 (2014)","journal-title":"Acta Electronica Sinica."},{"issue":"1","key":"947_CR46","first-page":"58","volume":"16","author":"M Schonlau","year":"2001","unstructured":"Schonlau, M., DuMouchel, R., et al.: Computer intrusion: detecting masquerades. Stat. Sci. 16(1), 58\u201374 (2001)","journal-title":"Stat. Sci."}],"container-title":["International Journal of Fuzzy Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s40815-020-00947-1.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s40815-020-00947-1\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s40815-020-00947-1.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,10,13]],"date-time":"2023-10-13T06:33:24Z","timestamp":1697178804000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s40815-020-00947-1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,11,22]]},"references-count":46,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2021,4]]}},"alternative-id":["947"],"URL":"https:\/\/doi.org\/10.1007\/s40815-020-00947-1","relation":{},"ISSN":["1562-2479","2199-3211"],"issn-type":[{"type":"print","value":"1562-2479"},{"type":"electronic","value":"2199-3211"}],"subject":[],"published":{"date-parts":[[2020,11,22]]},"assertion":[{"value":"17 June 2019","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"8 July 2020","order":2,"name":"revised","label":"Revised","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"20 August 2020","order":3,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"22 November 2020","order":4,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}]}}