{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,16]],"date-time":"2026-03-16T10:10:36Z","timestamp":1773655836747,"version":"3.50.1"},"reference-count":25,"publisher":"Elsevier BV","issue":"1","license":[{"start":{"date-parts":[[2003,1,1]],"date-time":"2003-01-01T00:00:00Z","timestamp":1041379200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/tdm\/userlicense\/1.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Pattern Recognition"],"published-print":{"date-parts":[[2003,1]]},"DOI":"10.1016\/s0031-3203(02)00026-2","type":"journal-article","created":{"date-parts":[[2002,10,7]],"date-time":"2002-10-07T20:21:37Z","timestamp":1034022097000},"page":"229-243","source":"Crossref","is-referenced-by-count":234,"title":["Host-based intrusion detection using dynamic and static behavioral models"],"prefix":"10.1016","volume":"36","author":[{"given":"Dit-Yan","family":"Yeung","sequence":"first","affiliation":[]},{"given":"Yuxin","family":"Ding","sequence":"additional","affiliation":[]}],"member":"78","reference":[{"issue":"2","key":"10.1016\/S0031-3203(02)00026-2_BIB1","doi-asserted-by":"crossref","first-page":"222","DOI":"10.1109\/TSE.1987.232894","article-title":"An intrusion-detection model","volume":"13","author":"Denning","year":"1987","journal-title":"IEEE Trans. Software Eng."},{"issue":"8","key":"10.1016\/S0031-3203(02)00026-2_BIB2","doi-asserted-by":"crossref","first-page":"805","DOI":"10.1016\/S1389-1286(98)00017-6","article-title":"Towards a taxonomy of intrusion-detection systems","volume":"31","author":"Debar","year":"1999","journal-title":"Comput. Networks"},{"key":"10.1016\/S0031-3203(02)00026-2_BIB3","series-title":"Pattern Classification","author":"Duda","year":"2001"},{"key":"10.1016\/S0031-3203(02)00026-2_BIB4","doi-asserted-by":"crossref","unstructured":"S. Forrest, S.A. Hofmeyr, A. Somayaji, T.A. Longstaff, A sense of self for Unix processes, Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, USA, 6\u20138 May, 1996, pp. 120\u2013128.","DOI":"10.1109\/SECPRI.1996.502675"},{"key":"10.1016\/S0031-3203(02)00026-2_BIB5","doi-asserted-by":"crossref","unstructured":"D. Endler, Intrusion detection: applying machine learning to Solaris audit data. Proceedings of the Fourteenth Annual Computer Security Applications Conference, Phoenix, AZ, USA, 7\u201311 December, 1998, pp. 268\u2013279.","DOI":"10.1109\/CSAC.1998.738647"},{"key":"10.1016\/S0031-3203(02)00026-2_BIB6","doi-asserted-by":"crossref","unstructured":"G.G. Helmer, J.S.K. Wong, V. Honavar, L. Miller, Intelligent agents for intrusion detection. Proceedings of the 1998 IEEE Information Technology Conference\u2014Information Environment for the Future, Syracuse, NY, USA, 1\u20133 September 1998, pp. 121\u2013124.","DOI":"10.1109\/IT.1998.713396"},{"key":"10.1016\/S0031-3203(02)00026-2_BIB7","unstructured":"W. Lee, S.J. Stolfo, Data mining approaches for intrusion detection, Proceedings of the Seventh USENIX Security Symposium, San Antonio, TX, USA, 26\u201329 January 1998, pp. 79\u201393."},{"key":"10.1016\/S0031-3203(02)00026-2_BIB8","doi-asserted-by":"crossref","unstructured":"C. Warrender, S. Forrest, B. Pearlmutter, Detecting intrusions using system calls: alternative data models. Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, USA, 9\u201312 May 1999, pp. 133\u2013145.","DOI":"10.1109\/SECPRI.1999.766910"},{"key":"10.1016\/S0031-3203(02)00026-2_BIB9","series-title":"Advances in Neural Information Processing Systems, Vol. 10","first-page":"943","article-title":"Intrusion detection with neural networks","author":"Ryan","year":"1998"},{"key":"10.1016\/S0031-3203(02)00026-2_BIB10","doi-asserted-by":"crossref","unstructured":"D. Gunetti, G. Ruffo, Intrusion detection through behavioral data. Proceedings of the Third International Symposium on Intelligent Data Analysis, Amsterdam, Netherlands, 9\u201311 August 1999, pp. 383\u2013394.","DOI":"10.1007\/3-540-48412-4_32"},{"key":"10.1016\/S0031-3203(02)00026-2_BIB11","unstructured":"T. Lane, Hidden Markov models for human\/computer interface modeling, Proceedings of the IJCAI-99 Workshop on Learning about Users, Stockholm, Sweden, 31 July 1999, pp. 35\u201344."},{"issue":"3","key":"10.1016\/S0031-3203(02)00026-2_BIB12","doi-asserted-by":"crossref","first-page":"295","DOI":"10.1145\/322510.322526","article-title":"Temporal sequence learning and data reduction for anomaly detection","volume":"2","author":"Lane","year":"1999","journal-title":"ACM Trans. Inform. System Secur."},{"key":"10.1016\/S0031-3203(02)00026-2_BIB13","unstructured":"W. Lee, S.J. Stolfo, K.W. Mok, A data mining framework for building intrusion detection models, Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, USA, 9\u201312 May 1999, pp. 120\u2013132."},{"issue":"1\/2","key":"10.1016\/S0031-3203(02)00026-2_BIB14","doi-asserted-by":"crossref","first-page":"33","DOI":"10.1016\/S0020-0190(00)00122-8","article-title":"Detecting masquerades in intrusion detection based on unpopular commands","volume":"76","author":"Schonlau","year":"2000","journal-title":"Inform. Process. Lett."},{"issue":"5025","key":"10.1016\/S0031-3203(02)00026-2_BIB15","doi-asserted-by":"crossref","first-page":"1289","DOI":"10.1126\/science.1891718","article-title":"Autoassociation and novelty detection by neuromechanics","volume":"253","author":"Daunicht","year":"1991","journal-title":"Science"},{"issue":"4","key":"10.1016\/S0031-3203(02)00026-2_BIB16","doi-asserted-by":"crossref","first-page":"217","DOI":"10.1049\/ip-vis:19941330","article-title":"Novelty detection and neural network validation","volume":"141","author":"Bishop","year":"1994","journal-title":"IEE Proc.: Vision Image Signal Process."},{"key":"10.1016\/S0031-3203(02)00026-2_BIB17","unstructured":"N. Japkowicz, C. Myers, M. Gluck, A novelty detection approach to classification, Proceedings of the Fourteenth International Joint Conference on Artificial Intelligence, Vol. 1, Montr\u00e9al, Quebec, Canada, 20\u201325 August 1995, pp. 518\u2013523."},{"key":"10.1016\/S0031-3203(02)00026-2_BIB18","doi-asserted-by":"crossref","unstructured":"T. Lane, C.E. Brodley, Temporal sequence learning and data reduction for anomaly detection, Proceedings of the Fifth ACM Conference on Computer and Communications Security, San Francisco, CA, USA, 2\u20135 November 1998, pp. 150\u2013158.","DOI":"10.1145\/288090.288122"},{"issue":"2","key":"10.1016\/S0031-3203(02)00026-2_BIB19","doi-asserted-by":"crossref","first-page":"257","DOI":"10.1109\/5.18626","article-title":"A tutorial on hidden Markov models and selected applications in speech recognition","volume":"77","author":"Rabiner","year":"1989","journal-title":"Proc. IEEE"},{"key":"10.1016\/S0031-3203(02)00026-2_BIB20","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1111\/j.2517-6161.1977.tb01600.x","article-title":"Maximum likelihood from incomplete data via the EM algorithm (with discussion)","volume":"39","author":"Dempster","year":"1977","journal-title":"J. Roy. Statist. Soc. Ser. B"},{"issue":"1","key":"10.1016\/S0031-3203(02)00026-2_BIB21","doi-asserted-by":"crossref","first-page":"164","DOI":"10.1214\/aoms\/1177697196","article-title":"A maximization technique occurring in the statistical analysis of probabilistic functions of Markov chains","volume":"41","author":"Baum","year":"1970","journal-title":"Annals of Mathematical Statistics"},{"issue":"1","key":"10.1016\/S0031-3203(02)00026-2_BIB22","doi-asserted-by":"crossref","first-page":"26","DOI":"10.1109\/TIT.1980.1056144","article-title":"Axiomatic derivation of the principle of maximum entropy and the principle of minimum cross-entropy","volume":"26","author":"Shore","year":"1980","journal-title":"IEEE Transactions on Information Theory"},{"issue":"6","key":"10.1016\/S0031-3203(02)00026-2_BIB23","doi-asserted-by":"crossref","first-page":"942","DOI":"10.1109\/TIT.1983.1056747","article-title":"Comments on and correction to \u2018axiomatic derivation of the principle of maximum entropy and the principle of minimum cross-entropy\u2019 (Jan 80 26\u201337)","volume":"29","author":"Johnson","year":"1983","journal-title":"IEEE Transactions on Information Theory"},{"key":"10.1016\/S0031-3203(02)00026-2_BIB24","doi-asserted-by":"crossref","first-page":"79","DOI":"10.1214\/aoms\/1177729694","article-title":"On information and sufficiency","volume":"22","author":"Kullback","year":"1951","journal-title":"Ann. Math. Statist."},{"key":"10.1016\/S0031-3203(02)00026-2_BIB25","series-title":"Empirical Methods for Artificial Intelligence","author":"Cohen","year":"1995"}],"container-title":["Pattern Recognition"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S0031320302000262?httpAccept=text\/xml","content-type":"text\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S0031320302000262?httpAccept=text\/plain","content-type":"text\/plain","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2024,12,3]],"date-time":"2024-12-03T17:08:18Z","timestamp":1733245698000},"score":1,"resource":{"primary":{"URL":"https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/S0031320302000262"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2003,1]]},"references-count":25,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2003,1]]}},"alternative-id":["S0031320302000262"],"URL":"https:\/\/doi.org\/10.1016\/s0031-3203(02)00026-2","relation":{},"ISSN":["0031-3203"],"issn-type":[{"value":"0031-3203","type":"print"}],"subject":[],"published":{"date-parts":[[2003,1]]}}}