{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,8]],"date-time":"2026-06-08T23:30:05Z","timestamp":1780961405683,"version":"3.54.1"},"reference-count":38,"publisher":"IEEE","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2015,5]]},"DOI":"10.1109\/cisda.2015.7208644","type":"proceedings-article","created":{"date-parts":[[2015,8,20]],"date-time":"2015-08-20T17:41:42Z","timestamp":1440092502000},"page":"1-8","source":"Crossref","is-referenced-by-count":11,"title":["A trace abstraction approach for host-based anomaly detection"],"prefix":"10.1109","author":[{"given":"Syed Shariyar","family":"Murtaza","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Wael","family":"Khreich","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Abdelwahab","family":"Hamou-Lhadj","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Stephane","family":"Gagnon","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"263","reference":[{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2011.05.007"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1109\/SECPRI.1999.766910"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1109\/ICMLC.2004.1378514"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1145\/586110.586145"},{"key":"ref30","doi-asserted-by":"crossref","first-page":"80","DOI":"10.1007\/3-540-39945-3_6","article-title":"Adaptive, Model-Based Monitoring for Cyber Attack Detection","author":"valdes","year":"2000","journal-title":"Proceedings of 3rd International Workshop on the Recent Advances in Intrusion Detection"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1016\/S0031-3203(02)00026-2"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1109\/TC.2002.1017701"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1007\/978-1-4615-4625-2"},{"key":"ref34","doi-asserted-by":"crossref","first-page":"227","DOI":"10.1145\/382912.382914","article-title":"A framework for constructing features and models for intrusion detection systems","volume":"3","author":"wenke","year":"2000","journal-title":"ACM Transactions on Information System Security"},{"key":"ref10","first-page":"10","article-title":"Reasoning about the Concept of Utilities","author":"hamou-lhadj","year":"2004","journal-title":"Proc of the ECOOP International Workshop on Practical Problems of Programming in the Large"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2009.05.004"},{"key":"ref12","first-page":"531","article-title":"A multi-layer model for anomaly intrusion detection using program sequences of system calls","author":"hoang","year":"2003","journal-title":"Proc of the 11thIEEE Conference on Network"},{"key":"ref13","doi-asserted-by":"crossref","first-page":"151","DOI":"10.3233\/JCS-980109","article-title":"Intrusion detection using sequences of system calls","volume":"6","author":"hofmeyr","year":"1998","journal-title":"Journal of Computer Security"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1109\/MNET.2009.4804323"},{"key":"ref15","first-page":"111","article-title":"Multi-resolution Abnormal Trace Detection Using Varied-length N-grams and Automata","author":"jiang","year":"2005","journal-title":"Proc of the 2nd International Conference on Automatic Computing"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1109\/PST.2008.25"},{"key":"ref17","article-title":"Using System Call Information to Reveal Hidden Attack Manifestations","author":"larson","year":"2009","journal-title":"Proc of 1st International Workshop on Security and Communication Networks"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1109\/IJCNN.2002.1007776"},{"key":"ref19","first-page":"206","article-title":"Enhancing System Called-Based Intrusion Detection with Protocol Context","author":"liu","year":"2011","journal-title":"Proc of the 5th International Conference on Emerging Security Information Systems and Technologies"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1109\/JSAC.2002.806130"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1016\/S0167-4048(03)00112-3"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1109\/5.18626"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2006.12"},{"key":"ref6","first-page":"1","article-title":"A Semantic Approach to Host-based Intrusion Detection Systems Using Contiguous and Discontiguous System Call Patterns","author":"creech","year":"2013","journal-title":"IEEE Transactions on Computers"},{"key":"ref29","author":"tandon","year":"2008","journal-title":"Machine Learning for Host-based Anomaly Detection"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1109\/WCNC.2013.6555301"},{"key":"ref8","doi-asserted-by":"crossref","first-page":"93","DOI":"10.1007\/3-540-39945-3_7","article-title":"A Real-Time Intrusion Detection System Based on Learning Program Behavior","author":"ghosh","year":"2000","journal-title":"Proceedings of 3rd International Workshop on the Recent Advances in Intrusion Detection"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1109\/SECPRI.1996.502675"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1109\/ICET.2009.5353204"},{"key":"ref9","author":"hamou-lhadj","year":"2015","journal-title":"Techniques to Simplify the Analysis of Execution Traces for Program Comprehension"},{"key":"ref1","first-page":"ii?385","article-title":"Performance analysis of of artifical neural network intrusion detection systems","author":"abdel-azim","year":"2009","journal-title":"Proc of the International Conference on Electrical and Electronics Engineering (ELECO'09)"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2008.69"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1109\/ISSRE.2013.6698896"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1109\/ICDM.2003.1250987"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2007.02.001"},{"key":"ref23","first-page":"83","article-title":"TotalADS: Automated Software Anomaly Detection System","author":"murtaza","year":"2014","journal-title":"Proc of 14th IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM)"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1109\/SERA.2010.34"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1109\/ICECCS.2011.29"}],"event":{"name":"2015 IEEE Symposium on Computational Intelligence for Security and Defense Applications (CISDA)","location":"Verona, NY, USA","start":{"date-parts":[[2015,5,26]]},"end":{"date-parts":[[2015,5,28]]}},"container-title":["2015 IEEE Symposium on Computational Intelligence for Security and Defense Applications (CISDA)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/7165058\/7208613\/07208644.pdf?arnumber=7208644","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,8,29]],"date-time":"2019-08-29T13:00:57Z","timestamp":1567083657000},"score":1,"resource":{"primary":{"URL":"http:\/\/ieeexplore.ieee.org\/document\/7208644\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015,5]]},"references-count":38,"URL":"https:\/\/doi.org\/10.1109\/cisda.2015.7208644","relation":{},"subject":[],"published":{"date-parts":[[2015,5]]}}}