{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,23]],"date-time":"2026-01-23T09:39:32Z","timestamp":1769161172259,"version":"3.49.0"},"reference-count":52,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"6","license":[{"start":{"date-parts":[[2012,11,1]],"date-time":"2012-11-01T00:00:00Z","timestamp":1351728000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans. Syst., Man, Cybern. C"],"published-print":{"date-parts":[[2012,11]]},"DOI":"10.1109\/tsmcc.2012.2217325","type":"journal-article","created":{"date-parts":[[2012,12,21]],"date-time":"2012-12-21T19:04:54Z","timestamp":1356116694000},"page":"1690-1704","source":"Crossref","is-referenced-by-count":23,"title":["Analyzing Log Files for Postmortem Intrusion Detection"],"prefix":"10.1109","volume":"42","author":[{"given":"Karen A.","family":"Garcia","sequence":"first","affiliation":[]},{"given":"Ra\u00fal","family":"Monroy","sequence":"additional","affiliation":[]},{"given":"Luis A.","family":"Trejo","sequence":"additional","affiliation":[]},{"given":"Carlos","family":"Mex-Perera","sequence":"additional","affiliation":[]},{"given":"Eduardo","family":"Aguirre","sequence":"additional","affiliation":[]}],"member":"263","reference":[{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2006.12"},{"key":"ref38","first-page":"405","article-title":"Learning useful system call attributes for anomaly detection","author":"tandon","year":"2005","journal-title":"Proc 18th Int Florida Artif Intell Res Soc Conf"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1109\/MNET.2009.4804323"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1016\/S0031-3203(02)00026-2"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1049\/el:20020467"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1145\/586110.586145"},{"key":"ref37","first-page":"326","article-title":"On the detection of anomalous system call arguments","volume":"2808","author":"kr\u00fcgel","year":"2003","journal-title":"Proc Euro Symp Res Computer Security"},{"key":"ref36","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1214\/ss\/998929472","article-title":"Computer intrusion: Detecting masquerades","volume":"16","author":"schonlau","year":"2001","journal-title":"Statist Sci"},{"key":"ref35","first-page":"1","article-title":"Anomaly sequences detection from logs based on compression","volume":"abs 1109 1729","author":"wang","year":"2011","journal-title":"Comput Res Repository"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1007\/11766155_30"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1109\/SECPRI.2002.1004371"},{"key":"ref27","article-title":"Automated intrusion detection using NFR: Methods and experiences","author":"lee","year":"1999","journal-title":"Workshop on Intrusion Detection and Network Monitoring USENIX Santa Clara CA"},{"key":"ref29","doi-asserted-by":"crossref","first-page":"54","DOI":"10.1007\/3-540-36084-0_4","article-title":"Undermining an anomaly-based intrusion detection system using common exploits","author":"tan","year":"2002","journal-title":"Proc 5th Int Symp Recent Adv Intrusion Detect"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1109\/5.18626"},{"key":"ref1","article-title":"The human immune system and network intrusion detection","author":"kim","year":"1999","journal-title":"7th Eur Conf Intell Tech Soft Comput"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1109\/SECPRI.2001.924296"},{"key":"ref22","first-page":"1","article-title":"A secure environment for untrusted helper applications: Confining the wily hacker","volume":"6","author":"goldberg","year":"1996","journal-title":"Proc 6th Conf USENIX Security Symp Focusing Appl Cryptogr"},{"key":"ref21","article-title":"Efficient context-sensitive intrusion detection","author":"giffin","year":"2004","journal-title":"Proc Symp Network and Distributed System Security"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1109\/SECPRI.1996.502675"},{"key":"ref23","first-page":"257","article-title":"Improving host security with system call policies","volume":"12","author":"provos","year":"2003","journal-title":"Proc 12th Conf Usenix Security Symp"},{"key":"ref26","doi-asserted-by":"crossref","first-page":"151","DOI":"10.3233\/JCS-980109","article-title":"Intrusion detection using sequences of system calls","volume":"6","author":"hofmeyr","year":"1998","journal-title":"J Comput Security"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1016\/j.knosys.2006.03.008"},{"key":"ref50","article-title":"Vulnerabilities analysis, in International Recent Adv. Intrus. Detect","author":"bishop","year":"0"},{"key":"ref51","author":"van rijsbergen","year":"1979","journal-title":"Information Retrieval"},{"key":"ref52","author":"beitzel","year":"2006","journal-title":"On understanding and classifying web queries"},{"key":"ref10","doi-asserted-by":"crossref","first-page":"67","DOI":"10.1613\/jair.374","article-title":"Identifying hierarchical structure in sequences: A linear-time algorithm","volume":"7","author":"nevill-manning","year":"1997","journal-title":"J Artif Intell Res"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1007\/11507840_30"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2008.69"},{"key":"ref12","author":"bace","year":"2000","journal-title":"Intrusion Detection"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1016\/S1389-1286(98)00017-6"},{"key":"ref14","article-title":"Intrusion detection systems: A survey and taxonomy","author":"axelsson","year":"1990","journal-title":"Dept Comput Eng Chalmers Univ Technol Gothenburg Sweden Tech Rep 99-15"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1108\/09685221011079199"},{"key":"ref16","article-title":"Computer security threat monitoring and surveillance","author":"anderson","year":"1980","journal-title":"James P Anderson Company Fort Washington PA Tech Rep 79F296400"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.1987.232894"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1109\/SECPRI.1997.601332"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1145\/504909.504911"},{"key":"ref4","first-page":"146","article-title":"Stochastic learning","author":"bottou","year":"2003","journal-title":"Advanced Lectures on Machine Learning"},{"key":"ref3","first-page":"281","article-title":"Some methods for classification and analysis of multivariate observations","volume":"1","author":"macqueen","year":"1967","journal-title":"Proc 5th Berkeley Symp Math Statist Probab"},{"key":"ref6","doi-asserted-by":"crossref","first-page":"788","DOI":"10.1038\/44565","article-title":"Learning the parts of objects by non-negative matrix factorization","volume":"401","author":"lee","year":"1999","journal-title":"Nature"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1109\/IFITA.2009.34"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2008.04.006"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1109\/CDC.2004.1428613"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1109\/DISCEX.2000.821514"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1109\/SECPRI.1999.766910"},{"key":"ref46","author":"young","year":"2002","journal-title":"The HTK Book for HTK Version 3 2 1"},{"key":"ref45","doi-asserted-by":"crossref","first-page":"81","DOI":"10.22201\/icat.16656423.2011.9.01.453","article-title":"A comparison of dynamic naive Bayesian classifiers and Hidden Markov models for gesture recognition","volume":"9","author":"avil\u00e9s-arriaga","year":"2011","journal-title":"J Appl Res Technol"},{"key":"ref48","first-page":"131","article-title":"An intrusion detection for a mobile ad-hoc networks based on a non-negative matrix factorization method","volume":"40","author":"mex-perera","year":"2008","journal-title":"J Comput Res"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1109\/TIT.2003.819324"},{"key":"ref42","doi-asserted-by":"crossref","first-page":"141","DOI":"10.1007\/11506881_9","article-title":"Masquerade detection via customized grammars","volume":"3548","author":"latendresse","year":"2005","journal-title":"Proc Detection Intrusions Malware Vulnerability Assess"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1016\/S0031-3203(02)00026-2"},{"key":"ref44","author":"montgomery","year":"2006","journal-title":"Applied Statistics and Probability for Engineers"},{"key":"ref43","first-page":"622","article-title":"Hybrid method for detecting masqueraders using session folding and hidden Markov models","author":"posadas","year":"2006","journal-title":"Proc 5th Mexican Int Conf Artif Intell"}],"container-title":["IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx5\/5326\/6330018\/06392466.pdf?arnumber=6392466","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,10,10]],"date-time":"2021-10-10T23:50:33Z","timestamp":1633909833000},"score":1,"resource":{"primary":{"URL":"http:\/\/ieeexplore.ieee.org\/document\/6392466\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2012,11]]},"references-count":52,"journal-issue":{"issue":"6"},"URL":"https:\/\/doi.org\/10.1109\/tsmcc.2012.2217325","relation":{},"ISSN":["1094-6977","1558-2442"],"issn-type":[{"value":"1094-6977","type":"print"},{"value":"1558-2442","type":"electronic"}],"subject":[],"published":{"date-parts":[[2012,11]]}}}