{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,21]],"date-time":"2026-02-21T07:05:08Z","timestamp":1771657508516,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":60,"publisher":"ACM","license":[{"start":{"date-parts":[[2017,9,26]],"date-time":"2017-09-26T00:00:00Z","timestamp":1506384000000},"content-version":"vor","delay-in-days":365,"URL":"http:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"Assistant Secretary of Defense for Researching and Engineering","award":["FA8721-05-C-0002"],"award-info":[{"award-number":["FA8721-05-C-0002"]}]},{"DOI":"10.13039\/100000185","name":"Defense Advanced Research Projects Agency","doi-asserted-by":"publisher","award":["FA8650-15-C-7565"],"award-info":[{"award-number":["FA8650-15-C-7565"]}],"id":[{"id":"10.13039\/100000185","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2016,9,26]]},"DOI":"10.1145\/3011883.3011888","type":"proceedings-article","created":{"date-parts":[[2016,12,15]],"date-time":"2016-12-15T13:03:54Z","timestamp":1481807034000},"page":"23-35","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":1,"title":["Cross-layer personalization as a first-class citizen for situation awareness and computer infrastructure security"],"prefix":"10.1145","author":[{"given":"Aokun","family":"Chen","sequence":"first","affiliation":[{"name":"University of Florida"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Pratik","family":"Brahma","sequence":"additional","affiliation":[{"name":"University of Florida"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Dapeng Oliver","family":"Wu","sequence":"additional","affiliation":[{"name":"University of Florida"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Natalie","family":"Ebner","sequence":"additional","affiliation":[{"name":"University of Florida"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Brandon","family":"Matthews","sequence":"additional","affiliation":[{"name":"MIT Lincoln Laboratory"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jedidiah","family":"Crandall","sequence":"additional","affiliation":[{"name":"University of New Mexico"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Xuetao","family":"Wei","sequence":"additional","affiliation":[{"name":"University of Cincinnati"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Michalis","family":"Faloutsos","sequence":"additional","affiliation":[{"name":"University of California"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Daniela","family":"Oliveira","sequence":"additional","affiliation":[{"name":"University of Florida"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2016,9,26]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"An application of pattern matching in intrusion detection,\" tech. rep","author":"Kumar S.","year":"1994","unstructured":"S. Kumar and E. H. Spafford, \"An application of pattern matching in intrusion detection,\" tech. rep., Purdue University, July. 1994."},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1109\/32.372146"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.5555\/784589.784632"},{"key":"e_1_3_2_1_4_1","unstructured":"\"Bromium end point protection (https:\/\/www.bromium.com\/) \" Apr. 2016."},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.5555\/1947337.1947356"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/283699.283742"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.5555\/1298081.1298084"},{"key":"e_1_3_2_1_8_1","first-page":"133","article-title":"Detecting intrusions using system calls: Alternative data models","author":"Warrender C.","year":"1999","unstructured":"C. Warrender, S. Forrest, and B. Pearlmutter, \"Detecting intrusions using system calls: Alternative data models,\" Proceedings of IEEE Symposium on Security and Privacy, pp. 133--145, 1999.","journal-title":"Proceedings of IEEE Symposium on Security and Privacy"},{"key":"e_1_3_2_1_9_1","first-page":"326","article-title":"On the detection of anomalous system call arguments","volume":"2808","author":"Kruegel C.","year":"2003","unstructured":"C. Kruegel, D. Mutz, F. Valeur, and G. Vigna, \"On the detection of anomalous system call arguments,\" ESORICS, vol. 2808, pp. 326--343, 2003.","journal-title":"ESORICS"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.5555\/1267336.1267355"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.5555\/1855768.1855790"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/1866307.1866353"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/2338965.2336768"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.5555\/2823850"},{"key":"e_1_3_2_1_15_1","volume-title":"This Time It's Personal (http:\/\/itknowledgeexchange.techtarget.com\/security-detail\/cisco-report-email-attacks-this-time-its-personal\/)","author":"Attacks Email","year":"2011","unstructured":"\"Email Attacks: This Time It's Personal (http:\/\/itknowledgeexchange.techtarget.com\/security-detail\/cisco-report-email-attacks-this-time-its-personal\/),\" Jul. 2011."},{"key":"e_1_3_2_1_16_1","volume-title":"SecurID Attack Was Phishing Via an Excel Spreadsheet (https:\/\/threatpost.com\/rsa-securid-attack-was-phishing-excel-spreadsheet-040111\/75099\/)","year":"2011","unstructured":"\"RSA: SecurID Attack Was Phishing Via an Excel Spreadsheet (https:\/\/threatpost.com\/rsa-securid-attack-was-phishing-excel-spreadsheet-040111\/75099\/),\" Apr. 2011."},{"key":"e_1_3_2_1_17_1","unstructured":"K. Kupferschmiddt \"A Trail of Microbes - The Unique Mix of Bacteria You Leave Behind Wherever You Go Might Be Used to Identify You \" Science vol. 351 no. 6278 2016."},{"key":"e_1_3_2_1_18_1","volume-title":"The Internet Society","author":"Freeman D. M.","year":"2016","unstructured":"D. M. Freeman, S. Jain, M. D\u00fcrmuth, B. Biggio, and G. Giacinto, \"Who are you? a statistical approach to measuring user authenticity,\" in 23rd Annual Network & Distributed System Security Symposium (NDSS). The Internet Society, 2016."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/2555595"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.5555\/1768197.1768201"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/375663.375668"},{"key":"e_1_3_2_1_22_1","volume-title":"Principal component analysis","author":"Jolliffe I.","year":"2002","unstructured":"I. Jolliffe, Principal component analysis. Wiley Online Library, 2002."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.5555\/1867135.1867155"},{"key":"e_1_3_2_1_24_1","volume-title":"Learning with Kernels","author":"Schoelkopf B.","year":"2002","unstructured":"B. Schoelkopf and A. J. Smola, Learning with Kernels. Cambridge, MA: The MIT Press, 2002."},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.5555\/2621979"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.5555\/1756006.1953039"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1197\/jamia.M2441"},{"key":"e_1_3_2_1_28_1","first-page":"1","article-title":"An ontology of suspicious software behavior","volume":"1","author":"Gregio A.","year":"2016","unstructured":"A. Gregio, R. Bonacin, A. C. de Marchi, O. F. Nabuco, and P. L. de Geus, \"An ontology of suspicious software behavior,\" Applied Ontology, vol. 1, pp. 1--21, 2016.","journal-title":"Applied Ontology"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/SPW.2013.33"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1109\/TETC.2014.2381512"},{"key":"e_1_3_2_1_31_1","first-page":"237","volume-title":"Preprocessing and mining web log data for web personalization,\" in AI* IA 2003: Advances in Artificial Intelligence","author":"Baglioni M.","year":"2003","unstructured":"M. Baglioni, U. Ferrara, A. Romei, S. Ruggieri, and F. Turini, \"Preprocessing and mining web log data for web personalization,\" in AI* IA 2003: Advances in Artificial Intelligence, pp. 237--249, Springer, 2003."},{"key":"e_1_3_2_1_32_1","first-page":"341","volume-title":"Classification of internet users using discriminant analysis and neural networks,\" in Next Generation Internet Networks","author":"Nogueira A.","year":"2005","unstructured":"A. Nogueira, M. R. De Oliveira, P. Salvador, R. Valadas, and A. Pacheco, \"Classification of internet users using discriminant analysis and neural networks,\" in Next Generation Internet Networks, pp. 341--348, IEEE, 2005."},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.5555\/1804599"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2008.06.067"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/2664243.2664266"},{"key":"e_1_3_2_1_36_1","first-page":"06824","article-title":"Personalized security indicators to detect application phishing attacks in mobile platforms","volume":"1502","author":"Marforio C.","year":"2015","unstructured":"C. Marforio, R. J. Masti, C. Soriente, K. Kostiainen, and S. Capkun, \"Personalized security indicators to detect application phishing attacks in mobile platforms,\" CoRR, vol. abs\/1502.06824, 2015.","journal-title":"CoRR"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2662359"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/1592681.1592686"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.5555\/822075.822408"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/1053283.1053286"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/262793.262811"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1162\/106365600568257"},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315261"},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.5555\/1433006.1433013"},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/1455770.1455779"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/2020408.2020448"},{"key":"e_1_3_2_1_47_1","first-page":"130","volume-title":"DISCEX'00","volume":"2","author":"Stolfo S. J.","year":"2000","unstructured":"S. J. Stolfo, W. Fan, W. Lee, A. Prodromidis, and P. K. Chan, \"Cost-based modeling for fraud and intrusion detection: Results from the jam project,\" in DARPA Information Survivability Conference and Exposition. DISCEX'00. Proceedings, vol. 2, pp. 130--144, IEEE, 2000."},{"key":"e_1_3_2_1_48_1","volume-title":"An implementation of intrusion detection system using genetic algorithm,\" arXiv preprint arXiv:1204.1336","author":"Hoque M. S.","year":"2012","unstructured":"M. S. Hoque, M. Mukit, M. Bikas, A. Naser, et al., \"An implementation of intrusion detection system using genetic algorithm,\" arXiv preprint arXiv:1204.1336, 2012."},{"key":"e_1_3_2_1_49_1","first-page":"203","volume-title":"RAID '08","author":"Wang K.","year":"2004","unstructured":"K. Wang and S. J. Stolfo, \"Anomalous payload-based network intrusion detection,\" in Proceedings of the 7th International Symposium on Recent Advances in Intrusion Detection, RAID '08, pp. 203--222, 2004."},{"key":"e_1_3_2_1_50_1","article-title":"KDD Cup '99 dataset (Network Intrusion) considered harmful","author":"Brugger T.","year":"2007","unstructured":"T. Brugger, \"KDD Cup '99 dataset (Network Intrusion) considered harmful.\" KDnuggets News, n18: item4, 15 Sep 2007.","journal-title":"KDnuggets News, n18: item4"},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.5555\/1971751.1971760"},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2007.02.001"},{"key":"e_1_3_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2008.11.011"},{"key":"e_1_3_2_1_54_1","first-page":"361","volume-title":"Grids - a graph based intrusion detection system for large networks,\" in In Proceedings of the 19th National Information System Security Conference","author":"Staniford-Chen S.","year":"1996","unstructured":"S. Staniford-Chen, S. Cheung, R. Crawford, M. Dilger, J. Frank, J. Hoagland, K. Levitt, C. Wee, R. Yip, and D. Zerkle, \"Grids - a graph based intrusion detection system for large networks,\" in In Proceedings of the 19th National Information System Security Conference, pp. 361--370, 1996."},{"key":"e_1_3_2_1_55_1","first-page":"1","volume-title":"Enterprise security: A community of interest based approach.,\" in 13th Annual Network & Distributed System Security Symposium (NDSS)","author":"McDaniel P. D.","year":"2006","unstructured":"P. D. McDaniel, S. Sen, O. Spatscheck, J. E. van der Merwe, W. Aiello, and C. R. Kalmanek, \"Enterprise security: A community of interest based approach.,\" in 13th Annual Network & Distributed System Security Symposium (NDSS), pp. 1--3, 2006."},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1145\/1278940.1278945"},{"key":"e_1_3_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.25"},{"key":"e_1_3_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.1145\/2413296.2413309"},{"key":"e_1_3_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-33630-5_16"},{"key":"e_1_3_2_1_60_1","doi-asserted-by":"publisher","DOI":"10.2307\/2290095"}],"event":{"name":"NSPW '16: New Security Paradigms Workshop 2016","location":"Granby Colorado USA","acronym":"NSPW '16","sponsor":["ACSA Applied Computing Security Assoc","The National Science Foundation","DELL","CISCO"]},"container-title":["Proceedings of the 2016 New Security Paradigms Workshop"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3011883.3011888","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3011883.3011888","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3011883.3011888","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T09:20:08Z","timestamp":1763457608000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3011883.3011888"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016,9,26]]},"references-count":60,"alternative-id":["10.1145\/3011883.3011888","10.1145\/3011883"],"URL":"https:\/\/doi.org\/10.1145\/3011883.3011888","relation":{},"subject":[],"published":{"date-parts":[[2016,9,26]]},"assertion":[{"value":"2016-09-26","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}