{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,12]],"date-time":"2026-06-12T20:31:08Z","timestamp":1781296268184,"version":"3.54.1"},"reference-count":73,"publisher":"Association for Computing Machinery (ACM)","issue":"4","license":[{"start":{"date-parts":[[2021,10,15]],"date-time":"2021-10-15T00:00:00Z","timestamp":1634256000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["Digital Threats"],"published-print":{"date-parts":[[2021,12,31]]},"abstract":"<jats:p>\n            <jats:italic>Host-based Intrusion Detection Systems<\/jats:italic>\n            (HIDS) automatically detect events that indicate compromise by adversarial applications. HIDS are generally formulated as analyses of sequences of system events such as bash commands or system calls.\n            <jats:italic>Anomaly-based<\/jats:italic>\n            approaches to HIDS leverage models of normal (a.k.a. baseline) system behavior to detect and report abnormal events and have the advantage of being able to detect novel attacks. In this article, we develop a new method for anomaly-based HIDS using deep learning predictions of sequence-to-sequence behavior in system calls. Our proposed method, called the\n            <jats:inline-formula content-type=\"math\/tex\">\n              <jats:tex-math notation=\"TeX\" version=\"MathJax\">ALAD<\/jats:tex-math>\n            <\/jats:inline-formula>\n            algorithm, aggregates predictions at the\n            <jats:italic>application<\/jats:italic>\n            level to detect anomalies. We investigate the use of several deep learning architectures, including WaveNet and several recurrent networks. We show that\n            <jats:inline-formula content-type=\"math\/tex\">\n              <jats:tex-math notation=\"TeX\" version=\"MathJax\">ALAD<\/jats:tex-math>\n            <\/jats:inline-formula>\n            empowered with deep learning significantly outperforms previous approaches. We train and evaluate our models using an existing dataset, ADFA-LD, and a new dataset of our own construction, PLAID. As deep learning models are black box in nature, we use an alternate approach, allotaxonographs, to characterize and understand differences in baseline vs.\u00a0attack sequences in HIDS datasets such as PLAID.\n          <\/jats:p>","DOI":"10.1145\/3461462","type":"journal-article","created":{"date-parts":[[2021,5,4]],"date-time":"2021-05-04T14:16:04Z","timestamp":1620137764000},"page":"1-29","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":27,"title":["Methods for Host-based Intrusion Detection with Deep Learning"],"prefix":"10.1145","volume":"2","author":[{"suffix":"IV","given":"John H.","family":"Ring","sequence":"first","affiliation":[{"name":"University of Vermont, Department of Computer Science, Burlington, USA and MassMutual, Data Science"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Colin M.","family":"Van Oort","sequence":"additional","affiliation":[{"name":"University of Vermont, Department of Computer Science, Burlington, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Samson","family":"Durst","sequence":"additional","affiliation":[{"name":"University of Vermont, Department of Computer Science, Burlington, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Vanessa","family":"White","sequence":"additional","affiliation":[{"name":"University of Vermont, Department of Computer Science, Burlington, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Joseph P.","family":"Near","sequence":"additional","affiliation":[{"name":"University of Vermont, Department of Computer Science, Burlington, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Christian","family":"Skalka","sequence":"additional","affiliation":[{"name":"University of Vermont, Department of Computer Science, Burlington, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2021,10,15]]},"reference":[{"key":"e_1_3_3_2_2","unstructured":"Mart\u00edn Abadi Ashish Agarwal Paul Barham Eugene Brevdo Zhifeng Chen Craig Citro Greg S. Corrado Andy Davis Jeffrey Dean Matthieu Devin Sanjay Ghemawat Ian Goodfellow Andrew Harp Geoffrey Irving Michael Isard Yangqing Jia Rafal Jozefowicz Lukasz Kaiser Manjunath Kudlur Josh Levenberg Dandelion Man\u00e9 Rajat Monga Sherry Moore Derek Murray Chris Olah Mike Schuster Jonathon Shlens Benoit Steiner Ilya Sutskever 2015. TensorFlow: Large-scale Machine Learning on Heterogeneous Systems. Retrieved from https:\/\/www.tensorflow.org\/."},{"issue":"3","key":"e_1_3_3_3_2","first-page":"141","article-title":"Ensemble classifier for misuse detection using N-gram feature vectors through operating system call traces","volume":"14","author":"Aghaei Ehsan","year":"2017","unstructured":"Ehsan Aghaei and Gursel Serpen. 2017. Ensemble classifier for misuse detection using N-gram feature vectors through operating system call traces. Int. J. Hybrid Intell. Syst. 14, 3 (2017), 141\u2013154.","journal-title":"Int. J. Hybrid Intell. Syst."},{"key":"e_1_3_3_4_2","first-page":"228","volume-title":"Proceedings of the 15th International Conference on Distributed Computing in Sensor Systems","author":"Ahmim Ahmed","year":"2019","unstructured":"Ahmed Ahmim, Leandros Maglaras, Mohamed Amine Ferrag, Makhlouf Derdour, and Helge Janicke. 2019. A novel hierarchical intrusion detection system based on decision tree and rules-based models. In Proceedings of the 15th International Conference on Distributed Computing in Sensor Systems (DCOSS\u201919). IEEE, 228\u2013233."},{"key":"e_1_3_3_5_2","unstructured":"James P. Anderson. 1980. Computer Security Threat Monitoring and Surveillance. Technical Report. James P. Anderson Company ."},{"key":"e_1_3_3_6_2","first-page":"1788","volume-title":"Proceedings of the IEEE Trustcom\/BigDataSE\/ISPA","author":"Azab Ahmad","year":"2016","unstructured":"Ahmad Azab, Mamoun Alazab, and Mahdi Aiash. 2016. Machine learning based botnet identification traffic. In Proceedings of the IEEE Trustcom\/BigDataSE\/ISPA. IEEE, 1788\u20131794."},{"key":"e_1_3_3_7_2","first-page":"44","volume-title":"Proceedings of the 5th Cybercrime and Trustworthy Computing Conference","author":"Azab Ahmad","year":"2014","unstructured":"Ahmad Azab, Robert Layton, Mamoun Alazab, and Jonathan Oliver. 2014. Mining malware to detect variants. In Proceedings of the 5th Cybercrime and Trustworthy Computing Conference. IEEE, 44\u201353."},{"key":"e_1_3_3_8_2","doi-asserted-by":"publisher","DOI":"10.1145\/352600.352624"},{"key":"e_1_3_3_9_2","doi-asserted-by":"publisher","DOI":"10.1145\/2898375.2898400"},{"key":"e_1_3_3_10_2","first-page":"149","volume-title":"Proceedings of the Joint European Conference on Machine Learning and Knowledge Discovery in Databases","author":"Chawla Ashima","year":"2018","unstructured":"Ashima Chawla, Brian Lee, Sheila Fallon, and Paul Jacob. 2018. Host based intrusion detection system with combined CNN\/RNN model. In Proceedings of the Joint European Conference on Machine Learning and Knowledge Discovery in Databases. Springer, 149\u2013158."},{"key":"e_1_3_3_11_2","first-page":"4487","volume-title":"Proceedings of the IEEE Wireless Communications and Networking Conference","author":"Creech Gideon","year":"2013","unstructured":"Gideon Creech and Jiankun Hu. 2013. Generation of a new IDS test dataset: Time to retire the KDD collection. In Proceedings of the IEEE Wireless Communications and Networking Conference (WCNC\u201913). IEEE, 4487\u20134492."},{"issue":"1","key":"e_1_3_3_12_2","article-title":"A survey on security visualization techniques for web information systems","volume":"9","author":"Dang Tran Khanh","year":"2013","unstructured":"Tran Khanh Dang and Tran Tri Dang. 2013. A survey on security visualization techniques for web information systems. Int. J. Web Inf. Syst. 9, 1 (2013).","journal-title":"Int. J. Web Inf. Syst."},{"key":"e_1_3_3_13_2","article-title":"Allotaxonometry and rank-turbulence divergence: A universal instrument for comparing complex systems","author":"Dodds Peter Sheridan","year":"2020","unstructured":"Peter Sheridan Dodds, Joshua R. Minot, Michael V. Arnold, Thayer Alshaabi, Jane Lydia Adams, David Rushing Dewhurst, Tyler J. Gray, Morgan R. Frank, Andrew J. Reagan, and Christopher M. Danforth. 2020. Allotaxonometry and rank-turbulence divergence: A universal instrument for comparing complex systems. arXiv preprint arXiv:2002.09770 (2020).","journal-title":"arXiv preprint arXiv:2002.09770"},{"key":"e_1_3_3_14_2","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134015"},{"key":"e_1_3_3_15_2","doi-asserted-by":"crossref","first-page":"77","DOI":"10.1007\/978-1-4615-0953-0_4","article-title":"A geometric framework for unsupervised anomaly detection","author":"Eskin Eleazar","year":"2002","unstructured":"Eleazar Eskin, Andrew Arnold, Michael Prerau, Leonid Portnoy, and Sal Stolfo. 2002. A geometric framework for unsupervised anomaly detection. In Applications of Data Mining in Computer Security. Springer, 77\u2013101.","journal-title":"Applications of Data Mining in Computer Security"},{"key":"e_1_3_3_16_2","doi-asserted-by":"crossref","first-page":"165","DOI":"10.1109\/DISCEX.2001.932213","volume-title":"Proceedings of the DARPA Information Survivability Conference and Exposition II (DISCEX\u201901)","volume":"1","author":"Eskin Eleazar","year":"2001","unstructured":"Eleazar Eskin, Wenke Lee, and Salvatore J. Stolfo. 2001. Modeling system calls for intrusion detection with dynamic window sizes. In Proceedings of the DARPA Information Survivability Conference and Exposition II (DISCEX\u201901), Vol. 1. IEEE, 165\u2013175."},{"key":"e_1_3_3_17_2","doi-asserted-by":"publisher","DOI":"10.5555\/1947337.1947356"},{"key":"e_1_3_3_18_2","first-page":"1","volume-title":"Proceedings of the IEEE Region 3 Technical, Professional, and Student Conference","author":"Goeschel Kathleen","year":"2016","unstructured":"Kathleen Goeschel. 2016. Reducing false positives in intrusion detection systems using data-mining techniques utilizing support vector machines, decision trees, and naive Bayes for off-line analysis. In Proceedings of the IEEE Region 3 Technical, Professional, and Student Conference (SoutheastCon\u201916). IEEE, 1\u20136."},{"key":"e_1_3_3_19_2","unstructured":"The PHP Group. 2016. PHP Hypertext Processor. Retrieved from https:\/\/www.php.net\/releases\/7_1_0.php."},{"key":"e_1_3_3_20_2","first-page":"470","volume-title":"Proceedings of the 12th IEEE International Conference on Networks","volume":"2","author":"Hoang X. A.","year":"2004","unstructured":"X. A. Hoang and Jiankun Hu. 2004. An efficient hidden Markov model training scheme for anomaly intrusion detection of server applications based on system calls. In Proceedings of the 12th IEEE International Conference on Networks (ICON\u201904), Vol. 2. IEEE, 470\u2013474."},{"key":"e_1_3_3_21_2","volume-title":"The Psycho-Biology of Language.","author":"Joos Martin","year":"1936","unstructured":"Martin Joos. 1936. The Psycho-Biology of Language. MIT Press."},{"key":"e_1_3_3_22_2","article-title":"LSTM-based system-call language modeling and robust ensemble method for designing host-based intrusion detection systems","author":"Kim Gyuwan","year":"2016","unstructured":"Gyuwan Kim, Hayoon Yi, Jangho Lee, Yunheung Paek, and Sungroh Yoon. 2016. LSTM-based system-call language modeling and robust ensemble method for designing host-based intrusion detection systems. arXiv preprint arXiv:1611.01726 (2016).","journal-title":"arXiv preprint arXiv:1611.01726"},{"key":"e_1_3_3_23_2","article-title":"Adam: A method for stochastic optimization","author":"Kingma Diederik P.","year":"2014","unstructured":"Diederik P. Kingma and Jimmy Ba. 2014. Adam: A method for stochastic optimization. arXiv preprint arXiv:1412.6980 (2014).","journal-title":"arXiv preprint arXiv:1412.6980"},{"key":"e_1_3_3_24_2","volume-title":"The Rust Programming Language (Covers Rust 2018)","author":"Klabnik Steve","year":"2019","unstructured":"Steve Klabnik and Carol Nichols. 2019. The Rust Programming Language (Covers Rust 2018). No Starch Press."},{"key":"e_1_3_3_25_2","doi-asserted-by":"publisher","DOI":"10.1109\/52.605929"},{"issue":"2","key":"e_1_3_3_26_2","first-page":"29","article-title":"Parallel KNN and neighborhood classification implementations on GPU for network intrusion detection","volume":"9","author":"Kuttranont Phuangpaka","year":"2017","unstructured":"Phuangpaka Kuttranont, Kobkun Boonprakob, Comdet Phaudphut, Songyut Permpol, Phet Aimtongkhamand, Urachart KoKaew, Boonsup Waikham, and Chakchai So-In. 2017. Parallel KNN and neighborhood classification implementations on GPU for network intrusion detection. J. Telecommun., Electron. Comput. Eng. 9, 2-2 (2017), 29\u201333.","journal-title":"J. Telecommun., Electron. Comput. Eng."},{"key":"e_1_3_3_27_2","unstructured":"Emil Lerner. 2019. PHP-FPM Attack. Retrieved from https:\/\/github.com\/neex\/phuip-fpizdam."},{"key":"e_1_3_3_28_2","unstructured":"OffSec Services Limited. 2013. Brute-force Password Attack. https:\/\/tools.kali.org\/password-attacks\/hydra."},{"key":"e_1_3_3_29_2","unstructured":"OffSec Services Limited. 2019. Kali Linux. Retrieved from https:\/\/www.kali.org\/."},{"key":"e_1_3_3_30_2","unstructured":"Massachusetts Institute of Technology Lincoln Laboratory. 1998\/1999. DARPA Intrusion Detection Evaluation Dataset. Retrieved from https:\/\/www.ll.mit.edu\/r-d\/datasets\/1999-darpa-intrusion-detection-evaluation-dataset."},{"key":"e_1_3_3_31_2","doi-asserted-by":"publisher","DOI":"10.3390\/app9204396"},{"key":"e_1_3_3_32_2","doi-asserted-by":"publisher","DOI":"10.1103\/PhysRevLett.88.237901"},{"key":"e_1_3_3_33_2","unstructured":"Canonical Ltd.2018. Ubuntu Linux. (2018). Retrieved from https:\/\/releases.ubuntu.com\/18.04.4\/."},{"key":"e_1_3_3_34_2","unstructured":"Netcraft Ltd.2020. April 2020 Web Server Survey. Retrieved from https:\/\/news.netcraft.com\/archives\/2020\/04\/08\/april-2020-web-server-survey.html."},{"key":"e_1_3_3_35_2","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2018.2881561"},{"key":"e_1_3_3_36_2","doi-asserted-by":"publisher","DOI":"10.3390\/s16101701"},{"key":"e_1_3_3_37_2","first-page":"1","volume-title":"Proceedings of the MILCOM IEEE Military Communications Conference","author":"McElwee Steven","year":"2017","unstructured":"Steven McElwee, Jeffrey Heaton, James Fraley, and James Cannady. 2017. Deep learning for prioritizing and responding to intrusion detection alerts. In Proceedings of the MILCOM IEEE Military Communications Conference (MILCOM\u201917). IEEE, 1\u20135."},{"key":"e_1_3_3_38_2","doi-asserted-by":"publisher","DOI":"10.1145\/382912.382923"},{"key":"e_1_3_3_39_2","doi-asserted-by":"publisher","DOI":"10.1002\/sec.1307"},{"key":"e_1_3_3_40_2","unstructured":"Metasploit. 2019. Redis Attack. Retrieved from https:\/\/www.exploit-db.com\/exploits\/47195."},{"key":"e_1_3_3_41_2","article-title":"TR-IDS: Anomaly-based intrusion detection through text-convolutional neural network and random forest","volume":"2018","author":"Min Erxue","year":"2018","unstructured":"Erxue Min, Jun Long, Qiang Liu, Jianjing Cui, and Wei Chen. 2018. TR-IDS: Anomaly-based intrusion detection through text-convolutional neural network and random forest. Secur. Commun. Netw. 2018 (2018).","journal-title":"Secur. Commun. Netw."},{"key":"e_1_3_3_42_2","unstructured":"University of New Mexico Computer Science Department. 1998. UNM System Call Dataset. Retrieved from https:\/\/www.cs.unm.edu\/immsec\/systemcalls.htm."},{"key":"e_1_3_3_43_2","unstructured":"ACM Special Interest Group on Knowledge Discovery and Data Mining. 1999. KDD Cup 1999: Computer Network Intrusion Detection. Retrieved from https:\/\/www.kdd.org\/kdd-cup\/view\/kdd-cup-1999\/Data http:\/\/kdd.ics.uci.edu\/databases\/kddcup99\/kddcup99.html."},{"key":"e_1_3_3_44_2","article-title":"WaveNet: A generative model for raw audio","author":"Oord Aaron van den","year":"2016","unstructured":"Aaron van den Oord, Sander Dieleman, Heiga Zen, Karen Simonyan, Oriol Vinyals, Alex Graves, Nal Kalchbrenner, Andrew Senior, and Koray Kavukcuoglu. 2016. WaveNet: A generative model for raw audio. arXiv preprint arXiv:1609.03499 (2016).","journal-title":"arXiv preprint arXiv:1609.03499"},{"key":"e_1_3_3_45_2","unstructured":"Oracle. 2019. Virtual Box. Retrieved from https:\/\/www.virtualbox.org\/."},{"key":"e_1_3_3_46_2","first-page":"1310","volume-title":"Proceedings of the International Conference on Machine Learning","author":"Pascanu Razvan","year":"2013","unstructured":"Razvan Pascanu, Tomas Mikolov, and Yoshua Bengio. 2013. On the difficulty of training recurrent neural networks. In Proceedings of the International Conference on Machine Learning. 1310\u20131318."},{"key":"e_1_3_3_47_2","doi-asserted-by":"crossref","first-page":"225","DOI":"10.1007\/978-3-030-05918-7_20","volume-title":"Proceedings of the International Conference on Mining Intelligence and Knowledge Exploration","author":"Potluri Sasanka","year":"2018","unstructured":"Sasanka Potluri, Shamim Ahmed, and Christian Diedrich. 2018. Convolutional neural networks for multi-class intrusion detection system. In Proceedings of the International Conference on Mining Intelligence and Knowledge Exploration. Springer, 225\u2013238."},{"key":"e_1_3_3_48_2","article-title":"Network traffic anomaly detection using recurrent neural networks","author":"Radford Benjamin J.","year":"2018","unstructured":"Benjamin J. Radford, Leonardo M. Apolonio, Antonio J. Trias, and Jim A. Simpson. 2018. Network traffic anomaly detection using recurrent neural networks. arXiv preprint arXiv:1803.10769 (2018).","journal-title":"arXiv preprint arXiv:1803.10769"},{"issue":"173","key":"e_1_3_3_49_2","first-page":"2","article-title":"Nginx: The high-performance web server and reverse proxy","volume":"2008","author":"Reese Will","year":"2008","unstructured":"Will Reese. 2008. Nginx: The high-performance web server and reverse proxy. Linux J. 2008, 173 (2008), 2.","journal-title":"Linux J."},{"key":"e_1_3_3_50_2","first-page":"70","volume-title":"Proceedings of the IEEE Security and Privacy Workshops","author":"Rigaki Maria","year":"2018","unstructured":"Maria Rigaki and Sebastian Garcia. 2018. Bringing a GAN to a knife-fight: Adapting malware communication to avoid detection. In Proceedings of the IEEE Security and Privacy Workshops (SPW\u201918). IEEE, 70\u201375."},{"key":"e_1_3_3_51_2","unstructured":"John H. RingIV. 2020. UVM IDS GitLab Repository. Retrieved from https:\/\/gitlab.com\/jhring\/uvm_ids."},{"key":"e_1_3_3_52_2","doi-asserted-by":"publisher","DOI":"10.1038\/s42256-019-0048-x"},{"key":"e_1_3_3_53_2","unstructured":"Salvatore Sanfilippo. 2009. Redis. Retrieved from https:\/\/redis.io\/."},{"key":"e_1_3_3_54_2","unstructured":"LLC. SolarWinds Worldwide. 2020. Solarwinds Security Event Manager. Retrieved from https:\/\/www.solarwinds.com\/security-event-manager."},{"key":"e_1_3_3_55_2","unstructured":"Splunk. 2020. Splunk Intrusion Detection System. Retrieved from https:\/\/www.splunk.com\/."},{"key":"e_1_3_3_56_2","article-title":"Mitre Att&ck: Design and Philosophy","author":"Strom Blake E.","year":"2018","unstructured":"Blake E. Strom, Andy Applebaum, Doug P. Miller, Kathryn C. Nickels, Adam G. Pennington, and Cody B. Thomas. 2018. Mitre Att&ck: Design and Philosophy. Technical Report. MITRE.","journal-title":"Technical Report"},{"key":"e_1_3_3_57_2","unstructured":"Keras Team. 2020. Keras Tuner. Retrieved from https:\/\/keras-team.github.io\/keras-tuner\/."},{"key":"e_1_3_3_58_2","unstructured":"OSSEC Project Team. 2020. OSSEC: Host Intrusion Detection for Everyone. Retrieved from https:\/\/www.ossec.net\/."},{"key":"e_1_3_3_59_2","first-page":"116","volume-title":"Proceedings of the International Conference on Mobile Networks and Management","author":"Tran Nam Nhat","year":"2017","unstructured":"Nam Nhat Tran, Ruhul Sarker, and Jiankun Hu. 2017. An approach for host-based intrusion detection system design using convolutional neural network. In Proceedings of the International Conference on Mobile Networks and Management. Springer, 116\u2013126."},{"key":"e_1_3_3_60_2","volume-title":"Proceedings of the Workshops at the 31st AAAI Conference on Artificial Intelligence","author":"Tuor Aaron","year":"2017","unstructured":"Aaron Tuor, Samuel Kaplan, Brian Hutchinson, Nicole Nichols, and Sean Robinson. 2017. Deep learning for unsupervised insider threat detection in structured cybersecurity data streams. In Proceedings of the Workshops at the 31st AAAI Conference on Artificial Intelligence."},{"key":"e_1_3_3_61_2","first-page":"1087","volume-title":"Proceedings of the IFIP\/IEEE Symposium on Integrated Network and Service Management","author":"Uwagbole Solomon Ogbomon","year":"2017","unstructured":"Solomon Ogbomon Uwagbole, William J. Buchanan, and Lu Fan. 2017. Applied machine learning predictive analytics to SQL injection attack detection and prevention. In Proceedings of the IFIP\/IEEE Symposium on Integrated Network and Service Management (IM\u201917). IEEE, 1087\u20131090."},{"key":"e_1_3_3_62_2","first-page":"131","volume-title":"Proceedings of the 6th Iranian Joint Congress on Fuzzy and Intelligent Systems","author":"Vartouni Ali Moradi","year":"2018","unstructured":"Ali Moradi Vartouni, Saeed Sedighian Kashi, and Mohammad Teshnehlab. 2018. An anomaly detection method to detect web attacks using stacked auto-encoder. In Proceedings of the 6th Iranian Joint Congress on Fuzzy and Intelligent Systems (CFIS\u201918). IEEE, 131\u2013134."},{"key":"e_1_3_3_63_2","article-title":"Use of data visualisation for zero-day malware detection","volume":"2018","author":"Venkatraman Sitalakshmi","year":"2018","unstructured":"Sitalakshmi Venkatraman and Mamoun Alazab. 2018. Use of data visualisation for zero-day malware detection. Secur. Commun. Netw. 2018 (2018).","journal-title":"Secur. Commun. Netw."},{"key":"e_1_3_3_64_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.jisa.2019.06.006"},{"key":"e_1_3_3_65_2","unstructured":"Robin Verton. 2016. cowroot.c. Retrieved from https:\/\/gist.github.com\/rverton\/e9d4ff65d703a9084e85fa9df083c679."},{"key":"e_1_3_3_66_2","unstructured":"Robin Verton. 2019. Privilege Escalation Attack. Retrieved from https:\/\/gist.github.com\/rverton\/e9d4ff65d703a9084e85fa9df083c679."},{"key":"e_1_3_3_67_2","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2017.2780250"},{"key":"e_1_3_3_68_2","first-page":"358","volume-title":"Proceedings of the 5th IEEE SMC Information Assurance Workshop.","author":"Wang Yanxin","year":"2004","unstructured":"Yanxin Wang, Johnny Wong, and Andrew Miner. 2004. Anomaly intrusion detection using one class SVM. In Proceedings of the 5th IEEE SMC Information Assurance Workshop. IEEE, 358\u2013364."},{"key":"e_1_3_3_69_2","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2018.2868993"},{"key":"e_1_3_3_70_2","volume-title":"Proceedings of the 6th USENIX Security Symposium","volume":"37","author":"Ylonen Tatu","year":"1996","unstructured":"Tatu Ylonen. 1996. SSH\u2013secure login connections over the Internet. In Proceedings of the 6th USENIX Security Symposium, Vol. 37."},{"key":"e_1_3_3_71_2","first-page":"1","volume-title":"Proceedings of the IEEE International Conference on Smart Computing","author":"Yuan Xiaoyong","year":"2017","unstructured":"Xiaoyong Yuan, Chuanhuang Li, and Xiaolin Li. 2017. DeepDefense: Identifying DDoS attack via deep learning. In Proceedings of the IEEE International Conference on Smart Computing (SMARTCOMP\u201917). IEEE, 1\u20138."},{"key":"e_1_3_3_72_2","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2908225"},{"key":"e_1_3_3_73_2","first-page":"1","volume-title":"Proceedings of the IEEE International Conference on Communications Workshops","author":"Zhang Baoan","year":"2018","unstructured":"Baoan Zhang, Yanhua Yu, and Jie Li. 2018. Network intrusion detection based on stacked sparse autoencoder and binary tree ensemble method. In Proceedings of the IEEE International Conference on Communications Workshops (ICC Workshops\u201918). IEEE, 1\u20136."},{"key":"e_1_3_3_74_2","article-title":"Deep adversarial learning in intrusion detection: A data augmentation enhanced framework","author":"Zhang He","year":"2019","unstructured":"He Zhang, Xingrui Yu, Peng Ren, Chunbo Luo, and Geyong Min. 2019. Deep adversarial learning in intrusion detection: A data augmentation enhanced framework. arXiv preprint arXiv:1901.07949 (2019).","journal-title":"arXiv preprint arXiv:1901.07949"}],"container-title":["Digital Threats: Research and Practice"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3461462","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3461462","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T21:28:35Z","timestamp":1750195715000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3461462"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,10,15]]},"references-count":73,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2021,12,31]]}},"alternative-id":["10.1145\/3461462"],"URL":"https:\/\/doi.org\/10.1145\/3461462","relation":{},"ISSN":["2692-1626","2576-5337"],"issn-type":[{"value":"2692-1626","type":"print"},{"value":"2576-5337","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,10,15]]},"assertion":[{"value":"2020-07-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2021-04-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2021-10-15","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}