{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T09:24:16Z","timestamp":1763457856901,"version":"3.40.5"},"reference-count":15,"publisher":"Wiley","license":[{"start":{"date-parts":[[2019,7,28]],"date-time":"2019-07-28T00:00:00Z","timestamp":1564272000000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Security and Communication Networks"],"published-print":{"date-parts":[[2019,7,28]]},"abstract":"<jats:p>As cyber threats are permanently jeopardizing individuals privacy and organizations\u2019 security, there have been several efforts to empower software applications with built-in immunity. In this paper, we present our approach to immune applications through application-level, unsupervised, outlier-based intrusion detection and prevention. Our framework allows tracking application domain objects all along the processing lifecycle. It also leverages the application business context and learns from production data, without creating any training burden on the application owner. Moreover, as our framework uses runtime application instrumentation, it incurs no additional cost on the application provider. We build a fine-grained and rich-feature application behavioral model that gets down to the method level and its invocation context. We define features to be independent from the variable structure of method invocation parameters and returned values, while preserving security-relevant information. We implemented our framework in a Java environment and evaluated it on a widely-used, enterprise-grade, and open-source ERP. We tested several unsupervised outlier detection algorithms and distance functions. Our framework achieved the best results in terms of effectiveness using the Local Outlier Factor algorithm and the Clark distance, while the average instrumentation overhead per intercepted call remains acceptable.<\/jats:p>","DOI":"10.1155\/2019\/8368473","type":"journal-article","created":{"date-parts":[[2019,7,28]],"date-time":"2019-07-28T19:31:23Z","timestamp":1564342283000},"page":"1-13","source":"Crossref","is-referenced-by-count":9,"title":["Application-Level Unsupervised Outlier-Based Intrusion Detection and Prevention"],"prefix":"10.1155","volume":"2019","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-5658-2191","authenticated-orcid":true,"given":"Omar","family":"Iraqi","sequence":"first","affiliation":[{"name":"Rabat-IT Center, ENSIAS, Mohammed V University, Rabat, Morocco"},{"name":"School of Science and Engineering, Al Akhawayn University, Ifrane, Morocco"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2941-3768","authenticated-orcid":true,"given":"Hanan","family":"El Bakkali","sequence":"additional","affiliation":[{"name":"Rabat-IT Center, ENSIAS, Mohammed V University, Rabat, Morocco"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"311","reference":[{"first-page":"348","volume-title":"Toward third-party immune applications","year":"2017","key":"1"},{"key":"2","doi-asserted-by":"publisher","DOI":"10.1016\/j.jisa.2017.06.007"},{"issue":"5","key":"4","first-page":"14","volume":"24","year":"2011","journal-title":"CrossTalk"},{"year":"1999","key":"5"},{"journal-title":"Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy","first-page":"156","year":"2001","key":"11"},{"first-page":"337","volume-title":"NativeProtector: protecting android applications by isolating and intercepting third-party native libraries","year":"2016","key":"14"},{"first-page":"458","volume-title":"Stay in your cage! a sound sandbox for third-party libraries on android","year":"2016","key":"15"},{"key":"16","doi-asserted-by":"publisher","DOI":"10.1504\/IJCNDS.2016.10001612"},{"volume":"7","journal-title":"International Journal of Digital Content Technology and its Applications","year":"2003","key":"17"},{"key":"20","first-page":"256","volume":"37","year":"2007","journal-title":"Biometrical Journal"},{"year":"1980","key":"22"},{"key":"23","doi-asserted-by":"publisher","DOI":"10.1007\/s10462-004-4304-y"},{"year":"2006","key":"31"},{"key":"32","first-page":"8","volume":"1","year":"2007","journal-title":"International Journal of Mathematical Models and Methods in Applied Sciences"},{"key":"42","first-page":"8","volume":"51","year":"2017","journal-title":"ACM SIGIR Forum"}],"container-title":["Security and Communication Networks"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/downloads.hindawi.com\/journals\/scn\/2019\/8368473.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/downloads.hindawi.com\/journals\/scn\/2019\/8368473.xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/downloads.hindawi.com\/journals\/scn\/2019\/8368473.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,8,27]],"date-time":"2019-08-27T19:31:31Z","timestamp":1566934291000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.hindawi.com\/journals\/scn\/2019\/8368473\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,7,28]]},"references-count":15,"alternative-id":["8368473","8368473"],"URL":"https:\/\/doi.org\/10.1155\/2019\/8368473","relation":{},"ISSN":["1939-0114","1939-0122"],"issn-type":[{"type":"print","value":"1939-0114"},{"type":"electronic","value":"1939-0122"}],"subject":[],"published":{"date-parts":[[2019,7,28]]}}}