{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,7]],"date-time":"2026-03-07T02:11:25Z","timestamp":1772849485072,"version":"3.50.1"},"reference-count":32,"publisher":"Wiley","license":[{"start":{"date-parts":[[2022,2,1]],"date-time":"2022-02-01T00:00:00Z","timestamp":1643673600000},"content-version":"unspecified","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"National Key Research and Development Program of China","award":["020YFB1805405"],"award-info":[{"award-number":["020YFB1805405"]}]},{"name":"National Key Research and Development Program of China","award":["2019QY0800"],"award-info":[{"award-number":["2019QY0800"]}]},{"name":"National Key Research and Development Program of China","award":["61\u2009872\u2009255"],"award-info":[{"award-number":["61\u2009872\u2009255"]}]},{"name":"National Key Research and Development Program of China","award":["U19A2068"],"award-info":[{"award-number":["U19A2068"]}]},{"name":"National Key Research and Development Program of China","award":["U1736212"],"award-info":[{"award-number":["U1736212"]}]},{"DOI":"10.13039\/501100001809","name":"Natural Science Foundation of China","doi-asserted-by":"crossref","award":["020YFB1805405"],"award-info":[{"award-number":["020YFB1805405"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"crossref"}]},{"DOI":"10.13039\/501100001809","name":"Natural Science Foundation of China","doi-asserted-by":"crossref","award":["2019QY0800"],"award-info":[{"award-number":["2019QY0800"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"crossref"}]},{"DOI":"10.13039\/501100001809","name":"Natural Science Foundation of China","doi-asserted-by":"crossref","award":["61\u2009872\u2009255"],"award-info":[{"award-number":["61\u2009872\u2009255"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"crossref"}]},{"DOI":"10.13039\/501100001809","name":"Natural Science Foundation of China","doi-asserted-by":"crossref","award":["U19A2068"],"award-info":[{"award-number":["U19A2068"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"crossref"}]},{"DOI":"10.13039\/501100001809","name":"Natural Science Foundation of China","doi-asserted-by":"crossref","award":["U1736212"],"award-info":[{"award-number":["U1736212"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Security and Communication Networks"],"published-print":{"date-parts":[[2022,2,1]]},"abstract":"<jats:p>The system call sequences of processes are important for host-based anomaly detection. However, the detection accuracy can be seriously degenerated by the subsequences which simultaneously appeared in the call sequences of both normal and abnormal processes. Furthermore, the detection may be obstructed especially when the normal\/abnormal distributions of subsequences are extremely imbalanced along with many ambiguous samples. In the paper, the system call sequences are divided into weighted subsequences with fixed-length. Secondly, a suffix tree of each system call sequence is constructed to automatically extract the variable-length subsequence from the longest repeated substring of the tree. The frequencies of the fixed-and variable-length subsequences that appeared in each system call sequence constitute its feature vector. Finally, vectors are input into a cost-sensitive and relaxed support vector machine, in which the penalty-free slack of the relaxed SVM is split independently between the two classes with different weights. The experimental results on two public datasets ADFA-LD and UNM showed that the AUC of the proposed method can reach 99%, while the false alarm rate is only 2.4%.<\/jats:p>","DOI":"10.1155\/2022\/6401316","type":"journal-article","created":{"date-parts":[[2022,2,2]],"date-time":"2022-02-02T03:20:08Z","timestamp":1643772008000},"page":"1-13","source":"Crossref","is-referenced-by-count":6,"title":["Anomaly Detection of System Call Sequence Based on Dynamic Features and Relaxed-SVM"],"prefix":"10.1155","volume":"2022","author":[{"given":"Xiaoyao","family":"Liao","sequence":"first","affiliation":[{"name":"School of Cyber Science and Engineering, Sichuan University, Chengdu 610065, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0491-8305","authenticated-orcid":true,"given":"Changzhi","family":"Wang","sequence":"additional","affiliation":[{"name":"School of Cyber Science and Engineering, Sichuan University, Chengdu 610065, China"},{"name":"Zhihuiyuntian Technology, Chengdu 610031, China"}]},{"given":"Wen","family":"Chen","sequence":"additional","affiliation":[{"name":"School of Cyber Science and Engineering, Sichuan University, Chengdu 610065, China"}]}],"member":"311","reference":[{"key":"1","first-page":"120","article-title":"Sense of self for unix processes","author":"S. Forrest"},{"key":"2","doi-asserted-by":"publisher","DOI":"10.3233\/jcs-980109"},{"key":"3","first-page":"1","article-title":"Detecting intrusions using system calls: alternative data models","author":"C. Warrender"},{"key":"4","first-page":"134","article-title":"Host-based data exfiltration detection via system call sequences","author":"B. Jewell"},{"key":"5","doi-asserted-by":"publisher","DOI":"10.1109\/3468.594912"},{"key":"6","first-page":"50","article-title":"Learning patterns from unix process execution traces for intrusion detection","author":"W. Lee"},{"key":"7","first-page":"1711","article-title":"Evaluating host-based anomaly detection systems: a preliminary analysis of adfa-ld","author":"M. Xie"},{"key":"8","first-page":"978","article-title":"Evaluating host-based anomaly detection systems: application of the one-class svm algorithm to adfa-ld","author":"M. Xie"},{"key":"9","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-11698-3_44"},{"key":"10","first-page":"513","article-title":"Towards reliable data feature retrieval and decision engine in host-based anomaly detection systems","author":"W. Haider"},{"key":"11","doi-asserted-by":"publisher","DOI":"10.1016\/j.ins.2021.03.060"},{"key":"12","doi-asserted-by":"publisher","DOI":"10.1109\/tnsm.2021.3054356"},{"key":"13","doi-asserted-by":"publisher","DOI":"10.14569\/ijacsa.2020.0110233"},{"key":"14","doi-asserted-by":"publisher","DOI":"10.1109\/tc.2013.13"},{"key":"15","doi-asserted-by":"publisher","DOI":"10.1016\/s0167-4048(02)00514-x"},{"key":"16","doi-asserted-by":"publisher","DOI":"10.1016\/j.comcom.2005.01.014"},{"key":"17","doi-asserted-by":"publisher","DOI":"10.1109\/tifs.2018.2868614"},{"key":"18","doi-asserted-by":"publisher","DOI":"10.1109\/tc.2016.2519914"},{"key":"19","doi-asserted-by":"publisher","DOI":"10.1007\/s00521-021-05994-9"},{"key":"20","doi-asserted-by":"crossref","first-page":"102084","DOI":"10.1016\/j.cose.2020.102084","article-title":"A tfidfvectorizer and singular value decomposition based host intrusion detection system framework for detecting anomalous system processes","volume":"100","author":"B. Subba","year":"2020","journal-title":"Computers & Security"},{"key":"21","first-page":"72","article-title":"Optimal thresholds for intrusion detection systems","author":"A. Laszka"},{"key":"22","doi-asserted-by":"publisher","DOI":"10.1093\/comjnl\/20.2.141"},{"key":"23","doi-asserted-by":"publisher","DOI":"10.1016\/0306-4573(88)90021-0"},{"key":"24","doi-asserted-by":"publisher","DOI":"10.1145\/360825.360855"},{"key":"25","article-title":"On-line construction of suffix trees","volume":"14","author":"M. Crochemore","year":"2015","journal-title":"Jewels Of Stringology:Text Algorithms"},{"key":"26","doi-asserted-by":"publisher","DOI":"10.1126\/science.1127647"},{"key":"27","doi-asserted-by":"publisher","DOI":"10.1007\/s10479-012-1193-3"},{"issue":"1-2","key":"28","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1007\/s10479-014-1711-6","article-title":"Weighted relaxed support vector machines","volume":"249","author":"O. Seref","year":"2017","journal-title":"Annals of Operations Research"},{"key":"29","first-page":"4487","article-title":"Generation of a new ids test dataset: time to retire the kdd collection","author":"G. Creech"},{"key":"30","article-title":"University of New Mexico intrusion detection dataset oct 2020","author":"Computer Science Department","year":"2020"},{"key":"31","doi-asserted-by":"publisher","DOI":"10.1016\/s1071-5754(97)90044-9"},{"key":"32","first-page":"1","article-title":"Anomaly based host intrusion detection system using semantic based system call patterns","author":"M. Anandapriya"}],"container-title":["Security and Communication Networks"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/downloads.hindawi.com\/journals\/scn\/2022\/6401316.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/downloads.hindawi.com\/journals\/scn\/2022\/6401316.xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/downloads.hindawi.com\/journals\/scn\/2022\/6401316.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,2,2]],"date-time":"2022-02-02T03:20:15Z","timestamp":1643772015000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.hindawi.com\/journals\/scn\/2022\/6401316\/"}},"subtitle":[],"editor":[{"given":"Chunhua","family":"Su","sequence":"additional","affiliation":[]}],"short-title":[],"issued":{"date-parts":[[2022,2,1]]},"references-count":32,"alternative-id":["6401316","6401316"],"URL":"https:\/\/doi.org\/10.1155\/2022\/6401316","relation":{},"ISSN":["1939-0122","1939-0114"],"issn-type":[{"value":"1939-0122","type":"electronic"},{"value":"1939-0114","type":"print"}],"subject":[],"published":{"date-parts":[[2022,2,1]]}}}