{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,26]],"date-time":"2026-03-26T06:11:11Z","timestamp":1774505471646,"version":"3.50.1"},"reference-count":24,"publisher":"Walter de Gruyter GmbH","issue":"1","license":[{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by\/4.0"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2023,4,10]]},"abstract":"<jats:title>Abstract<\/jats:title>\n                  <jats:p>An intrusion detection system plays an essential role in system security by discovering and preventing malicious activities. Over the past few years, several research projects on host-based intrusion detection systems (HIDSs) have been carried out utilizing the Australian Defense Force Academy Linux Dataset (ADFA-LD). These HIDS have also been subjected to various algorithm analyses to enhance their detection capability for high accuracy and low false alarms. However, less attention is paid to the actual implementation of real-time HIDS. Our principal objective in this study is to create a performant real-time HIDS. We propose a new model, \u201cBetter Similarity Algorithm for Host-based Intrusion Detection System\u201d (BSA-HIDS), using the same dataset ADFA-LD. The proposed model uses three classifications to represent the attack folder according to certain criteria, the entire system call sequence is used. Furthermore, this work uses textual distance and compares five algorithms like Levenshtein, Jaro\u2013Winkler, Jaccard, Hamming, and Dice coefficient, to classify the system call trace as attack or non-attack based on the notions of interclass decoupling and intra-class coupling. The model can detect zero-day attacks because of the threshold definition. The experimental results show a good detection performance in real-time for Levenshtein\/Jaro\u2013Winkler algorithms, 99\u201394% in detection rate, 2\u20135% in false alarm rate, and 3,300\u2013720\u2009s in running time, respectively.<\/jats:p>","DOI":"10.1515\/jisys-2022-0259","type":"journal-article","created":{"date-parts":[[2023,4,10]],"date-time":"2023-04-10T08:18:05Z","timestamp":1681114685000},"source":"Crossref","is-referenced-by-count":5,"title":["Towards a better similarity algorithm for host-based intrusion detection system"],"prefix":"10.1515","volume":"32","author":[{"given":"Lounis","family":"Ouarda","sequence":"first","affiliation":[{"name":"Computer Science Department, Industrial Computing and Networking Laboratory-RIIR, University Oran 1, Ahmed Ben Bella , 31000 , Oran , Algeria"}]},{"given":"Bourenane","family":"Malika","sequence":"additional","affiliation":[{"name":"Computer Science Department, Industrial Computing and Networking Laboratory-RIIR, University Oran 1, Ahmed Ben Bella , 31000 , Oran , Algeria"}]},{"given":"Bouderah","family":"Brahim","sequence":"additional","affiliation":[{"name":"Computer Science Department, University of M\u2019sila , 28000 , M'Sila , Algeria"}]}],"member":"374","published-online":{"date-parts":[[2023,4,10]]},"reference":[{"key":"2025120517213949457_j_jisys-2022-0259_ref_001","doi-asserted-by":"crossref","unstructured":"Finnerty K, Fullick S, Motha H, Shah JN, Button M, Wang V. Cyber security breaches survey. England, United Kingdom: University of Portsmouth Ageing Network; 2019.","DOI":"10.1016\/S1353-4858(19)30044-3"},{"key":"2025120517213949457_j_jisys-2022-0259_ref_002","doi-asserted-by":"crossref","unstructured":"Huma ZE, Latif S, Ahmad J, Idrees Z, Ibrar A, Zou Z, et al. A hybrid deep random neural network for cyberattack detection in the industrial internet of things. IEEE Access. 2021;9:55595\u2013605.","DOI":"10.1109\/ACCESS.2021.3071766"},{"key":"2025120517213949457_j_jisys-2022-0259_ref_003","doi-asserted-by":"crossref","unstructured":"Marteau P.-F. Sequence covering for efficient host-based intrusion detection. IEEE Trans Inf Forensics Secur. 2019;14(4):994\u20131006. 10.1109\/tifs.2018.2868614.","DOI":"10.1109\/TIFS.2018.2868614"},{"key":"2025120517213949457_j_jisys-2022-0259_ref_004","doi-asserted-by":"crossref","unstructured":"Yaqoob SI, Madkour MAI. Enhanced host-based intrusion detection using system call traces. J King Abdulaziz Univ Comput Inf Technol Sci. 2019;8(2):93\u2013109. 1440 A.H.\/2019 A.D. 10.4197\/Comp.8-2.7.","DOI":"10.4197\/Comp.8-2.7"},{"key":"2025120517213949457_j_jisys-2022-0259_ref_005","doi-asserted-by":"crossref","unstructured":"Creech G, Hu J. A semantic approach to host-based intrusion detection systems using contiguous and discontiguous system call patterns. IEEE Trans Comput. April 2014;63(4):807\u201319.","DOI":"10.1109\/TC.2013.13"},{"key":"2025120517213949457_j_jisys-2022-0259_ref_006","doi-asserted-by":"crossref","unstructured":"Pavithran P, Mathew S, Namasudra S, Srivastava G. A novel cryptosystem based on DNA cryptography hyperchaotic systems and a randomly generated Moore machine for cyber physical systems. Comput Commun. 2022;188:1\u201312. ISSN 0140-3664. 10.1016\/j.comcom.2022.02.008.","DOI":"10.1016\/j.comcom.2022.02.008"},{"key":"2025120517213949457_j_jisys-2022-0259_ref_007","doi-asserted-by":"crossref","unstructured":"Namasudra S. A secure cryptosystem using DNA cryptography and DNA steganography for the cloud-based IoT infrastructure. Comput Electr Eng. 2022;104(Part A):108426. ISSN 0045-7906. 10.1016\/j.compeleceng.2022.108426","DOI":"10.1016\/j.compeleceng.2022.108426"},{"key":"2025120517213949457_j_jisys-2022-0259_ref_008","doi-asserted-by":"crossref","unstructured":"Das S, Namasudra S. MACPABE: Multi\u2010Authority\u2010based CP\u2010ABE with efficient attribute revocation for IoT\u2010enabled healthcare infrastructure. Int J Netw Manag. April 2022. 10.1002\/nem.2200.","DOI":"10.1002\/nem.2200"},{"key":"2025120517213949457_j_jisys-2022-0259_ref_009","doi-asserted-by":"crossref","unstructured":"Namasudra S, Crespo RG, Kumar SAP. Introduction to the special section on advances of machine learning in cybersecurity (VSI-mlsec). Comput Electr Eng. May 2022;100:108048. 10.1016\/j.compeleceng.2022.108048.","DOI":"10.1016\/j.compeleceng.2022.108048"},{"key":"2025120517213949457_j_jisys-2022-0259_ref_010","unstructured":"Sarkar M, Saha K, Namasudra S, Roy P. An efficient and time saving web service based android application. Proj: Android Project NIC. August 2015."},{"key":"2025120517213949457_j_jisys-2022-0259_ref_011","doi-asserted-by":"crossref","unstructured":"Kumari S, Yadav RJ, Namasudra S, Hsu C-H. Intelligent deception techniques against adversarial attack on the industrial system. Int J Intell Syst. May 2021;36(5):2412\u201337.","DOI":"10.1002\/int.22384"},{"key":"2025120517213949457_j_jisys-2022-0259_ref_012","doi-asserted-by":"crossref","unstructured":"Liu M, Xue Z, Xu X, Zhong C, Chen J. Host-based intrusion detection system with system calls: Review and future trends. ACM Comput Surv. Nov 2018;51(5):1\u201336.","DOI":"10.1145\/3214304"},{"key":"2025120517213949457_j_jisys-2022-0259_ref_013","doi-asserted-by":"crossref","unstructured":"Lu Y, Teng S. Application of sequence embedding in host-based intrusion detection system. IEEE 24th International Conference on Computer Supported Cooperative Work in Design (CSCWD); 2021.","DOI":"10.1109\/CSCWD49262.2021.9437683"},{"key":"2025120517213949457_j_jisys-2022-0259_ref_014","doi-asserted-by":"crossref","unstructured":"Frances O, Briana W. Deep learning-based hybrid model for efficient anomaly detection. Int J Adv Comput Sci Appl. 2022; 13(4):975\u20139.","DOI":"10.14569\/IJACSA.2022.01304111"},{"key":"2025120517213949457_j_jisys-2022-0259_ref_015","doi-asserted-by":"crossref","unstructured":"Zhang Y, Luo S, Pan L, Zhang H. Syscall-BSEM: Behavioral semantics enhancement method of system call sequence for high accurate and robust host intrusion detection. Future Gener Comput Syst. 2021;125:112\u201326. ISSN 0167-739X.","DOI":"10.1016\/j.future.2021.06.030"},{"key":"2025120517213949457_j_jisys-2022-0259_ref_016","doi-asserted-by":"crossref","unstructured":"Ouarda L, Malika B, Yousfi NE, Brahim B. Improving the efficiency of intrusion detection in information systems. J Intell Syst. 2022;31(1):835\u201354. 10.1515\/jisys-2022-0059.","DOI":"10.1515\/jisys-2022-0059"},{"key":"2025120517213949457_j_jisys-2022-0259_ref_017","doi-asserted-by":"crossref","unstructured":"Kim J, Kim J, Le Thi Thu H, Kim H. Long short term memory recurrent neural network classifier for intrusion detection. International Conference on Platform Technology and Service; Feb 2016. p. 1\u20135.","DOI":"10.1109\/PlatCon.2016.7456805"},{"key":"2025120517213949457_j_jisys-2022-0259_ref_018","doi-asserted-by":"crossref","unstructured":"Lv S, Wang J, Yang Y, Liu J. Intrusion prediction with system-call sequence-to-sequence model. IEEE Access. 2018;6:71413\u201321. 10.1109\/access.2018.2881561.","DOI":"10.1109\/ACCESS.2018.2881561"},{"key":"2025120517213949457_j_jisys-2022-0259_ref_019","doi-asserted-by":"crossref","unstructured":"Yulianto MA, Nurhasanah N. The hybrid of Jaro-Winkler and Rabin-Karp algorithm in detecting Indonesian text similarity. J Online Inform. June 2021;6(1):88\u201395.","DOI":"10.15575\/join.v6i1.640"},{"key":"2025120517213949457_j_jisys-2022-0259_ref_020","unstructured":"Trouvilliez B. Textual data similarity for short opinion text learning and product search, Thesis. To obtain the degree of doctor of the University of Artois. Defended on May 13, 2013."},{"key":"2025120517213949457_j_jisys-2022-0259_ref_021","doi-asserted-by":"crossref","unstructured":"Logan R, Fleischmann Z, Annis S, Wehe AW, Tilly JL, Woods DC, et al. 3GOLD: Optimized Levenshtein distance for clustering third\u2011generation sequencing data. BMC Bioinforma. 2022;95:23.","DOI":"10.1186\/s12859-022-04637-7"},{"key":"2025120517213949457_j_jisys-2022-0259_ref_022","unstructured":"da Fontoura Costa L. Further Generalizations of the Jaccard Index. arXiv 2021, https:\/\/arxiv.org\/abs\/2110.09619."},{"key":"2025120517213949457_j_jisys-2022-0259_ref_023","doi-asserted-by":"crossref","unstructured":"Carass A, Roy S, Gherman A, Reinhold JC, Jesson A, Arbel T, et al. Evaluating white matter lesion segmentations with refined s\u00f8rensen-dice analysis. Sci Rep. 2020;10(1):8242.","DOI":"10.1038\/s41598-020-64803-w"},{"key":"2025120517213949457_j_jisys-2022-0259_ref_024","unstructured":"https:\/\/en.wikipedia.org\/wiki\/Levenshtein_distance."}],"container-title":["Journal of Intelligent Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.degruyterbrill.com\/document\/doi\/10.1515\/jisys-2022-0259\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.degruyterbrill.com\/document\/doi\/10.1515\/jisys-2022-0259\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,12,5]],"date-time":"2025-12-05T17:22:31Z","timestamp":1764955351000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.degruyterbrill.com\/document\/doi\/10.1515\/jisys-2022-0259\/html"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,1,1]]},"references-count":24,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2023,1,12]]},"published-print":{"date-parts":[[2023,1,12]]}},"alternative-id":["10.1515\/jisys-2022-0259"],"URL":"https:\/\/doi.org\/10.1515\/jisys-2022-0259","relation":{},"ISSN":["2191-026X"],"issn-type":[{"value":"2191-026X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,1,1]]},"article-number":"20220259"}}