{"id":"https://openalex.org/W2143776233","doi":"https://doi.org/10.1007/3-540-39945-3_8","title":"Intrusion Detection Using Variable-Length Audit Trail Patterns","display_name":"Intrusion Detection Using Variable-Length Audit Trail Patterns","publication_year":2000,"publication_date":"2000-01-01","ids":{"openalex":"https://openalex.org/W2143776233","doi":"https://doi.org/10.1007/3-540-39945-3_8","mag":"2143776233"},"language":"en","primary_location":{"id":"doi:10.1007/3-540-39945-3_8","is_oa":false,"landing_page_url":"https://doi.org/10.1007/3-540-39945-3_8","pdf_url":null,"source":{"id":"https://openalex.org/S106296714","display_name":"Lecture notes in computer science","issn_l":"0302-9743","issn":["0302-9743","1611-3349"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"book series"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Lecture Notes in Computer Science","raw_type":"book-chapter"},"type":"book-chapter","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5011505450","display_name":"Andreas Wespi","orcid":"https://orcid.org/0000-0001-8689-206X"},"institutions":[{"id":"https://openalex.org/I1341412227","display_name":"IBM (United States)","ror":"https://ror.org/05hh8d621","country_code":"US","type":"company","lineage":["https://openalex.org/I1341412227"]},{"id":"https://openalex.org/I4210126328","display_name":"IBM Research - Zurich","ror":"https://ror.org/02js37d36","country_code":"CH","type":"facility","lineage":["https://openalex.org/I1341412227","https://openalex.org/I4210114115","https://openalex.org/I4210126328"]}],"countries":["CH","US"],"is_corresponding":true,"raw_author_name":"Andreas Wespi","raw_affiliation_strings":["IBM Research, Zurich Research Laboratory, R\u00fcschlikon, Switzerland","IBM Research, Z\u00fcrich Research Laboratory,#TAB#"],"affiliations":[{"raw_affiliation_string":"IBM Research, Zurich Research Laboratory, R\u00fcschlikon, Switzerland","institution_ids":["https://openalex.org/I4210126328"]},{"raw_affiliation_string":"IBM Research, Z\u00fcrich Research Laboratory,#TAB#","institution_ids":["https://openalex.org/I1341412227"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5049275649","display_name":"Marc Daci\u00e9r","orcid":"https://orcid.org/0000-0003-3206-2030"},"institutions":[{"id":"https://openalex.org/I4210126328","display_name":"IBM Research - Zurich","ror":"https://ror.org/02js37d36","country_code":"CH","type":"facility","lineage":["https://openalex.org/I1341412227","https://openalex.org/I4210114115","https://openalex.org/I4210126328"]},{"id":"https://openalex.org/I1341412227","display_name":"IBM (United States)","ror":"https://ror.org/05hh8d621","country_code":"US","type":"company","lineage":["https://openalex.org/I1341412227"]}],"countries":["CH","US"],"is_corresponding":false,"raw_author_name":"Marc Dacier","raw_affiliation_strings":["IBM Research, Zurich Research Laboratory, R\u00fcschlikon, Switzerland","IBM Research, Z\u00fcrich Research Laboratory,#TAB#"],"affiliations":[{"raw_affiliation_string":"IBM Research, Zurich Research Laboratory, R\u00fcschlikon, Switzerland","institution_ids":["https://openalex.org/I4210126328"]},{"raw_affiliation_string":"IBM Research, Z\u00fcrich Research Laboratory,#TAB#","institution_ids":["https://openalex.org/I1341412227"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5038047052","display_name":"Herv\u00e9 Debar","orcid":"https://orcid.org/0000-0002-1344-4167"},"institutions":[{"id":"https://openalex.org/I1341412227","display_name":"IBM (United States)","ror":"https://ror.org/05hh8d621","country_code":"US","type":"company","lineage":["https://openalex.org/I1341412227"]},{"id":"https://openalex.org/I4210126328","display_name":"IBM Research - Zurich","ror":"https://ror.org/02js37d36","country_code":"CH","type":"facility","lineage":["https://openalex.org/I1341412227","https://openalex.org/I4210114115","https://openalex.org/I4210126328"]}],"countries":["CH","US"],"is_corresponding":false,"raw_author_name":"Herv\u00e9 Debar","raw_affiliation_strings":["IBM Research, Zurich Research Laboratory, R\u00fcschlikon, Switzerland","IBM Research, Z\u00fcrich Research Laboratory,#TAB#"],"affiliations":[{"raw_affiliation_string":"IBM Research, Zurich Research Laboratory, R\u00fcschlikon, Switzerland","institution_ids":["https://openalex.org/I4210126328"]},{"raw_affiliation_string":"IBM Research, Z\u00fcrich Research Laboratory,#TAB#","institution_ids":["https://openalex.org/I1341412227"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5011505450"],"corresponding_institution_ids":["https://openalex.org/I1341412227","https://openalex.org/I4210126328"],"apc_list":{"value":5000,"currency":"EUR","value_usd":5392},"apc_paid":null,"fwci":9.0253,"has_fulltext":false,"cited_by_count":183,"citation_normalized_percentile":{"value":0.98034398,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"110","last_page":"129"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9973000288009644,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12391","display_name":"Artificial Immune Systems Applications","score":0.994700014591217,"subfield":{"id":"https://openalex.org/subfields/2204","display_name":"Biomedical Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8230446577072144},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.6549007892608643},{"id":"https://openalex.org/keywords/variable","display_name":"Variable (mathematics)","score":0.6507358551025391},{"id":"https://openalex.org/keywords/unix","display_name":"Unix","score":0.6033244132995605},{"id":"https://openalex.org/keywords/testbed","display_name":"Testbed","score":0.6024577021598816},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.5431470274925232},{"id":"https://openalex.org/keywords/system-call","display_name":"System call","score":0.4958818852901459},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.4841638207435608},{"id":"https://openalex.org/keywords/table","display_name":"Table (database)","score":0.4564128518104553},{"id":"https://openalex.org/keywords/construct","display_name":"Construct (python library)","score":0.4242955148220062},{"id":"https://openalex.org/keywords/algorithm","display_name":"Algorithm","score":0.41455763578414917},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.1680423617362976},{"id":"https://openalex.org/keywords/mathematics","display_name":"Mathematics","score":0.09704229235649109},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.09378963708877563},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.07650789618492126}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8230446577072144},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.6549007892608643},{"id":"https://openalex.org/C182365436","wikidata":"https://www.wikidata.org/wiki/Q50701","display_name":"Variable (mathematics)","level":2,"score":0.6507358551025391},{"id":"https://openalex.org/C112968700","wikidata":"https://www.wikidata.org/wiki/Q11368","display_name":"Unix","level":3,"score":0.6033244132995605},{"id":"https://openalex.org/C31395832","wikidata":"https://www.wikidata.org/wiki/Q1318674","display_name":"Testbed","level":2,"score":0.6024577021598816},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.5431470274925232},{"id":"https://openalex.org/C2778579508","wikidata":"https://www.wikidata.org/wiki/Q722192","display_name":"System call","level":2,"score":0.4958818852901459},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.4841638207435608},{"id":"https://openalex.org/C45235069","wikidata":"https://www.wikidata.org/wiki/Q278425","display_name":"Table (database)","level":2,"score":0.4564128518104553},{"id":"https://openalex.org/C2780801425","wikidata":"https://www.wikidata.org/wiki/Q5164392","display_name":"Construct (python library)","level":2,"score":0.4242955148220062},{"id":"https://openalex.org/C11413529","wikidata":"https://www.wikidata.org/wiki/Q8366","display_name":"Algorithm","level":1,"score":0.41455763578414917},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.1680423617362976},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.09704229235649109},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.09378963708877563},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.07650789618492126},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.0},{"id":"https://openalex.org/C134306372","wikidata":"https://www.wikidata.org/wiki/Q7754","display_name":"Mathematical analysis","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1007/3-540-39945-3_8","is_oa":false,"landing_page_url":"https://doi.org/10.1007/3-540-39945-3_8","pdf_url":null,"source":{"id":"https://openalex.org/S106296714","display_name":"Lecture notes in computer science","issn_l":"0302-9743","issn":["0302-9743","1611-3349"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"book series"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Lecture Notes in Computer Science","raw_type":"book-chapter"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.137.5084","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.137.5084","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://www.cs.fit.edu/~pkc/id/related/wespi-raid00.pdf","raw_type":"text"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":18,"referenced_works":["https://openalex.org/W158754850","https://openalex.org/W198937697","https://openalex.org/W1581700637","https://openalex.org/W1634927171","https://openalex.org/W1895041775","https://openalex.org/W1941427975","https://openalex.org/W1994212840","https://openalex.org/W2009566340","https://openalex.org/W2028903194","https://openalex.org/W2087671069","https://openalex.org/W2129624205","https://openalex.org/W2152448081","https://openalex.org/W2338717024","https://openalex.org/W2435042684","https://openalex.org/W2502112825","https://openalex.org/W3136767761","https://openalex.org/W4231780361","https://openalex.org/W4285719527"],"related_works":["https://openalex.org/W2385758958","https://openalex.org/W2183313954","https://openalex.org/W1969635302","https://openalex.org/W3136767761","https://openalex.org/W3152476155","https://openalex.org/W2376046849","https://openalex.org/W2464754729","https://openalex.org/W3146948916","https://openalex.org/W1973375107","https://openalex.org/W2148459958"],"abstract_inverted_index":null,"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":2},{"year":2023,"cited_by_count":1},{"year":2021,"cited_by_count":7},{"year":2020,"cited_by_count":5},{"year":2019,"cited_by_count":3},{"year":2018,"cited_by_count":7},{"year":2017,"cited_by_count":4},{"year":2016,"cited_by_count":5},{"year":2015,"cited_by_count":4},{"year":2014,"cited_by_count":8},{"year":2013,"cited_by_count":6},{"year":2012,"cited_by_count":7}],"updated_date":"2026-04-04T16:13:02.066488","created_date":"2025-10-10T00:00:00"}