{"id":"https://openalex.org/W3156885949","doi":"https://doi.org/10.1109/access.2021.3071763","title":"Intrusion Detection Based on Sequential Information Preserving Log Embedding Methods and Anomaly Detection Algorithms","display_name":"Intrusion Detection Based on Sequential Information Preserving Log Embedding Methods and Anomaly Detection Algorithms","publication_year":2021,"publication_date":"2021-01-01","ids":{"openalex":"https://openalex.org/W3156885949","doi":"https://doi.org/10.1109/access.2021.3071763","mag":"3156885949"},"language":"en","primary_location":{"id":"doi:10.1109/access.2021.3071763","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2021.3071763","pdf_url":"https://ieeexplore.ieee.org/ielx7/6287639/9312710/09399070.pdf","source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://ieeexplore.ieee.org/ielx7/6287639/9312710/09399070.pdf","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5073306810","display_name":"Czangyeob Kim","orcid":"https://orcid.org/0000-0002-9784-2399"},"institutions":[{"id":"https://openalex.org/I197347611","display_name":"Korea University","ror":"https://ror.org/047dqcg40","country_code":"KR","type":"education","lineage":["https://openalex.org/I197347611"]}],"countries":["KR"],"is_corresponding":true,"raw_author_name":"Czangyeob Kim","raw_affiliation_strings":["School of Industrial Management Engineering, Korea University, Seoul, Republic of Korea"],"raw_orcid":"https://orcid.org/0000-0002-9784-2399","affiliations":[{"raw_affiliation_string":"School of Industrial Management Engineering, Korea University, Seoul, Republic of Korea","institution_ids":["https://openalex.org/I197347611"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5055458201","display_name":"Myeongjun Jang","orcid":"https://orcid.org/0000-0002-9352-4799"},"institutions":[{"id":"https://openalex.org/I40120149","display_name":"University of Oxford","ror":"https://ror.org/052gg0110","country_code":"GB","type":"education","lineage":["https://openalex.org/I40120149"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Myeongjun Jang","raw_affiliation_strings":["Department of Computer Science, University of Oxford, Oxford, U.K","University of Oxford, Oxford, U.K"],"raw_orcid":"https://orcid.org/0000-0002-9352-4799","affiliations":[{"raw_affiliation_string":"Department of Computer Science, University of Oxford, Oxford, U.K","institution_ids":["https://openalex.org/I40120149"]},{"raw_affiliation_string":"University of Oxford, Oxford, U.K","institution_ids":["https://openalex.org/I40120149"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101726173","display_name":"Seungwan Seo","orcid":"https://orcid.org/0000-0001-5204-3350"},"institutions":[{"id":"https://openalex.org/I197347611","display_name":"Korea University","ror":"https://ror.org/047dqcg40","country_code":"KR","type":"education","lineage":["https://openalex.org/I197347611"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Seungwan Seo","raw_affiliation_strings":["School of Industrial Management Engineering, Korea University, Seoul, Republic of Korea"],"raw_orcid":"https://orcid.org/0000-0001-5204-3350","affiliations":[{"raw_affiliation_string":"School of Industrial Management Engineering, Korea University, Seoul, Republic of Korea","institution_ids":["https://openalex.org/I197347611"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5021732720","display_name":"Kyeongchan Park","orcid":null},"institutions":[{"id":"https://openalex.org/I197347611","display_name":"Korea University","ror":"https://ror.org/047dqcg40","country_code":"KR","type":"education","lineage":["https://openalex.org/I197347611"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Kyeongchan Park","raw_affiliation_strings":["School of Industrial Management Engineering, Korea University, Seoul, Republic of Korea"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"School of Industrial Management Engineering, Korea University, Seoul, Republic of Korea","institution_ids":["https://openalex.org/I197347611"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5059650940","display_name":"Pilsung Kang","orcid":"https://orcid.org/0000-0001-7663-3937"},"institutions":[{"id":"https://openalex.org/I197347611","display_name":"Korea University","ror":"https://ror.org/047dqcg40","country_code":"KR","type":"education","lineage":["https://openalex.org/I197347611"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Pilsung Kang","raw_affiliation_strings":["School of Industrial Management Engineering, Korea University, Seoul, Republic of Korea"],"raw_orcid":"https://orcid.org/0000-0001-7663-3937","affiliations":[{"raw_affiliation_string":"School of Industrial Management Engineering, Korea University, Seoul, Republic of Korea","institution_ids":["https://openalex.org/I197347611"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5073306810"],"corresponding_institution_ids":["https://openalex.org/I197347611"],"apc_list":{"value":1850,"currency":"USD","value_usd":1850},"apc_paid":{"value":1850,"currency":"USD","value_usd":1850},"fwci":2.7241,"has_fulltext":true,"cited_by_count":25,"citation_normalized_percentile":{"value":0.90245565,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":99},"biblio":{"volume":"9","issue":null,"first_page":"58088","last_page":"58101"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9991000294685364,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9987000226974487,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.825412929058075},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7814273834228516},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.7232930660247803},{"id":"https://openalex.org/keywords/system-call","display_name":"System call","score":0.6025623083114624},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.5468473434448242},{"id":"https://openalex.org/keywords/embedding","display_name":"Embedding","score":0.5420161485671997},{"id":"https://openalex.org/keywords/pattern-matching","display_name":"Pattern matching","score":0.4962337613105774},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.4910163879394531},{"id":"https://openalex.org/keywords/pattern-recognition","display_name":"Pattern recognition (psychology)","score":0.4792766273021698},{"id":"https://openalex.org/keywords/matching","display_name":"Matching (statistics)","score":0.4759754240512848},{"id":"https://openalex.org/keywords/support-vector-machine","display_name":"Support vector machine","score":0.47355857491493225},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.46329912543296814},{"id":"https://openalex.org/keywords/anomaly","display_name":"Anomaly (physics)","score":0.4259587228298187},{"id":"https://openalex.org/keywords/anomaly-based-intrusion-detection-system","display_name":"Anomaly-based intrusion detection system","score":0.4164028465747833},{"id":"https://openalex.org/keywords/algorithm","display_name":"Algorithm","score":0.347245454788208},{"id":"https://openalex.org/keywords/mathematics","display_name":"Mathematics","score":0.11961275339126587}],"concepts":[{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.825412929058075},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7814273834228516},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.7232930660247803},{"id":"https://openalex.org/C2778579508","wikidata":"https://www.wikidata.org/wiki/Q722192","display_name":"System call","level":2,"score":0.6025623083114624},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.5468473434448242},{"id":"https://openalex.org/C41608201","wikidata":"https://www.wikidata.org/wiki/Q980509","display_name":"Embedding","level":2,"score":0.5420161485671997},{"id":"https://openalex.org/C68859911","wikidata":"https://www.wikidata.org/wiki/Q1503724","display_name":"Pattern matching","level":2,"score":0.4962337613105774},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.4910163879394531},{"id":"https://openalex.org/C153180895","wikidata":"https://www.wikidata.org/wiki/Q7148389","display_name":"Pattern recognition (psychology)","level":2,"score":0.4792766273021698},{"id":"https://openalex.org/C165064840","wikidata":"https://www.wikidata.org/wiki/Q1321061","display_name":"Matching (statistics)","level":2,"score":0.4759754240512848},{"id":"https://openalex.org/C12267149","wikidata":"https://www.wikidata.org/wiki/Q282453","display_name":"Support vector machine","level":2,"score":0.47355857491493225},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.46329912543296814},{"id":"https://openalex.org/C12997251","wikidata":"https://www.wikidata.org/wiki/Q567560","display_name":"Anomaly (physics)","level":2,"score":0.4259587228298187},{"id":"https://openalex.org/C137524506","wikidata":"https://www.wikidata.org/wiki/Q2247688","display_name":"Anomaly-based intrusion detection system","level":3,"score":0.4164028465747833},{"id":"https://openalex.org/C11413529","wikidata":"https://www.wikidata.org/wiki/Q8366","display_name":"Algorithm","level":1,"score":0.347245454788208},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.11961275339126587},{"id":"https://openalex.org/C105795698","wikidata":"https://www.wikidata.org/wiki/Q12483","display_name":"Statistics","level":1,"score":0.0},{"id":"https://openalex.org/C26873012","wikidata":"https://www.wikidata.org/wiki/Q214781","display_name":"Condensed matter physics","level":1,"score":0.0},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/access.2021.3071763","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2021.3071763","pdf_url":"https://ieeexplore.ieee.org/ielx7/6287639/9312710/09399070.pdf","source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},{"id":"pmh:oai:doaj.org/article:019f5acb19e943148b2bd622f276c242","is_oa":true,"landing_page_url":"https://doaj.org/article/019f5acb19e943148b2bd622f276c242","pdf_url":null,"source":{"id":"https://openalex.org/S4306401280","display_name":"DOAJ (DOAJ: Directory of Open Access Journals)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by-sa","license_id":"https://openalex.org/licenses/cc-by-sa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"IEEE Access, Vol 9, Pp 58088-58101 (2021)","raw_type":"article"}],"best_oa_location":{"id":"doi:10.1109/access.2021.3071763","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2021.3071763","pdf_url":"https://ieeexplore.ieee.org/ielx7/6287639/9312710/09399070.pdf","source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions","score":0.46000000834465027}],"awards":[{"id":"https://openalex.org/G2005610388","display_name":null,"funder_award_id":"NRF-2019R1F1A1060338","funder_id":"https://openalex.org/F4320322030","funder_display_name":"Ministry of Science, ICT and Future Planning"},{"id":"https://openalex.org/G3281661566","display_name":null,"funder_award_id":"NRF-2019R1A4A1024732","funder_id":"https://openalex.org/F4320328359","funder_display_name":"Ministry of Science and ICT, South Korea"},{"id":"https://openalex.org/G485581111","display_name":null,"funder_award_id":"NRF-2019R1A4A1024732","funder_id":"https://openalex.org/F4320322030","funder_display_name":"Ministry of Science, ICT and Future Planning"},{"id":"https://openalex.org/G6221987393","display_name":null,"funder_award_id":"NRF-2019R1A4A1024732","funder_id":"https://openalex.org/F4320322120","funder_display_name":"National Research Foundation of Korea"},{"id":"https://openalex.org/G6557190913","display_name":null,"funder_award_id":"2019R1A4A1024732","funder_id":"https://openalex.org/F4320322120","funder_display_name":"National Research Foundation of Korea"},{"id":"https://openalex.org/G7543434806","display_name":null,"funder_award_id":"NRF-2019R1F1A1060338","funder_id":"https://openalex.org/F4320322120","funder_display_name":"National Research Foundation of Korea"}],"funders":[{"id":"https://openalex.org/F4320320671","display_name":"National Research Foundation","ror":"https://ror.org/05s0g1g46"},{"id":"https://openalex.org/F4320322030","display_name":"Ministry of Science, ICT and Future Planning","ror":"https://ror.org/032e49973"},{"id":"https://openalex.org/F4320322120","display_name":"National Research Foundation of Korea","ror":"https://ror.org/013aysd81"},{"id":"https://openalex.org/F4320328359","display_name":"Ministry of Science and ICT, South Korea","ror":"https://ror.org/01wpjm123"}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W3156885949.pdf","grobid_xml":"https://content.openalex.org/works/W3156885949.grobid-xml"},"referenced_works_count":48,"referenced_works":["https://openalex.org/W69433542","https://openalex.org/W1487268095","https://openalex.org/W1492196703","https://openalex.org/W1535668279","https://openalex.org/W1887038067","https://openalex.org/W1972544015","https://openalex.org/W1981738628","https://openalex.org/W2025768430","https://openalex.org/W2047350783","https://openalex.org/W2099940443","https://openalex.org/W2100580647","https://openalex.org/W2124529648","https://openalex.org/W2130942839","https://openalex.org/W2131744502","https://openalex.org/W2144182447","https://openalex.org/W2148121208","https://openalex.org/W2153919695","https://openalex.org/W2157331557","https://openalex.org/W2167240430","https://openalex.org/W2168341697","https://openalex.org/W2181347294","https://openalex.org/W2296509296","https://openalex.org/W2296719434","https://openalex.org/W2561342496","https://openalex.org/W2778310656","https://openalex.org/W2783190965","https://openalex.org/W2783796368","https://openalex.org/W2787883929","https://openalex.org/W2789828921","https://openalex.org/W2809932464","https://openalex.org/W2883098359","https://openalex.org/W2883778034","https://openalex.org/W2889010933","https://openalex.org/W2902189655","https://openalex.org/W2913206818","https://openalex.org/W2963602293","https://openalex.org/W2969231300","https://openalex.org/W3010704846","https://openalex.org/W3082129402","https://openalex.org/W4298393544","https://openalex.org/W6629523211","https://openalex.org/W6632180709","https://openalex.org/W6639415379","https://openalex.org/W6679436768","https://openalex.org/W6679775712","https://openalex.org/W6685777803","https://openalex.org/W6745388339","https://openalex.org/W6782853622"],"related_works":["https://openalex.org/W2337148208","https://openalex.org/W3004832009","https://openalex.org/W3036013726","https://openalex.org/W1971929717","https://openalex.org/W2351051591","https://openalex.org/W1969635302","https://openalex.org/W2183313954","https://openalex.org/W11100131","https://openalex.org/W3146948916","https://openalex.org/W2148459958"],"abstract_inverted_index":{"Previous":[0],"methods":[1,27],"for":[2],"system":[3,188,238],"intrusion":[4],"detection":[5,105,155,166,180,190,230,250],"have":[6,28,75,98],"mainly":[7],"consisted":[8],"of":[9,115,118,145,153,214,218,261],"those":[10],"based":[11,94,168,187,234],"on":[12,95,169,235],"pattern":[13,25,49],"matching":[14],"that":[15,32],"employs":[16],"prior":[17],"knowledge":[18,196],"extracted":[19],"from":[20,201],"experts\u2019":[21,195],"domain":[22,194],"knowledge.":[23],"However,":[24],"matching-based":[26,50],"a":[29,211,236,253],"major":[30],"drawback":[31],"it":[33,264],"can":[34,265],"be":[35,266],"bypassed":[36],"through":[37,125,150],"various":[38,91],"modified":[39],"techniques.":[40],"These":[41],"advanced":[42,86],"persistent":[43],"threats":[44,62],"cause":[45],"limitation":[46],"to":[47,76,82,132,183,197,226,270],"the":[48,67,85,202,228],"detecting":[51],"mechanism,":[52],"because":[53],"they":[54],"are":[55,108,113,208,224],"not":[56],"only":[57],"more":[58,136],"sophisticated":[59],"than":[60],"usual":[61],"but":[63],"also":[64],"specialized":[65],"in":[66,110,259],"targeted":[68],"attacking":[69],"object.":[70],"The":[71],"defense":[72],"mechanism":[73],"should":[74],"comprehend":[77],"unusual":[78],"phenomenons":[79],"or":[80],"behaviors":[81,135],"successfully":[83],"handles":[84],"threats.":[87],"To":[88],"achieve":[89],"this,":[90],"security":[92,119],"techniques":[93],"machine":[96,177,185],"learning":[97,186],"been":[99],"developed":[100],"recently.":[101],"Among":[102],"these,":[103],"anomaly":[104,154,179,189,229,249],"algorithms,":[106],"which":[107,192],"trained":[109],"unsupervised":[111,248],"fashion,":[112],"capable":[114],"reducing":[116],"efforts":[117],"experts":[120],"and":[121,176,221,263],"securing":[122],"labeled":[123,146,278],"dataset":[124,147],"post":[126,151],"analysis.":[127],"It":[128],"is":[129,148],"further":[130,267],"possible":[131],"distinguish":[133],"abnormal":[134,164],"precisely":[137],"by":[138],"training":[139],"classification":[140,274],"models":[141],"if":[142,276],"sufficient":[143,277],"amounts":[144],"obtained":[149],"analysis":[152],"results.":[156],"In":[157],"this":[158],"study,":[159],"we":[160],"proposed":[161,243],"an":[162],"end-to-end":[163],"behavior":[165],"method":[167,246],"sequential":[170],"information":[171],"preserving":[172],"log":[173,203,206,244,280],"embedding":[174,245],"algorithms":[175,275],"learning-based":[178],"algorithms.":[181],"Contrary":[182],"other":[184],"models,":[191],"borrow":[193],"extract":[198],"significant":[199],"features":[200],"data,":[204],"raw":[205],"data":[207,281],"transformed":[209],"into":[210],"fixed":[212],"size":[213],"continuous":[215],"vector":[216],"regardless":[217],"their":[219],"length,":[220],"these":[222],"vectors":[223],"used":[225],"train":[227],"models.":[231],"Experimental":[232],"results":[233],"real":[237],"call":[239],"trace":[240],"dataset,":[241],"our":[242],"with":[247,272],"model":[251],"yielded":[252],"favorable":[254],"performance,":[255],"at":[256],"most":[257],"0.8708":[258],"terms":[260],"AUROC,":[262],"improved":[268],"up":[269],"0.9745":[271],"supervised":[273],"attack":[279],"become":[282],"available.":[283]},"counts_by_year":[{"year":2026,"cited_by_count":3},{"year":2025,"cited_by_count":5},{"year":2024,"cited_by_count":4},{"year":2023,"cited_by_count":6},{"year":2022,"cited_by_count":6},{"year":2021,"cited_by_count":1}],"updated_date":"2026-05-29T09:21:14.243279","created_date":"2025-10-10T00:00:00"}