{"id":"https://openalex.org/W2183186609","doi":"https://doi.org/10.1109/cns.2015.7346858","title":"Towards a science of anomaly detection system evasion","display_name":"Towards a science of anomaly detection system evasion","publication_year":2015,"publication_date":"2015-09-01","ids":{"openalex":"https://openalex.org/W2183186609","doi":"https://doi.org/10.1109/cns.2015.7346858","mag":"2183186609"},"language":"en","primary_location":{"id":"doi:10.1109/cns.2015.7346858","is_oa":false,"landing_page_url":"https://doi.org/10.1109/cns.2015.7346858","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2015 IEEE Conference on Communications and Network Security (CNS)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5108432257","display_name":"Muhammad Qasim Ali","orcid":"https://orcid.org/0009-0004-5340-3310"},"institutions":[{"id":"https://openalex.org/I1308906816","display_name":"NortonLifeLock (United States)","ror":"https://ror.org/0449t3a80","country_code":"US","type":"company","lineage":["https://openalex.org/I1308906816"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Muhammad Qasim Ali","raw_affiliation_strings":["Symantec Corp Cupertino, Cupertino, CA, US"],"affiliations":[{"raw_affiliation_string":"Symantec Corp Cupertino, Cupertino, CA, US","institution_ids":["https://openalex.org/I1308906816"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5080789785","display_name":"Ayesha Binte Ashfaq","orcid":null},"institutions":[{"id":"https://openalex.org/I929597975","display_name":"National University of Sciences and Technology","ror":"https://ror.org/03w2j5y17","country_code":"PK","type":"education","lineage":["https://openalex.org/I929597975"]}],"countries":["PK"],"is_corresponding":false,"raw_author_name":"Ayesha Binte Ashfaq","raw_affiliation_strings":["National University of Sciences and Technology, Pakistan"],"affiliations":[{"raw_affiliation_string":"National University of Sciences and Technology, Pakistan","institution_ids":["https://openalex.org/I929597975"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5043893479","display_name":"Ehab Al\u2010Shaer","orcid":"https://orcid.org/0000-0002-7665-8293"},"institutions":[{"id":"https://openalex.org/I102149020","display_name":"University of North Carolina at Charlotte","ror":"https://ror.org/04dawnj30","country_code":"US","type":"education","lineage":["https://openalex.org/I102149020"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Ehab Al-Shaer","raw_affiliation_strings":["Department of Software and Information Systems, University of North Carolina Charlotte, Charlotte, NC"],"affiliations":[{"raw_affiliation_string":"Department of Software and Information Systems, University of North Carolina Charlotte, Charlotte, NC","institution_ids":["https://openalex.org/I102149020"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5101713020","display_name":"Qi Duan","orcid":"https://orcid.org/0000-0002-6168-5192"},"institutions":[{"id":"https://openalex.org/I102149020","display_name":"University of North Carolina at Charlotte","ror":"https://ror.org/04dawnj30","country_code":"US","type":"education","lineage":["https://openalex.org/I102149020"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Qi Duan","raw_affiliation_strings":["Department of Software and Information Systems, University of North Carolina Charlotte, Charlotte, NC"],"affiliations":[{"raw_affiliation_string":"Department of Software and Information Systems, University of North Carolina Charlotte, Charlotte, NC","institution_ids":["https://openalex.org/I102149020"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5108432257"],"corresponding_institution_ids":["https://openalex.org/I1308906816"],"apc_list":null,"apc_paid":null,"fwci":0.3328,"has_fulltext":false,"cited_by_count":5,"citation_normalized_percentile":{"value":0.66108209,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":95},"biblio":{"volume":null,"issue":null,"first_page":"460","last_page":"468"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9966999888420105,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/evasion","display_name":"Evasion (ethics)","score":0.9378312826156616},{"id":"https://openalex.org/keywords/margin","display_name":"Margin (machine learning)","score":0.7344413995742798},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.6831682920455933},{"id":"https://openalex.org/keywords/robustness","display_name":"Robustness (evolution)","score":0.6401726603507996},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6130417585372925},{"id":"https://openalex.org/keywords/anomaly","display_name":"Anomaly (physics)","score":0.4718972146511078},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.4282679557800293},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.3934746980667114},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.21167820692062378},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.13101959228515625}],"concepts":[{"id":"https://openalex.org/C2781251061","wikidata":"https://www.wikidata.org/wiki/Q5416089","display_name":"Evasion (ethics)","level":3,"score":0.9378312826156616},{"id":"https://openalex.org/C774472","wikidata":"https://www.wikidata.org/wiki/Q6760393","display_name":"Margin (machine learning)","level":2,"score":0.7344413995742798},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.6831682920455933},{"id":"https://openalex.org/C63479239","wikidata":"https://www.wikidata.org/wiki/Q7353546","display_name":"Robustness (evolution)","level":3,"score":0.6401726603507996},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6130417585372925},{"id":"https://openalex.org/C12997251","wikidata":"https://www.wikidata.org/wiki/Q567560","display_name":"Anomaly (physics)","level":2,"score":0.4718972146511078},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.4282679557800293},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3934746980667114},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.21167820692062378},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.13101959228515625},{"id":"https://openalex.org/C104317684","wikidata":"https://www.wikidata.org/wiki/Q7187","display_name":"Gene","level":2,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C55493867","wikidata":"https://www.wikidata.org/wiki/Q7094","display_name":"Biochemistry","level":1,"score":0.0},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0},{"id":"https://openalex.org/C185592680","wikidata":"https://www.wikidata.org/wiki/Q2329","display_name":"Chemistry","level":0,"score":0.0},{"id":"https://openalex.org/C8891405","wikidata":"https://www.wikidata.org/wiki/Q1059","display_name":"Immune system","level":2,"score":0.0},{"id":"https://openalex.org/C26873012","wikidata":"https://www.wikidata.org/wiki/Q214781","display_name":"Condensed matter physics","level":1,"score":0.0},{"id":"https://openalex.org/C203014093","wikidata":"https://www.wikidata.org/wiki/Q101929","display_name":"Immunology","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/cns.2015.7346858","is_oa":false,"landing_page_url":"https://doi.org/10.1109/cns.2015.7346858","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2015 IEEE Conference on Communications and Network Security (CNS)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":30,"referenced_works":["https://openalex.org/W1490025813","https://openalex.org/W1553177637","https://openalex.org/W1604044955","https://openalex.org/W1744212210","https://openalex.org/W1903577715","https://openalex.org/W1982304603","https://openalex.org/W2018653712","https://openalex.org/W2032247543","https://openalex.org/W2039390926","https://openalex.org/W2042097996","https://openalex.org/W2067064328","https://openalex.org/W2080378870","https://openalex.org/W2085533912","https://openalex.org/W2101146371","https://openalex.org/W2109224931","https://openalex.org/W2116796800","https://openalex.org/W2121035740","https://openalex.org/W2135143063","https://openalex.org/W2136861353","https://openalex.org/W2158557632","https://openalex.org/W2163468230","https://openalex.org/W2401951280","https://openalex.org/W4211083643","https://openalex.org/W4239856175","https://openalex.org/W4285719527","https://openalex.org/W6629285517","https://openalex.org/W6633219197","https://openalex.org/W6639770171","https://openalex.org/W6677566838","https://openalex.org/W6682927841"],"related_works":["https://openalex.org/W2806741695","https://openalex.org/W4290647774","https://openalex.org/W3189286258","https://openalex.org/W3207797160","https://openalex.org/W3210364259","https://openalex.org/W4300558037","https://openalex.org/W2912112202","https://openalex.org/W2667207928","https://openalex.org/W4377864969","https://openalex.org/W2972971679"],"abstract_inverted_index":{"A":[0],"fundamental":[1],"drawback":[2],"of":[3,12,43,71,112],"current":[4],"anomaly":[5,79],"detection":[6,80],"systems":[7],"(ADSs)":[8],"is":[9,20,152],"the":[10,23,69,85,106,110,121,146,156],"ability":[11],"a":[13,98,126],"skilled":[14],"attacker":[15,28,73],"to":[16,22,59,74,101,108,115,119,144,154],"evade":[17],"detection.":[18],"This":[19],"due":[21,114],"flawed":[24],"assumption":[25],"that":[26,40,84],"an":[27,35,72],"does":[29],"not":[30],"have":[31],"any":[32],"information":[33,51],"about":[34,52],"ADS.":[36],"Advanced":[37],"persistent":[38],"threats":[39],"are":[41,142],"capable":[42],"monitoring":[44],"network":[45],"behavior":[46],"can":[47,87],"always":[48],"estimate":[49],"some":[50],"ADSs":[53,57,86,132],"which":[54],"makes":[55],"these":[56],"susceptible":[58],"evasion":[60,76,103,113,122,138],"attacks.":[61,94,139],"Hence":[62],"in":[63],"this":[64],"paper,":[65],"we":[66,124],"first":[67],"assume":[68],"role":[70],"launch":[75],"attacks":[77],"on":[78],"systems.":[81],"We":[82,95],"show":[83],"be":[88],"completely":[89],"paralyzed":[90],"by":[91],"parameter":[92],"estimation":[93],"then":[96],"present":[97],"mathematical":[99],"model":[100],"measure":[102],"margin":[104],"with":[105],"aim":[107],"understand":[109],"science":[111],"ADS":[116],"design.":[117],"Finally,":[118],"minimize":[120],"margin,":[123],"propose":[125],"key-based":[127],"randomization":[128],"scheme":[129],"for":[130],"existing":[131],"and":[133,149],"discuss":[134],"its":[135],"robustness":[136],"against":[137],"Case":[140],"studies":[141],"presented":[143],"illustrate":[145],"design":[147],"methodology":[148],"extensive":[150],"experimentation":[151],"performed":[153],"corroborate":[155],"results.":[157]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":1},{"year":2022,"cited_by_count":1},{"year":2018,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}