{"id":"https://openalex.org/W2102941975","doi":"https://doi.org/10.1109/hicss.2003.1174909","title":"Applications of hidden Markov models to detecting multi-stage network attacks","display_name":"Applications of hidden Markov models to detecting multi-stage network attacks","publication_year":2003,"publication_date":"2003-01-01","ids":{"openalex":"https://openalex.org/W2102941975","doi":"https://doi.org/10.1109/hicss.2003.1174909","mag":"2102941975"},"language":"en","primary_location":{"id":"doi:10.1109/hicss.2003.1174909","is_oa":false,"landing_page_url":"https://doi.org/10.1109/hicss.2003.1174909","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"36th Annual Hawaii International Conference on System Sciences, 2003. Proceedings of the","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5017966769","display_name":"Dirk Ourston","orcid":null},"institutions":[{"id":"https://openalex.org/I4388482701","display_name":"Applied Research Laboratory at the University of Hawai\u2018i","ror":"https://ror.org/046s2rf49","country_code":null,"type":"facility","lineage":["https://openalex.org/I4388482701"]},{"id":"https://openalex.org/I86519309","display_name":"The University of Texas at Austin","ror":"https://ror.org/00hj54h04","country_code":"US","type":"education","lineage":["https://openalex.org/I86519309"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"D. Ourston","raw_affiliation_strings":["Applied Research Laboratories, University of Texas, Austin, Austin, TX, USA","Appl. Res. Labs., Texas Univ., Austin, TX, USA"],"affiliations":[{"raw_affiliation_string":"Applied Research Laboratories, University of Texas, Austin, Austin, TX, USA","institution_ids":["https://openalex.org/I86519309","https://openalex.org/I4388482701"]},{"raw_affiliation_string":"Appl. Res. Labs., Texas Univ., Austin, TX, USA","institution_ids":["https://openalex.org/I86519309"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5007217630","display_name":"Sara Matzner","orcid":null},"institutions":[{"id":"https://openalex.org/I86519309","display_name":"The University of Texas at Austin","ror":"https://ror.org/00hj54h04","country_code":"US","type":"education","lineage":["https://openalex.org/I86519309"]},{"id":"https://openalex.org/I4388482701","display_name":"Applied Research Laboratory at the University of Hawai\u2018i","ror":"https://ror.org/046s2rf49","country_code":null,"type":"facility","lineage":["https://openalex.org/I4388482701"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"S. Matzner","raw_affiliation_strings":["Applied Research Laboratories, University of Texas, Austin, Austin, TX, USA","Appl. Res. Labs., Texas Univ., Austin, TX, USA"],"affiliations":[{"raw_affiliation_string":"Applied Research Laboratories, University of Texas, Austin, Austin, TX, USA","institution_ids":["https://openalex.org/I86519309","https://openalex.org/I4388482701"]},{"raw_affiliation_string":"Appl. Res. Labs., Texas Univ., Austin, TX, USA","institution_ids":["https://openalex.org/I86519309"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5021305741","display_name":"William Stump","orcid":null},"institutions":[{"id":"https://openalex.org/I4388482701","display_name":"Applied Research Laboratory at the University of Hawai\u2018i","ror":"https://ror.org/046s2rf49","country_code":null,"type":"facility","lineage":["https://openalex.org/I4388482701"]},{"id":"https://openalex.org/I86519309","display_name":"The University of Texas at Austin","ror":"https://ror.org/00hj54h04","country_code":"US","type":"education","lineage":["https://openalex.org/I86519309"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"W. Stump","raw_affiliation_strings":["Applied Research Laboratories, University of Texas, Austin, Austin, TX, USA","Appl. Res. Labs., Texas Univ., Austin, TX, USA"],"affiliations":[{"raw_affiliation_string":"Applied Research Laboratories, University of Texas, Austin, Austin, TX, USA","institution_ids":["https://openalex.org/I86519309","https://openalex.org/I4388482701"]},{"raw_affiliation_string":"Appl. Res. Labs., Texas Univ., Austin, TX, USA","institution_ids":["https://openalex.org/I86519309"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5108243320","display_name":"B. R. Hopkins","orcid":null},"institutions":[{"id":"https://openalex.org/I86519309","display_name":"The University of Texas at Austin","ror":"https://ror.org/00hj54h04","country_code":"US","type":"education","lineage":["https://openalex.org/I86519309"]},{"id":"https://openalex.org/I4388482701","display_name":"Applied Research Laboratory at the University of Hawai\u2018i","ror":"https://ror.org/046s2rf49","country_code":null,"type":"facility","lineage":["https://openalex.org/I4388482701"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"B. Hopkins","raw_affiliation_strings":["Applied Research Laboratories, University of Texas, Austin, Austin, TX, USA","Appl. Res. Labs., Texas Univ., Austin, TX, USA"],"affiliations":[{"raw_affiliation_string":"Applied Research Laboratories, University of Texas, Austin, Austin, TX, USA","institution_ids":["https://openalex.org/I86519309","https://openalex.org/I4388482701"]},{"raw_affiliation_string":"Appl. Res. Labs., Texas Univ., Austin, TX, USA","institution_ids":["https://openalex.org/I86519309"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5017966769"],"corresponding_institution_ids":["https://openalex.org/I4388482701","https://openalex.org/I86519309"],"apc_list":null,"apc_paid":null,"fwci":2.98,"has_fulltext":false,"cited_by_count":143,"citation_normalized_percentile":{"value":0.92601,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":91,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"10 pp.","last_page":"10 pp."},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9991000294685364,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9988999962806702,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8135957717895508},{"id":"https://openalex.org/keywords/hidden-markov-model","display_name":"Hidden Markov model","score":0.7259737253189087},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.6006631255149841},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.5848518013954163},{"id":"https://openalex.org/keywords/action","display_name":"Action (physics)","score":0.5685615539550781},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.5511236190795898},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.5411005020141602},{"id":"https://openalex.org/keywords/property","display_name":"Property (philosophy)","score":0.5229690670967102},{"id":"https://openalex.org/keywords/decision-tree","display_name":"Decision tree","score":0.47363677620887756},{"id":"https://openalex.org/keywords/artificial-neural-network","display_name":"Artificial neural network","score":0.4318804144859314},{"id":"https://openalex.org/keywords/noise","display_name":"Noise (video)","score":0.42857155203819275}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8135957717895508},{"id":"https://openalex.org/C23224414","wikidata":"https://www.wikidata.org/wiki/Q176769","display_name":"Hidden Markov model","level":2,"score":0.7259737253189087},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.6006631255149841},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.5848518013954163},{"id":"https://openalex.org/C2780791683","wikidata":"https://www.wikidata.org/wiki/Q846785","display_name":"Action (physics)","level":2,"score":0.5685615539550781},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.5511236190795898},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.5411005020141602},{"id":"https://openalex.org/C189950617","wikidata":"https://www.wikidata.org/wiki/Q937228","display_name":"Property (philosophy)","level":2,"score":0.5229690670967102},{"id":"https://openalex.org/C84525736","wikidata":"https://www.wikidata.org/wiki/Q831366","display_name":"Decision tree","level":2,"score":0.47363677620887756},{"id":"https://openalex.org/C50644808","wikidata":"https://www.wikidata.org/wiki/Q192776","display_name":"Artificial neural network","level":2,"score":0.4318804144859314},{"id":"https://openalex.org/C99498987","wikidata":"https://www.wikidata.org/wiki/Q2210247","display_name":"Noise (video)","level":3,"score":0.42857155203819275},{"id":"https://openalex.org/C111472728","wikidata":"https://www.wikidata.org/wiki/Q9471","display_name":"Epistemology","level":1,"score":0.0},{"id":"https://openalex.org/C62520636","wikidata":"https://www.wikidata.org/wiki/Q944","display_name":"Quantum mechanics","level":1,"score":0.0},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.0},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0},{"id":"https://openalex.org/C115961682","wikidata":"https://www.wikidata.org/wiki/Q860623","display_name":"Image (mathematics)","level":2,"score":0.0}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1109/hicss.2003.1174909","is_oa":false,"landing_page_url":"https://doi.org/10.1109/hicss.2003.1174909","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"36th Annual Hawaii International Conference on System Sciences, 2003. Proceedings of the","raw_type":"proceedings-article"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.3.8671","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.3.8671","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://www.hicss.hawaii.edu/HICSS36/HICSSpapers/STSSS03.pdf","raw_type":"text"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.96.5640","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.96.5640","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://csdl.computer.org/comp/proceedings/hicss/2003/1874/09/187490334b.pdf","raw_type":"text"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.800000011920929,"display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":39,"referenced_works":["https://openalex.org/W129457532","https://openalex.org/W162146437","https://openalex.org/W200042785","https://openalex.org/W1536864280","https://openalex.org/W1543388142","https://openalex.org/W1566768828","https://openalex.org/W1570448133","https://openalex.org/W1574901103","https://openalex.org/W1582506709","https://openalex.org/W1589835178","https://openalex.org/W1912982817","https://openalex.org/W1966454457","https://openalex.org/W2028276885","https://openalex.org/W2045812729","https://openalex.org/W2073165180","https://openalex.org/W2084416457","https://openalex.org/W2096942889","https://openalex.org/W2105594594","https://openalex.org/W2108867737","https://openalex.org/W2117646649","https://openalex.org/W2123504579","https://openalex.org/W2129860818","https://openalex.org/W2147169507","https://openalex.org/W2160929103","https://openalex.org/W2170335877","https://openalex.org/W2466512847","https://openalex.org/W2591711098","https://openalex.org/W2795859624","https://openalex.org/W2942804451","https://openalex.org/W3148186152","https://openalex.org/W4235265844","https://openalex.org/W4244238212","https://openalex.org/W6606669397","https://openalex.org/W6608051331","https://openalex.org/W6632547301","https://openalex.org/W6633719172","https://openalex.org/W6635348713","https://openalex.org/W6668618797","https://openalex.org/W6683231058"],"related_works":["https://openalex.org/W2053269318","https://openalex.org/W2364370872","https://openalex.org/W2097963413","https://openalex.org/W2294335174","https://openalex.org/W2025614924","https://openalex.org/W3145575561","https://openalex.org/W2001275470","https://openalex.org/W2073996508","https://openalex.org/W2122022187","https://openalex.org/W2115529843"],"abstract_inverted_index":{"This":[0],"paper":[1],"describes":[2],"an":[3,25,79,127],"approach":[4],"using":[5],"hidden":[6],"Markov":[7],"models":[8],"(HMM)":[9],"to":[10,50,64,83,129,151,165],"detect":[11],"complex":[12,87,114,206],"Internet":[13,88,115],"attacks.":[14,116],"These":[15],"attacks":[16],"consist":[17],"of":[18,28,45,68,70,75,94,108,155],"several":[19],"steps":[20],"that":[21,160,189],"may":[22,35,40,60],"occur":[23],"over":[24],"extended":[26],"period":[27],"time.":[29],"Within":[30],"each":[31],"step,":[32],"specific":[33],"actions":[34,46,131],"be":[36,61,84,92,152],"interchangeable.":[37],"A":[38],"perpetrator":[39],"deliberately":[41],"use":[42,107],"a":[43,48,111,172],"choice":[44],"within":[47],"step":[49],"mask":[51],"the":[52,73,76,97,106,130,133,138,167],"intrusion.":[53],"In":[54,171],"other":[55,177],"cases,":[56],"alternate":[57],"action":[58,142,148],"sequences":[59],"random":[62],"(due":[63],"noise)":[65],"or":[66,145],"because":[67],"lack":[69],"experience":[71],"on":[72],"part":[74],"perpetrator.":[77],"For":[78],"intrusion":[80],"detection":[81],"system":[82],"effective":[85],"against":[86,113],"attacks,":[89],"it":[90],"must":[91,143],"capable":[93],"dealing":[95],"with":[96,175],"ambiguities":[98],"described":[99],"above.":[100],"We":[101,117],"describe":[102,118],"research":[103],"results":[104],"concerning":[105],"HMMs":[109,120,161,190],"as":[110],"defense":[112],"why":[119],"are":[121,162],"particularly":[122],"useful":[123],"when":[124],"there":[125],"is":[126],"order":[128,150],"constituting":[132],"attack":[134,169],"(that":[135],"is,":[136],"for":[137],"case":[139],"where":[140],"one":[141],"precede":[144],"follow":[146],"another":[147],"in":[149,203],"effective).":[153],"Because":[154],"this":[156],"property,":[157],"we":[158,187],"show":[159,188],"well":[163],"suited":[164],"address":[166],"multi-step":[168],"problem.":[170],"direct":[173],"comparison":[174],"two":[176],"classic":[178],"machine":[179],"learning":[180],"techniques,":[181],"decision":[182,195],"trees":[183,196],"and":[184,197],"neural":[185,201],"nets,":[186],"perform":[191],"generally":[192],"better":[193,199],"than":[194,200],"substantially":[198],"networks":[202],"detecting":[204],"these":[205],"intrusions.":[207]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":5},{"year":2023,"cited_by_count":4},{"year":2022,"cited_by_count":4},{"year":2021,"cited_by_count":5},{"year":2020,"cited_by_count":11},{"year":2019,"cited_by_count":16},{"year":2018,"cited_by_count":8},{"year":2017,"cited_by_count":7},{"year":2016,"cited_by_count":9},{"year":2015,"cited_by_count":9},{"year":2014,"cited_by_count":6},{"year":2013,"cited_by_count":12},{"year":2012,"cited_by_count":8}],"updated_date":"2026-04-05T17:49:38.594831","created_date":"2025-10-10T00:00:00"}