{"id":"https://openalex.org/W4416259344","doi":"https://doi.org/10.1109/icmla66185.2025.00128","title":"LIGHT-HIDS: A Lightweight and Effective Machine Learning-Based Framework for Robust Host Intrusion Detection","display_name":"LIGHT-HIDS: A Lightweight and Effective Machine Learning-Based Framework for Robust Host Intrusion Detection","publication_year":2025,"publication_date":"2025-12-03","ids":{"openalex":"https://openalex.org/W4416259344","doi":"https://doi.org/10.1109/icmla66185.2025.00128"},"language":"en","primary_location":{"id":"doi:10.1109/icmla66185.2025.00128","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icmla66185.2025.00128","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 International Conference on Machine Learning and Applications (ICMLA)","raw_type":"proceedings-article"},"type":"article","indexed_in":["arxiv","crossref","datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://arxiv.org/pdf/2509.13464","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5067741934","display_name":"Onat G\u00fcng\u00f6r","orcid":"https://orcid.org/0000-0001-7215-0890"},"institutions":[{"id":"https://openalex.org/I36258959","display_name":"University of California San Diego","ror":"https://ror.org/0168r3w48","country_code":"US","type":"education","lineage":["https://openalex.org/I36258959"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Onat Gungor","raw_affiliation_strings":["University of California,Department of Computer Science and Engineering,San Diego"],"affiliations":[{"raw_affiliation_string":"University of California,Department of Computer Science and Engineering,San Diego","institution_ids":["https://openalex.org/I36258959"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5004794906","display_name":"Ishaan R. Kale","orcid":"https://orcid.org/0000-0003-2983-5004"},"institutions":[{"id":"https://openalex.org/I36258959","display_name":"University of California San Diego","ror":"https://ror.org/0168r3w48","country_code":"US","type":"education","lineage":["https://openalex.org/I36258959"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Ishaan Kale","raw_affiliation_strings":["University of California,Department of Computer Science and Engineering,San Diego"],"affiliations":[{"raw_affiliation_string":"University of California,Department of Computer Science and Engineering,San Diego","institution_ids":["https://openalex.org/I36258959"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5038250840","display_name":"Jiasheng Zhou","orcid":"https://orcid.org/0000-0001-6165-1294"},"institutions":[{"id":"https://openalex.org/I36258959","display_name":"University of California San Diego","ror":"https://ror.org/0168r3w48","country_code":"US","type":"education","lineage":["https://openalex.org/I36258959"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Jiasheng Zhou","raw_affiliation_strings":["University of California,Department of Computer Science and Engineering,San Diego"],"affiliations":[{"raw_affiliation_string":"University of California,Department of Computer Science and Engineering,San Diego","institution_ids":["https://openalex.org/I36258959"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5025573294","display_name":"Tajana Rosing","orcid":"https://orcid.org/0000-0002-6954-997X"},"institutions":[{"id":"https://openalex.org/I36258959","display_name":"University of California San Diego","ror":"https://ror.org/0168r3w48","country_code":"US","type":"education","lineage":["https://openalex.org/I36258959"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Tajana Rosing","raw_affiliation_strings":["University of California,Department of Computer Science and Engineering,San Diego"],"affiliations":[{"raw_affiliation_string":"University of California,Department of Computer Science and Engineering,San Diego","institution_ids":["https://openalex.org/I36258959"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5067741934"],"corresponding_institution_ids":["https://openalex.org/I36258959"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.38834681,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"863","last_page":"868"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.8162999749183655,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.8162999749183655,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10917","display_name":"Smart Grid Security and Resilience","score":0.057999998331069946,"subfield":{"id":"https://openalex.org/subfields/2207","display_name":"Control and Systems Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.03889999911189079,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.7192999720573425},{"id":"https://openalex.org/keywords/inference","display_name":"Inference","score":0.7053999900817871},{"id":"https://openalex.org/keywords/scalability","display_name":"Scalability","score":0.5519999861717224},{"id":"https://openalex.org/keywords/support-vector-machine","display_name":"Support vector machine","score":0.5264999866485596},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.5041999816894531},{"id":"https://openalex.org/keywords/host","display_name":"Host (biology)","score":0.4643999934196472},{"id":"https://openalex.org/keywords/artificial-neural-network","display_name":"Artificial neural network","score":0.4397999942302704},{"id":"https://openalex.org/keywords/novelty-detection","display_name":"Novelty detection","score":0.4268999993801117},{"id":"https://openalex.org/keywords/anomaly-based-intrusion-detection-system","display_name":"Anomaly-based intrusion detection system","score":0.40560001134872437},{"id":"https://openalex.org/keywords/latency","display_name":"Latency (audio)","score":0.38100001215934753}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7529000043869019},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.7192999720573425},{"id":"https://openalex.org/C2776214188","wikidata":"https://www.wikidata.org/wiki/Q408386","display_name":"Inference","level":2,"score":0.7053999900817871},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.609499990940094},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.5608999729156494},{"id":"https://openalex.org/C48044578","wikidata":"https://www.wikidata.org/wiki/Q727490","display_name":"Scalability","level":2,"score":0.5519999861717224},{"id":"https://openalex.org/C12267149","wikidata":"https://www.wikidata.org/wiki/Q282453","display_name":"Support vector machine","level":2,"score":0.5264999866485596},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.5041999816894531},{"id":"https://openalex.org/C126831891","wikidata":"https://www.wikidata.org/wiki/Q221673","display_name":"Host (biology)","level":2,"score":0.4643999934196472},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.44269999861717224},{"id":"https://openalex.org/C50644808","wikidata":"https://www.wikidata.org/wiki/Q192776","display_name":"Artificial neural network","level":2,"score":0.4397999942302704},{"id":"https://openalex.org/C2778924833","wikidata":"https://www.wikidata.org/wiki/Q7064603","display_name":"Novelty detection","level":3,"score":0.4268999993801117},{"id":"https://openalex.org/C137524506","wikidata":"https://www.wikidata.org/wiki/Q2247688","display_name":"Anomaly-based intrusion detection system","level":3,"score":0.40560001134872437},{"id":"https://openalex.org/C82876162","wikidata":"https://www.wikidata.org/wiki/Q17096504","display_name":"Latency (audio)","level":2,"score":0.38100001215934753},{"id":"https://openalex.org/C52622490","wikidata":"https://www.wikidata.org/wiki/Q1026626","display_name":"Feature extraction","level":2,"score":0.3779999911785126},{"id":"https://openalex.org/C2776401178","wikidata":"https://www.wikidata.org/wiki/Q12050496","display_name":"Feature (linguistics)","level":2,"score":0.3700999915599823},{"id":"https://openalex.org/C55166926","wikidata":"https://www.wikidata.org/wiki/Q2892946","display_name":"Oracle","level":2,"score":0.35850000381469727},{"id":"https://openalex.org/C188198153","wikidata":"https://www.wikidata.org/wiki/Q1613840","display_name":"Limiting","level":2,"score":0.35569998621940613},{"id":"https://openalex.org/C2778738651","wikidata":"https://www.wikidata.org/wiki/Q16546687","display_name":"Novelty","level":2,"score":0.3368000090122223},{"id":"https://openalex.org/C182590292","wikidata":"https://www.wikidata.org/wiki/Q989632","display_name":"Network security","level":2,"score":0.32670000195503235},{"id":"https://openalex.org/C63479239","wikidata":"https://www.wikidata.org/wiki/Q7353546","display_name":"Robustness (evolution)","level":3,"score":0.31459999084472656},{"id":"https://openalex.org/C59404180","wikidata":"https://www.wikidata.org/wiki/Q17013334","display_name":"Feature learning","level":2,"score":0.3124000132083893},{"id":"https://openalex.org/C46743427","wikidata":"https://www.wikidata.org/wiki/Q1341685","display_name":"Inference engine","level":3,"score":0.3091000020503998},{"id":"https://openalex.org/C75684735","wikidata":"https://www.wikidata.org/wiki/Q858810","display_name":"Big data","level":2,"score":0.30550000071525574},{"id":"https://openalex.org/C108583219","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep learning","level":2,"score":0.28870001435279846},{"id":"https://openalex.org/C2775941552","wikidata":"https://www.wikidata.org/wiki/Q25212305","display_name":"Isolation (microbiology)","level":2,"score":0.28679999709129333},{"id":"https://openalex.org/C90936777","wikidata":"https://www.wikidata.org/wiki/Q917189","display_name":"Host-based intrusion detection system","level":4,"score":0.2800999879837036},{"id":"https://openalex.org/C67186912","wikidata":"https://www.wikidata.org/wiki/Q367664","display_name":"Data modeling","level":2,"score":0.27480000257492065},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.27129998803138733},{"id":"https://openalex.org/C162307627","wikidata":"https://www.wikidata.org/wiki/Q204833","display_name":"Enhanced Data Rates for GSM Evolution","level":2,"score":0.2703000009059906},{"id":"https://openalex.org/C38822068","wikidata":"https://www.wikidata.org/wiki/Q131406","display_name":"Denial-of-service attack","level":3,"score":0.2687999904155731},{"id":"https://openalex.org/C2778579508","wikidata":"https://www.wikidata.org/wiki/Q722192","display_name":"System call","level":2,"score":0.26739999651908875},{"id":"https://openalex.org/C83665646","wikidata":"https://www.wikidata.org/wiki/Q42139305","display_name":"Feature vector","level":2,"score":0.25929999351501465},{"id":"https://openalex.org/C158154518","wikidata":"https://www.wikidata.org/wiki/Q7310970","display_name":"Relevance (law)","level":2,"score":0.25839999318122864},{"id":"https://openalex.org/C120314980","wikidata":"https://www.wikidata.org/wiki/Q180634","display_name":"Distributed computing","level":1,"score":0.25450000166893005}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1109/icmla66185.2025.00128","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icmla66185.2025.00128","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 International Conference on Machine Learning and Applications (ICMLA)","raw_type":"proceedings-article"},{"id":"pmh:oai:arXiv.org:2509.13464","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2509.13464","pdf_url":"https://arxiv.org/pdf/2509.13464","source":{"id":"https://openalex.org/S4393918464","display_name":"ArXiv.org","issn_l":"2331-8422","issn":["2331-8422"],"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},{"id":"doi:10.48550/arxiv.2509.13464","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2509.13464","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"pmh:oai:arXiv.org:2509.13464","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2509.13464","pdf_url":"https://arxiv.org/pdf/2509.13464","source":{"id":"https://openalex.org/S4393918464","display_name":"ArXiv.org","issn_l":"2331-8422","issn":["2331-8422"],"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"The":[0],"expansion":[1],"of":[2,104,108],"edge":[3],"computing":[4],"has":[5],"increased":[6],"the":[7,102],"attack":[8],"surface,":[9],"creating":[10],"an":[11,93],"urgent":[12],"need":[13],"for":[14,46,113,153],"robust,":[15],"real-time":[16,154],"machine":[17,73,150],"learning":[18,74,103],"(ML)-based":[19],"host":[20,155],"intrusion":[21,156],"detection":[22,96,127],"systems":[23],"(HIDS)":[24],"that":[25,76,123],"balance":[26],"accuracy":[27,128],"and":[28,146],"efficiency.":[29],"In":[30],"such":[31],"settings,":[32],"inference":[33,61,131],"latency":[34],"poses":[35],"a":[36,71,78,149],"critical":[37],"security":[38],"risk,":[39],"as":[40,148],"delays":[41],"may":[42],"provide":[43],"exploitable":[44],"opportunities":[45],"attackers.":[47],"However,":[48],"many":[49],"state-of-the-art":[50,139],"ML-based":[51],"HIDS":[52],"solutions":[53],"rely":[54],"on":[55,119],"computationally":[56],"intensive":[57],"architectures":[58],"with":[59,92],"high":[60],"costs,":[62],"limiting":[63],"their":[64],"practical":[65],"deployment.":[66],"This":[67,98],"paper":[68],"proposes":[69],"LIGHT-HIDS,":[70],"lightweight":[72],"framework":[75],"combines":[77],"compressed":[79],"neural":[80],"network":[81],"feature":[82],"extractor":[83],"trained":[84],"via":[85],"Deep":[86],"Support":[87],"Vector":[88],"Data":[89],"Description":[90],"(DeepSVDD)":[91],"efficient":[94],"novelty":[95],"model.":[97],"hybrid":[99],"approach":[100],"enables":[101],"compact,":[105],"meaningful":[106],"representations":[107],"normal":[109],"system":[110],"call":[111],"behavior":[112],"accurate":[114],"anomaly":[115],"detection.":[116,157],"Experimental":[117],"results":[118],"multiple":[120],"datasets":[121],"demonstrate":[122],"LIGHT-HIDS":[124],"consistently":[125],"enhances":[126],"while":[129],"reducing":[130],"time":[132],"by":[133],"up":[134],"to":[135,138],"75\u00d7":[136],"compared":[137],"methods.":[140],"These":[141],"findings":[142],"highlight":[143],"its":[144],"effectiveness":[145],"scalability":[147],"learning-based":[151],"solution":[152]},"counts_by_year":[],"updated_date":"2026-04-09T06:08:40.794217","created_date":"2025-10-10T00:00:00"}