{"id":"https://openalex.org/W2155146488","doi":"https://doi.org/10.1109/icon.2004.1409210","title":"An efficient hidden Markov model training scheme for anomaly intrusion detection of server applications based on system calls","display_name":"An efficient hidden Markov model training scheme for anomaly intrusion detection of server applications based on system calls","publication_year":2005,"publication_date":"2005-04-12","ids":{"openalex":"https://openalex.org/W2155146488","doi":"https://doi.org/10.1109/icon.2004.1409210","mag":"2155146488"},"language":"en","primary_location":{"id":"doi:10.1109/icon.2004.1409210","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icon.2004.1409210","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings. 2004 12th IEEE International Conference on Networks (ICON 2004) (IEEE Cat. No.04EX955)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://figshare.com/articles/conference_contribution/An_efficient_hidden_Markov_model_training_scheme_for_anomaly_intrusion_detection_of_server_applications_based_on_system_calls/27335115","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5059281736","display_name":"Xuan Dau Hoang","orcid":"https://orcid.org/0000-0002-2566-7704"},"institutions":[{"id":"https://openalex.org/I82951845","display_name":"RMIT University","ror":"https://ror.org/04ttjf776","country_code":"AU","type":"education","lineage":["https://openalex.org/I82951845"]}],"countries":["AU"],"is_corresponding":true,"raw_author_name":"X.A. Hoang","raw_affiliation_strings":["School of Computer Science and Information Technology, RMIT University, Melbourne, VIC, Australia"],"affiliations":[{"raw_affiliation_string":"School of Computer Science and Information Technology, RMIT University, Melbourne, VIC, Australia","institution_ids":["https://openalex.org/I82951845"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5075234257","display_name":"Jiankun Hu","orcid":"https://orcid.org/0000-0003-0230-1432"},"institutions":[{"id":"https://openalex.org/I82951845","display_name":"RMIT University","ror":"https://ror.org/04ttjf776","country_code":"AU","type":"education","lineage":["https://openalex.org/I82951845"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"J. Hu","raw_affiliation_strings":["School of Computer Science and Information Technology, RMIT University, Melbourne, VIC, Australia"],"affiliations":[{"raw_affiliation_string":"School of Computer Science and Information Technology, RMIT University, Melbourne, VIC, Australia","institution_ids":["https://openalex.org/I82951845"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5059281736"],"corresponding_institution_ids":["https://openalex.org/I82951845"],"apc_list":null,"apc_paid":null,"fwci":2.7373,"has_fulltext":false,"cited_by_count":78,"citation_normalized_percentile":{"value":0.91844523,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":99},"biblio":{"volume":"2","issue":null,"first_page":"470","last_page":"474"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9976000189781189,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9973999857902527,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/hidden-markov-model","display_name":"Hidden Markov model","score":0.9534099698066711},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7792198657989502},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.7053275108337402},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.6579765677452087},{"id":"https://openalex.org/keywords/scheme","display_name":"Scheme (mathematics)","score":0.6151503920555115},{"id":"https://openalex.org/keywords/denial-of-service-attack","display_name":"Denial-of-service attack","score":0.5481763482093811},{"id":"https://openalex.org/keywords/training","display_name":"Training (meteorology)","score":0.5454372763633728},{"id":"https://openalex.org/keywords/system-call","display_name":"System call","score":0.5263805985450745},{"id":"https://openalex.org/keywords/sequence","display_name":"Sequence (biology)","score":0.5234106183052063},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.5002269744873047},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.47217434644699097},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.4491982161998749},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.4253462255001068},{"id":"https://openalex.org/keywords/markov-model","display_name":"Markov model","score":0.4243742525577545},{"id":"https://openalex.org/keywords/pattern-recognition","display_name":"Pattern recognition (psychology)","score":0.35517776012420654},{"id":"https://openalex.org/keywords/markov-chain","display_name":"Markov chain","score":0.22043141722679138}],"concepts":[{"id":"https://openalex.org/C23224414","wikidata":"https://www.wikidata.org/wiki/Q176769","display_name":"Hidden Markov model","level":2,"score":0.9534099698066711},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7792198657989502},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.7053275108337402},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.6579765677452087},{"id":"https://openalex.org/C77618280","wikidata":"https://www.wikidata.org/wiki/Q1155772","display_name":"Scheme (mathematics)","level":2,"score":0.6151503920555115},{"id":"https://openalex.org/C38822068","wikidata":"https://www.wikidata.org/wiki/Q131406","display_name":"Denial-of-service attack","level":3,"score":0.5481763482093811},{"id":"https://openalex.org/C2777211547","wikidata":"https://www.wikidata.org/wiki/Q17141490","display_name":"Training (meteorology)","level":2,"score":0.5454372763633728},{"id":"https://openalex.org/C2778579508","wikidata":"https://www.wikidata.org/wiki/Q722192","display_name":"System call","level":2,"score":0.5263805985450745},{"id":"https://openalex.org/C2778112365","wikidata":"https://www.wikidata.org/wiki/Q3511065","display_name":"Sequence (biology)","level":2,"score":0.5234106183052063},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.5002269744873047},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.47217434644699097},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.4491982161998749},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.4253462255001068},{"id":"https://openalex.org/C163836022","wikidata":"https://www.wikidata.org/wiki/Q6771326","display_name":"Markov model","level":3,"score":0.4243742525577545},{"id":"https://openalex.org/C153180895","wikidata":"https://www.wikidata.org/wiki/Q7148389","display_name":"Pattern recognition (psychology)","level":2,"score":0.35517776012420654},{"id":"https://openalex.org/C98763669","wikidata":"https://www.wikidata.org/wiki/Q176645","display_name":"Markov chain","level":2,"score":0.22043141722679138},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C54355233","wikidata":"https://www.wikidata.org/wiki/Q7162","display_name":"Genetics","level":1,"score":0.0},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.0},{"id":"https://openalex.org/C134306372","wikidata":"https://www.wikidata.org/wiki/Q7754","display_name":"Mathematical analysis","level":1,"score":0.0},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.0},{"id":"https://openalex.org/C153294291","wikidata":"https://www.wikidata.org/wiki/Q25261","display_name":"Meteorology","level":1,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0}],"mesh":[],"locations_count":6,"locations":[{"id":"doi:10.1109/icon.2004.1409210","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icon.2004.1409210","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings. 2004 12th IEEE International Conference on Networks (ICON 2004) (IEEE Cat. No.04EX955)","raw_type":"proceedings-article"},{"id":"pmh:oai:alma61RMIT.INST:11248274970001341","is_oa":false,"landing_page_url":"https://researchrepository.rmit.edu.au/esploro/outputs/conferenceProceeding/An-efficient-hidden-Markov-model-training/9921864085001341","pdf_url":null,"source":{"id":"https://openalex.org/S4306402074","display_name":"RMIT Research Repository (RMIT University Library)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I82951845","host_organization_name":"RMIT University","host_organization_lineage":["https://openalex.org/I82951845"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"text"},{"id":"pmh:oai:researchbank.rmit.edu.au:rmit:1501","is_oa":false,"landing_page_url":"http://researchbank.rmit.edu.au/view/rmit:1501","pdf_url":null,"source":{"id":"https://openalex.org/S4306402074","display_name":"RMIT Research Repository (RMIT University Library)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I82951845","host_organization_name":"RMIT University","host_organization_lineage":["https://openalex.org/I82951845"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"Conference Paper"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.314.7507","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.314.7507","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://researchbank.rmit.edu.au/eserv/rmit:1501/n2004000537.pdf","raw_type":"text"},{"id":"pmh:oai:alma.61RMIT_INST:11248274970001341","is_oa":false,"landing_page_url":"http://doi.org/10.1109/ICON.2004.1409210","pdf_url":null,"source":{"id":"https://openalex.org/S4306402074","display_name":"RMIT Research Repository (RMIT University Library)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I82951845","host_organization_name":"RMIT University","host_organization_lineage":["https://openalex.org/I82951845"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"text"},{"id":"pmh:oai:figshare.com:article/27335115","is_oa":true,"landing_page_url":"https://figshare.com/articles/conference_contribution/An_efficient_hidden_Markov_model_training_scheme_for_anomaly_intrusion_detection_of_server_applications_based_on_system_calls/27335115","pdf_url":null,"source":{"id":"https://openalex.org/S4377196282","display_name":"Figshare","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I4210132348","host_organization_name":"Figshare (United Kingdom)","host_organization_lineage":["https://openalex.org/I4210132348"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"Text"}],"best_oa_location":{"id":"pmh:oai:figshare.com:article/27335115","is_oa":true,"landing_page_url":"https://figshare.com/articles/conference_contribution/An_efficient_hidden_Markov_model_training_scheme_for_anomaly_intrusion_detection_of_server_applications_based_on_system_calls/27335115","pdf_url":null,"source":{"id":"https://openalex.org/S4377196282","display_name":"Figshare","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I4210132348","host_organization_name":"Figshare (United Kingdom)","host_organization_lineage":["https://openalex.org/I4210132348"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"Text"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":9,"referenced_works":["https://openalex.org/W1562890122","https://openalex.org/W1941427975","https://openalex.org/W1967354722","https://openalex.org/W2085305295","https://openalex.org/W2125838338","https://openalex.org/W2129860818","https://openalex.org/W2137997715","https://openalex.org/W2149136862","https://openalex.org/W3136767761"],"related_works":["https://openalex.org/W1996865198","https://openalex.org/W2385758958","https://openalex.org/W2183313954","https://openalex.org/W1969635302","https://openalex.org/W2134386692","https://openalex.org/W1510894296","https://openalex.org/W2316449557","https://openalex.org/W2082284720","https://openalex.org/W2194396582","https://openalex.org/W2532369412"],"abstract_inverted_index":{"Recently":[0],"hidden":[1],"Markov":[2],"model":[3,14,149],"(HMM)":[4],"has":[5],"been":[6],"proved":[7],"to":[8,13,100,134,152],"be":[9],"a":[10,59],"good":[11],"tool":[12],"normal":[15],"behaviours":[16],"of":[17,72,91,96,136],"privileged":[18],"processes":[19],"for":[20,51],"anomaly":[21],"intrusion":[22,53],"detection":[23,54,148],"based":[24],"on":[25],"system":[26],"calls.":[27],"However,":[28],"one":[29,102],"major":[30],"problem":[31],"with":[32],"this":[33,57,106],"approach":[34],"is":[35,66,98,108,150],"that":[36,120,135,145],"it":[37,49],"demands":[38],"excessive":[39],"computing":[40],"resources":[41],"in":[42,158],"the":[43,69,84,112,127,137],"HMM":[44,63,77,114,122],"training":[45,64,74,123,128],"process,":[46],"which":[47],"makes":[48],"inefficient":[50],"practical":[52],"systems.":[55],"In":[56],"paper":[58],"simple":[60],"and":[61,75,104],"efficient":[62],"scheme":[65,81,124],"proposed":[67,80],"by":[68,130],"innovative":[70],"integration":[71],"multiple-observations":[73],"incremental":[76],"training.":[78,140],"The":[79,141],"first":[82],"divides":[83],"long":[85],"observation":[86],"sequence":[87],"into":[88,111],"multiple":[89],"subsets":[90],"sequences.":[92],"Next":[93],"each":[94],"subset":[95],"data":[97],"used":[99],"infer":[101],"sub-model,":[103],"then":[105],"sub-model":[107],"incrementally":[109],"merged":[110],"final":[113],"model.":[115],"Our":[116],"experimental":[117],"results":[118,142],"show":[119,144],"our":[121,146],"can":[125],"reduce":[126],"time":[129],"about":[131],"60%":[132],"compared":[133],"conventional":[138],"batch":[139],"also":[143],"HMM-based":[147],"able":[151],"detect":[153],"all":[154],"denial-of-service":[155],"attacks":[156],"embedded":[157],"testing":[159],"traces.":[160]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2023,"cited_by_count":1},{"year":2022,"cited_by_count":2},{"year":2021,"cited_by_count":1},{"year":2020,"cited_by_count":4},{"year":2019,"cited_by_count":5},{"year":2018,"cited_by_count":5},{"year":2017,"cited_by_count":5},{"year":2016,"cited_by_count":5},{"year":2015,"cited_by_count":5},{"year":2014,"cited_by_count":9},{"year":2013,"cited_by_count":8},{"year":2012,"cited_by_count":5}],"updated_date":"2026-04-05T17:49:38.594831","created_date":"2025-10-10T00:00:00"}