{"id":"https://openalex.org/W2119731398","doi":"https://doi.org/10.1109/issrew.2013.6688856","title":"Monitoring system calls for anomaly detection in modern operating systems","display_name":"Monitoring system calls for anomaly detection in modern operating systems","publication_year":2013,"publication_date":"2013-11-01","ids":{"openalex":"https://openalex.org/W2119731398","doi":"https://doi.org/10.1109/issrew.2013.6688856","mag":"2119731398"},"language":"en","primary_location":{"id":"doi:10.1109/issrew.2013.6688856","is_oa":false,"landing_page_url":"https://doi.org/10.1109/issrew.2013.6688856","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2013 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5014521144","display_name":"Shayan Eskandari","orcid":"https://orcid.org/0000-0001-7405-9249"},"institutions":[{"id":"https://openalex.org/I60158472","display_name":"Concordia University","ror":"https://ror.org/0420zvk78","country_code":"CA","type":"education","lineage":["https://openalex.org/I60158472"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Shayan Eskandari","raw_affiliation_strings":["Software Behaviour Analysis (SBA) Research Lab Concordia University, Montreal, QC, Canada","Software Behaviour Anal. (SBA) Res. Lab., Concordia Univ., Montreal, QC, Canada"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Software Behaviour Analysis (SBA) Research Lab Concordia University, Montreal, QC, Canada","institution_ids":["https://openalex.org/I60158472"]},{"raw_affiliation_string":"Software Behaviour Anal. (SBA) Res. Lab., Concordia Univ., Montreal, QC, Canada","institution_ids":["https://openalex.org/I60158472"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5035349718","display_name":"Wael Khreich","orcid":null},"institutions":[{"id":"https://openalex.org/I60158472","display_name":"Concordia University","ror":"https://ror.org/0420zvk78","country_code":"CA","type":"education","lineage":["https://openalex.org/I60158472"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Wael Khreich","raw_affiliation_strings":["Software Behaviour Analysis (SBA) Research Lab Concordia University, Montreal, QC, Canada","Software Behaviour Anal. (SBA) Res. Lab., Concordia Univ., Montreal, QC, Canada"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Software Behaviour Analysis (SBA) Research Lab Concordia University, Montreal, QC, Canada","institution_ids":["https://openalex.org/I60158472"]},{"raw_affiliation_string":"Software Behaviour Anal. (SBA) Res. Lab., Concordia Univ., Montreal, QC, Canada","institution_ids":["https://openalex.org/I60158472"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5032967266","display_name":"Syed Shariyar Murtaza","orcid":"https://orcid.org/0000-0003-3330-4783"},"institutions":[{"id":"https://openalex.org/I60158472","display_name":"Concordia University","ror":"https://ror.org/0420zvk78","country_code":"CA","type":"education","lineage":["https://openalex.org/I60158472"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Syed Shariyar Murtaza","raw_affiliation_strings":["Software Behaviour Analysis (SBA) Research Lab Concordia University, Montreal, QC, Canada","Software Behaviour Anal. (SBA) Res. Lab., Concordia Univ., Montreal, QC, Canada"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Software Behaviour Analysis (SBA) Research Lab Concordia University, Montreal, QC, Canada","institution_ids":["https://openalex.org/I60158472"]},{"raw_affiliation_string":"Software Behaviour Anal. (SBA) Res. Lab., Concordia Univ., Montreal, QC, Canada","institution_ids":["https://openalex.org/I60158472"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5058884064","display_name":"Abdelwahab Hamou\u2010Lhadj","orcid":"https://orcid.org/0000-0002-3319-5006"},"institutions":[{"id":"https://openalex.org/I60158472","display_name":"Concordia University","ror":"https://ror.org/0420zvk78","country_code":"CA","type":"education","lineage":["https://openalex.org/I60158472"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Abdelwahab Hamou-Lhadj","raw_affiliation_strings":["Software Behaviour Analysis (SBA) Research Lab Concordia University, Montreal, QC, Canada","Software Behaviour Anal. (SBA) Res. Lab., Concordia Univ., Montreal, QC, Canada"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Software Behaviour Analysis (SBA) Research Lab Concordia University, Montreal, QC, Canada","institution_ids":["https://openalex.org/I60158472"]},{"raw_affiliation_string":"Software Behaviour Anal. (SBA) Res. Lab., Concordia Univ., Montreal, QC, Canada","institution_ids":["https://openalex.org/I60158472"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5014912145","display_name":"Mario Couture","orcid":null},"institutions":[{"id":"https://openalex.org/I1297460800","display_name":"Defence Research and Development Canada","ror":"https://ror.org/00hgy8d33","country_code":"CA","type":"government","lineage":["https://openalex.org/I1297460800","https://openalex.org/I1336338359","https://openalex.org/I2802286613"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Mario Couture","raw_affiliation_strings":["Software Analysis and Robustness Group Defence Research and Development Canada Valcartier, Montreal, QC, Canada","Software Anal. & Robustness Group, Defence R&D Canada, Valcartier, QC, Canada"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Software Analysis and Robustness Group Defence Research and Development Canada Valcartier, Montreal, QC, Canada","institution_ids":["https://openalex.org/I1297460800"]},{"raw_affiliation_string":"Software Anal. & Robustness Group, Defence R&D Canada, Valcartier, QC, Canada","institution_ids":["https://openalex.org/I1297460800"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":3,"citation_normalized_percentile":{"value":0.17990292,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":94},"biblio":{"volume":null,"issue":null,"first_page":"19","last_page":"20"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10917","display_name":"Smart Grid Security and Resilience","score":0.996999979019165,"subfield":{"id":"https://openalex.org/subfields/2207","display_name":"Control and Systems Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7792739272117615},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.7750624418258667},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.7570784091949463},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5800186991691589},{"id":"https://openalex.org/keywords/intrusion-prevention-system","display_name":"Intrusion prevention system","score":0.5082408785820007},{"id":"https://openalex.org/keywords/trace","display_name":"TRACE (psycholinguistics)","score":0.49291038513183594},{"id":"https://openalex.org/keywords/host","display_name":"Host (biology)","score":0.48348647356033325},{"id":"https://openalex.org/keywords/system-call","display_name":"System call","score":0.46881675720214844},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.22386053204536438},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.10567417740821838}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7792739272117615},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.7750624418258667},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.7570784091949463},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5800186991691589},{"id":"https://openalex.org/C27061796","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion prevention system","level":3,"score":0.5082408785820007},{"id":"https://openalex.org/C75291252","wikidata":"https://www.wikidata.org/wiki/Q1315756","display_name":"TRACE (psycholinguistics)","level":2,"score":0.49291038513183594},{"id":"https://openalex.org/C126831891","wikidata":"https://www.wikidata.org/wiki/Q221673","display_name":"Host (biology)","level":2,"score":0.48348647356033325},{"id":"https://openalex.org/C2778579508","wikidata":"https://www.wikidata.org/wiki/Q722192","display_name":"System call","level":2,"score":0.46881675720214844},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.22386053204536438},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.10567417740821838},{"id":"https://openalex.org/C18903297","wikidata":"https://www.wikidata.org/wiki/Q7150","display_name":"Ecology","level":1,"score":0.0},{"id":"https://openalex.org/C41895202","wikidata":"https://www.wikidata.org/wiki/Q8162","display_name":"Linguistics","level":1,"score":0.0},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/issrew.2013.6688856","is_oa":false,"landing_page_url":"https://doi.org/10.1109/issrew.2013.6688856","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2013 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/3","display_name":"Good health and well-being","score":0.5799999833106995}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":10,"referenced_works":["https://openalex.org/W1515653707","https://openalex.org/W1586807939","https://openalex.org/W1903577715","https://openalex.org/W2083168478","https://openalex.org/W2098010707","https://openalex.org/W2154411999","https://openalex.org/W2155378438","https://openalex.org/W2169685348","https://openalex.org/W6635038715","https://openalex.org/W6639770171"],"related_works":["https://openalex.org/W11100131","https://openalex.org/W1969635302","https://openalex.org/W2183313954","https://openalex.org/W2392603527","https://openalex.org/W2390009783","https://openalex.org/W2348767155","https://openalex.org/W2388497169","https://openalex.org/W3120393658","https://openalex.org/W4283700121","https://openalex.org/W1496376327"],"abstract_inverted_index":{"Host-based":[0],"intrusion":[1],"detection":[2,113,117],"systems":[3,5],"monitor":[4],"in":[6,21,64],"operation":[7],"for":[8],"significant":[9],"deviations":[10],"from":[11],"normal":[12],"(and":[13],"healthy)":[14],"behaviour.":[15],"Many":[16],"approaches":[17],"have":[18],"been":[19],"proposed":[20],"the":[22,32,88,112,128,132],"literature.":[23],"Most":[24],"of":[25,48,83,90,115,121,134],"them,":[26],"however,":[27],"do":[28],"not":[29],"consider":[30],"even":[31],"basic":[33],"attack":[34,103,135],"prevention":[35,144],"mechanisms":[36,50],"that":[37,81,105],"are":[38,67],"activated":[39],"by":[40],"default":[41],"on":[42,136],"today's":[43],"many":[44],"operating":[45],"systems.":[46,118],"Examples":[47],"such":[49,61,99],"include":[51],"Address":[52],"Space":[53],"Layout":[54],"Randomization":[55],"and":[56],"Data":[57],"Execution":[58],"Prevention.":[59],"With":[60],"security":[62],"methods":[63],"place,":[65],"attackers":[66],"forced":[68],"to":[69,73,101,110,126,130,141],"perform":[70],"additional":[71,91],"actions":[72,85],"circumvent":[74],"them.":[75],"In":[76],"this":[77,122],"research,":[78],"we":[79],"conjecture":[80],"some":[82],"these":[84,143],"may":[86],"require":[87],"use":[89],"system":[92,137],"calls.":[93],"If":[94],"so,":[95],"one":[96],"can":[97,106],"trace":[98],"attacks":[100],"discover":[102],"patterns":[104],"later":[107],"be":[108],"used":[109],"enhance":[111],"power":[114],"anomaly":[116],"The":[119],"purpose":[120],"short":[123],"paper":[124],"is":[125],"motivate":[127],"need":[129],"investigate":[131],"impact":[133],"calls":[138],"while":[139],"trying":[140],"overcome":[142],"mechanisms.":[145]},"counts_by_year":[{"year":2020,"cited_by_count":1},{"year":2019,"cited_by_count":1},{"year":2017,"cited_by_count":1}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}