{"id":"https://openalex.org/W4205132420","doi":"https://doi.org/10.1109/jiot.2021.3135789","title":"HADES-IoT: A Practical and Effective Host-Based Anomaly Detection System for IoT Devices (Extended Version)","display_name":"HADES-IoT: A Practical and Effective Host-Based Anomaly Detection System for IoT Devices (Extended Version)","publication_year":2021,"publication_date":"2021-12-15","ids":{"openalex":"https://openalex.org/W4205132420","doi":"https://doi.org/10.1109/jiot.2021.3135789"},"language":"en","primary_location":{"id":"doi:10.1109/jiot.2021.3135789","is_oa":false,"landing_page_url":"https://doi.org/10.1109/jiot.2021.3135789","pdf_url":null,"source":{"id":"https://openalex.org/S2480266640","display_name":"IEEE Internet of Things Journal","issn_l":"2327-4662","issn":["2327-4662","2372-2541"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Internet of Things Journal","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5008583119","display_name":"Dominik Breitenbacher","orcid":null},"institutions":[{"id":"https://openalex.org/I60587646","display_name":"Brno University of Technology","ror":"https://ror.org/03613d656","country_code":"CZ","type":"education","lineage":["https://openalex.org/I60587646"]}],"countries":["CZ"],"is_corresponding":true,"raw_author_name":"Dominik Breitenbacher","raw_affiliation_strings":["Faculty of Information Technology, Brno University of Technology, Brno, Czech Republic"],"affiliations":[{"raw_affiliation_string":"Faculty of Information Technology, Brno University of Technology, Brno, Czech Republic","institution_ids":["https://openalex.org/I60587646"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5037488079","display_name":"Ivan Homoliak","orcid":"https://orcid.org/0000-0002-0790-0875"},"institutions":[{"id":"https://openalex.org/I60587646","display_name":"Brno University of Technology","ror":"https://ror.org/03613d656","country_code":"CZ","type":"education","lineage":["https://openalex.org/I60587646"]}],"countries":["CZ"],"is_corresponding":false,"raw_author_name":"Ivan Homoliak","raw_affiliation_strings":["Faculty of Information Technology, Brno University of Technology, Brno, Czech Republic"],"affiliations":[{"raw_affiliation_string":"Faculty of Information Technology, Brno University of Technology, Brno, Czech Republic","institution_ids":["https://openalex.org/I60587646"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5102731318","display_name":"Yan Lin Aung","orcid":"https://orcid.org/0000-0001-7640-2821"},"institutions":[{"id":"https://openalex.org/I152815399","display_name":"Singapore University of Technology and Design","ror":"https://ror.org/05j6fvn87","country_code":"SG","type":"education","lineage":["https://openalex.org/I152815399"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Yan Lin Aung","raw_affiliation_strings":["Singapore University of Technology and Design, Singapore"],"affiliations":[{"raw_affiliation_string":"Singapore University of Technology and Design, Singapore","institution_ids":["https://openalex.org/I152815399"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5072913672","display_name":"Yuval Elovici","orcid":"https://orcid.org/0000-0002-9641-128X"},"institutions":[{"id":"https://openalex.org/I124227911","display_name":"Ben-Gurion University of the Negev","ror":"https://ror.org/05tkyf982","country_code":"IL","type":"education","lineage":["https://openalex.org/I124227911"]}],"countries":["IL"],"is_corresponding":false,"raw_author_name":"Yuval Elovici","raw_affiliation_strings":["Ben-Gurion University of the Negev, Beer-Sheva, Israel"],"affiliations":[{"raw_affiliation_string":"Ben-Gurion University of the Negev, Beer-Sheva, Israel","institution_ids":["https://openalex.org/I124227911"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5073540044","display_name":"Nils Ole Tippenhauer","orcid":"https://orcid.org/0000-0001-8424-2602"},"institutions":[{"id":"https://openalex.org/I4210128801","display_name":"Helmholtz Center for Information Security","ror":"https://ror.org/02njgxr09","country_code":"DE","type":"facility","lineage":["https://openalex.org/I1305996414","https://openalex.org/I4210128801"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Nils Ole Tippenhauer","raw_affiliation_strings":["CISPA Helmholtz Center for Information Security, Saarbrucken, Germany"],"affiliations":[{"raw_affiliation_string":"CISPA Helmholtz Center for Information Security, Saarbrucken, Germany","institution_ids":["https://openalex.org/I4210128801"]}]}],"institutions":[],"countries_distinct_count":4,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5008583119"],"corresponding_institution_ids":["https://openalex.org/I60587646"],"apc_list":null,"apc_paid":null,"fwci":2.6161,"has_fulltext":false,"cited_by_count":24,"citation_normalized_percentile":{"value":0.90792564,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":99},"biblio":{"volume":"9","issue":"12","first_page":"9640","last_page":"9658"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9991000294685364,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8152264356613159},{"id":"https://openalex.org/keywords/internet-of-things","display_name":"Internet of Things","score":0.7255696058273315},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.6652805805206299},{"id":"https://openalex.org/keywords/botnet","display_name":"Botnet","score":0.5826125741004944},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.569145143032074},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.562811553478241},{"id":"https://openalex.org/keywords/overhead","display_name":"Overhead (engineering)","score":0.5604208707809448},{"id":"https://openalex.org/keywords/host","display_name":"Host (biology)","score":0.4571821689605713},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.4355071187019348},{"id":"https://openalex.org/keywords/embedded-system","display_name":"Embedded system","score":0.42019781470298767},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.21220174431800842},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.20962652564048767},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.09289708733558655}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8152264356613159},{"id":"https://openalex.org/C81860439","wikidata":"https://www.wikidata.org/wiki/Q251212","display_name":"Internet of Things","level":2,"score":0.7255696058273315},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.6652805805206299},{"id":"https://openalex.org/C22735295","wikidata":"https://www.wikidata.org/wiki/Q317671","display_name":"Botnet","level":3,"score":0.5826125741004944},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.569145143032074},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.562811553478241},{"id":"https://openalex.org/C2779960059","wikidata":"https://www.wikidata.org/wiki/Q7113681","display_name":"Overhead (engineering)","level":2,"score":0.5604208707809448},{"id":"https://openalex.org/C126831891","wikidata":"https://www.wikidata.org/wiki/Q221673","display_name":"Host (biology)","level":2,"score":0.4571821689605713},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.4355071187019348},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.42019781470298767},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.21220174431800842},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.20962652564048767},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.09289708733558655},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C18903297","wikidata":"https://www.wikidata.org/wiki/Q7150","display_name":"Ecology","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/jiot.2021.3135789","is_oa":false,"landing_page_url":"https://doi.org/10.1109/jiot.2021.3135789","pdf_url":null,"source":{"id":"https://openalex.org/S2480266640","display_name":"IEEE Internet of Things Journal","issn_l":"2327-4662","issn":["2327-4662","2372-2541"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Internet of Things Journal","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Industry, innovation and infrastructure","score":0.5600000023841858,"id":"https://metadata.un.org/sdg/9"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":38,"referenced_works":["https://openalex.org/W115629558","https://openalex.org/W1566345534","https://openalex.org/W1994033684","https://openalex.org/W1994212840","https://openalex.org/W2005650858","https://openalex.org/W2026258420","https://openalex.org/W2030553727","https://openalex.org/W2034362794","https://openalex.org/W2089448621","https://openalex.org/W2360903897","https://openalex.org/W2606193874","https://openalex.org/W2607351695","https://openalex.org/W2645364470","https://openalex.org/W2793255524","https://openalex.org/W2802196017","https://openalex.org/W2900713154","https://openalex.org/W2945722842","https://openalex.org/W2960507082","https://openalex.org/W2962802821","https://openalex.org/W2981880399","https://openalex.org/W2988790801","https://openalex.org/W3091534692","https://openalex.org/W3091876964","https://openalex.org/W3101155090","https://openalex.org/W3107607987","https://openalex.org/W3130982961","https://openalex.org/W3157942947","https://openalex.org/W3163167210","https://openalex.org/W3168641376","https://openalex.org/W3187949865","https://openalex.org/W3196064684","https://openalex.org/W3206526518","https://openalex.org/W4236183354","https://openalex.org/W4253489458","https://openalex.org/W6604713957","https://openalex.org/W6681652963","https://openalex.org/W6743493502","https://openalex.org/W6941306332"],"related_works":["https://openalex.org/W2294483539","https://openalex.org/W2378449000","https://openalex.org/W3187581118","https://openalex.org/W3143747655","https://openalex.org/W2901835651","https://openalex.org/W2883616266","https://openalex.org/W2929621094","https://openalex.org/W1996006176","https://openalex.org/W4285325964","https://openalex.org/W1599449514"],"abstract_inverted_index":{"Internet":[0],"of":[1,27,48,114,125,148,192,208],"Things":[2],"(IoT)":[3],"devices":[4,19,29,68,90,107,165],"have":[5,21],"become":[6],"ubiquitous,":[7],"with":[8],"applications":[9],"in":[10,189],"many":[11,22,37],"domains,":[12],"including":[13,195],"industry,":[14],"transportation,":[15],"and":[16,33,58,99,140,199,212],"healthcare;":[17],"these":[18,40],"also":[20],"household":[23],"applications.":[24],"The":[25],"proliferation":[26],"IoT":[28,67,93,106,150,164,182,193,197],"has":[30,117],"raised":[31],"security":[32,168],"privacy":[34,86],"concerns,":[35],"however":[36],"manufacturers":[38],"neglect":[39],"aspects,":[41],"focusing":[42],"solely":[43],"on":[44,144,180],"the":[45,53,59,83,89,123,190,209],"core":[46],"functionality":[47],"their":[49,174],"products":[50],"due":[51,172],"to":[52,56,61,74,91,129,173],"short":[54],"time":[55],"market":[57],"need":[60],"reduce":[62],"product":[63],"costs.":[64],"Consequently,":[65],"vulnerable":[66],"are":[69,170],"left":[70],"unpatched,":[71],"allowing":[72],"attackers":[73],"exploit":[75],"them":[76],"for":[77,105,162],"various":[78],"purposes,":[79],"which":[80],"include":[81],"compromising":[82],"device":[84],"users\u2019":[85],"or":[87],"recruiting":[88],"an":[92],"botnet.":[94],"We":[95,177],"present":[96],"a":[97,110,145],"practical":[98],"effective":[100],"host-based":[101],"anomaly":[102],"detection":[103,119,191],"system":[104],"(HADES-IoT)":[108],"as":[109],"novel":[111],"last":[112],"line":[113],"defense.":[115],"HADES-IoT":[116,136,179],"proactive":[118],"capabilities":[120],"that":[121],"enable":[122],"execution":[124],"any":[126],"malicious":[127],"process":[128],"be":[130,142],"stopped":[131],"before":[132],"it":[133,160,185],"even":[134],"starts.":[135],"provides":[137],"tamper-proof":[138],"protection":[139],"can":[141],"deployed":[143,178],"wide":[146],"range":[147],"Linux-based":[149,163],"devices.":[151],"HADES-IoT\u2019s":[152],"main":[153],"advantage":[154],"is":[155],"its":[156],"low":[157],"overhead,":[158],"making":[159],"suitable":[161],"where":[166,184],"state-of-the-art":[167],"solutions":[169],"infeasible":[171],"high-performance":[175],"demands.":[176],"seven":[181],"devices,":[183],"demonstrated":[186],"100%":[187],"effectiveness":[188],"malware,":[194,201],"VPNFilter,":[196],"Reaper,":[198],"Mirai":[200],"while":[202],"requiring":[203],"only":[204],"5.5%":[205],"(on":[206],"average)":[207],"available":[210],"memory":[211],"consuming":[213],"just":[214],"negligible":[215],"CPU":[216],"resources.":[217]},"counts_by_year":[{"year":2025,"cited_by_count":7},{"year":2024,"cited_by_count":10},{"year":2023,"cited_by_count":6},{"year":2022,"cited_by_count":1}],"updated_date":"2026-03-27T05:58:40.876381","created_date":"2025-10-10T00:00:00"}