{"id":"https://openalex.org/W2139731313","doi":"https://doi.org/10.1109/mnet.2009.4804323","title":"A simple and efficient hidden Markov model scheme for host-based anomaly intrusion detection","display_name":"A simple and efficient hidden Markov model scheme for host-based anomaly intrusion detection","publication_year":2009,"publication_date":"2009-01-01","ids":{"openalex":"https://openalex.org/W2139731313","doi":"https://doi.org/10.1109/mnet.2009.4804323","mag":"2139731313"},"language":"en","primary_location":{"id":"doi:10.1109/mnet.2009.4804323","is_oa":false,"landing_page_url":"https://doi.org/10.1109/mnet.2009.4804323","pdf_url":null,"source":{"id":"https://openalex.org/S186584794","display_name":"IEEE Network","issn_l":"0890-8044","issn":["0890-8044","1558-156X"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Network","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5075234257","display_name":"Jiankun Hu","orcid":"https://orcid.org/0000-0003-0230-1432"},"institutions":[{"id":"https://openalex.org/I82951845","display_name":"RMIT University","ror":"https://ror.org/04ttjf776","country_code":"AU","type":"education","lineage":["https://openalex.org/I82951845"]}],"countries":["AU"],"is_corresponding":true,"raw_author_name":"Jiankun Hu","raw_affiliation_strings":["RMIT University, Australia","RMIT-University"],"affiliations":[{"raw_affiliation_string":"RMIT University, Australia","institution_ids":["https://openalex.org/I82951845"]},{"raw_affiliation_string":"RMIT-University","institution_ids":["https://openalex.org/I82951845"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5070195520","display_name":"Xinghuo Yu","orcid":"https://orcid.org/0000-0001-8093-9787"},"institutions":[{"id":"https://openalex.org/I82951845","display_name":"RMIT University","ror":"https://ror.org/04ttjf776","country_code":"AU","type":"education","lineage":["https://openalex.org/I82951845"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Xinghuo Yu","raw_affiliation_strings":["RMIT University, Australia","RMIT-University"],"affiliations":[{"raw_affiliation_string":"RMIT University, Australia","institution_ids":["https://openalex.org/I82951845"]},{"raw_affiliation_string":"RMIT-University","institution_ids":["https://openalex.org/I82951845"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5028754236","display_name":"Disheng Qiu","orcid":null},"institutions":[{"id":"https://openalex.org/I4210096602","display_name":"Global College","ror":"https://ror.org/00q24dt49","country_code":"CY","type":"education","lineage":["https://openalex.org/I4210096602"]}],"countries":["CY"],"is_corresponding":false,"raw_author_name":"D. Qiu","raw_affiliation_strings":["Sai Global Limited, USA","Sai Global Limited#TAB#"],"affiliations":[{"raw_affiliation_string":"Sai Global Limited, USA","institution_ids":["https://openalex.org/I4210096602"]},{"raw_affiliation_string":"Sai Global Limited#TAB#","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5084739355","display_name":"Hsiao\u2010Hwa Chen","orcid":"https://orcid.org/0000-0001-8473-0729"},"institutions":[{"id":"https://openalex.org/I91807558","display_name":"National Cheng Kung University","ror":"https://ror.org/01b8kcc49","country_code":"TW","type":"education","lineage":["https://openalex.org/I91807558"]}],"countries":["TW"],"is_corresponding":false,"raw_author_name":"Hsiao-Hwa Chen","raw_affiliation_strings":["National Cheng Kung University, Taiwan","National Cheng-Kung University"],"affiliations":[{"raw_affiliation_string":"National Cheng Kung University, Taiwan","institution_ids":["https://openalex.org/I91807558"]},{"raw_affiliation_string":"National Cheng-Kung University","institution_ids":["https://openalex.org/I91807558"]}]}],"institutions":[],"countries_distinct_count":3,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5075234257"],"corresponding_institution_ids":["https://openalex.org/I82951845"],"apc_list":null,"apc_paid":null,"fwci":11.9997,"has_fulltext":false,"cited_by_count":179,"citation_normalized_percentile":{"value":0.98838362,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":97,"max":100},"biblio":{"volume":"23","issue":"1","first_page":"42","last_page":"47"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9983999729156494,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9977999925613403,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/hidden-markov-model","display_name":"Hidden Markov model","score":0.8521286249160767},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8244178891181946},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.7077500224113464},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.6868758797645569},{"id":"https://openalex.org/keywords/anomaly-based-intrusion-detection-system","display_name":"Anomaly-based intrusion detection system","score":0.655011773109436},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.567480206489563},{"id":"https://openalex.org/keywords/host","display_name":"Host (biology)","score":0.5097319483757019},{"id":"https://openalex.org/keywords/data-pre-processing","display_name":"Data pre-processing","score":0.5085271596908569},{"id":"https://openalex.org/keywords/constant-false-alarm-rate","display_name":"Constant false alarm rate","score":0.4980347156524658},{"id":"https://openalex.org/keywords/system-call","display_name":"System call","score":0.48572856187820435},{"id":"https://openalex.org/keywords/preprocessor","display_name":"Preprocessor","score":0.48255008459091187},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.39208632707595825},{"id":"https://openalex.org/keywords/pattern-recognition","display_name":"Pattern recognition (psychology)","score":0.3559069335460663}],"concepts":[{"id":"https://openalex.org/C23224414","wikidata":"https://www.wikidata.org/wiki/Q176769","display_name":"Hidden Markov model","level":2,"score":0.8521286249160767},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8244178891181946},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.7077500224113464},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.6868758797645569},{"id":"https://openalex.org/C137524506","wikidata":"https://www.wikidata.org/wiki/Q2247688","display_name":"Anomaly-based intrusion detection system","level":3,"score":0.655011773109436},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.567480206489563},{"id":"https://openalex.org/C126831891","wikidata":"https://www.wikidata.org/wiki/Q221673","display_name":"Host (biology)","level":2,"score":0.5097319483757019},{"id":"https://openalex.org/C10551718","wikidata":"https://www.wikidata.org/wiki/Q5227332","display_name":"Data pre-processing","level":2,"score":0.5085271596908569},{"id":"https://openalex.org/C77052588","wikidata":"https://www.wikidata.org/wiki/Q644307","display_name":"Constant false alarm rate","level":2,"score":0.4980347156524658},{"id":"https://openalex.org/C2778579508","wikidata":"https://www.wikidata.org/wiki/Q722192","display_name":"System call","level":2,"score":0.48572856187820435},{"id":"https://openalex.org/C34736171","wikidata":"https://www.wikidata.org/wiki/Q918333","display_name":"Preprocessor","level":2,"score":0.48255008459091187},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.39208632707595825},{"id":"https://openalex.org/C153180895","wikidata":"https://www.wikidata.org/wiki/Q7148389","display_name":"Pattern recognition (psychology)","level":2,"score":0.3559069335460663},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0},{"id":"https://openalex.org/C18903297","wikidata":"https://www.wikidata.org/wiki/Q7150","display_name":"Ecology","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/mnet.2009.4804323","is_oa":false,"landing_page_url":"https://doi.org/10.1109/mnet.2009.4804323","pdf_url":null,"source":{"id":"https://openalex.org/S186584794","display_name":"IEEE Network","issn_l":"0890-8044","issn":["0890-8044","1558-156X"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Network","raw_type":"journal-article"},{"id":"pmh:oai:alma.61RMIT_INST:11248256380001341","is_oa":false,"landing_page_url":"http://doi.org/10.1109/MNET.2009.4804323","pdf_url":null,"source":{"id":"https://openalex.org/S4306402074","display_name":"RMIT Research Repository (RMIT University Library)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I82951845","host_organization_name":"RMIT University","host_organization_lineage":["https://openalex.org/I82951845"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"text"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16","score":0.6399999856948853}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":17,"referenced_works":["https://openalex.org/W29525902","https://openalex.org/W305173592","https://openalex.org/W1562890122","https://openalex.org/W1912135622","https://openalex.org/W1941427975","https://openalex.org/W2007087405","https://openalex.org/W2085305295","https://openalex.org/W2101149439","https://openalex.org/W2125838338","https://openalex.org/W2129860818","https://openalex.org/W2137997715","https://openalex.org/W2149136862","https://openalex.org/W2150847526","https://openalex.org/W2155146488","https://openalex.org/W2384872836","https://openalex.org/W6610822855","https://openalex.org/W6633776688"],"related_works":["https://openalex.org/W1805274772","https://openalex.org/W1996865198","https://openalex.org/W2161974700","https://openalex.org/W2982280075","https://openalex.org/W2372963557","https://openalex.org/W1972893535","https://openalex.org/W108872567","https://openalex.org/W2010239584","https://openalex.org/W2078868204","https://openalex.org/W1975233362"],"abstract_inverted_index":{"Extensive":[0],"research":[1],"activities":[2],"have":[3],"been":[4,116],"observed":[5,117],"on":[6,76],"network-based":[7],"intrusion":[8,72,97],"detection":[9,98],"systems":[10],"(IDSs).":[11],"However,":[12],"there":[13],"are":[14],"always":[15],"some":[16],"attacks":[17,24],"that":[18,81],"penetrate":[19],"traffic-profiling-based":[20],"network":[21,46],"IDSs.":[22],"These":[23],"often":[25],"cause":[26],"very":[27],"serious":[28],"damages":[29],"such":[30],"as":[31],"modifying":[32],"host":[33],"critical":[34],"files.":[35],"A":[36],"host-based":[37],"anomaly":[38,71],"IDS":[39,47],"is":[40,141],"an":[41],"effective":[42],"complement":[43],"to":[44,60,92,102,119],"the":[45,138],"in":[48],"addressing":[49],"this":[50,82,127],"issue.":[51],"This":[52],"article":[53],"proposes":[54],"a":[55,63,77,103],"simple":[56],"data":[57,83,113],"preprocessing":[58,84],"approach":[59,85],"speed":[61],"up":[62,91],"hidden":[64],"Markov":[65],"model":[66],"(HMM)":[67],"training":[68,88,107,124],"for":[69],"system-call-based":[70],"detection.":[73],"Experiments":[74],"based":[75],"public":[78],"database":[79],"demonstrate":[80],"can":[86],"reduce":[87],"time":[89],"by":[90],"50":[93],"percent":[94,112],"with":[95],"unnoticeable":[96],"performance":[99,140],"degradation,":[100],"compared":[101,118],"conventional":[104],"batch":[105],"HMM":[106,123],"scheme.":[108,125],"More":[109],"than":[110],"58":[111],"reduction":[114],"has":[115],"our":[120],"prior":[121],"incremental":[122],"Although":[126],"maximum":[128],"gain":[129],"incurs":[130],"more":[131],"degradation":[132],"of":[133],"false":[134],"alarm":[135],"rate":[136],"performance,":[137],"resulting":[139],"still":[142],"reasonable.":[143]},"counts_by_year":[{"year":2025,"cited_by_count":4},{"year":2024,"cited_by_count":6},{"year":2023,"cited_by_count":5},{"year":2022,"cited_by_count":11},{"year":2021,"cited_by_count":8},{"year":2020,"cited_by_count":13},{"year":2019,"cited_by_count":14},{"year":2018,"cited_by_count":19},{"year":2017,"cited_by_count":8},{"year":2016,"cited_by_count":7},{"year":2015,"cited_by_count":18},{"year":2014,"cited_by_count":16},{"year":2013,"cited_by_count":15},{"year":2012,"cited_by_count":16}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}