{"id":"https://openalex.org/W2743241343","doi":"https://doi.org/10.1109/tbdata.2017.2736555","title":"Detecting Anomalous Behavior in Cloud Servers by Nested-Arc Hidden SEMI-Markov Model with State Summarization","display_name":"Detecting Anomalous Behavior in Cloud Servers by Nested-Arc Hidden SEMI-Markov Model with State Summarization","publication_year":2017,"publication_date":"2017-08-07","ids":{"openalex":"https://openalex.org/W2743241343","doi":"https://doi.org/10.1109/tbdata.2017.2736555","mag":"2743241343"},"language":"en","primary_location":{"id":"doi:10.1109/tbdata.2017.2736555","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tbdata.2017.2736555","pdf_url":null,"source":{"id":"https://openalex.org/S2491400915","display_name":"IEEE Transactions on Big Data","issn_l":"2332-7790","issn":["2332-7790","2372-2096"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Big Data","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":null,"any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5108248619","display_name":"Waqas Haider","orcid":null},"institutions":[{"id":"https://openalex.org/I31746571","display_name":"UNSW Sydney","ror":"https://ror.org/03r8z3t63","country_code":"AU","type":"education","lineage":["https://openalex.org/I31746571"]},{"id":"https://openalex.org/I40053085","display_name":"Australian Defence Force Academy","ror":"https://ror.org/02j5s7g39","country_code":"AU","type":"education","lineage":["https://openalex.org/I31746571","https://openalex.org/I40053085","https://openalex.org/I4394709116"]}],"countries":["AU"],"is_corresponding":true,"raw_author_name":"Waqas Haider","raw_affiliation_strings":["School of Engineering and Information Technology, University of New South Wales at the Australian Defence Force Academy, Canberra, ACT, Australia"],"affiliations":[{"raw_affiliation_string":"School of Engineering and Information Technology, University of New South Wales at the Australian Defence Force Academy, Canberra, ACT, Australia","institution_ids":["https://openalex.org/I40053085","https://openalex.org/I31746571"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5075234257","display_name":"Jiankun Hu","orcid":"https://orcid.org/0000-0003-0230-1432"},"institutions":[{"id":"https://openalex.org/I31746571","display_name":"UNSW Sydney","ror":"https://ror.org/03r8z3t63","country_code":"AU","type":"education","lineage":["https://openalex.org/I31746571"]},{"id":"https://openalex.org/I40053085","display_name":"Australian Defence Force Academy","ror":"https://ror.org/02j5s7g39","country_code":"AU","type":"education","lineage":["https://openalex.org/I31746571","https://openalex.org/I40053085","https://openalex.org/I4394709116"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Jiankun Hu","raw_affiliation_strings":["School of Engineering and Information Technology, University of New South Wales at the Australian Defence Force Academy, Canberra, ACT, Australia"],"affiliations":[{"raw_affiliation_string":"School of Engineering and Information Technology, University of New South Wales at the Australian Defence Force Academy, Canberra, ACT, Australia","institution_ids":["https://openalex.org/I40053085","https://openalex.org/I31746571"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5006633399","display_name":"Yi Xie","orcid":"https://orcid.org/0000-0002-8899-4032"},"institutions":[{"id":"https://openalex.org/I157773358","display_name":"Sun Yat-sen University","ror":"https://ror.org/0064kty71","country_code":"CN","type":"education","lineage":["https://openalex.org/I157773358"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yi Xie","raw_affiliation_strings":["School of Data and Computer Science, Sun Yat-Sen University, Guangzhou, P.R. China"],"affiliations":[{"raw_affiliation_string":"School of Data and Computer Science, Sun Yat-Sen University, Guangzhou, P.R. China","institution_ids":["https://openalex.org/I157773358"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5070195520","display_name":"Xinghuo Yu","orcid":"https://orcid.org/0000-0001-8093-9787"},"institutions":[{"id":"https://openalex.org/I82951845","display_name":"RMIT University","ror":"https://ror.org/04ttjf776","country_code":"AU","type":"education","lineage":["https://openalex.org/I82951845"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Xinghuo Yu","raw_affiliation_strings":["School of Engineering, RMIT University, Melbourne, Vic, Australia"],"affiliations":[{"raw_affiliation_string":"School of Engineering, RMIT University, Melbourne, Vic, Australia","institution_ids":["https://openalex.org/I82951845"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5022955566","display_name":"Qianhong Wu","orcid":"https://orcid.org/0000-0002-6407-4194"},"institutions":[{"id":"https://openalex.org/I82880672","display_name":"Beihang University","ror":"https://ror.org/00wk2mp56","country_code":"CN","type":"education","lineage":["https://openalex.org/I82880672"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Qianhong Wu","raw_affiliation_strings":["School of Electronic and Information Engineering, Beihang University, Beijing, China"],"affiliations":[{"raw_affiliation_string":"School of Electronic and Information Engineering, Beihang University, Beijing, China","institution_ids":["https://openalex.org/I82880672"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5108248619"],"corresponding_institution_ids":["https://openalex.org/I31746571","https://openalex.org/I40053085"],"apc_list":null,"apc_paid":null,"fwci":3.5081,"has_fulltext":false,"cited_by_count":38,"citation_normalized_percentile":{"value":0.93649673,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":99},"biblio":{"volume":"5","issue":"3","first_page":"305","last_page":"316"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9991000294685364,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9990000128746033,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8053330183029175},{"id":"https://openalex.org/keywords/automatic-summarization","display_name":"Automatic summarization","score":0.7254374027252197},{"id":"https://openalex.org/keywords/server","display_name":"Server","score":0.6970421075820923},{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.6410588026046753},{"id":"https://openalex.org/keywords/hidden-markov-model","display_name":"Hidden Markov model","score":0.6305844783782959},{"id":"https://openalex.org/keywords/scalability","display_name":"Scalability","score":0.6150415539741516},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.5426090955734253},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.4803970158100128},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.44636887311935425},{"id":"https://openalex.org/keywords/markov-model","display_name":"Markov model","score":0.42555439472198486},{"id":"https://openalex.org/keywords/pattern-recognition","display_name":"Pattern recognition (psychology)","score":0.3529399633407593},{"id":"https://openalex.org/keywords/markov-chain","display_name":"Markov chain","score":0.3451085090637207},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.32225745916366577},{"id":"https://openalex.org/keywords/database","display_name":"Database","score":0.1535714566707611},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.12309381365776062}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8053330183029175},{"id":"https://openalex.org/C170858558","wikidata":"https://www.wikidata.org/wiki/Q1394144","display_name":"Automatic summarization","level":2,"score":0.7254374027252197},{"id":"https://openalex.org/C93996380","wikidata":"https://www.wikidata.org/wiki/Q44127","display_name":"Server","level":2,"score":0.6970421075820923},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.6410588026046753},{"id":"https://openalex.org/C23224414","wikidata":"https://www.wikidata.org/wiki/Q176769","display_name":"Hidden Markov model","level":2,"score":0.6305844783782959},{"id":"https://openalex.org/C48044578","wikidata":"https://www.wikidata.org/wiki/Q727490","display_name":"Scalability","level":2,"score":0.6150415539741516},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.5426090955734253},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.4803970158100128},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.44636887311935425},{"id":"https://openalex.org/C163836022","wikidata":"https://www.wikidata.org/wiki/Q6771326","display_name":"Markov model","level":3,"score":0.42555439472198486},{"id":"https://openalex.org/C153180895","wikidata":"https://www.wikidata.org/wiki/Q7148389","display_name":"Pattern recognition (psychology)","level":2,"score":0.3529399633407593},{"id":"https://openalex.org/C98763669","wikidata":"https://www.wikidata.org/wiki/Q176645","display_name":"Markov chain","level":2,"score":0.3451085090637207},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.32225745916366577},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.1535714566707611},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.12309381365776062},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1109/tbdata.2017.2736555","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tbdata.2017.2736555","pdf_url":null,"source":{"id":"https://openalex.org/S2491400915","display_name":"IEEE Transactions on Big Data","issn_l":"2332-7790","issn":["2332-7790","2372-2096"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Big Data","raw_type":"journal-article"},{"id":"pmh:oai:alma.61RMIT_INST:11247369010001341","is_oa":false,"landing_page_url":"https://doi.org/10.1109/TBDATA.2017.2736555","pdf_url":null,"source":{"id":"https://openalex.org/S4306402074","display_name":"RMIT Research Repository (RMIT University Library)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I82951845","host_organization_name":"RMIT University","host_organization_lineage":["https://openalex.org/I82951845"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"text"},{"id":"pmh:oai:figshare.com:article/27514854","is_oa":true,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4377196282","display_name":"Figshare","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I4210132348","host_organization_name":"Figshare (United Kingdom)","host_organization_lineage":["https://openalex.org/I4210132348"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"Text"}],"best_oa_location":{"id":"pmh:oai:figshare.com:article/27514854","is_oa":true,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4377196282","display_name":"Figshare","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I4210132348","host_organization_name":"Figshare (United Kingdom)","host_organization_lineage":["https://openalex.org/I4210132348"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"Text"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.6399999856948853,"display_name":"Peace, Justice and strong institutions"}],"awards":[{"id":"https://openalex.org/G2969959655","display_name":null,"funder_award_id":"61672083","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G3301875075","display_name":null,"funder_award_id":"DP170102303","funder_id":"https://openalex.org/F4320334704","funder_display_name":"Australian Research Council"},{"id":"https://openalex.org/G4218599519","display_name":null,"funder_award_id":"LP110100602","funder_id":"https://openalex.org/F4320334704","funder_display_name":"Australian Research Council"},{"id":"https://openalex.org/G4742992091","display_name":null,"funder_award_id":"2014A030313130","funder_id":"https://openalex.org/F4320321921","funder_display_name":"Natural Science Foundation of Guangdong Province"},{"id":"https://openalex.org/G5039700930","display_name":null,"funder_award_id":"2017YFB0802505","funder_id":"https://openalex.org/F4320335777","funder_display_name":"National Key Research and Development Program of China"},{"id":"https://openalex.org/G636642556","display_name":null,"funder_award_id":"61370190","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G6696804857","display_name":null,"funder_award_id":"17lgjc26","funder_id":"https://openalex.org/F4320321921","funder_display_name":"Natural Science Foundation of Guangdong Province"},{"id":"https://openalex.org/G6743765033","display_name":null,"funder_award_id":"LP100200538","funder_id":"https://openalex.org/F4320334704","funder_display_name":"Australian Research Council"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"},{"id":"https://openalex.org/F4320321160","display_name":"Sun Yat-sen University","ror":"https://ror.org/0064kty71"},{"id":"https://openalex.org/F4320321921","display_name":"Natural Science Foundation of Guangdong Province","ror":null},{"id":"https://openalex.org/F4320334704","display_name":"Australian Research Council","ror":"https://ror.org/05mmh0f86"},{"id":"https://openalex.org/F4320335777","display_name":"National Key Research and Development Program of China","ror":null}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":52,"referenced_works":["https://openalex.org/W248959849","https://openalex.org/W290488650","https://openalex.org/W1262401806","https://openalex.org/W1503398984","https://openalex.org/W1541509122","https://openalex.org/W1562890122","https://openalex.org/W1566884194","https://openalex.org/W1585639070","https://openalex.org/W1603409852","https://openalex.org/W1636244751","https://openalex.org/W1674411155","https://openalex.org/W1732623802","https://openalex.org/W1805274772","https://openalex.org/W1966812932","https://openalex.org/W1975539049","https://openalex.org/W1993943803","https://openalex.org/W2006331477","https://openalex.org/W2019672983","https://openalex.org/W2023772230","https://openalex.org/W2037660732","https://openalex.org/W2051000513","https://openalex.org/W2068835593","https://openalex.org/W2109969076","https://openalex.org/W2111072639","https://openalex.org/W2118372007","https://openalex.org/W2119227347","https://openalex.org/W2120475852","https://openalex.org/W2124775089","https://openalex.org/W2125485365","https://openalex.org/W2125838338","https://openalex.org/W2129860818","https://openalex.org/W2134067070","https://openalex.org/W2139731313","https://openalex.org/W2148121208","https://openalex.org/W2150246435","https://openalex.org/W2155146488","https://openalex.org/W2160607652","https://openalex.org/W2166683449","https://openalex.org/W2166866346","https://openalex.org/W2244997307","https://openalex.org/W2299450638","https://openalex.org/W2346189488","https://openalex.org/W2346331195","https://openalex.org/W2468321486","https://openalex.org/W2474414057","https://openalex.org/W2601474892","https://openalex.org/W3104119384","https://openalex.org/W6610502214","https://openalex.org/W6633776688","https://openalex.org/W6637760727","https://openalex.org/W6678897868","https://openalex.org/W6927331436"],"related_works":["https://openalex.org/W1510894296","https://openalex.org/W2134386692","https://openalex.org/W2194396582","https://openalex.org/W2082284720","https://openalex.org/W2116722627","https://openalex.org/W2537260108","https://openalex.org/W2158700654","https://openalex.org/W2379938888","https://openalex.org/W2566202039","https://openalex.org/W4233405330"],"abstract_inverted_index":{"Anomaly":[0],"detection":[1,113],"for":[2,7,31,199],"cloud":[3,203],"servers":[4],"is":[5,13,39,42,57,71,115,127,140],"important":[6],"detecting":[8,37,200],"zero-day":[9],"attacks.":[10],"However,":[11],"it":[12],"very":[14],"challenging":[15],"due":[16],"to":[17,59,133],"the":[18,83,95,99,104,125,135,149,158,161],"large":[19],"amount":[20],"of":[21,73,85,88,160,174],"accumulated":[22],"data.":[23],"In":[24],"this":[25,191],"paper,":[26],"a":[27,48,66,130,197],"new":[28],"mathematical":[29],"model":[30,53,192],"modeling":[32],"dynamic":[33],"usage":[34,61,107],"behavior":[35,62,108],"and":[36,47,75,121,167,178,182],"anomalies":[38,201],"proposed.":[40],"It":[41],"constructed":[43],"using":[44,142],"state":[45,119],"summarization":[46,56,120],"novel":[49],"nested-arc":[50],"hidden":[51,77],"semi-Markov":[52],"(NAHSMM).":[54],"State":[55],"designed":[58],"extract":[60],"reflective":[63,109],"states":[64],"from":[65,103],"raw":[67,86],"sequence.":[68],"The":[69,80,187],"NAHSMM":[70],"comprised":[72],"exterior":[74,81],"interior":[76,96],"Markov":[78],"chains.":[79],"controls":[82,98],"propagation":[84],"sequences":[87],"system":[89],"calls":[90],"and,":[91],"conditional":[92],"on":[93],"it,":[94],"one":[97],"summarized":[100],"observation":[101],"process":[102],"transition":[105],"less":[106],"states.":[110],"An":[111],"anomaly":[112],"algorithm":[114,126],"derived":[116],"by":[117,129],"integrating":[118],"NAHSMM.":[122],"During":[123],"training":[124,168],"assisted":[128],"forensic":[131],"module":[132],"tune":[134],"behavioral":[136],"threshold.":[137],"Experimental":[138],"data":[139],"collected":[141],"IXIA":[143],"Perfect":[144],"Storm":[145],"in":[146,202],"conjunction":[147],"with":[148,172],"commercial":[150],"security-test":[151],"hardware":[152],"platform":[153],"cyber":[154],"range.":[155],"To":[156],"evaluate":[157],"reliability":[159],"proposed":[162],"model,":[163],"first,":[164],"its":[165,180],"accuracy":[166],"costs":[169],"are":[170,185],"compared":[171],"those":[173],"existing":[175],"machine-learning":[176],"models":[177],"then":[179],"scalability":[181],"resistance":[183],"capabilities":[184],"tested.":[186],"results":[188],"indicate":[189],"that":[190],"could":[193],"be":[194],"used":[195],"as":[196],"method":[198],"servers.":[204]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":3},{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":5},{"year":2022,"cited_by_count":4},{"year":2021,"cited_by_count":8},{"year":2020,"cited_by_count":7},{"year":2019,"cited_by_count":2},{"year":2018,"cited_by_count":7}],"updated_date":"2026-04-05T17:49:38.594831","created_date":"2025-10-10T00:00:00"}