{"id":"https://openalex.org/W2106442760","doi":"https://doi.org/10.1109/tc.2002.1017701","title":"Multivariate statistical analysis of audit trails for host-based intrusion detection","display_name":"Multivariate statistical analysis of audit trails for host-based intrusion detection","publication_year":2002,"publication_date":"2002-07-01","ids":{"openalex":"https://openalex.org/W2106442760","doi":"https://doi.org/10.1109/tc.2002.1017701","mag":"2106442760"},"language":"en","primary_location":{"id":"doi:10.1109/tc.2002.1017701","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tc.2002.1017701","pdf_url":null,"source":{"id":"https://openalex.org/S157670870","display_name":"IEEE Transactions on Computers","issn_l":"0018-9340","issn":["0018-9340","1557-9956","2326-3814"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Computers","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5076441959","display_name":"N. Ye","orcid":"https://orcid.org/0009-0009-9991-1042"},"institutions":[{"id":"https://openalex.org/I55732556","display_name":"Arizona State University","ror":"https://ror.org/03efmqc40","country_code":"US","type":"education","lineage":["https://openalex.org/I55732556"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"N. Ye","raw_affiliation_strings":["Arizona State University, Tempe, AZ, USA","Arizona State University , Tempe , AZ , USA"],"affiliations":[{"raw_affiliation_string":"Arizona State University, Tempe, AZ, USA","institution_ids":["https://openalex.org/I55732556"]},{"raw_affiliation_string":"Arizona State University , Tempe , AZ , USA","institution_ids":["https://openalex.org/I55732556"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5049903111","display_name":"Syed Masum Emran","orcid":null},"institutions":[{"id":"https://openalex.org/I1333370159","display_name":"Motorola (United States)","ror":"https://ror.org/01hafxd32","country_code":"US","type":"company","lineage":["https://openalex.org/I1333370159"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"S.M. Emran","raw_affiliation_strings":["Motorola, Schaumburg, IL, USA","[Motorola, Schaumburg, IL, USA]"],"affiliations":[{"raw_affiliation_string":"Motorola, Schaumburg, IL, USA","institution_ids":["https://openalex.org/I1333370159"]},{"raw_affiliation_string":"[Motorola, Schaumburg, IL, USA]","institution_ids":["https://openalex.org/I1333370159"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100371368","display_name":"Qing Chen","orcid":"https://orcid.org/0000-0002-7919-5159"},"institutions":[{"id":"https://openalex.org/I55732556","display_name":"Arizona State University","ror":"https://ror.org/03efmqc40","country_code":"US","type":"education","lineage":["https://openalex.org/I55732556"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Q. Chen","raw_affiliation_strings":["Arizona State University, Tempe, AZ, USA","Arizona State University , Tempe , AZ , USA"],"affiliations":[{"raw_affiliation_string":"Arizona State University, Tempe, AZ, USA","institution_ids":["https://openalex.org/I55732556"]},{"raw_affiliation_string":"Arizona State University , Tempe , AZ , USA","institution_ids":["https://openalex.org/I55732556"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5060386468","display_name":"S. Vilbert","orcid":null},"institutions":[{"id":"https://openalex.org/I55732556","display_name":"Arizona State University","ror":"https://ror.org/03efmqc40","country_code":"US","type":"education","lineage":["https://openalex.org/I55732556"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"S. Vilbert","raw_affiliation_strings":["Arizona State University, Tempe, AZ, USA","Arizona State University , Tempe , AZ , USA"],"affiliations":[{"raw_affiliation_string":"Arizona State University, Tempe, AZ, USA","institution_ids":["https://openalex.org/I55732556"]},{"raw_affiliation_string":"Arizona State University , Tempe , AZ , USA","institution_ids":["https://openalex.org/I55732556"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5076441959"],"corresponding_institution_ids":["https://openalex.org/I55732556"],"apc_list":null,"apc_paid":null,"fwci":5.7729,"has_fulltext":false,"cited_by_count":282,"citation_normalized_percentile":{"value":0.96677642,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":96,"max":100},"biblio":{"volume":"51","issue":"7","first_page":"810","last_page":"820"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12391","display_name":"Artificial Immune Systems Applications","score":0.9980000257492065,"subfield":{"id":"https://openalex.org/subfields/2204","display_name":"Biomedical Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9965999722480774,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.7226442098617554},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6616978645324707},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.5585036277770996},{"id":"https://openalex.org/keywords/data-set","display_name":"Data set","score":0.5382862091064453},{"id":"https://openalex.org/keywords/multivariate-statistics","display_name":"Multivariate statistics","score":0.49735763669013977},{"id":"https://openalex.org/keywords/test-set","display_name":"Test set","score":0.48175859451293945},{"id":"https://openalex.org/keywords/norm","display_name":"Norm (philosophy)","score":0.47093549370765686},{"id":"https://openalex.org/keywords/set","display_name":"Set (abstract data type)","score":0.4475718140602112},{"id":"https://openalex.org/keywords/normality-test","display_name":"Normality test","score":0.43856939673423767},{"id":"https://openalex.org/keywords/multivariate-analysis","display_name":"Multivariate analysis","score":0.4356843829154968},{"id":"https://openalex.org/keywords/statistical-hypothesis-testing","display_name":"Statistical hypothesis testing","score":0.41696542501449585},{"id":"https://openalex.org/keywords/statistics","display_name":"Statistics","score":0.33854764699935913},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.31006038188934326},{"id":"https://openalex.org/keywords/mathematics","display_name":"Mathematics","score":0.25566366314888},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.18030530214309692}],"concepts":[{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.7226442098617554},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6616978645324707},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.5585036277770996},{"id":"https://openalex.org/C58489278","wikidata":"https://www.wikidata.org/wiki/Q1172284","display_name":"Data set","level":2,"score":0.5382862091064453},{"id":"https://openalex.org/C161584116","wikidata":"https://www.wikidata.org/wiki/Q1952580","display_name":"Multivariate statistics","level":2,"score":0.49735763669013977},{"id":"https://openalex.org/C169903167","wikidata":"https://www.wikidata.org/wiki/Q3985153","display_name":"Test set","level":2,"score":0.48175859451293945},{"id":"https://openalex.org/C191795146","wikidata":"https://www.wikidata.org/wiki/Q3878446","display_name":"Norm (philosophy)","level":2,"score":0.47093549370765686},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.4475718140602112},{"id":"https://openalex.org/C85031952","wikidata":"https://www.wikidata.org/wiki/Q3026029","display_name":"Normality test","level":3,"score":0.43856939673423767},{"id":"https://openalex.org/C38180746","wikidata":"https://www.wikidata.org/wiki/Q1952580","display_name":"Multivariate analysis","level":2,"score":0.4356843829154968},{"id":"https://openalex.org/C87007009","wikidata":"https://www.wikidata.org/wiki/Q210832","display_name":"Statistical hypothesis testing","level":2,"score":0.41696542501449585},{"id":"https://openalex.org/C105795698","wikidata":"https://www.wikidata.org/wiki/Q12483","display_name":"Statistics","level":1,"score":0.33854764699935913},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.31006038188934326},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.25566366314888},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.18030530214309692},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tc.2002.1017701","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tc.2002.1017701","pdf_url":null,"source":{"id":"https://openalex.org/S157670870","display_name":"IEEE Transactions on Computers","issn_l":"0018-9340","issn":["0018-9340","1557-9956","2326-3814"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Computers","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.4699999988079071,"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[{"id":"https://openalex.org/F4320332180","display_name":"Defense Advanced Research Projects Agency","ror":"https://ror.org/02caytj08"},{"id":"https://openalex.org/F4320338279","display_name":"Air Force Office of Scientific Research","ror":"https://ror.org/011e9bt93"},{"id":"https://openalex.org/F4320338294","display_name":"Air Force Research Laboratory","ror":"https://ror.org/02e2egq70"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":36,"referenced_works":["https://openalex.org/W34688585","https://openalex.org/W145579521","https://openalex.org/W153815177","https://openalex.org/W155240222","https://openalex.org/W163398912","https://openalex.org/W205155364","https://openalex.org/W1483817343","https://openalex.org/W1506072753","https://openalex.org/W1532083937","https://openalex.org/W1559063645","https://openalex.org/W1592090113","https://openalex.org/W1838783946","https://openalex.org/W1854288931","https://openalex.org/W1862271745","https://openalex.org/W1952056635","https://openalex.org/W1963563131","https://openalex.org/W1994212840","https://openalex.org/W2012568697","https://openalex.org/W2035010367","https://openalex.org/W2083879570","https://openalex.org/W2112440119","https://openalex.org/W2130523241","https://openalex.org/W2134070140","https://openalex.org/W2141734529","https://openalex.org/W2150847526","https://openalex.org/W2338717024","https://openalex.org/W2482573402","https://openalex.org/W4235899634","https://openalex.org/W4241433670","https://openalex.org/W4241898276","https://openalex.org/W4296580867","https://openalex.org/W4301773902","https://openalex.org/W6601374651","https://openalex.org/W6629024004","https://openalex.org/W6630311449","https://openalex.org/W6635409250"],"related_works":["https://openalex.org/W2357468538","https://openalex.org/W2123376283","https://openalex.org/W4387327236","https://openalex.org/W2183488467","https://openalex.org/W1990237101","https://openalex.org/W4309907966","https://openalex.org/W4387896287","https://openalex.org/W2187490799","https://openalex.org/W4300172249","https://openalex.org/W3170838353"],"abstract_inverted_index":{"Intrusion":[0],"detection":[1],"complements":[2],"prevention":[3],"mechanisms,":[4],"such":[5],"as":[6],"firewalls,":[7],"cryptography,":[8],"and":[9,50,75,99,112,130],"authentication,":[10],"to":[11,34,55],"capture":[12],"intrusions":[13,36],"into":[14],"an":[15],"information":[16,24,46],"system":[17],"while":[18,156],"they":[19],"are":[20],"acting":[21],"on":[22,65,88],"the":[23,52,81,116,120,127,136,140,144,153,162,168,177],"system.":[25],"Our":[26],"study":[27],"investigates":[28],"a":[29,39,95,100,180],"multivariate":[30,59,183],"quality":[31,60],"control":[32,61],"technique":[33,62],"detect":[35,56],"by":[37],"building":[38],"long-term":[40],"profile":[41,54],"of":[42,80,91,110,152,167,179],"normal":[43,111,137,163],"activities":[44],"in":[45],"systems":[47],"(norm":[48],"profile)":[49],"using":[51],"norm":[53],"anomalies.":[57,77],"The":[58,78,165],"is":[63,86,173],"based":[64],"Hotelling's":[66,82,121,145,169],"T/sup":[67,83,122,146,170],"2/":[68,84,123,147,171],"test":[69,85,124,148,172],"that":[70],"detects":[71],"both":[72],"counterrelationship":[73],"anomalies":[74],"mean-shift":[76],"performance":[79,166,178],"examined":[87],"two":[89],"sets":[90,107],"computer":[92],"audit":[93],"data:":[94],"small":[96,117],"data":[97,103,106,118,142],"set":[98],"large":[101,141],"multiday":[102],"set.":[104],"Both":[105],"contain":[108],"sessions":[109,129,155],"intrusive":[113],"activities.":[114],"For":[115,139],"set,":[119,143],"signals":[125,149],"all":[126],"intrusion":[128,154],"produces":[131],"no":[132,158],"false":[133,159],"alarms":[134,160],"for":[135,161],"sessions.":[138,164],"92":[150],"percent":[151],"producing":[157],"also":[174],"compared":[175],"with":[176],"more":[181],"scalable":[182],"technique-a":[184],"chi-squared":[185],"distance":[186],"test.":[187]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":10},{"year":2024,"cited_by_count":9},{"year":2023,"cited_by_count":11},{"year":2022,"cited_by_count":12},{"year":2021,"cited_by_count":8},{"year":2020,"cited_by_count":16},{"year":2019,"cited_by_count":13},{"year":2018,"cited_by_count":8},{"year":2017,"cited_by_count":12},{"year":2016,"cited_by_count":7},{"year":2015,"cited_by_count":13},{"year":2014,"cited_by_count":19},{"year":2013,"cited_by_count":15},{"year":2012,"cited_by_count":12}],"updated_date":"2026-04-04T16:13:02.066488","created_date":"2025-10-10T00:00:00"}