{"id":"https://openalex.org/W4383753644","doi":"https://doi.org/10.1109/tc.2023.3292001","title":"An Adversarial Robust Behavior Sequence Anomaly Detection Approach Based on Critical Behavior Unit Learning","display_name":"An Adversarial Robust Behavior Sequence Anomaly Detection Approach Based on Critical Behavior Unit Learning","publication_year":2023,"publication_date":"2023-07-10","ids":{"openalex":"https://openalex.org/W4383753644","doi":"https://doi.org/10.1109/tc.2023.3292001"},"language":"en","primary_location":{"id":"doi:10.1109/tc.2023.3292001","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tc.2023.3292001","pdf_url":null,"source":{"id":"https://openalex.org/S157670870","display_name":"IEEE Transactions on Computers","issn_l":"0018-9340","issn":["0018-9340","1557-9956","2326-3814"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Computers","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5038927310","display_name":"Dongyang Zhan","orcid":"https://orcid.org/0000-0003-1981-5878"},"institutions":[{"id":"https://openalex.org/I204983213","display_name":"Harbin Institute of Technology","ror":"https://ror.org/01yqg2h08","country_code":"CN","type":"education","lineage":["https://openalex.org/I204983213"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Dongyang Zhan","raw_affiliation_strings":["School of Cyberspace Science, Harbin Institute of Technology, Harbin, Heilongjiang, China"],"affiliations":[{"raw_affiliation_string":"School of Cyberspace Science, Harbin Institute of Technology, Harbin, Heilongjiang, China","institution_ids":["https://openalex.org/I204983213"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100602906","display_name":"Kai Tan","orcid":"https://orcid.org/0009-0002-7149-4637"},"institutions":[{"id":"https://openalex.org/I204983213","display_name":"Harbin Institute of Technology","ror":"https://ror.org/01yqg2h08","country_code":"CN","type":"education","lineage":["https://openalex.org/I204983213"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Kai Tan","raw_affiliation_strings":["School of Cyberspace Science, Harbin Institute of Technology, Harbin, Heilongjiang, China"],"affiliations":[{"raw_affiliation_string":"School of Cyberspace Science, Harbin Institute of Technology, Harbin, Heilongjiang, China","institution_ids":["https://openalex.org/I204983213"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100391268","display_name":"Lin Ye","orcid":"https://orcid.org/0000-0002-9647-0271"},"institutions":[{"id":"https://openalex.org/I204983213","display_name":"Harbin Institute of Technology","ror":"https://ror.org/01yqg2h08","country_code":"CN","type":"education","lineage":["https://openalex.org/I204983213"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Lin Ye","raw_affiliation_strings":["School of Cyberspace Science, Harbin Institute of Technology, Harbin, Heilongjiang, China"],"affiliations":[{"raw_affiliation_string":"School of Cyberspace Science, Harbin Institute of Technology, Harbin, Heilongjiang, China","institution_ids":["https://openalex.org/I204983213"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5072540013","display_name":"Xiangzhan Yu","orcid":"https://orcid.org/0000-0002-1183-2844"},"institutions":[{"id":"https://openalex.org/I204983213","display_name":"Harbin Institute of Technology","ror":"https://ror.org/01yqg2h08","country_code":"CN","type":"education","lineage":["https://openalex.org/I204983213"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Xiangzhan Yu","raw_affiliation_strings":["School of Cyberspace Science, Harbin Institute of Technology, Harbin, Heilongjiang, China"],"affiliations":[{"raw_affiliation_string":"School of Cyberspace Science, Harbin Institute of Technology, Harbin, Heilongjiang, China","institution_ids":["https://openalex.org/I204983213"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100417312","display_name":"Hongli Zhang","orcid":"https://orcid.org/0000-0002-8167-7106"},"institutions":[{"id":"https://openalex.org/I204983213","display_name":"Harbin Institute of Technology","ror":"https://ror.org/01yqg2h08","country_code":"CN","type":"education","lineage":["https://openalex.org/I204983213"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Hongli Zhang","raw_affiliation_strings":["School of Cyberspace Science, Harbin Institute of Technology, Harbin, Heilongjiang, China"],"affiliations":[{"raw_affiliation_string":"School of Cyberspace Science, Harbin Institute of Technology, Harbin, Heilongjiang, China","institution_ids":["https://openalex.org/I204983213"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5101634591","display_name":"Zheng He","orcid":"https://orcid.org/0009-0000-4743-2124"},"institutions":[{"id":"https://openalex.org/I4210100745","display_name":"Heilongjiang Earthquake Agency","ror":"https://ror.org/0146tv827","country_code":"CN","type":"government","lineage":["https://openalex.org/I4210100745","https://openalex.org/I90149893"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Zheng He","raw_affiliation_strings":["Heilongjiang Meteorological Bureau, Harbin, Heilongjiang, China"],"affiliations":[{"raw_affiliation_string":"Heilongjiang Meteorological Bureau, Harbin, Heilongjiang, China","institution_ids":["https://openalex.org/I4210100745"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5038927310"],"corresponding_institution_ids":["https://openalex.org/I204983213"],"apc_list":null,"apc_paid":null,"fwci":1.9789,"has_fulltext":false,"cited_by_count":10,"citation_normalized_percentile":{"value":0.87009294,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":96,"max":99},"biblio":{"volume":"72","issue":"11","first_page":"3286","last_page":"3299"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9988999962806702,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9986000061035156,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8037818670272827},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.679291307926178},{"id":"https://openalex.org/keywords/robustness","display_name":"Robustness (evolution)","score":0.6639724373817444},{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.6027349233627319},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.5931460857391357},{"id":"https://openalex.org/keywords/deep-learning","display_name":"Deep learning","score":0.5926504731178284},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.5790234208106995},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.46347224712371826},{"id":"https://openalex.org/keywords/semantics","display_name":"Semantics (computer science)","score":0.45626094937324524},{"id":"https://openalex.org/keywords/sequence-learning","display_name":"Sequence learning","score":0.4321586489677429},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.08397430181503296}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8037818670272827},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.679291307926178},{"id":"https://openalex.org/C63479239","wikidata":"https://www.wikidata.org/wiki/Q7353546","display_name":"Robustness (evolution)","level":3,"score":0.6639724373817444},{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.6027349233627319},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.5931460857391357},{"id":"https://openalex.org/C108583219","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep learning","level":2,"score":0.5926504731178284},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.5790234208106995},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.46347224712371826},{"id":"https://openalex.org/C184337299","wikidata":"https://www.wikidata.org/wiki/Q1437428","display_name":"Semantics (computer science)","level":2,"score":0.45626094937324524},{"id":"https://openalex.org/C40506919","wikidata":"https://www.wikidata.org/wiki/Q7452469","display_name":"Sequence learning","level":2,"score":0.4321586489677429},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.08397430181503296},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0},{"id":"https://openalex.org/C185592680","wikidata":"https://www.wikidata.org/wiki/Q2329","display_name":"Chemistry","level":0,"score":0.0},{"id":"https://openalex.org/C55493867","wikidata":"https://www.wikidata.org/wiki/Q7094","display_name":"Biochemistry","level":1,"score":0.0},{"id":"https://openalex.org/C104317684","wikidata":"https://www.wikidata.org/wiki/Q7187","display_name":"Gene","level":2,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tc.2023.3292001","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tc.2023.3292001","pdf_url":null,"source":{"id":"https://openalex.org/S157670870","display_name":"IEEE Transactions on Computers","issn_l":"0018-9340","issn":["0018-9340","1557-9956","2326-3814"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Computers","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.6299999952316284,"display_name":"Peace, Justice and strong institutions"}],"awards":[{"id":"https://openalex.org/G1848225595","display_name":null,"funder_award_id":"LH2023F017","funder_id":"https://openalex.org/F4320323085","funder_display_name":"Natural Science Foundation of Heilongjiang Province"},{"id":"https://openalex.org/G2080667639","display_name":null,"funder_award_id":"61872111","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"},{"id":"https://openalex.org/F4320323085","display_name":"Natural Science Foundation of Heilongjiang Province","ror":null}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":47,"referenced_works":["https://openalex.org/W110909300","https://openalex.org/W1673923490","https://openalex.org/W1978371851","https://openalex.org/W1981738628","https://openalex.org/W2029438113","https://openalex.org/W2085807744","https://openalex.org/W2109227373","https://openalex.org/W2123502857","https://openalex.org/W2191468669","https://openalex.org/W2618219509","https://openalex.org/W2747715470","https://openalex.org/W2753669113","https://openalex.org/W2767094836","https://openalex.org/W2776884785","https://openalex.org/W2792736988","https://openalex.org/W2898998129","https://openalex.org/W2900275727","https://openalex.org/W2911919851","https://openalex.org/W2963204406","https://openalex.org/W2964268978","https://openalex.org/W2966399854","https://openalex.org/W2969244304","https://openalex.org/W2972552958","https://openalex.org/W2988961468","https://openalex.org/W3006837754","https://openalex.org/W3016369654","https://openalex.org/W3034080962","https://openalex.org/W3040197085","https://openalex.org/W3092079294","https://openalex.org/W3113062381","https://openalex.org/W3127712067","https://openalex.org/W3128377237","https://openalex.org/W3135174262","https://openalex.org/W3135353552","https://openalex.org/W3136767761","https://openalex.org/W3160413406","https://openalex.org/W3168412632","https://openalex.org/W3175362003","https://openalex.org/W3201518827","https://openalex.org/W4200107777","https://openalex.org/W4221112654","https://openalex.org/W4224275454","https://openalex.org/W4293846201","https://openalex.org/W6637162671","https://openalex.org/W6738397735","https://openalex.org/W6739868092","https://openalex.org/W6758026774"],"related_works":["https://openalex.org/W2502115930","https://openalex.org/W4246396837","https://openalex.org/W3176240006","https://openalex.org/W3126451824","https://openalex.org/W2482350142","https://openalex.org/W1561927205","https://openalex.org/W3191453585","https://openalex.org/W4297672492","https://openalex.org/W4310988119","https://openalex.org/W4285226279"],"abstract_inverted_index":{"Sequential":[0],"deep":[1,29,130],"learning":[2,111,131],"models":[3],"(e.g.,":[4,159],"RNN":[5],"and":[6,50,99,119,142,155,161],"LSTM)":[7],"can":[8,38,100,135,149],"learn":[9],"the":[10,44,65,92,105,112,120,173],"sequence":[11],"features":[12],"of":[13,47,67,96,107,115],"software":[14],"behaviors,":[15],"such":[16],"as":[17,86],"API":[18,160],"or":[19],"syscall":[20,162],"sequences.":[21],"However,":[22],"recent":[23],"studies":[24],"have":[25],"shown":[26],"that":[27,80,139,168,178],"these":[28],"learning-based":[30],"approaches":[31],"are":[32],"vulnerable":[33],"to":[34,42,72,103,152],"adversarial":[35,40,58],"samples.":[36],"Attackers":[37],"use":[39],"samples":[41],"change":[43],"sequential":[45],"characteristics":[46],"behavior":[48,68,84,88,108,117,124,157],"sequences":[49],"mislead":[51],"malware":[52],"classifiers.":[53],"In":[54,145],"this":[55,74],"paper,":[56],"an":[57],"robustness":[59,106],"anomaly":[60],"detection":[61],"method":[62],"based":[63,126],"on":[64,127],"analysis":[66],"units":[69,125],"is":[70],"proposed":[71],"overcome":[73],"problem.":[75],"We":[76],"extract":[77],"related":[78],"behaviors":[79,98],"usually":[81],"perform":[82],"a":[83,87,128],"intention":[85],"unit,":[89],"which":[90,176],"contains":[91],"representative":[93],"semantic":[94],"information":[95],"local":[97,141],"be":[101,150],"used":[102],"improve":[104],"analysis.":[109],"By":[110],"overall":[113],"semantics":[114],"each":[116],"unit":[118],"contextual":[121],"relationships":[122],"among":[123],"multilevel":[129],"model,":[132],"our":[133,147,169,179],"approach":[134,148,170,180],"mitigate":[136],"perturbation":[137],"attacks":[138],"target":[140],"large-scale":[143],"behaviors.":[144],"addition,":[146],"applied":[151],"both":[153],"low-level":[154],"high-level":[156],"logs":[158],"logs).":[163],"The":[164],"experimental":[165],"results":[166],"show":[167],"outperforms":[171],"all":[172],"compared":[174],"methods,":[175],"indicates":[177],"has":[181],"better":[182],"performance":[183],"against":[184],"obfuscation":[185],"attacks.":[186]},"counts_by_year":[{"year":2026,"cited_by_count":2},{"year":2025,"cited_by_count":3},{"year":2024,"cited_by_count":5}],"updated_date":"2026-04-17T18:11:37.981687","created_date":"2025-10-10T00:00:00"}