{"id":"https://openalex.org/W2147808388","doi":"https://doi.org/10.1145/1384117.1384137","title":"A methodology for designing accurate anomaly detection systems","display_name":"A methodology for designing accurate anomaly detection systems","publication_year":2007,"publication_date":"2007-10-10","ids":{"openalex":"https://openalex.org/W2147808388","doi":"https://doi.org/10.1145/1384117.1384137","mag":"2147808388"},"language":"en","primary_location":{"id":"doi:10.1145/1384117.1384137","is_oa":true,"landing_page_url":"https://doi.org/10.1145/1384117.1384137","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/1384117.1384137","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 4th international IFIP/ACM Latin American conference on Networking","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/1384117.1384137","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5038869930","display_name":"Kenneth L. Ingham","orcid":null},"institutions":[{"id":"https://openalex.org/I169521973","display_name":"University of New Mexico","ror":"https://ror.org/05fs6jp91","country_code":"US","type":"education","lineage":["https://openalex.org/I169521973"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Kenneth L. Ingham","raw_affiliation_strings":["University of New Mexico, Albuquerque, NM"],"affiliations":[{"raw_affiliation_string":"University of New Mexico, Albuquerque, NM","institution_ids":["https://openalex.org/I169521973"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5111980259","display_name":"Anil Somayaji","orcid":"https://orcid.org/0000-0003-4761-9743"},"institutions":[{"id":"https://openalex.org/I67031392","display_name":"Carleton University","ror":"https://ror.org/02qtvee93","country_code":"CA","type":"education","lineage":["https://openalex.org/I67031392"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Anil Somayaji","raw_affiliation_strings":["Carleton University, Ottawa, ON, Canada"],"affiliations":[{"raw_affiliation_string":"Carleton University, Ottawa, ON, Canada","institution_ids":["https://openalex.org/I67031392"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5038869930"],"corresponding_institution_ids":["https://openalex.org/I169521973"],"apc_list":null,"apc_paid":null,"fwci":1.0157,"has_fulltext":true,"cited_by_count":9,"citation_normalized_percentile":{"value":0.80891591,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":95},"biblio":{"volume":null,"issue":null,"first_page":"139","last_page":"143"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9991999864578247,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9986000061035156,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.8430696725845337},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7857011556625366},{"id":"https://openalex.org/keywords/generalization","display_name":"Generalization","score":0.7670255303382874},{"id":"https://openalex.org/keywords/false-positive-paradox","display_name":"False positive paradox","score":0.7102898955345154},{"id":"https://openalex.org/keywords/heuristics","display_name":"Heuristics","score":0.6962137222290039},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.5986967086791992},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.4925127923488617},{"id":"https://openalex.org/keywords/anomaly","display_name":"Anomaly (physics)","score":0.4355809986591339},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.43553033471107483},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.42086735367774963},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.37877458333969116},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.174136221408844},{"id":"https://openalex.org/keywords/mathematics","display_name":"Mathematics","score":0.08065810799598694}],"concepts":[{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.8430696725845337},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7857011556625366},{"id":"https://openalex.org/C177148314","wikidata":"https://www.wikidata.org/wiki/Q170084","display_name":"Generalization","level":2,"score":0.7670255303382874},{"id":"https://openalex.org/C64869954","wikidata":"https://www.wikidata.org/wiki/Q1859747","display_name":"False positive paradox","level":2,"score":0.7102898955345154},{"id":"https://openalex.org/C127705205","wikidata":"https://www.wikidata.org/wiki/Q5748245","display_name":"Heuristics","level":2,"score":0.6962137222290039},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.5986967086791992},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.4925127923488617},{"id":"https://openalex.org/C12997251","wikidata":"https://www.wikidata.org/wiki/Q567560","display_name":"Anomaly (physics)","level":2,"score":0.4355809986591339},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.43553033471107483},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.42086735367774963},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.37877458333969116},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.174136221408844},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.08065810799598694},{"id":"https://openalex.org/C134306372","wikidata":"https://www.wikidata.org/wiki/Q7754","display_name":"Mathematical analysis","level":1,"score":0.0},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0},{"id":"https://openalex.org/C26873012","wikidata":"https://www.wikidata.org/wiki/Q214781","display_name":"Condensed matter physics","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/1384117.1384137","is_oa":true,"landing_page_url":"https://doi.org/10.1145/1384117.1384137","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/1384117.1384137","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 4th international IFIP/ACM Latin American conference on Networking","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/1384117.1384137","is_oa":true,"landing_page_url":"https://doi.org/10.1145/1384117.1384137","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/1384117.1384137","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 4th international IFIP/ACM Latin American conference on Networking","raw_type":"proceedings-article"},"sustainable_development_goals":[{"score":0.5600000023841858,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[{"id":"https://openalex.org/G2165548363","display_name":null,"funder_award_id":"Canada","funder_id":"https://openalex.org/F4320334593","funder_display_name":"Natural Sciences and Engineering Research Council of Canada"},{"id":"https://openalex.org/G3969759488","display_name":null,"funder_award_id":"program","funder_id":"https://openalex.org/F4320322675","funder_display_name":"Mitacs"},{"id":"https://openalex.org/G7674162662","display_name":null,"funder_award_id":"ANIR-9986555","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G848032724","display_name":null,"funder_award_id":"Science","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"},{"id":"https://openalex.org/F4320322675","display_name":"Mitacs","ror":"https://ror.org/00cjrc276"},{"id":"https://openalex.org/F4320334593","display_name":"Natural Sciences and Engineering Research Council of Canada","ror":"https://ror.org/01h531d29"}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W2147808388.pdf","grobid_xml":"https://content.openalex.org/works/W2147808388.grobid-xml"},"referenced_works_count":10,"referenced_works":["https://openalex.org/W87384950","https://openalex.org/W1598757778","https://openalex.org/W1601009504","https://openalex.org/W2078396547","https://openalex.org/W2110523863","https://openalex.org/W2116065364","https://openalex.org/W2124194513","https://openalex.org/W2126862902","https://openalex.org/W2128217000","https://openalex.org/W2146211060"],"related_works":["https://openalex.org/W2363105058","https://openalex.org/W2980564995","https://openalex.org/W1516902003","https://openalex.org/W2981448197","https://openalex.org/W4288088836","https://openalex.org/W2110365568","https://openalex.org/W2129665777","https://openalex.org/W2392397575","https://openalex.org/W2546192109","https://openalex.org/W2007651797"],"abstract_inverted_index":{"Anomaly":[0],"detection":[1,43,68],"systems":[2,12,69,83],"have":[3],"the":[4,104,117],"potential":[5],"to":[6,31,116],"detect":[7],"zero-day":[8],"attacks.":[9,28,57],"However,":[10],"these":[11],"can":[13,22],"suffer":[14],"from":[15],"high":[16],"rates":[17],"of":[18,38,106,119],"false":[19,50],"positives":[20],"and":[21,77,94],"be":[23,84],"evaded":[24],"through":[25,26],"mimicry":[27],"The":[29],"key":[30],"addressing":[32],"both":[33],"problems":[34],"is":[35],"careful":[36],"control":[37],"model":[39,75],"generalization.":[40,78],"An":[41],"anomaly":[42,67],"system":[44],"that":[45,54,70,82],"undergeneralizes":[46],"generates":[47],"too":[48],"many":[49],"positives,":[51],"while":[52],"one":[53],"overgeneralizes":[55],"misses":[56],"In":[58],"this":[59],"paper,":[60],"we":[61,80,109],"present":[62],"a":[63],"methodology":[64],"for":[65],"creating":[66],"make":[71],"appropriate":[72],"trade-offs":[73],"regarding":[74],"precision":[76],"Specifically,":[79],"propose":[81],"created":[85],"by":[86],"taking":[87],"an":[88],"appropriate,":[89],"undergeneralizing":[90],"data":[91,98],"modeling":[92],"method":[93],"extending":[95],"it":[96,112],"using":[97],"pre-processing":[99],"generalization":[100],"heuristics.":[101],"To":[102],"show":[103,110],"utility":[105],"our":[107],"methodology,":[108],"how":[111],"has":[113],"been":[114],"applied":[115],"problem":[118],"detecting":[120],"malicious":[121],"web":[122],"requests.":[123]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2023,"cited_by_count":1},{"year":2014,"cited_by_count":1},{"year":2013,"cited_by_count":1},{"year":2012,"cited_by_count":1}],"updated_date":"2026-03-15T09:29:46.208133","created_date":"2025-10-10T00:00:00"}