{"id":"https://openalex.org/W2533817413","doi":"https://doi.org/10.1145/2976749.2976750","title":"Program Anomaly Detection","display_name":"Program Anomaly Detection","publication_year":2016,"publication_date":"2016-10-24","ids":{"openalex":"https://openalex.org/W2533817413","doi":"https://doi.org/10.1145/2976749.2976750","mag":"2533817413"},"language":"en","primary_location":{"id":"doi:10.1145/2976749.2976750","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2976749.2976750","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5046558241","display_name":"Xiaokui Shu","orcid":"https://orcid.org/0000-0002-7381-7041"},"institutions":[{"id":"https://openalex.org/I1341412227","display_name":"IBM (United States)","ror":"https://ror.org/05hh8d621","country_code":"US","type":"company","lineage":["https://openalex.org/I1341412227"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Xiaokui Shu","raw_affiliation_strings":["IBM Research, Yorktown Heights, NY, USA"],"affiliations":[{"raw_affiliation_string":"IBM Research, Yorktown Heights, NY, USA","institution_ids":["https://openalex.org/I1341412227"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5034366344","display_name":"Danfeng Yao","orcid":"https://orcid.org/0000-0001-8969-2792"},"institutions":[{"id":"https://openalex.org/I859038795","display_name":"Virginia Tech","ror":"https://ror.org/02smfhw86","country_code":"US","type":"education","lineage":["https://openalex.org/I859038795"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Danfeng Yao","raw_affiliation_strings":["Virginia Tech, Blacksburg, VA, USA"],"affiliations":[{"raw_affiliation_string":"Virginia Tech, Blacksburg, VA, USA","institution_ids":["https://openalex.org/I859038795"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5046558241"],"corresponding_institution_ids":["https://openalex.org/I1341412227"],"apc_list":null,"apc_paid":null,"fwci":0.2895,"has_fulltext":false,"cited_by_count":1,"citation_normalized_percentile":{"value":0.64274854,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":94},"biblio":{"volume":null,"issue":null,"first_page":"1853","last_page":"1854"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9955999851226807,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.8730347156524658},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7877998352050781},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.6274664998054504},{"id":"https://openalex.org/keywords/field","display_name":"Field (mathematics)","score":0.5495834946632385},{"id":"https://openalex.org/keywords/anomaly","display_name":"Anomaly (physics)","score":0.5480967164039612},{"id":"https://openalex.org/keywords/probabilistic-logic","display_name":"Probabilistic logic","score":0.48809635639190674},{"id":"https://openalex.org/keywords/data-science","display_name":"Data science","score":0.373413622379303},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.3317059278488159},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.3255125880241394}],"concepts":[{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.8730347156524658},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7877998352050781},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.6274664998054504},{"id":"https://openalex.org/C9652623","wikidata":"https://www.wikidata.org/wiki/Q190109","display_name":"Field (mathematics)","level":2,"score":0.5495834946632385},{"id":"https://openalex.org/C12997251","wikidata":"https://www.wikidata.org/wiki/Q567560","display_name":"Anomaly (physics)","level":2,"score":0.5480967164039612},{"id":"https://openalex.org/C49937458","wikidata":"https://www.wikidata.org/wiki/Q2599292","display_name":"Probabilistic logic","level":2,"score":0.48809635639190674},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.373413622379303},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.3317059278488159},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3255125880241394},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0},{"id":"https://openalex.org/C202444582","wikidata":"https://www.wikidata.org/wiki/Q837863","display_name":"Pure mathematics","level":1,"score":0.0},{"id":"https://openalex.org/C26873012","wikidata":"https://www.wikidata.org/wiki/Q214781","display_name":"Condensed matter physics","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/2976749.2976750","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2976749.2976750","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.6200000047683716,"display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":14,"referenced_works":["https://openalex.org/W1479871422","https://openalex.org/W1583975142","https://openalex.org/W2008704879","https://openalex.org/W2087671069","https://openalex.org/W2106649514","https://openalex.org/W2123886726","https://openalex.org/W2128217000","https://openalex.org/W2129860818","https://openalex.org/W2134073393","https://openalex.org/W2150847526","https://openalex.org/W2295709271","https://openalex.org/W2512784977","https://openalex.org/W2527840540","https://openalex.org/W6634829514"],"related_works":["https://openalex.org/W2806741695","https://openalex.org/W4290647774","https://openalex.org/W3189286258","https://openalex.org/W3207797160","https://openalex.org/W3210364259","https://openalex.org/W4300558037","https://openalex.org/W2912112202","https://openalex.org/W2667207928","https://openalex.org/W4377864969","https://openalex.org/W2972971679"],"abstract_inverted_index":{"This":[0,141],"tutorial":[1],"will":[2,71,89,107,132,143,159,175,179],"present":[3],"an":[4,34,200],"overview":[5],"of":[6,78,113,171,185,191,202,212],"program":[7,13,23,79,95,114,154,172,186,214],"anomaly":[8,83,96,115,155,165,173,187,215],"detection,":[9],"which":[10],"analyzes":[11],"normal":[12],"behaviors":[14],"and":[15,25,41,56,67,81,98,126,150,208],"discovers":[16],"aberrant":[17],"executions":[18],"caused":[19],"by":[20],"attacks,":[21],"misconfigurations,":[22],"bugs,":[24],"unusual":[26],"usage":[27],"patterns.":[28],"It":[29],"was":[30],"first":[31],"introduced":[32],"as":[33,63],"analogy":[35],"between":[36],"intrusion":[37],"detection":[38,84,97,116,139,156,166,174,188,216],"for":[39,94],"programs":[40],"the":[42,53,73,76,82,103,111,145,148,161,183,196,206,220],"immune":[43],"mechanism":[44],"in":[45,52,152,189,205],"biology.":[46],"Advanced":[47],"models":[48],"have":[49,59],"been":[50,60],"developed":[51],"last":[54],"decade":[55],"comprehensive":[57],"techniques":[58],"adopted":[61],"such":[62],"hidden":[64],"Markov":[65],"model":[66,100],"machine":[68],"learning.":[69],"We":[70,88,158,178,194],"introduce":[72],"audience":[74,106,146,197],"to":[75,122,135,198],"problem":[77],"attacks":[80,162],"approach":[85],"against":[86],"threats.":[87],"give":[90],"a":[91,210],"general":[92],"definition":[93],"derive":[99],"abstractions":[101],"from":[102,118],"definition.":[104],"The":[105,168],"be":[108,133,176],"walked":[109],"through":[110],"development":[112],"methods":[117],"early-age":[119],"n-gram":[120],"approaches":[121],"complicated":[123],"pushdown":[124],"automata":[125],"probabilistic":[127],"models.":[128,140,157],"Some":[129],"lab":[130],"tools":[131],"provided":[134],"help":[136,144],"understand":[137,147],"primitive":[138],"procedure":[142],"objectives":[149],"challenges":[151,204],"designing":[153],"discuss":[160,182],"that":[163],"subvert":[164],"mechanisms.":[167],"field":[169,207],"map":[170],"presented.":[177],"also":[180],"briefly":[181],"applications":[184],"Internet":[190],"Things":[192],"security.":[193],"expect":[195],"get":[199],"idea":[201],"unsolved":[203],"develop":[209],"sense":[211],"future":[213],"directions":[217],"after":[218],"attending":[219],"tutorial.":[221]},"counts_by_year":[{"year":2017,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}