{"id":"https://openalex.org/W2603523376","doi":"https://doi.org/10.1145/3041008.3041014","title":"Model-based Cluster Analysis for Identifying Suspicious Activity Sequences in Software","display_name":"Model-based Cluster Analysis for Identifying Suspicious Activity Sequences in Software","publication_year":2017,"publication_date":"2017-03-24","ids":{"openalex":"https://openalex.org/W2603523376","doi":"https://doi.org/10.1145/3041008.3041014","mag":"2603523376"},"language":"en","primary_location":{"id":"doi:10.1145/3041008.3041014","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3041008.3041014","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 3rd ACM on International Workshop on Security And Privacy Analytics","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5028407723","display_name":"Hemank Lamba","orcid":"https://orcid.org/0000-0002-9794-3587"},"institutions":[{"id":"https://openalex.org/I74973139","display_name":"Carnegie Mellon University","ror":"https://ror.org/05x2bcf33","country_code":"US","type":"education","lineage":["https://openalex.org/I74973139"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Hemank Lamba","raw_affiliation_strings":["Carnegie Mellon University, Pittsburgh, PA, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Carnegie Mellon University, Pittsburgh, PA, USA","institution_ids":["https://openalex.org/I74973139"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5088820358","display_name":"Thomas J. Glazier","orcid":null},"institutions":[{"id":"https://openalex.org/I74973139","display_name":"Carnegie Mellon University","ror":"https://ror.org/05x2bcf33","country_code":"US","type":"education","lineage":["https://openalex.org/I74973139"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Thomas J. Glazier","raw_affiliation_strings":["Carnegie Mellon University, Pittsburgh, PA, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Carnegie Mellon University, Pittsburgh, PA, USA","institution_ids":["https://openalex.org/I74973139"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5091731762","display_name":"Javier C\u00e1mara","orcid":"https://orcid.org/0000-0001-6717-4775"},"institutions":[{"id":"https://openalex.org/I74973139","display_name":"Carnegie Mellon University","ror":"https://ror.org/05x2bcf33","country_code":"US","type":"education","lineage":["https://openalex.org/I74973139"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Javier C\u00e1mara","raw_affiliation_strings":["Carnegie Mellon University, Pittsburgh, PA, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Carnegie Mellon University, Pittsburgh, PA, USA","institution_ids":["https://openalex.org/I74973139"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5057348711","display_name":"Bradley Schmerl","orcid":"https://orcid.org/0000-0001-7828-622X"},"institutions":[{"id":"https://openalex.org/I74973139","display_name":"Carnegie Mellon University","ror":"https://ror.org/05x2bcf33","country_code":"US","type":"education","lineage":["https://openalex.org/I74973139"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Bradley Schmerl","raw_affiliation_strings":["Carnegie Mellon University, Pittsburgh, PA, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Carnegie Mellon University, Pittsburgh, PA, USA","institution_ids":["https://openalex.org/I74973139"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5045020317","display_name":"David Garlan","orcid":"https://orcid.org/0000-0002-6735-8301"},"institutions":[{"id":"https://openalex.org/I74973139","display_name":"Carnegie Mellon University","ror":"https://ror.org/05x2bcf33","country_code":"US","type":"education","lineage":["https://openalex.org/I74973139"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"David Garlan","raw_affiliation_strings":["Carnegie Mellon University, Pittsburgh, PA, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Carnegie Mellon University, Pittsburgh, PA, USA","institution_ids":["https://openalex.org/I74973139"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5030571651","display_name":"J\u00fcrgen Pfeffer","orcid":null},"institutions":[{"id":"https://openalex.org/I74973139","display_name":"Carnegie Mellon University","ror":"https://ror.org/05x2bcf33","country_code":"US","type":"education","lineage":["https://openalex.org/I74973139"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"J\u00fcrgen Pfeffer","raw_affiliation_strings":["Carnegie Mellon University, Pittsburgh, PA, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Carnegie Mellon University, Pittsburgh, PA, USA","institution_ids":["https://openalex.org/I74973139"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5028407723"],"corresponding_institution_ids":["https://openalex.org/I74973139"],"apc_list":null,"apc_paid":null,"fwci":0.8772,"has_fulltext":false,"cited_by_count":6,"citation_normalized_percentile":{"value":0.76822595,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":96},"biblio":{"volume":null,"issue":null,"first_page":"17","last_page":"22"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9984999895095825,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.804405927658081},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.5811719298362732},{"id":"https://openalex.org/keywords/bigram","display_name":"Bigram","score":0.5739771723747253},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.5638996362686157},{"id":"https://openalex.org/keywords/software-system","display_name":"Software system","score":0.49729111790657043},{"id":"https://openalex.org/keywords/cluster","display_name":"Cluster (spacecraft)","score":0.48277607560157776},{"id":"https://openalex.org/keywords/software-architecture","display_name":"Software architecture","score":0.4608760178089142},{"id":"https://openalex.org/keywords/system-call","display_name":"System call","score":0.4436797499656677},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.4408084452152252},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.43441277742385864},{"id":"https://openalex.org/keywords/systems-architecture","display_name":"Systems architecture","score":0.41083475947380066},{"id":"https://openalex.org/keywords/architecture","display_name":"Architecture","score":0.39012226462364197},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.31180882453918457},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.11231991648674011},{"id":"https://openalex.org/keywords/trigram","display_name":"Trigram","score":0.0918455719947815}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.804405927658081},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.5811719298362732},{"id":"https://openalex.org/C108757681","wikidata":"https://www.wikidata.org/wiki/Q2773912","display_name":"Bigram","level":3,"score":0.5739771723747253},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.5638996362686157},{"id":"https://openalex.org/C149091818","wikidata":"https://www.wikidata.org/wiki/Q2429814","display_name":"Software system","level":3,"score":0.49729111790657043},{"id":"https://openalex.org/C164866538","wikidata":"https://www.wikidata.org/wiki/Q367351","display_name":"Cluster (spacecraft)","level":2,"score":0.48277607560157776},{"id":"https://openalex.org/C35869016","wikidata":"https://www.wikidata.org/wiki/Q846636","display_name":"Software architecture","level":3,"score":0.4608760178089142},{"id":"https://openalex.org/C2778579508","wikidata":"https://www.wikidata.org/wiki/Q722192","display_name":"System call","level":2,"score":0.4436797499656677},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.4408084452152252},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.43441277742385864},{"id":"https://openalex.org/C98025372","wikidata":"https://www.wikidata.org/wiki/Q477538","display_name":"Systems architecture","level":3,"score":0.41083475947380066},{"id":"https://openalex.org/C123657996","wikidata":"https://www.wikidata.org/wiki/Q12271","display_name":"Architecture","level":2,"score":0.39012226462364197},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.31180882453918457},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.11231991648674011},{"id":"https://openalex.org/C137546455","wikidata":"https://www.wikidata.org/wiki/Q3213474","display_name":"Trigram","level":2,"score":0.0918455719947815},{"id":"https://openalex.org/C153349607","wikidata":"https://www.wikidata.org/wiki/Q36649","display_name":"Visual arts","level":1,"score":0.0},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.0},{"id":"https://openalex.org/C142362112","wikidata":"https://www.wikidata.org/wiki/Q735","display_name":"Art","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3041008.3041014","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3041008.3041014","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 3rd ACM on International Workshop on Security And Privacy Analytics","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[{"id":"https://openalex.org/F4320311089","display_name":"National Security Agency","ror":"https://ror.org/0047bvr32"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":35,"referenced_works":["https://openalex.org/W81017276","https://openalex.org/W93424348","https://openalex.org/W1492581097","https://openalex.org/W1495937566","https://openalex.org/W1519648961","https://openalex.org/W1560607100","https://openalex.org/W1575419735","https://openalex.org/W1587129889","https://openalex.org/W1589386793","https://openalex.org/W1793267736","https://openalex.org/W1895387792","https://openalex.org/W1963371853","https://openalex.org/W1975223096","https://openalex.org/W1990991758","https://openalex.org/W2011863672","https://openalex.org/W2020214545","https://openalex.org/W2078701302","https://openalex.org/W2087221762","https://openalex.org/W2097623840","https://openalex.org/W2113271473","https://openalex.org/W2129281431","https://openalex.org/W2129860818","https://openalex.org/W2133591726","https://openalex.org/W2136710010","https://openalex.org/W2141992351","https://openalex.org/W2148123869","https://openalex.org/W2168175751","https://openalex.org/W2168393938","https://openalex.org/W2282288858","https://openalex.org/W2348679751","https://openalex.org/W2603273327","https://openalex.org/W2612926688","https://openalex.org/W2962752671","https://openalex.org/W2962881240","https://openalex.org/W4231625493"],"related_works":["https://openalex.org/W2096364451","https://openalex.org/W2001444918","https://openalex.org/W1953689839","https://openalex.org/W2118608074","https://openalex.org/W2807954370","https://openalex.org/W2773589298","https://openalex.org/W1540035128","https://openalex.org/W812937317","https://openalex.org/W156168486","https://openalex.org/W2233213171"],"abstract_inverted_index":{"Large":[0],"software":[1,141],"systems":[2],"have":[3,41,70],"to":[4,88,121,131,146],"contend":[5],"with":[6,14,42],"a":[7,99,118,128,144,179,182],"significant":[8],"number":[9,96],"of":[10,17,25,32,37,94,97,124,143,181],"users":[11,40],"who":[12,61],"interact":[13],"different":[15],"components":[16,26],"the":[18,43,75,95,139],"system":[19,76,100,129,145,185],"in":[20,49],"various":[21],"ways.":[22],"The":[23],"sequences":[24,123],"that":[27,39,57,153,167],"are":[28,59,78],"used":[29],"as":[30],"part":[31],"an":[33],"interaction":[34],"define":[35,147],"sets":[36],"behaviors":[38,64,84,126],"system.":[44],"These":[45,82],"can":[46,85],"be":[47,86],"large":[48,183],"number.":[50],"Among":[51],"these":[52,148],"users,":[53],"it":[54],"is":[55,156],"possible":[56],"there":[58],"some":[60],"exhibit":[62],"anomalous":[63,83],"--":[65],"for":[66,172],"example,":[67],"they":[68],"may":[69,101,106],"found":[71],"back":[72],"doors":[73],"into":[74],"and":[77,130,170],"doing":[79],"something":[80],"malicious.":[81],"hard":[87],"distinguish":[89],"from":[90,110],"normal":[91,111],"behavior":[92],"because":[93,104],"interactions":[98],"have,":[102],"or":[103,134],"traces":[105],"deviate":[107],"only":[108],"slightly":[109],"behavior.":[112],"In":[113],"this":[114,177],"paper":[115],"we":[116],"describe":[117],"model-based":[119],"approach":[120,155],"cluster":[122],"user":[125],"within":[127],"find":[132],"suspicious,":[133],"anomalous,":[135],"sequences.":[136,149],"We":[137,150,175],"exploit":[138],"underlying":[140],"architecture":[142],"further":[151],"show":[152,176],"our":[154],"better":[157],"at":[158],"detecting":[159],"suspicious":[160],"activities":[161],"than":[162],"other":[163],"approaches,":[164],"specifically":[165],"those":[166],"use":[168],"unigrams":[169],"bigrams":[171],"anomaly":[173],"detection.":[174],"on":[178,187],"simulation":[180],"scale":[184],"based":[186],"Amazon":[188],"Web":[189],"application":[190],"style":[191],"architecture.":[192]},"counts_by_year":[{"year":2023,"cited_by_count":1},{"year":2021,"cited_by_count":1},{"year":2020,"cited_by_count":1},{"year":2018,"cited_by_count":1},{"year":2017,"cited_by_count":2}],"updated_date":"2026-04-28T14:05:53.105641","created_date":"2025-10-10T00:00:00"}