{"id":"https://openalex.org/W2988790801","doi":"https://doi.org/10.1145/3344382","title":"A Survey of Intrusion Detection Systems Leveraging Host Data","display_name":"A Survey of Intrusion Detection Systems Leveraging Host Data","publication_year":2019,"publication_date":"2019-11-14","ids":{"openalex":"https://openalex.org/W2988790801","doi":"https://doi.org/10.1145/3344382","mag":"2988790801"},"language":"en","primary_location":{"id":"doi:10.1145/3344382","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3344382","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3344382","source":{"id":"https://openalex.org/S157921468","display_name":"ACM Computing Surveys","issn_l":"0360-0300","issn":["0360-0300","1557-7341"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Computing Surveys","raw_type":"journal-article"},"type":"review","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"bronze","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3344382","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5012446017","display_name":"Robert A. Bridges","orcid":"https://orcid.org/0000-0001-7962-6329"},"institutions":[{"id":"https://openalex.org/I1289243028","display_name":"Oak Ridge National Laboratory","ror":"https://ror.org/01qz5mb56","country_code":"US","type":"facility","lineage":["https://openalex.org/I1289243028","https://openalex.org/I1330989302","https://openalex.org/I39565521","https://openalex.org/I4210159294"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Robert A. Bridges","raw_affiliation_strings":["Cyber 8 Applied Data Analytics Division, Oak Ridge National Laboratory"],"affiliations":[{"raw_affiliation_string":"Cyber 8 Applied Data Analytics Division, Oak Ridge National Laboratory","institution_ids":["https://openalex.org/I1289243028"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5085197991","display_name":"Tarrah R. Glass-Vanderlan","orcid":"https://orcid.org/0000-0003-0642-6427"},"institutions":[{"id":"https://openalex.org/I1289243028","display_name":"Oak Ridge National Laboratory","ror":"https://ror.org/01qz5mb56","country_code":"US","type":"facility","lineage":["https://openalex.org/I1289243028","https://openalex.org/I1330989302","https://openalex.org/I39565521","https://openalex.org/I4210159294"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Tarrah R. Glass-Vanderlan","raw_affiliation_strings":["Cyber 8 Applied Data Analytics Division, Oak Ridge National Laboratory"],"affiliations":[{"raw_affiliation_string":"Cyber 8 Applied Data Analytics Division, Oak Ridge National Laboratory","institution_ids":["https://openalex.org/I1289243028"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5023093422","display_name":"Michael D. Iannacone","orcid":"https://orcid.org/0000-0003-3081-4761"},"institutions":[{"id":"https://openalex.org/I1289243028","display_name":"Oak Ridge National Laboratory","ror":"https://ror.org/01qz5mb56","country_code":"US","type":"facility","lineage":["https://openalex.org/I1289243028","https://openalex.org/I1330989302","https://openalex.org/I39565521","https://openalex.org/I4210159294"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Michael D. Iannacone","raw_affiliation_strings":["Cyber 8 Applied Data Analytics Division, Oak Ridge National Laboratory"],"affiliations":[{"raw_affiliation_string":"Cyber 8 Applied Data Analytics Division, Oak Ridge National Laboratory","institution_ids":["https://openalex.org/I1289243028"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5043886926","display_name":"Maria S. Vincent","orcid":"https://orcid.org/0000-0002-4348-2500"},"institutions":[{"id":"https://openalex.org/I1289243028","display_name":"Oak Ridge National Laboratory","ror":"https://ror.org/01qz5mb56","country_code":"US","type":"facility","lineage":["https://openalex.org/I1289243028","https://openalex.org/I1330989302","https://openalex.org/I39565521","https://openalex.org/I4210159294"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Maria S. Vincent","raw_affiliation_strings":["Cyber 8 Applied Data Analytics Division, Oak Ridge National Laboratory"],"affiliations":[{"raw_affiliation_string":"Cyber 8 Applied Data Analytics Division, Oak Ridge National Laboratory","institution_ids":["https://openalex.org/I1289243028"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5033326056","display_name":"Qian Chen","orcid":"https://orcid.org/0000-0002-0130-5901"},"institutions":[{"id":"https://openalex.org/I45438204","display_name":"The University of Texas at San Antonio","ror":"https://ror.org/01kd65564","country_code":"US","type":"education","lineage":["https://openalex.org/I45438204"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Qian (Guenevere) Chen","raw_affiliation_strings":["Electrical 8 Computer Engineering, University of Texas, San Antonio"],"affiliations":[{"raw_affiliation_string":"Electrical 8 Computer Engineering, University of Texas, San Antonio","institution_ids":["https://openalex.org/I45438204"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5012446017"],"corresponding_institution_ids":["https://openalex.org/I1289243028"],"apc_list":null,"apc_paid":null,"fwci":12.2884,"has_fulltext":true,"cited_by_count":126,"citation_normalized_percentile":{"value":0.98893626,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":98,"max":100},"biblio":{"volume":"52","issue":"6","first_page":"1","last_page":"35"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9991999864578247,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9984999895095825,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8689172863960266},{"id":"https://openalex.org/keywords/host","display_name":"Host (biology)","score":0.7402660250663757},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.7381978631019592},{"id":"https://openalex.org/keywords/leverage","display_name":"Leverage (statistics)","score":0.6308501958847046},{"id":"https://openalex.org/keywords/audit-trail","display_name":"Audit trail","score":0.5416711568832397},{"id":"https://openalex.org/keywords/audit","display_name":"Audit","score":0.5236261487007141},{"id":"https://openalex.org/keywords/data-science","display_name":"Data science","score":0.48019707202911377},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.38506412506103516},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.09148630499839783}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8689172863960266},{"id":"https://openalex.org/C126831891","wikidata":"https://www.wikidata.org/wiki/Q221673","display_name":"Host (biology)","level":2,"score":0.7402660250663757},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.7381978631019592},{"id":"https://openalex.org/C153083717","wikidata":"https://www.wikidata.org/wiki/Q6535263","display_name":"Leverage (statistics)","level":2,"score":0.6308501958847046},{"id":"https://openalex.org/C80958533","wikidata":"https://www.wikidata.org/wiki/Q1047174","display_name":"Audit trail","level":3,"score":0.5416711568832397},{"id":"https://openalex.org/C199521495","wikidata":"https://www.wikidata.org/wiki/Q181487","display_name":"Audit","level":2,"score":0.5236261487007141},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.48019707202911377},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.38506412506103516},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.09148630499839783},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C187736073","wikidata":"https://www.wikidata.org/wiki/Q2920921","display_name":"Management","level":1,"score":0.0},{"id":"https://openalex.org/C162324750","wikidata":"https://www.wikidata.org/wiki/Q8134","display_name":"Economics","level":0,"score":0.0},{"id":"https://openalex.org/C18903297","wikidata":"https://www.wikidata.org/wiki/Q7150","display_name":"Ecology","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3344382","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3344382","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3344382","source":{"id":"https://openalex.org/S157921468","display_name":"ACM Computing Surveys","issn_l":"0360-0300","issn":["0360-0300","1557-7341"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Computing Surveys","raw_type":"journal-article"},{"id":"pmh:oai:osti.gov:1965280","is_oa":true,"landing_page_url":"https://www.osti.gov/biblio/1965280","pdf_url":null,"source":{"id":"https://openalex.org/S4306402487","display_name":"OSTI OAI (U.S. Department of Energy Office of Scientific and Technical Information)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I139351228","host_organization_name":"Office of Scientific and Technical Information","host_organization_lineage":["https://openalex.org/I139351228"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":null}],"best_oa_location":{"id":"doi:10.1145/3344382","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3344382","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3344382","source":{"id":"https://openalex.org/S157921468","display_name":"ACM Computing Surveys","issn_l":"0360-0300","issn":["0360-0300","1557-7341"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Computing Surveys","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G1719536385","display_name":null,"funder_award_id":"DE-AC05-00OR22725","funder_id":"https://openalex.org/F4320306084","funder_display_name":"U.S. Department of Energy"},{"id":"https://openalex.org/G5051188800","display_name":null,"funder_award_id":"D2017-170222007","funder_id":"https://openalex.org/F4320333051","funder_display_name":"Intelligence Advanced Research Projects Activity"}],"funders":[{"id":"https://openalex.org/F4320306084","display_name":"U.S. Department of Energy","ror":"https://ror.org/01bj3aw27"},{"id":"https://openalex.org/F4320312530","display_name":"Office of the Director of National Intelligence","ror":"https://ror.org/01v3fsc55"},{"id":"https://openalex.org/F4320333051","display_name":"Intelligence Advanced Research Projects Activity","ror":"https://ror.org/01v3fsc55"},{"id":"https://openalex.org/F4320337349","display_name":"NIH Office of the Director","ror":"https://ror.org/00fj8a872"}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W2988790801.pdf","grobid_xml":"https://content.openalex.org/works/W2988790801.grobid-xml"},"referenced_works_count":161,"referenced_works":["https://openalex.org/W1539027","https://openalex.org/W6563103","https://openalex.org/W15008180","https://openalex.org/W34732858","https://openalex.org/W91862604","https://openalex.org/W138566380","https://openalex.org/W191839766","https://openalex.org/W200681053","https://openalex.org/W248959849","https://openalex.org/W433644524","https://openalex.org/W1482036107","https://openalex.org/W1489073918","https://openalex.org/W1492196703","https://openalex.org/W1492832459","https://openalex.org/W1535668279","https://openalex.org/W1562890122","https://openalex.org/W1566480186","https://openalex.org/W1577117059","https://openalex.org/W1591480890","https://openalex.org/W1592090113","https://openalex.org/W1628129782","https://openalex.org/W1636725296","https://openalex.org/W1647135810","https://openalex.org/W1670263352","https://openalex.org/W1792904922","https://openalex.org/W1806610636","https://openalex.org/W1816130922","https://openalex.org/W1832277845","https://openalex.org/W1851116156","https://openalex.org/W1866355538","https://openalex.org/W1884606608","https://openalex.org/W1903577715","https://openalex.org/W1941427975","https://openalex.org/W1964019544","https://openalex.org/W1964394804","https://openalex.org/W1969635302","https://openalex.org/W1972544015","https://openalex.org/W1973841765","https://openalex.org/W1975843001","https://openalex.org/W1977264295","https://openalex.org/W1977838479","https://openalex.org/W1979506909","https://openalex.org/W1981261802","https://openalex.org/W1981738628","https://openalex.org/W1984350393","https://openalex.org/W1985987493","https://openalex.org/W1987459411","https://openalex.org/W1988015967","https://openalex.org/W1988918299","https://openalex.org/W1991140435","https://openalex.org/W1995126785","https://openalex.org/W2002594911","https://openalex.org/W2006862475","https://openalex.org/W2007087405","https://openalex.org/W2009250942","https://openalex.org/W2009803064","https://openalex.org/W2011397780","https://openalex.org/W2016915071","https://openalex.org/W2017578978","https://openalex.org/W2037734761","https://openalex.org/W2038863013","https://openalex.org/W2043491664","https://openalex.org/W2046608104","https://openalex.org/W2059682003","https://openalex.org/W2060818277","https://openalex.org/W2077488147","https://openalex.org/W2087671069","https://openalex.org/W2089061064","https://openalex.org/W2099940443","https://openalex.org/W2100783950","https://openalex.org/W2102970979","https://openalex.org/W2104593144","https://openalex.org/W2104893874","https://openalex.org/W2106442760","https://openalex.org/W2106649514","https://openalex.org/W2107035663","https://openalex.org/W2110320325","https://openalex.org/W2113005368","https://openalex.org/W2113958614","https://openalex.org/W2118528519","https://openalex.org/W2118534519","https://openalex.org/W2120617515","https://openalex.org/W2121886199","https://openalex.org/W2123886726","https://openalex.org/W2124631616","https://openalex.org/W2128217000","https://openalex.org/W2129113961","https://openalex.org/W2129860818","https://openalex.org/W2132874238","https://openalex.org/W2134073393","https://openalex.org/W2134603844","https://openalex.org/W2136520403","https://openalex.org/W2137555357","https://openalex.org/W2139562214","https://openalex.org/W2139607570","https://openalex.org/W2139731313","https://openalex.org/W2140626174","https://openalex.org/W2142876969","https://openalex.org/W2142892618","https://openalex.org/W2144112223","https://openalex.org/W2145722235","https://openalex.org/W2146196597","https://openalex.org/W2148121208","https://openalex.org/W2148293771","https://openalex.org/W2148324316","https://openalex.org/W2152955798","https://openalex.org/W2153157120","https://openalex.org/W2154081981","https://openalex.org/W2159238794","https://openalex.org/W2161807639","https://openalex.org/W2162974319","https://openalex.org/W2165313080","https://openalex.org/W2166332868","https://openalex.org/W2167240430","https://openalex.org/W2167332015","https://openalex.org/W2169685348","https://openalex.org/W2236015499","https://openalex.org/W2244997307","https://openalex.org/W2302058010","https://openalex.org/W2308766372","https://openalex.org/W2342408547","https://openalex.org/W2394932100","https://openalex.org/W2466206609","https://openalex.org/W2468321486","https://openalex.org/W2471751544","https://openalex.org/W2476891002","https://openalex.org/W2477905973","https://openalex.org/W2504338543","https://openalex.org/W2518248186","https://openalex.org/W2526529994","https://openalex.org/W2531967557","https://openalex.org/W2536497394","https://openalex.org/W2545263909","https://openalex.org/W2558017483","https://openalex.org/W2565231630","https://openalex.org/W2591409311","https://openalex.org/W2593524694","https://openalex.org/W2597991716","https://openalex.org/W2612832310","https://openalex.org/W2621801683","https://openalex.org/W2623703801","https://openalex.org/W2678934292","https://openalex.org/W2746170296","https://openalex.org/W2751980512","https://openalex.org/W2758492464","https://openalex.org/W2765236340","https://openalex.org/W2791704684","https://openalex.org/W2792101620","https://openalex.org/W2809457377","https://openalex.org/W2898681381","https://openalex.org/W2903888314","https://openalex.org/W2949350626","https://openalex.org/W2963804058","https://openalex.org/W2965068715","https://openalex.org/W3013910335","https://openalex.org/W4212774754","https://openalex.org/W4236769056","https://openalex.org/W4247091224","https://openalex.org/W4285719527","https://openalex.org/W4302343751","https://openalex.org/W4391304155"],"related_works":["https://openalex.org/W2404937507","https://openalex.org/W2357468538","https://openalex.org/W2002194532","https://openalex.org/W2124184151","https://openalex.org/W2790169336","https://openalex.org/W2750461430","https://openalex.org/W2487194309","https://openalex.org/W2948428544","https://openalex.org/W2374959091","https://openalex.org/W2079105056"],"abstract_inverted_index":{"This":[0],"survey":[1,131,145],"focuses":[2],"on":[3,16,71,159],"intrusion":[4],"detection":[5],"systems":[6],"(IDS)":[7],"that":[8],"leverage":[9],"host-based":[10,20],"data":[11,29,157],"sources":[12],"for":[13,100,162,175],"detecting":[14],"attacks":[15],"enterprise":[17],"network.":[18],"The":[19],"IDS":[21,69,101,141],"(HIDS)":[22],"literature":[23,118],"is":[24,91],"organized":[25,106],"by":[26,113],"the":[27,117,130,134,153,165,172,178],"input":[28],"source,":[30],"presenting":[31],"targeted":[32],"sub-surveys":[33],"of":[34,68,87,140,156,167],"HIDS":[35],"research":[36,70,168],"leveraging":[37],"system":[38,50,61],"logs,":[39],"audit":[40,56],"data,":[41,57],"Windows":[42],"Registry,":[43],"file":[44],"systems,":[45],"and":[46,96,107,119,125,132,171],"program":[47],"analysis.":[48],"While":[49],"calls":[51],"are":[52,105,111,128],"generally":[53],"included":[54],"in":[55,133,177],"several":[58],"publicly":[59,88],"available":[60,89,158],"call":[62],"datasets":[63,90,120,174],"have":[64],"spawned":[65],"a":[66,76,83,160],"flurry":[67],"this":[72,144],"topic,":[73],"which":[74],"merits":[75],"separate":[77],"section.":[78],"To":[79],"accommodate":[80],"current":[81],"researchers,":[82],"section":[84],"giving":[85],"descriptions":[86],"included,":[92],"outlining":[93],"their":[94],"characteristics":[95],"shortcomings":[97],"when":[98],"used":[99],"evaluation.":[102],"Related":[103],"surveys":[104],"described.":[108],"All":[109],"sections":[110],"accompanied":[112],"tables":[114],"concisely":[115],"organizing":[116],"discussed.":[121],"Finally,":[122],"challenges,":[123],"trends,":[124],"broader":[126],"observations":[127],"throughout":[129],"conclusion":[135],"along":[136],"with":[137],"future":[138],"directions":[139],"research.":[142],"Overall,":[143],"was":[146],"designed":[147],"to":[148,152],"allow":[149],"easy":[150],"access":[151],"diverse":[154],"types":[155],"host":[161],"sensing":[163],"intrusion,":[164],"progressions":[166],"using":[169],"each,":[170],"accessible":[173],"prototyping":[176],"area.":[179]},"counts_by_year":[{"year":2026,"cited_by_count":2},{"year":2025,"cited_by_count":21},{"year":2024,"cited_by_count":17},{"year":2023,"cited_by_count":20},{"year":2022,"cited_by_count":21},{"year":2021,"cited_by_count":22},{"year":2020,"cited_by_count":18},{"year":2019,"cited_by_count":5}],"updated_date":"2026-04-01T17:29:45.350535","created_date":"2025-10-10T00:00:00"}