{"id":"https://openalex.org/W1941427975","doi":"https://doi.org/10.3233/jcs-980109","title":"Intrusion detection using sequences of system calls","display_name":"Intrusion detection using sequences of system calls","publication_year":1998,"publication_date":"1998-07-01","ids":{"openalex":"https://openalex.org/W1941427975","doi":"https://doi.org/10.3233/jcs-980109","mag":"1941427975"},"language":"en","primary_location":{"id":"doi:10.3233/jcs-980109","is_oa":false,"landing_page_url":"https://doi.org/10.3233/jcs-980109","pdf_url":null,"source":{"id":"https://openalex.org/S106992369","display_name":"Journal of Computer Security","issn_l":"0926-227X","issn":["0926-227X","1875-8924"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310318577","host_organization_name":"IOS Press","host_organization_lineage":["https://openalex.org/P4310318577"],"host_organization_lineage_names":["IOS Press"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Computer Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5016671058","display_name":"Steven Hofmeyr","orcid":"https://orcid.org/0000-0002-3299-472X"},"institutions":[{"id":"https://openalex.org/I169521973","display_name":"University of New Mexico","ror":"https://ror.org/05fs6jp91","country_code":"US","type":"education","lineage":["https://openalex.org/I169521973"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Steven A. Hofmeyr","raw_affiliation_strings":["Department of Computer Science, University of New Mexico, Albuquerque, NM\u00a087131-1386, USA. E-mail:\u00a0,\u00a0,\u00a0","(Correspd.) Department of Computer Science, University of New Mexico, Albuquerque, NM 87131-1386, USA E-mail&colon; {steveah,forrest,soma}@cs.unm.edu#TAB#"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, University of New Mexico, Albuquerque, NM\u00a087131-1386, USA. E-mail:\u00a0,\u00a0,\u00a0","institution_ids":["https://openalex.org/I169521973"]},{"raw_affiliation_string":"(Correspd.) Department of Computer Science, University of New Mexico, Albuquerque, NM 87131-1386, USA E-mail&colon; {steveah,forrest,soma}@cs.unm.edu#TAB#","institution_ids":["https://openalex.org/I169521973"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5114376382","display_name":"Stephanie Forrest","orcid":"https://orcid.org/0000-0002-5904-1646"},"institutions":[{"id":"https://openalex.org/I169521973","display_name":"University of New Mexico","ror":"https://ror.org/05fs6jp91","country_code":"US","type":"education","lineage":["https://openalex.org/I169521973"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Stephanie Forrest","raw_affiliation_strings":["Department of Computer Science, University of New Mexico, Albuquerque, NM\u00a087131-1386, USA. E-mail:\u00a0,\u00a0,\u00a0","Department of Computer Science, University of New Mexico, Albuquerque, NM\u00a087131-1386, USA. E-mail:\u00a0steveah@cs.unm.edu,\u00a0forrest@cs.unm.edu,\u00a0soma@cs.unm.edu"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, University of New Mexico, Albuquerque, NM\u00a087131-1386, USA. E-mail:\u00a0,\u00a0,\u00a0","institution_ids":["https://openalex.org/I169521973"]},{"raw_affiliation_string":"Department of Computer Science, University of New Mexico, Albuquerque, NM\u00a087131-1386, USA. E-mail:\u00a0steveah@cs.unm.edu,\u00a0forrest@cs.unm.edu,\u00a0soma@cs.unm.edu","institution_ids":["https://openalex.org/I169521973"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5111980259","display_name":"Anil Somayaji","orcid":"https://orcid.org/0000-0003-4761-9743"},"institutions":[{"id":"https://openalex.org/I169521973","display_name":"University of New Mexico","ror":"https://ror.org/05fs6jp91","country_code":"US","type":"education","lineage":["https://openalex.org/I169521973"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Anil Somayaji","raw_affiliation_strings":["Department of Computer Science, University of New Mexico, Albuquerque, NM\u00a087131-1386, USA. E-mail:\u00a0,\u00a0,\u00a0","Department of Computer Science, University of New Mexico, Albuquerque, NM\u00a087131-1386, USA. E-mail:\u00a0steveah@cs.unm.edu,\u00a0forrest@cs.unm.edu,\u00a0soma@cs.unm.edu"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, University of New Mexico, Albuquerque, NM\u00a087131-1386, USA. E-mail:\u00a0,\u00a0,\u00a0","institution_ids":["https://openalex.org/I169521973"]},{"raw_affiliation_string":"Department of Computer Science, University of New Mexico, Albuquerque, NM\u00a087131-1386, USA. E-mail:\u00a0steveah@cs.unm.edu,\u00a0forrest@cs.unm.edu,\u00a0soma@cs.unm.edu","institution_ids":["https://openalex.org/I169521973"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5016671058"],"corresponding_institution_ids":["https://openalex.org/I169521973"],"apc_list":null,"apc_paid":null,"fwci":17.2111,"has_fulltext":false,"cited_by_count":1306,"citation_normalized_percentile":{"value":0.99121456,"is_in_top_1_percent":true,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":99,"max":100},"biblio":{"volume":"6","issue":"3","first_page":"151","last_page":"180"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12391","display_name":"Artificial Immune Systems Applications","score":0.9973999857902527,"subfield":{"id":"https://openalex.org/subfields/2204","display_name":"Biomedical Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/tracing","display_name":"Tracing","score":0.797433614730835},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7923875451087952},{"id":"https://openalex.org/keywords/false-positive-paradox","display_name":"False positive paradox","score":0.7504252195358276},{"id":"https://openalex.org/keywords/unix","display_name":"Unix","score":0.7006702423095703},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.6827943325042725},{"id":"https://openalex.org/keywords/system-call","display_name":"System call","score":0.649078905582428},{"id":"https://openalex.org/keywords/discriminator","display_name":"Discriminator","score":0.6229827404022217},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.3984018862247467},{"id":"https://openalex.org/keywords/real-time-computing","display_name":"Real-time computing","score":0.3359454274177551},{"id":"https://openalex.org/keywords/distributed-computing","display_name":"Distributed computing","score":0.3264352083206177},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.2612289786338806},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.19499176740646362},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.11298149824142456}],"concepts":[{"id":"https://openalex.org/C138673069","wikidata":"https://www.wikidata.org/wiki/Q322229","display_name":"Tracing","level":2,"score":0.797433614730835},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7923875451087952},{"id":"https://openalex.org/C64869954","wikidata":"https://www.wikidata.org/wiki/Q1859747","display_name":"False positive paradox","level":2,"score":0.7504252195358276},{"id":"https://openalex.org/C112968700","wikidata":"https://www.wikidata.org/wiki/Q11368","display_name":"Unix","level":3,"score":0.7006702423095703},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.6827943325042725},{"id":"https://openalex.org/C2778579508","wikidata":"https://www.wikidata.org/wiki/Q722192","display_name":"System call","level":2,"score":0.649078905582428},{"id":"https://openalex.org/C2779803651","wikidata":"https://www.wikidata.org/wiki/Q5282088","display_name":"Discriminator","level":3,"score":0.6229827404022217},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.3984018862247467},{"id":"https://openalex.org/C79403827","wikidata":"https://www.wikidata.org/wiki/Q3988","display_name":"Real-time computing","level":1,"score":0.3359454274177551},{"id":"https://openalex.org/C120314980","wikidata":"https://www.wikidata.org/wiki/Q180634","display_name":"Distributed computing","level":1,"score":0.3264352083206177},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.2612289786338806},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.19499176740646362},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.11298149824142456},{"id":"https://openalex.org/C94915269","wikidata":"https://www.wikidata.org/wiki/Q1834857","display_name":"Detector","level":2,"score":0.0},{"id":"https://openalex.org/C76155785","wikidata":"https://www.wikidata.org/wiki/Q418","display_name":"Telecommunications","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.3233/jcs-980109","is_oa":false,"landing_page_url":"https://doi.org/10.3233/jcs-980109","pdf_url":null,"source":{"id":"https://openalex.org/S106992369","display_name":"Journal of Computer Security","issn_l":"0926-227X","issn":["0926-227X","1875-8924"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310318577","host_organization_name":"IOS Press","host_organization_lineage":["https://openalex.org/P4310318577"],"host_organization_lineage_names":["IOS Press"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Computer Security","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Reduced inequalities","id":"https://metadata.un.org/sdg/10","score":0.7099999785423279}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":35,"referenced_works":["https://openalex.org/W34688585","https://openalex.org/W77375263","https://openalex.org/W1483652549","https://openalex.org/W1483817343","https://openalex.org/W1487207002","https://openalex.org/W1495172800","https://openalex.org/W1514143113","https://openalex.org/W1585768841","https://openalex.org/W1598022263","https://openalex.org/W1882297107","https://openalex.org/W1987751268","https://openalex.org/W1995945562","https://openalex.org/W2002286749","https://openalex.org/W2096318715","https://openalex.org/W2100215068","https://openalex.org/W2106997041","https://openalex.org/W2107409339","https://openalex.org/W2111817346","https://openalex.org/W2117002131","https://openalex.org/W2128217000","https://openalex.org/W2139716931","https://openalex.org/W2141992351","https://openalex.org/W2150847526","https://openalex.org/W2152448081","https://openalex.org/W2154081981","https://openalex.org/W2170973665","https://openalex.org/W2338717024","https://openalex.org/W3106889297","https://openalex.org/W3121147667","https://openalex.org/W4205292087","https://openalex.org/W4210303156","https://openalex.org/W4235771727","https://openalex.org/W4255440605","https://openalex.org/W4285719527","https://openalex.org/W6604675116"],"related_works":["https://openalex.org/W2385758958","https://openalex.org/W2183313954","https://openalex.org/W1969635302","https://openalex.org/W3136767761","https://openalex.org/W2532369412","https://openalex.org/W2376046849","https://openalex.org/W2464754729","https://openalex.org/W3146948916","https://openalex.org/W1973375107","https://openalex.org/W3152476155"],"abstract_inverted_index":{"A":[0],"method":[1],"is":[2,14,43],"introduced":[3],"for":[4,94],"detecting":[5],"intrusions":[6],"at":[7],"the":[8,70,74,77,88],"level":[9],"of":[10,19,36,55,57,73,82],"privileged":[11],"processes.":[12],"Evidence":[13],"given":[15],"that":[16],"short":[17],"sequences":[18],"system":[20],"calls":[21],"executed":[22],"by":[23,49,68],"running":[24],"processes":[25],"are":[26],"a":[27,58,64],"good":[28],"discriminator":[29],"between":[30],"normal":[31,53],"and":[32,62],"abnormal":[33],"operating":[34],"characteristics":[35],"several":[37,80],"common":[38],"UNIX":[39],"programs.":[40],"Normal":[41],"behavior":[42,84],"collected":[44],"in":[45,63,87],"two":[46],"ways:":[47],"Synthetically,":[48],"exercising":[50],"as":[51,60],"many":[52],"modes":[54],"usage":[56],"program":[59],"possible,":[61],"live":[65],"user":[66],"environment":[67],"tracing":[69],"actual":[71],"execution":[72],"program.":[75],"In":[76],"former":[78],"case":[79],"types":[81],"intrusive":[83],"were":[85,92],"studied;":[86],"latter":[89],"case,":[90],"results":[91],"analyzed":[93],"false":[95],"positives.":[96]},"counts_by_year":[{"year":2026,"cited_by_count":3},{"year":2025,"cited_by_count":16},{"year":2024,"cited_by_count":20},{"year":2023,"cited_by_count":19},{"year":2022,"cited_by_count":23},{"year":2021,"cited_by_count":31},{"year":2020,"cited_by_count":38},{"year":2019,"cited_by_count":61},{"year":2018,"cited_by_count":46},{"year":2017,"cited_by_count":50},{"year":2016,"cited_by_count":54},{"year":2015,"cited_by_count":73},{"year":2014,"cited_by_count":51},{"year":2013,"cited_by_count":60},{"year":2012,"cited_by_count":53}],"updated_date":"2026-04-03T22:45:19.894376","created_date":"2025-10-10T00:00:00"}