{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,5,13]],"date-time":"2025-05-13T17:02:16Z","timestamp":1747155736230,"version":"3.40.5"},"reference-count":42,"publisher":"Elsevier BV","license":[{"start":{"date-parts":[[2014,12,1]],"date-time":"2014-12-01T00:00:00Z","timestamp":1417392000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/tdm\/userlicense\/1.0\/"}],"content-domain":{"domain":["elsevier.com","sciencedirect.com"],"crossmark-restriction":true},"short-container-title":["Applied Soft Computing"],"published-print":{"date-parts":[[2014,12]]},"DOI":"10.1016\/j.asoc.2014.07.026","type":"journal-article","created":{"date-parts":[[2014,9,17]],"date-time":"2014-09-17T19:16:34Z","timestamp":1410981394000},"page":"1-14","update-policy":"https:\/\/doi.org\/10.1016\/elsevier_cm_policy","source":"Crossref","is-referenced-by-count":2,"special_numbering":"C","title":["Of daemons and men: A file system approach towards intrusion detection"],"prefix":"10.1016","volume":"25","author":[{"given":"G.","family":"Mamalakis","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2461-1928","authenticated-orcid":false,"given":"C.","family":"Diou","sequence":"additional","affiliation":[]},{"given":"A.L.","family":"Symeonidis","sequence":"additional","affiliation":[]},{"given":"L.","family":"Georgiadis","sequence":"additional","affiliation":[]}],"member":"78","reference":[{"issue":"2","key":"10.1016\/j.asoc.2014.07.026_bib0005","doi-asserted-by":"crossref","first-page":"121","DOI":"10.1023\/A:1009715923555","article-title":"A tutorial on support vector machines for pattern recognition","volume":"2","author":"Burges","year":"1998","journal-title":"Data Min. Knowl. Discov."},{"issue":"10","key":"10.1016\/j.asoc.2014.07.026_bib0010","doi-asserted-by":"crossref","first-page":"2617","DOI":"10.1016\/j.cor.2004.03.019","article-title":"Application of svm and ann for intrusion detection","volume":"32","author":"Chen","year":"2005","journal-title":"Comput. Oper. Res."},{"issue":"2","key":"10.1016\/j.asoc.2014.07.026_bib0015","doi-asserted-by":"crossref","first-page":"2042","DOI":"10.1016\/j.asoc.2010.07.002","article-title":"Neural visualization of network traffic data for intrusion detection","volume":"11","author":"Corchado","year":"2011","journal-title":"Appl. Soft Comput."},{"key":"10.1016\/j.asoc.2014.07.026_bib0020","doi-asserted-by":"crossref","first-page":"222","DOI":"10.1109\/TSE.1987.232894","article-title":"An intrusion-detection model","volume":"2","author":"Denning","year":"1987","journal-title":"IEEE Trans. Softw. Eng."},{"key":"10.1016\/j.asoc.2014.07.026_bib0025","series-title":"IEEE Symposium on Security and Privacy, 1996 Proceedings","first-page":"120","article-title":"A sense of self for unix processes","author":"Forrest","year":"1996"},{"key":"10.1016\/j.asoc.2014.07.026_bib0030","series-title":"IEEE ComputerSociety Symposium on Research in Security and Privacy, 1994 Proceedings","first-page":"202","article-title":"Self-nonself discrimination in a computer","author":"Forrest","year":"1994"},{"issue":"1","key":"10.1016\/j.asoc.2014.07.026_bib0035","doi-asserted-by":"crossref","first-page":"95","DOI":"10.4156\/jcit.vol5.issue1.11","article-title":"Anomaly detection analysis of intrusion data using supervised & unsupervised approach","volume":"5","author":"Gogoi","year":"2010","journal-title":"J. Converg. Inf. Technol."},{"issue":"3","key":"10.1016\/j.asoc.2014.07.026_bib0040","doi-asserted-by":"crossref","first-page":"235","DOI":"10.1016\/0167-4048(93)90110-Q","article-title":"Nadir: An automated system for detecting network intrusion and misuse","volume":"12","author":"Hochberg","year":"1993","journal-title":"Comput. Secur."},{"issue":"3","key":"10.1016\/j.asoc.2014.07.026_bib0045","doi-asserted-by":"crossref","first-page":"151","DOI":"10.3233\/JCS-980109","article-title":"Intrusion detection using sequences of system calls","volume":"6","author":"Hofmeyr","year":"1998","journal-title":"J. Comput. Secur."},{"issue":"1","key":"10.1016\/j.asoc.2014.07.026_bib0050","doi-asserted-by":"crossref","first-page":"306","DOI":"10.1016\/j.eswa.2010.06.066","article-title":"A novel intrusion detection system based on hierarchical clustering and support vector machines","volume":"38","author":"Horng","year":"2011","journal-title":"Expert Syst. Appl."},{"year":"2001","series-title":"SciPy: Open Source Scientific Tools for Python","author":"Jones","key":"10.1016\/j.asoc.2014.07.026_bib0055"},{"issue":"4","key":"10.1016\/j.asoc.2014.07.026_bib0060","doi-asserted-by":"crossref","first-page":"3899","DOI":"10.1016\/j.eswa.2011.06.033","article-title":"A differentiated one-class classification method with applications to intrusion detection","volume":"39","author":"Kang","year":"2012","journal-title":"Expert Syst. Appl."},{"issue":"4","key":"10.1016\/j.asoc.2014.07.026_bib0065","doi-asserted-by":"crossref","first-page":"371","DOI":"10.1016\/j.ins.2008.10.025","article-title":"Multiple criteria mathematical programming for multi-class classification and application in network intrusion detection","volume":"179","author":"Kou","year":"2009","journal-title":"Inf. Sci."},{"key":"10.1016\/j.asoc.2014.07.026_bib0070","series-title":"Proceedings of 17th National Computer Security Conference","article-title":"A Pattern Matching Model for Misuse Intrusion Detection","author":"Kumar","year":"1994"},{"key":"10.1016\/j.asoc.2014.07.026_bib0075","series-title":"AAAI Workshop: AI Approaches to Fraud Detection and Risk Management","first-page":"43","article-title":"Sequence matching and learning in anomaly detection for computer security","author":"Lane","year":"1997"},{"key":"10.1016\/j.asoc.2014.07.026_bib0080","series-title":"DARPA Information Survivability Conference and Exposition II, 2001, DISCEX\u201901, Proceedings, vol. 1","first-page":"89","article-title":"Real time data mining-based intrusion detection","author":"Lee","year":"2001"},{"key":"10.1016\/j.asoc.2014.07.026_bib0085","series-title":"Proceedings of the 3rd USENIX Conference on File and Storage Technologies, vol. 186.","article-title":"C-miner: Mining block correlations in storage systems","author":"Li","year":"2004"},{"issue":"5","key":"10.1016\/j.asoc.2014.07.026_bib0090","doi-asserted-by":"crossref","first-page":"439","DOI":"10.1016\/S0167-4048(02)00514-X","article-title":"Use of k-nearest neighbor classifier for intrusion detection","volume":"21","author":"Liao","year":"2002","journal-title":"Comput. Secur."},{"key":"10.1016\/j.asoc.2014.07.026_bib0095","series-title":"Proceedings 17th Annual Computer Security Applications Conference, ACSAC 2001","first-page":"240","article-title":"expert-bsm: a host-based intrusion detection solution for sun solaris","author":"Lindqvist","year":"2001"},{"key":"10.1016\/j.asoc.2014.07.026_bib0100","series-title":"DARPA Information Survivability Conference and Exposition, DISCEX\u201900, Proceedings, vol. 2","first-page":"12","article-title":"Evaluating intrusion detection systems: The 1998 darpa off-line intrusion detection evaluation","author":"Lippmann","year":"2000"},{"issue":"4","key":"10.1016\/j.asoc.2014.07.026_bib0105","doi-asserted-by":"crossref","first-page":"579","DOI":"10.1016\/S1389-1286(00)00139-0","article-title":"The 1999 darpa off-line intrusion detection evaluation","volume":"34","author":"Lippmann","year":"2000","journal-title":"Comput. Netw."},{"issue":"7","key":"10.1016\/j.asoc.2014.07.026_bib0110","doi-asserted-by":"crossref","first-page":"1466","DOI":"10.1016\/j.neucom.2006.05.013","article-title":"One-class document classification via neural networks","volume":"70","author":"Manevitz","year":"2007","journal-title":"Neurocomputing"},{"key":"10.1016\/j.asoc.2014.07.026_bib0115","article-title":"Mixture models. Inference and applications to clustering","volume":"vol. 1","author":"McLachlan","year":"1988"},{"issue":"1","key":"10.1016\/j.asoc.2014.07.026_bib0120","doi-asserted-by":"crossref","first-page":"61","DOI":"10.1145\/1127345.1127348","article-title":"Anomalous system call detection","volume":"9","author":"Mutz","year":"2006","journal-title":"ACM Trans. Inform. Syst. Secur."},{"key":"10.1016\/j.asoc.2014.07.026_bib0125","first-page":"2825","article-title":"Scikit-learn: Machine learning in Python","volume":"12","author":"Pedregosa","year":"2011","journal-title":"J. Mach. Learn. Res."},{"issue":"2","key":"10.1016\/j.asoc.2014.07.026_bib0130","doi-asserted-by":"crossref","first-page":"137","DOI":"10.1109\/TDSC.2007.1003","article-title":"Analysis of computer intrusions using sequences of function calls","volume":"4","author":"Peisert","year":"2007","journal-title":"IEEE Trans. Depend. Secure Comput."},{"key":"10.1016\/j.asoc.2014.07.026_bib0135","series-title":"Proceedings of the 20th national information systems security conference","first-page":"3","article-title":"Emerald: event monitoring enabling response to anomalous live disturbances","volume":"35","author":"Porras","year":"1997"},{"key":"10.1016\/j.asoc.2014.07.026_bib0140","series-title":"LISA","first-page":"229","article-title":"Snort: lightweight intrusion detection for networks","volume":"99","author":"Roesch","year":"1999"},{"issue":"7","key":"10.1016\/j.asoc.2014.07.026_bib0145","doi-asserted-by":"crossref","first-page":"1443","DOI":"10.1162\/089976601750264965","article-title":"Estimating the support of a high-dimensional distribution","volume":"13","author":"Sch\u00f6lkopf","year":"2001","journal-title":"Neural Comput."},{"key":"10.1016\/j.asoc.2014.07.026_bib0150","series-title":"Proceedings of the 11th National Computer Security Conference","first-page":"4","article-title":"Expert systems in intrusion detection: a case study","volume":"7","author":"Sebring","year":"1988"},{"key":"10.1016\/j.asoc.2014.07.026_bib0155","series-title":"Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining","first-page":"386","article-title":"Admit: anomaly-based data mining for intrusions","author":"Sequeira","year":"2002"},{"year":"1995","series-title":"Sunshield Basic Security Module Guide","author":"Soft","key":"10.1016\/j.asoc.2014.07.026_bib0160"},{"key":"10.1016\/j.asoc.2014.07.026_bib0165","series-title":"Information Assurance Workshop, 2005, IAW\u201905, Proceedings from the Sixth Annual IEEE SMC, IEEE","first-page":"207","article-title":"Fabs: file and block surveillance system for determining anomalous disk accesses","author":"Stanton","year":"2005"},{"key":"10.1016\/j.asoc.2014.07.026_bib0170","doi-asserted-by":"crossref","first-page":"14","DOI":"10.1007\/11425274_2","article-title":"Anomaly detection in computer security and an application to file system accesses","author":"Stolfo","year":"2005","journal-title":"Found. Intell. Syst."},{"issue":"4","key":"10.1016\/j.asoc.2014.07.026_bib0175","doi-asserted-by":"crossref","first-page":"659","DOI":"10.3233\/JCS-2005-13403","article-title":"A comparative evaluation of two algorithms for windows registry anomaly detection","volume":"13","author":"Stolfo","year":"2005","journal-title":"J. Comput. Secur."},{"issue":"1","key":"10.1016\/j.asoc.2014.07.026_bib0180","doi-asserted-by":"crossref","first-page":"222","DOI":"10.1016\/j.patcog.2009.05.017","article-title":"A triangle area based nearest neighbors approach to intrusion detection","volume":"43","author":"Tsai","year":"2010","journal-title":"Pattern Recognit."},{"key":"10.1016\/j.asoc.2014.07.026_bib0185","series-title":"Proceedings of the 9th ACM Conference on Computer and Communications Security","first-page":"255","article-title":"Mimicry attacks on host-based intrusion detection systems","author":"Wagner","year":"2002"},{"issue":"7","key":"10.1016\/j.asoc.2014.07.026_bib0190","doi-asserted-by":"crossref","first-page":"539","DOI":"10.1016\/j.cose.2006.05.005","article-title":"Profiling program behavior for anomaly intrusion detection based on the transition and frequency property of computer audit data","volume":"25","author":"Wang","year":"2006","journal-title":"Comput. Secur."},{"key":"10.1016\/j.asoc.2014.07.026_bib0195","series-title":"Proceedings of the 1999 IEEE Symposium on Security and Privacy","first-page":"133","article-title":"Detecting intrusions using system calls: alternative data models","author":"Warrender","year":"1999"},{"issue":"1","key":"10.1016\/j.asoc.2014.07.026_bib0200","doi-asserted-by":"crossref","first-page":"745","DOI":"10.1613\/jair.3050","article-title":"Intrusion detection using continuous time bayesian networks","volume":"39","author":"Xu","year":"2010","journal-title":"J. Artif. Intell. Res."},{"issue":"1","key":"10.1016\/j.asoc.2014.07.026_bib0205","doi-asserted-by":"crossref","first-page":"229","DOI":"10.1016\/S0031-3203(02)00026-2","article-title":"Host-based intrusion detection using dynamic and static behavioral models","volume":"36","author":"Yeung","year":"2003","journal-title":"Pattern Recognit."},{"issue":"12","key":"10.1016\/j.asoc.2014.07.026_bib0210","doi-asserted-by":"crossref","first-page":"1428","DOI":"10.1016\/j.comcom.2005.01.014","article-title":"Application of online-training svms for real-time intrusion detection with different considerations","volume":"28","author":"Zhang","year":"2005","journal-title":"Comput. Commun."}],"container-title":["Applied Soft Computing"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S1568494614004311?httpAccept=text\/xml","content-type":"text\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S1568494614004311?httpAccept=text\/plain","content-type":"text\/plain","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2019,8,14]],"date-time":"2019-08-14T23:58:17Z","timestamp":1565827097000},"score":1,"resource":{"primary":{"URL":"https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/S1568494614004311"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2014,12]]},"references-count":42,"alternative-id":["S1568494614004311"],"URL":"https:\/\/doi.org\/10.1016\/j.asoc.2014.07.026","relation":{},"ISSN":["1568-4946"],"issn-type":[{"type":"print","value":"1568-4946"}],"subject":[],"published":{"date-parts":[[2014,12]]},"assertion":[{"value":"Elsevier","name":"publisher","label":"This article is maintained by"},{"value":"Of daemons and men: A file system approach towards intrusion detection","name":"articletitle","label":"Article Title"},{"value":"Applied Soft Computing","name":"journaltitle","label":"Journal Title"},{"value":"https:\/\/doi.org\/10.1016\/j.asoc.2014.07.026","name":"articlelink","label":"CrossRef DOI link to publisher maintained version"},{"value":"article","name":"content_type","label":"Content Type"},{"value":"Copyright \u00a9 2014 Elsevier B.V. All rights reserved.","name":"copyright","label":"Copyright"}]}}