{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,18]],"date-time":"2025-10-18T23:07:27Z","timestamp":1760828847537,"version":"3.37.0"},"reference-count":25,"publisher":"Elsevier BV","issue":"12","license":[{"start":{"date-parts":[[2009,12,1]],"date-time":"2009-12-01T00:00:00Z","timestamp":1259625600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/tdm\/userlicense\/1.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Journal of Systems and Software"],"published-print":{"date-parts":[[2009,12]]},"DOI":"10.1016\/j.jss.2009.06.040","type":"journal-article","created":{"date-parts":[[2009,6,29]],"date-time":"2009-06-29T08:03:50Z","timestamp":1246262630000},"page":"1974-1981","source":"Crossref","is-referenced-by-count":32,"title":["Constructing attribute weights from computer audit data for effective intrusion detection"],"prefix":"10.1016","volume":"82","author":[{"given":"Wei","family":"Wang","sequence":"first","affiliation":[]},{"given":"Xiangliang","family":"Zhang","sequence":"additional","affiliation":[]},{"given":"Sylvain","family":"Gombault","sequence":"additional","affiliation":[]}],"member":"78","reference":[{"issue":"3","key":"10.1016\/j.jss.2009.06.040_bib1","doi-asserted-by":"crossref","first-page":"186","DOI":"10.1145\/357830.357849","article-title":"The base-rate fallacy and the difficulty of intrusion detection","volume":"3","author":"Axelsson","year":"2000","journal-title":"ACM Transactions on Information Systems Security"},{"key":"10.1016\/j.jss.2009.06.040_bib2","unstructured":"Axelsson, S., 2000. Intrusion detection systems: A survey and taxonomy, Technical Report 99-15, Chalmers Univ."},{"key":"10.1016\/j.jss.2009.06.040_bib3","doi-asserted-by":"crossref","first-page":"2617","DOI":"10.1016\/j.cor.2004.03.019","article-title":"Application of SVM and ANN for intrusion detection","volume":"32","author":"Chen","year":"2005","journal-title":"Computer Operation Research"},{"issue":"1","key":"10.1016\/j.jss.2009.06.040_bib4","doi-asserted-by":"crossref","first-page":"45","DOI":"10.1016\/S0167-4048(03)00112-3","article-title":"Efficient anomaly detection by modeling privilege flows using hidden markov model","volume":"22","author":"Cho","year":"2003","journal-title":"Computer and Security"},{"issue":"2","key":"10.1016\/j.jss.2009.06.040_bib5","doi-asserted-by":"crossref","first-page":"222","DOI":"10.1109\/TSE.1987.232894","article-title":"An intrusion detection model","volume":"13","author":"Denning","year":"1987","journal-title":"IEEE Transactions on Software Engineering"},{"year":"2004","series-title":"Pattern Classification","author":"Duda","key":"10.1016\/j.jss.2009.06.040_bib6"},{"key":"10.1016\/j.jss.2009.06.040_bib7","unstructured":"Forrest, S., Hofmeyr, S.A., Somayaji, A., Longstaff, T.A., 1996. A sense of self for Unix processes. In: Proceedings of the 1996 IEEE Symposium on Research in Security and Privacy, IEEE Computer Society Press, pp. 120\u2013128."},{"issue":"1","key":"10.1016\/j.jss.2009.06.040_bib8","doi-asserted-by":"crossref","first-page":"31","DOI":"10.1016\/j.jnca.2008.04.006","article-title":"Fast intrusion detection based on a non-negative matrix factorization model","volume":"31","author":"Guan","year":"2009","journal-title":"Journal of Network and Computer Applications, Elsevier"},{"key":"10.1016\/j.jss.2009.06.040_bib9","unstructured":"Hu, W., Liao, Y., Vemuri, V.R., 2003. Robust support vector machines for anomaly detection in computer security. In: Proceeding of the 2003 International Conference on Machine Learning and Applications."},{"year":"2002","series-title":"Applied Multivariate Statistical Analysis","author":"Johnson","key":"10.1016\/j.jss.2009.06.040_bib10"},{"key":"10.1016\/j.jss.2009.06.040_bib11","unstructured":"Lee, W., Stolfo, S., 1998. Data mining approaches for intrusion detection. In: Proceedings of the Seventh USENIX Security Symposium, San Antonio, TX, pp. 79\u201394."},{"key":"10.1016\/j.jss.2009.06.040_bib12","unstructured":"Lee, W., Xiang, D., 2001. Information-theoretic measures for anomaly detection. In: Proceedings of the 2001 IEEE Symposium on Security and Privacy, pp. 130\u2013143."},{"key":"10.1016\/j.jss.2009.06.040_bib13","unstructured":"Liao, Y., Vemuri, V.R., 2002. Using text categorization techniques for intrusion detection. In: 11th USENIX Security Symposium, pp. 51\u201359."},{"key":"10.1016\/j.jss.2009.06.040_bib14","doi-asserted-by":"crossref","first-page":"33","DOI":"10.1016\/S0020-0190(00)00122-8","article-title":"Detecting masquerades in intrusion detection based on unpopular commands","volume":"76","author":"Schonlau","year":"2000","journal-title":"Information Processing Letters"},{"issue":"1","key":"10.1016\/j.jss.2009.06.040_bib15","doi-asserted-by":"crossref","first-page":"58","DOI":"10.1214\/ss\/998929476","article-title":"Computer Intrusion: Detecting Masquerades","volume":"16","author":"Schonlau","year":"2001","journal-title":"Statistical Science"},{"key":"10.1016\/j.jss.2009.06.040_bib16","unstructured":"Tang, B., Shepherd, M., Milios, E., Heywood, M.I., 2005. Comparing and combining dimension reduction techniques for efficient text clustering. International Workshop on Feature Selection for Data Mining \u2013 Interfacing Machine Learning and Statistics in conjunction with 2005 SIAM International Conference on Data Mining, Newport Beach, CA."},{"key":"10.1016\/j.jss.2009.06.040_bib17","unstructured":"Wang, W., Gombault, S., 2007a. Distance measures for anomaly intrusion detection. In: Proceedings of 2007 International Conference on Security and Management (SAM\u201907), Las Vegas, NV, pp. 17\u201323."},{"key":"10.1016\/j.jss.2009.06.040_bib18","unstructured":"Wang, W., Gombault, S., 2007b. Detecting masquerades with principal component analysis based on cross frequency weights. In: Proceedings of 14th Anniversary HP-SUA Workshop, Munich, Germany, pp. 227\u2013232."},{"key":"10.1016\/j.jss.2009.06.040_bib19","unstructured":"Wang, W., Guan, X., Zhang, X., 2004. Modeling program behaviors by hidden Markov models for intrusion detection. In: Proceedings of the Third International Conference on Machine Learning and Cybernetics (ICMLC\u20192004), pp. 2830\u20132835."},{"issue":"7","key":"10.1016\/j.jss.2009.06.040_bib20","doi-asserted-by":"crossref","first-page":"539","DOI":"10.1016\/j.cose.2006.05.005","article-title":"Profiling program behavior for anomaly intrusion detection based on the transition and frequency property of computer audit data","volume":"25","author":"Wang","year":"2006","journal-title":"Computers and Security, Elsevier"},{"issue":"1","key":"10.1016\/j.jss.2009.06.040_bib21","doi-asserted-by":"crossref","first-page":"58","DOI":"10.1016\/j.comcom.2007.10.010","article-title":"Processing of massive audit data streams for real-time anomaly intrusion detection","volume":"31","author":"Wang","year":"2008","journal-title":"Computer Communications Elsevier"},{"key":"10.1016\/j.jss.2009.06.040_bib22","doi-asserted-by":"crossref","unstructured":"Warrender, C., Forrest, S., Pearlmutter, B., 1999. Detecting intrusions using system calls: Alternative data models. In: Proceedings of 1999 IEEE Symposium on Security and Privacy, pp. 133\u2013145.","DOI":"10.1109\/SECPRI.1999.766910"},{"issue":"4","key":"10.1016\/j.jss.2009.06.040_bib23","doi-asserted-by":"crossref","first-page":"266","DOI":"10.1109\/3468.935043","article-title":"Probabilistic techniques for intrusion detection based on computer audit data","volume":"31","author":"Ye","year":"2001","journal-title":"IEEE Transactions on Systems, Man, and Cybernetics"},{"issue":"1","key":"10.1016\/j.jss.2009.06.040_bib24","doi-asserted-by":"crossref","first-page":"229","DOI":"10.1016\/S0031-3203(02)00026-2","article-title":"Host-based intrusion detection using dynamic and static behavioral models","volume":"36","author":"Yeung","year":"2003","journal-title":"Pattern Recognition"},{"key":"10.1016\/j.jss.2009.06.040_bib25","doi-asserted-by":"crossref","first-page":"1428","DOI":"10.1016\/j.comcom.2005.01.014","article-title":"Application of online-training SVMS for real-time intrusion detection with different considerations","volume":"28","author":"Zhang","year":"2005","journal-title":"Computer Communications"}],"container-title":["Journal of Systems and Software"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S0164121209001502?httpAccept=text\/xml","content-type":"text\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S0164121209001502?httpAccept=text\/plain","content-type":"text\/plain","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2025,2,10]],"date-time":"2025-02-10T13:30:24Z","timestamp":1739194224000},"score":1,"resource":{"primary":{"URL":"https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/S0164121209001502"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2009,12]]},"references-count":25,"journal-issue":{"issue":"12","published-print":{"date-parts":[[2009,12]]}},"alternative-id":["S0164121209001502"],"URL":"https:\/\/doi.org\/10.1016\/j.jss.2009.06.040","relation":{},"ISSN":["0164-1212"],"issn-type":[{"type":"print","value":"0164-1212"}],"subject":[],"published":{"date-parts":[[2009,12]]}}}