A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is
The characterization of processes behavior is usually considered when performing intrusion detection. Several works characterize specific aspects of systems and attempt to detect novelties in that context, associating observed anomalies to attack events. Such approach is limited or even useless when the observed context is unstructured, i.e. when the monitor generates text-based log files or a variable number of application attributes. In order to overcome such drawback, this paper considersdoi:10.22456/2175-2745.26211 fatcat:nm3au64lhbezdkjmf7ty525xfq