“…For example, host-based intrusion detection commonly analyzes system calls [63,64,75], software data structures [76,77], and application execution flows [78]. On the other hand, network-based intrusion detection generally focuses on network communications and, often, on single network messages.…”