. Bibliography and . Ács-kurucz, An independent test of APT attack detection appliances; 2014; url: https://blog.mrg-effitas, 2014.

R. Aguirre-hernández, . Farewell, and . Vt-;, A Pearson-type goodness-of-fit test for stationary and time-continuous Markov regression models " ; Statistics in medicine 21, pp.1899-1911, 2002.

V. V. Andriatsimandefitra, . Andriatsimandefitra, . Radoniaina, V. Tong, and . Viet-triem, Capturing Android malware behaviour using system flow graph " ; Network and System Security, pp.534-541, 2014.
DOI : 10.1007/978-3-319-11698-3_43

. Angoustures, A quick malware detection algorithm using a suspiciousness score of binaries, Preprint, vol.2017

. Arnes, Using hidden Markov models to evaluate the risks of intrusions: system architecture and model validation " ; Recent Advances in Intrusion Detection, pp.145-164, 2006.

. Banerjee, Beyond kappa: A review of interrater agreement measures, Canadian Journal of Statistics, vol.103, issue.1, pp.3-23, 1999.
DOI : 10.1093/aje/126.2.161

. Bukac, . Vit, . Lorenc, . Vaclav, . Matyá? et al., Red queen's race: APT win-win game " ; Cambridge International Workshop on Security Protocols
DOI : 10.1007/978-3-319-12400-1_8

. Chandran, . Saranya, P. Hrudya, and P. Poornachandran, An efficient classification model for detecting advanced persistent threat, 2015 International Conference on Advances in Computing, Communications and Informatics (ICACCI), pp.2001-2009
DOI : 10.1109/ICACCI.2015.7275911

C. Chen, . Guan, . Dj, . Huang, . Yu-zhi et al., Attack Sequence Detection in Cloud Using Hidden Markov Model " ; Information Security, Seventh Asia Joint Conference on, pp.100-103, 2012.
DOI : 10.1109/asiajcis.2012.24

. Hui, Defending malicious attacks in cyber physical systems, Cyber-Physical Systems, Networks, and Applications (CPSNA), 2013 IEEE 1st International Conference on, pp.13-18

C. Chen, Y. Peng-yu, . Ou, . Ya-hui, and H. Hsiao, Targeted Attack Prevention at Early Stage " ; Advanced Information Networking and Applications Workshops (WAINA), 28th International Conference on, pp.866-870, 2014.
DOI : 10.1109/waina.2014.134

Z. Chen, C. Yeo, . Kiat, B. S. Francis, . Lee et al., Combining MIC feature selection and feature-based MSPCA for network traffic anomaly detection, 2016 Third International Conference on Digital Information Processing, Data Mining, and Wireless Communications (DIPDMWC), pp.176-181, 2016.
DOI : 10.1109/DIPDMWC.2016.7529385

. Cordero, ID2T: A DIY dataset creation toolkit for Intrusion Detection Systems " ; Communications and Network Security (CNS), IEEE Conference, pp.739-740, 2015.
DOI : 10.1109/cns.2015.7346912

. Dalton, Raksha, ACM SIGARCH Computer Architecture News, vol.35, issue.2, pp.482-493, 2007.
DOI : 10.1145/1273440.1250722

D. Semir, Systems for Detecting Advanced Persistent Threats: A Development Roadmap Using Intelligent Data, 2012 International Conference on, pp.54-61

. Devijver and A. Pierre, Baum's forward-backward algorithm revisited " ; Pattern Recognition Letters 3, pp.369-373, 1985.
DOI : 10.1016/0167-8655(85)90023-6

W. Enck, . Gilbert, . Peter, . Han, . Seungyeop et al., TaintDroid, ACM Transactions on Computer Systems, vol.32, issue.2, p.5, 2014.
DOI : 10.1145/1629575.1629604

. Flores, Evolving Hidden Markov Models For Network Anomaly Detection " ; Book: Artificial Intelligence & Applications: Hybrid Intelligent Systems, pp.978-607, 2009.

. Flores, Network Anomaly Detection by Continuous Hidden Markov Models: An Evolutionary Programming Approach, Intelligent Data Analysis, vol.1, issue.1, 2015.

G. Forney and . David, The Viterbi algorithm " ; Proceedings of the IEEE 61, pp.268-278, 1973.

. Friedberg, Combating advanced persistent threats: From network event correlation to incident detection, Computers & Security, vol.48, pp.35-57, 2015.
DOI : 10.1016/j.cose.2014.09.006

. Gao, . Fei, . Sun, . Jizhou, and Z. Wei, The prediction role of hidden Markov model in intrusion detection, 2003.

[. Genge, A cyber-physical experimentation environment for the security analysis of networked industrial control systems, Computers & Electrical Engineering, vol.38, issue.5, pp.1146-1161, 2012.
DOI : 10.1016/j.compeleceng.2012.06.015

M. Hourbracq, . Wuillemin, . Pierre-henri, C. Gonzales, and P. Baumard, Learning and selection of dynamic Bayesian Networks for non-stationary processes in real time " ; 30th International Florida AI Research Society Conference, FLAIRS-30, 2017.

. Hourbracq, Real Time Learning of Non-stationary Processes with Dynamic Bayesian Networks " ; International Conference on Information Processing and Management of Uncertainty in Knowledge-Based Systems, pp.338-350

. Hutchins, Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains " ; Leading Issues in Information Warfare, Security Research, vol.1, p.80, 2011.

G. Ioannou, . Louvieris, . Panos, N. Clewley, and G. Powell, A Markov multi-phase transferable belief model: an application for predicting data exfiltration APTs " ; Information Fusion (FUSION), 16th International Conference on, pp.842-849, 2013.

R. Jain, . Abouzakhar, and S. Nasser, Hidden Markov model based anomaly intrusion detection " ; Internet Technology And Secured Transactions, International Conference, vol.2012, pp.528-533, 2012.

. Katipally, Attacker behavior analysis in multi-stage attack detection system, Proceedings of the Seventh Annual Workshop on Cyber Security and Information Intelligence Research, CSIIRW '11, p.63, 2011.
DOI : 10.1145/2179298.2179369

H. Khanna, . Liu-khanna, and H. Liu, Control theoretic approach to intrusion detection using a distributed hidden Markov model " ; Wireless Communications, IEEE, vol.154, pp.24-33, 2008.
DOI : 10.1109/mwc.2008.4599218

H. Khanna and . Liu, System approach to intrusion detection using hidden Markov model, Proceeding of the 2006 international conference on Communications and mobile computing , IWCMC '06, pp.349-354, 2006.
DOI : 10.1145/1143549.1143619

. Koch, Towards Comparability of Intrusion Detection Systems: New Data Sets " ; TERENA Networking Conference, p.7

C. Lam, L. Lam, . Chung, . Chiueh, and . Tzi-cker, A general dynamic information flow tracking framework for security applications " ; Computer Security Estimating the dimension of a model " ; The annals of statistics 6, pp.461-464, 1978.

S. Seshadri, . Seshadri, . Nambirajan, . Sundberg, and W. Carl-erik, List Viterbi decoding algorithms with applications " ; Communications, IEEE Transactions on, vol.42234, pp.313-323, 1994.
DOI : 10.1109/tcomm.1994.577040

. Sexton, Attack chain detection " ; Statistical Analysis and Data Mining: The ASA, Data Science Journal, vol.8, issue.20, pp.5-6, 2015.

C. Siaterlis, . Genge, . Béla, and M. Hohenadel, EPIC: a testbed for scientifically rigorous cyber-physical security experimentation " ; Emerging Topics in Computing, IEEE Transactions on, vol.1, issue.2, pp.319-330, 2013.
DOI : 10.1109/tetc.2013.2287188

URL : http://ieeexplore.ieee.org:80/stamp/stamp.jsp?tp=&arnumber=6646193

. Siddiqi, Fast state discovery for HMM model selection and learning, International Conference on Artificial Intelligence and Statistics, pp.492-499, 2007.

J. Sommers, . Yegneswaran, . Vinod, and P. Barford, A framework for malicious workload generation, Proceedings of the 4th ACM SIGCOMM conference on Internet measurement , IMC '04, pp.82-87, 2004.
DOI : 10.1145/1028788.1028799

URL : http://www.cs.wisc.edu/~jsommers/pubs/p82-sommers.pdf

A. K. Sood and R. J. Enbody, Targeted cyberattacks: a superset of advanced persistent threats " ; IEEE security & privacy 1, pp.54-61, 2013.
DOI : 10.1109/msp.2012.90

G. Suh, . Edward, J. W. Lee, . Zhang, . David et al., Secure program execution via dynamic information flow tracking, ACM SIGPLAN Notices, vol.39, issue.11, pp.85-96, 2004.
DOI : 10.1145/1037187.1024404

URL : http://www.cs.umn.edu/~zhai/courses/5980/readings/lec3/flow.pdf

. Sundaram and H. Ramasubramanian, The Baum-Welch algorithm; tech. rep, 2000.

S. Titman, . Titman, C. Andrew, and L. D. Sharples, A general goodness-of-fit test for Markov and hidden Markov models " ; Statistics in medicine 27, pp.2177-2195, 2008.

[. H. Tong, Determination of the order of a Markov chain by Akaike's information criterion ", Journal of Applied Probability, pp.488-497, 1975.

[. Q. Zhang, Using HMM for intent recognition in cyber security situation awareness " ; Knowledge Acquisition and Modeling, KAM'09. Second International Symposium on, pp.166-169, 2009.
DOI : 10.1109/kam.2009.315