{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,25]],"date-time":"2025-03-25T15:04:17Z","timestamp":1742915057068,"version":"3.40.3"},"publisher-location":"Cham","reference-count":27,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030184186"},{"type":"electronic","value":"9783030184193"}],"license":[{"start":{"date-parts":[[2019,1,1]],"date-time":"2019-01-01T00:00:00Z","timestamp":1546300800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2019]]},"DOI":"10.1007\/978-3-030-18419-3_7","type":"book-chapter","created":{"date-parts":[[2019,5,1]],"date-time":"2019-05-01T19:25:20Z","timestamp":1556738720000},"page":"95-111","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Daedalus: Network Anomaly Detection on IDS Stream Logs"],"prefix":"10.1007","author":[{"given":"Aniss","family":"Chohra","sequence":"first","affiliation":[]},{"given":"Mourad","family":"Debbabi","sequence":"additional","affiliation":[]},{"given":"Paria","family":"Shirani","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2019,4,14]]},"reference":[{"key":"7_CR1","unstructured":"Antonakakis, M., et al.: Understanding the mirai botnet. In: Proceedings of the 26th USENIX Security Symposium (2017)"},{"key":"7_CR2","unstructured":"Eberhart, R., Kennedy, J.: A new optimizer using particle swarm theory. In: Proceedings of the Sixth International Symposium on Micro Machine and Human Science. MHS 1995, pp. 39\u201343. IEEE (1995)"},{"key":"7_CR3","unstructured":"Goldberg, D., Shan, Y.: The importance of features for statistical anomaly detection. In: HotCloud (2015)"},{"key":"7_CR4","doi-asserted-by":"publisher","first-page":"390","DOI":"10.1016\/j.eswa.2017.09.013","volume":"92","author":"AH Hamamoto","year":"2018","unstructured":"Hamamoto, A.H., Carvalho, L.F., Sampaio, L.D.H., Abr\u00e3o, T., Proen\u00e7a Jr., M.L.: Network anomaly detection system using genetic algorithm and fuzzy logic. Expert Syst. Appl. 92, 390\u2013402 (2018)","journal-title":"Expert Syst. Appl."},{"key":"7_CR5","unstructured":"Hu, W., Liao, Y., Vemuri, V.R.: Robust anomaly detection using support vector machines. In: Proceedings of the International Conference on Machine Learning, pp. 282\u2013289 (2003)"},{"key":"7_CR6","doi-asserted-by":"crossref","unstructured":"Lakhina, A., Crovella, M., Diot, C.: Mining anomalies using traffic feature distributions. In: ACM SIGCOMM Computer Communication Review, vol. 35, pp. 217\u2013228. ACM (2005)","DOI":"10.1145\/1090191.1080118"},{"key":"7_CR7","doi-asserted-by":"crossref","unstructured":"Machaka, P., Bagula, A., Nelwamondo, F.: Using exponentially weighted moving average algorithm to defend against ddos attacks. In: 2016 Pattern Recognition Association of South Africa and Robotics and Mechatronics International Conference (PRASA-RobMech), pp. 1\u20136. IEEE (2016)","DOI":"10.1109\/RoboMech.2016.7813157"},{"key":"7_CR8","doi-asserted-by":"publisher","first-page":"7700","DOI":"10.1109\/ACCESS.2018.2803446","volume":"6","author":"LF Maimo","year":"2018","unstructured":"Maimo, L.F., Gomez, A.L.P., Clemente, F.J.G., P\u00e9rez, M.G., P\u00e9rez, G.M.: A self-adaptive deep learning-based system for anomaly detection in 5g networks. IEEE Access 6, 7700\u20137712 (2018)","journal-title":"IEEE Access"},{"key":"7_CR9","doi-asserted-by":"publisher","first-page":"153","DOI":"10.1016\/j.chemolab.2015.08.020","volume":"149","author":"F Marini","year":"2015","unstructured":"Marini, F., Walczak, B.: Particle swarm optimization (PSO). A tutorial. Chemom. Intell. Lab. Syst. 149, 153\u2013165 (2015)","journal-title":"Chemom. Intell. Lab. Syst."},{"issue":"3","key":"7_CR10","doi-asserted-by":"publisher","first-page":"345","DOI":"10.1109\/5.364485","volume":"83","author":"JM Mendel","year":"1995","unstructured":"Mendel, J.M.: Fuzzy logic systems for engineering: a tutorial. Proc. IEEE 83(3), 345\u2013377 (1995)","journal-title":"Proc. IEEE"},{"key":"7_CR11","unstructured":"Mirsky, Y., Doitshman, T., Elovici, Y., Shabtai, A.: Kitsune: an ensemble of autoencoders for online network intrusion detection. In: 25th Annual Network and Distributed System Security Symposium, NDSS 2018, San Diego, California, USA, February 18\u201321, 2018 (2018)"},{"key":"7_CR12","unstructured":"Mushtaq, R.: Augmented dickey fuller test"},{"key":"7_CR13","doi-asserted-by":"crossref","unstructured":"Sbert, M., Shen, H.-W., Viola, I., Chen, M., Bardera, A., Feixas, M.: Tutorial on information theory in visualization. In: SIGGRAPH Asia 2017 Courses, p. 17. ACM (2017)","DOI":"10.1145\/3134472.3134507"},{"key":"7_CR14","doi-asserted-by":"crossref","unstructured":"Sharafaldin, I., Lashkari, A.H., Ghorbani, A.A.: Toward generating a new intrusion detection dataset and intrusion traffic characterization. In: ICISSP, pp. 108\u2013116 (2018)","DOI":"10.5220\/0006639801080116"},{"key":"7_CR15","unstructured":"Shinde, R., et al.: Survey on ransomware: a new era of cyber attack"},{"key":"7_CR16","doi-asserted-by":"crossref","unstructured":"Shirani, P., Azgomi, M.A., Alrabaee, S.: A method for intrusion detection in web services based on time series. In: 2015 IEEE 28th Canadian Conference on Electrical and Computer Engineering (CCECE), pp. 836\u2013841. IEEE (2015)","DOI":"10.1109\/CCECE.2015.7129383"},{"key":"7_CR17","unstructured":"Anomaly detection with k-means clustering (2015). \n http:\/\/amid.fish\/anomaly-detection-with-k-means-clustering"},{"key":"7_CR18","unstructured":"An exponentially weighted moving average implementation that decays based on the elapsed time since the last update, approximating a time windowed moving average (2017). \n https:\/\/gist.github.com\/jhalterman\/f7b18b30160ae7817bb93894056eb380"},{"key":"7_CR19","unstructured":"htop(1) - linux man page \n https:\/\/linux.die.net\/man\/1\/htop"},{"key":"7_CR20","unstructured":"How to check if time series data is stationary with python (2016). \n https:\/\/machinelearningmastery.com\/time-series-data-stationary-python\/"},{"key":"7_CR21","unstructured":"Ransomware tracker website (2018). \n https:\/\/ransomwaretracker.abuse.ch\/tracker\/"},{"key":"7_CR22","unstructured":"The bro network security monitor. \n https:\/\/www.bro.org\/"},{"key":"7_CR23","unstructured":"Bro log files. \n https:\/\/www.bro.org\/sphinx\/script-reference\/log-files.html"},{"key":"7_CR24","unstructured":"Exploring the exponentially weighted moving average (2018). \n https:\/\/www.investopedia.com\/articles\/07\/ewma.asp"},{"key":"7_CR25","unstructured":"UNBCIC 2017 IDS Dataset (2017). \n http:\/\/www.unb.ca\/cic\/datasets\/ids-2017.html"},{"key":"7_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"747","DOI":"10.1007\/11760023_110","volume-title":"Advances in Neural Networks - ISNN 2006","author":"X Wang","year":"2006","unstructured":"Wang, X., Zhang, H., Zhang, C., Cai, X., Wang, J., Ye, M.: Time series prediction using LS-SVM with particle swarm optimization. In: Wang, J., Yi, Z., Zurada, J.M., Lu, B.-L., Yin, H. (eds.) ISNN 2006. LNCS, vol. 3972, pp. 747\u2013752. Springer, Heidelberg (2006). \n https:\/\/doi.org\/10.1007\/11760023_110"},{"key":"7_CR27","unstructured":"Zhang, X., Gu, C., Lin, J.: Support vector machines for anomaly detection. In: The Sixth World Congress on Intelligent Control and Automation. WCICA 2006, vol. 1, pp. 2594\u20132598. IEEE (2006)"}],"container-title":["Lecture Notes in Computer Science","Foundations and Practice of Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-18419-3_7","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,20]],"date-time":"2019-05-20T10:33:15Z","timestamp":1558348395000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-18419-3_7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019]]},"ISBN":["9783030184186","9783030184193"],"references-count":27,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-18419-3_7","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2019]]},"assertion":[{"value":"14 April 2019","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"FPS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Symposium on Foundations and Practice of Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Montreal, QC","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Canada","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2018","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"13 November 2018","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"15 November 2018","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"11","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"fps2018","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/fps2018.encs.concordia.ca\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"easychair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"51","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"16","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"1","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"31% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"4","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}}]}}