{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,29]],"date-time":"2025-09-29T08:23:18Z","timestamp":1759134198606,"version":"3.40.3"},"publisher-location":"Cham","reference-count":42,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030727246"},{"type":"electronic","value":"9783030727253"}],"license":[{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021]]},"DOI":"10.1007\/978-3-030-72725-3_13","type":"book-chapter","created":{"date-parts":[[2021,4,1]],"date-time":"2021-04-01T18:02:46Z","timestamp":1617300166000},"page":"169-187","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":3,"title":["Reconstructing Classification to Enhance Machine-Learning Based Network Intrusion Detection by Embracing Ambiguity"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-0336-8444","authenticated-orcid":false,"given":"Chungsik","family":"Song","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7363-9695","authenticated-orcid":false,"given":"Wenjun","family":"Fan","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5736-5823","authenticated-orcid":false,"given":"Sang-Yoon","family":"Chang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0651-2384","authenticated-orcid":false,"given":"Younghee","family":"Park","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2021,4,2]]},"reference":[{"key":"13_CR1","unstructured":"Lane, T., Brodley, C.E.: An application of machine learning to anomaly detection. In: Proceedings of the 20th National Information Systems Security Conference, vol. 377, pp. 366\u2013380. Baltimore, USA (1997)"},{"key":"13_CR2","doi-asserted-by":"crossref","unstructured":"Ghosh, A.K., Wanken, J., Charron, F.: Detecting anomalous and unknown intrusions against programs. In: 14th Annual Computer Security Applications Conference: Proceedings, pp. 259\u2013267. IEEE (1998)","DOI":"10.21236\/ADA329518"},{"key":"13_CR3","unstructured":"Cannady, J.: Artificial neural networks for misuse detection. In: National Information Systems Security Conference, pp. 368\u2013381 (1998)"},{"key":"13_CR4","unstructured":"Sinclair, C., Pierce, L., Matzner, S.: An application of machine learning to network intrusion detection. In: Computer Security Applications Conference (ACSAC 1999) Proceedings. 15th Annual, pp. 371\u2013377. IEEE (1999)"},{"key":"13_CR5","unstructured":"Kumar, S., Spafford, E.H.: A software architecture to support misuse intrusion detection (1995)"},{"issue":"3","key":"13_CR6","doi-asserted-by":"publisher","first-page":"181","DOI":"10.1109\/32.372146","volume":"21","author":"K Ilgun","year":"1995","unstructured":"Ilgun, K., Kemmerer, R.A., Porras, P.A.: State transition analysis: a rule-based intrusion detection approach. IEEE Trans. Softw. Eng. 21(3), 181\u2013199 (1995)","journal-title":"IEEE Trans. Softw. Eng."},{"key":"13_CR7","volume-title":"A Real-Time Intrusion-Detection Expert System (IDES)","author":"TF Lunt","year":"1992","unstructured":"Lunt, T.F., Tamaru, A., Gillham, F.: A Real-Time Intrusion-Detection Expert System (IDES). SRI International, Computer Science Laboratory (1992)"},{"issue":"23","key":"13_CR8","doi-asserted-by":"publisher","first-page":"2435","DOI":"10.1016\/S1389-1286(99)00112-7","volume":"31","author":"V Paxson","year":"1999","unstructured":"Paxson, V.: Bro: a system for detecting network intruders in real-time. Comput. Netw. 31(23), 2435\u20132463 (1999)","journal-title":"Comput. Netw."},{"issue":"1","key":"13_CR9","first-page":"229","volume":"99","author":"M Roesch","year":"1999","unstructured":"Roesch, M., et al.: Snort: lightweight intrusion detection for networks. Lisa 99(1), 229\u2013238 (1999)","journal-title":"Lisa"},{"key":"13_CR10","doi-asserted-by":"crossref","unstructured":"Mukkamala, S., Sung, A., Abraham, A.: Cyber security challenges: designing efficient intrusion detection systems and antivirus tools. Vemuri, V. Rao, Enhancing Computer Security with Smart Technology. (Auerbach, 2006), pp. 125\u2013163 (2005)","DOI":"10.1201\/9781420031225.ch6"},{"key":"13_CR11","doi-asserted-by":"crossref","unstructured":"Nguyen, T.T., Armitage, G.: A survey of techniques for internet traffic classification using machine learning. IEEE Commun. Surv. Tutorials 10(4), 56\u201376 (2008)","DOI":"10.1109\/SURV.2008.080406"},{"key":"13_CR12","doi-asserted-by":"crossref","unstructured":"Garcia-Teodoro, P., Diaz-Verdejo, J., Maci\u00e1-Fern\u00e1ndez, G., V\u00e1zquez, E.: Anomaly-based network intrusion detection: techniques, systems and challenges. Comput. Secur. 28(1), 18\u201328 (2009)","DOI":"10.1016\/j.cose.2008.08.003"},{"issue":"1","key":"13_CR13","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.asoc.2009.06.019","volume":"10","author":"SX Wu","year":"2010","unstructured":"Wu, S.X., Banzhaf, W.: The use of computational intelligence in intrusion detection systems: a review. Appl. Soft Comput. 10(1), 1\u201335 (2010)","journal-title":"Appl. Soft Comput."},{"issue":"1","key":"13_CR14","doi-asserted-by":"publisher","first-page":"303","DOI":"10.1109\/SURV.2013.052213.00046","volume":"16","author":"MH Bhuyan","year":"2014","unstructured":"Bhuyan, M.H., Bhattacharyya, D.K., Kalita, J.K.: Network anomaly detection: methods, systems and tools. IEEE Commun. Surv. Tutorials 16(1), 303\u2013336 (2014)","journal-title":"IEEE Commun. Surv. Tutorials"},{"key":"13_CR15","doi-asserted-by":"crossref","unstructured":"Dua, S., Du, X.: Data Mining and Machine Learning in Cybersecurity. CRC Press (2016)","DOI":"10.1201\/b10867"},{"issue":"2","key":"13_CR16","doi-asserted-by":"publisher","first-page":"1153","DOI":"10.1109\/COMST.2015.2494502","volume":"18","author":"AL Buczak","year":"2016","unstructured":"Buczak, A.L., Guven, E.: A survey of data mining and machine learning methods for cyber security intrusion detection. IEEE Commun. Surv. Tutorials 18(2), 1153\u20131176 (2016)","journal-title":"IEEE Commun. Surv. Tutorials"},{"key":"13_CR17","doi-asserted-by":"publisher","first-page":"222","DOI":"10.1109\/TSE.1987.232894","volume":"2","author":"DE Denning","year":"1987","unstructured":"Denning, D.E.: An intrusion-detection model. IEEE Trans. Softw. Eng. 2, 222\u2013232 (1987)","journal-title":"IEEE Trans. Softw. Eng."},{"issue":"3","key":"13_CR18","doi-asserted-by":"publisher","first-page":"26","DOI":"10.1109\/65.283931","volume":"8","author":"B Mukherjee","year":"1994","unstructured":"Mukherjee, B., Heberlein, L.T., Levitt, K.N.: Network intrusion detection. IEEE Netw. 8(3), 26\u201341 (1994)","journal-title":"IEEE Netw."},{"key":"13_CR19","doi-asserted-by":"crossref","unstructured":"Sommer, R., Paxson, V.: Outside the closed world: on using machine learning for network intrusion detection. In: IEEE Symposium on Security and Privacy (SP), pp. 305\u2013316. IEEE (2010)","DOI":"10.1109\/SP.2010.25"},{"issue":"1","key":"13_CR20","first-page":"69","volume":"23","author":"G Widmer","year":"1996","unstructured":"Widmer, G., Kubat, M.: Learning in the presence of concept drift and hidden contexts. Mach. Learn. 23(1), 69\u2013101 (1996)","journal-title":"Mach. Learn."},{"key":"13_CR21","unstructured":"Lane, T., Brodley, C.E.: Approaches to online learning and concept drift for user identification in computer security. In: KDD, pp. 259\u2013263 (1998)"},{"issue":"3","key":"13_CR22","doi-asserted-by":"publisher","first-page":"21","DOI":"10.1109\/MCAS.2006.1688199","volume":"6","author":"R Polikar","year":"2006","unstructured":"Polikar, R.: Ensemble based systems in decision making. IEEE Circuits Syst. Mag. 6(3), 21\u201345 (2006)","journal-title":"IEEE Circuits Syst. Mag."},{"issue":"12","key":"13_CR23","doi-asserted-by":"publisher","first-page":"1795","DOI":"10.1016\/S0167-8655(03)00004-7","volume":"24","author":"G Giacinto","year":"2003","unstructured":"Giacinto, G., Roli, F., Didaci, L.: Fusion of multiple classifiers for intrusion detection in computer networks. Pattern Recogn. Lett. 24(12), 1795\u20131803 (2003)","journal-title":"Pattern Recogn. Lett."},{"issue":"1","key":"13_CR24","first-page":"81","volume":"1","author":"JR Quinlan","year":"1986","unstructured":"Quinlan, J.R.: Induction of decision trees. Mach. Learn. 1(1), 81\u2013106 (1986)","journal-title":"Mach. Learn."},{"key":"13_CR25","unstructured":"Quinlan, J.R.: C4. 5: programs for machine learning. Elsevier (2014)"},{"key":"13_CR26","doi-asserted-by":"crossref","unstructured":"Friedman, J.H.: Greedy function approximation: a gradient boosting machine. Ann. Stat. 1189\u20131232 (2001)","DOI":"10.1214\/aos\/1013203451"},{"key":"13_CR27","doi-asserted-by":"crossref","unstructured":"Friedman, J.H.: Stochastic gradient boosting. Comput. Stat. Data Anal. 38(4), 367\u2013378 (2002)","DOI":"10.1016\/S0167-9473(01)00065-2"},{"issue":"1","key":"13_CR28","doi-asserted-by":"publisher","first-page":"5","DOI":"10.1023\/A:1010933404324","volume":"45","author":"L Breiman","year":"2001","unstructured":"Breiman, L.: Random forests. Mach. Learn. 45(1), 5\u201332 (2001)","journal-title":"Mach. Learn."},{"key":"13_CR29","unstructured":"Breiman, L.: Out-of-bag estimation (1996)"},{"key":"13_CR30","unstructured":"Goodfellow, I., Bengio, Y., Courville, A.: Deep Learning. MIT Press, Cambridge (2016)"},{"issue":"7","key":"13_CR31","doi-asserted-by":"publisher","first-page":"1145","DOI":"10.1016\/S0031-3203(96)00142-2","volume":"30","author":"AP Bradley","year":"1997","unstructured":"Bradley, A.P.: The use of the area under the roc curve in the evaluation of machine learning algorithms. Pattern Recogn. 30(7), 1145\u20131159 (1997)","journal-title":"Pattern Recogn."},{"issue":"11","key":"13_CR32","doi-asserted-by":"publisher","first-page":"30","DOI":"10.1145\/319382.319388","volume":"42","author":"TM Mitchell","year":"1999","unstructured":"Mitchell, T.M.: Machine learning and data mining. Commun. ACM 42(11), 30\u201336 (1999)","journal-title":"Commun. ACM"},{"key":"13_CR33","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"173","DOI":"10.1007\/978-3-540-45248-5_10","volume-title":"Recent Advances in Intrusion Detection","author":"C Kruegel","year":"2003","unstructured":"Kruegel, C., Toth, T.: Using decision trees to improve signature-based intrusion detection. In: Vigna, G., Kruegel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol. 2820, pp. 173\u2013191. Springer, Heidelberg (2003). https:\/\/doi.org\/10.1007\/978-3-540-45248-5_10"},{"issue":"12","key":"13_CR34","first-page":"258","volume":"7","author":"M Panda","year":"2007","unstructured":"Panda, M., Patra, M.R.: Network intrusion detection using Naive Bayes. Int. J. Comput. Sci. Netw. Secur. 7(12), 258\u2013263 (2007)","journal-title":"Int. J. Comput. Sci. Netw. Secur."},{"issue":"5","key":"13_CR35","doi-asserted-by":"publisher","first-page":"649","DOI":"10.1109\/TSMCC.2008.923876","volume":"38","author":"J Zhang","year":"2008","unstructured":"Zhang, J., Zulkernine, M., Haque, A.: Random-forests-based network intrusion detection systems. IEEE Trans. Syst. Man Cybern. Part C (Appl. Rev.) 38(5), 649\u2013659 (2008)","journal-title":"IEEE Trans. Syst. Man Cybern. Part C (Appl. Rev.)"},{"key":"13_CR36","doi-asserted-by":"crossref","unstructured":"Song, J., Takakura, H., Okabe, Y., Eto, M., Inoue, D., Nakao, K.: Statistical analysis of honeypot data and building of kyoto 2006+ dataset for nids evaluation. In: Proceedings of the First Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, pp. 29\u201336. ACM (2011)","DOI":"10.1145\/1978672.1978676"},{"issue":"3","key":"13_CR37","doi-asserted-by":"publisher","first-page":"343","DOI":"10.1109\/SURV.2010.032210.00054","volume":"12","author":"A Sperotto","year":"2010","unstructured":"Sperotto, A., Schaffrath, G., Sadre, R., Morariu, C., Pras, A., Stiller, B.: An overview of ip flow-based intrusion detection. IEEE Commun. Surv. Tutorials 12(3), 343\u2013356 (2010)","journal-title":"IEEE Commun. Surv. Tutorials"},{"key":"13_CR38","doi-asserted-by":"crossref","unstructured":"Lee, J.-H., Lee, J.-H., Sohn, S.-G., Ryu, J.-H., Chung, T.-M.: Effective value of decision tree with kdd 99 intrusion detection datasets for intrusion detection system. In: 10th International Conference on Advanced Communication Technology, ICACT 2008, vol. 2, pp. 1170\u20131175. IEEE (2008)","DOI":"10.1109\/ICACT.2008.4493974"},{"key":"13_CR39","doi-asserted-by":"crossref","unstructured":"Sahu, S., Mehtre, B.M.: Network intrusion detection system using j48 decision tree. In: 2015 International Conference on Advances in Computing, Communications and Informatics (ICACCI), pp. 2023\u20132026. IEEE (2015)","DOI":"10.1109\/ICACCI.2015.7275914"},{"key":"13_CR40","doi-asserted-by":"crossref","unstructured":"Amor, N.B., Benferhat, S., Elouedi, Z.: Naive bayes vs decision trees in intrusion detection systems. In: Proceedings of the 2004 ACM Symposium on Applied Computing, pp. 420\u2013424. ACM (2004)","DOI":"10.1145\/967900.967989"},{"key":"13_CR41","doi-asserted-by":"crossref","unstructured":"Sato, M., Yamaki, H., Takakura, H.: Unknown attacks detection using feature extraction from anomaly-based ids alerts. In: IEEE\/IPSJ 12th International Symposium on Applications and the Internet (SAINT), pp. 273\u2013277. IEEE (2012)","DOI":"10.1109\/SAINT.2012.51"},{"issue":"1","key":"13_CR42","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/s10462-009-9124-7","volume":"33","author":"L Rokach","year":"2010","unstructured":"Rokach, L.: Ensemble-based classifiers. Artif. Intell. Rev. 33(1), 1\u201339 (2010)","journal-title":"Artif. Intell. Rev."}],"container-title":["Communications in Computer and Information Science","Silicon Valley Cybersecurity Conference"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-72725-3_13","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,4,24]],"date-time":"2021-04-24T21:05:28Z","timestamp":1619298328000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-72725-3_13"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021]]},"ISBN":["9783030727246","9783030727253"],"references-count":42,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-72725-3_13","relation":{},"ISSN":["1865-0929","1865-0937"],"issn-type":[{"type":"print","value":"1865-0929"},{"type":"electronic","value":"1865-0937"}],"subject":[],"published":{"date-parts":[[2021]]},"assertion":[{"value":"2 April 2021","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"SVCC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Silicon Valley Cybersecurity Conference","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"San Jose, CA","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"USA","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2020","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"17 December 2020","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"19 December 2020","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"1","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"svcc2020","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/svcc2020.svcsi.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"30","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"9","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"6","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"30% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"No","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Due to the COVID-19 pandemic the conference was held in a fully virtual format.","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}