{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,25]],"date-time":"2025-03-25T17:14:20Z","timestamp":1742922860647,"version":"3.40.3"},"publisher-location":"Cham","reference-count":24,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030960568"},{"type":"electronic","value":"9783030960575"}],"license":[{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2022,2,10]],"date-time":"2022-02-10T00:00:00Z","timestamp":1644451200000},"content-version":"vor","delay-in-days":40,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2022]]},"abstract":"<jats:title>Abstract<\/jats:title><jats:p>Recent network intrusion detection systems have employed machine learning and deep learning algorithms to defend against dynamically evolving network attacks. While most previous studies have focused on detecting attacks which can be determined based on a single time instant, few studies have paid attention to subsequence outliers, which require inspecting consecutive points in time for detection. To address this issue, this paper applies a time-series anomaly detection method in an unsupervised learning manner. To this end, we converted the UNSW-NB15 dataset into the time-series data. We carried out a preliminary evaluation to test the performance of the anomaly detection on the created time-series network dataset as well as on a time-series dataset obtained from sensors. We analyze and discuss the results.\n<\/jats:p>","DOI":"10.1007\/978-3-030-96057-5_4","type":"book-chapter","created":{"date-parts":[[2022,2,9]],"date-time":"2022-02-09T05:03:05Z","timestamp":1644382985000},"page":"45-56","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":7,"title":["Towards Building Intrusion Detection Systems for Multivariate Time-Series Data"],"prefix":"10.1007","author":[{"given":"ChangMin","family":"Seong","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"YoungRok","family":"Song","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jiwung","family":"Hyun","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yun-Gyung","family":"Cheong","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2022,2,10]]},"reference":[{"key":"4_CR1","unstructured":"Braei, M., Wagner, S.: Anomaly detection in univariate time-series: a survey on the state-of-the-art. ArXiv abs\/2004.00433 (2020)"},{"key":"4_CR2","doi-asserted-by":"crossref","unstructured":"Bl'azquez-Garc'ia, A., et al.: A review on outlier\/anomaly detection in time series data. ACM Comput. Surv. (CSUR) 54, 1\u201333 (2021)","DOI":"10.1145\/3444690"},{"key":"4_CR3","unstructured":"\u201cAnomaly Detection in Time Series: 2021\u201d, neptune.ai. 19 July 2021. https:\/\/neptune.ai\/blog\/anomaly-detection-in-time-series. Accessed 5 Sept 2021"},{"key":"4_CR4","unstructured":"Shin, H.-K., Lee, W., Yun, J.-H., Kim, H.: HAI 1.0: HIL-based augmented ICS security dataset. In: 13th USENIX Workshop on Cyber Security Experimentation and Test (2020)"},{"key":"4_CR5","doi-asserted-by":"crossref","unstructured":"Cho, K., et al.: Learning phrase representations using RNN encoder\u2013decoder for statistical machine translation. In: EMNLP (2014)","DOI":"10.3115\/v1\/D14-1179"},{"issue":"3","key":"4_CR6","doi-asserted-by":"publisher","first-page":"1038","DOI":"10.1007\/s12083-019-00822-3","volume":"13","author":"S Sandosh","year":"2020","unstructured":"Sandosh, S., Govindasamy, V., Akila, G.: Enhanced intrusion detection system via agent clustering and classification based on outlier detection. Peer-to-Peer Network. Appl. 13(3), 1038\u20131045 (2020). https:\/\/doi.org\/10.1007\/s12083-019-00822-3","journal-title":"Peer-to-Peer Network. Appl."},{"key":"4_CR7","doi-asserted-by":"crossref","unstructured":"Moustafa, N., Slay, J.:UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). In: Military Communications and Information Systems Conference (MilCIS). IEEE (2015)","DOI":"10.1109\/MilCIS.2015.7348942"},{"key":"4_CR8","doi-asserted-by":"crossref","unstructured":"Ge, M., et al.: Deep learning-based intrusion detection for IoT networks. In: 2019 IEEE 24th Pacific Rim International Symposium on Dependable Computing (PRDC), pp. 256\u201325609 (2019)","DOI":"10.1109\/PRDC47002.2019.00056"},{"key":"4_CR9","doi-asserted-by":"publisher","unstructured":"Hwang, W.-S., Yun, J.-H., Kim, J., Kim, H.: Time-series aware precision and recall for anomaly detection: considering variety of detection result and addressing ambiguous labeling, pp. 2241\u20132244 (2019). https:\/\/doi.org\/10.1145\/3357384.3358118","DOI":"10.1145\/3357384.3358118"},{"issue":"9","key":"4_CR10","doi-asserted-by":"publisher","first-page":"2250","DOI":"10.1109\/TKDE.2013.184","volume":"26","author":"M Gupta","year":"2014","unstructured":"Gupta, M., Gao, J., Aggarwal, C.C., Han, J.: Outlier detection for temporal data: a survey. IEEE Trans. Knowl. Data Eng. 26(9), 2250\u20132267 (2014). https:\/\/doi.org\/10.1109\/TKDE.2013.184","journal-title":"IEEE Trans. Knowl. Data Eng."},{"key":"4_CR11","series-title":"Communications in Computer and Information Science","doi-asserted-by":"publisher","first-page":"188","DOI":"10.1007\/978-3-030-72725-3_14","volume-title":"Silicon Valley Cybersecurity Conference","author":"Y Song","year":"2021","unstructured":"Song, Y., Hyun, S., Cheong, Y.-G.: A systematic approach to building autoencoders for intrusion detection. In: Park, Y., Jadav, D., Austin, T. (eds.) SVCC 2020. CCIS, vol. 1383, pp. 188\u2013204. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-72725-3_14"},{"key":"4_CR12","doi-asserted-by":"publisher","unstructured":"Song, Y., Hyun, S., Cheong, Y.-G.: Analysis of autoencoders for network intrusion detection. Sensors 21(13), 4294 (2021). https:\/\/doi.org\/10.3390\/s21134294","DOI":"10.3390\/s21134294"},{"key":"4_CR13","doi-asserted-by":"crossref","unstructured":"Moustafa, N., Slay, J.: The evaluation of network anomaly detection systems: statistical analysis of the UNSW-NB15 dataset and the comparison with the KDD99 dataset. Inf. Secur. J. Glob. Perspect., 1\u201314 (2016)","DOI":"10.1080\/19393555.2015.1125974"},{"key":"4_CR14","unstructured":"Moustafa, N., et al.: Novel geometric area analysis technique for anomaly detection using trapezoidal area estimation on large-scale networks. IEEE Trans. Big Data (2017)"},{"key":"4_CR15","series-title":"Data Analytics","doi-asserted-by":"publisher","first-page":"127","DOI":"10.1007\/978-3-319-59439-2_5","volume-title":"Data Analytics and Decision Support for Cybersecurity","author":"N Moustafa","year":"2017","unstructured":"Moustafa, N., Creech, G., Slay, J.: Big data analytics for intrusion detection system: statistical decision-making using finite dirichlet mixture models. In: Palomares Carrascosa, I., Kalutarage, H. K., Huang, Y. (eds.) Data Analytics and Decision Support for Cybersecurity. DA, pp. 127\u2013156. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-59439-2_5"},{"key":"4_CR16","series-title":"Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering","doi-asserted-by":"publisher","first-page":"117","DOI":"10.1007\/978-3-030-72802-1_9","volume-title":"Big Data Technologies and Applications","author":"M Sarhan","year":"2021","unstructured":"Sarhan, M., Layeghy, S., Moustafa, N., Portmann, M.: NetFlow datasets for machine learning-based network intrusion detection systems. In: Deze, Z., Huang, H., Hou, R., Rho, S., Chilamkurti, N. (eds.) BDTA\/WiCON -2020. LNICSSITE, vol. 371, pp. 117\u2013135. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-72802-1_9"},{"key":"4_CR17","unstructured":"\u201cHAI DataSet Baseline Model\u201d, DACON, 2 August 2021. https:\/\/dacon.io\/competitions\/official\/235757\/codeshare\/3009?page=1&dtype=recent. Accessed 5 Sept 2021"},{"key":"4_CR18","unstructured":"\u201c[Paper Review] Evaluation Metrics for Time Series Anomaly Detection\u201d, DSBA, 23 September 2020. http:\/\/dsba.korea.ac.kr\/seminar\/?pageid=3&mod=document&uid=1332. Accessed 6 Sept 2021"},{"key":"4_CR19","doi-asserted-by":"crossref","unstructured":"Hwang, W.-s., Yun, J.-H., Kim, J., Kim, H.: Time-series aware precision and recall for anomaly detection - considering variety of detection result and addressing ambiguous labeling. In: CIKM 2019: Proceedings of the 28th ACM International Conference on Information and Knowledge Management (2019)","DOI":"10.1145\/3357384.3358118"},{"issue":"16","key":"4_CR20","doi-asserted-by":"publisher","first-page":"12499","DOI":"10.1007\/s00521-020-04708-x","volume":"32","author":"P Devan","year":"2020","unstructured":"Devan, P., Khare, N.: An efficient XGBoost\u2013DNN-based classification model for network intrusion detection system. Neural Comput. Appl. 32(16), 12499\u201312514 (2020). https:\/\/doi.org\/10.1007\/s00521-020-04708-x","journal-title":"Neural Comput. Appl."},{"key":"4_CR21","unstructured":"Malhotra, P., et al.: LSTM-based encoder-decoder for multi-sensor anomaly detection. arXiv preprint arXiv:1607.00148 (2016)"},{"key":"4_CR22","doi-asserted-by":"crossref","unstructured":"Hundman, K., et al.: Detecting spacecraft anomalies using lstms and nonparametric dynamic thresholding. In: Proceedings of the 24th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining (2018)","DOI":"10.1145\/3219819.3219845"},{"key":"4_CR23","doi-asserted-by":"crossref","unstructured":"Ding, N., et al.: Multivariate-time-series-driven real-time anomaly detection based on bayesian network. Sensors 18(10), 3367 (2018)","DOI":"10.3390\/s18103367"},{"issue":"3","key":"4_CR24","doi-asserted-by":"publisher","first-page":"1544","DOI":"10.1109\/LRA.2018.2801475","volume":"3","author":"D Park","year":"2018","unstructured":"Park, D., Hoshi, Y., Kemp, C.C.: A multimodal anomaly detector for robot-assisted feeding using an lstm-based variational autoencoder. IEEE Rob. Autom. Lett. 3(3), 1544\u20131551 (2018)","journal-title":"IEEE Rob. Autom. Lett."}],"container-title":["Communications in Computer and Information Science","Silicon Valley Cybersecurity Conference"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-96057-5_4","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,2,9]],"date-time":"2022-02-09T05:03:13Z","timestamp":1644382993000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-96057-5_4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022]]},"ISBN":["9783030960568","9783030960575"],"references-count":24,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-96057-5_4","relation":{},"ISSN":["1865-0929","1865-0937"],"issn-type":[{"type":"print","value":"1865-0929"},{"type":"electronic","value":"1865-0937"}],"subject":[],"published":{"date-parts":[[2022]]},"assertion":[{"value":"10 February 2022","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"SVCC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Silicon Valley Cybersecurity Conference","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"San Jose, CA","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"USA","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2021","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2 December 2021","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"3 December 2021","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"svcc2021","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/svcc2021.svcsi.org","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"15","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"9","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"1","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"60% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"No","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}