{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,13]],"date-time":"2026-02-13T23:28:24Z","timestamp":1771025304013,"version":"3.50.1"},"publisher-location":"Cham","reference-count":106,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030987947","type":"print"},{"value":"9783030987954","type":"electronic"}],"license":[{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2022]]},"DOI":"10.1007\/978-3-030-98795-4_11","type":"book-chapter","created":{"date-parts":[[2022,4,7]],"date-time":"2022-04-07T18:03:58Z","timestamp":1649354638000},"page":"254-283","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":6,"title":["Open-World Network Intrusion Detection"],"prefix":"10.1007","author":[{"given":"Vera","family":"Rimmer","sequence":"first","affiliation":[]},{"given":"Azqa","family":"Nadeem","sequence":"additional","affiliation":[]},{"given":"Sicco","family":"Verwer","sequence":"additional","affiliation":[]},{"given":"Davy","family":"Preuveneers","sequence":"additional","affiliation":[]},{"given":"Wouter","family":"Joosen","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2022,4,8]]},"reference":[{"key":"11_CR1","unstructured":"Suricata IDS (2010). https:\/\/suricata-ids.org\/. Accessed 1 June 2020"},{"key":"11_CR2","unstructured":"Zeek IDS (2018). https:\/\/zeek.org\/. Accessed 12 July 2020"},{"key":"11_CR3","doi-asserted-by":"publisher","first-page":"134","DOI":"10.1016\/j.neucom.2017.04.070","volume":"262","author":"S Ahmad","year":"2017","unstructured":"Ahmad, S., Lavin, A., Purdy, S., Agha, Z.: Unsupervised real-time anomaly detection for streaming data. Neurocomputing 262, 134\u2013147 (2017)","journal-title":"Neurocomputing"},{"key":"11_CR4","doi-asserted-by":"publisher","first-page":"19","DOI":"10.1016\/j.jnca.2015.11.016","volume":"60","author":"M Ahmed","year":"2016","unstructured":"Ahmed, M., Mahmood, A.N., Hu, J.: A survey of network anomaly detection techniques. J. Netw. Comput. Appl. 60, 19\u201331 (2016)","journal-title":"J. Netw. Comput. Appl."},{"key":"11_CR5","doi-asserted-by":"crossref","unstructured":"Albin, E., Rowe, N.C.: A realistic experimental comparison of the Suricata and Snort intrusion-detection systems. In: 2012 26th International Conference on Advanced Information Networking and Applications Workshops, pp. 122\u2013127. IEEE (2012)","DOI":"10.1109\/WAINA.2012.29"},{"key":"11_CR6","doi-asserted-by":"crossref","unstructured":"Alrawashdeh, K., Purdy, C.: Toward an online anomaly intrusion detection system based on deep learning. In: 2016 15th IEEE International Conference on Machine Learning and Applications (ICMLA), pp. 195\u2013200. IEEE (2016)","DOI":"10.1109\/ICMLA.2016.0040"},{"key":"11_CR7","doi-asserted-by":"crossref","unstructured":"Amarasinghe, K., Kenney, K., Manic, M.: Toward explainable deep neural network based anomaly detection. In: 2018 11th International Conference on Human System Interaction (HSI), pp. 311\u2013317. IEEE (2018)","DOI":"10.1109\/HSI.2018.8430788"},{"key":"11_CR8","doi-asserted-by":"crossref","unstructured":"Apruzzese, G., Colajanni, M.: Evading botnet detectors based on flows and random forest with adversarial samples. In: 2018 IEEE 17th International Symposium on Network Computing and Applications (NCA), pp. 1\u20138. IEEE (2018)","DOI":"10.1109\/NCA.2018.8548327"},{"key":"11_CR9","doi-asserted-by":"crossref","unstructured":"Axelsson, S.: The base-rate fallacy and its implications for the difficulty of intrusion detection. In: Proceedings of the 6th ACM Conference on Computer and Communications Security, pp. 1\u20137 (1999)","DOI":"10.1145\/319709.319710"},{"key":"11_CR10","unstructured":"Basseville, M., Nikiforov, I.V., et al.: Detection of Abrupt Changes: Theory and Application, vol. 104. Prentice Hall Englewood Cliffs (1993)"},{"key":"11_CR11","doi-asserted-by":"crossref","unstructured":"Bendale, A., Boult, T.: Towards open world recognition. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 1893\u20131902 (2015)","DOI":"10.1109\/CVPR.2015.7298799"},{"issue":"4","key":"11_CR12","doi-asserted-by":"publisher","first-page":"122","DOI":"10.3390\/info10040122","volume":"10","author":"DS Berman","year":"2019","unstructured":"Berman, D.S., Buczak, A.L., Chavis, J.S., Corbett, C.L.: A survey of deep learning methods for cyber security. Information 10(4), 122 (2019)","journal-title":"Information"},{"key":"11_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"210","DOI":"10.1007\/11962977_17","volume-title":"Critical Information Infrastructures Security","author":"M Berm\u00fadez-Edo","year":"2006","unstructured":"Berm\u00fadez-Edo, M., Salazar-Hern\u00e1ndez, R., D\u00edaz-Verdejo, J., Garc\u00eda-Teodoro, P.: Proposals on assessment environments for anomaly-based network intrusion detection systems. In: Lopez, J. (ed.) CRITIS 2006. LNCS, vol. 4347, pp. 210\u2013221. Springer, Heidelberg (2006). https:\/\/doi.org\/10.1007\/11962977_17"},{"issue":"5","key":"11_CR14","doi-asserted-by":"publisher","first-page":"35","DOI":"10.1109\/MSP.2014.103","volume":"12","author":"S Bhatt","year":"2014","unstructured":"Bhatt, S., Manadhata, P.K., Zomlot, L.: The operational role of security information and event management systems. IEEE Secur. Priv. 12(5), 35\u201341 (2014)","journal-title":"IEEE Secur. Priv."},{"key":"11_CR15","doi-asserted-by":"publisher","first-page":"315","DOI":"10.1016\/j.ins.2017.11.023","volume":"429","author":"E Bigdeli","year":"2018","unstructured":"Bigdeli, E., Mohammadi, M., Raahemi, B., Matwin, S.: Incremental anomaly detection using two-layer cluster-based structure. Inf. Sci. 429, 315\u2013331 (2018)","journal-title":"Inf. Sci."},{"issue":"1","key":"11_CR16","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1186\/s13174-018-0087-2","volume":"9","author":"R Boutaba","year":"2018","unstructured":"Boutaba, R., et al.: A comprehensive survey on machine learning for networking: evolution, applications and research opportunities. J. Internet Serv. Appl. 9(1), 1\u201399 (2018). https:\/\/doi.org\/10.1186\/s13174-018-0087-2","journal-title":"J. Internet Serv. Appl."},{"issue":"6","key":"11_CR17","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3344382","volume":"52","author":"RA Bridges","year":"2019","unstructured":"Bridges, R.A., Glass-Vanderlan, T.R., Iannacone, M.D., Vincent, M.S., Chen, Q.: A survey of intrusion detection systems leveraging host data. ACM Comput. Surv. (CSUR) 52(6), 1\u201335 (2019)","journal-title":"ACM Comput. Surv. (CSUR)"},{"issue":"2","key":"11_CR18","doi-asserted-by":"publisher","first-page":"1153","DOI":"10.1109\/COMST.2015.2494502","volume":"18","author":"AL Buczak","year":"2015","unstructured":"Buczak, A.L., Guven, E.: A survey of data mining and machine learning methods for cyber security intrusion detection. IEEE Commun. Surv. Tutor. 18(2), 1153\u20131176 (2015)","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"11_CR19","doi-asserted-by":"crossref","unstructured":"Casas, P., Soro, F., Vanerio, J., Settanni, G., D\u2019Alconzo, A.: Network security and anomaly detection with Big-DAMA, a big data analytics framework. In: 2017 IEEE 6th International Conference on Cloud Networking (CloudNet), pp. 1\u20137. IEEE (2017)","DOI":"10.1109\/CloudNet.2017.8071525"},{"issue":"3","key":"11_CR20","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/1541880.1541882","volume":"41","author":"V Chandola","year":"2009","unstructured":"Chandola, V., Banerjee, A., Kumar, V.: Anomaly detection: a survey. ACM Comput. Surv. (CSUR) 41(3), 1\u201358 (2009)","journal-title":"ACM Comput. Surv. (CSUR)"},{"key":"11_CR21","doi-asserted-by":"crossref","unstructured":"Claise, B., Sadasivan, G., Valluri, V., Djernaes, M.: Cisco systems netflow services export version 9 (2004)","DOI":"10.17487\/rfc3954"},{"key":"11_CR22","doi-asserted-by":"crossref","unstructured":"Clausen, H., Aspinall, D.: Examining traffic microstructures to improve model development. In: 2021 IEEE Security and Privacy Workshops (SPW), pp. 19\u201324. IEEE (2021)","DOI":"10.1109\/SPW53761.2021.00011"},{"key":"11_CR23","series-title":"Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering","doi-asserted-by":"publisher","first-page":"456","DOI":"10.1007\/978-3-030-90019-9_23","volume-title":"Security and Privacy in Communication Networks","author":"H Clausen","year":"2021","unstructured":"Clausen, H., Flood, R., Aspinall, D.: Controlling network traffic microstructures for machine-learning model probing. In: Garcia-Alfaro, J., Li, S., Poovendran, R., Debar, H., Yung, M. (eds.) SecureComm 2021. LNICST, vol. 398, pp. 456\u2013475. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-90019-9_23"},{"key":"11_CR24","doi-asserted-by":"publisher","first-page":"201","DOI":"10.1016\/j.ins.2013.03.022","volume":"239","author":"I Corona","year":"2013","unstructured":"Corona, I., Giacinto, G., Roli, F.: Adversarial attacks against intrusion detection systems: taxonomy, solutions and open issues. Inf. Sci. 239, 201\u2013225 (2013)","journal-title":"Inf. Sci."},{"key":"11_CR25","doi-asserted-by":"crossref","unstructured":"Cretu, G.F., Stavrou, A., Locasto, M.E., Stolfo, S.J., Keromytis, A.D.: Casting out demons: sanitizing training data for anomaly sensors. In: 2008 IEEE Symposium on Security and Privacy (SP 2008), pp. 81\u201395. IEEE (2008)","DOI":"10.1109\/SP.2008.11"},{"issue":"6\u20137","key":"11_CR26","doi-asserted-by":"publisher","first-page":"353","DOI":"10.1016\/j.cose.2011.05.008","volume":"30","author":"JJ Davis","year":"2011","unstructured":"Davis, J.J., Clark, A.J.: Data preprocessing for anomaly based network intrusion detection: a review. Comput. Secur. 30(6\u20137), 353\u2013375 (2011)","journal-title":"Comput. Secur."},{"issue":"3","key":"11_CR27","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/s11432-017-9288-4","volume":"61","author":"Y Dong","year":"2018","unstructured":"Dong, Y., et al.: An adaptive system for detecting malicious queries in web attacks. Sci. China Inf. Sci. 61(3), 1\u201316 (2018). https:\/\/doi.org\/10.1007\/s11432-017-9288-4","journal-title":"Sci. China Inf. Sci."},{"issue":"1","key":"11_CR28","doi-asserted-by":"publisher","first-page":"34","DOI":"10.1109\/TNSM.2016.2627340","volume":"14","author":"J Dromard","year":"2016","unstructured":"Dromard, J., Roudi\u00e8re, G., Owezarski, P.: Online and scalable unsupervised network anomaly detection method. IEEE Trans. Netw. Serv. Manag. 14(1), 34\u201347 (2016)","journal-title":"IEEE Trans. Netw. Serv. Manag."},{"key":"11_CR29","doi-asserted-by":"crossref","unstructured":"Du, M., Li, F., Zheng, G., Srikumar, V.: DeepLog: anomaly detection and diagnosis from system logs through deep learning. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 1285\u20131298 (2017)","DOI":"10.1145\/3133956.3134015"},{"key":"11_CR30","unstructured":"Durumeric, Z., Bailey, M., Halderman, J.A.: An internet-wide view of internet-wide scanning. In: 23rd USENIX Security Symposium (USENIX Security 2014), pp. 65\u201378 (2014)"},{"key":"11_CR31","doi-asserted-by":"crossref","unstructured":"Engelen, G., Rimmer, V., Joosen, W.: Troubleshooting an intrusion detection dataset: the cicids2017 case study. In: 2021 IEEE Security and Privacy Workshops (SPW), pp. 7\u201312 (2021)","DOI":"10.1109\/SPW53761.2021.00009"},{"key":"11_CR32","doi-asserted-by":"publisher","first-page":"121","DOI":"10.1016\/j.patcog.2016.03.028","volume":"58","author":"SM Erfani","year":"2016","unstructured":"Erfani, S.M., Rajasegarar, S., Karunasekera, S., Leckie, C.: High-dimensional and large-scale anomaly detection using a linear one-class SVM with deep learning. Pattern Recogn. 58, 121\u2013134 (2016)","journal-title":"Pattern Recogn."},{"key":"11_CR33","doi-asserted-by":"publisher","first-page":"127","DOI":"10.1016\/j.future.2013.06.027","volume":"37","author":"W Feng","year":"2014","unstructured":"Feng, W., Zhang, Q., Hu, G., Huang, J.X.: Mining network data for intrusion detection through combining SVMs with ant colony networks. Futur. Gener. Comput. Syst. 37, 127\u2013140 (2014)","journal-title":"Futur. Gener. Comput. Syst."},{"issue":"3","key":"11_CR34","doi-asserted-by":"publisher","first-page":"447","DOI":"10.1007\/s11235-018-0475-8","volume":"70","author":"G Fernandes","year":"2018","unstructured":"Fernandes, G., Rodrigues, J.J.P.C., Carvalho, L.F., Al-Muhtadi, J.F., Proen\u00e7a, M.L.: A comprehensive survey on network anomaly detection. Telecommun. Syst. 70(3), 447\u2013489 (2018). https:\/\/doi.org\/10.1007\/s11235-018-0475-8","journal-title":"Telecommun. Syst."},{"key":"11_CR35","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.jnca.2015.11.024","volume":"64","author":"G Fernandes Jr","year":"2016","unstructured":"Fernandes, G., Jr., Carvalho, L.F., Rodrigues, J.J., Proen\u00e7a, M.L., Jr.: Network anomaly detection using IP flows with principal component analysis and ant colony optimization. J. Netw. Comput. Appl. 64, 1\u201311 (2016)","journal-title":"J. Netw. Comput. Appl."},{"key":"11_CR36","doi-asserted-by":"publisher","first-page":"513","DOI":"10.1016\/j.asoc.2015.05.019","volume":"34","author":"G Fernandes Jr","year":"2015","unstructured":"Fernandes, G., Jr., Rodrigues, J.J., Proenca, M.L., Jr.: Autonomous profile-based anomaly detection system using principal component analysis and flow analysis. Appl. Soft Comput. 34, 513\u2013525 (2015)","journal-title":"Appl. Soft Comput."},{"key":"11_CR37","doi-asserted-by":"publisher","first-page":"13","DOI":"10.1016\/j.neucom.2012.11.050","volume":"122","author":"U Fiore","year":"2013","unstructured":"Fiore, U., Palmieri, F., Castiglione, A., De Santis, A.: Network anomaly detection with the restricted Boltzmann machine. Neurocomputing 122, 13\u201323 (2013)","journal-title":"Neurocomputing"},{"key":"11_CR38","unstructured":"Fogla, P., Sharif, M.I., Perdisci, R., Kolesnikov, O.M., Lee, W.: Polymorphic blending attacks. In: USENIX Security Symposium, pp. 241\u2013256 (2006)"},{"key":"11_CR39","doi-asserted-by":"crossref","unstructured":"Fontugne, R., Borgnat, P., Abry, P., Fukuda, K.: MAWILab: combining diverse anomaly detectors for automated anomaly labeling and performance benchmarking. In: ACM CoNEXT 2010, Philadelphia, PA, December 2010","DOI":"10.1145\/1921168.1921179"},{"key":"11_CR40","unstructured":"Global Mobile Data Traffic Forecast: Cisco visual networking index: Global mobile data traffic forecast update, 2017\u20132022. Update 2017, 2022 (2019)"},{"key":"11_CR41","doi-asserted-by":"crossref","unstructured":"Gao, N., Gao, L., Gao, Q., Wang, H.: An intrusion detection model based on deep belief networks. In: 2014 Second International Conference on Advanced Cloud and Big Data, pp. 247\u2013252. IEEE (2014)","DOI":"10.1109\/CBD.2014.41"},{"issue":"1\u20132","key":"11_CR42","doi-asserted-by":"publisher","first-page":"18","DOI":"10.1016\/j.cose.2008.08.003","volume":"28","author":"P Garcia-Teodoro","year":"2009","unstructured":"Garcia-Teodoro, P., Diaz-Verdejo, J., Maci\u00e1-Fern\u00e1ndez, G., V\u00e1zquez, E.: Anomaly-based network intrusion detection: techniques, systems and challenges. Comput. Secur. 28(1\u20132), 18\u201328 (2009)","journal-title":"Comput. Secur."},{"key":"11_CR43","doi-asserted-by":"crossref","unstructured":"Gates, C., Taylor, C.: Challenging the anomaly detection paradigm: a provocative discussion. In: Proceedings of the 2006 Workshop on New Security Paradigms, pp. 21\u201329 (2006)","DOI":"10.1145\/1278940.1278945"},{"key":"11_CR44","doi-asserted-by":"publisher","first-page":"55","DOI":"10.1016\/j.comnet.2016.05.021","volume":"107","author":"M Grill","year":"2016","unstructured":"Grill, M., Pevn\u1ef3, T.: Learning combination of anomaly detectors for security domain. Comput. Netw. 107, 55\u201363 (2016)","journal-title":"Comput. Netw."},{"issue":"1","key":"11_CR45","doi-asserted-by":"publisher","first-page":"43","DOI":"10.1016\/j.jcss.2016.03.007","volume":"83","author":"M Grill","year":"2017","unstructured":"Grill, M., Pevn\u1ef3, T., Rehak, M.: Reducing false positives of network anomaly detection by local adaptive multivariate smoothing. J. Comput. Syst. Sci. 83(1), 43\u201357 (2017)","journal-title":"J. Comput. Syst. Sci."},{"key":"11_CR46","doi-asserted-by":"publisher","first-page":"391","DOI":"10.1016\/j.neucom.2016.06.021","volume":"214","author":"C Guo","year":"2016","unstructured":"Guo, C., Ping, Y., Liu, N., Luo, S.S.: A two-level hybrid approach for intrusion detection. Neurocomputing 214, 391\u2013400 (2016)","journal-title":"Neurocomputing"},{"key":"11_CR47","doi-asserted-by":"publisher","first-page":"255","DOI":"10.1016\/j.cose.2013.08.003","volume":"39","author":"C Guo","year":"2013","unstructured":"Guo, C., Zhou, Y.J., Ping, Y., Luo, S.S., Lai, Y.P., Zhang, Z.K.: Efficient intrusion detection using representative instances. Comput. Secur. 39, 255\u2013267 (2013)","journal-title":"Comput. Secur."},{"key":"11_CR48","doi-asserted-by":"publisher","first-page":"289","DOI":"10.1016\/j.ijinfomgt.2018.08.006","volume":"45","author":"RAA Habeeb","year":"2019","unstructured":"Habeeb, R.A.A., Nasaruddin, F., Gani, A., Hashem, I.A.T., Ahmed, E., Imran, M.: Real-time big data processing for anomaly detection: a survey. Int. J. Inf. Manag. 45, 289\u2013307 (2019)","journal-title":"Int. J. Inf. Manag."},{"key":"11_CR49","doi-asserted-by":"publisher","first-page":"194","DOI":"10.1016\/j.jnca.2013.02.021","volume":"37","author":"D Hoplaros","year":"2014","unstructured":"Hoplaros, D., Tari, Z., Khalil, I.: Data summarization for network traffic monitoring. J. Netw. Comput. Appl. 37, 194\u2013205 (2014)","journal-title":"J. Netw. Comput. Appl."},{"key":"11_CR50","series-title":"Communications in Computer and Information Science","doi-asserted-by":"publisher","first-page":"159","DOI":"10.1007\/978-3-030-43887-6_13","volume-title":"Machine Learning and Knowledge Discovery in Databases","author":"F Iglesias","year":"2020","unstructured":"Iglesias, F., Hartl, A., Zseby, T., Zimek, A.: Are network attacks outliers? A study of space representations and unsupervised algorithms. In: Cellier, P., Driessens, K. (eds.) ECML PKDD 2019. CCIS, vol. 1168, pp. 159\u2013175. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-43887-6_13"},{"key":"11_CR51","doi-asserted-by":"crossref","unstructured":"Kantchelian, A., et al.: Approaches to adversarial drift. In: Proceedings of the 2013 ACM Workshop on Artificial Intelligence and Security, pp. 99\u2013110 (2013)","DOI":"10.1145\/2517312.2517320"},{"key":"11_CR52","doi-asserted-by":"publisher","first-page":"1253","DOI":"10.1016\/j.neucom.2014.08.070","volume":"149","author":"A Karami","year":"2015","unstructured":"Karami, A., Guerrero-Zapata, M.: A fuzzy anomaly detection system based on hybrid PSO-Kmeans algorithm in content-centric networks. Neurocomputing 149, 1253\u20131269 (2015)","journal-title":"Neurocomputing"},{"key":"11_CR53","doi-asserted-by":"crossref","unstructured":"Kayacik, H.G., Zincir-Heywood, A.N.: Mimicry attacks demystified: what can attackers do to evade detection? In: 2008 Sixth Annual Conference on Privacy, Security and Trust, pp. 213\u2013223. IEEE (2008)","DOI":"10.1109\/PST.2008.25"},{"issue":"4","key":"11_CR54","doi-asserted-by":"publisher","first-page":"1690","DOI":"10.1016\/j.eswa.2013.08.066","volume":"41","author":"G Kim","year":"2014","unstructured":"Kim, G., Lee, S., Kim, S.: A novel hybrid intrusion detection method integrating anomaly detection with misuse detection. Expert Syst. Appl. 41(4), 1690\u20131700 (2014)","journal-title":"Expert Syst. Appl."},{"key":"11_CR55","unstructured":"Kindervag, J., et al.: Build security into your network\u2019s DNA: the zero trust network architecture. Forrester Research Inc., pp. 1\u201326 (2010)"},{"key":"11_CR56","unstructured":"Kloft, M., Laskov, P.: Online anomaly detection under adversarial impact. In: Proceedings of the Thirteenth International Conference on Artificial Intelligence and Statistics, pp. 405\u2013412 (2010)"},{"issue":"4","key":"11_CR57","doi-asserted-by":"publisher","first-page":"219","DOI":"10.1145\/1030194.1015492","volume":"34","author":"A Lakhina","year":"2004","unstructured":"Lakhina, A., Crovella, M., Diot, C.: Diagnosing network-wide traffic anomalies. ACM SIGCOMM Comput. Commun. Rev. 34(4), 219\u2013230 (2004)","journal-title":"ACM SIGCOMM Comput. Commun. Rev."},{"key":"11_CR58","doi-asserted-by":"crossref","unstructured":"Le, D.C., Zincir-Heywood, A.N., Heywood, M.I.: Data analytics on network traffic flows for botnet behaviour detection. In: 2016 IEEE Symposium Series on Computational Intelligence (SSCI), pp. 1\u20137. IEEE (2016)","DOI":"10.1109\/SSCI.2016.7850078"},{"key":"11_CR59","doi-asserted-by":"publisher","first-page":"411","DOI":"10.1016\/j.cose.2017.11.004","volume":"73","author":"G Maci\u00e1-Fern\u00e1ndez","year":"2018","unstructured":"Maci\u00e1-Fern\u00e1ndez, G., Camacho, J., Mag\u00e1n-Carri\u00f3n, R., Garc\u00eda-Teodoro, P., Ther\u00f3n, R.: UGR \u201916: a new dataset for the evaluation of cyclostationarity-based network IDSs. Comput. Secur. 73, 411\u2013424 (2018)","journal-title":"Comput. Secur."},{"key":"11_CR60","unstructured":"Malhotra, P., Vig, L., Shroff, G., Agarwal, P.: Long short term memory networks for anomaly detection in time series. In: Proceedings, vol. 89. Presses universitaires de Louvain (2015)"},{"key":"11_CR61","doi-asserted-by":"publisher","first-page":"127","DOI":"10.1016\/j.comnet.2016.05.018","volume":"109","author":"M Marchetti","year":"2016","unstructured":"Marchetti, M., Pierazzi, F., Colajanni, M., Guido, A.: Analysis of high volumes of network traffic for advanced persistent threat detection. Comput. Netw. 109, 127\u2013141 (2016)","journal-title":"Comput. Netw."},{"issue":"1","key":"11_CR62","doi-asserted-by":"publisher","first-page":"50","DOI":"10.1109\/JSTSP.2012.2233193","volume":"7","author":"M Mardani","year":"2012","unstructured":"Mardani, M., Mateos, G., Giannakis, G.B.: Dynamic anomalography: tracking network anomalies via sparsity and low rank. IEEE J. Sel. Top. Signal Process. 7(1), 50\u201366 (2012)","journal-title":"IEEE J. Sel. Top. Signal Process."},{"key":"11_CR63","doi-asserted-by":"crossref","unstructured":"Maxion, R.A., Tan, K.M.: Benchmarking anomaly-based detection systems. In: Proceeding International Conference on Dependable Systems and Networks, DSN 2000, pp. 623\u2013630. IEEE (2000)","DOI":"10.1109\/ICDSN.2000.857599"},{"key":"11_CR64","doi-asserted-by":"crossref","unstructured":"Mirsky, Y., Doitshman, T., Elovici, Y., Shabtai, A.: Kitsune: an ensemble of autoencoders for online network intrusion detection. arXiv preprint arXiv:1802.09089 (2018)","DOI":"10.14722\/ndss.2018.23204"},{"key":"11_CR65","doi-asserted-by":"publisher","first-page":"83","DOI":"10.1016\/j.pmcj.2016.07.006","volume":"35","author":"Y Mirsky","year":"2017","unstructured":"Mirsky, Y., Shabtai, A., Shapira, B., Elovici, Y., Rokach, L.: Anomaly detection for smartphone data streams. Pervasive Mob. Comput. 35, 83\u2013107 (2017)","journal-title":"Pervasive Mob. Comput."},{"issue":"3","key":"11_CR66","doi-asserted-by":"publisher","first-page":"26","DOI":"10.1109\/65.283931","volume":"8","author":"B Mukherjee","year":"1994","unstructured":"Mukherjee, B., Heberlein, L.T., Levitt, K.N.: Network intrusion detection. IEEE Netw. 8(3), 26\u201341 (1994)","journal-title":"IEEE Netw."},{"key":"11_CR67","doi-asserted-by":"crossref","unstructured":"Nehinbe, J.O.: A critical evaluation of datasets for investigating IDSs and IPSs researches. In: 2011 IEEE 10th International Conference on Cybernetic Intelligent Systems (CIS), pp. 92\u201397. IEEE (2011)","DOI":"10.1109\/CIS.2011.6169141"},{"key":"11_CR68","doi-asserted-by":"crossref","unstructured":"Nguyen, H.T., Franke, K., Petrovic, S.: Feature extraction methods for intrusion detection systems. In: Threats, Countermeasures, and Advances in Applied Information Security, pp. 23\u201352. IGI Global (2012)","DOI":"10.4018\/978-1-4666-0978-5.ch002"},{"key":"11_CR69","doi-asserted-by":"crossref","unstructured":"Nguyen, Q.P., Lim, K.W., Divakaran, D.M., Low, K.H., Chan, M.C.: Gee: a gradient-based explainable variational autoencoder for network anomaly detection. In: 2019 IEEE Conference on Communications and Network Security (CNS), pp. 91\u201399. IEEE (2019)","DOI":"10.1109\/CNS.2019.8802833"},{"key":"11_CR70","doi-asserted-by":"crossref","unstructured":"Ning, J., Poh, G.S., Loh, J.C., Chia, J., Chang, E.C.: PrivDPI: privacy-preserving encrypted traffic inspection with reusable obfuscated rules. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pp. 1657\u20131670 (2019)","DOI":"10.1145\/3319535.3354204"},{"key":"11_CR71","series-title":"Information Security and Cryptography","doi-asserted-by":"publisher","first-page":"309","DOI":"10.1007\/978-3-030-83411-1_11","volume-title":"Computer Security and the Internet","author":"PC van Oorschot","year":"2021","unstructured":"van Oorschot, P.C.: Intrusion detection and network-based attacks. In: van Oorschot, P.C. (ed.) Computer Security and the Internet. ISC, pp. 309\u2013338. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-83411-1_11"},{"key":"11_CR72","doi-asserted-by":"crossref","unstructured":"Pascoal, C., De Oliveira, M.R., Valadas, R., Filzmoser, P., Salvador, P., Pacheco, A.: Robust feature selection and robust PCA for internet traffic anomaly detection. In: 2012 Proceedings IEEE Infocom, pp. 1755\u20131763. IEEE (2012)","DOI":"10.1109\/INFCOM.2012.6195548"},{"issue":"23\u201324","key":"11_CR73","doi-asserted-by":"publisher","first-page":"2435","DOI":"10.1016\/S1389-1286(99)00112-7","volume":"31","author":"V Paxson","year":"1999","unstructured":"Paxson, V.: Bro: a system for detecting network intruders in real-time. Comput. Netw. 31(23\u201324), 2435\u20132463 (1999)","journal-title":"Comput. Netw."},{"key":"11_CR74","volume-title":"Dataset Shift in Machine Learning","author":"J Quionero-Candela","year":"2009","unstructured":"Quionero-Candela, J., Sugiyama, M., Schwaighofer, A., Lawrence, N.D.: Dataset Shift in Machine Learning. The MIT Press, Cambridge (2009)"},{"key":"11_CR75","doi-asserted-by":"crossref","unstructured":"Ramamoorthi, A., Subbulakshmi, T., Shalinie, S.M.: Real time detection and classification of DDoS attacks using enhanced SVM with string kernels. In: 2011 International Conference on Recent Trends in Information Technology (ICRTIT), pp. 91\u201396. IEEE (2011)","DOI":"10.1109\/ICRTIT.2011.5972281"},{"key":"11_CR76","doi-asserted-by":"publisher","first-page":"44","DOI":"10.1016\/j.knosys.2014.01.003","volume":"60","author":"MA Rassam","year":"2014","unstructured":"Rassam, M.A., Maarof, M.A., Zainal, A.: Adaptive and online data anomaly detection for wireless sensor systems. Knowl.-Based Syst. 60, 44\u201357 (2014)","journal-title":"Knowl.-Based Syst."},{"issue":"3","key":"11_CR77","doi-asserted-by":"publisher","first-page":"659","DOI":"10.1016\/j.patcog.2014.07.028","volume":"48","author":"H Raza","year":"2015","unstructured":"Raza, H., Prasad, G., Li, Y.: EWMA model based shift-detection methods for detecting covariate shifts in non-stationary environments. Pattern Recogn. 48(3), 659\u2013669 (2015)","journal-title":"Pattern Recogn."},{"key":"11_CR78","doi-asserted-by":"publisher","first-page":"147","DOI":"10.1016\/j.cose.2019.06.005","volume":"86","author":"M Ring","year":"2019","unstructured":"Ring, M., Wunderlich, S., Scheuring, D., Landes, D., Hotho, A.: A survey of network-based intrusion detection data sets. Comput. Secur. 86, 147\u2013167 (2019)","journal-title":"Comput. Secur."},{"key":"11_CR79","doi-asserted-by":"crossref","unstructured":"Ringberg, H., Soule, A., Rexford, J., Diot, C.: Sensitivity of PCA for traffic anomaly detection. In: Proceedings of the 2007 ACM SIGMETRICS International Conference on Measurement and Modeling of Computer Systems, pp. 109\u2013120 (2007)","DOI":"10.1145\/1269899.1254895"},{"key":"11_CR80","unstructured":"Roesch, M., et al.: Snort: lightweight intrusion detection for networks. In: Lisa, vol. 99, pp. 229\u2013238 (1999)"},{"key":"11_CR81","doi-asserted-by":"crossref","unstructured":"Sakib, M.N., Huang, C.T.: Using anomaly detection based techniques to detect http-based botnet c&c traffic. In: 2016 IEEE International Conference on Communications (ICC), pp. 1\u20136. IEEE (2016)","DOI":"10.1109\/ICC.2016.7510883"},{"issue":"1","key":"11_CR82","first-page":"177","volume":"2018","author":"I Sharafaldin","year":"2018","unstructured":"Sharafaldin, I., Gharib, A., Lashkari, A.H., Ghorbani, A.A.: Towards a reliable intrusion detection benchmark dataset. Softw. Netw. 2018(1), 177\u2013200 (2018)","journal-title":"Softw. Netw."},{"key":"11_CR83","doi-asserted-by":"crossref","unstructured":"Sharafaldin, I., Lashkari, A.H., Ghorbani, A.A.: Toward generating a new intrusion detection dataset and intrusion traffic characterization. In: ICISSP, pp. 108\u2013116 (2018)","DOI":"10.5220\/0006639801080116"},{"key":"11_CR84","doi-asserted-by":"crossref","unstructured":"Sherry, J., Lan, C., Popa, R.A., Ratnasamy, S.: BlindBox: deep packet inspection over encrypted traffic. In: Proceedings of the 2015 ACM Conference on Special Interest Group on Data Communication, pp. 213\u2013226 (2015)","DOI":"10.1145\/2785956.2787502"},{"issue":"3","key":"11_CR85","doi-asserted-by":"publisher","first-page":"357","DOI":"10.1016\/j.cose.2011.12.012","volume":"31","author":"A Shiravi","year":"2012","unstructured":"Shiravi, A., Shiravi, H., Tavallaee, M., Ghorbani, A.A.: Toward developing a systematic approach to generate benchmark datasets for intrusion detection. Comput. Secur. 31(3), 357\u2013374 (2012)","journal-title":"Comput. Secur."},{"issue":"1","key":"11_CR86","doi-asserted-by":"publisher","first-page":"41","DOI":"10.1109\/TETCI.2017.2772792","volume":"2","author":"N Shone","year":"2018","unstructured":"Shone, N., Ngoc, T.N., Phai, V.D., Shi, Q.: A deep learning approach to network intrusion detection. IEEE Trans. Emerg. Top. Comput. Intell. 2(1), 41\u201350 (2018)","journal-title":"IEEE Trans. Emerg. Top. Comput. Intell."},{"key":"11_CR87","doi-asserted-by":"crossref","unstructured":"Shvachko, K., Kuang, H., Radia, S., Chansler, R.: The Hadoop distributed file system. In: 2010 IEEE 26th Symposium on Mass Storage Systems and Technologies (MSST), pp. 1\u201310. IEEE (2010)","DOI":"10.1109\/MSST.2010.5496972"},{"key":"11_CR88","doi-asserted-by":"crossref","unstructured":"Sommer, R., Paxson, V.: Outside the closed world: on using machine learning for network intrusion detection. In: 2010 IEEE Symposium on Security and Privacy, pp. 305\u2013316. IEEE (2010)","DOI":"10.1109\/SP.2010.25"},{"issue":"2","key":"11_CR89","doi-asserted-by":"publisher","first-page":"128","DOI":"10.1109\/TNSM.2012.031512.110146","volume":"9","author":"A Sperotto","year":"2012","unstructured":"Sperotto, A., Mandjes, M., Sadre, R., de Boer, P.T., Pras, A.: Autonomic parameter tuning of anomaly-based IDSs: an SSH case study. IEEE Trans. Netw. Serv. Manag. 9(2), 128\u2013141 (2012)","journal-title":"IEEE Trans. Netw. Serv. Manag."},{"issue":"3","key":"11_CR90","doi-asserted-by":"publisher","first-page":"343","DOI":"10.1109\/SURV.2010.032210.00054","volume":"12","author":"A Sperotto","year":"2010","unstructured":"Sperotto, A., Schaffrath, G., Sadre, R., Morariu, C., Pras, A., Stiller, B.: An overview of IP flow-based intrusion detection. IEEE Commun. Surv. Tutor. 12(3), 343\u2013356 (2010)","journal-title":"IEEE Commun. Surv. Tutor."},{"issue":"1\u20132","key":"11_CR91","doi-asserted-by":"publisher","first-page":"105","DOI":"10.3233\/JCS-2002-101-205","volume":"10","author":"S Staniford","year":"2002","unstructured":"Staniford, S., Hoagland, J.A., McAlerney, J.M.: Practical automated detection of stealthy portscans. J. Comput. Secur. 10(1\u20132), 105\u2013136 (2002)","journal-title":"J. Comput. Secur."},{"issue":"4","key":"11_CR92","doi-asserted-by":"publisher","first-page":"3492","DOI":"10.1016\/j.eswa.2010.08.137","volume":"38","author":"MY Su","year":"2011","unstructured":"Su, M.Y.: Real-time anomaly detection systems for denial-of-service attacks by weighted k-nearest-neighbor classifiers. Expert Syst. Appl. 38(4), 3492\u20133498 (2011)","journal-title":"Expert Syst. Appl."},{"issue":"4","key":"11_CR93","doi-asserted-by":"publisher","first-page":"70","DOI":"10.1145\/2627534.2627557","volume":"41","author":"S Suthaharan","year":"2014","unstructured":"Suthaharan, S.: Big data classification: problems and challenges in network intrusion prediction with machine learning. ACM SIGMETRICS Perform. Eval. Rev. 41(4), 70\u201373 (2014)","journal-title":"ACM SIGMETRICS Perform. Eval. Rev."},{"key":"11_CR94","doi-asserted-by":"publisher","first-page":"330","DOI":"10.1016\/j.eswa.2016.07.036","volume":"64","author":"M Swarnkar","year":"2016","unstructured":"Swarnkar, M., Hubballi, N.: OCPAD: one class Naive Bayes classifier for payload based anomaly detection. Expert Syst. Appl. 64, 330\u2013339 (2016)","journal-title":"Expert Syst. Appl."},{"key":"11_CR95","doi-asserted-by":"crossref","unstructured":"Szmit, M., Szmit, A.: Usage of modified holt-winters method in the anomaly detection of network traffic: case studies. J. Comput. Netw. Commun. 2012, 1\u20135 (2012). Article ID: 192913","DOI":"10.1155\/2012\/192913"},{"issue":"5","key":"11_CR96","doi-asserted-by":"publisher","first-page":"516","DOI":"10.1109\/TSMCC.2010.2048428","volume":"40","author":"M Tavallaee","year":"2010","unstructured":"Tavallaee, M., Stakhanova, N., Ghorbani, A.A.: Toward credible evaluation of anomaly-based intrusion-detection methods. IEEE Trans. Syst. Man Cybern. Part C (Appl. Rev.) 40(5), 516\u2013524 (2010)","journal-title":"IEEE Trans. Syst. Man Cybern. Part C (Appl. Rev.)"},{"issue":"3","key":"11_CR97","doi-asserted-by":"publisher","first-page":"309","DOI":"10.1002\/sec.564","volume":"6","author":"C Thomas","year":"2013","unstructured":"Thomas, C.: Improving intrusion detection for imbalanced network traffic. Secur. Commun. Netw. 6(3), 309\u2013324 (2013)","journal-title":"Secur. Commun. Netw."},{"key":"11_CR98","unstructured":"Varadarajan, G.K., Santander Pel\u00e1ez, M.: Web application attack analysis using bro IDs. SANS Institute 90, 1\u201322 (2012)"},{"issue":"4","key":"11_CR99","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/2716260","volume":"47","author":"E Vasilomanolakis","year":"2015","unstructured":"Vasilomanolakis, E., Karuppayah, S., M\u00fchlh\u00e4user, M., Fischer, M.: Taxonomy and survey of collaborative intrusion detection. ACM Comput. Surv. (CSUR) 47(4), 1\u201333 (2015)","journal-title":"ACM Comput. Surv. (CSUR)"},{"issue":"3","key":"11_CR100","doi-asserted-by":"publisher","first-page":"609","DOI":"10.1007\/s11235-015-0017-6","volume":"61","author":"P Velarde-Alvarado","year":"2015","unstructured":"Velarde-Alvarado, P., Vargas-Rosales, C., Martinez-Pelaez, R., Toral-Cruz, H., Martinez-Herrera, A.F.: An unsupervised approach for traffic trace sanitization based on the entropy spaces. Telecommun. Syst. 61(3), 609\u2013626 (2015). https:\/\/doi.org\/10.1007\/s11235-015-0017-6","journal-title":"Telecommun. Syst."},{"key":"11_CR101","doi-asserted-by":"publisher","first-page":"200","DOI":"10.1016\/j.comnet.2017.08.013","volume":"127","author":"EK Viegas","year":"2017","unstructured":"Viegas, E.K., Santin, A.O., Oliveira, L.S.: Toward a reliable anomaly-based intrusion detection in real-world environments. Comput. Netw. 127, 200\u2013216 (2017)","journal-title":"Comput. Netw."},{"key":"11_CR102","doi-asserted-by":"publisher","first-page":"103","DOI":"10.1016\/j.knosys.2014.06.018","volume":"70","author":"W Wang","year":"2014","unstructured":"Wang, W., Guyet, T., Quiniou, R., Cordier, M.O., Masseglia, F., Zhang, X.: Autonomic intrusion detection: adaptively detecting anomalies over unlabeled audit data streams in computer networks. Knowl.-Based Syst. 70, 103\u2013117 (2014)","journal-title":"Knowl.-Based Syst."},{"issue":"4","key":"11_CR103","doi-asserted-by":"publisher","first-page":"169","DOI":"10.1145\/1090191.1080112","volume":"35","author":"K Xu","year":"2005","unstructured":"Xu, K., Zhang, Z.L., Bhattacharyya, S.: Profiling internet backbone traffic: behavior models and applications. ACM SIGCOMM Comput. Commun. Rev. 35(4), 169\u2013180 (2005)","journal-title":"ACM SIGCOMM Comput. Commun. Rev."},{"issue":"1","key":"11_CR104","doi-asserted-by":"publisher","first-page":"21","DOI":"10.1016\/j.dss.2010.06.001","volume":"50","author":"WT Yue","year":"2010","unstructured":"Yue, W.T., \u00c7akany\u0131ld\u0131r\u0131m, M.: A cost-based analysis of intrusion detection system configuration under active or passive response. Decis. Support Syst. 50(1), 21\u201331 (2010)","journal-title":"Decis. Support Syst."},{"key":"11_CR105","doi-asserted-by":"publisher","first-page":"25","DOI":"10.1016\/j.jnca.2017.02.009","volume":"84","author":"BB Zarpel\u00e3o","year":"2017","unstructured":"Zarpel\u00e3o, B.B., Miani, R.S., Kawakani, C.T., de Alvarenga, S.C.: A survey of intrusion detection in internet of things. J. Netw. Comput. Appl. 84, 25\u201337 (2017)","journal-title":"J. Netw. Comput. Appl."},{"key":"11_CR106","doi-asserted-by":"publisher","first-page":"91","DOI":"10.1016\/j.ins.2014.07.044","volume":"318","author":"J Zhang","year":"2015","unstructured":"Zhang, J., Li, H., Gao, Q., Wang, H., Luo, Y.: Detecting anomalies from big network traffic data using an adaptive detection approach. Inf. Sci. 318, 91\u2013110 (2015)","journal-title":"Inf. Sci."}],"container-title":["Lecture Notes in Computer Science","Security and Artificial Intelligence"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-98795-4_11","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,9,21]],"date-time":"2024-09-21T19:49:22Z","timestamp":1726948162000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-98795-4_11"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022]]},"ISBN":["9783030987947","9783030987954"],"references-count":106,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-98795-4_11","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022]]},"assertion":[{"value":"8 April 2022","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}}]}}