{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,24]],"date-time":"2026-04-24T15:01:44Z","timestamp":1777042904370,"version":"3.51.4"},"publisher-location":"Cham","reference-count":24,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783319232034","type":"print"},{"value":"9783319232041","type":"electronic"}],"license":[{"start":{"date-parts":[[2015,8,29]],"date-time":"2015-08-29T00:00:00Z","timestamp":1440806400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2015,8,29]],"date-time":"2015-08-29T00:00:00Z","timestamp":1440806400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2016]]},"DOI":"10.1007\/978-3-319-23204-1_15","type":"book-chapter","created":{"date-parts":[[2015,8,28]],"date-time":"2015-08-28T15:12:25Z","timestamp":1440774745000},"page":"137-153","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":8,"title":["Heuristic Rules for Attack Detection Charged by NSL KDD Dataset"],"prefix":"10.1007","author":[{"given":"Khaing Shwe","family":"Wutyi","sequence":"first","affiliation":[]},{"given":"Mie Mie Su","family":"Thwin","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2015,8,29]]},"reference":[{"key":"15_CR1","doi-asserted-by":"crossref","unstructured":"Agarwal, R., Joshi, M.V.: PNrule: A New Framework for Learning Classifier Models in Data Mining (A Case-Study in Network Intrusion Detection). Technical Report TR 00-015, Department of Computer Science, University of Minnesota (2000)","DOI":"10.1137\/1.9781611972719.29"},{"issue":"2","key":"15_CR2","doi-asserted-by":"publisher","first-page":"67","DOI":"10.1145\/846183.846201","volume":"1","author":"I Levin","year":"2000","unstructured":"Levin, I.: KDD-99 Classifier Learning Contest LLSoft\u2019s Results Overview. ACM SIGKDD SIGKDD Explorations 1(2), 67\u201375 (2000)","journal-title":"ACM SIGKDD SIGKDD Explorations"},{"key":"15_CR3","unstructured":"Lee, W., Stolfo, S.J., Mok, K.W.: A data mining framework for building intrusion detection models. In: IEEE Symposium on Security and Privacy, Oakland, California, pp. 120\u2013132 (1999)"},{"key":"15_CR4","doi-asserted-by":"crossref","unstructured":"Lindqvist, U., Porras, P.: Detecting computer and network misuse through the production-based expert system toolset (P-{BEST}). In: IEEE Symposium on Security and Privacy, pp. 146\u2013161 (1999)","DOI":"10.1109\/SECPRI.1999.766911"},{"key":"15_CR5","unstructured":"Porras, P.A., Neumann, P.G.: EMERALD: event monitoring enabling responses to anomalous live disturbances. In: Proceedings of the 20th National Information Systems Security Conference, Baltimore, Maryland, pp. 353\u2013365 (1997)"},{"key":"15_CR6","doi-asserted-by":"crossref","first-page":"115","DOI":"10.1016\/B978-1-55860-377-6.50023-2","volume-title":"Machine Learning Proceedings 1995","author":"William W. Cohen","year":"1995","unstructured":"Cohen, W.W.: Fast effective rule induction. In: Proceedings of the 12th International Conference on Machine Learning (ML-95), Lake Tahoe, CA: Morgan Kaufmann, pp. 115\u2013123 (1995)"},{"key":"15_CR7","unstructured":"DARPA dataset 1998, April 2003. http:\/\/www.ll.mit.edu\/IST\/ideval\/data\/1998\/1998_data_index.html"},{"key":"15_CR8","doi-asserted-by":"crossref","unstructured":"Lee, W., Stolfo, S.J., Mok, K.W.: Mining in a data-flow environment: experience in network intrusion detection. In: Proceedings of the 5th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, San Diego, CA, pp. 114\u2013124 (1999)","DOI":"10.1145\/312129.312212"},{"key":"15_CR9","unstructured":"KDD data set, 1999, April 2003. http:\/\/kdd.ics.uci.edu\/databases\/kddcup99\/kddcup99.html"},{"key":"15_CR10","doi-asserted-by":"crossref","unstructured":"Yeung, D.Y., Chow, C.: Parzen-window network intrusion detectors. In: Proceedings of the Sixteenth International Conference on Pattern Recognition, Quebec City, Canada, Vol. 4, pp. 385\u2013388, August 2002","DOI":"10.1109\/ICPR.2002.1047476"},{"issue":"4","key":"15_CR11","doi-asserted-by":"publisher","first-page":"227","DOI":"10.1145\/382912.382914","volume":"3","author":"W Lee","year":"2000","unstructured":"Lee, W., Stolfo, S.: A Framework for Constructing Features and Models for Intrusion Detection Systems. ACM Transactions on Information and System Security 3(4), 227\u2013261 (2000)","journal-title":"ACM Transactions on Information and System Security"},{"issue":"4","key":"15_CR12","doi-asserted-by":"publisher","first-page":"579","DOI":"10.1016\/S1389-1286(00)00139-0","volume":"34","author":"RP Lippmann","year":"2000","unstructured":"Lippmann, R.P., Haines, J.W., Fried, D.J., Korba, J., Das, K.: The 1999 DARPA Off-Line Intrusion Detection Evaluation. Computer Networks 34(4), 579\u2013595 (2000)","journal-title":"Computer Networks"},{"issue":"2","key":"15_CR13","doi-asserted-by":"publisher","first-page":"63","DOI":"10.1145\/846183.846199","volume":"1","author":"C Elkan","year":"2000","unstructured":"Elkan, C.: Results of the KDD 1999 Classifier Learning. ACM SIGKDD SIGKDD Explorations 1(2), 63\u201364 (2000)","journal-title":"ACM SIGKDD SIGKDD Explorations"},{"key":"15_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"155","DOI":"10.1007\/978-3-642-01393-5_17","volume-title":"Intelligence and Security Informatics","author":"W-Y Yu","year":"2009","unstructured":"Yu, W.-Y., Lee, H.-M.: An incremental-learning method for supervised anomaly detection by cascading service classifier and ITI decision tree methods. In: Chen, H., Yang, C.C., Chau, M., Li, S.-H. (eds.) PAISI 2009. LNCS, vol. 5477, pp. 155\u2013160. Springer, Heidelberg (2009). http:\/\/dx.doi.org\/10.1007\/978-3-642-01393-5"},{"key":"15_CR15","first-page":"1909","volume":"7","author":"P Laskov","year":"2006","unstructured":"Laskov, P., Gehl, C., Kr\u00a8uger, S., M\u00a8uller, K.-R.: Incremental support vector learning: Analysis, implementation and applications. Journal of Machine Learning Research 7, 1909\u20131936 (2006)","journal-title":"Journal of Machine Learning Research"},{"key":"15_CR16","doi-asserted-by":"crossref","unstructured":"Ren, F., Hu, L., Liang, H., Liu, X., Ren, W.: Using density-based incremental clustering for anomaly detection. In: Proceedings of the 2008 International Conference on Computer Science and Software Engineering. Washington, DC, USA, pp. 986\u2013989. IEEE Computer Society (2008). http:\/\/dx.doi.org\/10.1109\/CSSE.2008.811","DOI":"10.1109\/CSSE.2008.811"},{"issue":"1","key":"15_CR17","doi-asserted-by":"publisher","first-page":"208","DOI":"10.1016\/j.patcog.2011.06.014","volume":"45","author":"Wael Khreich","year":"2012","unstructured":"Khreich, W., Granger, E., Miri, A., Sabourin, R.: Adaptive ensembles of HMMs applied to anomaly detection. Pattern Recognition (Elsevier Science), July 19, 2011. doi:10.1016\/j.patcog.2011.06.014","journal-title":"Pattern Recognition"},{"issue":"6","key":"15_CR18","doi-asserted-by":"publisher","first-page":"7698","DOI":"10.1016\/j.eswa.2010.12.141","volume":"38","author":"Y Yi","year":"2011","unstructured":"Yi, Y., Wu, J., Xu, W.: Incremental SVM based on reserved set for network intrusion detection. Journal of Expert Systems with Applications 38(6), 7698\u20137707 (2011). USA","journal-title":"Journal of Expert Systems with Applications"},{"key":"15_CR19","unstructured":"Lu, N., Khoa, D., Chawla, S.: Online Anomaly Detection Systems Using Incremental Commute Time. CoRR, Vol. abs\/1107.3894 (2011)"},{"key":"15_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"407","DOI":"10.1007\/11496618_30","volume-title":"Information Security and Cryptology \u2013 ICISC 2004","author":"K Burbeck","year":"2005","unstructured":"Burbeck, K., Nadjm-Tehrani, S.: ADWICE \u2013 anomaly detection with real-time incremental clustering. In: Park, C.-s., Chee, S. (eds.) ICISC 2004. LNCS, vol. 3506, pp. 407\u2013424. Springer, Heidelberg (2005)"},{"key":"15_CR21","series-title":"Communications in Computer and Information Science","doi-asserted-by":"publisher","first-page":"577","DOI":"10.1007\/978-3-540-89985-3_71","volume-title":"Advances in Computer Science and Engineering","author":"A Rasoulifard","year":"2005","unstructured":"Rasoulifard, A., Bafghi, A.G., Kahani, M.: Incremental hybrid intrusion detection using ensemble of weak classifiers. In: Sarbazi-Azad, H., Parhami, B., Miremadi, S.-G., Hessabi, S. (eds.) CSICC 2008. CCIS, vol. 6, pp. 577\u2013584. Springer, Heidelberg (2005). doi:10.1007\/978-3-540-89985-3"},{"issue":"1","key":"15_CR22","doi-asserted-by":"publisher","first-page":"56","DOI":"10.1016\/j.istr.2007.02.004","volume":"12","author":"K Burbeck","year":"2007","unstructured":"Burbeck, K., Nadjm-Tehrani, S.: Adaptive real-time anomaly detection with incremental clustering. Inf. Secur. Tech. Rep. 12(1), 56\u201367 (2007). http:\/\/dx.doi.org\/10.1016\/j.istr.2007.02.004","journal-title":"Inf. Secur. Tech. Rep."},{"issue":"3","key":"15_CR23","doi-asserted-by":"publisher","first-page":"1177","DOI":"10.1016\/j.eswa.2007.08.049","volume":"35","author":"CC Hsu","year":"2008","unstructured":"Hsu, C.C., Huang, Y.-P.: Incremental clustering of mixed data based on distance hierarchy. Expert Syst. Appl. 35(3), 1177\u20131185 (2008). http:\/\/dx.doi.org\/10.1016\/j.eswa.2007.08.049","journal-title":"Expert Syst. Appl."},{"key":"15_CR24","doi-asserted-by":"crossref","unstructured":"Zhong, C., Li, N.: Incremental clustering algorithm for intrusion detection using clonal selection. In: Proceedings of the 2008 IEEE Pacific-Asia Workshop on Computational Intelligence and Industrial Application. Washington, DC, USA, pp. 326\u2013331. IEEE Computer Society (2008). http:\/\/dx.doi.org\/10.1109\/PACIIA.2008.25","DOI":"10.1109\/PACIIA.2008.256"}],"container-title":["Advances in Intelligent Systems and Computing","Genetic and Evolutionary Computing"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-23204-1_15","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,5,30]],"date-time":"2025-05-30T07:34:23Z","timestamp":1748590463000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-319-23204-1_15"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015,8,29]]},"ISBN":["9783319232034","9783319232041"],"references-count":24,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-23204-1_15","relation":{},"ISSN":["2194-5357","2194-5365"],"issn-type":[{"value":"2194-5357","type":"print"},{"value":"2194-5365","type":"electronic"}],"subject":[],"published":{"date-parts":[[2015,8,29]]},"assertion":[{"value":"29 August 2015","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}}]}}