{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,25]],"date-time":"2025-03-25T20:41:36Z","timestamp":1742935296971,"version":"3.40.3"},"publisher-location":"Cham","reference-count":33,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319288642"},{"type":"electronic","value":"9783319288659"}],"license":[{"start":{"date-parts":[[2015,1,1]],"date-time":"2015-01-01T00:00:00Z","timestamp":1420070400000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2015]]},"DOI":"10.1007\/978-3-319-28865-9_21","type":"book-chapter","created":{"date-parts":[[2016,1,23]],"date-time":"2016-01-23T08:40:02Z","timestamp":1453538402000},"page":"385-400","source":"Crossref","is-referenced-by-count":2,"title":["An Improved Method for Anomaly-Based Network Scan Detection"],"prefix":"10.1007","author":[{"given":"Ashton","family":"Webster","sequence":"first","affiliation":[]},{"given":"Margaret","family":"Gratian","sequence":"additional","affiliation":[]},{"given":"Ryan","family":"Eckenrod","sequence":"additional","affiliation":[]},{"given":"Daven","family":"Patel","sequence":"additional","affiliation":[]},{"given":"Michel","family":"Cukier","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"21_CR1","doi-asserted-by":"publisher","DOI":"10.1201\/b10867","volume-title":"Data Mining and Machine Learning in Cybersecurity","author":"S Dua","year":"2011","unstructured":"Dua, S., Xian, D.: Data Mining and Machine Learning in Cybersecurity. Auerbach, Boca Raton (2011)"},{"key":"21_CR2","doi-asserted-by":"crossref","unstructured":"Sommer, R., Paxson, V.: Outside the closed world: on using machine learning for network intrusion detection. In: IEEE Symposium on Security and Privacy, Oakland (2010)","DOI":"10.1109\/SP.2010.25"},{"key":"21_CR3","doi-asserted-by":"crossref","unstructured":"Denning, D.E.: An Intrusion-Detection model. IEEE Transactions on Software Engineering (1987)","DOI":"10.1109\/TSE.1987.232894"},{"key":"21_CR4","unstructured":"Lane, T.D.: Machine Learning Techniques for Computer Security Domain of Anomaly Detection. Purdue University, Department of Electrical and Computer Engineering and the COAST Laboratory (1998)"},{"key":"21_CR5","unstructured":"Axelsson, S.: The Base-Rate Fallacy and the Difficulty of Intrusion Detection. ACM Transactions on Information and System Security (TISSEC), 2008"},{"key":"21_CR6","doi-asserted-by":"crossref","unstructured":"Lippmann, R.P., et al.: Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation. In: DARPA Information Survivability Conference and Exposition (2000)","DOI":"10.1007\/3-540-39945-3_11"},{"key":"21_CR7","doi-asserted-by":"crossref","unstructured":"Simon, G.J., et al.: Scan detection: a data mining approach. In: Proceedings of the Sixth SIAM International Conference on Data Mining, SIAM (2006)","DOI":"10.1137\/1.9781611972764.11"},{"key":"21_CR8","doi-asserted-by":"crossref","unstructured":"Gates, C., et al.: Scan detection on very large networks using logistic regression modeling. In: Proceedings of the IEEE Symposium on Computers and Communications (2006)","DOI":"10.1109\/ISCC.2006.142"},{"key":"21_CR9","unstructured":"Ert\u00f6z, L., et al.: Scan Detection - Revisited. Technical Report AHPCRC 127, University of Minnesota \u2013 Twin Cities (2004)"},{"key":"21_CR10","doi-asserted-by":"crossref","unstructured":"Bhuyan, M.H., Bhattacharyya, D.K., Kalita, J.K.: Surveying Port Scans and Their Detection Methodologies. The Computer Journal (2011)","DOI":"10.1093\/comjnl\/bxr035"},{"key":"21_CR11","doi-asserted-by":"crossref","unstructured":"Yegneswaran, V., Barford, P., Ullrich, J.: Internet intrusions: global characteristics and prevalence. In: SIGMETRICS Performance Evaluation. ACM, New York (2003)","DOI":"10.1145\/781027.781045"},{"key":"21_CR12","doi-asserted-by":"crossref","unstructured":"Symons, C.T., Beaver, J.M.: Nonparametric semi-supervised learning for network intrusion detection: combining performance improvements with realistic in-situ training. In: Proceedings of the 5th ACM Workshop on Artificial Intelligence and Security (2012)","DOI":"10.1145\/2381896.2381905"},{"key":"21_CR13","doi-asserted-by":"crossref","unstructured":"Davis, J., Goadrich, M.: The relationship between precision-recall and ROC curves. In: Proceedings of the 23rd ACM International Conference on Machine Learning (2006)","DOI":"10.1145\/1143844.1143874"},{"key":"21_CR14","doi-asserted-by":"crossref","unstructured":"Nguyen, T.T.T., Armitage, G.: A Survey of Techniques for Internet Traffic Classification using Machine Learning. Communications Surveys & Tutorials (2008). IEEE","DOI":"10.1109\/SURV.2008.080406"},{"key":"21_CR15","doi-asserted-by":"crossref","unstructured":"Killourhy, K.S., Maxion, R.: Comparing anomaly-detection algorithms for keystroke dynamics. In: International Conference on Dependable Systems & Networks (2009)","DOI":"10.1109\/DSN.2009.5270346"},{"key":"21_CR16","unstructured":"Lee, W., Stolfo, S.J., Chan, P.K.: Learning patterns from unix process execution traces for intrusion detection. In: AAAI Workshop on AI Approaches to Fraud Detection and Risk Management (1997)"},{"key":"21_CR17","doi-asserted-by":"crossref","unstructured":"Jung, J., et al.: Fast portscan detection using sequential hypothesis testing. In: IEEE Symposium on Security and Privacy (2004)","DOI":"10.1109\/SECPRI.2004.1301325"},{"key":"21_CR18","unstructured":"Cisco: Introduction to Cisco IOS Network Flow, March 2015. www.cisco.com"},{"issue":"5","key":"21_CR19","doi-asserted-by":"publisher","first-page":"5","DOI":"10.1145\/1163593.1163596","volume":"36","author":"N Williams","year":"2006","unstructured":"Williams, N., Zander, S., Armitage, G.: A Preliminary Performance Comparison of Five Machine Learning Algorithms for Practical IP Traffic Flow Classification. SIGCOMM Computer Communication Review 36(5), 5\u201316 (2006)","journal-title":"SIGCOMM Computer Communication Review"},{"key":"21_CR20","doi-asserted-by":"crossref","unstructured":"Dash, M., Liu, H., Motoda, H.: Consistency based feature selection. In: PADKK 2000 Proceedings of the 4th Pacific-Asia Conference on Knowledge Discovery and Data Mining, Current Issues and New Applications (2000)","DOI":"10.1007\/3-540-45571-X_12"},{"key":"21_CR21","unstructured":"Witten, I.H., Frank, E., Hall, M.A.: Data Mining: Practical Machine Learning Tools and Techniques, 2nd edn. Morgan Kaufman, Burlington (2005)"},{"key":"21_CR22","doi-asserted-by":"crossref","unstructured":"Tavallaee, M., et al.: A detailed analysis for the KDD CUP 99 data set. In: IEEE Symposium on Computational Intelligence for Security and Defense Applications (2009)","DOI":"10.1109\/CISDA.2009.5356528"},{"key":"21_CR23","doi-asserted-by":"crossref","unstructured":"Song, J., et al.: Statistical analysis of honeypot data and building of kyoto 2006+ dataset for NIDS evaluation. In: Proceeding of the First Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (2011)","DOI":"10.1145\/1978672.1978676"},{"key":"21_CR24","doi-asserted-by":"crossref","unstructured":"McHugh, J.: Testing Intrusion Detection Systems: A Critique of the 1998 and 1999 DARPA Intrusion Detection System Evaluations as Performed by Lincoln Laboratories. ACM Transactions on Information and System Security, November 2000","DOI":"10.1145\/382912.382923"},{"key":"21_CR25","unstructured":"The University at Waikato: Weka 3: Data Mining Software in Java, March 2015. http:\/\/www.cs.waikato.ac.nz\/ml\/"},{"key":"21_CR26","doi-asserted-by":"crossref","unstructured":"Dietterich, T.: On Overfitting and Undercomputing in Machine Learning. ACM Computing Surveys (1995)","DOI":"10.1145\/212094.212114"},{"key":"21_CR27","unstructured":"Nmap, March 2015. http:\/\/nmap.org\/"},{"key":"21_CR28","unstructured":"Cisco. Snort, March 2015. https:\/\/www.snort.org\/"},{"key":"21_CR29","unstructured":"Fayyad, U.M., Irani, K.B.: Multi-interval discretization of continuous-valued attributes for classification learning. In: International Joint Conferences on Artificial Intelligence (1993)"},{"key":"21_CR30","doi-asserted-by":"crossref","unstructured":"Jain, A., Zongker, D.: Feature Selection: Evaluation, Application, and Small Sample Performance. IEEE Transactions on Pattern Analysis and Machine Intelligence (1997)","DOI":"10.1109\/34.574797"},{"key":"21_CR31","doi-asserted-by":"crossref","unstructured":"Jain, A.K., Chandrasekaran, B.: Dimensionality and sample size considerations in pattern recognition practice. In: Handbook of Statistics (1982)","DOI":"10.1016\/S0169-7161(82)02042-2"},{"key":"21_CR32","unstructured":"University of Waikato: Performing Attribute Selection. https:\/\/weka.wikispaces.com\/Performing+attribute+selection"},{"key":"21_CR33","doi-asserted-by":"crossref","unstructured":"Mahoney, M.V., Chan, P.K.: An analysis of the 1999 DARPA\/lincoln laboratory evaluation data for network anomaly detection. In: Proceedings of the 6th Intl. Symposium on Recent Advances in Intrusion Detection (2003)","DOI":"10.1007\/978-3-540-45248-5_13"}],"container-title":["Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering","Security and Privacy in Communication Networks"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-28865-9_21","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,6,2]],"date-time":"2022-06-02T08:39:21Z","timestamp":1654159161000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-28865-9_21"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015]]},"ISBN":["9783319288642","9783319288659"],"references-count":33,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-28865-9_21","relation":{},"ISSN":["1867-8211","1867-822X"],"issn-type":[{"type":"print","value":"1867-8211"},{"type":"electronic","value":"1867-822X"}],"subject":[],"published":{"date-parts":[[2015]]}}}