{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,28]],"date-time":"2026-04-28T10:16:15Z","timestamp":1777371375091,"version":"3.51.4"},"publisher-location":"Cham","reference-count":36,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783319500102","type":"print"},{"value":"9783319500119","type":"electronic"}],"license":[{"start":{"date-parts":[[2016,1,1]],"date-time":"2016-01-01T00:00:00Z","timestamp":1451606400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2016,1,1]],"date-time":"2016-01-01T00:00:00Z","timestamp":1451606400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2016]]},"DOI":"10.1007\/978-3-319-50011-9_13","type":"book-chapter","created":{"date-parts":[[2016,11,24]],"date-time":"2016-11-24T07:10:32Z","timestamp":1479971432000},"page":"159-172","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":3,"title":["A Transparent Learning Approach for Attack Prediction Based on User Behavior Analysis"],"prefix":"10.1007","author":[{"given":"Peizhi","family":"Shao","sequence":"first","affiliation":[]},{"given":"Jiuming","family":"Lu","sequence":"additional","affiliation":[]},{"given":"Raymond K.","family":"Wong","sequence":"additional","affiliation":[]},{"given":"Wenzhuo","family":"Yang","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2016,11,25]]},"reference":[{"key":"13_CR1","doi-asserted-by":"crossref","unstructured":"Agrawal, R., Imieli\u0144ski, T., Swami, A.: Mining association rules between sets of items in large databases. In: ACM Sigmod Record, vol. 22, pp. 207\u2013216. ACM (1993)","DOI":"10.1145\/170036.170072"},{"issue":"4","key":"13_CR2","doi-asserted-by":"publisher","first-page":"1184","DOI":"10.1016\/j.jnca.2011.01.002","volume":"34","author":"F Amiri","year":"2011","unstructured":"Amiri, F., Yousefi, M.R., Lucas, C., Shakery, A., Yazdani, N.: Mutual information-based feature selection for intrusion detection systems. J. Netw. Comput. Appl. 34(4), 1184\u20131199 (2011)","journal-title":"J. Netw. Comput. Appl."},{"issue":"4","key":"13_CR3","doi-asserted-by":"publisher","first-page":"221","DOI":"10.1016\/j.cose.2010.12.004","volume":"30","author":"D Ariu","year":"2011","unstructured":"Ariu, D., Tronci, R., Giacinto, G.: HMMPayl: an intrusion detection system based on hidden Markov models. Comput. Secur. 30(4), 221\u2013241 (2011)","journal-title":"Comput. Secur."},{"key":"13_CR4","unstructured":"Asenjo, P.E.R.: Web user behavior analysis. Ph.D. thesis, Universidad De Chile (2011)"},{"issue":"3","key":"13_CR5","doi-asserted-by":"publisher","first-page":"360","DOI":"10.1090\/S0002-9904-1967-11751-8","volume":"73","author":"LE Baum","year":"1967","unstructured":"Baum, L.E., Eagon, J.A., et al.: An inequality with applications to statistical estimation for probabilistic functions of Markov processes and to a model for ecology. Bull. Amer. Math. Soc. 73(3), 360\u2013363 (1967)","journal-title":"Bull. Amer. Math. Soc."},{"key":"13_CR6","unstructured":"Bilge, L., Kirda, E., Kruegel, C., Balduzzi, M.: EXPOSURE: finding malicious domains using passive DNS analysis. In: National Diabetes Services Scheme (NDSS) (2011)"},{"issue":"4","key":"13_CR7","doi-asserted-by":"publisher","first-page":"14","DOI":"10.1145\/2584679","volume":"16","author":"L Bilge","year":"2014","unstructured":"Bilge, L., Sen, S., Balzarotti, D., Kirda, E., Kruegel, C.: EXPOSURE: a passive DNS analysis service to detect and report malicious domains. ACM Trans. Inf. Syst. Secur. (TISSEC) 16(4), 14 (2014)","journal-title":"ACM Trans. Inf. Syst. Secur. (TISSEC)"},{"issue":"1","key":"13_CR8","first-page":"579","volume":"12","author":"A Bivens","year":"2002","unstructured":"Bivens, A., Palagiri, C., Smith, R., Szymanski, B., Embrechts, M., et al.: Network-based intrusion detection using neural networks. Intell. Eng. Syst. Artif. Neural Netw. 12(1), 579\u2013584 (2002)","journal-title":"Intell. Eng. Syst. Artif. Neural Netw."},{"key":"13_CR9","series-title":"Lecture Notes in Computer Science (Lecture Notes in Artificial Intelligence)","doi-asserted-by":"publisher","first-page":"13","DOI":"10.1007\/978-3-642-30220-6_2","volume-title":"Advances in Knowledge Discovery and Data Mining","author":"H Brahmi","year":"2012","unstructured":"Brahmi, H., Brahmi, I., Ben Yahia, S.: OMC-IDS: at the cross-roads of OLAP mining and intrusion detection. In: Tan, P.-N., Chawla, S., Ho, C.K., Bailey, J. (eds.) PAKDD 2012. LNCS (LNAI), vol. 7302, pp. 13\u201324. Springer, Heidelberg (2012). doi:10.1007\/978-3-642-30220-6_2"},{"issue":"2","key":"13_CR10","doi-asserted-by":"publisher","first-page":"1153","DOI":"10.1109\/COMST.2015.2494502","volume":"18","author":"AL Buczak","year":"2015","unstructured":"Buczak, A.L., Guven, E.: A survey of data mining and machine learning methods for cyber security intrusion detection. IEEE Commun. Surv. Tutor. 18(2), 1153\u20131176 (2015)","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"13_CR11","unstructured":"Cannady, J.: Artificial neural networks for misuse detection. In: National Information Systems Security Conference, pp. 368\u201381 (1998)"},{"key":"13_CR12","doi-asserted-by":"crossref","first-page":"115","DOI":"10.1016\/B978-1-55860-377-6.50023-2","volume-title":"Machine Learning Proceedings 1995","author":"William W. Cohen","year":"1995","unstructured":"Cohen, W.W.: Fast effective rule induction. In: Proceedings of the Twelfth International Conference on Machine Learning, pp. 115\u2013123 (1995)"},{"issue":"1","key":"13_CR13","doi-asserted-by":"publisher","first-page":"417","DOI":"10.1146\/annurev.ps.41.020190.002221","volume":"41","author":"JM Digman","year":"1990","unstructured":"Digman, J.M.: Personality structure: emergence of the five-factor model. Annu. Rev. Psychol. 41(1), 417\u2013440 (1990)","journal-title":"Annu. Rev. Psychol."},{"key":"13_CR14","doi-asserted-by":"crossref","unstructured":"Han, H., Lu, X.L., Ren, L.Y.: Using data mining to discover signatures in network-based intrusion detection. In: Proceedings of International Conference on Machine Learning and Cybernetics, vol. 1, pp. 13\u201317. IEEE (2002)","DOI":"10.1109\/ICMLC.2002.1176698"},{"key":"13_CR15","doi-asserted-by":"crossref","unstructured":"Jemili, F., Zaghdoud, M., Ahmed, M.B.: A framework for an adaptive intrusion detection system using Bayesian network. In: ISI, pp. 66\u201370 (2007)","DOI":"10.1109\/ISI.2007.379535"},{"key":"13_CR16","doi-asserted-by":"crossref","unstructured":"Joshi, S.S., Phoha, V.V.: Investigating hidden Markov models capabilities in anomaly detection. In: Proceedings of the 43rd Annual Southeast Regional Conference, vol. 1, pp. 98\u2013103. ACM (2005)","DOI":"10.1145\/1167350.1167387"},{"key":"13_CR17","doi-asserted-by":"crossref","unstructured":"Kruegel, C., Mutz, D., Robertson, W., Valeur, F.: Bayesian event classification for intrusion detection. In: Proceedings 19th Annual Computer Security Applications Conference, pp. 14\u201323. IEEE (2003)","DOI":"10.1109\/CSAC.2003.1254306"},{"key":"13_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"173","DOI":"10.1007\/978-3-540-45248-5_10","volume-title":"Recent Advances in Intrusion Detection","author":"C Kruegel","year":"2003","unstructured":"Kruegel, C., Toth, T.: Using decision trees to improve signature-based intrusion detection. In: Vigna, G., Kruegel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol. 2820, pp. 173\u2013191. Springer, Heidelberg (2003). doi:10.1007\/978-3-540-45248-5_10"},{"key":"13_CR19","unstructured":"Lee, W., Stolfo, S.J., Mok, K.W.: A data mining framework for building intrusion detection models. In: Proceedings of the 1999 IEEE Symposium on Security and Privacy, pp. 120\u2013132. IEEE (1999)"},{"issue":"1","key":"13_CR20","doi-asserted-by":"publisher","first-page":"424","DOI":"10.1016\/j.eswa.2011.07.032","volume":"39","author":"Y Li","year":"2012","unstructured":"Li, Y., Xia, J., Zhang, S., Yan, J., Ai, X., Dai, K.: An efficient intrusion detection system based on support vector machines and gradually feature removal method. Expert Syst. Appl. 39(1), 424\u2013430 (2012)","journal-title":"Expert Syst. Appl."},{"issue":"4","key":"13_CR21","doi-asserted-by":"publisher","first-page":"597","DOI":"10.1016\/S1389-1286(00)00140-7","volume":"34","author":"RP Lippmann","year":"2000","unstructured":"Lippmann, R.P., Cunningham, R.K.: Improving intrusion detection performance using keyword selection and neural networks. Comput. Netw. 34(4), 597\u2013603 (2000)","journal-title":"Comput. Netw."},{"key":"13_CR22","series-title":"Symbolic Computation","doi-asserted-by":"publisher","first-page":"83","DOI":"10.1007\/978-3-662-12405-5","volume-title":"Machine Learning","author":"RS Michalski","year":"1983","unstructured":"Michalski, R.S.: A theory and methodology of inductive learning. In: Michalski, R.S., Carbonell, J.G., Mitchell, T.M. (eds.) Machine Learning. Symbolic Computation, pp. 83\u2013134. Springer, Heidelberg (1983)"},{"key":"13_CR23","unstructured":"Muggleton, S., Feng, C., et al.: Efficient Induction of Logic Programs. Turing Institute (1990)"},{"key":"13_CR24","unstructured":"Norton, M., Roelker, D.: SNORT 2.0: Hi-performance multi-rule inspection engine. Sourcefire Network Security Inc (2002)"},{"issue":"12","key":"13_CR25","first-page":"258","volume":"7","author":"M Panda","year":"2007","unstructured":"Panda, M., Patra, M.R.: Network intrusion detection using naive bayes. Int. J. Comput. Sci. Netw. Secur. 7(12), 258\u2013263 (2007)","journal-title":"Int. J. Comput. Sci. Netw. Secur."},{"issue":"4","key":"13_CR26","doi-asserted-by":"publisher","first-page":"597","DOI":"10.1016\/j.cose.2011.12.010","volume":"31","author":"SL Pfleeger","year":"2012","unstructured":"Pfleeger, S.L., Caputo, D.D.: Leveraging behavioral science to mitigate cyber security risk. Comput. Secur. 31(4), 597\u2013611 (2012)","journal-title":"Comput. Secur."},{"key":"13_CR27","unstructured":"Plotkin, G.: Automatic methods of inductive inference. Ph.D. thesis, The University of Edinburgh (1972)"},{"key":"13_CR28","unstructured":"Plotkin, G.D.: A further note on inductive generalization. In: Machine Intelligence, vol. 6, pp. 101\u2013124. Edinburgh University Press (1971)"},{"issue":"1","key":"13_CR29","first-page":"81","volume":"1","author":"JR Quinlan","year":"1986","unstructured":"Quinlan, J.R.: Induction of decision trees. Mach. Learn. 1(1), 81\u2013106 (1986)","journal-title":"Mach. Learn."},{"key":"13_CR30","volume-title":"C4. 5: Programs for Machine Learning","author":"JR Quinlan","year":"2014","unstructured":"Quinlan, J.R.: C4. 5: Programs for Machine Learning. Elsevier, Amsterdam (2014)"},{"issue":"1","key":"13_CR31","first-page":"247","volume":"8","author":"J Raiyn","year":"2014","unstructured":"Raiyn, J., et al.: A survey of cyber attack detection strategies. Int. J. Secur. Appl. 8(1), 247\u2013256 (2014)","journal-title":"Int. J. Secur. Appl."},{"key":"13_CR32","unstructured":"Reiss, F.: Transparent Machine Learning for Information Extraction: State-of-the-Art and the Future (2015). http:\/\/www.emnlp.2015.org\/tutorials\/15\/15_OptionalAttachment.pdf"},{"key":"13_CR33","doi-asserted-by":"crossref","unstructured":"Udantha, M., Ranathunga, S., Dias, G.: Modelling website user behaviors by combining the EM and DBSCAN algorithms. In: 2016 Moratuwa Engineering Research Conference (MERCon), pp. 168\u2013173. IEEE (2016)","DOI":"10.1109\/MERCon.2016.7480134"},{"issue":"5","key":"13_CR34","first-page":"390","volume":"15","author":"M Uma","year":"2013","unstructured":"Uma, M., Padmavathi, G.: A survey on various cyber attacks and their classification. Int. J. Netw. Secur. 15(5), 390\u2013396 (2013)","journal-title":"Int. J. Netw. Secur."},{"key":"13_CR35","volume-title":"Data Mining: Practical Machine Learning Tools and Techniques","author":"IH Witten","year":"2005","unstructured":"Witten, I.H., Frank, E.: Data Mining: Practical Machine Learning Tools and Techniques. Morgan Kaufmann, Burlington (2005)"},{"key":"13_CR36","doi-asserted-by":"crossref","unstructured":"Zhengbing, H., Zhitang, L., Junqi, W.: A novel network intrusion detection system (NIDS) based on signatures search of data mining. In: First International Workshop on Knowledge Discovery and Data Mining (WKDD), pp. 10\u201316. IEEE (2008)","DOI":"10.1109\/WKDD.2008.48"}],"container-title":["Lecture Notes in Computer Science","Information and Communications Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-50011-9_13","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,12]],"date-time":"2025-06-12T20:59:00Z","timestamp":1749761940000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-319-50011-9_13"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016]]},"ISBN":["9783319500102","9783319500119"],"references-count":36,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-50011-9_13","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2016]]},"assertion":[{"value":"25 November 2016","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ICICS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Information and Communications Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Singapore","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Singapore","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2016","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"29 November 2016","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2 December 2016","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"18","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"icics2016","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/www.icics2016.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}