{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,21]],"date-time":"2026-02-21T19:21:13Z","timestamp":1771701673680,"version":"3.50.1"},"publisher-location":"Cham","reference-count":47,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783319663319","type":"print"},{"value":"9783319663326","type":"electronic"}],"license":[{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2017]]},"DOI":"10.1007\/978-3-319-66332-6_6","type":"book-chapter","created":{"date-parts":[[2017,10,11]],"date-time":"2017-10-11T11:58:05Z","timestamp":1507723085000},"page":"120-140","source":"Crossref","is-referenced-by-count":21,"title":["ILAB: An Interactive Labelling Strategy for Intrusion Detection"],"prefix":"10.1007","author":[{"given":"Ana\u00ebl","family":"Beaugnon","sequence":"first","affiliation":[]},{"given":"Pierre","family":"Chifflier","sequence":"additional","affiliation":[]},{"given":"Francis","family":"Bach","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2017,10,12]]},"reference":[{"key":"6_CR1","doi-asserted-by":"crossref","unstructured":"Almgren, M., Jonsson, E.: Using active learning in intrusion detection. In: CSFW, pp. 88\u201398 (2004)","DOI":"10.1109\/CSFW.2004.1310734"},{"key":"6_CR2","unstructured":"Antonakakis, M., Perdisci, R., Nadji, Y., Vasiloglou, N., Abu-Nimeh, S., Lee, W., Dagon, D.: From throw-away traffic to bots: detecting the rise of DGA-based malware. In: USENIX Security, pp. 491\u2013506 (2012)"},{"key":"6_CR3","doi-asserted-by":"crossref","unstructured":"Baldridge, J., Palmer, A.: How well does active learning actually work?: Time-based evaluation of cost-reduction strategies for language documentation. In: EMNLP, pp. 296\u2013305 (2009)","DOI":"10.3115\/1699510.1699549"},{"key":"6_CR4","doi-asserted-by":"crossref","unstructured":"Berlin, K., Slater, D., Saxe, J.: Malicious behavior detection using windows audit logs. In: AISEC, pp. 35\u201344 (2015)","DOI":"10.1145\/2808769.2808773"},{"key":"6_CR5","doi-asserted-by":"crossref","unstructured":"Bilge, L., Balzarotti, D., Robertson, W., Kirda, E., Kruegel, C.: Disclosure: detecting botnet command and control servers through large-scale netflow analysis. In: ACSAC, pp. 129\u2013138 (2012)","DOI":"10.1145\/2420950.2420969"},{"key":"6_CR6","doi-asserted-by":"crossref","unstructured":"Claise, B.: Cisco systems netflow services export version 9 (2004)","DOI":"10.17487\/rfc3954"},{"key":"6_CR7","doi-asserted-by":"crossref","unstructured":"Corona, I., Maiorca, D., Ariu, D., Giacinto, G.: Lux0r: detection of malicious PDF-embedded JavaScript code through discriminant analysis of API references. In: AISEC, pp. 47\u201357 (2014)","DOI":"10.1145\/2666652.2666657"},{"key":"6_CR8","doi-asserted-by":"crossref","unstructured":"Dasgupta, S., Hsu, D.: Hierarchical sampling for active learning. In: ICML, pp. 208\u2013215 (2008)","DOI":"10.1145\/1390156.1390183"},{"key":"6_CR9","doi-asserted-by":"crossref","unstructured":"Druck, G., Settles, B., McCallum, A.: Active learning by labeling features. In: EMNLP, pp. 81\u201390 (2009)","DOI":"10.3115\/1699510.1699522"},{"key":"6_CR10","series-title":"Springer Series in Statistics","doi-asserted-by":"publisher","DOI":"10.1007\/978-0-387-21606-5","volume-title":"The Elements of Statistical Learning","author":"J Friedman","year":"2001","unstructured":"Friedman, J., Hastie, T., Tibshirani, R.: The Elements of Statistical Learning. Springer Series in Statistics, vol. 1. Springer, Berlin (2001). doi: 10.1007\/978-0-387-21606-5"},{"key":"6_CR11","doi-asserted-by":"crossref","unstructured":"Gascon, H., Yamaguchi, F., Arp, D., Rieck, K.: Structural detection of android malware using embedded call graphs. In: AISEC, pp. 45\u201354 (2013)","DOI":"10.1145\/2517312.2517315"},{"key":"6_CR12","doi-asserted-by":"crossref","unstructured":"G\u00f6rnitz, N., Kloft, M., Brefeld, U.: Active and semi-supervised data domain description. In: ECML-PKDD, pp. 407\u2013422 (2009)","DOI":"10.1007\/978-3-642-04180-8_44"},{"key":"6_CR13","doi-asserted-by":"crossref","unstructured":"G\u00f6rnitz, N., Kloft, M., Rieck, K., Brefeld, U.: Active learning for network intrusion detection. In: AISEC, pp. 47\u201354 (2009)","DOI":"10.1145\/1654988.1655002"},{"key":"6_CR14","doi-asserted-by":"crossref","first-page":"235","DOI":"10.1613\/jair.3623","volume":"46","author":"N G\u00f6rnitz","year":"2013","unstructured":"G\u00f6rnitz, N., Kloft, M.M., Rieck, K., Brefeld, U.: Toward supervised anomaly detection. JAIR 46, 235\u2013262 (2013)","journal-title":"JAIR"},{"key":"6_CR15","doi-asserted-by":"crossref","unstructured":"Hachey, B., Alex, B., Becker, M.: Investigating the effects of selective sampling on the annotation task. In: CoNLL, pp. 144\u2013151 (2005)","DOI":"10.3115\/1706543.1706569"},{"issue":"1","key":"6_CR16","doi-asserted-by":"crossref","first-page":"29","DOI":"10.1148\/radiology.143.1.7063747","volume":"143","author":"JA Hanley","year":"1982","unstructured":"Hanley, J.A., McNeil, B.J.: The meaning and use of the area under a receiver operating characteristic (ROC) curve. Radiology 143(1), 29\u201336 (1982)","journal-title":"Radiology"},{"key":"6_CR17","unstructured":"Jones, E., Oliphant, T., Peterson, P.: SciPy: open source scientific tools for Python (2001). http:\/\/www.scipy.org\/"},{"key":"6_CR18","doi-asserted-by":"crossref","unstructured":"Jung, J., Paxson, V., Berger, A.W., Balakrishnan, H.: Fast portscan detection using sequential hypothesis testing. In: S&P, pp. 211\u2013225 (2004)","DOI":"10.1109\/SECPRI.2004.1301325"},{"key":"6_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/978-3-319-26362-5_1","volume-title":"Research in Attacks, Intrusions, and Defenses","author":"KN Khasawneh","year":"2015","unstructured":"Khasawneh, K.N., Ozsoy, M., Donovick, C., Abu-Ghazaleh, N., Ponomarev, D.: Ensemble learning for low-level hardware-supported malware detection. In: Bos, H., Monrose, F., Blanc, G. (eds.) RAID 2015. LNCS, vol. 9404, pp. 3\u201325. Springer, Cham (2015). doi: 10.1007\/978-3-319-26362-5_1"},{"key":"6_CR20","doi-asserted-by":"crossref","unstructured":"Lewis, D.D., Gale, W.A.: A sequential algorithm for training text classifiers. In: SIGIR, pp. 3\u201312 (1994)","DOI":"10.1007\/978-1-4471-2099-5_1"},{"key":"6_CR21","doi-asserted-by":"crossref","unstructured":"Miller, B., Kantchelian, A., Afroz, S., Bachwani, R., Dauber, E., Huang, L., Tschantz, M.C., Joseph, A.D., Tygar, J.: Adversarial active learning. In: AISEC, pp. 3\u201314 (2014)","DOI":"10.1145\/2666652.2666656"},{"issue":"1","key":"6_CR22","doi-asserted-by":"crossref","first-page":"15","DOI":"10.1007\/s10207-014-0248-7","volume":"14","author":"A Nappa","year":"2015","unstructured":"Nappa, A., Rafique, M.Z., Caballero, J.: The MALICIA dataset: identification and analysis of drive-by download operations. IJIS 14(1), 15\u201333 (2015)","journal-title":"IJIS"},{"key":"6_CR23","volume-title":"Five Balltree Construction Algorithms","author":"SM Omohundro","year":"1989","unstructured":"Omohundro, S.M.: Five Balltree Construction Algorithms. International Computer Science Institute, Berkeley (1989)"},{"issue":"23","key":"6_CR24","doi-asserted-by":"crossref","first-page":"2435","DOI":"10.1016\/S1389-1286(99)00112-7","volume":"31","author":"V Paxson","year":"1999","unstructured":"Paxson, V.: Bro: a system for detecting network intruders in real-time. Comput. Netw. 31(23), 2435\u20132463 (1999)","journal-title":"Comput. Netw."},{"key":"6_CR25","first-page":"2825","volume":"12","author":"F Pedregosa","year":"2011","unstructured":"Pedregosa, F., Varoquaux, G., Gramfort, A., Michel, V., Thirion, B., Grisel, O., Blondel, M., Prettenhofer, P., Weiss, R., Dubourg, V., Vanderplas, J., Passos, A., Cournapeau, D., Brucher, M., Perrot, M., Duchesnay, E.: Scikit-learn: machine learning in Python. JMLR 12, 2825\u20132830 (2011)","journal-title":"JMLR"},{"key":"6_CR26","unstructured":"Pelleg, D., Moore, A.W.: Active learning for anomaly and rare-category detection. In: NIPS, pp. 1073\u20131080 (2004)"},{"key":"6_CR27","doi-asserted-by":"crossref","unstructured":"Rieck, K.: Computer security and machine learning: worst enemies or best friends? In: SysSec, pp. 107\u2013110 (2011)","DOI":"10.1109\/SysSec.2011.16"},{"key":"6_CR28","doi-asserted-by":"crossref","first-page":"53","DOI":"10.1016\/0377-0427(87)90125-7","volume":"20","author":"PJ Rousseeuw","year":"1987","unstructured":"Rousseeuw, P.J.: Silhouettes: a graphical aid to the interpretation and validation of cluster analysis. J. Comput. Appl. Math. 20, 53\u201365 (1987)","journal-title":"J. Comput. Appl. Math."},{"key":"6_CR29","doi-asserted-by":"crossref","unstructured":"Sch\u00fctze, H., Velipasaoglu, E., Pedersen, J.O.: Performance thresholding in practical text classification. In: CIKM, pp. 662\u2013671 (2006)","DOI":"10.1145\/1183614.1183709"},{"key":"6_CR30","unstructured":"Sculley, D.: Online active learning methods for fast label-efficient spam filtering. In: CEAS, pp. 1\u20134 (2007)"},{"key":"6_CR31","doi-asserted-by":"crossref","unstructured":"Sculley, D., Otey, M.E., Pohl, M., Spitznagel, B., Hainsworth, J., Zhou, Y.: Detecting adversarial advertisements in the wild. In: KDD, pp. 274\u2013282 (2011)","DOI":"10.1145\/2020408.2020455"},{"issue":"55\u201366","key":"6_CR32","first-page":"11","volume":"52","author":"B Settles","year":"2010","unstructured":"Settles, B.: Active learning literature survey. Univ. Wisconsin Madison 52(55\u201366), 11 (2010)","journal-title":"Univ. Wisconsin Madison"},{"key":"6_CR33","first-page":"1","volume":"16","author":"B Settles","year":"2011","unstructured":"Settles, B.: From theories to queries: active learning in practice. JMLR 16, 1\u201318 (2011)","journal-title":"JMLR"},{"issue":"1","key":"6_CR34","doi-asserted-by":"crossref","first-page":"1","DOI":"10.2200\/S00429ED1V01Y201207AIM018","volume":"6","author":"B Settles","year":"2012","unstructured":"Settles, B.: Active learning. Synth. Lect. Artif. Intell. Mach. Learn. 6(1), 1\u2013114 (2012)","journal-title":"Synth. Lect. Artif. Intell. Mach. Learn."},{"key":"6_CR35","doi-asserted-by":"crossref","unstructured":"Smutz, C., Stavrou, A.: Malicious PDF detection using metadata and structural features. In: ACSAC, pp. 239\u2013248 (2012)","DOI":"10.1145\/2420950.2420987"},{"key":"6_CR36","doi-asserted-by":"crossref","unstructured":"Smutz, C., Stavrou, A.: Malicious PDF detection using metadata and structural features. In: Technical report. George Mason University (2012)","DOI":"10.1145\/2420950.2420987"},{"key":"6_CR37","doi-asserted-by":"crossref","unstructured":"Snow, R., O\u2019Connor, B., Jurafsky, D., Ng, A.Y.: Cheap and fast\u2013but is it good?: Evaluating non-expert annotations for natural language tasks. In: EMNLP. pp. 254\u2013263 (2008)","DOI":"10.3115\/1613715.1613751"},{"key":"6_CR38","doi-asserted-by":"crossref","unstructured":"Sommer, R., Paxson, V.: Outside the closed world: On using machine learning for network intrusion detection. In: S&P, pp. 305\u2013316 (2010)","DOI":"10.1109\/SP.2010.25"},{"key":"6_CR39","doi-asserted-by":"crossref","unstructured":"Song, J., Takakura, H., Okabe, Y., Eto, M., Inoue, D., Nakao, K.: Statistical analysis of honeypot data and building of kyoto 2006+ dataset for NIDS evaluation. In: BADGERS, pp. 29\u201336 (2011)","DOI":"10.1145\/1978672.1978676"},{"key":"6_CR40","unstructured":"Stokes, J.W., Platt, J.C., Kravis, J., Shilman, M.: Aladin: active learning of anomalies to detect intrusions. Technical report. Microsoft Network Security Redmond, WA (2008)"},{"key":"6_CR41","doi-asserted-by":"crossref","unstructured":"Tavallaee, M., Bagheri, E., Lu, W., Ghorbani, A.A.: A detailed analysis of the KDD CUP 99 data set. In: CISDA (2009)","DOI":"10.1109\/CISDA.2009.5356528"},{"issue":"1","key":"6_CR42","doi-asserted-by":"crossref","first-page":"45","DOI":"10.1023\/B:MACH.0000008084.60811.49","volume":"54","author":"DM Tax","year":"2004","unstructured":"Tax, D.M., Duin, R.P.: Support vector data description. Mach. Learn. 54(1), 45\u201366 (2004)","journal-title":"Mach. Learn."},{"key":"6_CR43","doi-asserted-by":"crossref","unstructured":"Tomanek, K., Olsson, F.: A web survey on the use of active learning to support annotation of text data. In: ALNLP, pp. 45\u201348 (2009)","DOI":"10.3115\/1564131.1564140"},{"key":"6_CR44","doi-asserted-by":"crossref","unstructured":"Veeramachaneni, K., Arnaldo, I.: AI2: training a big data machine to defend. In: DataSec, pp. 49\u201354 (2016)","DOI":"10.1109\/BigDataSecurity-HPSC-IDS.2016.79"},{"key":"6_CR45","unstructured":"Whittaker, C., Ryner, B., Nazif, M.: Large-scale automatic classification of phishing pages. In: NDSS, vol. 10 (2010)"},{"key":"6_CR46","first-page":"67","volume":"35","author":"S Wright","year":"1999","unstructured":"Wright, S., Nocedal, J.: Numerical optimization. Springer Sci. 35, 67\u201368 (1999)","journal-title":"Springer Sci."},{"key":"6_CR47","unstructured":"Zhang, T., Oles, F.: The value of unlabeled data for classification problems. In: ICML, pp. 1191\u20131198 (2000)"}],"container-title":["Lecture Notes in Computer Science","Research in Attacks, Intrusions, and Defenses"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-66332-6_6","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,10,4]],"date-time":"2019-10-04T13:17:54Z","timestamp":1570195074000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-66332-6_6"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017]]},"ISBN":["9783319663319","9783319663326"],"references-count":47,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-66332-6_6","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2017]]}}}