{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,7]],"date-time":"2026-05-07T15:27:04Z","timestamp":1778167624911,"version":"3.51.4"},"publisher-location":"Cham","reference-count":22,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783319998060","type":"print"},{"value":"9783319998077","type":"electronic"}],"license":[{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018]]},"DOI":"10.1007\/978-3-319-99807-7_20","type":"book-chapter","created":{"date-parts":[[2018,9,5]],"date-time":"2018-09-05T09:44:46Z","timestamp":1536140686000},"page":"329-340","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":30,"title":["A Two-Stage Classifier Approach for Network Intrusion Detection"],"prefix":"10.1007","author":[{"given":"Wei","family":"Zong","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yang-Wai","family":"Chow","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Willy","family":"Susilo","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2018,9,6]]},"reference":[{"issue":"1","key":"20_CR1","doi-asserted-by":"publisher","first-page":"5","DOI":"10.1023\/A:1010933404324","volume":"45","author":"L Breiman","year":"2001","unstructured":"Breiman, L.: Random forests. Mach. Learn. 45(1), 5\u201332 (2001)","journal-title":"Mach. Learn."},{"issue":"2","key":"20_CR2","doi-asserted-by":"publisher","first-page":"1153","DOI":"10.1109\/COMST.2015.2494502","volume":"18","author":"AL Buczak","year":"2016","unstructured":"Buczak, A.L., Guven, E.: A survey of data mining and machine learning methods for cyber security intrusion detection. IEEE Commun. Surv. Tutor. 18(2), 1153\u20131176 (2016)","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"20_CR3","doi-asserted-by":"publisher","first-page":"321","DOI":"10.1613\/jair.953","volume":"16","author":"NV Chawla","year":"2002","unstructured":"Chawla, N.V., Bowyer, K.W., Hall, L.O., Kegelmeyer, W.P.: SMOTE: synthetic minority over-sampling technique. J. Artif. Intell. Res. 16, 321\u2013357 (2002)","journal-title":"J. Artif. Intell. Res."},{"key":"20_CR4","unstructured":"Chen, C., Liaw, A., Breiman, L.: Using random forest to learn imbalanced data. Technical report, University of California, Berkeley (2004)"},{"key":"20_CR5","doi-asserted-by":"crossref","unstructured":"Janarthanan, T., Zargari, S.: Feature selection in UNSW-NB15 and KDDCUP\u201999 datasets. In: 2017 IEEE 26th International Symposium on Industrial Electronics (ISIE), pp. 1881\u20131886, June 2017","DOI":"10.1109\/ISIE.2017.8001537"},{"key":"20_CR6","doi-asserted-by":"publisher","first-page":"9","DOI":"10.1016\/j.jnca.2015.12.004","volume":"62","author":"S Ji","year":"2016","unstructured":"Ji, S., Jeong, B., Choi, S., Jeong, D.H.: A multi-level intrusion detection method for abnormal network behaviors. J. Netw. Comput. Appl. 62, 9\u201317 (2016)","journal-title":"J. Netw. Comput. Appl."},{"issue":"S\u20131","key":"20_CR7","doi-asserted-by":"publisher","first-page":"1051","DOI":"10.1007\/s00521-016-2418-1","volume":"28","author":"J Kevric","year":"2017","unstructured":"Kevric, J., Jukic, S., Subasi, A.: An effective combining classifier approach using tree algorithms for network intrusion detection. Neural Comput. Appl. 28(S\u20131), 1051\u20131058 (2017)","journal-title":"Neural Comput. Appl."},{"issue":"4","key":"20_CR8","doi-asserted-by":"publisher","first-page":"262","DOI":"10.1145\/382912.382923","volume":"3","author":"J McHugh","year":"2000","unstructured":"McHugh, J.: Testing intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by lincoln laboratory. ACM Trans. Inf. Syst. Secur. 3(4), 262\u2013294 (2000)","journal-title":"ACM Trans. Inf. Syst. Secur."},{"key":"20_CR9","doi-asserted-by":"crossref","unstructured":"Moustafa, N., Slay, J.: The significant features of the UNSW-NB15 and the KDD99 data sets for network intrusion detection systems. In: 2015 4th International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS), pp. 25\u201331, November 2015","DOI":"10.1109\/BADGERS.2015.014"},{"key":"20_CR10","doi-asserted-by":"crossref","unstructured":"Moustafa, N., Slay, J.: UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). In: 2015 Military Communications and Information Systems Conference, MilCIS 2015, Canberra, Australia, 10\u201312 November 2015, pp. 1\u20136. IEEE (2015)","DOI":"10.1109\/MilCIS.2015.7348942"},{"issue":"1\u20133","key":"20_CR11","first-page":"18","volume":"25","author":"N Moustafa","year":"2016","unstructured":"Moustafa, N., Slay, J.: The evaluation of network anomaly detection systems: statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set. Inf. Secur. J.: Glob. Persp. 25(1\u20133), 18\u201331 (2016)","journal-title":"Inf. Secur. J.: Glob. Persp."},{"issue":"1","key":"20_CR12","doi-asserted-by":"publisher","first-page":"61","DOI":"10.1007\/s10844-015-0388-x","volume":"48","author":"HH Pajouh","year":"2017","unstructured":"Pajouh, H.H., Dastghaibyfard, G., Hashemi, S.: Two-tier network anomaly detection model: a machine learning approach. J. Intell. Inf. Syst. 48(1), 61\u201374 (2017)","journal-title":"J. Intell. Inf. Syst."},{"issue":"6","key":"20_CR13","first-page":"20","volume":"7","author":"MR Parsaei","year":"2016","unstructured":"Parsaei, M.R., Rostami, S.M., Javidan, R.: A hybrid data mining approach for intrusion detection on imbalanced NSL-KDD dataset. Int. J. Adv. Comput. Sci. Appl. 7(6), 20\u201325 (2016)","journal-title":"Int. J. Adv. Comput. Sci. Appl."},{"issue":"6","key":"20_CR14","doi-asserted-by":"publisher","first-page":"51","DOI":"10.5121\/ijnsa.2012.4604","volume":"4","author":"Maher Salem","year":"2012","unstructured":"Salem, M., Buehler, U.: Mining techniques in network security to enhance intrusion detection systems. Int. J. Netw. Secur. Appl. 4(6) (2012)","journal-title":"International Journal of Network Security & Its Applications"},{"issue":"18","key":"20_CR15","doi-asserted-by":"publisher","first-page":"2227","DOI":"10.1016\/j.comcom.2011.07.001","volume":"34","author":"P Sangkatsanee","year":"2011","unstructured":"Sangkatsanee, P., Wattanapongsakorn, N., Charnsripinyo, C.: Practical real-time intrusion detection using machine learning approaches. Comput. Commun. 34(18), 2227\u20132235 (2011)","journal-title":"Comput. Commun."},{"key":"20_CR16","unstructured":"Shyu, M., Sarinnapakorn, K., Kuruppu-Appuhamilage, I., Chen, S., Chang, L., Goldring, T.: Handling nominal features in anomaly intrusion detection problems. In: 15th International Workshop on Research Issues in Data Engineering (RIDE-SDMA 2005), Stream Data Mining and Applications, Tokyo, Japan, 3\u20137 April 2005, pp. 55\u201362. IEEE Computer Society (2005)"},{"key":"20_CR17","doi-asserted-by":"crossref","unstructured":"Sommer, R., Paxson, V.: Outside the closed world: on using machine learning for network intrusion detection. In: 31st IEEE Symposium on Security and Privacy, S&P 2010, Berleley\/Oakland, California, USA, 16\u201319 May 2010, pp. 305\u2013316. IEEE Computer Society (2010)","DOI":"10.1109\/SP.2010.25"},{"key":"20_CR18","doi-asserted-by":"crossref","unstructured":"Tavallaee, M., Bagheri, E., Lu, W., Ghorbani, A.A.: A detailed analysis of the KDD CUP 99 data set. In: 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications, CISDA 2009, Ottawa, Canada, 8\u201310 July 2009, pp. 1\u20136. IEEE (2009)","DOI":"10.1109\/CISDA.2009.5356528"},{"key":"20_CR19","doi-asserted-by":"crossref","unstructured":"Tesfahun, A., Bhaskari, D.L.: Intrusion detection using random forests classifier with smote and feature reduction. In: 2013 International Conference on Cloud Ubiquitous Computing Emerging Technologies, pp. 127\u2013132, November 2013","DOI":"10.1109\/CUBE.2013.31"},{"key":"20_CR20","unstructured":"The Bro Project. The Bro Network Security Monitor (2014). https:\/\/www.bro.org\/"},{"key":"20_CR21","volume-title":"Data Mining: Practical Machine Learning Tools and Techniques","author":"IH Witten","year":"2011","unstructured":"Witten, I.H., Frank, E., Hall, M.A.: Data Mining: Practical Machine Learning Tools and Techniques, 3rd edn. Morgan Kaufmann Publishers Inc., San Francisco (2011)","edition":"3"},{"issue":"5","key":"20_CR22","doi-asserted-by":"publisher","first-page":"649","DOI":"10.1109\/TSMCC.2008.923876","volume":"38","author":"J Zhang","year":"2008","unstructured":"Zhang, J., Zulkernine, M., Haque, A.: Random-forests-based network intrusion detection systems. IEEE Trans. Syst. Man Cybern. Part C 38(5), 649\u2013659 (2008)","journal-title":"IEEE Trans. Syst. Man Cybern. Part C"}],"container-title":["Lecture Notes in Computer Science","Information Security Practice and Experience"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-99807-7_20","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,10,23]],"date-time":"2019-10-23T14:08:19Z","timestamp":1571839699000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-99807-7_20"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018]]},"ISBN":["9783319998060","9783319998077"],"references-count":22,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-99807-7_20","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018]]},"assertion":[{"value":"ISPEC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Information Security Practice and Experience","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Tokyo","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Japan","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2018","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"25 September 2018","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"27 September 2018","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"14","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"ispec2018","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/www.risk.tsukuba.ac.jp\/ispec2018\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"73","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"25","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"12","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"34% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"3.0","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"4","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"2 invited papers were accepted for publication","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}}]}}