{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,25]],"date-time":"2025-09-25T15:57:50Z","timestamp":1758815870107,"version":"3.33.0"},"publisher-location":"Berlin, Heidelberg","reference-count":26,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783540734987"},{"type":"electronic","value":"9783540734994"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"DOI":"10.1007\/978-3-540-73499-4_31","type":"book-chapter","created":{"date-parts":[[2007,8,27]],"date-time":"2007-08-27T04:01:39Z","timestamp":1188187299000},"page":"404-418","source":"Crossref","is-referenced-by-count":13,"title":["A Comparative Study of Unsupervised Machine Learning and Data Mining Techniques for Intrusion Detection"],"prefix":"10.1007","author":[{"given":"Reza","family":"Sadoddin","sequence":"first","affiliation":[]},{"given":"Ali A.","family":"Ghorbani","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"31_CR1","unstructured":"Available at http:\/\/kdd.ics.uci.edu\/\/databases\/kddcup99\/kddcup99.html"},{"key":"31_CR2","unstructured":"Balasko, B., Abonyi, J., Feil, B.: Fuzzy clustering and data analysis toolbox, Available at http:\/\/www.fmt.vein.hu\/softcomp\/fclusttoolbox"},{"key":"31_CR3","doi-asserted-by":"crossref","DOI":"10.1007\/978-1-4757-0450-1","volume-title":"Pattern recognition with fuzzy objective function algorithms","author":"J.C. Bezdek","year":"1981","unstructured":"Bezdek, J.C.: Pattern recognition with fuzzy objective function algorithms. Kluwer Academic Publishers, Norwell, MA, USA (1981)"},{"issue":"2","key":"31_CR4","doi-asserted-by":"publisher","first-page":"93","DOI":"10.1145\/335191.335388","volume":"29","author":"M.M. Breunig","year":"2000","unstructured":"Breunig, M.M., Kriegel, H.P., Ng, R.T., Sander, J.: LOF: identifying density-based local outliers. SIGMOD Rec.\u00a029(2), 93\u2013104 (2000)","journal-title":"SIGMOD Rec."},{"key":"31_CR5","volume-title":"Statistical theory and methodology","author":"K. Brownlee","year":"1967","unstructured":"Brownlee, K.: Statistical theory and methodology. John Wiley and Sons, New York (1967)"},{"key":"31_CR6","doi-asserted-by":"crossref","unstructured":"Chan, P., Mahoney, M., Arshad, M.: Learning rules and clusters for anomaly detection in network traffic. Managing Cyber Threats: Issues, Approaches and Challenges, pp. 81\u201399 (2003)","DOI":"10.1007\/0-387-24230-9_3"},{"key":"31_CR7","unstructured":"Chang, C.-C., Lin, C.-J.: LIBSVM: a library for support vector machines (2001), Software available at http:\/\/www.csie.ntu.edu.tw\/~cjlin\/libsvm"},{"key":"31_CR8","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1111\/j.2517-6161.1977.tb01600.x","volume":"39","author":"A.P. Dempster","year":"1977","unstructured":"Dempster, A.P., Laird, N.M., Rubin, D.B.: Maximum likelihood from incomplete data via the em algorithm. J. Royal Stat. Soc.\u00a039, 1\u201338 (1977)","journal-title":"J. Royal Stat. Soc."},{"issue":"2","key":"31_CR9","doi-asserted-by":"publisher","first-page":"222","DOI":"10.1109\/TSE.1987.232894","volume":"13","author":"D.E. Denning","year":"1987","unstructured":"Denning, D.E.: An intrusion-detection model. IEEE Trans. Softw. Eng.\u00a013(2), 222\u2013232 (1987)","journal-title":"IEEE Trans. Softw. Eng."},{"key":"31_CR10","doi-asserted-by":"publisher","first-page":"32","DOI":"10.1080\/01969727308546046","volume":"3","author":"J.C. Dunn","year":"1974","unstructured":"Dunn, J.C.: A fuzzy relative of the isodata process and its use in detecting compact well-separated clusters. Journal of Cybernatics\u00a03, 32\u201357 (1974)","journal-title":"Journal of Cybernatics"},{"key":"31_CR11","doi-asserted-by":"crossref","unstructured":"Eskin, E., Arnold, A., Prerau, M., Portnoy, L., Stolfo, S.: A geometric framework for unsupervised anomaly detection: Detecting intrusions in unlabeled data. Data Mining for Security Applications (2002)","DOI":"10.1007\/978-1-4615-0953-0_4"},{"key":"31_CR12","doi-asserted-by":"crossref","unstructured":"Guan, Y., Ghorbani, A., Belacel, N.: Y-Means: A clustering method for intrusion detection. In: Canadian Conference on Electrical and Computer Engineering, Montreal, Quebec, Canada (2003)","DOI":"10.1109\/CCECE.2003.1226084"},{"issue":"13-15","key":"31_CR13","doi-asserted-by":"publisher","first-page":"1608","DOI":"10.1016\/j.neucom.2005.05.015","volume":"69","author":"S. Harmeling","year":"2006","unstructured":"Harmeling, S., Dornhege, G., Tax, D., Meinecke, F., Muller, K.: From outliers to prototypes: Ordering data. Neurocomputing\u00a069(13-15), 1608\u20131618 (2006)","journal-title":"Neurocomputing"},{"key":"31_CR14","doi-asserted-by":"publisher","first-page":"293","DOI":"10.1145\/502512.502554","volume-title":"KDD 2001","author":"W. Jin","year":"2001","unstructured":"Jin, W., Tung, A.K.H., Han, J.: Mining top-n local outliers in large databases. In: KDD 2001. Proceedings of the seventh ACM SIGKDD international conference on Knowledge discovery and data mining, pp. 293\u2013298. ACM Press, New York (2001)"},{"key":"31_CR15","doi-asserted-by":"crossref","DOI":"10.1007\/978-3-642-97966-8","volume-title":"Self-organizing map","author":"T. Kohonen","year":"1997","unstructured":"Kohonen, T.: Self-organizing map. Springer, Heidelberg (1997)"},{"key":"31_CR16","doi-asserted-by":"crossref","unstructured":"Lazarevic, A., Ertoz, L., Kumar, V., Ozgur, A., Srivastava, J.: A comparative study of anomaly detection schemes in network intrusion detection. In: Proceedings of the Third SIAM International Conference on Data Mining (2003)","DOI":"10.1137\/1.9781611972733.3"},{"key":"31_CR17","doi-asserted-by":"crossref","unstructured":"Lei, J.Z., Ghorbani, A.: Network intrusion detection using an improved competitive learning neural network. In: CNSR, pp. 190\u2013197 (2004)","DOI":"10.1109\/DNSR.2004.1344728"},{"key":"31_CR18","unstructured":"MacQueen, J.: Some methods for classification and analysis of multivariate observations. In: 5th Berkley Symposium on Math and Probability, pp. 281\u2013297 (1967)"},{"key":"31_CR19","volume-title":"DMSA","author":"L. Portnoy","year":"2001","unstructured":"Portnoy, L., Eskin, E., Stolfo, S.: Intrusion detection with unlabeled data using clustering. In: DMSA. ACM Workshop on Data Mining Applied to Security, ACM Press, New York (2001)"},{"key":"31_CR20","series-title":"Lecture Notes in Computer Science","volume-title":"Recent Advances in Intrusion Detection","author":"M. Ramadas","year":"2003","unstructured":"Ramadas, M., Ostermann, S., Tjaden, B.: Detecting anomalous network traffic with self-organizing maps. In: Vigna, G., Kr\u00fcgel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol.\u00a02820, Springer, Heidelberg (2003)"},{"key":"31_CR21","unstructured":"Sabhnani, M., Serpen, G.: Application of machine learning algorithms to kdd intrusion detection dataset within misuse detection context. In: MLMTA 2003. Proceedings of the International Conference on Machine Learning, Models, Technologies and Applications, vol.\u00a01, pp. 209\u2013215 (2003)"},{"issue":"7","key":"31_CR22","doi-asserted-by":"publisher","first-page":"1443","DOI":"10.1162\/089976601750264965","volume":"13","author":"B. Scholkopf","year":"2001","unstructured":"Scholkopf, B., Platt, J., Shawe-Taylor, J., Smola, A.J., Williamson, R.C.: Estimating the support of a high-dimensional distribution. Neural Computation\u00a013(7), 1443\u20131472 (2001)","journal-title":"Neural Computation"},{"key":"31_CR23","unstructured":"Vesanto, J., Himberg, J., Alhoniemi, E., Parhankangas, J.: Som toolbox for matlab 5, Helsinki Univ. Technology (2000), Available at http:\/\/www.cis.hut.fi\/projects\/somtoolbox"},{"key":"31_CR24","volume-title":"Data mining: Practical machine learning tools and techniques","author":"I.H. Witten","year":"2005","unstructured":"Witten, I.H., Frank, E.: Data mining: Practical machine learning tools and techniques, 2nd edn. Morgan Kaufmann, San Francisco (2005)","edition":"2"},{"issue":"7","key":"31_CR25","doi-asserted-by":"publisher","first-page":"810","DOI":"10.1109\/TC.2002.1017701","volume":"51","author":"N. Ye","year":"2002","unstructured":"Ye, N., Emran, S.M., Chen, Q., Vilbert, S.: Multivariate statistical analysis of audit trails for host-based intrusion detection. IEEE Trans. Comput.\u00a051(7), 810\u2013820 (2002)","journal-title":"IEEE Trans. Comput."},{"key":"31_CR26","unstructured":"Zhong, S., Khoshgoftaar, T.M., Seliya, N.: Clustering-based network intrusion detection (2005)"}],"container-title":["Lecture Notes in Computer Science","Machine Learning and Data Mining in Pattern Recognition"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-540-73499-4_31.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,1,20]],"date-time":"2025-01-20T17:20:30Z","timestamp":1737393630000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-540-73499-4_31"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[null]]},"ISBN":["9783540734987","9783540734994"],"references-count":26,"URL":"https:\/\/doi.org\/10.1007\/978-3-540-73499-4_31","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[]}}