{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,10]],"date-time":"2026-03-10T15:19:29Z","timestamp":1773155969870,"version":"3.50.1"},"publisher-location":"Berlin, Heidelberg","reference-count":25,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783642207563","type":"print"},{"value":"9783642207570","type":"electronic"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2011]]},"DOI":"10.1007\/978-3-642-20757-0_3","type":"book-chapter","created":{"date-parts":[[2011,4,28]],"date-time":"2011-04-28T01:49:00Z","timestamp":1303955340000},"page":"28-39","source":"Crossref","is-referenced-by-count":54,"title":["Machine Learning Approach for IP-Flow Record Anomaly Detection"],"prefix":"10.1007","author":[{"given":"Cynthia","family":"Wagner","sequence":"first","affiliation":[]},{"given":"J\u00e9r\u00f4me","family":"Fran\u00e7ois","sequence":"additional","affiliation":[]},{"given":"Radu","family":"State","sequence":"additional","affiliation":[]},{"given":"Thomas","family":"Engel","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"3_CR1","doi-asserted-by":"crossref","unstructured":"Bahl, V., Chandra, R., Greenberg, A., Kandula, S., Maltz, D., Zhang, M.: Towards highly reliable enterprise network services via inference of multi-level dependencies. In: SIGCOMM, pp. 13\u201324 (2007)","DOI":"10.1145\/1282427.1282383"},{"key":"3_CR2","unstructured":"Brauckhoff, D., Wagner, A., May, M.: Flame: a flow-level anomaly modeling engine. In: Proceedings of the Conference on Cyber Security Experimentation and Test. USENIX Association (2008)"},{"issue":"2","key":"3_CR3","doi-asserted-by":"publisher","first-page":"121","DOI":"10.1023\/A:1009715923555","volume":"2","author":"C. Burges","year":"1998","unstructured":"Burges, C.: A tutorial on support vector machines for pattern recognition. Data Mining and Knowledge Discovery\u00a02(2), 121\u2013167 (1998)","journal-title":"Data Mining and Knowledge Discovery"},{"key":"3_CR4","first-page":"625","volume-title":"Advances in Neural Information Processing Systems","author":"M. Collins","year":"2001","unstructured":"Collins, M., Duffy, N.: Convolution kernels for natural language. In: Advances in Neural Information Processing Systems, vol.\u00a014, pp. 625\u2013632. MIT Press, Cambridge (2001)"},{"key":"3_CR5","doi-asserted-by":"crossref","unstructured":"Estan, C.: Building better netflow. In: Proceedings of the 2004 conference on Applications, Technologies, Architectures, and Protocols for Computer Communications (2004)","DOI":"10.1145\/1015467.1015495"},{"key":"3_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"849","DOI":"10.1007\/978-3-540-45235-5_83","volume-title":"Information Networking","author":"R. Kaizaki","year":"2003","unstructured":"Kaizaki, R., Nakamura, O., Murai, J.: Characteristics of denial of service attacks on internet using aguri. In: Kahng, H.-K. (ed.) ICOIN 2003. LNCS, vol.\u00a02662, pp. 849\u2013857. Springer, Heidelberg (2003)"},{"key":"3_CR7","doi-asserted-by":"crossref","unstructured":"Karagiannis, T., Papagiannaki, K., Faloutsos, M.: BLINC: multilevel traffic classification in the dark. In: ACM Conference on Applications, Technologies, Architectures, and Protocols for Ccomputer Ccommunications, SIGCOMM (2005)","DOI":"10.1145\/1080091.1080119"},{"key":"3_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"13","DOI":"10.1007\/978-3-642-00975-4_2","volume-title":"Passive and Active Network Measurement","author":"E. Karpilovsky","year":"2009","unstructured":"Karpilovsky, E., Gerber, A., Pei, D., Rexford, J., Shaikh, A.: Quantifying the extent of iPv6 deployment. In: Moon, S.B., Teixeira, R., Uhlig, S. (eds.) PAM 2009. LNCS, vol.\u00a05448, pp. 13\u201322. Springer, Heidelberg (2009)"},{"issue":"4","key":"3_CR9","doi-asserted-by":"publisher","first-page":"507","DOI":"10.1007\/s00778-006-0002-5","volume":"16","author":"L. Khan","year":"2007","unstructured":"Khan, L., Awad, M., Thuraisingham, B.: A new intrusion detection system using support vector machines and hierarchical clustering. The VLDB Journal\u00a016(4), 507\u2013521 (2007)","journal-title":"The VLDB Journal"},{"key":"3_CR10","doi-asserted-by":"crossref","unstructured":"Lakhina, A., Crovella, M., Diot, C.: Mining anomalies using traffic feature distributions. In: ACM SIGCOMM 2005 (2005)","DOI":"10.1145\/1080091.1080118"},{"key":"3_CR11","doi-asserted-by":"crossref","unstructured":"Lee, W., Stolfo, S., Mok, K.: Mining in a data-flow environment: experience in network intrusion detection. In: 5th International Conference on Knowledge Discovery and Data Mining (1999)","DOI":"10.1145\/312129.312212"},{"key":"3_CR12","series-title":"Lecture Notes in Artificial Intelligence","doi-asserted-by":"publisher","first-page":"583","DOI":"10.1007\/11925231_55","volume-title":"MICAI 2006: Advances in Artificial Intelligence","author":"H. Nguyen","year":"2006","unstructured":"Nguyen, H., Ohn, S., Chae, S., Song, D., Lee, I.: Optimizing weighted kernel function for support vector machine by genetic algorithm. In: Gelbukh, A., Reyes-Garcia, C.A. (eds.) MICAI 2006. LNCS (LNAI), vol.\u00a04293, pp. 583\u2013592. Springer, Heidelberg (2006)"},{"key":"3_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-01645-5_4","volume-title":"Traffic Monitoring and Analysis","author":"I. Paredes-Oliva","year":"2009","unstructured":"Paredes-Oliva, I.: Portscan detection with sampled netflow. In: Papadopouli, M., Owezarski, P., Pras, A. (eds.) TMA 2009. LNCS, vol.\u00a05537, Springer, Heidelberg (2009)"},{"key":"3_CR14","doi-asserted-by":"crossref","DOI":"10.7551\/mitpress\/4175.001.0001","volume-title":"Learning with Kernels: Support Vector Machines, Regularization, Optimization, and Beyond","author":"B. Sch\u00f6lkopf","year":"2001","unstructured":"Sch\u00f6lkopf, B., Smola, A.: Learning with Kernels: Support Vector Machines, Regularization, Optimization, and Beyond. MIT Press, Cambridge (2001)"},{"key":"3_CR15","doi-asserted-by":"publisher","first-page":"1443","DOI":"10.1162\/089976601750264965","volume":"13","author":"B. Sch\u00f6lkopf","year":"2001","unstructured":"Sch\u00f6lkopf, B., Platt, J.C., Shawe-Taylor, J.C., Smola, A.J., Williamson, R.C.: Estimating the support of a high-dimensional distribution. Neural Comput.\u00a013, 1443\u20131471 (2001)","journal-title":"Neural Comput."},{"key":"3_CR16","doi-asserted-by":"crossref","unstructured":"Sommer, R.: Netflow: Information loss or win? In: Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurement (2002)","DOI":"10.1145\/637224.637226"},{"key":"3_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-04968-2_4","volume-title":"IP Operations and Management","author":"A. Sperotto","year":"2009","unstructured":"Sperotto, A., Sadre, R., van Vliet, D.F., Pras, A.: A labeled data set for flow-based intrusion detection. In: Nunzi, G., Scoglio, C., Li, X. (eds.) IPOM 2009. LNCS, vol.\u00a05843. Springer, Heidelberg (2009)"},{"key":"3_CR18","volume-title":"Statistical Learning Theory","author":"V. Vapnik","year":"1998","unstructured":"Vapnik, V.: Statistical Learning Theory. Wiley, Chichester (1998)"},{"key":"3_CR19","doi-asserted-by":"crossref","unstructured":"Vert, J.: A tree kernel to analyze phylogenetic profiles (2002)","DOI":"10.1093\/bioinformatics\/18.suppl_1.S276"},{"key":"3_CR20","doi-asserted-by":"crossref","unstructured":"Wagner, C., Wagener, G., State, R., Dulaunoy, A., Engel, T.: Game theory driven monitoring of spatial-aggregated ip-flow records. In: 6th International Conference on Network and services Management (2010)","DOI":"10.1109\/CNSM.2010.5691265"},{"key":"3_CR21","doi-asserted-by":"crossref","unstructured":"Wagner, C., Wagener, G., State, R., Dulaunoy, A., Engel, T.: Peekkernelflows: Peeking into ip flows. In: 7th International Workshop on Visualization for Cyber Security, pp. 52\u201357 (2010)","DOI":"10.1145\/1850795.1850801"},{"key":"3_CR22","volume-title":"Support Vector Machines: Theory and Applications, Studies in Fuzziness and Soft Computing","year":"2005","unstructured":"Wang, L. (ed.): Support Vector Machines: Theory and Applications, Studies in Fuzziness and Soft Computing, vol.\u00a0177. Springer, Heidelberg (2005)"},{"key":"3_CR23","unstructured":"Wang, Y., Wong, J., Miner, A.: Anomaly intrusion detection using one class svm. In: Proceedings from the Fifth Annual IEEE SMC, Information Assurance Workshop, pp. 358\u2013364 (June 2004)"},{"key":"3_CR24","doi-asserted-by":"publisher","first-page":"149","DOI":"10.1007\/s10796-008-9131-2","volume":"12","author":"R. Yuan","year":"2010","unstructured":"Yuan, R., Li, Z., Guan, X., Xu, L.: An svm-based machine learning method for accurate internet traffic classification. Information Systems Frontiers\u00a012, 149\u2013156 (2010)","journal-title":"Information Systems Frontiers"},{"key":"3_CR25","doi-asserted-by":"crossref","unstructured":"Zhang, B.Y., Yin, J.P., Hao, J.B., Zhang, D.X., Wang, S.: Using support vector machine to detect unknown computer viruses. International Journal of Computational Intelligence Research\u00a02(1) (2006)","DOI":"10.5019\/j.ijcir.2006.51"}],"container-title":["Lecture Notes in Computer Science","NETWORKING 2011"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-20757-0_3.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,3,5]],"date-time":"2025-03-05T08:41:56Z","timestamp":1741164116000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-20757-0_3"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2011]]},"ISBN":["9783642207563","9783642207570"],"references-count":25,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-20757-0_3","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2011]]}}}