{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,29]],"date-time":"2026-04-29T23:20:48Z","timestamp":1777504848536,"version":"3.51.4"},"publisher-location":"Singapore","reference-count":32,"publisher":"Springer Nature Singapore","isbn-type":[{"value":"9789819724574","type":"print"},{"value":"9789819724581","type":"electronic"}],"license":[{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024]]},"DOI":"10.1007\/978-981-97-2458-1_10","type":"book-chapter","created":{"date-parts":[[2024,4,22]],"date-time":"2024-04-22T04:01:50Z","timestamp":1713758510000},"page":"145-162","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["Security on\u00a0Top of\u00a0Security: Detecting Malicious Firewall Policy Changes via\u00a0K-Means Clustering"],"prefix":"10.1007","author":[{"given":"Mads Solberg Collingwood","family":"Pyke","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Weizhi","family":"Meng","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Brooke","family":"Lampe","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2024,4,23]]},"reference":[{"key":"10_CR1","unstructured":"WEKA: The Data Platform for Cloud & AI. https:\/\/www.weka.io\/"},{"key":"10_CR2","first-page":"2008","volume":"267\u2013272","author":"R Abassi","year":"2008","unstructured":"Abassi, R., Fatmi, S.G.E.: Towards an automated firewall security policies validation process. Crisis 267\u2013272, 2008 (2008)","journal-title":"Crisis"},{"issue":"17","key":"10_CR3","doi-asserted-by":"publisher","first-page":"19473","DOI":"10.1007\/s11227-023-05417-7","volume":"79","author":"A Andalib","year":"2023","unstructured":"Andalib, A., Babamir, S.M.: Anomaly detection of policies in distributed firewalls using data log analysis. J. Supercomput. 79(17), 19473\u201319514 (2023)","journal-title":"J. Supercomput."},{"key":"10_CR4","first-page":"2004","volume":"2605\u20132616","author":"E Al-Shaer","year":"2004","unstructured":"Al-Shaer, E., Hamed, H.H.: Discovery of policy anomalies in distributed firewalls. INFOCOM 2605\u20132616, 2004 (2004)","journal-title":"INFOCOM"},{"issue":"10","key":"10_CR5","doi-asserted-by":"publisher","first-page":"2069","DOI":"10.1109\/JSAC.2005.854119","volume":"23","author":"E Al-Shaer","year":"2005","unstructured":"Al-Shaer, E., Hamed, H.H., Boutaba, R., Hasan, M.: Conflict classification and analysis of distributed firewall policies. IEEE J. Sel. Areas Commun. 23(10), 2069\u20132084 (2005)","journal-title":"IEEE J. Sel. Areas Commun."},{"key":"10_CR6","first-page":"2006","volume":"15\u201329","author":"M Abedin","year":"2006","unstructured":"Abedin, M., Nessa, S., Khan, L., Thuraisingham, B.: Detection and resolution of anomalies in firewall policy rules. DBSec 15\u201329, 2006 (2006)","journal-title":"DBSec"},{"key":"10_CR7","doi-asserted-by":"crossref","unstructured":"Adao, P., Focardi, R., Guttman, J.D., Luccio, F.L.: Localizing firewall security policies. In: Proceedings of CSF, pp. 194\u2013209 (2016)","DOI":"10.1109\/CSF.2016.21"},{"issue":"2","key":"10_CR8","doi-asserted-by":"publisher","first-page":"1559","DOI":"10.1109\/TDSC.2022.3160293","volume":"20","author":"D Bringhenti","year":"2023","unstructured":"Bringhenti, D., Marchetto, G., Sisto, R., Valenza, F., Yusupov, J.: Automated firewall configuration in virtual networks. IEEE Trans. Dependable Secur. Comput. 20(2), 1559\u20131576 (2023)","journal-title":"IEEE Trans. Dependable Secur. Comput."},{"issue":"119771","key":"10_CR9","first-page":"1","volume":"221","author":"B Lampe","year":"2023","unstructured":"Lampe, B., Meng, W.: A survey of deep learning-based intrusion detection in automotive applications. Expert Syst. Appl. 221(119771), 1\u201323 (2023)","journal-title":"Expert Syst. Appl."},{"key":"10_CR10","doi-asserted-by":"publisher","first-page":"262","DOI":"10.1016\/j.comcom.2020.11.003","volume":"166","author":"Z Jin","year":"2021","unstructured":"Jin, Z., Liang, Z., Wang, Y., Meng, W.: Mobile network traffic pattern classification with incomplete a priori information. Comput. Commun. 166, 262\u2013270 (2021)","journal-title":"Comput. Commun."},{"key":"10_CR11","doi-asserted-by":"crossref","unstructured":"Calugar, A.N., Meng, W., Zhang, H.: Towards artificial neural network based intrusion detection with enhanced hyperparameter tuning. In: Proceedings of IEEE GLOBECOM, pp. 2627\u20132632 (2022)","DOI":"10.1109\/GLOBECOM48099.2022.10000809"},{"key":"10_CR12","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2022.102683","volume":"117","author":"L Ceragioli","year":"2022","unstructured":"Ceragioli, L., Degano, P., Galletta, L.: Can my firewall system enforce this policy? Comput. Secur. 117, 102683 (2022)","journal-title":"Comput. Secur."},{"issue":"2","key":"10_CR13","doi-asserted-by":"publisher","first-page":"27:1","DOI":"10.1145\/2240166.2240177","volume":"7","author":"F Chen","year":"2012","unstructured":"Chen, F., Liu, A.X., Hwang, J., Xie, T.: First step towards automatic correction of firewall policy faults. ACM Trans. Auton. Adapt. Syst. 7(2), 27:1-27:24 (2012)","journal-title":"ACM Trans. Auton. Adapt. Syst."},{"key":"10_CR14","doi-asserted-by":"crossref","unstructured":"Cuppens, N., Zerkane, S., Li, Y., Espes, D., Parc, P.L., Cuppens, F.: Firewall policies provisioning through SDN in the cloud. In: Proceedings of DBSec, pp. 293\u2013310 (2017)","DOI":"10.1007\/978-3-319-61176-1_16"},{"key":"10_CR15","doi-asserted-by":"crossref","unstructured":"Gao, S., Li, Z., Yao, Y., Xiao, B., Guo, S., Yang, Y.: Software-defined firewall: enabling malware traffic detection and programmable security control. In: Proceedings of AsiaCCS, pp. 413\u2013424 (2018)","DOI":"10.1145\/3196494.3196519"},{"key":"10_CR16","doi-asserted-by":"crossref","unstructured":"Kovacevic, I., Stengl, B., Gros, S.: Systematic review of automatic translation of high-level security policy into firewall rules. In: Proceedings of MIPRO, pp. 1063\u20131068 (2022)","DOI":"10.23919\/MIPRO55190.2022.9803570"},{"key":"10_CR17","doi-asserted-by":"crossref","unstructured":"Klement, F., Pohls, H.C., Katzenbeisser, S.: Man-in-the-OBD: a modular, protocol agnostic firewall for automotive dongles to enhance privacy and security. In: Proceedings of ADIoT, pp. 143\u2013164 (2022)","DOI":"10.1007\/978-3-031-21311-3_7"},{"issue":"1","key":"10_CR18","doi-asserted-by":"publisher","first-page":"280","DOI":"10.1109\/COMST.2021.3139052","volume":"24","author":"W Li","year":"2022","unstructured":"Li, W., Meng, W., Kwok, L.F.: Surveying trust-based collaborative intrusion detection: state-of-the-art, challenges and future directions. IEEE Commun. Surv. Tutor. 24(1), 280\u2013305 (2022)","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"10_CR19","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2021.107840","volume":"188","author":"IF Kilincer","year":"2021","unstructured":"Kilincer, I.F., Ertam, F., Sengur, A.: Machine learning methods for cyber security intrusion detection: datasets and comparative study. Comput. Netw. 188, 107840 (2021)","journal-title":"Comput. Netw."},{"key":"10_CR20","doi-asserted-by":"crossref","unstructured":"Lorenz, C., Schnor, B.: Policy anomaly detection for distributed IPv6 firewalls. In: Proceedings of SECRYPT, pp. 210\u2013219 (2015)","DOI":"10.5220\/0005517402100219"},{"key":"10_CR21","first-page":"2015","volume":"210\u2013219","author":"C Lorenz","year":"2015","unstructured":"Lorenz, C., Schnor, B.: Policy anomaly detection for distributed IPv6 firewalls. SECRYPT 210\u2013219, 2015 (2015)","journal-title":"SECRYPT"},{"issue":"2","key":"10_CR22","doi-asserted-by":"publisher","first-page":"253","DOI":"10.1016\/j.cose.2011.10.003","volume":"31","author":"R Macfarlane","year":"2012","unstructured":"Macfarlane, R., Buchanan, W.J., Ekonomou, E., Uthmani, O., Fan, L., Lo, O.: Formal security policy implementations in network firewalls. Comput. Secur. 31(2), 253\u2013270 (2012)","journal-title":"Comput. Secur."},{"key":"10_CR23","doi-asserted-by":"crossref","unstructured":"Matsumoto, S., Bouhoula, A.: Automatic verification of firewall configuration with respect to security policy requirements. In: Proceedings of CISIS, pp. 123\u2013130 (2008)","DOI":"10.1007\/978-3-540-88181-0_16"},{"key":"10_CR24","doi-asserted-by":"publisher","first-page":"189","DOI":"10.1016\/j.cose.2014.02.006","volume":"43","author":"W Meng","year":"2014","unstructured":"Meng, W., Li, W., Kwok, L.F.: EFM: enhancing the performance of signature-based network intrusion detection systems using enhanced filter mechanism. Comput. Secur. 43, 189\u2013204 (2014)","journal-title":"Comput. Secur."},{"key":"10_CR25","first-page":"2007","volume":"1304\u20131310","author":"S Ferraresi","year":"2007","unstructured":"Ferraresi, S., Pesic, S., Trazza, L., Baiocchi, A.: Automatic conflict analysis and resolution of traffic filtering policy for firewall and security gateway. ICC 1304\u20131310, 2007 (2007)","journal-title":"ICC"},{"issue":"3","key":"10_CR26","doi-asserted-by":"publisher","first-page":"318","DOI":"10.1109\/TDSC.2012.20","volume":"9","author":"H Hu","year":"2012","unstructured":"Hu, H., Ahn, G.J., Kulkarni, K.: Detecting and resolving firewall policy anomalies. IEEE Trans. Dependable Secur. Comput. 9(3), 318\u2013331 (2012)","journal-title":"IEEE Trans. Dependable Secur. Comput."},{"issue":"2","key":"10_CR27","doi-asserted-by":"publisher","first-page":"207","DOI":"10.3233\/JCS-17971","volume":"26","author":"U Neville","year":"2018","unstructured":"Neville, U., Foley, S.N.: Reasoning about firewall policies through refinement and composition. J. Comput. Secur. 26(2), 207\u2013254 (2018)","journal-title":"J. Comput. Secur."},{"issue":"2","key":"10_CR28","doi-asserted-by":"publisher","first-page":"2891","DOI":"10.1007\/s11277-017-4330-0","volume":"96","author":"E Ucar","year":"2017","unstructured":"Ucar, E., Ozhan, E.: The analysis of firewall policy through machine learning and data mining. Wirel. Pers. Commun. 96(2), 2891\u20132909 (2017)","journal-title":"Wirel. Pers. Commun."},{"issue":"1","key":"10_CR29","doi-asserted-by":"publisher","first-page":"339","DOI":"10.1109\/TR.2021.3089511","volume":"71","author":"C Togay","year":"2022","unstructured":"Togay, C., Kasif, A., Catal, C., Tekinerdogan, B.: A firewall policy anomaly detection framework for reliable network security. IEEE Trans. Reliab. 71(1), 339\u2013347 (2022)","journal-title":"IEEE Trans. Reliab."},{"key":"10_CR30","doi-asserted-by":"crossref","unstructured":"Xu, Y., et al.: Intrusion detection based on fusing deep neural networks and transfer learning. In: Proceedings of IFTC, pp. 212\u2013223 (2019)","DOI":"10.1007\/978-981-15-3341-9_18"},{"key":"10_CR31","doi-asserted-by":"crossref","unstructured":"Sun, X., Meng, W., Chiu, W.Y., Lampe, B.: TDL-IDS: towards a transfer deep learning based intrusion detection system. In: The 2022 IEEE Global Communications Conference (IEEE GLOBECOM 2022), pp. 2603\u20132608. IEEE (2022)","DOI":"10.1109\/GLOBECOM48099.2022.10001267"},{"issue":"5","key":"10_CR32","doi-asserted-by":"publisher","first-page":"2608","DOI":"10.3390\/s23052608","volume":"23","author":"J Zhang","year":"2023","unstructured":"Zhang, J., Feng, H., Liu, B., Zhao, D.: Survey of technology in network security situation awareness. Sensors 23(5), 2608 (2023)","journal-title":"Sensors"}],"container-title":["Lecture Notes in Computer Science","Machine Learning for Cyber Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-981-97-2458-1_10","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,4,22]],"date-time":"2024-04-22T04:03:44Z","timestamp":1713758624000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-981-97-2458-1_10"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024]]},"ISBN":["9789819724574","9789819724581"],"references-count":32,"URL":"https:\/\/doi.org\/10.1007\/978-981-97-2458-1_10","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024]]},"assertion":[{"value":"23 April 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ML4CS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Machine Learning for Cyber Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Yanuca Island","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Fiji","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2023","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"4 December 2023","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"6 December 2023","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"5","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"ml4cs2023","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/nsclab.org\/ml4cs2023\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}