{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,26]],"date-time":"2026-02-26T15:23:48Z","timestamp":1772119428300,"version":"3.50.1"},"reference-count":32,"publisher":"Springer Science and Business Media LLC","issue":"11","license":[{"start":{"date-parts":[[2022,3,31]],"date-time":"2022-03-31T00:00:00Z","timestamp":1648684800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2022,3,31]],"date-time":"2022-03-31T00:00:00Z","timestamp":1648684800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Soft Comput"],"published-print":{"date-parts":[[2022,6]]},"DOI":"10.1007\/s00500-022-06954-8","type":"journal-article","created":{"date-parts":[[2022,3,31]],"date-time":"2022-03-31T00:02:45Z","timestamp":1648684965000},"page":"5143-5157","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":11,"title":["Cyberattacks detection and analysis in a network log system using XGBoost with ELK stack"],"prefix":"10.1007","volume":"26","author":[{"given":"Chao-Tung","family":"Yang","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yu-Wei","family":"Chan","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jung-Chun","family":"Liu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Endah","family":"Kristiani","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Cing-Han","family":"Lai","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2022,3,31]]},"reference":[{"key":"6954_CR1","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.jnca.2016.04.006","volume":"68","author":"N Ahad","year":"2016","unstructured":"Ahad N, Qadir J, Ahsan N (2016) Neural networks in wireless networks: techniques, applications and guidelines. J Netw Comput Appl 68:1\u201327","journal-title":"J Netw Comput Appl"},{"key":"6954_CR2","doi-asserted-by":"publisher","first-page":"743","DOI":"10.1016\/j.future.2017.08.030","volume":"87","author":"M Al-Qurishi","year":"2018","unstructured":"Al-Qurishi M, Alrubaian M, Rahman SMM, Alamri A, Hassan MM (2018) A prediction system of sybil attack in social network using deep-regression model. Futur Gener Comput Syst 87:743\u2013753. https:\/\/doi.org\/10.1016\/j.future.2017.08.030","journal-title":"Futur Gener Comput Syst"},{"key":"6954_CR3","doi-asserted-by":"publisher","DOI":"10.1088\/1742-6596\/608\/1\/012016","volume":"608","author":"S Bagnasco","year":"2015","unstructured":"Bagnasco S, Berzano D, Guarise A, Lusso S, Masera M, Vallero S (2015) Monitoring of IaaS and scientific applications on the cloud using the elasticsearch ecosystem. J Phys: Conf Ser 608:012016. https:\/\/doi.org\/10.1088\/1742-6596\/608\/1\/012016","journal-title":"J Phys: Conf Ser"},{"key":"6954_CR4","doi-asserted-by":"crossref","unstructured":"Bajer M (2017) Building an iot data hub with elasticsearch, logstash and kibana. In: 2017 5th international conference on future internet of things and cloud workshops (FiCloudW), pp 63\u201368. IEEE","DOI":"10.1109\/FiCloudW.2017.101"},{"key":"6954_CR5","doi-asserted-by":"publisher","unstructured":"Chen T, Guestrin C (2016) Xgboost: A scalable tree boosting system. In: Proceedings of the 22Nd ACM SIGKDD international conference on knowledge discovery and data mining, KDD \u201916, pp. 785\u2013794. ACM, New York, NY, USA. https:\/\/doi.org\/10.1145\/2939672.2939785","DOI":"10.1145\/2939672.2939785"},{"key":"6954_CR6","doi-asserted-by":"crossref","unstructured":"Chen Z, Jiang F, Cheng Y, Gu X, Liu W, Peng J (2018) Xgboost classifier for ddos attack detection and analysis in sdn-based cloud. In: 2018 IEEE international conference on big data and smart computing (BigComp), pp 251\u2013256. IEEE","DOI":"10.1109\/BigComp.2018.00044"},{"key":"6954_CR7","unstructured":"Chen S, Xue M, Fan L, Hao S, Xu L, Zhu H (2017) Hardening malware detection systems against cyber maneuvers: an adversarial machine learning approach. CoRR arXiv:1706.04146"},{"key":"6954_CR8","doi-asserted-by":"publisher","first-page":"761","DOI":"10.1016\/j.future.2017.08.043","volume":"82","author":"AA Diro","year":"2018","unstructured":"Diro AA, Chilamkurti N (2018) Distributed attack detection scheme using deep learning approach for internet of things. Futur Gener Comput Syst 82:761\u2013768. https:\/\/doi.org\/10.1016\/j.future.2017.08.043","journal-title":"Futur Gener Comput Syst"},{"key":"6954_CR9","unstructured":"Eighty two percent of security professionals fear artificial intelligence attacks against their organization (2018) https:\/\/www.home.neustar\/about-us\/news-room\/press-releases\/2018\/NISCOctober"},{"key":"6954_CR10","doi-asserted-by":"crossref","unstructured":"Friedman JH (2001) Greedy function approximation: a gradient boosting machine. Ann Stat 1189\u20131232","DOI":"10.1214\/aos\/1013203451"},{"issue":"4","key":"6954_CR11","doi-asserted-by":"publisher","first-page":"367","DOI":"10.1016\/S0167-9473(01)00065-2","volume":"38","author":"JH Friedman","year":"2002","unstructured":"Friedman JH (2002) Stochastic gradient boosting. Comput Stat Data Anal 38(4):367\u2013378","journal-title":"Comput Stat Data Anal"},{"key":"6954_CR12","doi-asserted-by":"publisher","first-page":"349","DOI":"10.1016\/j.future.2018.06.055","volume":"89","author":"I Ghafir","year":"2018","unstructured":"Ghafir I, Hammoudeh M, Prenosil V, Han L, Hegarty R, Rabie K, Aparicio-Navarro FJ (2018) Detection of advanced persistent threat using machine-learning correlation analysis. Futur Gener Comput Syst 89:349\u2013359. https:\/\/doi.org\/10.1016\/j.future.2018.06.055","journal-title":"Futur Gener Comput Syst"},{"key":"6954_CR13","unstructured":"How to detect http parameter pollution attacks (2021) https:\/\/www.acunetix.com\/blog\/whitepaper-http-parameter-pollution\/"},{"key":"6954_CR14","doi-asserted-by":"publisher","first-page":"18","DOI":"10.1016\/j.jpdc.2018.03.006","volume":"119","author":"R Kozik","year":"2018","unstructured":"Kozik R, Chora\u015b M, Ficco M, Palmieri F (2018) A scalable distributed machine learning approach for attack detection in edge computing environments. J Parall Distributed Comput 119:18\u201326. https:\/\/doi.org\/10.1016\/j.jpdc.2018.03.006","journal-title":"J Parall Distributed Comput"},{"issue":"1","key":"6954_CR15","doi-asserted-by":"publisher","first-page":"309","DOI":"10.1109\/JIOT.2020.3004244","volume":"8","author":"E Kristiani","year":"2020","unstructured":"Kristiani E, Yang CT, Huang CY, Ko PC, Fathoni H (2020) On construction of sensors, edge, and cloud (isec) framework for smart system integration and applications. IEEE Internet Things J 8(1):309\u2013319","journal-title":"IEEE Internet Things J"},{"key":"6954_CR16","doi-asserted-by":"crossref","unstructured":"Lai CH, Yang CT, Kristiani E, Liu JC, Chan YW (2019) Using xgboost for cyberattack detection and analysis in a network log system with elk stack. In: International conference on frontier computing, pp 302\u2013311. Springer","DOI":"10.1007\/978-981-15-3250-4_36"},{"key":"6954_CR17","doi-asserted-by":"publisher","unstructured":"Langi PPI, Najib W, Aji TB (2015) An evaluation of twitter river and logstash performances as elasticsearch inputs for social media analysis of twitter. In: 2015 international conference on information communication technology and systems (ICTS), pp 181\u2013186. https:\/\/doi.org\/10.1109\/ICTS.2015.7379895","DOI":"10.1109\/ICTS.2015.7379895"},{"issue":"10","key":"6954_CR18","doi-asserted-by":"publisher","first-page":"10984","DOI":"10.1007\/s11227-021-03715-6","volume":"77","author":"JC Liu","year":"2021","unstructured":"Liu JC, Yang CT, Chan YW, Kristiani E, Jiang WJ (2021) Cyberattack detection model using deep learning in a network log system with data visualization. J Supercomput 77(10):10984\u201311003","journal-title":"J Supercomput"},{"key":"6954_CR19","doi-asserted-by":"publisher","first-page":"332","DOI":"10.1016\/j.knosys.2018.08.036","volume":"163","author":"H Liu","year":"2019","unstructured":"Liu H, Lang B, Liu M, Yan H (2019) Cnn and rnn based payload classification methods for attack detection. Knowl-Based Syst 163:332\u2013341. https:\/\/doi.org\/10.1016\/j.knosys.2018.08.036","journal-title":"Knowl-Based Syst"},{"issue":"11","key":"6954_CR20","doi-asserted-by":"publisher","first-page":"15","DOI":"10.1016\/S1361-3723(18)30110-6","volume":"2018","author":"P Peterson","year":"2018","unstructured":"Peterson P (2018) Unmasking deceptive attacks with machine learning. Comput Fraud Secur 2018(11):15\u201317. https:\/\/doi.org\/10.1016\/S1361-3723(18)30110-6","journal-title":"Comput Fraud Secur"},{"key":"6954_CR21","doi-asserted-by":"crossref","unstructured":"Prakash TR, Kakkar M, Patel K (2016) Geo-identification of web users through logs using elk stack. In: 2016 6th international conference - cloud system and big data engineering (Confluence) pp 606\u2013610","DOI":"10.1109\/CONFLUENCE.2016.7508191"},{"key":"6954_CR22","doi-asserted-by":"crossref","unstructured":"Rattan A, Kaur N, Bhushan S (2019) Standardization of intelligent information of specific attack trends. In: Progress in Advanced Computing and Intelligent Engineering, pp 75\u201386. Springer","DOI":"10.1007\/978-981-13-0224-4_7"},{"issue":"3","key":"6954_CR23","doi-asserted-by":"publisher","first-page":"660","DOI":"10.1109\/21.97458","volume":"21","author":"SR Safavian","year":"1991","unstructured":"Safavian SR, Landgrebe D (1991) A survey of decision tree classifier methodology. IEEE Trans Syst Man Cybern 21(3):660\u2013674","journal-title":"IEEE Trans Syst Man Cybern"},{"key":"6954_CR24","doi-asserted-by":"publisher","first-page":"345","DOI":"10.1016\/j.eswa.2018.09.029","volume":"117","author":"OK Sahingoz","year":"2019","unstructured":"Sahingoz OK, Buber E, Demir O, Diri B (2019) Machine learning based phishing detection from urls. Expert Syst Appl 117:345\u2013357. https:\/\/doi.org\/10.1016\/j.eswa.2018.09.029","journal-title":"Expert Syst Appl"},{"key":"6954_CR25","doi-asserted-by":"publisher","first-page":"70","DOI":"10.1016\/j.cose.2019.03.005","volume":"84","author":"I Sharafaldin","year":"2019","unstructured":"Sharafaldin I, Lashkari AH, Ghorbani AA (2019) An evaluation framework for network security visualizations. Comput Secur 84:70\u201392. https:\/\/doi.org\/10.1016\/j.cose.2019.03.005","journal-title":"Comput Secur"},{"key":"6954_CR26","doi-asserted-by":"publisher","first-page":"456","DOI":"10.1016\/j.ins.2018.04.065","volume":"479","author":"P Sun","year":"2019","unstructured":"Sun P, Li J, Bhuiyan MZA, Wang L, Li B (2019) Modeling and clustering attacker activities in iot through machine learning techniques. Inf Sci 479:456\u2013471. https:\/\/doi.org\/10.1016\/j.ins.2018.04.065","journal-title":"Inf Sci"},{"issue":"8","key":"6954_CR27","doi-asserted-by":"publisher","first-page":"6344","DOI":"10.1007\/s11227-019-02853-2","volume":"76","author":"CT Yang","year":"2020","unstructured":"Yang CT, Kristiani E, Wang YT, Min G, Lai CH, Jiang WJ (2020) On construction of a network log management system using elk stack with ceph. J Supercomput 76(8):6344\u20136360","journal-title":"J Supercomput"},{"key":"6954_CR28","doi-asserted-by":"publisher","first-page":"7842","DOI":"10.1109\/ACCESS.2019.2963716","volume":"8","author":"CT Yang","year":"2020","unstructured":"Yang CT, Liu JC, Kristiani E, Liu ML, You I, Pau G (2020) Netflow monitoring and cyberattack detection using deep learning with ceph. IEEE Access 8:7842\u20137850","journal-title":"IEEE Access"},{"issue":"9","key":"6954_CR29","doi-asserted-by":"publisher","first-page":"4066","DOI":"10.1109\/TCYB.2019.2912939","volume":"50","author":"C Yang","year":"2019","unstructured":"Yang C, Shi Z, Zhang H, Wu J, Shi X (2019) Multiple attacks detection in cyber-physical systems using random finite set theory. IEEE Trans Cybern 50(9):4066\u20134075","journal-title":"IEEE Trans Cybern"},{"key":"6954_CR30","doi-asserted-by":"publisher","unstructured":"Yuan X, Li C, Li X (2017) Deepdefense: Identifying ddos attack via deep learning. In: 2017 IEEE international conference on smart computing (SMARTCOMP), pp 1\u20138 https:\/\/doi.org\/10.1109\/SMARTCOMP.2017.7946998","DOI":"10.1109\/SMARTCOMP.2017.7946998"},{"key":"6954_CR31","doi-asserted-by":"crossref","unstructured":"Zhang D, Liu L, Feng G (2018) Consensus of heterogeneous linear multiagent systems subject to aperiodic sampled-data and dos attack. IEEE Trans Cybern 49(4):1501\u20131511","DOI":"10.1109\/TCYB.2018.2806387"},{"key":"6954_CR32","doi-asserted-by":"publisher","first-page":"418","DOI":"10.1016\/j.future.2018.07.023","volume":"93","author":"J Zhang","year":"2019","unstructured":"Zhang J, Gardner R, Vukotic I (2019) Anomaly detection in wide area network meshes using two machine learning algorithms. Futur Gener Comput Syst 93:418\u2013426. https:\/\/doi.org\/10.1016\/j.future.2018.07.023","journal-title":"Futur Gener Comput Syst"}],"container-title":["Soft Computing"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s00500-022-06954-8.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s00500-022-06954-8\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s00500-022-06954-8.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,5,13]],"date-time":"2022-05-13T07:14:13Z","timestamp":1652426053000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s00500-022-06954-8"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,3,31]]},"references-count":32,"journal-issue":{"issue":"11","published-print":{"date-parts":[[2022,6]]}},"alternative-id":["6954"],"URL":"https:\/\/doi.org\/10.1007\/s00500-022-06954-8","relation":{"has-preprint":[{"id-type":"doi","id":"10.21203\/rs.3.rs-838650\/v1","asserted-by":"object"}]},"ISSN":["1432-7643","1433-7479"],"issn-type":[{"value":"1432-7643","type":"print"},{"value":"1433-7479","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,3,31]]},"assertion":[{"value":"21 January 2022","order":1,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"31 March 2022","order":2,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Compliance with ethical standards"}},{"value":"The authors declare that there is no conflict of interest.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of Interest"}}]}}