{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,10]],"date-time":"2026-03-10T15:21:57Z","timestamp":1773156117913,"version":"3.50.1"},"reference-count":42,"publisher":"Springer Science and Business Media LLC","issue":"4","license":[{"start":{"date-parts":[[2006,8,31]],"date-time":"2006-08-31T00:00:00Z","timestamp":1156982400000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["The VLDB Journal"],"published-print":{"date-parts":[[2007,8,13]]},"DOI":"10.1007\/s00778-006-0002-5","type":"journal-article","created":{"date-parts":[[2006,8,30]],"date-time":"2006-08-30T13:27:56Z","timestamp":1156944476000},"page":"507-521","source":"Crossref","is-referenced-by-count":279,"title":["A new intrusion detection system using support vector machines and hierarchical clustering"],"prefix":"10.1007","volume":"16","author":[{"given":"Latifur","family":"Khan","sequence":"first","affiliation":[]},{"given":"Mamoun","family":"Awad","sequence":"additional","affiliation":[]},{"given":"Bhavani","family":"Thuraisingham","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2006,8,31]]},"reference":[{"key":"2_CR1","doi-asserted-by":"crossref","unstructured":"Agarwal, D.K.: Shrinkage estimator generalizations of proximal support vector machines, In: Proceedings of the 8th International Conference Knowledge Discovery and Data Mining, pp. 173\u2013182. Edmonton, Canada (2002)","DOI":"10.1145\/775047.775073"},{"key":"2_CR2","volume-title":"Next-generation intrusion detection expert system (NIDES): a summary","author":"D. Anderson","year":"May 1995","unstructured":"Anderson, D., Frivold, T., Valdes, A.: Next-generation intrusion detection expert system (NIDES): a summary. Technical Report SRI-CSL-95-07. Computer Science Laboratory, SRI International, Menlo Park, CA (May 1995)"},{"key":"2_CR3","volume-title":"Research in intrusion detection systems: a survey","author":"S. Axelsson","year":"1999","unstructured":"Axelsson, S.: Research in intrusion detection systems: a survey. Technical Report TR 98-17 (revised in 1999). Chalmers University of Technology, Goteborg, Sweden (1999)"},{"key":"2_CR4","doi-asserted-by":"crossref","unstructured":"Balcazar, J.L., Dai, Y., Watanabe, O.: A random sampling technique for training support vector machines for primal-form maximal-margin classifiers, algorithmic learning theory. In: Proceedings of the 12th International Conference, ALT 2001, p. 119. Washington, DC (2001)","DOI":"10.1007\/3-540-45583-3_11"},{"key":"2_CR5","first-page":"579","volume-title":"Proceedings of the ANNIE-2002, vol. 12","author":"A. Bivens","year":"2002","unstructured":"Bivens, A., Palagiri, C., Smith, R., Szymanski, B., Embrechts, M.: Intelligent engineering systems through artificial neural networks. In: Proceedings of the ANNIE-2002, vol. 12, pp. 579\u2013584. ASME Press, New York (2002)"},{"key":"2_CR6","volume-title":"Proceedings of the Research Conference","author":"J. Branch","year":"20002","unstructured":"Branch, J., Bivens, A., Chan, C.-Y., Lee, T.-K., Szymanski, B.: Denial of service intrusion detection using time dependent deterministic finite automata. In: Proceedings of the Research Conference. RPI, Troy, NY (2002)"},{"key":"2_CR7","unstructured":"Cannady, J.: Artificial neural networks for misuse detection. In: Proceedings of the National Information Systems Security Conference (NISSC98), pp. 443\u2013456. Arlington, VA (1998)"},{"key":"2_CR8","first-page":"409","volume-title":"Proceedings of the Advances in Neural Information Processing Systems","author":"G. Cauwenberghs","year":"2000","unstructured":"Cauwenberghs, G., Poggio, T.: Incremental and decremental support vector machine learning. In: Proceedings of the Advances in Neural Information Processing Systems, pp. 409\u2013415. Vancouver, Canada (2000)"},{"issue":"7\/8","key":"2_CR9","doi-asserted-by":"crossref","first-page":"361","DOI":"10.1007\/BF02994844","volume":"55","author":"H. Debar","year":"2000","unstructured":"Debar, H., Dacier, M., Wespi, A.: A revised taxonomy for intrusion detection systems. Ann. T\u00e9l\u00e9commun. 55(7\/8), 361\u2013378 (2000)","journal-title":"Ann. T\u00e9l\u00e9commun"},{"issue":"2","key":"2_CR10","doi-asserted-by":"crossref","first-page":"222","DOI":"10.1109\/TSE.1987.232894","volume":"13","author":"D.E. Denning","year":"1987","unstructured":"Denning, D.E.: An intrusion detection model. IEEE Trans. Software Eng. 13(2), 222\u2013232 (1987)","journal-title":"IEEE Trans. Software Eng"},{"key":"2_CR11","doi-asserted-by":"crossref","first-page":"226","DOI":"10.1007\/PL00006139","volume":"44","author":"J. Dopazo","year":"1997","unstructured":"Dopazo, J., Carazo, J.M.: Phylogenetic reconstruction using an unsupervised growing neural network that adopts the topology of a phylogenetic tree. J. Mol. Evol. 44, 226\u2013233 (1997)","journal-title":"J. Mol. Evol."},{"key":"2_CR12","unstructured":"Forras, P.A., Neumann, F.G.: EMERALD: event monitoring enabling response to anomalous live disturbances. In: Proceedings of the 20th National Information Systems Security Conference, pp. 353\u2013365 (1997)"},{"key":"2_CR13","volume-title":"Proceedings of the Research Conference","author":"S. Freeman","year":"2002","unstructured":"Freeman, S., Bivens, A., Branch, J., Szymanski, B.: Host-based intrusion detection using user signatures. In: Proceedings of the Research Conference. RPI, Troy, NY (2002)"},{"key":"2_CR14","doi-asserted-by":"crossref","first-page":"29","DOI":"10.1080\/10556780108805809","volume":"15","author":"G. Feng","year":"2001","unstructured":"Feng, G., Mangasarian, O.L.: Semi-supervised support vector machines for unlabeled data classification. Optimization Methods Software 15, 29\u201344 (2001)","journal-title":"Optimization Methods Software"},{"key":"2_CR15","unstructured":"Ghosh, A., Schwartzbard, A., Shatz, M.: Learning program behavior profiles for intrusion detection. In: Proceedings of the First USENIX Workshop on Intrusion Detection and Network Monitoring, pp. 51\u201362. Santa Clara, CA (1999)"},{"key":"2_CR16","unstructured":"Girardin, L., Brodbeck, D.: A visual approach or monitoring logs. In: Proceedings of the 12th System Administration Conference (LISA 98), pp. 299\u2013308. Boston, MA (1998) (ISBN: 1-880446-40-5)"},{"key":"2_CR17","unstructured":"Hu, W., Liao, Y., Vemuri, V.R.: Robust support vector machines for anomaly detection in computer security. In: Proceedings of the 2003 International Conference on Machine Learning and Applications (ICMLA'03). Los Angeles, CA (2003)"},{"issue":"3","key":"2_CR18","doi-asserted-by":"crossref","first-page":"181","DOI":"10.1109\/32.372146","volume":"21","author":"K. Ilgun","year":"1995","unstructured":"Ilgun, K., Kemmerer, R.A., Porras, P.A.: State transition analysis: A rule-based intrusion detection approach. IEEE Trans. Software Eng. 21(3), 181\u2013199 (1995)","journal-title":"IEEE Trans. Software Eng"},{"key":"2_CR19","doi-asserted-by":"crossref","unstructured":"Joshi, M., Agrawal, R.: PNrule: a new framework for learning classifier models in data mining (a case-study in network intrusion detection) (2001). In: Proceedings of the First SIAM International Conference on Data Mining. Chicago (2001)","DOI":"10.1137\/1.9781611972719.29"},{"key":"2_CR20","doi-asserted-by":"crossref","unstructured":"Khan, L., Luo, F.: Hierarchical clustering for complex data, in press. Int. J. Artif. Intell. Tools. World Scientific","DOI":"10.1142\/S0218213005002399"},{"key":"2_CR21","volume-title":"Self-Organizing Maps, Springer Series","author":"T. Kohonen","year":"1999","unstructured":"Kohonen, T.: Self-Organizing Maps, Springer Series. Springer Berlin Heidelberg New York (1995)"},{"key":"2_CR22","unstructured":"Kumar, S., Spafford, E.H.: A software architecture to support misuse intrusion detection. In: Proceedings of the 18th National Information Security Conference, pp. 194\u2013204. (1995)"},{"issue":"3","key":"2_CR23","doi-asserted-by":"crossref","first-page":"295","DOI":"10.1145\/322510.322526","volume":"2","author":"T. Lane","year":"1999","unstructured":"Lane, T., Brodley, C.E.: Temporal sequence earning and data reduction for anomaly detection. ACM Trans. Inform. Syst. Security 2(3), 295\u2013331 (1999)","journal-title":"ACM Trans. Inform. Syst. Security"},{"issue":"4","key":"2_CR24","doi-asserted-by":"crossref","first-page":"227","DOI":"10.1145\/382912.382914","volume":"3","author":"W. Lee","year":"2000","unstructured":"Lee, W., Stolfo, S.J.: A framework for constructing features and models for intrusion detection systems. ACM Trans. Inform. Syst. Security 3(4), 227\u2013261 (2000)","journal-title":"ACM Trans. Inform. Syst. Security"},{"issue":"16","key":"2_CR25","doi-asserted-by":"crossref","first-page":"2605","DOI":"10.1093\/bioinformatics\/bth292","volume":"20","author":"F. Luo","year":"2004","unstructured":"Luo, F., Khan, L., Bastani, F.B., Yen, I.L., Zhou, J.: A dynamically growing self-organizing tree (DGSOT) for hierarchical clustering gene expression profiles. Bioinformatics 20(16), 2605\u20132617 (2004)","journal-title":"Bioinformatics"},{"key":"2_CR26","unstructured":"Marchette, D.: A statistical method for profiling network traffic. In: Proceedings of the First USENIX Workshop on Intrusion Detection and Network Monitoring, pp. 119\u2013128. Santa Clara, CA (1999)"},{"key":"2_CR27","unstructured":"McCanne, S., Leres, C., Jacobson, V.: Libpcap, available via anonymous ftp at ftp:\/\/ftp.ee.lbl.gov\/ (1989)"},{"key":"2_CR28","unstructured":"Mukkamala, S., Janoski, G., Sung, A.: Intrusion detection: support vector machines and neural networks. In: Proceedings of the IEEE International Joint Conference on Neural Networks (ANNIE), pp. 1702\u20131707. St. Louis, MO (2002)"},{"key":"2_CR29","volume-title":"Proceedings of the First International Workshop on Recent Advances in Intrusion Detection (RAID)","author":"R. Lippmann","year":"1998","unstructured":"Lippmann, R., Graf, I., Wyschogrod, D., Webster, S.E., Weber, D.J., Gorton, S.: The 1998 DARPA\/AFRL off-line intrusion detection evaluation. In: Proceedings of the First International Workshop on Recent Advances in Intrusion Detection (RAID). Louvain-la-Neuve, Belgium (1998)"},{"key":"2_CR30","unstructured":"Ray, S., Turi, R.H.: Determination of number of clusters in k-means clustering and application in color image segmentation. In: Proceedings of the 4th International Conference on Advances in Pattern Recognition and Digital Techniques (ICAPRDT'99), pp. 137\u2013143. Calcutta, India (1999)"},{"key":"2_CR31","first-page":"943","volume-title":"Advances in Neural Information Processing Systems, vol. 10","author":"J. Ryan","year":"1998","unstructured":"Ryan, J., Lin, M., Mikkulainen, R.: Intrusion detection with neural networks. In: Advances in Neural Information Processing Systems, vol. 10, pp. 943\u2013949. MIT Press, Cambridge, MA (1998)"},{"key":"2_CR32","doi-asserted-by":"crossref","unstructured":"Sequeira, K., Zaki, M.J.: ADMIT: anomaly-base data mining for intrusions. In: Proceedings of the 8th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 386\u2013395 (2002)","DOI":"10.1145\/775047.775103"},{"issue":"4","key":"2_CR33","doi-asserted-by":"crossref","first-page":"5","DOI":"10.1145\/604264.604267","volume":"30","author":"S.J. Stolfo","year":"2001","unstructured":"Stolfo, S.J., Lee, W., Chan, P.K., Fan, W., Eskin, E.: Data mining-based intrusion detectors: an overview of the Columbia IDS project. ACM SIGMOD Record 30(4), 5\u201314 (2001)","journal-title":"ACM SIGMOD Record"},{"key":"2_CR34","doi-asserted-by":"crossref","DOI":"10.1007\/978-1-4757-2440-0","volume-title":"The Nature of Statistical Learning Theory","author":"V.N. Vapnik","year":"1995","unstructured":"Vapnik, V.N.: The Nature of Statistical Learning Theory. Springer Berlin Heidelberg New York (1995)"},{"issue":"6","key":"2_CR35","doi-asserted-by":"crossref","first-page":"465","DOI":"10.1016\/0306-4573(86)90097-X","volume":"22","author":"E.M. Voorhees","year":"1986","unstructured":"Voorhees, E.M.: Implementing agglomerative hierarchic clustering algorithms for use in document retrieval. Inform. Process. Manage. 22(6), 465\u2013476 (1986)","journal-title":"Inform. Process. Manage"},{"key":"2_CR36","doi-asserted-by":"crossref","unstructured":"Warrender, C., Forrest, S., Pearlmutter, B.: Detecting intrusions using system calls: Alternative data models. In: Proceedings of the 1999 IEEE Symposium on Security and Privacy, pp. 133\u2013145. (1999)","DOI":"10.1109\/SECPRI.1999.766910"},{"key":"2_CR37","unstructured":"Shih, L., Rennie, Y.D.M., Chang, Y., Karger, D.R.: Text bundling: statistics-based data reduction. In: Proceedings of the 20th International Conference on Machine Learning (ICML), pp. 696\u2013703. Washington DC (2003)"},{"issue":"2","key":"2_CR38","first-page":"117","volume":"1","author":"D. Tufis","year":"2000","unstructured":"Tufis, D., Popescu, C., Rosu, R.: Automatic classification of documents by random sampling. Proc. Romanian Acad. Ser. 1(2), 117\u2013127 (2000)","journal-title":"Proc. Romanian Acad. Ser."},{"key":"2_CR39","doi-asserted-by":"crossref","unstructured":"Upadhyaya, S., Chinchani, R., Kwiat, K.: An analytical framework for reasoning about intrusions. In: Proceedings of the IEEE Symposium on Reliable Distributed Systems, pp. 99\u2013108. New Orleans, LA (2001)","DOI":"10.1109\/RELDIS.2001.969760"},{"key":"2_CR40","unstructured":"Wang, K., Stolfo, S.J.: One class training for masquerade detection. In: Proceedings of the 3rd IEEE Conference, Data Mining Workshop on Data Mining for Computer Security. Florida (2003)"},{"key":"2_CR41","doi-asserted-by":"crossref","unstructured":"Yu, H., Yang, J., Han, J.: Classifying large data sets using SVM with hierarchical clusters. In: Proceedings of the SIGKDD 2003, pp. 306\u2013315. Washington, DC (2003)","DOI":"10.1145\/956750.956786"},{"key":"2_CR42","doi-asserted-by":"crossref","unstructured":"Zhang, T., Ramakrishnan, R., Livny, M.: BIRCH: an efficient data clustering method for very large databases. In: Proceedings of the SIGMOD Conference, pp. 103\u2013114 (1996)","DOI":"10.1145\/233269.233324"}],"container-title":["The VLDB Journal"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s00778-006-0002-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s00778-006-0002-5\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s00778-006-0002-5","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,8,1]],"date-time":"2021-08-01T00:34:25Z","timestamp":1627778065000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s00778-006-0002-5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2006,8,31]]},"references-count":42,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2007,8,13]]}},"alternative-id":["2"],"URL":"https:\/\/doi.org\/10.1007\/s00778-006-0002-5","relation":{},"ISSN":["1066-8888","0949-877X"],"issn-type":[{"value":"1066-8888","type":"print"},{"value":"0949-877X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2006,8,31]]}}}