{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,28]],"date-time":"2026-06-28T05:09:06Z","timestamp":1782623346772,"version":"3.54.5"},"reference-count":44,"publisher":"Springer Science and Business Media LLC","issue":"5","license":[{"start":{"date-parts":[[2019,11,16]],"date-time":"2019-11-16T00:00:00Z","timestamp":1573862400000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2019,11,16]],"date-time":"2019-11-16T00:00:00Z","timestamp":1573862400000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Int. J. Inf. Secur."],"published-print":{"date-parts":[[2020,10]]},"DOI":"10.1007\/s10207-019-00478-3","type":"journal-article","created":{"date-parts":[[2019,11,16]],"date-time":"2019-11-16T11:01:57Z","timestamp":1573902117000},"page":"597-607","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":12,"title":["Cyberattack triage using incremental clustering for intrusion detection systems"],"prefix":"10.1007","volume":"19","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-1779-4567","authenticated-orcid":false,"given":"Sona","family":"Taheri","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Adil M.","family":"Bagirov","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Iqbal","family":"Gondal","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Simon","family":"Brown","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2019,11,16]]},"reference":[{"issue":"3","key":"478_CR1","doi-asserted-by":"crossref","first-page":"185","DOI":"10.1007\/s10207-007-0024-z","volume":"7","author":"PT Chen","year":"2008","unstructured":"Chen, P.T., Laih, C.S.: Idsic: an intrusion detection system with identification capability. Int. J. Inf. Secur. 7(3), 185\u2013197 (2008)","journal-title":"Int. J. Inf. Secur."},{"issue":"1","key":"478_CR2","doi-asserted-by":"crossref","first-page":"16","DOI":"10.1016\/j.jnca.2012.09.004","volume":"36","author":"HJ Liao","year":"2013","unstructured":"Liao, H.J., Lin, Y.C., Lin, C.H.R., Tung, K.Y.: Review: intrusion detection system: a comprehensive review. J. Netw. Comput. Appl. 36(1), 16\u201324 (2013)","journal-title":"J. Netw. Comput. Appl."},{"issue":"1","key":"478_CR3","doi-asserted-by":"crossref","first-page":"14","DOI":"10.1007\/s102070100001","volume":"1","author":"J McHugh","year":"2001","unstructured":"McHugh, J.: Intrusion and intrusion detection. Int. J. Inf. Secur. 1(1), 14\u201335 (2001)","journal-title":"Int. J. Inf. Secur."},{"key":"478_CR4","unstructured":"Global information security practices: survey key findings and trends. http:\/\/www.pwc.com (2015). Accessed 2018"},{"key":"478_CR5","doi-asserted-by":"crossref","unstructured":"Sommer, R., Paxson, V.: Outside the closed world: On using machine learning for network intrusion detection. In: Security and Privacy, pp. 305\u2013316 (2010)","DOI":"10.1109\/SP.2010.25"},{"key":"478_CR6","doi-asserted-by":"crossref","first-page":"e0180945","DOI":"10.1371\/journal.pone.0180945","volume":"13","author":"MF Umer","year":"2018","unstructured":"Umer, M.F., Sher, M., Bi, X.: A two-stage flow-based intrusion detection model for next-generation networks. PloS One 13, e0180945 (2018)","journal-title":"PloS One"},{"issue":"1","key":"478_CR7","first-page":"674","volume":"5","author":"DW Archana","year":"2014","unstructured":"Archana, D.W., Chatur, P.N.: Comparison of firewall and intrusion detection system. Int. J. Comput. Sci. Inf. Technol. 5(1), 674\u2013678 (2014)","journal-title":"Int. J. Comput. Sci. Inf. Technol."},{"issue":"6","key":"478_CR8","first-page":"1","volume":"3","author":"U Kanika","year":"2013","unstructured":"Kanika, U.: Security of network using Ids and firewall. Int. J. Sci. Res. Publ. 3(6), 1\u20134 (2013)","journal-title":"Int. J. Sci. Res. Publ."},{"key":"478_CR9","first-page":"77","volume":"5","author":"EM Chakir","year":"2015","unstructured":"Chakir, E.M., Codjovi, C., Khamlichi, Y.I., Moughit, M., First Settat, H.: False positives reduction in intrusion detection systems using alert correlation and data mining techniques. Int. J. Adv. Res. Comput. Sci. Softw. Eng. IJARCSSE 5, 77\u201385 (2015)","journal-title":"Int. J. Adv. Res. Comput. Sci. Softw. Eng. IJARCSSE"},{"key":"478_CR10","first-page":"1600","volume":"7","author":"N Gupta","year":"2016","unstructured":"Gupta, N., Srivastava, K., Sharma, A.: Reducing false positive in intrusion detection system: a survey. Int. J. Comput. Sci. Inf. Technol. 7, 1600\u20131603 (2016)","journal-title":"Int. J. Comput. Sci. Inf. Technol."},{"key":"478_CR11","doi-asserted-by":"crossref","first-page":"12","DOI":"10.1109\/DISCEX.2000.821506","volume":"2","author":"RP Lippmann","year":"2000","unstructured":"Lippmann, R.P., Fried, D.J., Graf, I., Haines, J.W., Kendall, K.R., Mcclung, D., et al.: Evaluating intrusion detection systems: the 1998 darpa off-line intrusion detection evaluation. DARPA Inf. Surviv. Conf. Expos. 2, 12\u201326 (2000)","journal-title":"DARPA Inf. Surviv. Conf. Expos."},{"issue":"1","key":"478_CR12","doi-asserted-by":"crossref","first-page":"35","DOI":"10.1016\/j.cose.2009.07.008","volume":"29","author":"GP Spathoulas","year":"2010","unstructured":"Spathoulas, G.P., Katsikas, S.K.: Reducing false positives in intrusion detection systems. Comput. Secur. 29(1), 35\u201344 (2010)","journal-title":"Comput. Secur."},{"issue":"1","key":"478_CR13","doi-asserted-by":"crossref","first-page":"35","DOI":"10.1016\/j.cose.2009.07.008","volume":"29","author":"GP Spathoulas","year":"2010","unstructured":"Spathoulas, G.P., Katsikas, S.K.: Reducing false positives in intrusion detection systems. Comput. Secur. 29(1), 35\u201344 (2010)","journal-title":"Comput. Secur."},{"issue":"11","key":"478_CR14","first-page":"6894","volume":"2","author":"PU Kadam","year":"2014","unstructured":"Kadam, P.U., Deshmukh, M.: Various approaches for intrusion detection system: an overview. Int. J. Innov. Res. Comput. Commun. Eng. 2(11), 6894\u20136902 (2014)","journal-title":"Int. J. Innov. Res. Comput. Commun. Eng."},{"key":"478_CR15","doi-asserted-by":"crossref","first-page":"395","DOI":"10.1007\/978-3-642-14478-3_39","volume-title":"Recent Trends in Network Security and Applications","author":"V Pareek","year":"2010","unstructured":"Pareek, V., Mishra, A., Sharma, A., Chauhan, R., Bansal, S.: A deviation based outlier intrusion detection system. In: Chaki, N., Nagamalai, D., Meghanathan, N., Boumerdassi, S. (eds.) Recent Trends in Network Security and Applications, pp. 395\u2013401. Springer, Berlin (2010)"},{"key":"478_CR16","unstructured":"Mujumdar, A., Masiwal, G.,Dr. Meshram, B.B.: Analysis of signature-based and behavior-based anti-malware approaches. Int. J. Adv. Res. Comput. Eng. Tech. (IJARCET). 2(6), 2037\u20132039 (2013)"},{"issue":"4","key":"478_CR17","doi-asserted-by":"crossref","first-page":"443","DOI":"10.1145\/950191.950192","volume":"6","author":"K Julisch","year":"2003","unstructured":"Julisch, K.: Clustering intrusion detection alarms to support root cause analysis. ACM Trans. Inf. Syst. Secur. 6(4), 443\u2013471 (2003)","journal-title":"ACM Trans. Inf. Syst. Secur."},{"key":"478_CR18","unstructured":"Rubin, S., Jha, S., Miller, B.P.: Automatic generation and analysis of NIDS attacks. In: Proceedings of the 20th Annual Computer Security Applications Conference, pp. 28\u201338. IEEE Computer Society, Washington, DC (2004)"},{"issue":"1","key":"478_CR19","doi-asserted-by":"crossref","first-page":"686","DOI":"10.1109\/COMST.2018.2847722","volume":"21","author":"P Mishra","year":"2019","unstructured":"Mishra, P., Varadharajan, V., Tupakula, U., Pilli, E.S.: A detailed investigation and analysis of using machine learning techniques for intrusion detection. IEEE Commun. Surv. Tutor. 21(1), 686\u2013728 (2019)","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"478_CR20","doi-asserted-by":"crossref","first-page":"702","DOI":"10.1007\/11430919_81","volume-title":"Advances in Knowledge Discovery and Data Mining","author":"Z Li","year":"2005","unstructured":"Li, Z., Das, A., Zhou, J.: Usaid: unifying signature-based and anomaly-based intrusion detection. In: Ho, T.B., Cheung, D., Liu, H. (eds.) Advances in Knowledge Discovery and Data Mining, pp. 702\u2013712. Springer, Berlin (2005)"},{"key":"478_CR21","doi-asserted-by":"crossref","unstructured":"Wagner, D., Soto, P.: Mimicry attacks on host-based intrusion detection systems. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, pp. 255\u2013264. ACM, New York (2002)","DOI":"10.1145\/586110.586145"},{"key":"478_CR22","doi-asserted-by":"crossref","unstructured":"Breunig, M., Kriegel, H., Ng, R., Sander, J.: Lof: identifying density-based local outliers. In: Proceedings of the 2000 ACM SIGMOD International Conference on Management of Data, pp. 93\u2013104 (2000)","DOI":"10.1145\/335191.335388"},{"key":"478_CR23","doi-asserted-by":"crossref","unstructured":"Schubert, E., Zimek, A., Kriegel, H.P.: Generalized Outlier Detection with Flexible Kernel Density Estimates, pp. 542\u2013550 (2014)","DOI":"10.1137\/1.9781611973440.63"},{"key":"478_CR24","doi-asserted-by":"crossref","first-page":"813","DOI":"10.1007\/978-3-642-01307-2_84","volume-title":"Advances in Knowledge Discovery and Data Mining","author":"K Zhang","year":"2009","unstructured":"Zhang, K., Hutter, M., Jin, H.: A new local distance-based outlier detection approach for scattered real-world data. In: Theeramunkong, T., Kijsirikul, B., Cercone, N., Ho, T.B. (eds.) Advances in Knowledge Discovery and Data Mining, pp. 813\u2013822. Springer, Berlin (2009)"},{"key":"478_CR25","doi-asserted-by":"crossref","first-page":"30","DOI":"10.1016\/j.patrec.2016.05.007","volume":"80","author":"Q Zhu","year":"2016","unstructured":"Zhu, Q., Feng, J., Huang, J.: Natural neighbor: a self-adaptive neighborhood method without parameter k. Pattern Recognit. Lett. 80, 30\u201336 (2016)","journal-title":"Pattern Recognit. Lett."},{"issue":"6","key":"478_CR26","doi-asserted-by":"crossref","first-page":"691","DOI":"10.1016\/S0167-8655(00)00131-8","volume":"22","author":"MF Jiang","year":"2001","unstructured":"Jiang, M.F., Tseng, S.S., Su, C.M.: Two-phase clustering process for outliers detection. Pattern Recognit. Lett. 22(6), 691\u2013700 (2001)","journal-title":"Pattern Recognit. Lett."},{"issue":"2","key":"478_CR27","doi-asserted-by":"crossref","first-page":"3744","DOI":"10.1016\/j.eswa.2008.02.037","volume":"36","author":"CH Wang","year":"2009","unstructured":"Wang, C.H.: Outlier identification and market segmentation using kernel based clustering techniques. Expert Syst. Appl. 36(2), 3744\u20133750 (2009)","journal-title":"Expert Syst. Appl."},{"issue":"1","key":"478_CR28","doi-asserted-by":"crossref","first-page":"151","DOI":"10.1007\/s10479-008-0371-9","volume":"168","author":"D Lian","year":"2009","unstructured":"Lian, D., Xu, L., Liu, Y., Lee, J.: Cluster-based outlier detection. Ann. Oper. Res. 168(1), 151\u2013168 (2009)","journal-title":"Ann. Oper. Res."},{"issue":"18","key":"478_CR29","doi-asserted-by":"crossref","first-page":"3469","DOI":"10.1002\/sec.1271","volume":"8","author":"F Hachmi","year":"2015","unstructured":"Hachmi, F., Boujenfa, K., Limam, M.: An optimization process to identify outliers generated by intrusion detection systems. Secur. Commun. Netw. 8(18), 3469\u20133480 (2015)","journal-title":"Secur. Commun. Netw."},{"issue":"6","key":"478_CR30","first-page":"12","volume":"2","author":"SD Pachgade","year":"2012","unstructured":"Pachgade, S.D., Dhande, S.S.: A heuristic algorithm for solving the minimum sum-of-squares clustering problems. Int. J. Adv. Res. Comput. Sci. Softw. Eng. 2(6), 12\u201316 (2012)","journal-title":"Int. J. Adv. Res. Comput. Sci. Softw. Eng."},{"key":"478_CR31","doi-asserted-by":"crossref","unstructured":"Rizk, H., ElGokhy, M., Sarhan, A.: A hybrid outlier detection algorithm based on partitioning clustering and density measures. In: 2015 Tenth International Conference on Computer Engineering and Systems (ICCES), pp. 175\u2013181 (2015)","DOI":"10.1109\/ICCES.2015.7393040"},{"key":"478_CR32","doi-asserted-by":"crossref","unstructured":"Dickson, A., Thomas, C.: Optimizing false alerts using multi-objective particle swarm optimization method. In: IEEE International Conference on Signal Processing, Informatics, Communication and Energy Systems (2015)","DOI":"10.1109\/SPICES.2015.7091547"},{"key":"478_CR33","doi-asserted-by":"crossref","unstructured":"Olsson, C., Eriksson, A., Hartley, R.: Outlier removal using duality. In: IEEE Conference on Computer Vision and Pattern Recognition (CVPR) (2010)","DOI":"10.1109\/CVPR.2010.5539800"},{"key":"478_CR34","doi-asserted-by":"crossref","first-page":"203","DOI":"10.1007\/978-3-540-92957-4_18","volume-title":"Advances in Image and Video Technology","author":"Y Seo","year":"2009","unstructured":"Seo, Y., Lee, H., Lee, S.: Outlier removal by convex optimization for l-infinity approaches. In: Toshikazu, W., Fay, H., Stephen, L. (eds.) Advances in Image and Video Technology, pp. 203\u2013214. Springer, Heidelberg (2009)"},{"key":"478_CR35","unstructured":"Cannady, J., Harrell, J.: A comparative analysis of current intrusion detection technologies. In: Proc. of the Fourth Technology for Information Security Conference\u201996 (TISC\u201996) (2000)"},{"issue":"1","key":"478_CR36","doi-asserted-by":"crossref","first-page":"219","DOI":"10.1007\/s10589-014-9711-7","volume":"61","author":"AM Bagirov","year":"2015","unstructured":"Bagirov, A.M., Ordin, B., Ozturk, G., Xavier, A.E.: An incremental clustering algorithm based on hyperbolic smoothing. Comput. Optim. Appl. 61(1), 219\u2013241 (2015)","journal-title":"Comput. Optim. Appl."},{"key":"478_CR37","doi-asserted-by":"crossref","first-page":"12","DOI":"10.1016\/j.patcog.2015.11.011","volume":"53","author":"AM Bagirov","year":"2016","unstructured":"Bagirov, A.M., Taheri, S., Ugon, J.: Nonsmooth DC programming approach to the minimum sum-of-squares clustering problems. Pattern Recognit. 53, 12\u201324 (2016)","journal-title":"Pattern Recognit."},{"issue":"2","key":"478_CR38","doi-asserted-by":"crossref","first-page":"341","DOI":"10.1007\/s10898-014-0171-5","volume":"61","author":"B Ordin","year":"2015","unstructured":"Ordin, B., Bagirov, A.M.: A heuristic algorithm for solving the minimum sum-of-squares clustering problems. J. Global Optim. 61(2), 341\u2013361 (2015)","journal-title":"J. Global Optim."},{"issue":"10","key":"478_CR39","doi-asserted-by":"crossref","first-page":"3192","DOI":"10.1016\/j.patcog.2008.04.004","volume":"41","author":"AM Bagirov","year":"2008","unstructured":"Bagirov, A.M.: Modified global k-means algorithm for minimum sum-of squares clustering problems. Pattern Recognit. 41(10), 3192\u20133199 (2008)","journal-title":"Pattern Recognit."},{"key":"478_CR40","unstructured":"Madsen, J.H.: Distance and density-based outlier detection. https:\/\/github.com\/jhmadsen\/DDoutlier (2018). Accessed 2018"},{"key":"478_CR41","unstructured":"Network-intrusion-detection-using-machine-learning. https:\/\/github.com\/Anshumank399\/Network-Intrusion-Detection-using-Machine-Learning (2018). Accessed 2018"},{"key":"478_CR42","unstructured":"Dua, D., Graff, C.: UCI Machine Learning Repository, Irvine, CA: University of California, School of Information and Computer Sciences. http:\/\/archive.ics.uci.edu\/ml (2019). Accessed 2018"},{"key":"478_CR43","volume-title":"Introduction to Data Mining","author":"PN Tan","year":"2005","unstructured":"Tan, P.N., Steinbach, M., Kumar, V.: Introduction to Data Mining. Addison-Wesley Longman Publishing Co., Inc., Boston (2005)"},{"key":"478_CR44","unstructured":"Nour, M., Jill, S.: Unsw-nb15: a comprehensive data set for network intrusion detection systems (unsw-nb15 network data set). In: Military Communications and Information Systems Conference, IEEE, pp. 1\u20136 (2015)"}],"container-title":["International Journal of Information Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-019-00478-3.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s10207-019-00478-3\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-019-00478-3.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,11,15]],"date-time":"2020-11-15T00:27:56Z","timestamp":1605400076000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s10207-019-00478-3"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,11,16]]},"references-count":44,"journal-issue":{"issue":"5","published-print":{"date-parts":[[2020,10]]}},"alternative-id":["478"],"URL":"https:\/\/doi.org\/10.1007\/s10207-019-00478-3","relation":{},"ISSN":["1615-5262","1615-5270"],"issn-type":[{"value":"1615-5262","type":"print"},{"value":"1615-5270","type":"electronic"}],"subject":[],"published":{"date-parts":[[2019,11,16]]},"assertion":[{"value":"16 November 2019","order":1,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Compliance with ethical standards"}},{"value":"The authors declare that they have no conflict of interest.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}},{"value":"This article does not contain any studies with human participants or animals performed by any of the authors.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Ethical approval"}}]}}