{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,26]],"date-time":"2026-03-26T20:13:47Z","timestamp":1774556027193,"version":"3.50.1"},"reference-count":49,"publisher":"Springer Science and Business Media LLC","issue":"3","license":[{"start":{"date-parts":[[2021,9,23]],"date-time":"2021-09-23T00:00:00Z","timestamp":1632355200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2021,9,23]],"date-time":"2021-09-23T00:00:00Z","timestamp":1632355200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Int. J. Inf. Secur."],"published-print":{"date-parts":[[2022,6]]},"DOI":"10.1007\/s10207-021-00567-2","type":"journal-article","created":{"date-parts":[[2021,9,24]],"date-time":"2021-09-24T02:47:13Z","timestamp":1632451633000},"page":"547-562","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":33,"title":["A content-based deep intrusion detection system"],"prefix":"10.1007","volume":"21","author":[{"given":"Mahdi","family":"Soltani","sequence":"first","affiliation":[]},{"given":"Mahdi Jafari","family":"Siavoshani","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8837-0668","authenticated-orcid":false,"given":"Amir Hossein","family":"Jahangir","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2021,9,23]]},"reference":[{"key":"567_CR1","unstructured":"Mcpad project. http:\/\/roberto.perdisci.com\/projects\/mcpad (2009). [Online; accessed 12-November-2018]"},{"key":"567_CR2","unstructured":"Kdd cup 1999. http:\/\/kdd.ics.uci.edu\/databases\/kddcup99\/kddcup99.html (2018). [Online; accessed 12-November-2018]"},{"key":"567_CR3","unstructured":"Snort 2.9. https:\/\/www.snort.org (2018). [Online; accessed 18-October-2018]"},{"key":"567_CR4","unstructured":"Cse-cic-ids2018. https:\/\/www.unb.ca\/cic\/datasets\/ids-2018.html (2021). [Online; accessed 18-May-2021]"},{"key":"567_CR5","unstructured":"Abadi, M., Agarwal, A., Barham, P., Brevdo, E., Chen, Z., Citro, C., Corrado, G.S., Davis, A., Dean, J., Devin, M., Ghemawat, S., Goodfellow, I., Harp, A., Irving, G., Isard, M., Jia, Y., Jozefowicz, R., Kaiser, L., Kudlur, M., Levenberg, J., Man\u00e9, D., Monga, R., Moore, S., Murray, D., Olah, C., Schuster, M., Shlens, J., Steiner, B., Sutskever, I., Talwar, K., Tucker, P., Vanhoucke, V., Vasudevan, V., Vi\u00e9gas, F., Vinyals, O., Warden, P., Wattenberg, M., Wicke, M., Yu, Y., Zheng, X.: TensorFlow: Large-scale machine learning on heterogeneous systems (2015). http:\/\/tensorflow.org\/. Software available from tensorflow.org"},{"key":"567_CR6","doi-asserted-by":"crossref","unstructured":"Agarap Abien, F.M.: A neural network architecture combining gated recurrent unit (GRU) and support vector machine (SVM) for intrusion detection in network traffic data. Proceedings of the 2018 10th International Conference on Machine Learning and Computing. pp. 26-30 (2018)","DOI":"10.1145\/3195106.3195117"},{"key":"567_CR7","doi-asserted-by":"publisher","first-page":"249","DOI":"10.1016\/j.eswa.2017.07.005","volume":"88","author":"Manzoor I Akashdeep","year":"2017","unstructured":"Akashdeep, Manzoor I., Kumar, N.: A feature reduced intrusion detection system using ann classifier. Expert Syst. Appl. 88, 249\u2013257 (2017)","journal-title":"Expert Syst. Appl."},{"issue":"3","key":"567_CR8","doi-asserted-by":"publisher","first-page":"621","DOI":"10.1109\/TIFS.2017.2762828","volume":"13","author":"E Aminanto Muhamad","year":"2018","unstructured":"Aminanto Muhamad, E., Choi, R., Tanuwidjaja Harry, C., Yoo Paul, D., Kwangjo, K.: Deep abstraction and weighted feature selection for wi-fi impersonation detection. IEEE Trans. Inf. Forensics Secur. 13(3), 621\u2013636 (2018)","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"567_CR9","doi-asserted-by":"publisher","first-page":"690","DOI":"10.1016\/j.ijepes.2018.11.013","volume":"107","author":"S Basumallik","year":"2019","unstructured":"Basumallik, S., Ma, R., Eftekharnejad, S.: Packet-data anomaly detection in pmu-based state estimator using convolutional neural network. Int. J. Electr. Power Energy Syst. 107, 690\u2013702 (2019)","journal-title":"Int. J. Electr. Power Energy Syst."},{"issue":"8","key":"567_CR10","doi-asserted-by":"publisher","first-page":"1798","DOI":"10.1109\/TPAMI.2013.50","volume":"35","author":"Y Bengio","year":"2013","unstructured":"Bengio, Y., Courville, A., Vincent, P.: Representation learning: a review and new perspectives. IEEE Trans. Pattern Anal. Mach. Intell. 35(8), 1798\u20131828 (2013)","journal-title":"IEEE Trans. Pattern Anal. Mach. Intell."},{"issue":"1","key":"567_CR11","first-page":"579","volume":"12","author":"A Bivens","year":"2002","unstructured":"Bivens, A., Palagiri, C., Smith, R., Szymanski, B., Embrechts, M.: Network-based intrusion detection using neural networks. Intell. Eng. Syst. through Artif. Neural Netw. 12(1), 579\u2013584 (2002)","journal-title":"Intell. Eng. Syst. through Artif. Neural Netw."},{"issue":"1","key":"567_CR12","doi-asserted-by":"publisher","first-page":"5","DOI":"10.1023\/A:1010933404324","volume":"45","author":"L Breiman","year":"2001","unstructured":"Breiman, L.: Random forests. Mach. Learn. 45(1), 5\u201332 (2001)","journal-title":"Mach. Learn."},{"key":"567_CR13","doi-asserted-by":"crossref","unstructured":"Chen, R.C., Cheng, K.F., Chen, Y.H., Hsieh, C.F.: In: Using rough set and support vector machine for network intrusion detection system,In: First Asian Conference on Intelligent Information and Database Systems, pp. 465\u2013470. IEEE (2009)","DOI":"10.1109\/ACIIDS.2009.59"},{"key":"567_CR14","unstructured":"Chollet, F.: keras. https:\/\/github.com\/fchollet\/keras (2017)"},{"key":"567_CR15","doi-asserted-by":"crossref","unstructured":"Cretu-Ciocarlie, G.F., Stavrou, A., Locasto, M.E., Stolfo, S.J., Keromytis, A.D.: Casting out demons: Sanitizing training data for anomaly sensors. IEEE Symposium on Security and Privacy (2008)","DOI":"10.1109\/SP.2008.11"},{"key":"567_CR16","first-page":"447","volume":"6","author":"G Dorffner","year":"1996","unstructured":"Dorffner, G.: Neural networks for time series processing. Neural Netw. World 6, 447\u2013468 (1996)","journal-title":"Neural Netw. World"},{"key":"567_CR17","doi-asserted-by":"publisher","first-page":"213","DOI":"10.1016\/j.procs.2016.06.047","volume":"89","author":"N Farnaaz","year":"2016","unstructured":"Farnaaz, N., Jabbar, M.: Random forest modeling for network intrusion detection system. Procedia Comput. Sci. 89, 213\u2013217 (2016)","journal-title":"Procedia Comput. Sci."},{"key":"567_CR18","doi-asserted-by":"crossref","unstructured":"Ferrag, M.A., Maglaras, L.: Deepcoin: A novel deep learning and blockchain-based energy exchange framework for smart grids. IEEE Transactions on Engineering Management (2019)","DOI":"10.1109\/TEM.2019.2922936"},{"key":"567_CR19","first-page":"102419","volume":"50","author":"MA Ferrag","year":"2020","unstructured":"Ferrag, M.A., Maglaras, L., Moschoyiannis, S., Janicke, H.: Deep learning for cyber security intrusion detection: approaches, datasets, and comparative study. J. Inf. Secur. Appl. 50, 102419 (2020)","journal-title":"J. Inf. Secur. Appl."},{"key":"567_CR20","unstructured":"Goodfellow, I., Bengio, Y., Courville, A.: Deep Learning. MIT Press (2016). http:\/\/www.deeplearningbook.org"},{"key":"567_CR21","doi-asserted-by":"crossref","unstructured":"Heba, F.E., Darwish, A., Hassanien Aboul, E., Abraham, A.: Principle components analysis and support vector machine based intrusion detection system. 2010 10th International Conference on Intelligent Systems Design and Applications pp. 363\u2013367 (2010)","DOI":"10.1109\/ISDA.2010.5687239"},{"key":"567_CR22","doi-asserted-by":"publisher","first-page":"33","DOI":"10.1007\/978-3-540-85066-3_3","volume-title":"A tutorial on learning with bayesian networks In Innovations in Bayesian networks","author":"D Heckerman","year":"2008","unstructured":"Heckerman, D.: A tutorial on learning with bayesian networks In Innovations in Bayesian networks, pp. 33\u201382. Springer, Berlin (2008)"},{"issue":"8","key":"567_CR23","doi-asserted-by":"publisher","first-page":"1735","DOI":"10.1162\/neco.1997.9.8.1735","volume":"9","author":"S Hochreiter","year":"1997","unstructured":"Hochreiter, S., Schmidhuber, J.: Long short-term memory. Neural Comput. 9(8), 1735\u20131780 (1997)","journal-title":"Neural Comput."},{"key":"567_CR24","doi-asserted-by":"crossref","unstructured":"Javaid, A., Niyaz, Q., Sun, W., Mansoor, A.: A deep learning approach for network intrusion detection system. BICT\u201915 Proceedings of the 9th EAI International Conference on Bio-inspired Information and Communications Technologies (formerly BIONETICS) pp. 21\u201326 (2016)","DOI":"10.4108\/eai.3-12-2015.2262516"},{"key":"567_CR25","doi-asserted-by":"crossref","unstructured":"Jemili, F., Zaghdoud, M., Ahmed Mohamed, B.: A framework for an adaptive intrusion detection system using Bayesian network. 2007 IEEE Intelligence and Security Informatics pp. 66\u201370 (2007)","DOI":"10.1109\/ISI.2007.379535"},{"key":"567_CR26","doi-asserted-by":"crossref","unstructured":"Jia, N., Liu, D.: Application of svm based on information entropy in intrusion detection. In: International Conference on Intelligent and Interactive Systems and Applications, pp. 464\u2013468. Springer (2017)","DOI":"10.1007\/978-3-319-69096-4_64"},{"key":"567_CR27","doi-asserted-by":"publisher","first-page":"15","DOI":"10.1016\/j.comcom.2020.12.016","volume":"167","author":"P Jurkiewicz","year":"2021","unstructured":"Jurkiewicz, P., Rzym, G., Borylo, P.: Flow length and size distributions in campus internet traffic. Comput. Commun. 167, 15\u201330 (2021)","journal-title":"Comput. Commun."},{"issue":"8","key":"567_CR28","first-page":"3884","volume":"10","author":"M Kakavand","year":"2016","unstructured":"Kakavand, M., Mustapha, N., Mustapha, A., Abdullah, M.T.: Effective dimensionality reduction of payload-based anomaly detection in tmad model for http payload. TIIS 10(8), 3884\u20133910 (2016)","journal-title":"TIIS"},{"issue":"4","key":"567_CR29","doi-asserted-by":"publisher","first-page":"583","DOI":"10.3390\/sym11040583","volume":"11","author":"MA Khan","year":"2019","unstructured":"Khan, M.A., Karim, M., Kim, Y., et al.: A scalable and hybrid intrusion detection system based on the convolutional-lstm network. Symmetry 11(4), 583 (2019)","journal-title":"Symmetry"},{"key":"567_CR30","doi-asserted-by":"crossref","unstructured":"Kim, J., Kim, J., Thu Huong, L.T., Kim, H.: Long short term memory recurrent neural network classifier for intrusion detection. 2016 International Conference on Platform Technology and Service (PlatCon) pp. 1\u20135 (2016)","DOI":"10.1109\/PlatCon.2016.7456805"},{"key":"567_CR31","doi-asserted-by":"crossref","unstructured":"Kim, K., Aminato Muhaamad, E.: Deep learning in intrusion detection perspective: Overview and further challenges. 2017 International Workshop on Big Data and Information Security (IWBIS) pp. 5\u201310 (2017)","DOI":"10.1109\/IWBIS.2017.8275095"},{"key":"567_CR32","doi-asserted-by":"crossref","unstructured":"Kruegel, C., Mutz, D., Robertson, W., Valeur, F.: Bayesian event classification for intrusion detection. Proceedings of the 19th Annual Computer Security Applications pp. 14\u201323 (2003)","DOI":"10.1109\/CSAC.2003.1254306"},{"key":"567_CR33","doi-asserted-by":"crossref","unstructured":"Kruegel, C., Toth, T.: Using decision trees to improve signature based intrusion detection. International Workshop on Recent Advances in Intrusion Detection pp. 173\u2013191 (2003)","DOI":"10.1007\/978-3-540-45248-5_10"},{"issue":"7553","key":"567_CR34","doi-asserted-by":"publisher","first-page":"436","DOI":"10.1038\/nature14539","volume":"521","author":"Y LeCun","year":"2015","unstructured":"LeCun, Y., Bengio, Y., Hinton, G.: Deep learning. Nature 521(7553), 436\u2013444 (2015)","journal-title":"Nature"},{"issue":"4","key":"567_CR35","doi-asserted-by":"publisher","first-page":"597","DOI":"10.1016\/S1389-1286(00)00140-7","volume":"34","author":"P Lippmann Richard","year":"2000","unstructured":"Lippmann Richard, P., Cunningham Robert, K.: Improving intrusion detection performance using keyword selection and neural networks. Comput. Netw. 34(4), 597\u2013603 (2000)","journal-title":"Comput. Netw."},{"issue":"4","key":"567_CR36","doi-asserted-by":"publisher","first-page":"579","DOI":"10.1016\/S1389-1286(00)00139-0","volume":"34","author":"R Lippmann","year":"2000","unstructured":"Lippmann, R., Haines Joshua, W., Fried David, J., Korba, J., Das, K.: The 1999 darpa off-line intrusion detection evaluation. Comput. Netw. 34(4), 579\u2013595 (2000)","journal-title":"Comput. Netw."},{"key":"567_CR37","doi-asserted-by":"crossref","unstructured":"Mahoney Matthew, V., Chan Philip, K.: An analysis of the 1999 darpa\/lincoln laboratory evaluation data for network anomaly detection. International Workshop on Recent Advances in Intrusion Detection, pp. 220\u2013237. (2003)","DOI":"10.1007\/978-3-540-45248-5_13"},{"issue":"6","key":"567_CR38","doi-asserted-by":"publisher","first-page":"864","DOI":"10.1016\/j.comnet.2008.11.011","volume":"53","author":"R Perdisci","year":"2009","unstructured":"Perdisci, R., Ariu, D., Fogla, P., Giacinto, G., Lee, W.: Mcpad- a multiple classifier system for accurate payload-based anomaly detection. Comput. Netw. 53(6), 864\u2013881 (2009)","journal-title":"Comput. Netw."},{"key":"567_CR39","first-page":"293","volume-title":"Hybrid intelligent intrusion detection scheme In Soft computing in industrial applications","author":"A Salama Mostafa","year":"2011","unstructured":"Salama Mostafa, A., Eid Heba, F., Ramadan Rabie, A., Darwish, A., Hassanein Aboul, E.: Hybrid intelligent intrusion detection scheme In Soft computing in industrial applications, pp. 293\u2013303. Springer, Berlin (2011)"},{"key":"567_CR40","doi-asserted-by":"crossref","unstructured":"Sharafaldin, I., Lashkari Arash, H., Ghorbani Ali, A.: Toward generating a new intrusion detection dataset and intrusion traffic characterization. In: ICISSP, pp. 108\u2013116 (2018)","DOI":"10.5220\/0006639801080116"},{"key":"567_CR41","doi-asserted-by":"crossref","unstructured":"Soheily-Khah, S., Marteau, P.F., B\u00e9chet, N.: Intrusion detection in network systems through hybrid supervised and unsupervised mining process-a detailed case study on the ISCX benchmark dataset. In: 2018 1st International Conference on Data Intelligence and Security (ICDIS), pp. 219\u2013226. IEEE (2018)","DOI":"10.1109\/ICDIS.2018.00043"},{"issue":"2","key":"567_CR42","doi-asserted-by":"publisher","first-page":"179","DOI":"10.1007\/s10994-009-5143-5","volume":"81","author":"Y Song","year":"2010","unstructured":"Song, Y., Locasto Michael, E., Starvrou, A., Keromytis, A., Stolfo Salvatroe, J.: On the infeasibility of modeling polymorphic shellcode. Mach. Learn. 81(2), 179\u2013205 (2010)","journal-title":"Mach. Learn."},{"key":"567_CR43","doi-asserted-by":"crossref","unstructured":"Tang Tuan, A., Mhamdi, L., McLernon, D., Zaidi Syed, A.R., Ghogho, M.: Deep learning approach for network intrusion detection in software defined networking. 2016 International Conference on Wireless Networks and Mobile Communications (WINCOM) pp. 258\u2013263 (2016)","DOI":"10.1109\/WINCOM.2016.7777224"},{"key":"567_CR44","doi-asserted-by":"publisher","first-page":"130","DOI":"10.1016\/j.knosys.2017.09.014","volume":"136","author":"H Wang","year":"2017","unstructured":"Wang, H., Gu, J., Wang, S.: An effective intrusion detection framework based on svm with feature augmentation. Knowl-Based Syst. 136, 130\u2013139 (2017)","journal-title":"Knowl-Based Syst."},{"key":"567_CR45","doi-asserted-by":"crossref","unstructured":"Wang, K., Parekh Janak, J., Salvatore, Stolfo, J.: Anagram: A content anomaly detector resistant to mimicry attack. International Workshop on Recent Advances in Intrusion Detection, pp. 226\u2013248. (2006)","DOI":"10.1007\/11856214_12"},{"key":"567_CR46","doi-asserted-by":"crossref","unstructured":"Wang, K., Stolfo Salvatore, J.: Anomalous payload-based network intrusion detection. International Workshop on Recent Advances in Intrusion Detection pp. 203\u2013222 (2004)","DOI":"10.1007\/978-3-540-30143-1_11"},{"key":"567_CR47","doi-asserted-by":"publisher","first-page":"108346","DOI":"10.1109\/ACCESS.2020.3001350","volume":"8","author":"S Zavrak","year":"2020","unstructured":"Zavrak, S., Iskefiyeli, M.: Anomaly-based intrusion detection from network flow features using variational autoencoder. IEEE Access 8, 108346\u2013108358 (2020)","journal-title":"IEEE Access"},{"key":"567_CR48","doi-asserted-by":"publisher","first-page":"45182","DOI":"10.1109\/ACCESS.2019.2908225","volume":"7","author":"Y Zeng","year":"2019","unstructured":"Zeng, Y., Gu, H., Wei, W., Guo, Y.: $$ deep-full-range $$: a deep learning based network encrypted traffic classification and intrusion detection framework. IEEE Access 7, 45182\u201345190 (2019)","journal-title":"IEEE Access"},{"issue":"5","key":"567_CR49","doi-asserted-by":"publisher","first-page":"649","DOI":"10.1109\/TSMCC.2008.923876","volume":"38","author":"J Zhang","year":"2008","unstructured":"Zhang, J., Zulkernine, M., Haque, A.: Random-forests-based network intrusion detection systems. IEEE Trans. Syst., Man, Cybern., Part C (Appl. Rev.) 38(5), 649\u2013659 (2008)","journal-title":"IEEE Trans. Syst., Man, Cybern., Part C (Appl. Rev.)"}],"container-title":["International Journal of Information Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-021-00567-2.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10207-021-00567-2\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-021-00567-2.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,9,8]],"date-time":"2024-09-08T19:25:07Z","timestamp":1725823507000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10207-021-00567-2"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,9,23]]},"references-count":49,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2022,6]]}},"alternative-id":["567"],"URL":"https:\/\/doi.org\/10.1007\/s10207-021-00567-2","relation":{},"ISSN":["1615-5262","1615-5270"],"issn-type":[{"value":"1615-5262","type":"print"},{"value":"1615-5270","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,9,23]]},"assertion":[{"value":"23 September 2021","order":1,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors have no conflicts of interest to declare that are relevant to the content of this article.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interests"}},{"value":"This article does not contain any studies with human participants or animals performed by any of the authors.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Ethical approval"}}]}}