{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,26]],"date-time":"2026-02-26T15:25:04Z","timestamp":1772119504332,"version":"3.50.1"},"reference-count":142,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2026,1,22]],"date-time":"2026-01-22T00:00:00Z","timestamp":1769040000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2026,1,22]],"date-time":"2026-01-22T00:00:00Z","timestamp":1769040000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Int. J. Inf. Secur."],"published-print":{"date-parts":[[2026,2]]},"DOI":"10.1007\/s10207-025-01182-1","type":"journal-article","created":{"date-parts":[[2026,1,22]],"date-time":"2026-01-22T14:10:19Z","timestamp":1769091019000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Machine Learning for Lateral Movement Detection using Sysmon Logs: An Empirical Comparison of Imbalanced and Resampled Data"],"prefix":"10.1007","volume":"25","author":[{"given":"Christos","family":"Smiliotopoulos","sequence":"first","affiliation":[]},{"given":"Georgios","family":"Kambourakis","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2026,1,22]]},"reference":[{"key":"1182_CR1","unstructured":"MITRE. Lateral Movement - The adversary is trying to move through your environment. (July 2019). https:\/\/attack.mitre.org\/"},{"key":"1182_CR2","unstructured":"Toll, W.: The Top 11 Cyberattacks Using Lateral Movement: A 2023-2024 Analysis for Enterprise Security Leaders. (January 2025). https:\/\/www.elisity.com\/blog\/the-top-11-cyberattacks-using-lateral-movement-a-2023-2024-analysis-for-enterprise-security-leaders"},{"key":"1182_CR3","doi-asserted-by":"publisher","unstructured":"Smiliotopoulos, C., Barmpatsalou, K., Kambourakis, G.: \u201cRevisiting the Detection of Lateral Movement through Sysmon\u201d. Applied Sciences 12(15), (2022). issn: 2076-3417. https:\/\/doi.org\/10.3390\/app12157746. https:\/\/www.mdpi.com\/2076-3417\/12\/15\/7746","DOI":"10.3390\/app12157746"},{"key":"1182_CR4","doi-asserted-by":"publisher","unstructured":"El-Hadidi, M.G., Azer, M.A.: \u201cDetecting Mimikatz in Lateral Movements Using Mutex\u201d. In: 2020 15th International Conference on Computer Engineering and Systems (ICCES). pp.\u00a01\u20136 (2020). https:\/\/doi.org\/10.1109\/ICCES51560.2020.9334643","DOI":"10.1109\/ICCES51560.2020.9334643"},{"key":"1182_CR5","unstructured":"Niakanlahiji, A., et\u00a0al.: \u201cShadowMove: A Stealthy Lateral Movement Strategy\u201d. In: 29th USENIX Security Symposium (USENIX Security 20). USENIX Association, pp.\u00a0559\u2013576 (2020). isbn: 978-1-939133-17-5. https:\/\/www.usenix.org\/conference\/usenixsecurity20\/presentation\/niakanlahiji"},{"key":"1182_CR6","doi-asserted-by":"publisher","unstructured":"Michael, N., et\u00a0al.: \u201cOn the Forensic Validity of Approximated Audit Logs\u201d. In: Annual Computer Security Applications Conference. ACSAC \u201920. Austin, USA: Association for Computing Machinery, pp.\u00a0189\u2013202 (2020). isbn: 9781450388580. https:\/\/doi.org\/10.1145\/3427228.3427272","DOI":"10.1145\/3427228.3427272"},{"key":"1182_CR7","doi-asserted-by":"crossref","unstructured":"Rajesh, P., et\u00a0al.: \u201cNetwork Forensics Investigation in Virtual Data Centers Using ELK\u201d. In: 2021 International Symposium on Electrical, Electronics and Information Engineering. pp.\u00a0175\u2013179, (2021)","DOI":"10.1145\/3459104.3459135"},{"key":"1182_CR8","doi-asserted-by":"publisher","unstructured":"Guri, M.: \u201cUSBCulprit: USB-Borne Air-Gap Malware\u201d. In: Proceedings of the 2021 European Interdisciplinary Cybersecurity Conference. EICC \u201921. Virtual Event, Romania: Association for Computing Machinery, pp.\u00a07\u201313 (2021). isbn: 9781450390491. https:\/\/doi.org\/10.1145\/3487405.3487412","DOI":"10.1145\/3487405.3487412"},{"key":"1182_CR9","doi-asserted-by":"publisher","unstructured":"Liu, Q., et\u00a0al.: \u201cLatte: Large-Scale Lateral Movement Detection\u201d. In: MILCOM 2018 - 2018 IEEE Military Communications Conference (MILCOM). pp.\u00a01\u20136, (2018). https:\/\/doi.org\/10.1109\/MILCOM.2018.8599748","DOI":"10.1109\/MILCOM.2018.8599748"},{"key":"1182_CR10","doi-asserted-by":"publisher","unstructured":"Agmon, N., Shabtai, A., Puzis, R.: \u201cDeployment Optimization of IoT Devices through Attack Graph Analysis\u201d. In: Proceedings of the 12th Conference on Security and Privacy in Wireless and Mobile Networks. WiSec \u201919. Miami, Florida: Association for Computing Machinery, pp.\u00a0192\u2013202 (2019). isbn: 9781450367264. https:\/\/doi.org\/10.1145\/3317549.3323411","DOI":"10.1145\/3317549.3323411"},{"key":"1182_CR11","unstructured":"Ho, G., et\u00a0al.: \u201cHopper: Modeling and Detecting Lateral Movement\u201d. In: 30th USENIX Security Symposium (USENIX Security 21). USENIX Association, pp.\u00a03093\u20133110, (Aug. 2021). isbn: 978-1-939133-24-3. https:\/\/www.usenix.org\/conference\/usenixsecurity21\/presentation\/ho"},{"key":"1182_CR12","doi-asserted-by":"publisher","first-page":"37","DOI":"10.1016\/j.neucom.2021.12.026","volume":"474","author":"Y Fang","year":"2022","unstructured":"Fang, Y., et al.: LMTracker: Lateral movement path detection based on heterogeneous graph embedding. Neurocomputing 474, 37\u201347 (2022). https:\/\/doi.org\/10.1016\/j.neucom.2021.12.026","journal-title":"Neurocomputing"},{"key":"1182_CR13","doi-asserted-by":"publisher","unstructured":"Kaiafas, G., et\u00a0al.: \u201cDetecting malicious authentication events trustfully\u201d. In: NOMS 2018 - 2018 IEEE\/IFIP Network Operations and Management Symposium. pp.\u00a01\u20136, (2018). https:\/\/doi.org\/10.1109\/NOMS.2018.8406295","DOI":"10.1109\/NOMS.2018.8406295"},{"key":"1182_CR14","doi-asserted-by":"publisher","first-page":"9","DOI":"10.1016\/j.comcom.2020.10.013","volume":"165","author":"T Bai","year":"2021","unstructured":"Bai, T., et al.: RDP-based Lateral Movement detection using Machine Learning. Comput. Commun. 165, 9\u201319 (2021). https:\/\/doi.org\/10.1016\/j.comcom.2020.10.013","journal-title":"Comput. Commun."},{"key":"1182_CR15","doi-asserted-by":"publisher","unstructured":"Bai, T., et\u00a0al.: \u201cA Machine Learning Approach for RDP-based Lateral Movement Detection\u201d. In: 2019 IEEE 44th Conference on Local Computer Networks (LCN). pp.\u00a0242\u2013245, (2019). https:\/\/doi.org\/10.1109\/LCN44214.2019.8990853","DOI":"10.1109\/LCN44214.2019.8990853"},{"key":"1182_CR16","doi-asserted-by":"publisher","unstructured":"Bian, H., et\u00a0al.: \u201cHost in Danger? Detecting Network Intrusions from Authentication Logs\u201d. In: 2019 15th International Conference on Network and Service Management (CNSM). pp.\u00a01\u20139 (2019). https:\/\/doi.org\/10.23919\/CNSM46954.2019.9012700","DOI":"10.23919\/CNSM46954.2019.9012700"},{"key":"1182_CR17","doi-asserted-by":"publisher","first-page":"1893","DOI":"10.1007\/s10207-023-00725-8","volume":"22","author":"C Smiliotopoulos","year":"2023","unstructured":"Smiliotopoulos, C., Kambourakis, G., Barbatsalou, K.: On the detection of lateral movement through supervised machine learning and an open-source tool to create turnkey datasets from Sysmon logs. Int. J. Inf. Secur. 22, 1893\u20131919 (2023). https:\/\/doi.org\/10.1007\/s10207-023-00725-8","journal-title":"Int. J. Inf. Secur."},{"key":"1182_CR18","doi-asserted-by":"publisher","unstructured":"Bohara, A., et\u00a0al.: \u201cAn Unsupervised Multi-Detector Approach for Identifying Malicious Lateral Movement\u201d. In: 2017 IEEE 36th Symposium on Reliable Distributed Systems (SRDS). pp.\u00a0224\u2013233 (2017). https:\/\/doi.org\/10.1109\/SRDS.2017.31","DOI":"10.1109\/SRDS.2017.31"},{"key":"1182_CR19","doi-asserted-by":"publisher","unstructured":"Chen, M., et\u00a0al.: \u201cA Novel Approach for Identifying Lateral Movement Attacks Based on Network Embedding\u201d. In: 2018 IEEE Intl Conf on Parallel & Distributed Processing with Applications, Ubiquitous Computing & Communications, Big Data & Cloud Computing, Social Computing & Networking, Sustainable Computing & Communications (ISPA\/IUCC\/BDCloud\/SocialCom\/SustainCom). pp.\u00a0708\u2013715, (2018). https:\/\/doi.org\/10.1109\/BDCloud.2018.00107","DOI":"10.1109\/BDCloud.2018.00107"},{"issue":"2","key":"1182_CR20","doi-asserted-by":"publisher","first-page":"1152","DOI":"10.1109\/TNSM.2021.3071928","volume":"18","author":"DC Le","year":"2021","unstructured":"Le, D.C., Zincir-Heywood, N.: Anomaly Detection for Insider Threats Using Unsupervised Ensembles. IEEE Trans. Netw. Serv. Manage. 18(2), 1152\u20131164 (2021). https:\/\/doi.org\/10.1109\/TNSM.2021.3071928","journal-title":"IEEE Trans. Netw. Serv. Manage."},{"key":"1182_CR21","doi-asserted-by":"publisher","DOI":"10.1016\/j.compeleceng.2022.107745","volume":"99","author":"N Koroniotis","year":"2022","unstructured":"Koroniotis, N., Moustafa, N., Slay, J.: A new Intelligent Satellite Deep Learning Network Forensic framework for smart satellite networks. Comput. Electr. Eng. 99, 107745 (2022). https:\/\/doi.org\/10.1016\/j.compeleceng.2022.107745","journal-title":"Comput. Electr. Eng."},{"key":"1182_CR22","doi-asserted-by":"publisher","DOI":"10.1016\/j.iswa.2022.200106","volume":"16","author":"BA Powell","year":"2022","unstructured":"Powell, B.A.: Role-based lateral movement detection with unsupervised learning. Intelligent Systems with Applications 16, 200106 (2022). https:\/\/doi.org\/10.1016\/j.iswa.2022.200106","journal-title":"Intelligent Systems with Applications"},{"key":"1182_CR23","doi-asserted-by":"publisher","DOI":"10.1016\/j.jestch.2022.101322","volume":"38","author":"HC Altunay","year":"2023","unstructured":"Altunay, H.C., Albayrak, Z.: A hybrid CNN+LSTM-based intrusion detection system for industrial IoT networks. Engineering Science and Technology, an International Journal 38, 101322 (2023). https:\/\/doi.org\/10.1016\/j.jestch.2022.101322","journal-title":"Engineering Science and Technology, an International Journal"},{"key":"1182_CR24","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2023.103315","volume":"132","author":"PLS Jayalaxmi","year":"2023","unstructured":"Jayalaxmi, P.L.S., et al.: PIGNUS: A Deep Learning model for IDS in industrial internet-of-things. Computers & Security 132, 103315 (2023). https:\/\/doi.org\/10.1016\/j.cose.2023.103315","journal-title":"Computers & Security"},{"key":"1182_CR25","doi-asserted-by":"publisher","unstructured":"Liu, J., Shi, J.: \u201cLeveraging Token-Based Representation to Detect Lateral Movement\u201d. In: 2023 Asia-Pacific Conference on Image Processing, Electronics and Computers (IPEC). pp.\u00a0391\u2013399, (2023). https:\/\/doi.org\/10.1109\/IPEC57296.2023.00074","DOI":"10.1109\/IPEC57296.2023.00074"},{"key":"1182_CR26","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2024.104190","volume":"149","author":"C Smiliotopoulos","year":"2025","unstructured":"Smiliotopoulos, C., et al.: Assessing the detection of lateral movement through unsupervised learning techniques. Computers & Security 149, 104190 (2025). https:\/\/doi.org\/10.1016\/j.cose.2024.104190","journal-title":"Computers & Security"},{"key":"1182_CR27","unstructured":"Smiliotopoulos, C., Kambourakis, G.: \u201cLMD\u201d Sysmon Dataset Collections. (2023). https:\/\/github.com\/ChristosSmiliotopoulos\/Lateral-Movement-Dataset--LMD_Collections (visited on 2023)"},{"key":"1182_CR28","doi-asserted-by":"publisher","unstructured":"Padma, S., Saravana Kumar, S., Manavalan, R.: \u201cPerformance analysis for classification in balanced and unbalanced data set\u201d. In: 2011 6th International Conference on Industrial and Information Systems. pp.\u00a0300\u2013304 (2011). https:\/\/doi.org\/10.1109\/ICIINFS.2011.6038084","DOI":"10.1109\/ICIINFS.2011.6038084"},{"issue":"2","key":"1182_CR29","doi-asserted-by":"publisher","first-page":"179","DOI":"10.1109\/TNSRE.2019.2891000","volume":"27","author":"T Bao","year":"2019","unstructured":"Bao, T., et al.: Automatically Evaluating Balance: A Machine Learning Approach. IEEE Trans. Neural Syst. Rehabil. Eng. 27(2), 179\u2013186 (2019). https:\/\/doi.org\/10.1109\/TNSRE.2019.2891000","journal-title":"IEEE Trans. Neural Syst. Rehabil. Eng."},{"key":"1182_CR30","doi-asserted-by":"publisher","unstructured":"Ustuner, M., Sanli, F.B., Abdikan, S.: \u201cBALANCED VS IMBALANCED TRAINING DATA: CLASSIFYING RAPIDEYE DATA WITH SUPPORT VECTOR MACHINES\u201d. In: The International Archives of the Photogrammetry, Remote Sensing and Spatial Information Sciences XLI-B7, pp.\u00a0379\u2013384 (2016). https:\/\/doi.org\/10.5194\/isprs-archives-XLI-B7-379-2016. https:\/\/isprs-archives.copernicus.org\/articles\/XLI-B7\/379\/2016\/","DOI":"10.5194\/isprs-archives-XLI-B7-379-2016"},{"issue":"4","key":"1182_CR31","doi-asserted-by":"publisher","DOI":"10.1002\/eng2.12298","volume":"3","author":"S Susan","year":"2021","unstructured":"Susan, S., Kumar, A.: The balancing trick: Optimized sampling of imbalanced datasets-A brief survey of the recent State of the Art. Engineering Reports 3(4), e12298 (2021). https:\/\/doi.org\/10.1002\/eng2.12298","journal-title":"Engineering Reports"},{"key":"1182_CR32","doi-asserted-by":"publisher","unstructured":"Yadav, S., Bhole, G.P.: \u201cHandling Imbalanced Dataset Classification in Machine Learning\u201d. In: 2020 IEEE Pune Section International Conference (PuneCon). pp.\u00a038\u201343, (2020). https:\/\/doi.org\/10.1109\/PuneCon50868.2020.9362471","DOI":"10.1109\/PuneCon50868.2020.9362471"},{"key":"1182_CR33","unstructured":"Provost, F.: \u201cMachine learning from imbalanced data sets 101\u201d. In: Proceedings of the AAAI\u20192000 workshop on imbalanced data sets. Vol.\u00a068. 2000. AAAI Press. pp.\u00a01\u20133 (2000)"},{"key":"1182_CR34","doi-asserted-by":"publisher","unstructured":"ElMassry, A.M., et\u00a0al.: \u201cMachine Learning Approaches for Sentiment Analysis on Balanced and Unbalanced Datasets\u201d. In: 2024 IEEE 14th International Conference on Control System, Computing and Engineering (ICCSCE). pp.\u00a018\u201323 (2024). https:\/\/doi.org\/10.1109\/ICCSCE61582.2024.10695972","DOI":"10.1109\/ICCSCE61582.2024.10695972"},{"key":"1182_CR35","doi-asserted-by":"crossref","unstructured":"Pozzolo, A.D., et\u00a0al.: \u201cRacing for Unbalanced Methods Selection\u201d. In: Intelligent Data Engineering and Automated Learning \u2013 IDEAL 2013. Ed. by Hujun Yin et\u00a0al. Berlin, Heidelberg: Springer Berlin Heidelberg, pp.\u00a024\u201331 (2013). isbn: 978-3-642-41278-3","DOI":"10.1007\/978-3-642-41278-3_4"},{"key":"1182_CR36","doi-asserted-by":"crossref","unstructured":"Tyagi, S., Mittal, S.: \u201cSampling Approaches for Imbalanced Data Classification Problem in Machine Learning\u201d. In: Proceedings of ICRIC 2019. Ed. by Pradeep Kumar Singh et\u00a0al. Cham: Springer International Publishing, pp.\u00a0209\u2013221 (2020). isbn: 978-3-030-29407-6","DOI":"10.1007\/978-3-030-29407-6_17"},{"key":"1182_CR37","doi-asserted-by":"publisher","unstructured":"Sharma, A., Wehrheim, H.: \u201cTesting Machine Learning Algorithms for Balanced Data Usage\u201d. In: 2019 12th IEEE Conference on Software Testing, Validation and Verification (ICST). pp.\u00a0125\u2013135, (2019). https:\/\/doi.org\/10.1109\/ICST.2019.00022","DOI":"10.1109\/ICST.2019.00022"},{"key":"1182_CR38","doi-asserted-by":"crossref","unstructured":"Pozzolo, A.D., Caelen, O., Bontempi, G.: \u201cWhen is Undersampling Effective in Unbalanced Classification Tasks?\u201d In: Machine Learning and Knowledge Discovery in Databases. Ed. by Annalisa Appice et\u00a0al. Cham: Springer International Publishing, pp.\u00a0200\u2013215, (2015), isbn: 978-3-319-23528-8","DOI":"10.1007\/978-3-319-23528-8_13"},{"key":"1182_CR39","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2021.106736","volume":"143","author":"K Alkharabsheh","year":"2022","unstructured":"Alkharabsheh, K., et al.: A comparison of machine learning algorithms on design smell detection using balanced and imbalanced dataset: A study of God class. Inf. Softw. Technol. 143, 106736 (2022). https:\/\/doi.org\/10.1016\/j.infsof.2021.106736","journal-title":"Inf. Softw. Technol."},{"key":"1182_CR40","doi-asserted-by":"publisher","unstructured":"Batista, G.E., Prati, R.C., Monard, M.C.: \u201cA study of the behavior of several methods for balancing machine learning training data\u201d. SIGKDD Explor. Newsl. 6(1), 20\u201329 (2004). 1931-0145. https:\/\/doi.org\/10.1145\/1007730.1007735","DOI":"10.1145\/1007730.1007735"},{"issue":"4","key":"1182_CR41","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3343440","volume":"52","author":"H Kaur","year":"2019","unstructured":"Kaur, H., Pannu, H.S., Malhi, A.K.: A Systematic Review on Imbalanced Data Challenges in Machine Learning: Applications and Solutions. ACM Comput. Surv. 52(4), 1\u201336 (2019). https:\/\/doi.org\/10.1145\/3343440","journal-title":"ACM Comput. Surv."},{"key":"1182_CR42","doi-asserted-by":"publisher","unstructured":"Spelmen, V.S., Porkodi, R.: \u201cA Review on Handling Imbalanced Data\u201d. In: 2018 International Conference on Current Trends towards Converging Technologies (ICCTCT). pp.\u00a01\u201311 (2018). https:\/\/doi.org\/10.1109\/ICCTCT.2018.8551020","DOI":"10.1109\/ICCTCT.2018.8551020"},{"issue":"1","key":"1182_CR43","doi-asserted-by":"publisher","DOI":"10.1088\/1757-899X\/1099\/1\/012077","volume":"1099","author":"P Kumar","year":"2021","unstructured":"Kumar, P., et al.: Classification of Imbalanced Data: Review of Methods and Applications. IOP Conference Series: Materials Science and Engineering 1099(1), 012077 (2021). https:\/\/doi.org\/10.1088\/1757-899X\/1099\/1\/012077","journal-title":"IOP Conference Series: Materials Science and Engineering"},{"key":"1182_CR44","doi-asserted-by":"publisher","unstructured":"Kent, A.D.: Comprehensive, Multi-Source Cyber-Security Events. Los Alamos National Laboratory. (2015). https:\/\/doi.org\/10.17021\/1179829","DOI":"10.17021\/1179829"},{"key":"1182_CR45","doi-asserted-by":"crossref","unstructured":"Kent, A.D.: \u201cCybersecurity Data Sources for Dynamic Network Research\u201d. In: Dynamic Networks in Cybersecurity. Imperial College Press, (June 2015)","DOI":"10.1142\/9781786340757_0002"},{"key":"1182_CR46","doi-asserted-by":"publisher","DOI":"10.1142\/9781786345646_001","author":"MJM Turcotte","year":"2018","unstructured":"Turcotte, M.J.M., Kent, A.D., Hash, C.: Unified Host and Network Data Set. (2018). https:\/\/doi.org\/10.1142\/9781786345646_001","journal-title":"Unified Host and Network Data Set."},{"key":"1182_CR47","doi-asserted-by":"publisher","unstructured":"Arantes, R., et\u00a0al.: Operationally Transparent Cyber (OpTC). (2021)https:\/\/doi.org\/10.21227\/edq8-nk52","DOI":"10.21227\/edq8-nk52"},{"key":"1182_CR48","unstructured":"Center, C., Trzeciak, R.: \u201cThe CERT Insider Threat Database\u201d. In: Carnegie Mellon University\u2019s Software Engineering Institute Blog, (Aug. 2011)"},{"key":"1182_CR49","doi-asserted-by":"crossref","unstructured":"Myneni, S., et\u00a0al.: \u201cDAPT 2020 - Constructing a Benchmark Dataset for Advanced Persistent Threats\u201d. In: Deployable Machine Learning for Security Defense. Ed. by Gang Wang, Arridhana Ciptadi, and Ali Ahmadzadeh. Cham: Springer International Publishing, 2020, pp.\u00a0138\u2013163. isbn: 978-3-030-59621-7","DOI":"10.1007\/978-3-030-59621-7_8"},{"key":"1182_CR50","doi-asserted-by":"publisher","unstructured":"Smiliotopoulos, C., Kambourakis, G., Kolias, C.: \u201cDetecting Lateral Movement: A Systematic Survey\u201d. Heliyon, e26317, (2024). issn: 2405-8440. https:\/\/doi.org\/10.1016\/j.heliyon.2024.e26317. https:\/\/www.sciencedirect.com\/science\/article\/pii\/S240584402402348X","DOI":"10.1016\/j.heliyon.2024.e26317"},{"key":"1182_CR51","doi-asserted-by":"publisher","unstructured":"Li, Q., et\u00a0al.: \u201cThe Impact of Partial Balance of Imbalanced Dataset on Classification Performance\u201d. Electronics 11(9), (2022). issn: 2079-9292. https:\/\/doi.org\/10.3390\/electronics11091322. https:\/\/www.mdpi.com\/2079-9292\/11\/9\/1322","DOI":"10.3390\/electronics11091322"},{"key":"1182_CR52","doi-asserted-by":"publisher","unstructured":"Kuan, J.: Moore _Dataset. Figshare. Dataset. (2022). https:\/\/doi.org\/10.6084\/m9.figshare.18467507.v1 (visited on 2022)","DOI":"10.6084\/m9.figshare.18467507.v1"},{"key":"1182_CR53","doi-asserted-by":"crossref","unstructured":"Sharafaldin, I., Lashkari, A.H., Ghorbani, A.A.: \u201cA Detailed Analysis of the CICIDS2017 Data Set\u201d. In: Information Systems Security and Privacy. Ed. by Paolo Mori, Steven Furnell, and Olivier Camp. Cham: Springer International Publishing, 2019, pp.\u00a0172\u2013188. isbn: 978-3-030-25109-3","DOI":"10.1007\/978-3-030-25109-3_9"},{"key":"1182_CR54","unstructured":"Wang, T., et\u00a0al.: \u201cAdversarial Removal of Gender from Deep Image Representations\u201d. In: CoRR arXiv:1811.08489 (2018)"},{"issue":"1","key":"1182_CR55","doi-asserted-by":"publisher","first-page":"47","DOI":"10.1007\/S10207-024-00958-1","volume":"24","author":"KE Kampourakis","year":"2025","unstructured":"Kampourakis, K.E., et al.: Balancing the act? Resampling versus imbalanced data for Wi-Fi IDS. Int. J. Inf. Sec. 24(1), 47 (2025). https:\/\/doi.org\/10.1007\/S10207-024-00958-1","journal-title":"Int. J. Inf. Sec."},{"key":"1182_CR56","doi-asserted-by":"publisher","first-page":"34188","DOI":"10.1109\/ACCESS.2021.3061609","volume":"9","author":"E Chatzoglou","year":"2021","unstructured":"Chatzoglou, E., Kambourakis, G., Kolias, C.: Empirical Evaluation of Attacks Against IEEE 802.11 Enterprise Networks: The AWID3 Dataset. IEEE Access 9, 34188\u201334205 (2021). https:\/\/doi.org\/10.1109\/ACCESS.2021.3061609","journal-title":"IEEE Access"},{"key":"1182_CR57","doi-asserted-by":"crossref","unstructured":"Pawlicki, M., et\u00a0al.: \u201cOn the Impact of Network Data Balancing in Cybersecurity Applications\u201d. In: Computational Science \u2013 ICCS 2020. Ed. by Valeria V. Krzhizhanovskaya et\u00a0al. Cham: Springer International Publishing, pp.\u00a0196\u2013210, (2020). isbn: 978-3-030-50423-6","DOI":"10.1007\/978-3-030-50423-6_15"},{"key":"1182_CR58","doi-asserted-by":"publisher","first-page":"83965","DOI":"10.1109\/ACCESS.2020.2992249","volume":"8","author":"A Al-Abassi","year":"2020","unstructured":"Al-Abassi, A., et al.: An Ensemble Deep Learning-Based Cyber-Attack Detection in Industrial Control System. IEEE Access 8, 83965\u201383973 (2020). https:\/\/doi.org\/10.1109\/ACCESS.2020.2992249","journal-title":"IEEE Access"},{"key":"1182_CR59","doi-asserted-by":"publisher","unstructured":"Talukder, Md.\u00a0A., et\u00a0al.: \u201cA dependable hybrid machine learning model for network intrusion detection\u201d. Journal of Information Security and Applications 72, 103405 (2023). issn: 2214-2126. https:\/\/doi.org\/10.1016\/j.jisa.2022.103405. https:\/\/www.sciencedirect.com\/science\/article\/pii\/S2214212622002496","DOI":"10.1016\/j.jisa.2022.103405"},{"key":"1182_CR60","unstructured":"CIC: NSL-KDD dataset. (2020). https:\/\/www.unb.ca\/cic\/datasets\/nsl.html"},{"key":"1182_CR61","doi-asserted-by":"publisher","unstructured":"Sharma, A., Babbar, H., Vats, A.K.: \u201cSecuring the Internet of Things: Using Machine Learning for Malware Detection with CIC-MalMem Dataset\u201d. In: 2024 4th International Conference on Innovative Practices in Technology and Management (ICIPTM). pp.\u00a01\u20135, (2024). https:\/\/doi.org\/10.1109\/ICIPTM59628.2024.10563381","DOI":"10.1109\/ICIPTM59628.2024.10563381"},{"key":"1182_CR62","unstructured":"Pokhrel, S., Abbas, R., Aryal, B.: \u201cIoT Security: Botnet detection in IoT using Machine learning\u201d. In: CoRR arXiv:2104.02231 (2021)"},{"key":"1182_CR63","doi-asserted-by":"publisher","unstructured":"Moustafa, N.: The Bot-IoT dataset. (2019). https:\/\/doi.org\/10.21227\/r7v2-x988","DOI":"10.21227\/r7v2-x988"},{"key":"1182_CR64","doi-asserted-by":"publisher","first-page":"96731","DOI":"10.1109\/ACCESS.2022.3205337","volume":"10","author":"AS Dina","year":"2022","unstructured":"Dina, A.S., Siddique, A.B., Manivannan, D.: Effect of Balancing Data Using Synthetic Data on the Performance of Machine Learning Classifiers for Intrusion Detection in Computer Networks. IEEE Access 10, 96731\u201396747 (2022). https:\/\/doi.org\/10.1109\/ACCESS.2022.3205337","journal-title":"IEEE Access"},{"key":"1182_CR65","doi-asserted-by":"publisher","unstructured":"Moustafa, N., Slay, J.: \u201cUNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set)\u201d. In: 2015 Military Communications and Information Systems Conference (MilCIS). pp.\u00a01\u20136 (2015). https:\/\/doi.org\/10.1109\/MilCIS.2015.7348942","DOI":"10.1109\/MilCIS.2015.7348942"},{"key":"1182_CR66","doi-asserted-by":"publisher","unstructured":"Sinha, J., Manollas, M.: \u201cEfficient Deep CNN-BiLSTM Model for Network Intrusion Detection\u201d. In: Proceedings of the 2020 3rd International Conference on Artificial Intelligence and Pattern Recognition. AIPR \u201920. Xiamen, China: Association for Computing Machinery, pp.\u00a0223\u2013231 (2020). isbn: 9781450375511. https:\/\/doi.org\/10.1145\/3430199.3430224","DOI":"10.1145\/3430199.3430224"},{"key":"1182_CR67","doi-asserted-by":"publisher","first-page":"2269","DOI":"10.1109\/ACCESS.2021.3137201","volume":"10","author":"M Zeeshan","year":"2022","unstructured":"Zeeshan, M., et al.: Protocol-Based Deep Intrusion Detection for DoS and DDoS Attacks Using UNSW-NB15 and Bot-IoT Data-Sets. IEEE Access 10, 2269\u20132283 (2022). https:\/\/doi.org\/10.1109\/ACCESS.2021.3137201","journal-title":"IEEE Access"},{"key":"1182_CR68","doi-asserted-by":"crossref","unstructured":"Rani, M., Gagandeep: \u201cAn Efficient Network Intrusion Detection System Based on Feature Selection Using Evolutionary Algorithm Over Balanced Dataset\u201d. In: Mobile Radio Communications and 5G Networks. Ed. by Nikhil Marriwala et\u00a0al. Singapore: Springer Nature Singapore, pp.\u00a0179\u2013193, (2022). isbn: 978-981-16-7018-3","DOI":"10.1007\/978-981-16-7018-3_15"},{"key":"1182_CR69","doi-asserted-by":"publisher","unstructured":"Karaboga, D., Akay, B.: \u201cA comparative study of Artificial Bee Colony algorithm\u201d. Applied Mathematics and Computation 214(1), 108\u2013132 (2009). issn: 0096-3003. https:\/\/doi.org\/10.1016\/j.amc.2009.03.090. https:\/\/www.sciencedirect.com\/science\/article\/pii\/S0096300309002860","DOI":"10.1016\/j.amc.2009.03.090"},{"key":"1182_CR70","doi-asserted-by":"publisher","first-page":"2339","DOI":"10.1109\/TIFS.2022.3183390","volume":"17","author":"T Zebin","year":"2022","unstructured":"Zebin, T., Rezvy, S., Luo, Y.: An Explainable AI-Based Intrusion Detection System for DNS Over HTTPS (DoH) Attacks. IEEE Trans. Inf. Forensics Secur. 17, 2339\u20132349 (2022). https:\/\/doi.org\/10.1109\/TIFS.2022.3183390","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"1182_CR71","doi-asserted-by":"publisher","unstructured":"Goyal, M., Kumar, R.: \u201cMachine Learning for Malware Detection on Balanced and Imbalanced Datasets\u201d. In: 2020 International Conference on Decision Aid Sciences and Application (DASA). pp.\u00a0867\u2013871 (2020). https:\/\/doi.org\/10.1109\/DASA51403.2020.9317206","DOI":"10.1109\/DASA51403.2020.9317206"},{"key":"1182_CR72","doi-asserted-by":"publisher","unstructured":"Meliboev, A., Alikhanov, J., Kim, W.: \u201cPerformance Evaluation of Deep Learning Based Network Intrusion Detection System across Multiple Balanced and Imbalanced Datasets\u201d. In: Electronics 11(4), (2022). issn: 2079-9292. https:\/\/doi.org\/10.3390\/electronics11040515","DOI":"10.3390\/electronics11040515"},{"key":"1182_CR73","doi-asserted-by":"crossref","unstructured":"Tyagi, S., Mittal, S.: \u201cSampling Approaches for Imbalanced Data Classification Problem in Machine Learning\u201d. In: Proceedings of ICRIC 2019. Ed. by Pradeep Kumar Singh et\u00a0al. Cham: Springer International Publishing, pp.\u00a0209\u2013221 (2020). isbn: 978-3-030-29407-6","DOI":"10.1007\/978-3-030-29407-6_17"},{"key":"1182_CR74","doi-asserted-by":"publisher","unstructured":"MontazeriShatoori, M., et\u00a0al.: \u201cDetection of DoH Tunnels using Time-series Classification of Encrypted Traffic\u201d. In: IEEE Intl Conf on Dependable, Autonomic and Secure Computing, Intl Conf on Pervasive Intelligence and Computing, Intl Conf on Cloud and Big Data Computing, Intl Conf on Cyber Science and Technology Congress, DASC\/PiCom\/CBDCom\/CyberSciTech 2020, Calgary, AB, Canada, August 17-22, 2020. IEEE, pp.\u00a063\u201370 (2020). https:\/\/doi.org\/10.1109\/DASC-PICOM-CBDCOM-CYBERSCITECH49142.2020.00026","DOI":"10.1109\/DASC-PICOM-CBDCOM-CYBERSCITECH49142.2020.00026"},{"key":"1182_CR75","unstructured":"de Oliveira, A.S., Sassi, R.J.: \u201cBehavioral Malware Detection Using Deep Graph Convolutional Neural Networks\u201d. In: International Journal of Computer Applications (2019). https:\/\/api.semanticscholar.org\/CorpusID:210143715"},{"key":"1182_CR76","doi-asserted-by":"publisher","unstructured":"Elkan, C.: \u201cResults of the KDD\u201999 Classifier Learning\u201d. In: SIGKDD Explor. 1(2), 63\u201364 (2000). https:\/\/doi.org\/10.1145\/846183.846199","DOI":"10.1145\/846183.846199"},{"key":"1182_CR77","doi-asserted-by":"crossref","unstructured":"Zhao, Y., Yu, D., Hu, Z.: \u201cA Dynamic Resampling Based Intrusion Detection Method\u201d. Advanced Intelligent Computing Technology and Applications. Ed. by De-Shuang Huang et\u00a0al. Singapore: Springer Nature Singapore, pp.\u00a0454\u2013465 (2023). isbn: 978-981-99-4755-3","DOI":"10.1007\/978-981-99-4755-3_39"},{"key":"1182_CR78","doi-asserted-by":"publisher","unstructured":"Malik, F., et\u00a0al.: \u201cA Machine Learning-Based Framework with Enhanced Feature Selection and Resampling for Improved Intrusion Detection\u201d. Mathematics 12(12) (2024). issn: 2227-7390. https:\/\/doi.org\/10.3390\/math12121799. https:\/\/www.mdpi.com\/2227-7390\/12\/12\/1799","DOI":"10.3390\/math12121799"},{"issue":"10","key":"1182_CR79","doi-asserted-by":"publisher","first-page":"10611","DOI":"10.1007\/S11227-023-05073-X","volume":"79","author":"A Abdelkhalek","year":"2023","unstructured":"Abdelkhalek, A., Mashaly, M.: Addressing the class imbalance problem in network intrusion detection systems using data resampling and deep learning. J. Supercomput. 79(10), 10611\u201310644 (2023). https:\/\/doi.org\/10.1007\/S11227-023-05073-X","journal-title":"J. Supercomput."},{"issue":"6","key":"1182_CR80","doi-asserted-by":"publisher","first-page":"2642","DOI":"10.1007\/S13198-023-02128-3","volume":"14","author":"AB Abhale","year":"2023","unstructured":"Abhale, A.B., Reddy, A.J.: Enhancing intrusion detection recursive feature elimination with resampling in WSN. Int. J. Syst. Assur. Eng. Manag. 14(6), 2642\u20132660 (2023). https:\/\/doi.org\/10.1007\/S13198-023-02128-3","journal-title":"Int. J. Syst. Assur. Eng. Manag."},{"issue":"5","key":"1182_CR81","first-page":"1229","volume":"28","author":"S Kudithipudi","year":"2023","unstructured":"Kudithipudi, S., et al.: Evaluating the Efficacy of Resampling Techniques in Addressing Class Imbalance for Network Intrusion Detection Systems Using Support Vector Machines. Ingenierie des Systemes d\u2019Information 28(5), 1229 (2023)","journal-title":"Ingenierie des Systemes d\u2019Information"},{"key":"1182_CR82","doi-asserted-by":"publisher","first-page":"5801","DOI":"10.1109\/ACCESS.2021.3137318","volume":"10","author":"J Alikhanov","year":"2022","unstructured":"Alikhanov, J., et al.: Investigating the Effect of Traffic Sampling on Machine Learning-Based Network Intrusion Detection Approaches. IEEE Access 10, 5801\u20135823 (2022). https:\/\/doi.org\/10.1109\/ACCESS.2021.3137318","journal-title":"IEEE Access"},{"key":"1182_CR83","doi-asserted-by":"publisher","unstructured":"Zakariah, M., AlQahtani, S.A., Al-Rakhami, M.S.: \u201cMachine Learning-Based Adaptive Synthetic Sampling Technique for Intrusion Detection\u201d. In: Applied Sciences 13(11), (2023). issn: 2076-3417. https:\/\/doi.org\/10.3390\/app13116504. https:\/\/www.mdpi.com\/2076-3417\/13\/11\/6504","DOI":"10.3390\/app13116504"},{"key":"1182_CR84","doi-asserted-by":"publisher","unstructured":"Al-Shehari, T., Alsowail, R.: \u201cRandom resampling algorithms for addressing the imbalanced dataset classes in insider threat detection\u201d. In: Int. J. Inf. Sec. 22(3), 611\u2013629 (2023). https:\/\/doi.org\/10.1007\/S10207-022-00651-1","DOI":"10.1007\/S10207-022-00651-1"},{"key":"1182_CR85","doi-asserted-by":"publisher","unstructured":"Bagui, S., Li, K.: \u201cResampling imbalanced data for network intrusion detection datasets\u201d. In: J. Big Data 8(1), 6 (2021). https:\/\/doi.org\/10.1186\/S40537-020-00390-X","DOI":"10.1186\/S40537-020-00390-X"},{"key":"1182_CR86","doi-asserted-by":"publisher","unstructured":"Yang, H., et\u00a0al.: \u201cSPE-ACGAN: A Resampling Approach for Class Imbalance Problem in Network Intrusion Detection Systems\u201d. In: Electronics 12(15), (2023). issn: 2079-9292. https:\/\/doi.org\/10.3390\/electronics12153323. https:\/\/www.mdpi.com\/2079-9292\/12\/15\/3323","DOI":"10.3390\/electronics12153323"},{"key":"1182_CR87","doi-asserted-by":"publisher","unstructured":"Harilal, A., et\u00a0al.: \u201cTWOS: A Dataset of Malicious Insider Threat Behavior Based on a Gamified Competition\u201d. In: Proceedings of the 2017 International Workshop on Managing Insider Security Threats. MIST \u201917. Dallas, Texas, USA: Association for Computing Machinery, pp.\u00a045\u201356 (2017). isbn: 9781450351775. https:\/\/doi.org\/10.1145\/3139923.3139929","DOI":"10.1145\/3139923.3139929"},{"key":"1182_CR88","doi-asserted-by":"publisher","unstructured":"Ullah, I., Mahmoud, Q.: \u201cA Scheme for Generating a Dataset for Anomalous Activity Detection in IoT Networks\u201d. In: (May 2020), pp.\u00a0508\u2013520. https:\/\/doi.org\/10.1007\/978-3-030-47358-7_52","DOI":"10.1007\/978-3-030-47358-7_52"},{"key":"1182_CR89","doi-asserted-by":"publisher","unstructured":"Singh, R., Srivastav, G.: \u201cNovel Framework for Anomaly Detection Using Machine Learning Technique on CIC-IDS2017 Dataset\u201d. In: 2021 International Conference on Technological Advancements and Innovations (ICTAI). pp.\u00a0632\u2013636 (2021).https:\/\/doi.org\/10.1109\/ICTAI53825.2021.9673238","DOI":"10.1109\/ICTAI53825.2021.9673238"},{"key":"1182_CR90","unstructured":"CIC: CSE-CIC-IDS2018 dataset. (2018). https:\/\/www.unb.ca\/cic\/datasets\/ids-2018.html"},{"key":"1182_CR91","doi-asserted-by":"publisher","unstructured":"Al-Hawawreh, M., Sitnikova, E., Aboutorab, N.: X-IIoTID: A Connectivity- and Device-agnostic Intrusion Dataset for Industrial Internet of Things. (2021). https:\/\/doi.org\/10.21227\/mpb6-py55","DOI":"10.21227\/mpb6-py55"},{"key":"1182_CR92","doi-asserted-by":"publisher","unstructured":"Ali Shiravi et\u00a0al. \u201cToward developing a systematic approach to generate benchmark datasets for intrusion detection\u201d. In: Computers & Security 31.3 (2012), pp.\u00a0357\u2013374. issn: 0167-4048. https:\/\/doi.org\/10.1016\/j.cose.2011.12.012. https:\/\/www.sciencedirect.com\/science\/article\/pii\/S0167404811001672","DOI":"10.1016\/j.cose.2011.12.012"},{"key":"1182_CR93","doi-asserted-by":"publisher","unstructured":"Ouyang, G., Huang, Y., Zhang, C.: \u201cAnalyzing the usefulness of the DARPA transparent computing E5 dataset in APT detection research\u201d. In: International Conference on Computer, Artificial Intelligence, and Control Engineering (CAICE 2022). Ed. by Yongquan Yan. Vol.\u00a012288. International Society for Optics and Photonics. SPIE, 122881N (2022). https:\/\/doi.org\/10.1117\/12.2641011","DOI":"10.1117\/12.2641011"},{"key":"1182_CR94","unstructured":"USA DARPA Agency: DARPA transparent computing E3 dataset in APT detection research. (2020). (Visited on 2020)"},{"key":"1182_CR95","unstructured":"USA DARPA Agency: DARPA transparent computing E5 dataset in APT detection research. (2022). (Visited on 2022)"},{"key":"1182_CR96","doi-asserted-by":"publisher","unstructured":"Kampourakis, V., Gkioulos, V., Katsikas, S.: \u201cA systematic literature review on wireless security testbeds in the cyber-physical realm\u201d. In: Computers & Security 133, 103383 (2023). issn: 0167-4048. https:\/\/doi.org\/10.1016\/j.cose.2023.103383","DOI":"10.1016\/j.cose.2023.103383"},{"key":"1182_CR97","doi-asserted-by":"publisher","first-page":"64761","DOI":"10.1109\/ACCESS.2022.3183597","volume":"10","author":"E Chatzoglou","year":"2022","unstructured":"Chatzoglou, E., et al.: Pick Quality Over Quantity: Expert Feature Selection and Data Preprocessing for 802.11 Intrusion Detection Systems. IEEE Access 10, 64761\u201364784 (2022). https:\/\/doi.org\/10.1109\/ACCESS.2022.3183597","journal-title":"IEEE Access"},{"key":"1182_CR98","doi-asserted-by":"publisher","unstructured":"Chatzoglou, E., et\u00a0al.: \u201cBest of Both Worlds: Detecting Application Layer Attacks through 802.11 and Non-802.11 Features\u201d. Sensors 22(15), (2022) issn: 1424-8220. https:\/\/doi.org\/10.3390\/s22155633","DOI":"10.3390\/s22155633"},{"key":"1182_CR99","unstructured":"Russinovich, M., Garnier, T.: \u201cSysmon v13. 22\u201d. Retrieved June 28, 2021 (2021)"},{"key":"1182_CR100","unstructured":"Chen, C.-M., Syu, G.-H., Cai, Z.-X.: Analyzing system log based on machine learning model. International Journal of Network Security 22(6), 925\u2013933 (2020). https:\/\/doi.org\/10.6633\/IJNS.202011%2022(6).05"},{"key":"1182_CR101","doi-asserted-by":"crossref","unstructured":"Ispahany, J., et\u00a0al.: A Sysmon Incremental Learning System for Ransomware Analysis and Detection. (2025). arXiv:2501.01089 [cs.CR]","DOI":"10.21203\/rs.3.rs-7543943\/v1"},{"key":"1182_CR102","unstructured":"Zhou, J., et\u00a0al.: Lateral Movement Detection via Time-aware Subgraph Classification on Authentication Logs. (2024). arXiv:2411.10279 [cs.CR]"},{"key":"1182_CR103","doi-asserted-by":"publisher","unstructured":"Mavroeidis, V., J\u00f8sang, A.: \u201cData-Driven Threat Hunting Using Sysmon\u201d. In: Proceedings of the 2nd International Conference on Cryptography, Security and Privacy. ICCSP 2018. Guiyang, China: Association for Computing Machinery, pp.\u00a082\u201388, (2018). isbn: 9781450363617. https:\/\/doi.org\/10.1145\/3199478.3199490","DOI":"10.1145\/3199478.3199490"},{"key":"1182_CR104","doi-asserted-by":"publisher","unstructured":"Chetwyn, R.A., Eian, M., J\u00f8sang, A.: \u201cModelling Indicators of Behaviour for Cyber Threat Hunting via Sysmon\u201d. In: Proceedings of the 2024 European Interdisciplinary Cybersecurity Conference. EICC \u201924. Xanthi, Greece: Association for Computing Machinery, pp.\u00a095\u2013104, (2024). isbn: 9798400716515. https:\/\/doi.org\/10.1145\/3655693.3655722","DOI":"10.1145\/3655693.3655722"},{"key":"1182_CR105","doi-asserted-by":"publisher","unstructured":"Achmad, R.M., et\u00a0al.: \u201cSysmon event logs for machine learning-based malware detection\u201d. In: Cyber Security and Applications 3 (2025), p.\u00a0100110. issn: 2772-9184. https:\/\/doi.org\/10.1016\/j.csa.2025.100110. https:\/\/www.sciencedirect.com\/science\/article\/pii\/S277291842500027X","DOI":"10.1016\/j.csa.2025.100110"},{"key":"1182_CR106","doi-asserted-by":"publisher","unstructured":"Bahniuk, N., et\u00a0al.: \u201cThreats Detection and Analysis Based on SYSMON Tool\u201d. In: 2023 13th International Conference on Dependable Systems, Services and Technologies (DESSERT). pp.\u00a01\u20137 (2023). https:\/\/doi.org\/10.1109\/DESSERT61349.2023.10416443","DOI":"10.1109\/DESSERT61349.2023.10416443"},{"issue":"11","key":"1182_CR107","first-page":"25","volume":"12","author":"EV Kostikov","year":"2024","unstructured":"Kostikov, E.V.: Sysmon Log Analysis Methods for Cyber Threat Detection. International Journal of Open Information Technologies 12(11), 25\u201334 (2024)","journal-title":"International Journal of Open Information Technologies"},{"key":"1182_CR108","unstructured":"Smiliotopoulos, C., Kambourakis, G.: evtx _To _CSV _Export Tool (ETCExp). 2023. https:\/\/github.com\/ChristosSmiliotopoulos\/evtx_To_CSV_ExportTool (visited on 2023)"},{"key":"1182_CR109","doi-asserted-by":"publisher","unstructured":"Bouke, M.A., Abdullah, A.: \u201cAn empirical study of pattern leakage impact during data preprocessing on machine learning-based intrusion detection models reliability\u201d. Expert Systems with Applications 230, 120715 (2023). issn: 0957-4174. https:\/\/doi.org\/10.1016\/j.eswa.2023.120715. https:\/\/www.sciencedirect.com\/science\/article\/pii\/S0957417423012174","DOI":"10.1016\/j.eswa.2023.120715"},{"key":"1182_CR110","doi-asserted-by":"publisher","unstructured":"Bouke, M.A., Zaid, S.A., Abdullah, A.: \u201cImplications of Data Leakage in Machine Learning Preprocessing: A Multi-Domain Investigation\u201d. In: Research Square (2024). https:\/\/doi.org\/10.21203\/rs.3.rs-4579465\/v1","DOI":"10.21203\/rs.3.rs-4579465\/v1"},{"key":"1182_CR111","doi-asserted-by":"crossref","unstructured":"D\u2019hooge, L., et\u00a0al.: \u201cEstablishing the Contaminating Effect of Metadata Feature Inclusion in Machine-Learned Network Intrusion Detection Models\u201d. In: Detection of Intrusions and Malware, and Vulnerability Assessment. Ed. by Lorenzo Cavallaro et\u00a0al. Cham: Springer International Publishing, pp.\u00a023\u201341, (2022). isbn: 978-3-031-09484-2","DOI":"10.1007\/978-3-031-09484-2_2"},{"key":"1182_CR112","doi-asserted-by":"publisher","unstructured":"Zhang, Y., Zhang, H., Zhang, B.: \u201cAn Effective Ensemble Automatic Feature Selection Method for Network Intrusion Detection\u201d. Information 13(7), (2022). issn: 2078-2489. https:\/\/doi.org\/10.3390\/info13070314. https:\/\/www.mdpi.com\/2078-2489\/13\/7\/314","DOI":"10.3390\/info13070314"},{"key":"1182_CR113","doi-asserted-by":"publisher","unstructured":"Rodr\u00edguez, M., et\u00a0al.: \u201cEvaluation of Machine Learning Techniques for Traffic Flow-Based Intrusion Detection\u201d. Sensors 22(23), (2022). issn: 1424-8220. https:\/\/doi.org\/10.3390\/s22239326. https:\/\/www.mdpi.com\/1424-8220\/22\/23\/9326","DOI":"10.3390\/s22239326"},{"key":"1182_CR114","doi-asserted-by":"publisher","unstructured":"D\u2019hooge, L., et\u00a0al.: \u201cInvestigating Generalized Performance of Data-Constrained Supervised Machine Learning Models on Novel, Related Samples in Intrusion Detection\u201d. Sensors 23(4), (2023). issn: 1424-8220. https:\/\/doi.org\/10.3390\/s23041846. https:\/\/www.mdpi.com\/1424-8220\/23\/4\/1846","DOI":"10.3390\/s23041846"},{"key":"1182_CR115","doi-asserted-by":"publisher","unstructured":"Elahi, Md.\u00a0A., Songram, R.A., Zaman, Md.S.U.: \u201cNetwork-Shield: Exploring the Efficacy of GRU Model in Intrusion Detection Using CIC-IDS 2018 Dataset\u201d. In: Proceedings of the 3rd International Conference on Computing Advancements. ICCA \u201924. Association for Computing Machinery, pp.\u00a01058\u20131065 (2025). isbn: 9798400713828. https:\/\/doi.org\/10.1145\/3723178.3723318","DOI":"10.1145\/3723178.3723318"},{"key":"1182_CR116","doi-asserted-by":"publisher","unstructured":"Fern\u00e1ndez, A., et\u00a0al.: \u201cFoundations on Imbalanced Classification\u201d. In: Learning from Imbalanced Data Sets. Cham: Springer International Publishing, pp.\u00a019\u201346 (2018). isbn: 978-3-319-98074-4. https:\/\/doi.org\/10.1007\/978-3-319-98074-4_2","DOI":"10.1007\/978-3-319-98074-4_2"},{"key":"1182_CR117","doi-asserted-by":"crossref","unstructured":"Somasundaram, A., Reddy, U.S.: \u201cData imbalance: effects and solutions for classification of large and highly imbalanced data\u201d. In: international conference on research in engineering, computers and technology (ICRECT 2016). pp.\u00a01\u201316 (2016)","DOI":"10.1109\/ICCIDS.2017.8272643"},{"key":"1182_CR118","doi-asserted-by":"publisher","unstructured":"Haixiang, G., et\u00a0al.: \u201cLearning from class-imbalanced data: Review of methods and applications\u201d. In: Expert Systems with Applications 73, 220\u2013239 (2017). issn: 0957-4174https:\/\/doi.org\/10.1016\/j.eswa.2016.12.035. https:\/\/www.sciencedirect.com\/science\/article\/pii\/S0957417416307175","DOI":"10.1016\/j.eswa.2016.12.035"},{"key":"1182_CR119","doi-asserted-by":"publisher","unstructured":"Abdulganiyu, O.H., et\u00a0al.: \u201cModified Variational Autoencoder and Attention Mechanism-Based Long Short-Term Memory for Detecting Intrusions in Imbalanced Network Traffic\u201d. In: Security and Privacy 8(3), (May 2025). https:\/\/doi.org\/10.1002\/spy2.70044","DOI":"10.1002\/spy2.70044"},{"key":"1182_CR120","doi-asserted-by":"publisher","unstructured":"Abdulganiyu, O.H., et\u00a0al.: \u201cAttention-driven multi-model architecture for unbalanced network traffic intrusion detection via extreme gradient boosting\u201d. In: Intelligent Systems with Applications 26, 200519 (2025). issn: 2667-3053. https:\/\/doi.org\/10.1016\/j.iswa.2025.200519","DOI":"10.1016\/j.iswa.2025.200519"},{"key":"1182_CR121","unstructured":"Zheng, Z., Cai, Y., Li, Y.: \u201cOversampling method for imbalanced classification\u201d. In: Computing and Informatics 34(5), 1017\u20131037 (2015)"},{"key":"1182_CR122","doi-asserted-by":"publisher","unstructured":"Gosain, A., Sardana, S.: \u201cHandling class imbalance problem using oversampling techniques: A review\u201d. In: 2017 International Conference on Advances in Computing, Communications and Informatics (ICACCI). pp.\u00a079\u201385 (2017). https:\/\/doi.org\/10.1109\/ICACCI.2017.8125820","DOI":"10.1109\/ICACCI.2017.8125820"},{"key":"1182_CR123","doi-asserted-by":"publisher","unstructured":"Qadrini, L., et\u00a0al.: \u201cThe Application of The Neighborhood Cleaning Rule in Conjunction with Random Forest, K-Fold Cross-Validation, and Grid Search for Addressing Imbalanced Datasets\u201d. In: TIN: Terapan Informatika Nusantara 3(8), 286\u2013293, (2023). https:\/\/doi.org\/10.47065\/tin.v3i8.4124","DOI":"10.47065\/tin.v3i8.4124"},{"key":"1182_CR124","doi-asserted-by":"publisher","unstructured":"Husain, G., et\u00a0al.: \u201cSMOTE vs. SMOTEENN: A Study on the Performance of Resampling Algorithms for Addressing Class Imbalance in Regression Models\u201d. Algorithms 18(1), (2025). issn: 1999-4893. https:\/\/doi.org\/10.3390\/a18010037. https:\/\/www.mdpi.com\/1999-4893\/18\/1\/37","DOI":"10.3390\/a18010037"},{"key":"1182_CR125","doi-asserted-by":"publisher","DOI":"10.1016\/j.asoc.2024.111517","volume":"157","author":"T-T-H Le","year":"2024","unstructured":"Le, T.-T.-H., et al.: Towards unbalanced multiclass intrusion detection with hybrid sampling methods and ensemble classification. Appl. Soft Comput. 157, 111517 (2024). https:\/\/doi.org\/10.1016\/j.asoc.2024.111517","journal-title":"Appl. Soft Comput."},{"key":"1182_CR126","doi-asserted-by":"publisher","unstructured":"Md.\u00a0Alamin Talukder et\u00a0al. \u201cMLSTL-WSN: machine learning-based intrusion detection using SMOTETomek in WSNs\u201d. Int. J. Inf. Sec. 23(3), 2139\u20132158 (2024). https:\/\/doi.org\/10.1007\/S10207-024-00833-Z","DOI":"10.1007\/S10207-024-00833-Z"},{"key":"1182_CR127","doi-asserted-by":"publisher","unstructured":"Mohammed, R., Rawashdeh, J., Abdullah, M.: \u201cMachine Learning with Oversampling and Undersampling Techniques: Overview Study and Experimental Results\u201d. In: 2020 11th International Conference on Information and Communication Systems (ICICS). pp.\u00a0243\u2013248 (2020). https:\/\/doi.org\/10.1109\/ICICS49469.2020.239556","DOI":"10.1109\/ICICS49469.2020.239556"},{"issue":"7","key":"1182_CR128","doi-asserted-by":"publisher","first-page":"1145","DOI":"10.1016\/S0031-3203(96)00142-2","volume":"30","author":"AP Bradley","year":"1997","unstructured":"Bradley, A.P.: The use of the area under the ROC curve in the evaluation of machine learning algorithms. Pattern Recogn. 30(7), 1145\u20131159 (1997). https:\/\/doi.org\/10.1016\/S0031-3203(96)00142-2","journal-title":"Pattern Recogn."},{"issue":"11","key":"1182_CR129","doi-asserted-by":"publisher","first-page":"7747","DOI":"10.1109\/TPAMI.2021.3101125","volume":"44","author":"Z Yang","year":"2022","unstructured":"Yang, Z., et al.: Learning With Multiclass AUC: Theory and Algorithms. IEEE Trans. Pattern Anal. Mach. Intell. 44(11), 7747\u20137763 (2022). https:\/\/doi.org\/10.1109\/TPAMI.2021.3101125","journal-title":"IEEE Trans. Pattern Anal. Mach. Intell."},{"issue":"3","key":"1182_CR130","doi-asserted-by":"publisher","first-page":"531","DOI":"10.3233\/IDA-130592","volume":"17","author":"M Majnik","year":"2013","unstructured":"Majnik, M., Bosnic, Z.: ROC analysis of classifiers in machine learning: A survey. Intell. Data Anal. 17(3), 531\u2013558 (2013). https:\/\/doi.org\/10.3233\/IDA-130592","journal-title":"Intell. Data Anal."},{"issue":"3","key":"1182_CR131","doi-asserted-by":"publisher","first-page":"299","DOI":"10.1109\/TKDE.2005.50","volume":"17","author":"J Huang","year":"2005","unstructured":"Huang, J., Ling, C.X.: Using AUC and accuracy in evaluating learning algorithms. IEEE Trans. Knowl. Data Eng. 17(3), 299\u2013310 (2005). https:\/\/doi.org\/10.1109\/TKDE.2005.50","journal-title":"IEEE Trans. Knowl. Data Eng."},{"issue":"3","key":"1182_CR132","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1371\/journal.pone.0118432","volume":"10","author":"T Saito","year":"2015","unstructured":"Saito, T., Rehmsmeier, M.: The Precision-Recall Plot Is More Informative than the ROC Plot When Evaluating Binary Classifiers on Imbalanced Datasets. PLoS ONE 10(3), 1\u201321 (2015). https:\/\/doi.org\/10.1371\/journal.pone.0118432","journal-title":"PLoS ONE"},{"key":"1182_CR133","doi-asserted-by":"publisher","unstructured":"Davis, J., Goadrich, M.: \u201cThe relationship between Precision-Recall and ROC curves\u201d. In: Proceedings of the 23rd International Conference on Machine Learning. ICML \u201906. Pittsburgh, Pennsylvania, USA: Association for Computing Machinery, pp.\u00a0233\u2013240, (2006). isbn: 1595933832. https:\/\/doi.org\/10.1145\/1143844.1143874","DOI":"10.1145\/1143844.1143874"},{"key":"1182_CR134","unstructured":"Boyd, K., et\u00a0al.: \u201cUnachievable Region in Precision-Recall Space and Its Effect on Empirical Evaluation\u201d. In: Proceedings of the 29th International Conference on Machine Learning, ICML 2012, Edinburgh, Scotland, UK, June 26 - July 1, 2012. icml.cc \/ Omnipress, (2012). http:\/\/icml.cc\/2012\/papers\/349.pdf"},{"issue":"1","key":"1182_CR135","doi-asserted-by":"publisher","first-page":"131","DOI":"10.1177\/1536867X20909693","volume":"20","author":"J Cook","year":"2020","unstructured":"Cook, J., Ramadas, V.: When to consult precision-recall curves. Stand Genomic Sci. 20(1), 131\u2013148 (2020). https:\/\/doi.org\/10.1177\/1536867X20909693","journal-title":"Stand Genomic Sci."},{"key":"1182_CR136","unstructured":"Flach, P., Kull, M.: \u201cPrecision-Recall-Gain Curves: PR Analysis Done Right\u201d. In: Advances in Neural Information Processing Systems. Ed. by C. Cortes et\u00a0al. Vol.\u00a028. Curran Associates, Inc., (2015). https:\/\/proceedings.neurips.cc\/paper_files\/paper\/2015\/file\/33e8075e9970de0cfea955afd4644bb2-Paper.pdf"},{"issue":"4","key":"1182_CR137","doi-asserted-by":"publisher","first-page":"565","DOI":"10.1111\/2041-210X.13140","volume":"10","author":"HR Sofaer","year":"2019","unstructured":"Sofaer, H.R., Hoeting, J.A., Jarnevich, C.S.: The area under the precision-recall curve as a performance metric for rare binary events. Methods Ecol. Evol. 10(4), 565\u2013577 (2019). https:\/\/doi.org\/10.1111\/2041-210X.13140","journal-title":"Methods Ecol. Evol."},{"key":"1182_CR138","doi-asserted-by":"crossref","unstructured":"Sokolova, M., Japkowicz, N., Szpakowicz, S.: \u201cBeyond Accuracy, F-Score and ROC: A Family of Discriminant Measures for Performance Evaluation\u201d. In: AI 2006: Advances in Artificial Intelligence. Ed. by Abdul Sattar and Byeong-ho Kang. Berlin, Heidelberg: Springer Berlin Heidelberg, pp.\u00a01015\u20131021 (2006). isbn: 978-3-540-49788-2","DOI":"10.1007\/11941439_114"},{"key":"1182_CR139","doi-asserted-by":"publisher","unstructured":"Gustavo E.\u00a0A.\u00a0P.\u00a0A. Batista, Ronaldo C. Prati, and Maria Carolina Monard. \u201cA study of the behavior of several methods for balancing machine learning training data\u201d. SIGKDD Explor. Newsl. 6(1), 20\u201329 (2004). https:\/\/doi.org\/10.1145\/1007730.1007735","DOI":"10.1145\/1007730.1007735"},{"key":"1182_CR140","unstructured":"Idrissi, B.Y., et\u00a0al.: \u201cSimple data balancing achieves competitive worst-group-accuracy\u201d. In: Proceedings of the First Conference on Causal Learning and Reasoning. Ed. by Bernhard Sch\u00f6lkopf, Caroline Uhler, and Kun Zhang. Vol.\u00a0177. Proceedings of Machine Learning Research. PMLR, Nov. pp.\u00a0336\u2013351 (2022). https:\/\/proceedings.mlr.press\/v177\/idrissi22a.html"},{"key":"1182_CR141","unstructured":"Arp, D., et\u00a0al.: \u201cDos and Don\u2019ts of Machine Learning in Computer Security\u201d. In: 31st USENIX Security Symposium (USENIX Security 22). Boston, MA: USENIX Association, pp.\u00a03971\u20133988 (Aug. 2022). isbn: 978-1-939133-31-1. https:\/\/www.usenix.org\/conference\/usenixsecurity22\/presentation\/arp"},{"key":"1182_CR142","doi-asserted-by":"publisher","unstructured":"Soukup, D., et\u00a0al.: \u201cMachine Learning Metrics for Network Datasets Evaluation\u201d. In: ICT Systems Security and Privacy Protection. Ed. by Norbert Meyer and Anna Grocholewska-Czury\u0142o. Cham: Springer Nature Switzerland, pp.\u00a0307\u2013320 (2024). isbn: 978-3-031-56326-3. https:\/\/doi.org\/10.1007\/978-3-031-56326-3_22","DOI":"10.1007\/978-3-031-56326-3_22"}],"container-title":["International Journal of Information Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-025-01182-1.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10207-025-01182-1","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-025-01182-1.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,1,31]],"date-time":"2026-01-31T16:08:22Z","timestamp":1769875702000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10207-025-01182-1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,1,22]]},"references-count":142,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2026,2]]}},"alternative-id":["1182"],"URL":"https:\/\/doi.org\/10.1007\/s10207-025-01182-1","relation":{"has-preprint":[{"id-type":"doi","id":"10.21203\/rs.3.rs-6547346\/v1","asserted-by":"object"}]},"ISSN":["1615-5262","1615-5270"],"issn-type":[{"value":"1615-5262","type":"print"},{"value":"1615-5270","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026,1,22]]},"assertion":[{"value":"28 April 2025","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"1 December 2025","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"22 January 2026","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare that they have no conflicts of interest regarding the publication of this study.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflicts of Interest"}},{"value":"This article does not contain any studies with human participants or animals performed by any of the authors.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Ethical Approval"}},{"value":"The authors declare no competing interests.","order":4,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}}],"article-number":"38"}}