{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,8]],"date-time":"2026-01-08T06:40:47Z","timestamp":1767854447768,"version":"3.49.0"},"reference-count":51,"publisher":"Springer Science and Business Media LLC","issue":"12","license":[{"start":{"date-parts":[[2022,11,3]],"date-time":"2022-11-03T00:00:00Z","timestamp":1667433600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2022,11,3]],"date-time":"2022-11-03T00:00:00Z","timestamp":1667433600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Appl Intell"],"published-print":{"date-parts":[[2023,6]]},"DOI":"10.1007\/s10489-022-04039-5","type":"journal-article","created":{"date-parts":[[2022,11,3]],"date-time":"2022-11-03T04:31:23Z","timestamp":1667449883000},"page":"14792-14818","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":11,"title":["On-device context-aware misuse detection framework for heterogeneous IoT edge"],"prefix":"10.1007","volume":"53","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-7461-668X","authenticated-orcid":false,"given":"Nitish","family":"A","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6031-6993","authenticated-orcid":false,"given":"Hanumanthappa","family":"J","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3490-6292","authenticated-orcid":false,"given":"Shiva Prakash S.","family":"P","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5949-7830","authenticated-orcid":false,"given":"Kirill","family":"Krinkin","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2022,11,3]]},"reference":[{"key":"4039_CR1","unstructured":"Toh A (2022) Azure DDos Protection \u2013 2021 Q3 and Q4 DDos attack trends. https:\/\/azure.microsoft.com\/en-us\/blog\/azure-ddos-protection-2021-q3-and-q4-ddos-attack-trends\/. Accessed 12 Feb 2022"},{"key":"4039_CR2","unstructured":"Burt J (2022) Microsoft fights off another record ddos attack as incidents soar. https:\/\/www.esecurityplanet.com\/threats\/microsoft-ghts-off-another-record-ddos-attack\/. Accessed 12 Feb 2022"},{"key":"4039_CR3","doi-asserted-by":"publisher","first-page":"18","DOI":"10.1186\/s42400-021-00077-7","volume":"4","author":"A Khraisat","year":"2021","unstructured":"Khraisat A, Alazab A (2021) A critical review of intrusion detection systems in the internet of things: techniques, deployment strategy, validation strategy, attacks, public datasets and challenges. Cybersecurity 4:18","journal-title":"Cybersecurity"},{"key":"4039_CR4","doi-asserted-by":"publisher","first-page":"30","DOI":"10.1016\/j.future.2020.10.015","volume":"116","author":"B Steenwinckel","year":"2021","unstructured":"Steenwinckel B, Paepe DD, Hautte SV, Heyvaert P, Bentefrit M, Moens P, Dimou A, Bousche BVD, Turck FD, Hoecke SV, Ongenae F (2021) FLAGS: A methodology for adaptive anomaly detection and root cause analysis on sensor data streams by fusing expert knowledge with machine learning. Future Gener Comput Syst 116:30\u201348","journal-title":"Future Gener Comput Syst"},{"issue":"3","key":"4039_CR5","doi-asserted-by":"publisher","first-page":"1622","DOI":"10.1109\/COMST.2021.3075439","volume":"23","author":"DC Nguyen","year":"2021","unstructured":"Nguyen DC, Ding M, Pathirana PN, Seneviratne A, Li J, Poor HV (2021) Federated learning for internet of things: a comprehensive survey. IEEE Commun Surv Tutor 23(3):1622\u20131658","journal-title":"IEEE Commun Surv Tutor"},{"key":"4039_CR6","doi-asserted-by":"crossref","unstructured":"Alkahtani H, Aldhyani THH (2021) Botnet attack detection by using CNN-LSTM model for internet of things applications. Security and Communication Networks","DOI":"10.1155\/2021\/3806459"},{"key":"4039_CR7","unstructured":"Rueden L, Mayer S, Beckh K, Georgiev B, Giesselbach S, Heese R, Kirsch B, Pfrommer J, Pick A, Ramamurthy R, Walczak M, Garcke J, Bauckhage C, Schuecker J (2021) Informed machine learning - a taxonomy and survey of integrating prior knowledge into learning systems. IEEE Trans Knowl Data Eng"},{"key":"4039_CR8","doi-asserted-by":"publisher","first-page":"138509","DOI":"10.1109\/ACCESS.2021.3118642","volume":"9","author":"MA Ferrag","year":"2021","unstructured":"Ferrag MA, Friha O, Maglaras L, Janicke H, Shu L (2021) Federated deep learning for cyber security in the internet of things: concepts, applications, and experimental analysis. IEEE Access 9:138509\u2013138542","journal-title":"IEEE Access"},{"key":"4039_CR9","doi-asserted-by":"crossref","unstructured":"Christopher V, Aathman T, Mahendrakumaran K, Nawaratne R, Silva DD, Nanayakkara V, Alahakoon D (2021) Minority resampling boosted unsupervised learning with hyperdimensional computing for threat detection at the edge of Internet of Things, vol 9","DOI":"10.1109\/ACCESS.2021.3111053"},{"issue":"2","key":"4039_CR10","doi-asserted-by":"crossref","first-page":"246","DOI":"10.1109\/ICJECE.2021.3053231","volume":"44","author":"M Sharma","year":"2021","unstructured":"Sharma M, Elmiligi H, Gebali F (2021) A novel intrusion detection system for rpl-based cyber\u2013physical systems. Can J Electr Comput Eng 44(2):246\u2013252","journal-title":"Can J Electr Comput Eng"},{"key":"4039_CR11","doi-asserted-by":"crossref","unstructured":"Sarhan M, Layeghy S, Portmann M (2021) Towards a standard feature set for network intrusion detection system datasets. Mobile Networks and Applications","DOI":"10.1007\/s11036-021-01843-0"},{"key":"4039_CR12","unstructured":"Hanumanthappa J, Nitish A, Prakash SPS, Vinod DS, Bhavya D, Kumar KSS, Raj CC, Mohana SD (2021) Root cause analysis, threat interpretation, and network survivability prediction device for heterogeneous networks. India patents, application no 202141000707"},{"key":"4039_CR13","doi-asserted-by":"publisher","first-page":"4939","DOI":"10.3390\/s21144939","volume":"21","author":"Y Nikoloudakis","year":"2021","unstructured":"Nikoloudakis Y, Kefaloukos I, Klados S, Panagiotakis S, Pallis E, Skianis C, Markakis EK (2021) Towards a machine learning based situational awareness framework for cybersecurity: an SDN implementation. Sensors 21:4939","journal-title":"Sensors"},{"key":"4039_CR14","doi-asserted-by":"crossref","unstructured":"Ferrag MA, Maglaras L, Moschoyiannis S, Janicke H (2020) Deep learning for cyber security intrusion detection: Approaches, datasets, and comparative study. J Inf Sci Appl 50","DOI":"10.1016\/j.jisa.2019.102419"},{"key":"4039_CR15","unstructured":"Sarhan M (2020) Netflow Datasets. https:\/\/staff.itee.uq.edu.au\/marius\/NIDS_datasets\/. Accessed 12 Feb 2022"},{"key":"4039_CR16","doi-asserted-by":"crossref","unstructured":"Da Silva DMA, Sofia RC (2020) A discussion on context-awareness to better support the iot cloud\/edge continuum, vol 8","DOI":"10.1109\/ACCESS.2020.3032388"},{"key":"4039_CR17","doi-asserted-by":"publisher","first-page":"433","DOI":"10.1016\/j.future.2020.02.017","volume":"107","author":"M Shafiq","year":"2020","unstructured":"Shafiq M, Tian Z, Sun Y, Du X, Guizani M (2020) Selection of effective machine learning algorithm and Bot-IoT attacks traffic identification for internet of things in smart city. Future Gener Comput Syst 107:433\u2013442","journal-title":"Future Gener Comput Syst"},{"key":"4039_CR18","unstructured":"Alfrhan AA, Alhusain RH, Khan RU (2020) SMOTE: Class imbalance problem in intrusion detection system. In: Proceeding International conference on computing and information technology (ICCIT), vol 1, pp 111\u2013115"},{"key":"4039_CR19","doi-asserted-by":"crossref","unstructured":"Bedi P, Gupta N, Jindal V (2020) Siam-IDS: Handling class imbalance problem in intrusion detection systems using siamese neural network. In: Proceeding Third international conference on computing and network communications (CoCoNet\u201919), vol 171, pp 780\u2013789","DOI":"10.1016\/j.procs.2020.04.085"},{"key":"4039_CR20","doi-asserted-by":"publisher","first-page":"112963","DOI":"10.1016\/j.eswa.2019.112963","volume":"141","author":"ML Martin","year":"2020","unstructured":"Martin ML, Carro B, Esguevillas AS (2020) Application of deep reinforcement learning to intrusion detection for supervised problems. Expert Syst Appl 141:112963","journal-title":"Expert Syst Appl"},{"key":"4039_CR21","doi-asserted-by":"crossref","unstructured":"Chicco D, Jurman G (2020) The advantages of the Matthews correlation coefficient (MCC) over F1 score and accuracy in binary classification evaluation. BMC Genomics 21(6)","DOI":"10.1186\/s12864-019-6413-7"},{"key":"4039_CR22","doi-asserted-by":"publisher","first-page":"259","DOI":"10.1016\/j.jpdc.2019.12.008","volume":"137","author":"AS Almogren","year":"2020","unstructured":"Almogren AS (2020) Intrusion detection in Edge-of-Things computing. J Parallel Distrib Comput 137:259\u2013265","journal-title":"J Parallel Distrib Comput"},{"issue":"5","key":"4039_CR23","doi-asserted-by":"publisher","first-page":"3242","DOI":"10.1109\/JIOT.2020.3002255","volume":"8","author":"M Shafiq","year":"2020","unstructured":"Shafiq M, Tian Z, Bashir AK, Du X, Guizani M (2020) CorrAUC: a malicious Bot-IoT traffic detection method in IoT network using machine learning techniques. IEEE Int Things J 8(5):3242\u2013 3254","journal-title":"IEEE Int Things J"},{"issue":"6","key":"4039_CR24","doi-asserted-by":"publisher","first-page":"4017","DOI":"10.1109\/TII.2019.2954100","volume":"16","author":"M Trnka","year":"2019","unstructured":"Trnka M, Svacina J, Cerny T, Song E, Hong J, Bures M (2019) Securing internet of things devices using the network context. IEEE Trans Ind Inf 16(6):4017\u20134027","journal-title":"IEEE Trans Ind Inf"},{"key":"4039_CR25","doi-asserted-by":"publisher","first-page":"779","DOI":"10.1016\/j.future.2019.05.041","volume":"100","author":"N Koroniotis","year":"2019","unstructured":"Koroniotis N, Moustafa N, Sitnikova E, Turnbull B (2019) Towards the development of realistic botnet dataset in the Internet of Things for network forensic analytics: Bot-IoT dataset. Future Gen Comput Syst 100:779\u2013796","journal-title":"Future Gen Comput Syst"},{"key":"4039_CR26","doi-asserted-by":"crossref","unstructured":"Nguyen TD, Marchal S, Miettinen M, Fereidooni H, Asokan N, Sadeghi A-R (2019) DIOT: A federated self-learning anomaly detection system for IoT. In: Proceeding IEEE 39th International conference on distributed computing systems (ICDCS), pp 756\u2013767","DOI":"10.1109\/ICDCS.2019.00080"},{"key":"4039_CR27","unstructured":"Zhang H, Yu X, Ren P (2019) Deep adversarial learning in intrusion detection: a data augmentation enhanced framework preprint at arXiv:1901.07949.pdf"},{"key":"4039_CR28","doi-asserted-by":"publisher","first-page":"147","DOI":"10.1016\/j.comnet.2019.01.023","volume":"151","author":"KAP Costa","year":"2019","unstructured":"Costa KAP, Papa JP, Lisboa CO, Munoz R, Albuquerque VHC (2019) Internet of things: A survey on machine-learning based intrusion detection approaches. Comput Netw 151:147\u2013157","journal-title":"Comput Netw"},{"key":"4039_CR29","doi-asserted-by":"publisher","first-page":"147","DOI":"10.1016\/j.cose.2019.06.005","volume":"86","author":"M Ring","year":"2019","unstructured":"Ring M, Wunderlich S, Scheuring D, Landes D (2019) A survey of network-based intrusion detection data sets. Comput Secur 86:147\u2013167","journal-title":"Comput Secur"},{"key":"4039_CR30","doi-asserted-by":"publisher","first-page":"38597","DOI":"10.1109\/ACCESS.2019.2905633","volume":"7","author":"SM Kasongo","year":"2019","unstructured":"Kasongo SM, Sun Y (2019) A deep learning method with filter based feature engineering for wireless intrusion detection system. IEEE Access 7:38597\u201338607","journal-title":"IEEE Access"},{"key":"4039_CR31","doi-asserted-by":"crossref","unstructured":"Kahles J, Torronen J, Huuhtanen T, Jung A (2019) Automating root cause analysis via machine learning in agile software testing environment. In: Proceeding IEEE 12th International conference on software testing, verification and validation, pp 379\u2013390","DOI":"10.1109\/ICST.2019.00047"},{"key":"4039_CR32","doi-asserted-by":"publisher","first-page":"2735","DOI":"10.1007\/s10489-018-01408-x","volume":"49","author":"U Cavusoglu","year":"2019","unstructured":"Cavusoglu U (2019) A new hybrid approach for intrusion detection using machine learning methods. Appl Intell 49:2735\u20132761","journal-title":"Appl Intell"},{"key":"4039_CR33","doi-asserted-by":"publisher","first-page":"2011","DOI":"10.1109\/COMST.2018.2803740","volume":"20","author":"T Qiu","year":"2018","unstructured":"Qiu T, Chen N, Li K, Atiquzzaman M, Zhao W (2018) How can heterogeneous internet of things build our future: a survey. IEEE Commun Surv Tutor 20:2011\u20132027","journal-title":"IEEE Commun Surv Tutor"},{"key":"4039_CR34","doi-asserted-by":"crossref","unstructured":"Doshi R, Apthorpe N, Feamster N (2018) Machine learning DDos detection for consumer internet of things devices, IEEE symposium on security and privacy workshops","DOI":"10.1109\/SPW.2018.00013"},{"key":"4039_CR35","doi-asserted-by":"publisher","first-page":"2348","DOI":"10.1109\/TCAD.2018.2858384","volume":"37","author":"Z Zhao","year":"2018","unstructured":"Zhao Z, Barijough KM, Gerstlauer A (2018) Deepthings: Distributed adaptive deep learning inference on resource-constrained IoT edge clusters. IEEE Trans Comput-Aided Des Integr Circuits Syst 37:2348\u20132359","journal-title":"IEEE Trans Comput-Aided Des Integr Circuits Syst"},{"issue":"1","key":"4039_CR36","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1109\/JIOT.2017.2773600","volume":"5","author":"OB Sezer","year":"2018","unstructured":"Sezer OB, Dogdu E, Ozbayoglu M (2018) Context aware computing, learning and big data in internet of things: a survey. IEEE Int Things J 5(1):1\u201327","journal-title":"IEEE Int Things J"},{"key":"4039_CR37","doi-asserted-by":"publisher","first-page":"35365","DOI":"10.1109\/ACCESS.2018.2836950","volume":"6","author":"Y Xin","year":"2018","unstructured":"Xin Y, Kong L, Liu Z, Chen Y, Li Y, Zhu H, Gao M, Hou H, Wang C (2018) Machine learning and deep learning methods for cyber security. IEEE Access 6:35365\u201335381","journal-title":"IEEE Access"},{"key":"4039_CR38","doi-asserted-by":"publisher","first-page":"21046","DOI":"10.1109\/ACCESS.2017.2734681","volume":"5","author":"G Xu","year":"2017","unstructured":"Xu G, Cao Y, Ren Y, Li X, Feng Z (2017) Network security situation awareness based on semantic ontology and user-defined rules for Internet of Things. IEEE Access 5:21046\u201321056","journal-title":"IEEE Access"},{"key":"4039_CR39","doi-asserted-by":"publisher","first-page":"18","DOI":"10.1016\/j.comcom.2017.02.003","volume":"103","author":"S Behal","year":"2017","unstructured":"Behal S, Kumar K (2017) Detection of DDos attacks and flash events using information theory metrics - an empirical investigation. Comput Commun 103:18\u201328","journal-title":"Comput Commun"},{"key":"4039_CR40","doi-asserted-by":"crossref","unstructured":"Kolias C, Kambourakis G, Stavrou A, Voas J (2017) DDoS in the IoT:, Mirai and Other Botnets. 50(7), 80\u201384","DOI":"10.1109\/MC.2017.201"},{"issue":"4","key":"4039_CR41","doi-asserted-by":"publisher","first-page":"2768","DOI":"10.1109\/COMST.2017.2749442","volume":"19","author":"G Vormayr","year":"2017","unstructured":"Vormayr G, Zseby T, Fabini J (2017) Botnet communication patterns. IEEE Commun Surv Tutor 19(4):2768\u20132796","journal-title":"IEEE Commun Surv Tutor"},{"issue":"5","key":"4039_CR42","doi-asserted-by":"publisher","first-page":"637","DOI":"10.1109\/JIOT.2016.2579198","volume":"3","author":"W Shi","year":"2016","unstructured":"Shi W, Cao J, Zhang Q, Li Y, Xu L (2016) Edge computing: vision and challenges. IEEE Int Things J 3(5):637\u2013646","journal-title":"IEEE Int Things J"},{"issue":"2","key":"4039_CR43","doi-asserted-by":"publisher","first-page":"1153","DOI":"10.1109\/COMST.2015.2494502","volume":"18","author":"AL Buczak","year":"2016","unstructured":"Buczak AL, Guven E (2016) A survey of machine learning methods for cyber security intrusion detection. IEEE Commun Surv Tutor 18(2):1153\u20131176","journal-title":"IEEE Commun Surv Tutor"},{"key":"4039_CR44","doi-asserted-by":"publisher","first-page":"1011","DOI":"10.1109\/ACCESS.2015.2450498","volume":"3","author":"A Akusok","year":"2015","unstructured":"Akusok A, Bjork K-M, Miche Y, Lendasse A (2015) High-Performance Extreme learning machines: a complete toolbox for big data applications. IEEE Access 3:1011\u20131025","journal-title":"IEEE Access"},{"issue":"2","key":"4039_CR45","first-page":"71","volume":"5","author":"A Jessudos","year":"2014","unstructured":"Jessudos A, Subramaniam NP (2014) A survey on authentication attacks and countermeasures in a distributed environment. Indian J Comput Sci Eng (IJCSE) 5(2):71\u201377","journal-title":"Indian J Comput Sci Eng (IJCSE)"},{"key":"4039_CR46","doi-asserted-by":"crossref","unstructured":"Hoque N, Bhuyan MH, Baishya RC, Bhattacharyya DK, Kalita JK (2014) Network attacks: taxonomy, tools and systems. J Netw Comput Appl, 307\u2013324","DOI":"10.1016\/j.jnca.2013.08.001"},{"issue":"4","key":"4039_CR47","doi-asserted-by":"publisher","first-page":"2046","DOI":"10.1109\/SURV.2013.031413.00127","volume":"15","author":"ST Zargar","year":"2013","unstructured":"Zargar ST, Joshi J, Tipper D (2013) A survey of defense mechanisms against distributed denial of service (DDos) flooding attacks. IEEE Commun Surv Tutor 15(4):2046\u20132069","journal-title":"IEEE Commun Surv Tutor"},{"issue":"19","key":"4039_CR48","first-page":"57","volume":"60","author":"S Paliwal","year":"2012","unstructured":"Paliwal S, Gupta R (2012) Denial-of-service, probing & remote to user (R2L) attack detection using genetic algorithm. Int J Comput Appl 60(19):57\u201362","journal-title":"Int J Comput Appl"},{"key":"4039_CR49","doi-asserted-by":"crossref","unstructured":"Tankard C (2011) Persistent threats and how to monitor and deter them. Netw Secur, pp 16\u201319","DOI":"10.1016\/S1353-4858(11)70086-1"},{"key":"4039_CR50","doi-asserted-by":"crossref","unstructured":"Bartlett G, Heidemann J, Papadopoulos C (2007) Understanding passive and active service discovery (extended). In: Proceeding 7th ACM SIGCOMM conference on Internet measurement, pp 57\u201370","DOI":"10.1145\/1298306.1298314"},{"key":"4039_CR51","unstructured":"Lindqvist U, Porras PA (1999) Detecting computer and network misuse through the production-based expert system toolset (p-BEST). In: Proceeding IEEE symposium on security and privacy (Cat. No 99CB36344)"}],"container-title":["Applied Intelligence"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10489-022-04039-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10489-022-04039-5\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10489-022-04039-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,11,30]],"date-time":"2023-11-30T00:06:16Z","timestamp":1701302776000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10489-022-04039-5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,11,3]]},"references-count":51,"journal-issue":{"issue":"12","published-print":{"date-parts":[[2023,6]]}},"alternative-id":["4039"],"URL":"https:\/\/doi.org\/10.1007\/s10489-022-04039-5","relation":{},"ISSN":["0924-669X","1573-7497"],"issn-type":[{"value":"0924-669X","type":"print"},{"value":"1573-7497","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,11,3]]},"assertion":[{"value":"26 July 2022","order":1,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"3 November 2022","order":2,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"Agreed without objections","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"<!--Emphasis Type='Bold' removed-->Consent for Publication"}},{"value":"The authors have no conflict of interest or competing interests.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"<!--Emphasis Type='Bold' removed-->Conflicts of interest\/Competing interests"}}]}}