{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,18]],"date-time":"2026-05-18T11:26:00Z","timestamp":1779103560006,"version":"3.51.4"},"reference-count":37,"publisher":"Springer Science and Business Media LLC","issue":"5","license":[{"start":{"date-parts":[[2020,3,12]],"date-time":"2020-03-12T00:00:00Z","timestamp":1583971200000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2020,3,12]],"date-time":"2020-03-12T00:00:00Z","timestamp":1583971200000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"funder":[{"DOI":"10.13039\/100000015","name":"U.S. Department of Energy","doi-asserted-by":"crossref","award":["DE-SC0012636M"],"award-info":[{"award-number":["DE-SC0012636M"]}],"id":[{"id":"10.13039\/100000015","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Mach Learn"],"published-print":{"date-parts":[[2020,5]]},"DOI":"10.1007\/s10994-020-05870-y","type":"journal-article","created":{"date-parts":[[2020,3,12]],"date-time":"2020-03-12T21:07:01Z","timestamp":1584047221000},"page":"1127-1143","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":19,"title":["Detecting anomalous packets in network transfers: investigations using PCA, autoencoder and isolation forest in TCP"],"prefix":"10.1007","volume":"109","author":[{"given":"Mariam","family":"Kiran","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Cong","family":"Wang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"George","family":"Papadimitriou","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Anirban","family":"Mandal","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ewa","family":"Deelman","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2020,3,12]]},"reference":[{"key":"5870_CR1","doi-asserted-by":"crossref","unstructured":"1000 Genomes Project Consortium. (2012). A global reference for human genetic variation. Nature, 526(7571), 68\u201374.","DOI":"10.1038\/nature15393"},{"key":"5870_CR2","doi-asserted-by":"crossref","unstructured":"Bansal, N., & Kaushal, R. (2015). Unusual internet traffic detection at network edge. International Conference on Computing and Network Communications (CoCoNet).","DOI":"10.1109\/CoCoNet.2015.7411184"},{"key":"5870_CR3","doi-asserted-by":"publisher","unstructured":"Barford, P., Kline, J., Plonka, D., & Ron, A. (2002). A signal analysis of network traffic anomalies. In SIGCOMM Work. on Internet Measurement (pp. 71\u201382). ISBN 1-58113-603-X. https:\/\/doi.org\/10.1145\/637201.637210.","DOI":"10.1145\/637201.637210"},{"key":"5870_CR4","doi-asserted-by":"crossref","unstructured":"Bengio, Y. (2009). Learning deep architectures for AI. Foundations and Trends in Machine Learning.","DOI":"10.1561\/2200000006"},{"key":"5870_CR5","doi-asserted-by":"crossref","unstructured":"But, J., Keller, U., Kennedy, D., & Armitage, G. (2005). Passive TCP stream estimation of RTT and jitter parameters. In The IEEE conference on local computer networks (LCN).","DOI":"10.1109\/LCN.2005.101"},{"key":"5870_CR6","doi-asserted-by":"publisher","first-page":"71","DOI":"10.1109\/MCOM.2016.7432151","volume":"54","author":"P Casas","year":"2016","unstructured":"Casas, P., Fiandino, P., Wassermann, S., Traverso, S., D\u2019Alconzo, A., Tego, E., et al. (2016). Unveiling network and service performance degradation in the wild with mplane. IEEE Communications Magazine, 54, 71\u201379.","journal-title":"IEEE Communications Magazine"},{"key":"5870_CR7","doi-asserted-by":"crossref","unstructured":"Dai, W., Yang, Q., Xue, G.-R., & Yu, Y. (2007). Boosting for transfer learning. In Proceedings of the 24th international conference on machine learning, ICML (pp. 193\u2013200). ISBN 978-1-59593-793-3.","DOI":"10.1145\/1273496.1273521"},{"issue":"3","key":"5870_CR8","doi-asserted-by":"publisher","first-page":"8","DOI":"10.1109\/MNET.2011.5772055","volume":"25","author":"A Finamore","year":"2011","unstructured":"Finamore, A., Mellia, M., Meo, M., Munafo, M. M., Torino, P. D., & Rossi, D. (2011). Experiences of internet traffic monitoring with tstat. IEEE Network, 25(3), 8\u201314. https:\/\/doi.org\/10.1109\/MNET.2011.5772055. ISSN 0890-8044.","journal-title":"IEEE Network"},{"key":"5870_CR9","doi-asserted-by":"crossref","unstructured":"Gaikwad, P., Mandal, A., Ruth, P., Juve, G., Krol, D., & Deelman, E. (2016). Anomaly detection for scientific workflow applications on networked clouds. In International conference on high performance computing and simulation.","DOI":"10.1109\/HPCSim.2016.7568396"},{"key":"5870_CR10","doi-asserted-by":"crossref","unstructured":"Gunter, D., Tierney, B.\u00a0L., Brown, A., Swany, M., Bresnahan, J., & Schopf, J.\u00a0M. (2007). Log summarization and anomaly detection for troubleshooting distributed systems. In Proceedings of the 8th IEEE\/ACM international conference on grid computing, GRID (pp. 226\u2013234). ISBN 978-1-4244-1559-5.","DOI":"10.1109\/GRID.2007.4354137"},{"key":"5870_CR11","volume-title":"Service-Oriented Computing\u2014ICSOC 2005","author":"A Hanemann","year":"2005","unstructured":"Hanemann, A., Boote, J. W., Boyd, E. L., Durand, J., Kudarimoti, L., \u0141apacz, R., et al. (2005). PerfSONAR: A service oriented architecture for multi-domain network monitoring. In B. Benatallah, F. Casati, & P. Traverso (Eds.), Service-Oriented Computing\u2014ICSOC 2005. Berlin: Springer."},{"key":"5870_CR12","doi-asserted-by":"crossref","unstructured":"Hofstede, R., Celeda, P., Trammell, B., Drago, I., Sadre, R., Sperotto, A., & Pras, A. (2014). Flow monitoring explained: From packet capture to data analysis with NetFlow and IPFIX. In IEEE Communications Surveys and Tutorials (pp. 2037\u20132064). IEEE Communications Society.","DOI":"10.1109\/COMST.2014.2321898"},{"key":"5870_CR13","unstructured":"Hubert, B., Graf, T., Maxwell, G., van Mook, R., van Oosterhout, M., Schroeder, P., Spaans, J., & Larroy, P. (2002). Linux advanced routing and traffic control. In Ottawa Linux Symposium (vol. 213)."},{"key":"5870_CR14","unstructured":"Iperf. (2000). https:\/\/iperf.fr\/."},{"key":"5870_CR15","unstructured":"Jasinska, E. (2006). Sflow, I can feel your traffic. In Amsterdam Internet Exchange (AMS-IX)."},{"issue":"C","key":"5870_CR16","doi-asserted-by":"publisher","first-page":"292","DOI":"10.1016\/j.jnca.2013.09.014","volume":"40","author":"D Jiang","year":"2014","unstructured":"Jiang, D., Zhengzheng, X., Zhang, P., & Zhu, T. (2014). A transform domain-based anomaly detection approach to network-wide traffic. J. Netw. Comput. Appl., 40(C), 292\u2013306.","journal-title":"J. Netw. Comput. Appl."},{"key":"5870_CR17","doi-asserted-by":"publisher","first-page":"1094","DOI":"10.1007\/978-3-642-04898-2_455","volume-title":"International Encyclopedia of Statistical Science","author":"Ian Jolliffe","year":"2011","unstructured":"Jolliffe, I. (2011). Principal component analysis. In International Encyclopedia of Statistical Science (pp. 1094\u20131096)."},{"key":"5870_CR18","doi-asserted-by":"publisher","unstructured":"Lakhina, A., Crovella, M., & Diot, C. (2004). Diagnosing network-wide traffic anomalies. In SIGCOMM (pp. 219\u2013230). ISBN 1-58113-862-8. https:\/\/doi.org\/10.1145\/1015467.1015492.","DOI":"10.1145\/1015467.1015492"},{"key":"5870_CR19","doi-asserted-by":"crossref","unstructured":"Lakhina, A., Crovella, M., & Diot, C. (2005). Mining anomalies using traffic feature distributions. In Proceedings of the 2005 conference on applications, technologies, architectures, and protocols for computer communications (SIGCOMM) (pp. 217\u2013228).","DOI":"10.1145\/1080091.1080118"},{"key":"5870_CR20","doi-asserted-by":"crossref","unstructured":"Liu, F., Ming, K.\u00a0T., & Zhou, Z.-H. (2008). Isolation forest. In Proceedings of the 2008 eighth IEEE international conference on data mining, ICDM (pp. 413\u2013422). ISBN 978-0-7695-3502-9.","DOI":"10.1109\/ICDM.2008.17"},{"key":"5870_CR21","unstructured":"Mellia, M. (2002). TCP statistic and analysis tool. IEEE Network, 16."},{"key":"5870_CR22","doi-asserted-by":"publisher","first-page":"663","DOI":"10.1016\/j.comnet.2008.05.010","volume":"52","author":"M Mellia","year":"2008","unstructured":"Mellia, M., Meo, M., Muscariello, L., & Rossi, D. (2008a). Passive analysis of TCP anomalies. Computer Networks, 52, 663\u20132676.","journal-title":"Computer Networks"},{"issue":"14","key":"5870_CR23","doi-asserted-by":"publisher","first-page":"2663","DOI":"10.1016\/j.comnet.2008.05.010","volume":"52","author":"M Mellia","year":"2008","unstructured":"Mellia, M., Meo, M., Muscariello, L., & Rossi, D. (2008b). Passive analysis of TCP anomalies. Computer Networks, 52(14), 2663\u20132676. https:\/\/doi.org\/10.1016\/j.comnet.2008.05.010. ISSN 1389-1286.","journal-title":"Computer Networks"},{"issue":"4","key":"5870_CR24","doi-asserted-by":"publisher","first-page":"1026","DOI":"10.1109\/TNET.2009.2037812","volume":"18","author":"M Mirza","year":"2010","unstructured":"Mirza, M., Sommers, J., Barford, P., & Zhu, X. (2010). A machine learning approach to TCP throughput prediction. IEEE\/ACM Transactions on Networking, 18(4), 1026\u20131039.","journal-title":"IEEE\/ACM Transactions on Networking"},{"key":"5870_CR25","unstructured":"Muscariello, L., Mellia, M., & Meo, M. (2006). Passive identification and analysis of tcp anomalies. Distributed Cooperative Laboratories: Networking, Instrumentation, and Measurements."},{"issue":"7","key":"5870_CR26","doi-asserted-by":"publisher","first-page":"737","DOI":"10.1016\/j.cose.2010.05.002","volume":"29","author":"F Palmieri","year":"2010","unstructured":"Palmieri, F., & Fiore, U. (2010). Network anomaly detection through nonlinear analysis. Computers and Security, 29(7), 737\u2013755.","journal-title":"Computers and Security"},{"key":"5870_CR27","doi-asserted-by":"crossref","unstructured":"Parichehreh, A., Alfredsson, S., & Brunstrom, A. (2018). Measurement analysis of TCP congestion control algorithms in LTE uplink. In Network traffic measurement and analysis conference.","DOI":"10.23919\/TMA.2018.8506522"},{"key":"5870_CR28","doi-asserted-by":"crossref","unstructured":"Raina, R., Battle, A., Lee, H., Packer, B., & Ng, A.\u00a0Y. (2007). Self-taught learning: Transfer learning from unlabeled data. In Proceedings of the 24th international conference on machine learning, ICML (pp. 759\u2013766).","DOI":"10.1145\/1273496.1273592"},{"key":"5870_CR29","doi-asserted-by":"crossref","unstructured":"Rossi, D., Mellia, M., & Casetti, C. (2003). User patience and the web: A hands-on investigation. Global Telecommunications Conference.","DOI":"10.1109\/GLOCOM.2003.1259011"},{"key":"5870_CR30","unstructured":"Singh, A., Rao, A., Purawat, S., & Altintas, I. (2017). A machine learning approach for modular workflow performance prediction. In Proceedings of the 12th workshop on workflows in support of large-scale science, WORKS (pp. 7:1\u20137:11). ISBN 978-1-4503-5129-4."},{"key":"5870_CR31","doi-asserted-by":"crossref","unstructured":"Trevisan, M., Drago, I., & Mellia, M. (2018). Measuring web speed from passive traces. In ACM, IRTF and ISOC applied networking research workshop 2018 (ANRW 18).","DOI":"10.1145\/3232755.3232780"},{"issue":"3","key":"5870_CR32","doi-asserted-by":"publisher","first-page":"163","DOI":"10.1109\/MCOM.2017.1600756CM","volume":"55","author":"M Trevisan","year":"2017","unstructured":"Trevisan, M., Finamore, A., Mellia, M., Munafo, M., & Rossi, D. (2017). IEEE Communications Magazine, 55(3), 163\u2013169. https:\/\/doi.org\/10.1109\/MCOM.2017.1600756CM. ISSN 0163-6804.","journal-title":"IEEE Communications Magazine"},{"key":"5870_CR33","doi-asserted-by":"crossref","unstructured":"Vassio, L., Figuereido, F., Paula, A., da\u00a0Silva, C., Mellia, M., & Almeida, J. (2017). Mining and modeling web trajectories from passive traces. IEEE Bigtable.","DOI":"10.1109\/BigData.2017.8258416"},{"key":"5870_CR34","doi-asserted-by":"crossref","unstructured":"Wang, H., Gong, Z., Guan, Q., & Wang, B. (2008). Detection network anomalies based on packet and flow analysis. In International conference on networking.","DOI":"10.1109\/ICN.2008.83"},{"key":"5870_CR35","unstructured":"Yang, M., Liu, X., Kroeger, W., Sim, A., & Wu, K. (2018). Identifying anomalous file transfer events in LCLS workflow. In Proceedings of the 1st international workshop on autonomous infrastructure for science, AI-Science (pp. 7:1\u20137:4). ISBN 978-1-4503-5862-0."},{"key":"5870_CR36","doi-asserted-by":"crossref","unstructured":"Zander, S., Nguyen, T., & Armitage, G. (2005). Automated traffic classification and application identification using machine learning. In Proceedings of the The IEEE conference on local computer networks 30th anniversary, LCN (pp. 250\u2013257). ISBN 0-7695-2421-4.","DOI":"10.1109\/LCN.2005.35"},{"key":"5870_CR37","doi-asserted-by":"crossref","unstructured":"Zhang, J., & Zulkernine, M. (2006). Anomaly based network intrusion detection with unsupervised outlier detection. In IEEE Communications.","DOI":"10.1109\/ICC.2006.255127"}],"container-title":["Machine Learning"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10994-020-05870-y.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s10994-020-05870-y\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10994-020-05870-y.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,3,12]],"date-time":"2021-03-12T01:25:07Z","timestamp":1615512307000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s10994-020-05870-y"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,3,12]]},"references-count":37,"journal-issue":{"issue":"5","published-print":{"date-parts":[[2020,5]]}},"alternative-id":["5870"],"URL":"https:\/\/doi.org\/10.1007\/s10994-020-05870-y","relation":{},"ISSN":["0885-6125","1573-0565"],"issn-type":[{"value":"0885-6125","type":"print"},{"value":"1573-0565","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020,3,12]]},"assertion":[{"value":"2 February 2019","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"16 October 2019","order":2,"name":"revised","label":"Revised","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"13 February 2020","order":3,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"12 March 2020","order":4,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}