{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,29]],"date-time":"2025-09-29T08:09:06Z","timestamp":1759133346197},"reference-count":50,"publisher":"Springer Science and Business Media LLC","issue":"3","license":[{"start":{"date-parts":[[2015,3,31]],"date-time":"2015-03-31T00:00:00Z","timestamp":1427760000000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Telecommun Syst"],"published-print":{"date-parts":[[2016,3]]},"DOI":"10.1007\/s11235-015-0017-6","type":"journal-article","created":{"date-parts":[[2015,3,31]],"date-time":"2015-03-31T15:10:55Z","timestamp":1427814655000},"page":"609-626","update-policy":"http:\/\/dx.doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":9,"title":["An unsupervised approach for traffic trace sanitization based on the entropy spaces"],"prefix":"10.1007","volume":"61","author":[{"given":"Pablo","family":"Velarde-Alvarado","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Cesar","family":"Vargas-Rosales","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Rafael","family":"Martinez-Pelaez","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Homero","family":"Toral-Cruz","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Alberto F.","family":"Martinez-Herrera","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2015,3,31]]},"reference":[{"key":"17_CR1","doi-asserted-by":"crossref","unstructured":"Ahmad, I., Abdullah, A., Alghamdi, A., & Hussain, M. (2013). Optimized intrusion detection mechanism using soft computing techniques. Telecommunication Systems, 52(4), 2187\u20132195.","DOI":"10.1007\/s11235-011-9541-1"},{"issue":"11","key":"17_CR2","doi-asserted-by":"crossref","first-page":"16","DOI":"10.1145\/1839676.1839683","volume":"53","author":"G Anthes","year":"2010","unstructured":"Anthes, G. (2010). Security in the cloud. Communications of the ACM, 53(11), 16\u201318.","journal-title":"Communications of the ACM"},{"issue":"3","key":"17_CR3","doi-asserted-by":"crossref","first-page":"517","DOI":"10.1016\/j.compeleceng.2008.12.005","volume":"35","author":"MA Ayd\u0131n","year":"2009","unstructured":"Ayd\u0131n, M. A., Zaim, A. H., & Ceylan, K. G. (2009). A hybrid intrusion detection system design for computer network security. Computers & Electrical Engineering, 35(3), 517\u2013526.","journal-title":"Computers & Electrical Engineering"},{"key":"17_CR4","volume-title":"Intrusion detection","author":"RG Bace","year":"2000","unstructured":"Bace, R. G. (2000). Intrusion detection. Indianapolis, IN: Macmillan Technical Publishing."},{"key":"17_CR5","doi-asserted-by":"crossref","unstructured":"Berm\u00fadez-Edo, M., Salazar-Hern\u00e1ndez, R., D\u00edaz-Verdejo, J., & Garc\u00eda-Teodoro, P. (2006). Proposals on assessment environments for anomaly-based network intrusion detection systems (Vol. 4347, pp. 210\u2013221). Berlin: Springer.","DOI":"10.1007\/11962977_17"},{"key":"17_CR6","doi-asserted-by":"crossref","unstructured":"Brown, C., Cowperthwaite, A., Hijazi, A. & Somayaji, A. (2009). Analysis of the 1999 DARPA\/Lincoln Laboratory IDS evaluation data with NetADHICT. In Proceedings of the 2th IEEE international conference on computational intelligence for security and defense applications, Piscataway, NJ (pp. 67\u201373).","DOI":"10.1109\/CISDA.2009.5356522"},{"key":"17_CR7","unstructured":"Brugger, S. T. & Chow, J. (2007). An assessment of the DARPA IDS evaluation dataset using snort. Technical Report CSE-2007-1."},{"issue":"1","key":"17_CR8","doi-asserted-by":"crossref","first-page":"5","DOI":"10.1145\/1672308.1672310","volume":"40","author":"M Burkhart","year":"2010","unstructured":"Burkhart, M., Schatzmann, D., Trammell, B., Boschi, E., & Plattner, B. (2010). The role of network trace anonymization under attack. SIGCOMM Computer Communication Review, 40(1), 5\u201311.","journal-title":"SIGCOMM Computer Communication Review"},{"issue":"13","key":"17_CR9","doi-asserted-by":"crossref","first-page":"1471","DOI":"10.1016\/j.comcom.2013.05.005","volume":"36","author":"LM Chen","year":"2013","unstructured":"Chen, L. M., Chen, M. C., Liao, W., & Sun, Y. S. (2013). A scalable network forensics mechanism for stealthy self-propagating attacks. Computer Communications, 36(13), 1471\u20131484.","journal-title":"Computer Communications"},{"key":"17_CR10","unstructured":"Cisco Systems. (2011). Data sheets and literature. http:\/\/www.cisco.com\/en\/US\/products\/ps6601\/prod_literature.html ."},{"key":"17_CR11","doi-asserted-by":"crossref","unstructured":"Claise, B. (2008). Specification of the IP flow information export (IPFIX) protocol for the exchange of IP traffic flow information. In RFC 5101.","DOI":"10.17487\/rfc5101"},{"key":"17_CR12","doi-asserted-by":"crossref","unstructured":"Cretu, G. F., Stavrou, A., Locasto, M. E., Stolfo, S. J., & Keromytis, A. D. (2008). Casting out demons: Sanitizing training data for anomaly sensors. In IEEE symposium on security and privacy, SP 2008 (pp. 81\u201395).","DOI":"10.1109\/SP.2008.11"},{"key":"17_CR13","unstructured":"Cretu, G., Stavrou, A., Stolfo, S. J., Keromytis, A. D., & Locasto, M. E. (2013). U.S. Patent No. 8,407,160. Washington, DC: U.S. Patent and Trademark Office."},{"key":"17_CR14","volume-title":"Factor analysis, an applied approach","author":"EE Cureton","year":"1983","unstructured":"Cureton, E. E., & D\u2019Agostino, R. B. (1983). Factor analysis, an applied approach. Hillsdale, NJ: Lawrence Erlbaum Associates Inc."},{"issue":"2","key":"17_CR15","doi-asserted-by":"crossref","first-page":"222","DOI":"10.1109\/TSE.1987.232894","volume":"13","author":"DE Denning","year":"1987","unstructured":"Denning, D. E. (1987). An intrusion-detection model. IEEE Transactions on Software Engineering, 13(2), 222\u2013232.","journal-title":"IEEE Transactions on Software Engineering"},{"key":"17_CR16","unstructured":"Elkan, C. (2003). Using the triangle inequality to qccelerate $$k$$ k -Means. In Proceedings of ICML (pp. 147\u2013153)."},{"issue":"6","key":"17_CR17","doi-asserted-by":"crossref","first-page":"6","DOI":"10.1109\/MNET.2003.1248656","volume":"17","author":"C Fraleigh","year":"2003","unstructured":"Fraleigh, C., Moon, S., Lyles, B., Cotton, C., Khan, M., Moll, D., et al. (2003). Packet-level traffic measurements from the sprint IP backbone. IEEE Network, 17(6), 6\u201316.","journal-title":"IEEE Network"},{"issue":"6","key":"17_CR18","doi-asserted-by":"crossref","first-page":"86","DOI":"10.1109\/CC.2013.6549262","volume":"10","author":"L Gang","year":"2013","unstructured":"Gang, L., Hongli, Z., Yu, Z., Qassrawi, M. T., Xiangzhan, Y., & Lizhi, P. (2013). Automatically mining application signatures for lightweight deep packet inspection. Communications, China, 10(6), 86\u201399.","journal-title":"Communications, China"},{"key":"17_CR19","doi-asserted-by":"crossref","unstructured":"He, W., Hu, G., & Zhou, Y. (2012). Large-scale IP network behavior anomaly detection and identification using substructure-based approach and multivariate time series mining. Telecommunication Systems, 50(1), 1\u201313.","DOI":"10.1007\/s11235-010-9384-1"},{"key":"17_CR20","series-title":"Multimedia systems","volume-title":"Robust anonymous authentication protocol for healthcare applications using wireless medical sensor networks","author":"D He","year":"2014","unstructured":"He, D., Kumar, N., & Khan, M. K. (2014). Robust anonymous authentication protocol for healthcare applications using wireless medical sensor networks., Multimedia systems Berlin: Springer."},{"key":"17_CR21","first-page":"893","volume":"7","author":"C Huang","year":"2009","unstructured":"Huang, C., & Janies, J. (2009). An adaptive approach to granular real-time anomaly detection. EURASIP Journal on Advances in Signal Processing, 7, 893.","journal-title":"EURASIP Journal on Advances in Signal Processing"},{"key":"17_CR22","unstructured":"Jordan, E. H., Kelly, E. J., & Jordan, K. B. (2013). U.S. Patent Application 13\/828,510."},{"key":"17_CR23","unstructured":"Juniper Networks. (2010). http:\/\/www.juniper.net ."},{"key":"17_CR24","volume-title":"The art of computer programming","author":"D Knuth","year":"1997","unstructured":"Knuth, D. (1997). The art of computer programming (3rd ed.). Reading, MA: Addison-Wesley.","edition":"3"},{"key":"17_CR25","doi-asserted-by":"crossref","first-page":"217","DOI":"10.1145\/1080091.1080118","volume-title":"SIGCOMM \u201905: Proceedings of the 2005 conference on applications, technologies, architectures, and protocols for computer communications","author":"A Lakhina","year":"2005","unstructured":"Lakhina, A., Crovella, M., & Diot, C. (2005). Mining anomalies using traffic feature distributions. SIGCOMM \u201905: Proceedings of the 2005 conference on applications, technologies, architectures, and protocols for computer communications (pp. 217\u2013228). New York, NY: ACM."},{"issue":"2","key":"17_CR26","doi-asserted-by":"crossref","first-page":"133","DOI":"10.1007\/s12652-010-0012-4","volume":"1","author":"C Langin","year":"2010","unstructured":"Langin, C., & Rahimi, S. (2010). Soft computing in intrusion detection: the state of the art. Journal of Ambient Intelligence and Humanized Computing, 1(2), 133\u2013145.","journal-title":"Journal of Ambient Intelligence and Humanized Computing"},{"key":"17_CR27","series-title":"Image analysis and processing-ICIAP","volume-title":"Learning intrusion detection: Supervised or unsupervised?","author":"P Laskov","year":"2005","unstructured":"Laskov, P., et al. (2005). Learning intrusion detection: Supervised or unsupervised?., Image analysis and processing-ICIAP Berlin: Springer."},{"key":"17_CR28","unstructured":"Macqueen, J. B. (1967). Some methods for classification and analysis of multivariate observations. In Procedings of the fifth Berkeley symposium on math, statistics, and probability (Vol. 1, pp. 281\u2013297). University of California Press."},{"key":"17_CR29","volume-title":"Exploratory data analysis with MATLAB","author":"WL Martinez","year":"2011","unstructured":"Martinez, W. L., Martinez, A. R., & Solka, J. L. (2011). Exploratory data analysis with MATLAB (2nd ed.). Boca Raton: CRC.","edition":"2"},{"key":"17_CR30","first-page":"43","volume":"35","author":"D McMahon","year":"2014","unstructured":"McMahon, D. (2014). Beyond perimeter defense: Defense-in-depth leveraging upstream security. Best Practices in Computer Network Defense: Incident Detection and Response, 35, 43\u201353.","journal-title":"Best Practices in Computer Network Defense: Incident Detection and Response"},{"issue":"4","key":"17_CR31","doi-asserted-by":"crossref","first-page":"359","DOI":"10.1093\/comjnl\/20.4.359","volume":"20","author":"R Mojena","year":"1977","unstructured":"Mojena, R. (1977). Hierarchical grouping methods and stopping rules: An evaluation. The Computer Journal, 20(4), 359\u2013363.","journal-title":"The Computer Journal"},{"key":"17_CR32","doi-asserted-by":"crossref","unstructured":"Nadeem, A., & Howarth, M. (2013). Protection of MANETs from a range of attacks using an intrusion detection and prevention system. Telecommunication Systems, 52(4), 2047\u20132058.","DOI":"10.1007\/s11235-011-9484-6"},{"key":"17_CR33","doi-asserted-by":"crossref","unstructured":"Narang, P., Ray, S., Hota, C., & Venkatakrishnan, V. (2014). PeerShark: Detecting peer-to-peer botnets by tracking conversations. In IEEE security and privacy workshops (pp. 108\u2013115). IEEE.","DOI":"10.1109\/SPW.2014.25"},{"issue":"1","key":"17_CR34","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1186\/s13635-014-0015-3","volume":"2014","author":"P Narang","year":"2014","unstructured":"Narang, P., Hota, C., & Venkatakrishnan, V. N. (2014). PeerShark: Flow-clustering and conversation-generation for malicious peer-to-peer traffic identification. EURASIP Journal on Information Security, 2014(1), 1\u201312.","journal-title":"EURASIP Journal on Information Security"},{"key":"17_CR35","doi-asserted-by":"crossref","unstructured":"Nikolova, E., & Jecheva, V. (2012). Some similarity coefficients and application of data mining techniques to the anomaly-based IDS. Telecommunication Systems, 50(2), 127\u2013136.","DOI":"10.1007\/s11235-010-9390-3"},{"key":"17_CR36","doi-asserted-by":"crossref","unstructured":"Nychis, G., Sekar, V., Andersen, D. G., Kim, H. & Zhang H. (2008). An empirical evaluation of entropy-based traffic anomaly detection. In Proceedings of the internet measurement conference, Vouliagmeni (pp. 151\u2013156).","DOI":"10.1145\/1452520.1452539"},{"key":"17_CR37","doi-asserted-by":"crossref","unstructured":"Paxson, V. (2004). Strategies for sound internet measurement. In IMC \u201904: Proceedings of the 4th ACM. SIGCOMM conference on Internet measurement (pp. 263\u2013271).","DOI":"10.1145\/1028788.1028824"},{"issue":"1","key":"17_CR38","doi-asserted-by":"crossref","first-page":"11","DOI":"10.1007\/s11235-006-5520-3","volume":"31","author":"A Robinson","year":"2006","unstructured":"Robinson, A., Chan, Y., & Dietz, D. (2006). Detecting a security disturbance in multi commodity stochastic networks. Telecommunication Systems, 31(1), 11\u201327.","journal-title":"Telecommunication Systems"},{"key":"17_CR39","unstructured":"RSA 2012 Cybercrime Trends Report. http:\/\/www.rsa.com ."},{"key":"17_CR40","volume-title":"Multivariate density estimation: Theory, practice, and visualization","author":"DW Scott","year":"2001","unstructured":"Scott, D. W. (2001). Multivariate density estimation: Theory, practice, and visualization. Chichester: Wiley-Interscience."},{"key":"17_CR41","volume-title":"Handbook of statistics data mining and computational statistics","author":"DW Scott","year":"2004","unstructured":"Scott, D. W., & Rain, S. R. (2004). Multi-dimensional density estimation. In C. R. Rao & E. J. Wegman (Eds.), Handbook of statistics data mining and computational statistics. New York: Elsevier."},{"key":"17_CR42","unstructured":"Shafi, K., Abbass, H. A. & Zhu, W. (2009). A methodology to evaluate supervised learning algorithms for intrusion detection, Technical Report."},{"issue":"3","key":"17_CR43","doi-asserted-by":"crossref","first-page":"357","DOI":"10.1016\/j.cose.2011.12.012","volume":"31","author":"A Shiravi","year":"2012","unstructured":"Shiravi, A., Shiravi, H., Tavallaee, M., & Ghorbani, A. A. (2012). Toward developing a systematic approach to generate benchmark datasets for intrusion detection. Computers & Security, 31(3), 357\u2013374.","journal-title":"Computers & Security"},{"key":"17_CR44","doi-asserted-by":"crossref","DOI":"10.1007\/978-1-4899-3324-9","volume-title":"Density estimation for statistics and data analysis","author":"BW Silverman","year":"1986","unstructured":"Silverman, B. W. (1986). Density estimation for statistics and data analysis. London: Chapman and Hall."},{"key":"17_CR45","doi-asserted-by":"crossref","unstructured":"Silviera, F., Diot, C., Taft, N. & Goviandan, R. (2010, June). Detecting traffic anomalies using an equilibrium property. In Proceedings of the ACM SIGMETRICS international conference on Measurement and modeling of computer systems, New York (pp. 377\u2013378).","DOI":"10.1145\/1811039.1811095"},{"issue":"3","key":"17_CR46","doi-asserted-by":"crossref","first-page":"343","DOI":"10.1109\/SURV.2010.032210.00054","volume":"12","author":"A Sperotto","year":"2010","unstructured":"Sperotto, A., Schaffrath, G., Sadre, R., Morariu, C., Pras, A., & Stiller, B. (2010). An overview of IP flow-based intrusion detection. IEEE Communications Surveys & Tutorials, 12(3), 343\u2013356.","journal-title":"IEEE Communications Surveys & Tutorials"},{"key":"17_CR47","doi-asserted-by":"crossref","unstructured":"Tolle, J., Jahnke, M., Felde N. G., & Martini, P. (2006). Impact of sanitized message flows in a cooperative intrusion warning system. In IEEE MILCOM\u201906.","DOI":"10.1109\/MILCOM.2006.302010"},{"key":"17_CR48","volume-title":"Characterizing flow-level traffic behavior with entropy spaces for anomaly detection, Building next-generation converged networks: Theory and practice","author":"P Velarde-Alvarado","year":"2013","unstructured":"Velarde-Alvarado, P., Vargas-Rosales, C., Toral-Cruz, H., Ramirez-Pacheco, J., & Hernandez-Aquino, R. (2013). Characterizing flow-level traffic behavior with entropy spaces for anomaly detection, Building next-generation converged networks: Theory and practice. Baca Raton, FL: CRC."},{"key":"17_CR49","doi-asserted-by":"crossref","unstructured":"Wressnegger, C., Schwenk, G., Arp, D., & Rieck, K. (2013, November). A close look on n-grams in intrusion detection: anomaly detection vs. classification. In Proceedings of the 2013 ACM workshop on artificial intelligence and security (pp. 67\u201376). New Yok, NY: ACM.","DOI":"10.1145\/2517312.2517316"},{"issue":"6","key":"17_CR50","doi-asserted-by":"crossref","first-page":"1241","DOI":"10.1109\/TNET.2007.911438","volume":"16","author":"K Xu","year":"2008","unstructured":"Xu, K., Zhang, Z., & Bhattacharyya, S. (2008). Internet traffic behavior profiling for network security monitoring. IEEE\/ACM Transactions on Networking, 16(6), 1241\u20131252.","journal-title":"IEEE\/ACM Transactions on Networking"}],"container-title":["Telecommunication Systems"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s11235-015-0017-6.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s11235-015-0017-6\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s11235-015-0017-6","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,8,22]],"date-time":"2019-08-22T17:41:00Z","timestamp":1566495660000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s11235-015-0017-6"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015,3,31]]},"references-count":50,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2016,3]]}},"alternative-id":["17"],"URL":"https:\/\/doi.org\/10.1007\/s11235-015-0017-6","relation":{},"ISSN":["1018-4864","1572-9451"],"issn-type":[{"value":"1018-4864","type":"print"},{"value":"1572-9451","type":"electronic"}],"subject":[],"published":{"date-parts":[[2015,3,31]]}}}