{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,12]],"date-time":"2025-11-12T03:24:40Z","timestamp":1762917880360},"reference-count":53,"publisher":"Springer Science and Business Media LLC","issue":"3","license":[{"start":{"date-parts":[[2018,2,2]],"date-time":"2018-02-02T00:00:00Z","timestamp":1517529600000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Sci. China Inf. Sci."],"published-print":{"date-parts":[[2018,3]]},"DOI":"10.1007\/s11432-017-9288-4","type":"journal-article","created":{"date-parts":[[2018,2,6]],"date-time":"2018-02-06T02:42:49Z","timestamp":1517884969000},"update-policy":"http:\/\/dx.doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":18,"title":["An adaptive system for detecting malicious queries in web attacks"],"prefix":"10.1007","volume":"61","author":[{"given":"Ying","family":"Dong","sequence":"first","affiliation":[]},{"given":"Yuqing","family":"Zhang","sequence":"additional","affiliation":[]},{"given":"Hua","family":"Ma","sequence":"additional","affiliation":[]},{"given":"Qianru","family":"Wu","sequence":"additional","affiliation":[]},{"given":"Qixu","family":"Liu","sequence":"additional","affiliation":[]},{"given":"Kai","family":"Wang","sequence":"additional","affiliation":[]},{"given":"Wenjie","family":"Wang","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2018,2,2]]},"reference":[{"key":"9288_CR1","unstructured":"Symantec. Internet security threat report. 2016. https:\/\/www.symantec.com\/security-center\/threat-report"},{"key":"9288_CR2","doi-asserted-by":"publisher","first-page":"440","DOI":"10.1109\/TDSC.2013.45","volume":"11","author":"J Fonseca","year":"2014","unstructured":"Fonseca J, Vieira M, Madeira H. Evaluation of web security mechanisms using vulnerability & attack injection. IEEE Trans Depend Secure Comput, 2014, 11: 440\u2013453","journal-title":"IEEE Trans Depend Secure Comput"},{"key":"9288_CR3","unstructured":"Imperva. Web application attack report. 2015. https:\/\/www.imperva.com\/docs\/HII Web Application Attack Report Ed6.pdf"},{"key":"9288_CR4","unstructured":"WhiteHat. Web application security statistic report. 2016. https:\/\/info.whitehatsec.com\/rs\/675-YBI-674\/images\/WH-2016-Stats-Report-FINAL.pdf"},{"key":"9288_CR5","first-page":"26","volume":"11","author":"M Lawal","year":"2016","unstructured":"Lawal M, Sultan A B M, Shakiru A O. Systematic literature review on SQL injection attack. Int J Soft Comput, 2016, 11: 26\u201335","journal-title":"Int J Soft Comput"},{"key":"9288_CR6","unstructured":"Symantec. Team ghostshell hacking group back with a bang. 2015. https:\/\/www.symantec.com\/connect\/blogs\/team-ghostshell-hacking-group-back-bang"},{"key":"9288_CR7","doi-asserted-by":"publisher","first-page":"160","DOI":"10.1016\/j.cose.2017.04.006","volume":"68","author":"A Aleroud","year":"2017","unstructured":"Aleroud A, Zhou L. Phishing environments, techniques, and countermeasures: a survey. Comput Secur, 2017, 68: 160\u2013196","journal-title":"Comput Secur"},{"key":"9288_CR8","doi-asserted-by":"publisher","first-page":"052111","DOI":"10.1007\/s11432-015-5422-7","volume":"60","author":"Z J Fang","year":"2017","unstructured":"Fang Z J, Liu Q X, Zhang Y Q, et al. A static technique for detecting input validation vulnerabilities in Android apps. Sci China Inf Sci, 2017, 60: 052111","journal-title":"Sci China Inf Sci"},{"key":"9288_CR9","doi-asserted-by":"publisher","first-page":"95","DOI":"10.1016\/j.jnca.2015.11.017","volume":"60","author":"V Prokhorenko","year":"2016","unstructured":"Prokhorenko V, Choo K K R, Ashman H. Web application protection techniques: a taxonomy. J Netw Comput Appl, 2016, 60: 95\u2013112","journal-title":"J Netw Comput Appl"},{"key":"9288_CR10","doi-asserted-by":"publisher","first-page":"717","DOI":"10.1016\/j.comnet.2005.01.009","volume":"48","author":"C Krugel","year":"2005","unstructured":"Krugel C, Vigna G, Robertson W. A multi-model approach to the detection of web-based attacks. Comput Netw, 2005, 48: 717\u2013738","journal-title":"Comput Netw"},{"key":"9288_CR11","volume-title":"Proceedings of the 13th Annual Network and Distributed System Security Symposium (NDSS\u201906)","author":"W K Robertson","year":"2006","unstructured":"Robertson W K, Vigna G, Kruegel C, et al. Using generalization and characterization techniques in the anomaly-based detection of web attacks. In: Proceedings of the 13th Annual Network and Distributed System Security Symposium (NDSS\u201906), San Diego, 2006"},{"key":"9288_CR12","first-page":"121","volume-title":"Proceedings of the 16th Annual Network and Distributed System Security Symposium (NDSS\u201909)","author":"Y Song","year":"2009","unstructured":"Song Y, Keromytis A D, Stolfo S J. Spectrogram: a mixture-of-markov-chains model for anomaly detection in web traffic. In: Proceedings of the 16th Annual Network and Distributed System Security Symposium (NDSS\u201909), San Diego, 2009. 121\u2013135"},{"key":"9288_CR13","doi-asserted-by":"publisher","first-page":"561","DOI":"10.1007\/s10207-015-0276-y","volume":"14","author":"A Kozakevicius","year":"2015","unstructured":"Kozakevicius A, Cappo C, Mozzaquatro B A, et al. URL query string anomaly sensor designed with the bidimensional haar wavelet transform. Int J Inf Secur, 2015, 14: 561\u2013581","journal-title":"Int J Inf Secur"},{"key":"9288_CR14","doi-asserted-by":"publisher","first-page":"46","DOI":"10.1016\/j.comnet.2015.07.019","volume":"91","author":"A Juvonen","year":"2015","unstructured":"Juvonen A, Sipola T, Inen T. Online anomaly detection using dimensionality reduction techniques for http log analysis. Comput Netw, 2015, 91: 46\u201356","journal-title":"Comput Netw"},{"key":"9288_CR15","doi-asserted-by":"publisher","first-page":"895","DOI":"10.1016\/j.comcom.2013.01.013","volume":"36","author":"Y Xie","year":"2013","unstructured":"Xie Y, Tang S, Huang X, et al. Detecting latent attack behavior from aggregated web traffic. Comput Commun, 2013, 36: 895\u2013907","journal-title":"Comput Commun"},{"key":"9288_CR16","first-page":"690","volume-title":"Proceedings of the 7th International Conference on Computer Science & Education (ICCSE\u201912)","author":"W K G Fan","year":"2012","unstructured":"Fan W K G. An adaptive anomaly detection of web-based attacks. In: Proceedings of the 7th International Conference on Computer Science & Education (ICCSE\u201912), Melbourne, 2012. 690\u2013694"},{"key":"9288_CR17","doi-asserted-by":"publisher","first-page":"73","DOI":"10.1109\/HIS.2010.5600026","volume-title":"Proceedings of the 10th International Conference on Hybrid Intelligent Systems (HIS\u201910)","author":"C D Pinz\u00f3n","year":"2010","unstructured":"Pinz\u00f3n C, De Paz J F, Bajo J, et al. AIIDA-SQL: an adaptive intelligent intrusion detector agent for detecting SQL injection attacks. In: Proceedings of the 10th International Conference on Hybrid Intelligent Systems (HIS\u201910), Atlanta, 2010. 73\u201378"},{"key":"9288_CR18","doi-asserted-by":"publisher","first-page":"83","DOI":"10.1016\/j.jnca.2013.05.009","volume":"39","author":"Y Meng","year":"2014","unstructured":"Meng Y, Kwok L F. Adaptive blacklist-based packet filter with a statistic-based approach in network intrusion detection. J Netw Comput Appl, 2014, 39: 83\u201392","journal-title":"J Netw Comput Appl"},{"key":"9288_CR19","doi-asserted-by":"publisher","first-page":"103","DOI":"10.1016\/j.knosys.2014.06.018","volume":"70","author":"W Wang","year":"2014","unstructured":"Wang W, Guyet T, Quiniou R, et al. Autonomic intrusion detection: adaptively detecting anomalies over unlabeled audit data streams in computer networks. Knowledge-Based Syst, 2014, 70: 103\u2013117","journal-title":"Knowledge-Based Syst"},{"key":"9288_CR20","doi-asserted-by":"publisher","first-page":"91","DOI":"10.1016\/j.ins.2014.07.044","volume":"318","author":"J Zhang","year":"2015","unstructured":"Zhang J, Li H Z, Gao Q G, et al. Detecting anomalies from big network traffic data using an adaptive detection approach. Inf Sci, 2015, 318: 91\u2013110","journal-title":"Inf Sci"},{"key":"9288_CR21","volume-title":"IEEE Trans Syst Man Cybern Syst","author":"A AlEroud","year":"2016","unstructured":"AlEroud A, Karabatis G. Queryable semantics to detect cyber-attacks: a flow-based detection approach. IEEE Trans Syst Man Cybern Syst, 2016. doi: 10.1109\/TSMC.2016.2600405"},{"key":"9288_CR22","doi-asserted-by":"publisher","first-page":"563","DOI":"10.1007\/s10115-017-1027-3","volume":"52","author":"A Aleroud","year":"2017","unstructured":"Aleroud A, Karabatis G. Contextual information fusion for intrusion detection: a survey and taxonomy. Knowl Inf Syst, 2017, 52: 563\u2013619","journal-title":"Knowl Inf Syst"},{"key":"9288_CR23","doi-asserted-by":"publisher","first-page":"45","DOI":"10.1016\/j.neucom.2016.02.007","volume":"194","author":"A F Sousa","year":"2016","unstructured":"Sousa A F, Prudencio R B, Ludermir T B, et al. Active learning and data manipulation techniques for generating training examples in meta-learning. Neurocomput, 2016, 194: 45\u201355","journal-title":"Neurocomput"},{"key":"9288_CR24","doi-asserted-by":"publisher","first-page":"52","DOI":"10.1016\/j.neucom.2013.05.048","volume":"127","author":"A L D d L Rossi","year":"2014","unstructured":"Rossi A L D, de Leon Ferreira A C P, Soares C, et al. MetaStream: a meta-learning based method for periodic algorithm selection in time-changing data. Neurocomput, 2014, 127: 52\u201364","journal-title":"Neurocomput"},{"key":"9288_CR25","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.jnca.2016.03.011","volume":"66","author":"G Folino","year":"2016","unstructured":"Folino G, Sabatino P. Ensemble based collaborative and distributed intrusion detection systems: a survey. J Netw Comput Appl, 2016, 66: 1\u201316","journal-title":"J Netw Comput Appl"},{"key":"9288_CR26","unstructured":"The HTTP dataset CSIC 2010. http:\/\/www.isi.csic.es\/dataset\/"},{"key":"9288_CR27","first-page":"652","volume-title":"Proceedings of the 35th International Conference on Software Engineering (ICSE\u201913)","author":"Y H Zheng","year":"2013","unstructured":"Zheng Y H, Zhang X Y. Path sensitive static analysis of web applications for remote code execution vulnerability detection. In: Proceedings of the 35th International Conference on Software Engineering (ICSE\u201913), San Francisco, 2013. 652\u2013661"},{"key":"9288_CR28","doi-asserted-by":"publisher","first-page":"811","DOI":"10.1016\/j.comnet.2012.10.002","volume":"57","author":"A Jamdagni","year":"2013","unstructured":"Jamdagni A, Tan Z Y, He X J, et al. RePIDS: a multi-tier real-time payload-based intrusion detection system. Comput Netw, 2013, 57: 811\u2013824","journal-title":"Comput Netw"},{"key":"9288_CR29","doi-asserted-by":"publisher","first-page":"159","DOI":"10.1016\/j.cose.2015.09.007","volume":"55","author":"P Garcia-Teodoro","year":"2015","unstructured":"Garcia-Teodoro P, Diaz-Verdejo J E, Tapiador J E, et al. Automatic generation of HTTP intrusion signatures by selective identification of anomalies. Comput Secur, 2015, 55: 159\u2013174","journal-title":"Comput Secur"},{"key":"9288_CR30","first-page":"525","volume-title":"Proceedings of the 39th Annual Computer Software and Applications Conference (COMPSAC\u201915)","author":"Y Zhong","year":"2015","unstructured":"Zhong Y, Asakura H, Takakura H, et al. Detecting malicious inputs of web application parameters using character class sequences. In: Proceedings of the 39th Annual Computer Software and Applications Conference (COMPSAC\u201915), Taichung, 2015. 525\u2013532"},{"key":"9288_CR31","doi-asserted-by":"publisher","first-page":"221","DOI":"10.1016\/j.cose.2010.12.004","volume":"30","author":"D Ariu","year":"2011","unstructured":"Ariu D, Tronci R, Giacinto G. Hmmpayl: an intrusion detection system based on hidden markov models. Comput Secur, 2011, 30: 221\u2013241","journal-title":"Comput Secur"},{"key":"9288_CR32","doi-asserted-by":"publisher","first-page":"203","DOI":"10.1007\/978-3-540-30143-1_11","volume-title":"Proceedings of the 7th International Symposium on Recent Advances in Intrusion Detection (RAID\u201904)","author":"K Wang","year":"2004","unstructured":"Wang K, Stolfo S J. Anomalous payload-based network intrusion detection. In: Proceedings of the 7th International Symposium on Recent Advances in Intrusion Detection (RAID\u201904), Sophia Antipolis, 2004. 203\u2013222"},{"key":"9288_CR33","volume-title":"Anagram: a Content Anomaly Detector Resistant to Mimicry Attack","author":"K Wang","year":"2006","unstructured":"Wang K, Parekh J J, Stolfo S J. Anagram: a Content Anomaly Detector Resistant to Mimicry Attack. Berlin: Springer, 2006"},{"key":"9288_CR34","doi-asserted-by":"publisher","first-page":"242","DOI":"10.1016\/j.cose.2014.06.002","volume":"45","author":"A Oza","year":"2014","unstructured":"Oza A, Ross K, Low R M, et al. HTTP attack detection using n-gram analysis. Comput Secur, 2014, 45: 242\u2013254","journal-title":"Comput Secur"},{"key":"9288_CR35","doi-asserted-by":"publisher","first-page":"864","DOI":"10.1016\/j.comnet.2008.11.011","volume":"53","author":"R Perdisci","year":"2009","unstructured":"Perdisci R, Ariu D, Fogla P, et al. McPAD: a multiple classifier system for accurate payload-based anomaly detection. Comput Netw, 2009, 53: 864\u2013881","journal-title":"Comput Netw"},{"key":"9288_CR36","doi-asserted-by":"publisher","first-page":"330","DOI":"10.1016\/j.eswa.2016.07.036","volume":"64","author":"M Swarnkar","year":"2016","unstructured":"Swarnkar M, Hubballi N. OCPAD: one class naive bayes classifier for payload based anomaly detection. Expert Syst Appl, 2016, 64: 330\u2013339","journal-title":"Expert Syst Appl"},{"key":"9288_CR37","doi-asserted-by":"publisher","first-page":"475","DOI":"10.1007\/s10207-016-0344-y","volume":"16","author":"P Duessel","year":"2016","unstructured":"Duessel P, Gehl C, Flegel U, et al. Detecting zero-day attacks using context-aware anomaly detection at the applicationlayer. Int J Inf Secur, 2016, 16: 475\u2013490","journal-title":"Int J Inf Secur"},{"key":"9288_CR38","doi-asserted-by":"crossref","DOI":"10.1007\/0-387-34239-7","volume-title":"Estimation of Dependences Based on Empirical Data","author":"V Vapnik","year":"2006","unstructured":"Vapnik V, Kotz S. Estimation of Dependences Based on Empirical Data. New York: Springer-Verlag, 2006"},{"key":"9288_CR39","doi-asserted-by":"publisher","first-page":"1577","DOI":"10.1016\/j.patcog.2014.12.009","volume":"4","author":"H S Guo","year":"2015","unstructured":"Guo H S, Wang W J. An active learning-based SVM multi-class classification model. Pattern Recogn, 2015, 4: 1577\u20131597","journal-title":"Pattern Recogn"},{"key":"9288_CR40","doi-asserted-by":"publisher","first-page":"313","DOI":"10.1002\/widm.1132","volume":"4","author":"J Kremer","year":"2014","unstructured":"Kremer J, Steenstrup P K, Igel C. Active learning with support vector machines. Data Min Knowl Disc, 2014, 4: 313\u2013326","journal-title":"Data Min Knowl Disc"},{"key":"9288_CR41","doi-asserted-by":"publisher","first-page":"969","DOI":"10.1007\/s11045-016-0396-1","volume":"27","author":"F Gao","year":"2016","unstructured":"Gao F, Lv W C, Zhang Y T, et al. A novel semisupervised support vector machine classifier based on active learning and context information. Multidim Syst Signal Process, 2016, 27: 969\u2013988","journal-title":"Multidim Syst Signal Process"},{"key":"9288_CR42","doi-asserted-by":"publisher","first-page":"305","DOI":"10.1016\/j.eswa.2017.05.046","volume":"85","author":"M Wang","year":"2017","unstructured":"Wang M, Min F, Zhang Z H, et al. Active learning through density clustering. Expert Syst Appl, 2017, 85: 305\u2013317","journal-title":"Expert Syst Appl"},{"key":"9288_CR43","doi-asserted-by":"publisher","first-page":"253","DOI":"10.1007\/978-3-319-31753-3_21","volume-title":"Proceedings of the 20th Pacific-Asia Conference on Knowledge Discovery and Data Mining (PAKDD\u201916)","author":"A Aghaee","year":"2016","unstructured":"Aghaee A, Ghadiri M, Baghshah M S, et al. Active distance-based clustering using K-medoids. In: Proceedings of the 20th Pacific-Asia Conference on Knowledge Discovery and Data Mining (PAKDD\u201916), Auckland, 2016. 253\u2013264"},{"key":"9288_CR44","first-page":"255","volume":"5","author":"Y Baram","year":"2012","unstructured":"Baram Y, Ran E Y, Luz K. Online choice of active learning algorithms. J Mach Learn Res, 2012, 5: 255\u2013291","journal-title":"J Mach Learn Res"},{"key":"9288_CR45","doi-asserted-by":"publisher","first-page":"241","DOI":"10.1016\/S0893-6080(05)80023-1","volume":"5","author":"D H Wolpert","year":"1992","unstructured":"Wolpert D H. Stacked generalization. Neural Netw, 1992, 5: 241\u2013259","journal-title":"Neural Netw"},{"key":"9288_CR46","unstructured":"Hillstone Networks. Hillstone e-series next-generation firewalls. http:\/\/www.hillstonenet.com\/our-products\/next-gen-firewalls-e-series\/"},{"key":"9288_CR47","first-page":"3969","volume":"7","author":"R Fielding","year":"1999","unstructured":"Fielding R, Gettys J, Mogul J, et al. RFC 2616: hypertext transfer protocol-HTTP\/1.1. Comput Sci Commun Dict, 1999, 7: 3969\u20133973","journal-title":"Comput Sci Commun Dict"},{"key":"9288_CR48","doi-asserted-by":"publisher","first-page":"2986","DOI":"10.1109\/TC.2016.2519914","volume":"65","author":"M A Ambusaidi","year":"2016","unstructured":"Ambusaidi M A, He X J, Nanda P, et al. Building an intrusion detection system using a filter-based feature selection algorithm. IEEE Trans Comput, 2016, 65: 2986\u20132998","journal-title":"IEEE Trans Comput"},{"key":"9288_CR49","doi-asserted-by":"publisher","first-page":"223","DOI":"10.1007\/978-1-60327-241-4_13","volume-title":"Data Mining Techniques for the Life Sciences","author":"A Ben-Hur","year":"2010","unstructured":"Ben-Hur A, Weston J. A user\u2019s guide to support vector machines. In: Data Mining Techniques for the Life Sciences. Berlin: Springer, 2010. 223\u2013239"},{"key":"9288_CR50","doi-asserted-by":"publisher","first-page":"5","DOI":"10.1109\/TPAMI.2016.2539965","volume":"39","author":"C Xiong","year":"2017","unstructured":"Xiong C, Johnson D M, Corso J J. Active clustering with model-based uncertainty reduction. IEEE Trans Pattern Anal Mach Intell, 2017, 39: 5\u201317","journal-title":"IEEE Trans Pattern Anal Mach Intell"},{"key":"9288_CR51","doi-asserted-by":"publisher","first-page":"501","DOI":"10.1007\/978-3-319-26961-0_29","volume-title":"Proceedings of the 11th International Conference on Information Systems Security (ICISS\u201915)","author":"S Prandl","year":"2015","unstructured":"Prandl S, Lazarescu M, Pham D S. A study of web application firewall solutions. In: Proceedings of the 11th International Conference on Information Systems Security (ICISS\u201915), Kolkata, 2015. 501\u2013510"},{"key":"9288_CR52","unstructured":"Trustwave. Modsecurity core rule set. 2016. https:\/\/www.owasp.org\/index.php\/Category:OWASP ModSecurity Core Rule Set Project"},{"key":"9288_CR53","first-page":"99","volume-title":"Proceedings of the 6th ACM Workshop on Artificial Intelligence and Security (AISec\u201913)","author":"A Kantchelian","year":"2013","unstructured":"Kantchelian A, Afroz S, Huang L, et al. Approaches to adversarial drift. In: Proceedings of the 6th ACM Workshop on Artificial Intelligence and Security (AISec\u201913), Berlin, 2013. 99\u2013110"}],"container-title":["Science China Information Sciences"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s11432-017-9288-4\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s11432-017-9288-4.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s11432-017-9288-4.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,10,27]],"date-time":"2020-10-27T15:00:56Z","timestamp":1603810856000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s11432-017-9288-4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,2,2]]},"references-count":53,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2018,3]]}},"alternative-id":["9288"],"URL":"https:\/\/doi.org\/10.1007\/s11432-017-9288-4","relation":{},"ISSN":["1674-733X","1869-1919"],"issn-type":[{"value":"1674-733X","type":"print"},{"value":"1869-1919","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018,2,2]]},"assertion":[{"value":"1 August 2017","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"27 October 2017","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"2 February 2018","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}],"article-number":"032114"}}