{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,12]],"date-time":"2025-09-12T17:58:28Z","timestamp":1757699908028,"version":"3.37.3"},"reference-count":30,"publisher":"Springer Science and Business Media LLC","issue":"7-8","license":[{"start":{"date-parts":[[2021,10,30]],"date-time":"2021-10-30T00:00:00Z","timestamp":1635552000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2021,10,30]],"date-time":"2021-10-30T00:00:00Z","timestamp":1635552000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"funder":[{"name":"Coordena\u00e7\u00e3o de Aperfei\u00e7oamento de Pessoal de N\u00edvel Superior\/Conselho Nacional de Desenvolvimento Cient\u00edfico e Tecnol\u00f3gico","award":["18\/23292-0"],"award-info":[{"award-number":["18\/23292-0"]}]},{"DOI":"10.13039\/501100004586","name":"Funda\u00e7\u00e3o Carlos Chagas Filho de Amparo \u00e0 Pesquisa do Estado do Rio de Janeiro","doi-asserted-by":"crossref","award":["15\/24485-9"],"award-info":[{"award-number":["15\/24485-9"]}],"id":[{"id":"10.13039\/501100004586","id-type":"DOI","asserted-by":"crossref"}]},{"DOI":"10.13039\/501100001807","name":"Funda\u00e7\u00e3o de Amparo \u00e0 Pesquisa do Estado de S\u00e3o Paulo","doi-asserted-by":"publisher","award":["14\/50937-1"],"award-info":[{"award-number":["14\/50937-1"]}],"id":[{"id":"10.13039\/501100001807","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Ann. Telecommun."],"published-print":{"date-parts":[[2022,8]]},"DOI":"10.1007\/s12243-021-00893-5","type":"journal-article","created":{"date-parts":[[2021,10,30]],"date-time":"2021-10-30T07:02:54Z","timestamp":1635577374000},"page":"539-554","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":5,"title":["A threat monitoring system for intelligent data analytics of network traffic"],"prefix":"10.1007","volume":"77","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-4664-4912","authenticated-orcid":false,"given":"Lucas C. B.","family":"Guimar\u00e3es","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Gabriel Antonio F.","family":"Rebello","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Gustavo F.","family":"Camilo","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Lucas Airam C.","family":"de Souza","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Otto Carlos M. B.","family":"Duarte","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2021,10,30]]},"reference":[{"key":"893_CR1","unstructured":"Cybersecurity Market Report. Available at: https:\/\/cybersecurityventures.com\/https:\/\/cybersecurityventures.com\/. Last access: 30 April 2021"},{"issue":"2","key":"893_CR2","doi-asserted-by":"publisher","first-page":"76","DOI":"10.1109\/MC.2017.62","volume":"50","author":"E Bertino","year":"2017","unstructured":"Bertino E, Islam N (2017) Botnets and internet of things security. Computer 50(2):76\u201379","journal-title":"Computer"},{"key":"893_CR3","doi-asserted-by":"crossref","unstructured":"Azmoodeh A, Dehghantanha A, Choo K.-K.R. (2019) Big data and internet of things security and forensics: challenges and opportunities. In: Handbook of big data and IoT security. Springer, pp 1\u20134","DOI":"10.1007\/978-3-030-10543-3_1"},{"key":"893_CR4","unstructured":"(2019) Symantec, Internet security threat report. Available at: https:\/\/docs.broadcom.com\/doc\/istr-24-2019-en. Last access: 30 April, 2021"},{"key":"893_CR5","doi-asserted-by":"publisher","first-page":"289","DOI":"10.1016\/j.ijinfomgt.2018.08.006","volume":"45","author":"RAA Habeeb","year":"2019","unstructured":"Habeeb RAA, Nasaruddin F, Gani A, Hashem IAT, Ahmed E, Imran M (2019) Real-time big data processing for anomaly detection: a survey. Int J Inf Manag 45:289\u2013307","journal-title":"Int J Inf Manag"},{"key":"893_CR6","doi-asserted-by":"crossref","unstructured":"(2020) Verizon Enterprise, Data breach investigations report. Available at: https:\/\/enterprise.verizon.com\/resources\/reports\/2020-data-breach-investigations-report.pdfhttps:\/\/enterprise.verizon.com\/resources\/reports\/2020-data-breach-investigations-report.pdf. Last access: 30 April 2021","DOI":"10.1016\/S1361-3723(20)30059-2"},{"issue":"20","key":"893_CR7","doi-asserted-by":"crossref","first-page":"e5344","DOI":"10.1002\/cpe.5344","volume":"31","author":"MA Lopez","year":"2019","unstructured":"Lopez MA, Mattos DMF, Duarte OCMB, Pujolle G (2019) Toward a monitoring and threat detection system based on stream processing as a virtual network function for big data. Concurr Computat Pract Experience 31(20):e5344","journal-title":"Concurr Computat Pract Experience"},{"key":"893_CR8","doi-asserted-by":"crossref","unstructured":"Pelloso M, Vergutz A, Santos A, Nogueira M (2018) A self-adaptable system for DDoS attack prediction based on the metastability theory. In: 2018 IEEE global communications conference (GLOBECOM), pp 1\u20136","DOI":"10.1109\/GLOCOM.2018.8647934"},{"key":"893_CR9","doi-asserted-by":"publisher","first-page":"473","DOI":"10.1016\/j.future.2018.09.051","volume":"93","author":"E Viegas","year":"2019","unstructured":"Viegas E, Santin A, Bessani A, Neves N (2019) Bigflow: Real-time and reliable anomaly-based intrusion detection for high-speed networks. Futur Gener Comput Syst 93:473\u2013485","journal-title":"Futur Gener Comput Syst"},{"key":"893_CR10","unstructured":"Campiolo R, dos Santos LAF, Monteverde WA, Suca EG, Batista DM (2018) Uma arquitetura para detec\u00e7\u00e3o de amea\u00e7as cibern\u00e9ticas baseada na an\u00e1lise de grandes volumes de dados. In: Anais do I Workshop de Seguran\u00e7a Cibern\u00e9tica em Dispositivos Conectados. SBC"},{"key":"893_CR11","doi-asserted-by":"crossref","unstructured":"Lobato AGP, Lopez MA, Sanz IJ, Cardenas AA, Duarte OCM, Pujolle G (2018) An adaptive real-time architecture for zero-day threat detection. In: 2018 IEEE international conference on communications (ICC). IEEE, pp 1\u20136","DOI":"10.1109\/ICC.2018.8422622"},{"issue":"11-12","key":"893_CR12","doi-asserted-by":"publisher","first-page":"595","DOI":"10.1007\/s12243-016-0506-y","volume":"71","author":"MA Lopez","year":"2016","unstructured":"Lopez MA, Mattos DMF, Duarte OCMB (2016) An elastic intrusion detection system for software networks. Ann Telecommun 71(11-12):595\u2013605","journal-title":"Ann Telecommun"},{"issue":"3-4","key":"893_CR13","doi-asserted-by":"publisher","first-page":"139","DOI":"10.1007\/s12243-018-0663-2","volume":"74","author":"MA Lopez","year":"2019","unstructured":"Lopez MA, Mattos DMF, Duarte OCMB, Pujolle G (2019) A fast unsupervised preprocessing method for network monitoring. Ann Telecommun 74(3-4):139\u2013155","journal-title":"Ann Telecommun"},{"key":"893_CR14","unstructured":"Cisco Systems (2014) OpenSOC: The open security operations center. Available at: https:\/\/opensoc.github.io\/. Last access: 30 April 2021"},{"key":"893_CR15","unstructured":"(2017) Apache Software Foundation, Apache Metron. https:\/\/metron.apache.org\/. Last access: 30 April 2021"},{"issue":"10-10","key":"893_CR16","first-page":"95","volume":"10","author":"M Zaharia","year":"2010","unstructured":"Zaharia M, Chowdhury M, Franklin MJ, Shenker S, Stoica I (2010) Spark: Cluster computing with working sets. HotCloud 10(10-10):95","journal-title":"HotCloud"},{"issue":"7","key":"893_CR17","doi-asserted-by":"publisher","first-page":"70","DOI":"10.1109\/MCOM.2017.1600972","volume":"55","author":"T Jirsik","year":"2017","unstructured":"Jirsik T, Cermak M, Tovarnak D, Celeda P (2017) Toward stream-based IP flow analysis. IEEE Commun Mag 55(7):70\u201376","journal-title":"IEEE Commun Mag"},{"issue":"11","key":"893_CR18","doi-asserted-by":"publisher","first-page":"56","DOI":"10.1145\/2934664","volume":"59","author":"M Zaharia","year":"2016","unstructured":"Zaharia M, Xin RS, Wendell P, Das T, Armbrust M, Dave A, Meng X, Rosen J, Venkataraman S, Franklin MJ et al (2016) Apache Spark: a unified engine for big data processing. Commun ACM 59(11):56\u201365","journal-title":"Commun ACM"},{"key":"893_CR19","unstructured":"Xin R, Rosen J (2015) Project tungsten: bringing apache spark closer to bare metal. Available at: https:\/\/databricks.com\/blog\/2015\/04\/28\/project-tungsten-bringing-spark-closer-to-bare-metal.htmlhttps:\/\/databricks.com\/blog\/2015\/04\/28\/project-tungsten-bringing-spark-closer-to-bare-metal.html. Last access: 30 April 2021"},{"key":"893_CR20","doi-asserted-by":"crossref","unstructured":"Armbrust M, S Xin R, Lian C, Huai Y, Liu D, K Bradley J, Meng X, Kaftan T, Franklin MJ, Ghodsi A et al (2015) Spark SQL: Relational data processing in Spark. In: Proceedings of the 2015 ACM SIGMOD international conference on management of data. ACM, pp 1383\u20131394","DOI":"10.1145\/2723372.2742797"},{"issue":"1","key":"893_CR21","first-page":"1235","volume":"17","author":"X Meng","year":"2016","unstructured":"Meng X, Bradley J, Yavuz B, Sparks E, Venkataraman S, Liu D, Freeman J, Tsai D, Amde M, Owen S et al (2016) Mllib: machine learning in apache spark. J Mach Learn Res 17 (1):1235\u20131241","journal-title":"J Mach Learn Res"},{"key":"893_CR22","volume-title":"The elements of statistical learning, vol 1","author":"J Friedman","year":"2001","unstructured":"Friedman J, Hastie T, Tibshirani R et al (2001) The elements of statistical learning, vol 1. Springer series in statistics, New York"},{"issue":"1","key":"893_CR23","doi-asserted-by":"publisher","first-page":"5","DOI":"10.1023\/A:1010933404324","volume":"45","author":"L Breiman","year":"2001","unstructured":"Breiman L (2001) Random forests. Mach Learn 45(1):5\u201332","journal-title":"Mach Learn"},{"issue":"2","key":"893_CR24","first-page":"123","volume":"24","author":"L Breiman","year":"1996","unstructured":"Breiman L (1996) Bagging predictors. Mach Learn 24(2):123\u2013 140","journal-title":"Mach Learn"},{"key":"893_CR25","doi-asserted-by":"crossref","unstructured":"de Souza LAC et al (2020) DFedForest: Decentralized federated forest. In: 2020 IEEE Blockchain, pp 90\u201397","DOI":"10.1109\/Blockchain50366.2020.00019"},{"issue":"4","key":"893_CR26","first-page":"919","volume":"28","author":"J Chen","year":"2016","unstructured":"Chen J, Li K, Tang Z, Bilal K, Yu S, Weng C, Li K (2016) A parallel random forest algorithm for Big Data in a Spark cloud computing environment. IEEE TPDS 28(4):919\u2013933","journal-title":"IEEE TPDS"},{"key":"893_CR27","doi-asserted-by":"crossref","unstructured":"Tavallaee M, Bagheri E, Lu W, Ghorbani AA (2009) A detailed analysis of the KDD CUP 99 data set. In: 2009 IEEE symposium on CISDA, pp 1\u20136","DOI":"10.1109\/CISDA.2009.5356528"},{"key":"893_CR28","doi-asserted-by":"crossref","unstructured":"Lopez MA, Silva RS, Alvarenga ID, Rebello GAF, Sanz IJ, Lobato AG, Mattos DMF, Duarte OC, Pujolle G (2017) Collecting and characterizing a real broadband access network traffic dataset. In: 2017 1st cyber security in networking conference (CSNet), pp 1\u20138","DOI":"10.1109\/CSNET.2017.8241999"},{"key":"893_CR29","unstructured":"Arndt D (2011) Flowtbag. Available at: https:\/\/github.com\/DanielArndt\/flowtbag\/wiki\/features. Last access: 30 April 2021"},{"key":"893_CR30","unstructured":"Reddy T, Boucadair M, Patil P, Mortensen A, Teague N Distributed denial-of-service open threat signaling (dots) signal channel specification, Internet Requests for Comments, RFC Editor, RFC 8782, 05 2020. [Online]. Available: https:\/\/datatracker.ietf.org\/doc\/html\/rfc8782"}],"container-title":["Annals of Telecommunications"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s12243-021-00893-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s12243-021-00893-5\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s12243-021-00893-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,11,11]],"date-time":"2023-11-11T23:56:18Z","timestamp":1699746978000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s12243-021-00893-5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,10,30]]},"references-count":30,"journal-issue":{"issue":"7-8","published-print":{"date-parts":[[2022,8]]}},"alternative-id":["893"],"URL":"https:\/\/doi.org\/10.1007\/s12243-021-00893-5","relation":{},"ISSN":["0003-4347","1958-9395"],"issn-type":[{"type":"print","value":"0003-4347"},{"type":"electronic","value":"1958-9395"}],"subject":[],"published":{"date-parts":[[2021,10,30]]},"assertion":[{"value":"5 May 2021","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"9 October 2021","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"30 October 2021","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}]}}