{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,31]],"date-time":"2025-12-31T01:09:10Z","timestamp":1767143350654,"version":"build-2238731810"},"reference-count":36,"publisher":"Springer Science and Business Media LLC","issue":"11","license":[{"start":{"date-parts":[[2024,6,17]],"date-time":"2024-06-17T00:00:00Z","timestamp":1718582400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by-nc-nd\/4.0"},{"start":{"date-parts":[[2024,6,17]],"date-time":"2024-06-17T00:00:00Z","timestamp":1718582400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by-nc-nd\/4.0"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Int. J. Mach. Learn. & Cyber."],"published-print":{"date-parts":[[2024,11]]},"DOI":"10.1007\/s13042-024-02237-w","type":"journal-article","created":{"date-parts":[[2024,6,17]],"date-time":"2024-06-17T11:01:54Z","timestamp":1718622114000},"page":"5291-5302","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":4,"title":["Unsupervised Anomaly Detection Approach for Cyberattack Identification"],"prefix":"10.1007","volume":"15","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-4278-9081","authenticated-orcid":false,"given":"Lander","family":"Segurola-Gil","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8928-588X","authenticated-orcid":false,"given":"Mikel","family":"Moreno-Moreno","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5728-4399","authenticated-orcid":false,"given":"Itziar","family":"Irigoien","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7259-5731","authenticated-orcid":false,"given":"Ane Miren","family":"Florez-Tapia","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2024,6,17]]},"reference":[{"issue":"16","key":"2237_CR1","doi-asserted-by":"publisher","first-page":"1876","DOI":"10.3390\/electronics10161876","volume":"10","author":"I Apostol","year":"2021","unstructured":"Apostol I, Preda M, Nila C, Bica I (2021) IoT botnet anomaly detection using unsupervised deep learning. Electronics 10(16):1876","journal-title":"Electronics"},{"key":"2237_CR2","doi-asserted-by":"crossref","unstructured":"Arnold BC (2008) Pareto and generalized pareto distributions. In: Modeling income distributions and lorenz curves (pp.\u00a0119\u2013145). Springer","DOI":"10.1007\/978-0-387-72796-7_7"},{"issue":"2","key":"2237_CR3","doi-asserted-by":"publisher","first-page":"76","DOI":"10.1109\/MC.2017.62","volume":"50","author":"E Bertino","year":"2017","unstructured":"Bertino E, Islam N (2017) Botnets and internet of things security. Computer 50(2):76\u201379. https:\/\/doi.org\/10.1109\/MC.2017.62","journal-title":"Computer"},{"key":"2237_CR4","doi-asserted-by":"crossref","unstructured":"Bovenzi G, Aceto G, Ciuonzo D, Persico V, Pescap\u00e9 A (2020) A hierarchical hybrid intrusion detection approach in iot scenarios. In: GLOBECOM 2020-2020 IEEE global communications conference, pp. 1\u20137","DOI":"10.1109\/GLOBECOM42002.2020.9348167"},{"issue":"7","key":"2237_CR5","doi-asserted-by":"publisher","first-page":"772","DOI":"10.1016\/j.comcom.2012.01.016","volume":"35","author":"P Casas","year":"2012","unstructured":"Casas P, Mazel J, Owezarski P (2012) Unsupervised network intrusion detection systems: detecting the unknown without knowledge. Comput Commun 35(7):772\u2013783. https:\/\/doi.org\/10.1016\/j.comcom.2012.01.016","journal-title":"Comput Commun"},{"key":"2237_CR6","doi-asserted-by":"publisher","first-page":"126646","DOI":"10.1109\/ACCESS.2021.3111053","volume":"9","author":"V Christopher","year":"2021","unstructured":"Christopher V, Aathman T, Mahendrakumaran K, Nawaratne R, De Silva D, Nanayakkara V, Alahakoon D (2021) Minority resampling boosted unsupervised learning with hyperdimensional computing for threat detection at the edge of internet of things. IEEE Access 9:126646\u2013126657","journal-title":"IEEE Access"},{"key":"2237_CR7","unstructured":"Daniel W (1999) Biostatistics: a foundation for analysis in the health sciences. In: 7th ed. wiley. New York 141(2)"},{"key":"2237_CR8","unstructured":"Dean T, Stockdale J (2017) Anomaly alert system for cyber threat detection. In: U.S. Patent No. US20170230392A1. https:\/\/patents.google.com\/patent\/US20170230392A1\/en"},{"key":"2237_CR9","doi-asserted-by":"publisher","unstructured":"Dixit P, Kohli R, Acevedo-Duque A, Gonzalez-Diaz RR, Jhaveri RH (2021) Comparing and analyzing applications of intelligent techniques in cyberattack detection. Security and Communication Networks 2021. https:\/\/doi.org\/10.1155\/2021\/5561816","DOI":"10.1155\/2021\/5561816"},{"key":"2237_CR10","doi-asserted-by":"crossref","unstructured":"Dlamini G, Galieva R, Fahim M (2019) A lightweight deep autoencoder-based approach for unsupervised anomaly detection. In: 2019 IEEE\/ACS 16th International Conference on Computer Systems and Applications (AICCSA), 1\u20135","DOI":"10.1109\/AICCSA47632.2019.9035217"},{"key":"2237_CR11","doi-asserted-by":"publisher","unstructured":"Eltanbouly S, Bashendy M, AlNaimi N, Chkirbene Z, Erbad A (2020) Machine learning techniques for network anomaly detection: a survey. In: 2020 IEEE International Conference on Informatics, IoT, and Enabling Technologies (ICIoT), 156\u2013162. https:\/\/doi.org\/10.1109\/ICIoT48696.2020.9089465","DOI":"10.1109\/ICIoT48696.2020.9089465"},{"key":"2237_CR12","first-page":"1","volume":"1","author":"D Evans","year":"2011","unstructured":"Evans D (2011) The internet of things: how the next evolution of the internet is changing everything. CISCO White Paper 1:1\u201311","journal-title":"CISCO White Paper"},{"key":"2237_CR13","unstructured":"Fan X, Yue Y, Sarkar P, Wang YR (2020) On hyperparameter tuning in general clustering problemsm. In: International Conference on Machine Learning, 2996\u20133007"},{"issue":"6","key":"2237_CR14","doi-asserted-by":"publisher","DOI":"10.1002\/env.2744","volume":"33","author":"P Gamet","year":"2022","unstructured":"Gamet P, Jalbert J (2022) A flexible extended generalized pareto distribution for tail estimation. Environmetrics 33(6):e2744","journal-title":"Environmetrics"},{"key":"2237_CR15","doi-asserted-by":"publisher","unstructured":"Goh J, Adepu S, Tan M, Lee ZS (2017) Anomaly detection in cyber physical systems using recurrent neural networks. In: 2017 IEEE 18th International Symposium on High Assurance Systems Engineering (HASE), 140\u2013145. https:\/\/doi.org\/10.1109\/HASE.2017.36","DOI":"10.1109\/HASE.2017.36"},{"key":"2237_CR16","doi-asserted-by":"publisher","unstructured":"Ibrahimi K, Benaddi H (2022) Improving the ids for bot-iot dataset-based machine learning classifiers. In: 2022 5th International Conference on Advanced Communication Technologies and Networking (CommNet), 1\u20136. https:\/\/doi.org\/10.1109\/CommNet56067.2022.9993869","DOI":"10.1109\/CommNet56067.2022.9993869"},{"key":"2237_CR17","doi-asserted-by":"publisher","first-page":"779","DOI":"10.1016\/j.future.2019.05.041","volume":"100","author":"N Koroniotis","year":"2019","unstructured":"Koroniotis N, Moustafa N, Sitnikova E, Turnbull B (2019) Towards the development of realistic botnet dataset in the internet of things for network forensic analytics: Bot-iot dataset. Fut Gen Comput Syst 100:779\u2013796","journal-title":"Fut Gen Comput Syst"},{"issue":"3","key":"2237_CR18","doi-asserted-by":"publisher","first-page":"607","DOI":"10.1177\/001316447003000308","volume":"30","author":"RV Krejcie","year":"1970","unstructured":"Krejcie RV, Morgan DW (1970) Determining sample size for research activities. Educat Psychol Measur 30(3):607\u2013610","journal-title":"Educat Psychol Measur"},{"key":"2237_CR19","doi-asserted-by":"publisher","first-page":"217","DOI":"10.1109\/ICRIS.2017.61","volume":"2017","author":"Y Lei","year":"2017","unstructured":"Lei Y (2017) Network anomaly traffic detection algorithm based on svm. Int Conf Robots Intell Syst (ICRIS) 2017:217\u2013220. https:\/\/doi.org\/10.1109\/ICRIS.2017.61","journal-title":"Int Conf Robots Intell Syst (ICRIS)"},{"key":"2237_CR20","doi-asserted-by":"publisher","first-page":"458","DOI":"10.1109\/IPTC.2010.94","volume":"2010","author":"H Li","year":"2010","unstructured":"Li H (2010) Research and implementation of an anomaly detection model based on clustering analysis. Int Symp Intell Inform Process Trust Comput 2010:458\u2013462. https:\/\/doi.org\/10.1109\/IPTC.2010.94","journal-title":"Int Symp Intell Inform Process Trust Comput"},{"key":"2237_CR21","first-page":"81","volume":"2021","author":"J Liao","year":"2021","unstructured":"Liao J, Teo SG, Kundu PP, Truong-Huu T (2021) Enad: an ensemble framework for unsupervised network anomaly detection. IEEE Int Conf Cyber Secur Resili (CSR) 2021:81\u201388","journal-title":"IEEE Int Conf Cyber Secur Resili (CSR)"},{"key":"2237_CR22","doi-asserted-by":"publisher","first-page":"4396","DOI":"10.3390\/APP9204396","volume":"9","author":"H Liu","year":"2019","unstructured":"Liu H, Lang B (2019) Machine learning and deep learning methods for intrusion detection systems: a survey. Appl Sci 9:4396. https:\/\/doi.org\/10.3390\/APP9204396","journal-title":"Appl Sci"},{"key":"2237_CR23","doi-asserted-by":"publisher","DOI":"10.1016\/j.knosys.2021.107852","volume":"238","author":"Q Liu","year":"2022","unstructured":"Liu Q, Wang D, Jia Y, Luo S, Wang C (2022) A multi-task based deep learning approach for intrusion detection. Knowl Based Syst 238:107852. https:\/\/doi.org\/10.1016\/j.knosys.2021.107852","journal-title":"Knowl Based Syst"},{"key":"2237_CR24","doi-asserted-by":"crossref","unstructured":"Moustafa N, Slay J (2015) Unsw-nb15: a comprehensive data set for network intrusion detection systems (unsw-nb15 network data set). In: 2015 military communications and information systems conference (MilCIS), 1\u20136","DOI":"10.1109\/MilCIS.2015.7348942"},{"key":"2237_CR25","first-page":"9","volume":"7","author":"G M\u00fcnz","year":"2007","unstructured":"M\u00fcnz G, Li S, Carle G (2007) Traffic anomaly detection using k-means clustering. GI\/ITG Workshop MMBnet 7:9","journal-title":"GI\/ITG Workshop MMBnet"},{"key":"2237_CR26","doi-asserted-by":"publisher","unstructured":"Niu X, Wang L, Yang X (2019) A comparison study of credit card fraud detection: supervised versus unsupervised. https:\/\/doi.org\/10.48550\/ARXIV.1904.10604","DOI":"10.48550\/ARXIV.1904.10604"},{"key":"2237_CR27","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1155\/2018\/4680867","volume":"2018","author":"K Peng","year":"2018","unstructured":"Peng K, Leung VCM, Zheng L, Wang S, Huang C, Lin T (2018) Intrusion detection system based on decision tree over big data in fog environment. Wirel Commun Mob Comput 2018:1\u201310. https:\/\/doi.org\/10.1155\/2018\/4680867","journal-title":"Wirel Commun Mob Comput"},{"key":"2237_CR28","unstructured":"Purohit H, Tanabe R, Endo T, Suefusa K, Nikaido Y, Kawaguchi Y (2020) Deep autoencoding gmm-based unsupervised anomaly detection in acoustic signals and its hyper-parameter optimization. arXiv preprint arXiv:2009.12042"},{"key":"2237_CR29","doi-asserted-by":"publisher","first-page":"76","DOI":"10.1109\/MDAT.2016.2526612","volume":"33","author":"S Ray","year":"2016","unstructured":"Ray S, Jin Y, Raychowdhury A (2016) The changing computing paradigm with internet of things: a tutorial introduction. IEEE Design Test 33:76\u201396. https:\/\/doi.org\/10.1109\/MDAT.2016.2526612","journal-title":"IEEE Design Test"},{"issue":"8","key":"2237_CR30","doi-asserted-by":"publisher","first-page":"2661","DOI":"10.1016\/j.adhoc.2013.04.014","volume":"11","author":"S Raza","year":"2013","unstructured":"Raza S, Wallgren L, Voigt T (2013) Svelte: real-time intrusion detection in the internet of things. Ad Hoc Netw 11(8):2661\u20132674. https:\/\/doi.org\/10.1016\/j.adhoc.2013.04.014","journal-title":"Ad Hoc Netw"},{"issue":"21","key":"2237_CR31","doi-asserted-by":"publisher","first-page":"4043","DOI":"10.3390\/math10214043","volume":"10","author":"C S\u00e1nchez-Zas","year":"2022","unstructured":"S\u00e1nchez-Zas C, Larriva-Novo X, Villagr\u00e1 VA, Rodrigo MS, Moreno JI (2022) Design and evaluation of unsupervised machine learning models for anomaly detection in streaming cybersecurity logs. Mathematics 10(21):4043. https:\/\/doi.org\/10.3390\/math10214043","journal-title":"Mathematics"},{"key":"2237_CR32","doi-asserted-by":"crossref","unstructured":"Segurola-Gil L, Zola F, Echeberria-Barrio X, Orduna-Urrutia R (2021) Nbcoded: network attack classifiers based on encoder and naive bayes model for resource limited devices. Joint Eur Conf Mach Learn Knowl Discov Datab: 55\u201370","DOI":"10.1007\/978-3-030-93733-1_4"},{"issue":"5","key":"2237_CR33","doi-asserted-by":"publisher","first-page":"3242","DOI":"10.1109\/JIOT.2020.3002255","volume":"8","author":"M Shafiq","year":"2020","unstructured":"Shafiq M, Tian Z, Bashir AK, Du X, Guizani M (2020) Corrauc: a malicious bot-iot traffic detection method in iot network using machine-learning techniques. IEEE Internet Things J 8(5):3242\u20133254","journal-title":"IEEE Internet Things J"},{"key":"2237_CR34","doi-asserted-by":"publisher","first-page":"65579","DOI":"10.1109\/ACCESS.2019.2916648","volume":"7","author":"M Usama","year":"2019","unstructured":"Usama M, Qadir J, Raza A, Arif H, Yau K-LA, Elkhatib Y, Hussain A, Al-Fuqaha A (2019) Unsupervised machine learning for networking: techniques, applications and research challenges. IEEE Access 7:65579\u201365615","journal-title":"IEEE Access"},{"issue":"2","key":"2237_CR35","doi-asserted-by":"publisher","first-page":"438","DOI":"10.1016\/j.patcog.2014.08.006","volume":"48","author":"P Zhu","year":"2015","unstructured":"Zhu P, Zuo W, Zhang L, Hu Q, Shiu SC (2015) Unsupervised feature selection by regularized self-representation. Pattern Recogn 48(2):438\u2013446","journal-title":"Pattern Recogn"},{"key":"2237_CR36","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2022.102632","volume":"115","author":"F Zola","year":"2022","unstructured":"Zola F, Segurola-Gil L, Bruse JL, Galar M, Orduna-Urrutia R (2022) Network traffic analysis through node behaviour classification: a graph-based approach with temporal dissection and data-level preprocessing. Comput Secur 115:102632","journal-title":"Comput Secur"}],"updated-by":[{"DOI":"10.1007\/s13042-025-02592-2","type":"correction","label":"Correction","source":"publisher","updated":{"date-parts":[[2025,3,7]],"date-time":"2025-03-07T00:00:00Z","timestamp":1741305600000}}],"container-title":["International Journal of Machine Learning and Cybernetics"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s13042-024-02237-w.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s13042-024-02237-w\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s13042-024-02237-w.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,3,7]],"date-time":"2025-03-07T03:39:51Z","timestamp":1741318791000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s13042-024-02237-w"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,6,17]]},"references-count":36,"journal-issue":{"issue":"11","published-print":{"date-parts":[[2024,11]]}},"alternative-id":["2237"],"URL":"https:\/\/doi.org\/10.1007\/s13042-024-02237-w","relation":{},"ISSN":["1868-8071","1868-808X"],"issn-type":[{"value":"1868-8071","type":"print"},{"value":"1868-808X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,6,17]]},"assertion":[{"value":"16 August 2023","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"3 June 2024","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"17 June 2024","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"7 March 2025","order":4,"name":"change_date","label":"Change Date","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"Correction","order":5,"name":"change_type","label":"Change Type","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"A Correction to this paper has been published:","order":6,"name":"change_details","label":"Change Details","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"https:\/\/doi.org\/10.1007\/s13042-025-02592-2","URL":"https:\/\/doi.org\/10.1007\/s13042-025-02592-2","order":7,"name":"change_details","label":"Change Details","group":{"name":"ArticleHistory","label":"Article History"}}]}}