{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,31]],"date-time":"2026-01-31T02:03:04Z","timestamp":1769824984521,"version":"3.49.0"},"reference-count":78,"publisher":"Springer Science and Business Media LLC","issue":"6","license":[{"start":{"date-parts":[[2022,4,25]],"date-time":"2022-04-25T00:00:00Z","timestamp":1650844800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2022,4,25]],"date-time":"2022-04-25T00:00:00Z","timestamp":1650844800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Complex Intell. Syst."],"published-print":{"date-parts":[[2022,12]]},"abstract":"<jats:title>Abstract<\/jats:title><jats:p>Most defence mechanisms such as a network-based intrusion detection system (NIDS) are often sub-optimal for the detection of an unseen malicious pattern. In response, a number of studies attempt to empower a machine-learning-based NIDS to improve the ability to recognize adversarial attacks. Along this line of research, the present work focuses on non-payload connections at the TCP stack level, which is generalized and applicable to different network applications. As a compliment to the recently published investigation that searches for the most informative feature space for classifying obfuscated connections, the problem of class imbalance is examined herein. In particular, a multiple-clustering-based undersampling framework is proposed to determine the set of cluster centroids that best represent the majority class, whose size is reduced to be on par with that of the minority. Initially, a pool of centroids is created using the concept of ensemble clustering that aims to obtain a collection of accurate and diverse clusterings. From that, the final set of representatives is selected from this pool. Three different objective functions are formed for this optimization driven process, thus leading to three variants of FF-Majority, FF-Minority and FF-Overall. Based on the thorough evaluation of a published dataset, four classification models and different settings, these new methods often exhibit better predictive performance than its baseline, the single-clustering undersampling counterpart and state-of-the-art techniques. Parameter analysis and implication for analyzing an extreme case are also provided as a guideline for future applications.<\/jats:p>","DOI":"10.1007\/s40747-022-00739-0","type":"journal-article","created":{"date-parts":[[2022,4,25]],"date-time":"2022-04-25T05:02:57Z","timestamp":1650862977000},"page":"4863-4880","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":17,"title":["Strengthening intrusion detection system for adversarial attacks: improved handling of imbalance classification problem"],"prefix":"10.1007","volume":"8","author":[{"given":"Chutipon","family":"Pimsarn","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2874-1922","authenticated-orcid":false,"given":"Tossapon","family":"Boongoen","sequence":"additional","affiliation":[]},{"given":"Natthakan","family":"Iam-On","sequence":"additional","affiliation":[]},{"given":"Nitin","family":"Naik","sequence":"additional","affiliation":[]},{"given":"Longzhi","family":"Yang","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2022,4,25]]},"reference":[{"issue":"1","key":"739_CR1","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1109\/LSENS.2018.2879990","volume":"3","author":"R Abdulhammed","year":"2019","unstructured":"Abdulhammed R, Faezipour M, Abuzneid A, Abumallouh A (2019) Deep and machine learning approaches for anomaly-based intrusion detection of imbalanced network traffic. IEEE Sens Lett 3(1):1\u20134","journal-title":"IEEE Sens Lett"},{"issue":"9601357","key":"739_CR2","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1155\/2018\/9601357","volume":"2018","author":"N Agarwal","year":"2018","unstructured":"Agarwal N, Hussain SZ (2018) A closer look at intrusion detection system for web applications. Secur Commun Netw 2018(9601357):1\u201327","journal-title":"Secur Commun Netw"},{"issue":"9","key":"739_CR3","doi-asserted-by":"publisher","first-page":"e3547","DOI":"10.1002\/dac.3547","volume":"31","author":"A Ahmim","year":"2018","unstructured":"Ahmim A, Derdour M, Ferrag M (2018) An intrusion detection system based on combining probability predictions of a tree of classifiers. Int J Commun Syst 31(9):e3547","journal-title":"Int J Commun Syst"},{"key":"739_CR4","doi-asserted-by":"publisher","first-page":"249","DOI":"10.1016\/j.eswa.2017.07.005","volume":"88","author":"Akashdeep","year":"2017","unstructured":"Akashdeep, Manzoor I, Kumar N (2017) A feature reduced intrusion detection system using ANN classifier. Expert Syst Appl 88:249\u2013257","journal-title":"Expert Syst Appl"},{"key":"739_CR5","doi-asserted-by":"publisher","unstructured":"Alazab M, MSPR, MP, Reddy P, Gadekallu TR, Pham QV (2022) Federated learning for cybersecurity: Concepts, challenges and future directions. IEEE Trans Ind Inf. https:\/\/doi.org\/10.1109\/TII.2021.3119038","DOI":"10.1109\/TII.2021.3119038"},{"issue":"1","key":"739_CR6","doi-asserted-by":"publisher","first-page":"76","DOI":"10.1109\/MWC.2018.1700231","volume":"25","author":"C Alcaraz","year":"2018","unstructured":"Alcaraz C (2018) Cloud-assisted dynamic resilience for cyber-physical control systems. IEEE Wirel Commun 25(1):76\u201382","journal-title":"IEEE Wirel Commun"},{"issue":"1","key":"739_CR7","doi-asserted-by":"publisher","first-page":"560","DOI":"10.2991\/ijcis.d.210105.001","volume":"14","author":"M Aljanabi","year":"2021","unstructured":"Aljanabi M, Ismail MA, Ali AH (2021) Intrusion detection systems, issues, challenges, and needs. Int J Comput Intell Syst 14(1):560\u2013571","journal-title":"Int J Comput Intell Syst"},{"issue":"102717","key":"739_CR8","first-page":"1","volume":"58","author":"E Anthi","year":"2021","unstructured":"Anthi E, Williams L, Rhode M, Burnap P, Wedgbury A (2021) Adversarial attacks on machine learning cybersecurity defences in industrial control systems. J Inf Secur Appl 58(102717):1\u20139","journal-title":"J Inf Secur Appl"},{"key":"739_CR9","doi-asserted-by":"publisher","first-page":"81","DOI":"10.1016\/j.cose.2017.04.005","volume":"8","author":"Y Ashibani","year":"2017","unstructured":"Ashibani Y, Mahmoud QH (2017) Cyber physical systems security: Analysis, challenges and solutions. Computer Security 8:81\u201397","journal-title":"Computer Security"},{"issue":"2","key":"739_CR10","doi-asserted-by":"publisher","first-page":"121","DOI":"10.1007\/s10994-010-5188-5","volume":"81","author":"M Barreno","year":"2010","unstructured":"Barreno M, Nelson B, Joseph A, Tygar J (2010) The security of machine learning. Mach Learn 81(2):121\u2013148","journal-title":"Mach Learn"},{"key":"739_CR11","doi-asserted-by":"publisher","first-page":"529","DOI":"10.1016\/j.neucom.2014.07.064","volume":"150","author":"J Blaszczynski","year":"2015","unstructured":"Blaszczynski J, Stefanowski J (2015) Neighborhood sampling in bagging for imbalanced data. Neurocomputing 150:529\u2013542","journal-title":"Neurocomputing"},{"issue":"1","key":"739_CR12","doi-asserted-by":"publisher","first-page":"1993","DOI":"10.32604\/cmc.2022.019776","volume":"70","author":"T Boongoen","year":"2022","unstructured":"Boongoen T, Iam-On N (2022) Using link-based consensus clustering for mixed-type data analysis. CMC 70(1):1993\u20132011","journal-title":"CMC"},{"issue":"6","key":"739_CR13","doi-asserted-by":"publisher","first-page":"1705","DOI":"10.1109\/TSMCB.2011.2160341","volume":"41","author":"T Boongoen","year":"2011","unstructured":"Boongoen T, Shang C, Iam-On N, Shen Q (2011) Extending data reliability measure to a filter approach for soft subspace clustering. IEEE Transactions on Systems, Man and Cybernetics, Part B 41(6):1705\u20131714","journal-title":"IEEE Transactions on Systems, Man and Cybernetics, Part B"},{"key":"739_CR14","doi-asserted-by":"crossref","unstructured":"Chandra A, Khatri SK, Simon R (2019) Filter-based attribute selection approach for intrusion detection using k-means clustering and sequential minimal optimization technique. In: Proceedings of Amity International Conference on Artificial Intelligence, pp. 740\u2013745","DOI":"10.1109\/AICAI.2019.8701373"},{"key":"739_CR15","doi-asserted-by":"publisher","first-page":"321","DOI":"10.1613\/jair.953","volume":"16","author":"N Chawla","year":"2002","unstructured":"Chawla N, Bowyer K, Hall L, Kegelmeyer W (2002) SMOTE: synthetic minority over-sampling technique. Journal of Artificial Intelligence Research 16:321\u2013357","journal-title":"Journal of Artificial Intelligence Research"},{"key":"739_CR16","doi-asserted-by":"publisher","first-page":"201","DOI":"10.1016\/j.ins.2013.03.022","volume":"239","author":"I Corona","year":"2013","unstructured":"Corona I, Giacinto G, Roli F (2013) Adversarial attacks against intrusion detection systems: Taxonomy, solutions and open issues. Inf Sci 239:201\u2013225","journal-title":"Inf Sci"},{"key":"739_CR17","doi-asserted-by":"publisher","first-page":"147","DOI":"10.1016\/j.comnet.2019.01.023","volume":"151","author":"C Dka","year":"2019","unstructured":"Dka C, Papa J, Lisboa C, Munoz R, Dvhc A (2019) Internet of things: a survey on machine learning-based intrusion detection approaches. Comput Networks 151:147\u2013157","journal-title":"Comput Networks"},{"issue":"1","key":"739_CR18","doi-asserted-by":"publisher","first-page":"83","DOI":"10.52866\/ijcsm.2022.01.01.009","volume":"3","author":"BI Farhan","year":"2022","unstructured":"Farhan BI, Jasim AD (2022) A survey of intrusion detection using deep learning in internet of things. Iraqi Journal For Computer Science and Mathematics 3(1):83\u201393","journal-title":"Iraqi Journal For Computer Science and Mathematics"},{"key":"739_CR19","doi-asserted-by":"publisher","first-page":"213","DOI":"10.1016\/j.procs.2016.06.047","volume":"89","author":"N Farnaaz","year":"2016","unstructured":"Farnaaz N, Jabbar MA (2016) Random forest modeling for network intrusion detection system. Procedia Computer Science 89:213\u2013217","journal-title":"Procedia Computer Science"},{"key":"739_CR20","doi-asserted-by":"publisher","first-page":"4062","DOI":"10.1016\/j.eswa.2014.12.040","volume":"42","author":"JM Fossaceca","year":"2015","unstructured":"Fossaceca JM, Mazzuchi TA, Sarkani S (2015) MARK-ELM: application of a novel multiple kernel learning framework for improving the robustness of network intrusion detection. Expert Syst Appl 42:4062\u20134080","journal-title":"Expert Syst Appl"},{"issue":"4","key":"739_CR21","doi-asserted-by":"publisher","first-page":"253","DOI":"10.1080\/08839511003715154","volume":"24","author":"X Fu","year":"2010","unstructured":"Fu X, Boongoen T, Shen Q (2010) Evidence directed generation of plausible crime scenarios with identity resolution. Appl Artif Intell 24(4):253\u2013276","journal-title":"Appl Artif Intell"},{"issue":"4","key":"739_CR22","doi-asserted-by":"publisher","first-page":"11","DOI":"10.1016\/j.eng.2019.07.001","volume":"5","author":"L Gao","year":"2019","unstructured":"Gao L, Shen W, Li X (2019) New trends in intelligent manufacturing. Engineering 5(4):11\u201320","journal-title":"Engineering"},{"key":"739_CR23","doi-asserted-by":"publisher","first-page":"82512","DOI":"10.1109\/ACCESS.2019.2923640","volume":"7","author":"X Gao","year":"2019","unstructured":"Gao X, Shan C, Hu C, Niu Z, Liu Z (2019) An adaptive ensemble machine learning model for intrusion detection. IEEE Access 7:82512\u201382521","journal-title":"IEEE Access"},{"key":"739_CR24","doi-asserted-by":"publisher","first-page":"391","DOI":"10.1016\/j.neucom.2016.06.021","volume":"214","author":"C Guo","year":"2016","unstructured":"Guo C, Ping Y, Liu N, Luo S (2016) A two-level hybrid approach for intrusion detection. Neurocomputing 214:391\u2013400","journal-title":"Neurocomputing"},{"issue":"21","key":"739_CR25","doi-asserted-by":"publisher","first-page":"4174","DOI":"10.3390\/en12214174","volume":"12","author":"K Haseeb","year":"2019","unstructured":"Haseeb K, Almogren A, Islam N, Ud-Din I, Jan Z (2019) An energy-efficient and secure routing protocol for intrusion avoidance in iot-based wsn. Energies 12(21):4174","journal-title":"Energies"},{"key":"739_CR26","doi-asserted-by":"crossref","unstructured":"Homoliak I, Barabas M, Chmelar P, Drozd M, Hanacek P (2013) ASNM: Advanced security network metrics for attack vector description. In: Conference on Security and Management, pp. 350\u2013358","DOI":"10.1016\/B978-0-12-411474-6.00012-8"},{"key":"739_CR27","doi-asserted-by":"publisher","first-page":"112427","DOI":"10.1109\/ACCESS.2020.3001768","volume":"8","author":"I Homoliak","year":"2020","unstructured":"Homoliak I, Malinka K, Hanacek P (2020) ASNM Datasets: A collection of network attacks for testing of adversarial classifiers and intrusion detectors. IEEE Access 8:112427\u2013112453","journal-title":"IEEE Access"},{"key":"739_CR28","doi-asserted-by":"crossref","unstructured":"Homoliak I, Ovsonka D, Gregr M, Hanacek P (2014) NBA of obfuscated network vulnerabilities exploitation hidden into HTTPS traffic. In: International Conference for Internet Technology and Secured Transactions, pp. 311\u2013318","DOI":"10.1109\/ICITST.2014.7038827"},{"key":"739_CR29","doi-asserted-by":"crossref","unstructured":"Homoliak I, Teknos M, Barabas M, Hanacek P (2016) Exploitation of netem utility for non-payload-based obfuscation techniques improving network anomaly detection. In: International Conference on Security and Privacy in Communication Systems, pp. 770\u2013773","DOI":"10.1007\/978-3-319-59608-2_48"},{"issue":"17","key":"739_CR30","volume":"5","author":"I Homoliak","year":"2018","unstructured":"Homoliak I, Teknos M, Ochoa M, Breitenbacher D, Hosseini S, Hanacek P (2018) Improving network intrusion detection classifiers by non-payload-based exploit-independent obfuscations: An adversarial approach. EAI Endorsed Transactions on Security and Safety 5(17):e4","journal-title":"EAI Endorsed Transactions on Security and Safety"},{"issue":"3","key":"739_CR31","doi-asserted-by":"publisher","first-page":"491","DOI":"10.1007\/s13042-019-00989-4","volume":"11","author":"N Iam-On","year":"2020","unstructured":"Iam-On N (2020) Clustering data with the presence of attribute noise: a study of noise completely at random and ensemble of multiple k-means clusterings. Int J Mach Learn Cybern 11(3):491\u2013509","journal-title":"Int J Mach Learn Cybern"},{"issue":"21","key":"739_CR32","doi-asserted-by":"publisher","first-page":"8259","DOI":"10.1016\/j.eswa.2015.06.051","volume":"42","author":"N Iam-On","year":"2015","unstructured":"Iam-On N, Boongoen T (2015) Diversity-driven generation of link-based cluster ensemble and application to data classification. Expert Syst Appl 42(21):8259\u20138273","journal-title":"Expert Syst Appl"},{"issue":"12","key":"739_CR33","doi-asserted-by":"publisher","first-page":"2396","DOI":"10.1109\/TPAMI.2011.84","volume":"33","author":"N Iam-On","year":"2011","unstructured":"Iam-On N, Boongoen T, Garrett S, Price C (2011) A link-based approach to the cluster ensemble problem. IEEE Trans Pattern Anal Mach Intell 33(12):2396\u20132409","journal-title":"IEEE Trans Pattern Anal Mach Intell"},{"issue":"2","key":"739_CR34","doi-asserted-by":"publisher","first-page":"497","DOI":"10.1007\/s13042-015-0341-x","volume":"8","author":"N Iam-On","year":"2017","unstructured":"Iam-On N, Boongoen T (2017) Improved student dropout prediction in thai university using ensemble of mixed-type data clusterings. Int J Mach Learn Cybern 8(2):497\u2013510","journal-title":"Int J Mach Learn Cybern"},{"issue":"1","key":"739_CR35","doi-asserted-by":"publisher","first-page":"53","DOI":"10.1016\/j.eng.2018.01.004","volume":"4","author":"Y Jia","year":"2018","unstructured":"Jia Y, Qi Y, Shang H, Jiang R, Li A (2018) A practical approach to constructing a knowledge graph for cybersecurity. Engineering 4(1):53\u201360","journal-title":"Engineering"},{"key":"739_CR36","doi-asserted-by":"publisher","first-page":"32150","DOI":"10.1109\/ACCESS.2020.2973219","volume":"8","author":"G Karatas","year":"2020","unstructured":"Karatas G, Demir O, Sahingoz O (2020) Increasing the performance of machine learning-based idss on an imbalanced and up-to-date dataset. IEEE Access 8:32150\u201332162","journal-title":"IEEE Access"},{"issue":"2","key":"739_CR37","doi-asserted-by":"publisher","DOI":"10.1016\/j.ipm.2022.102881","volume":"59","author":"P Keerin","year":"2022","unstructured":"Keerin P, Boongoen T (2022) Estimation of missing values in astronomical survey data: An improved local approach using cluster directed neighbor selection. Inf Process Manage 59(2):102881","journal-title":"Inf Process Manage"},{"issue":"2","key":"739_CR38","doi-asserted-by":"publisher","first-page":"4009","DOI":"10.32604\/cmc.2022.020261","volume":"70","author":"P Keerin","year":"2022","unstructured":"Keerin P, Boongoen T (2022) Improved knn imputation for missing values in gene expression data. CMC-Computers, Materials and Continua 70(2):4009\u20134025","journal-title":"CMC-Computers, Materials and Continua"},{"key":"739_CR39","doi-asserted-by":"crossref","unstructured":"Kravchik M, Shabtai A (2018) Detecting cyber attacks in industrial control systems using convolutional neural networks. In: ACM International Workshop on Cyber-Physical Systems Security and Privacy, pp. 72\u201383","DOI":"10.1145\/3264888.3264896"},{"key":"739_CR40","doi-asserted-by":"publisher","first-page":"231","DOI":"10.1007\/s13748-016-0094-0","volume":"5","author":"B Krawczyk","year":"2016","unstructured":"Krawczyk B (2016) Learning from imbalanced data: open challenges and future directions. Progress in Artificial Intelligence 5:231\u2013232","journal-title":"Progress in Artificial Intelligence"},{"key":"739_CR41","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.inffus.2018.09.013","volume":"49","author":"DP Kumar","year":"2019","unstructured":"Kumar DP, Amgoth T, Annavarapu CSR (2019) Machine learning algorithms for wireless sensor networks: A survey. Information Fusion 49:1\u201325","journal-title":"Information Fusion"},{"issue":"2","key":"739_CR42","doi-asserted-by":"publisher","first-page":"1456","DOI":"10.1109\/TNSE.2021.3059881","volume":"8","author":"DP Kumar","year":"2021","unstructured":"Kumar DP, Amgoth T, Annavarapu CSR (2021) CANintelliIDS: Detecting In-Vehicle Intrusion Attacks on a Controller Area Network Using CNN and Attention-Based GRU. IEEE Transactions on Network Science and Engineering 8(2):1456\u20131466","journal-title":"IEEE Transactions on Network Science and Engineering"},{"issue":"7","key":"739_CR43","doi-asserted-by":"publisher","first-page":"1460","DOI":"10.1109\/TKDE.2012.99","volume":"25","author":"YJ Lee","year":"2013","unstructured":"Lee YJ, Yeh YR, Wang YCF (2013) Anomaly detection via online oversampling principal component analysis. IEEE Trans Knowl Data Eng 25(7):1460\u20131470","journal-title":"IEEE Trans Knowl Data Eng"},{"key":"739_CR44","doi-asserted-by":"crossref","unstructured":"Li J, Qu Y, Chao F, Shum H, Ho E, Yang L (2019) Machine learning algorithms for network intrusion detection. In: AI in Cybersecurity, pp. 151\u2013179. NY: Springer","DOI":"10.1007\/978-3-319-98842-9_6"},{"issue":"5","key":"739_CR45","doi-asserted-by":"publisher","first-page":"950","DOI":"10.1109\/TKDE.2017.2779849","volume":"30","author":"CT Lin","year":"2018","unstructured":"Lin CT et al (2018) Minority oversampling in kernel adaptive subspaces for class imbalanced datasets. IEEE Trans Knowl Data Eng 30(5):950\u2013962","journal-title":"IEEE Trans Knowl Data Eng"},{"key":"739_CR46","doi-asserted-by":"publisher","first-page":"17","DOI":"10.1016\/j.ins.2017.05.008","volume":"409\u2013410","author":"WC Lin","year":"2017","unstructured":"Lin WC, Tsai CF, Hu YH, Jhang JS (2017) Clustering-based undersampling in class-imbalanced data. Inf Sci 409\u2013410:17\u201326","journal-title":"Inf Sci"},{"key":"739_CR47","doi-asserted-by":"crossref","unstructured":"Ma W (2020) Analysis of anomaly detection method for internet of things based on deep learning. Transactions on Emerging Telecommunications Technologies p. e3893","DOI":"10.1002\/ett.3893"},{"issue":"4","key":"739_CR48","doi-asserted-by":"publisher","first-page":"541","DOI":"10.1016\/j.jksuci.2018.03.011","volume":"31","author":"M Mazini","year":"2019","unstructured":"Mazini M, Shirazi B, Mahdavi I (2019) Anomaly network-based intrusion detection system using a reliable hybrid artificial bee colony and adaboost algorithms. Journal of King Saud University - Computer and Information Sciences 31(4):541\u2013553","journal-title":"Journal of King Saud University - Computer and Information Sciences"},{"issue":"4","key":"739_CR49","doi-asserted-by":"publisher","first-page":"2451","DOI":"10.1109\/TNSM.2020.3016246","volume":"17","author":"B Molina-Coronado","year":"2020","unstructured":"Molina-Coronado B, Mori U, Mendiburu A, Miguel-Alonso J (2020) Survey of network intrusion detection methods from the perspective of the knowledge discovery in databases process. IEEE Trans Netw Serv Manage 17(4):2451\u20132479","journal-title":"IEEE Trans Netw Serv Manage"},{"key":"739_CR50","volume":"37","author":"N Naik","year":"2021","unstructured":"Naik N, Jenkins P, Savage N, Yang L, Boongoen T, Iam-On N (2021) Fuzzy-import hashing: A static analysis technique for malware detection. Forensic Science International: Digital Investigation 37:301139","journal-title":"Forensic Science International: Digital Investigation"},{"key":"739_CR51","doi-asserted-by":"publisher","first-page":"687","DOI":"10.1007\/s40747-020-00233-5","volume":"7","author":"N Naik","year":"2021","unstructured":"Naik N, Jenkins P, Savage N, Yang L, Boongoen T, Iam-On N, Naik K, Song J (2021) Embedded YARA rules: strengthening YARA rules utilising fuzzy hashing and fuzzy rules for malware analysis. Complex and Intelligent Systems 7:687\u2013702","journal-title":"Complex and Intelligent Systems"},{"issue":"1","key":"739_CR52","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1186\/s40537-014-0007-7","volume":"2","author":"M Najafabadi","year":"2015","unstructured":"Najafabadi M, Villanustre F, Khoshgoftaar T, Seliya N, Wald R, Muharemagic E (2015) Deep learning applications and challenges in big data analytics. Journal of Big Data 2(1):1","journal-title":"Journal of Big Data"},{"key":"739_CR53","doi-asserted-by":"publisher","first-page":"48","DOI":"10.1016\/j.neucom.2015.01.068","volume":"158","author":"L Nanni","year":"2015","unstructured":"Nanni L, Fantozzi C, Lazzarini N (2015) Coupling different methods for overcoming the class imbalance problem. Neurocomputing 158:48\u201361","journal-title":"Neurocomputing"},{"key":"739_CR54","doi-asserted-by":"publisher","first-page":"113","DOI":"10.1016\/j.eswa.2019.113138","volume":"146","author":"P Panwong","year":"2020","unstructured":"Panwong P, Boongoen T, Iam-On N (2020) Improving consensus clustering with noise-induced ensemble generation. Expert Syst Appl 146:113\u2013138","journal-title":"Expert Syst Appl"},{"issue":"6","key":"739_CR55","first-page":"20","volume":"7","author":"MR Parsaei","year":"2016","unstructured":"Parsaei MR, Rostami SM, Javidan R (2016) A hybrid data mining approach for intrusion detection on imbalanced nsl-kdd dataset. Int J Adv Comput Sci Appl 7(6):20\u201325","journal-title":"Int J Adv Comput Sci Appl"},{"issue":"5990999","key":"739_CR56","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1155\/2021\/5990999","volume":"2021","author":"S Pervaiz","year":"2021","unstructured":"Pervaiz S, Ul-Qayyum Z, Bangyal WH, Gao L, Ahmad J (2021) A systematic literature review on particle swarm optimization techniques for medical diseases detection. Comput Math Methods Med 2021(5990999):1\u201310","journal-title":"Comput Math Methods Med"},{"key":"739_CR57","doi-asserted-by":"publisher","first-page":"740","DOI":"10.1109\/TIFS.2020.3017925","volume":"16","author":"F Pierazzi","year":"2020","unstructured":"Pierazzi F, Cristalli S, Bruschi D, Colajanni M, Marchetti M, Lanzi GA (2020) Glyph: Efficient ML-based detection of heap spraying attacks. IEEE Trans Inf Forensics Secur 16:740\u2013755","journal-title":"IEEE Trans Inf Forensics Secur"},{"key":"739_CR58","doi-asserted-by":"crossref","unstructured":"Prasad R, Rohokale V (2020) Artificial intelligence and machine learning in cyber security. In: Cyber Security: The Lifeline of Information and Communication Technology, pp. 231\u2013247. NY: Springer","DOI":"10.1007\/978-3-030-31703-4_16"},{"key":"739_CR59","doi-asserted-by":"crossref","unstructured":"Rubin S, Jha S, Miller B (2004) Automatic generation and analysis of NIDS attacks. In: Annual Computer Security Applications Conference, pp. 28\u201338","DOI":"10.1109\/CSAC.2004.9"},{"issue":"1","key":"739_CR60","doi-asserted-by":"publisher","first-page":"185","DOI":"10.1109\/TSMCA.2009.2029559","volume":"40","author":"C Seiffert","year":"2010","unstructured":"Seiffert C, Khoshgoftaar T, Hulse JV, Napolitano A (2010) Rusboost: a hybrid approach to alleviating class imbalance. IEEE Transactions on System, Man and Cybernertics, Part A 40(1):185\u2013197","journal-title":"IEEE Transactions on System, Man and Cybernertics, Part A"},{"issue":"1","key":"739_CR61","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3158346","volume":"May","author":"TS Sethi","year":"2018","unstructured":"Sethi TS, Kantardzic M (2018) When good machine learning leads to bad security. Ubiquity May(1):1\u201314","journal-title":"Ubiquity"},{"key":"739_CR62","doi-asserted-by":"publisher","DOI":"10.1016\/j.micpro.2021.104293","volume":"85","author":"NV Sharma","year":"2021","unstructured":"Sharma NV, Yadav NS (2021) An optimal intrusion detection system using recursive feature elimination and ensemble of classifiers. Microprocess Microsyst 85:104293","journal-title":"Microprocess Microsyst"},{"issue":"4","key":"739_CR63","doi-asserted-by":"publisher","first-page":"526","DOI":"10.1093\/comjnl\/bxx101","volume":"61","author":"Y Shen","year":"2018","unstructured":"Shen Y, Zheng K, Wu C, Zhang M, Niu X, Yang Y (2018) An ensemble method based on selection using bat algorithm for intrusion detection. Comput J 61(4):526\u2013538","journal-title":"Comput J"},{"issue":"1","key":"739_CR64","first-page":"1","volume":"7","author":"K Sriwanna","year":"2017","unstructured":"Sriwanna K, Boongoen T, Iam-On N (2017) Graph clustering-based discretization of splitting and merging methods (graphs and graphm). HCIS 7(1):1\u201339","journal-title":"HCIS"},{"key":"739_CR65","doi-asserted-by":"publisher","first-page":"1623","DOI":"10.1016\/j.patcog.2014.11.014","volume":"48","author":"Z Sun","year":"2015","unstructured":"Sun Z, Song Q, Zhu X, Sun H, Xu B, Zhou Y (2015) A novel ensemble method for classifying imbalanced data. Pattern Recogn 48:1623\u20131637","journal-title":"Pattern Recogn"},{"issue":"10","key":"739_CR66","doi-asserted-by":"publisher","first-page":"3738","DOI":"10.1016\/j.patcog.2012.03.014","volume":"45","author":"M Tahir","year":"2012","unstructured":"Tahir M, Kittler J, Yan F (2012) Inverse random under sampling for class imbalance problem and its application to multi-label classification. Pattern Recogn 45(10):3738\u20133750","journal-title":"Pattern Recogn"},{"key":"739_CR67","doi-asserted-by":"crossref","unstructured":"Tarter A (2017) Importance of cyber security. In: Community Policing-A European Perspective: Strategies, Best Practices and Guidelines, pp. 213\u2013230. NY: Springer","DOI":"10.1007\/978-3-319-53396-4_15"},{"issue":"8","key":"739_CR68","doi-asserted-by":"publisher","first-page":"76","DOI":"10.3390\/fi10080076","volume":"10","author":"MA Teixeira","year":"2018","unstructured":"Teixeira MA, Salman T, Zolanvari M, Jain R, Meskin N, Samaka M (2018) SCADA system testbed for cybersecurity research using machine learning approach. Future Internet 10(8):76","journal-title":"Future Internet"},{"key":"739_CR69","doi-asserted-by":"crossref","unstructured":"Tesfahunand A, Bhaskari DL (2013) Intrusion detection using random forests classifier with SMOTE and feature reduction. In: Proceedings of International Conference on Cloud Ubiquitous Computing and Emerging Technology, pp. 127\u2013132","DOI":"10.1109\/CUBE.2013.31"},{"key":"739_CR70","doi-asserted-by":"publisher","DOI":"10.1016\/j.ibmed.2020.100023","volume":"3\u20134","author":"VPK Turlapati","year":"2020","unstructured":"Turlapati VPK, Prusty MR (2020) Outlier-SMOTE: A refined oversampling technique for improved detection of COVID-19. Intelligence-Based Medicine 3\u20134:100023","journal-title":"Intelligence-Based Medicine"},{"issue":"2","key":"739_CR71","first-page":"97","volume":"15","author":"M Uddin","year":"2013","unstructured":"Uddin M, Rahman A, Uddin N, Memon J, Alsaqour R, Kazi S (2013) Signature-based multi-layer distributed intrusion detection system using mobile agents. International Journal of Network Security 15(2):97\u2013105","journal-title":"International Journal of Network Security"},{"key":"739_CR72","doi-asserted-by":"crossref","unstructured":"Vigna G, Robertson W, Balzarotti D (2004) Testing network-based intrusion detection signatures using mutant exploits. In: ACM conference on Computer and Communications Security, pp. 21\u201330","DOI":"10.1145\/1030083.1030088"},{"key":"739_CR73","doi-asserted-by":"publisher","first-page":"42","DOI":"10.1016\/j.jisa.2019.02.008","volume":"46","author":"D Wang","year":"2019","unstructured":"Wang D, abd Y, Zhang XW, Jin L (2019) Detection of power grid disturbances and cyber-attacks based on machine learning. Journal of Information Security and Applications 46:42\u201352","journal-title":"Journal of Information Security and Applications"},{"issue":"2","key":"739_CR74","doi-asserted-by":"publisher","first-page":"261","DOI":"10.1109\/TNET.2003.822645","volume":"12","author":"D Watson","year":"2004","unstructured":"Watson D, Smart M, Malan G, Jahanian F (2004) Protocol scrubbing: Network security through transparent flow modification. IEEE\/ACM Trans Networking 12(2):261\u2013273","journal-title":"IEEE\/ACM Trans Networking"},{"key":"739_CR75","first-page":"41238","volume":"6","author":"B Yan","year":"2018","unstructured":"Yan B, Han G (2018) Effective feature extraction via stacked sparse autoencoder to improve intrusion detection system. IEEE 6:41238\u201341248","journal-title":"IEEE"},{"issue":"2","key":"739_CR76","doi-asserted-by":"publisher","first-page":"1949","DOI":"10.1109\/JIOT.2018.2873125","volume":"6","author":"H Yao","year":"2018","unstructured":"Yao H, Fu D, Zhang P, Li M, Liu Y (2018) MSML: a novel multilevel semi-supervised machine learning framework for intrusion detection system. IEEE Internet Things J 6(2):1949\u20131959","journal-title":"IEEE Internet Things J"},{"key":"739_CR77","doi-asserted-by":"publisher","first-page":"6690","DOI":"10.1007\/s11227-019-03092-1","volume":"76","author":"C Yin","year":"2020","unstructured":"Yin C, Zhu Y, Liu S, Fei J, Zhang H (2020) Enhancing network intrusion detection classifiers using supervised adversarial training. Journal of Supercomputing 76:6690\u20136719","journal-title":"Journal of Supercomputing"},{"key":"739_CR78","doi-asserted-by":"crossref","unstructured":"You I, Yim K (2010) Malware obfuscation techniques: A brief survey. In: International Conference on Broadband and Wireless Computing, Communication and Applications, pp. 297\u2013300","DOI":"10.1109\/BWCCA.2010.85"}],"container-title":["Complex &amp; Intelligent Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s40747-022-00739-0.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s40747-022-00739-0\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s40747-022-00739-0.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,10,30]],"date-time":"2022-10-30T06:36:21Z","timestamp":1667111781000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s40747-022-00739-0"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,4,25]]},"references-count":78,"journal-issue":{"issue":"6","published-print":{"date-parts":[[2022,12]]}},"alternative-id":["739"],"URL":"https:\/\/doi.org\/10.1007\/s40747-022-00739-0","relation":{},"ISSN":["2199-4536","2198-6053"],"issn-type":[{"value":"2199-4536","type":"print"},{"value":"2198-6053","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,4,25]]},"assertion":[{"value":"3 August 2021","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"8 April 2022","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"25 April 2022","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare no conflict of interest.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}},{"value":"Chutipon Pimsarn: Data curation, Visualization, Investigation, Software, Writing - Original draft preparation Tossapon Boongoen: Conceptualization, Methodology, Validation, Writing - Original draft preparation, Supervision Natthakan Iam-On: Methodology, Validation, Writing - Reviewing and Editing, Supervision Nitin Naik: Writing - Reviewing and Editing Longzhi Yang: Writing - Reviewing and Editing","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"CRediT author statement"}}]}}