{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,27]],"date-time":"2026-02-27T17:28:39Z","timestamp":1772213319228,"version":"3.50.1"},"reference-count":18,"publisher":"Springer Science and Business Media LLC","issue":"9","license":[{"start":{"date-parts":[[2023,8,21]],"date-time":"2023-08-21T00:00:00Z","timestamp":1692576000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2023,8,21]],"date-time":"2023-08-21T00:00:00Z","timestamp":1692576000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"DOI":"10.13039\/501100003725","name":"National Research Foundation of Korea","doi-asserted-by":"crossref","award":["SPET\u2014PTDC\/EEI-EEE\/029165\/2017"],"award-info":[{"award-number":["SPET\u2014PTDC\/EEI-EEE\/029165\/2017"]}],"id":[{"id":"10.13039\/501100003725","id-type":"DOI","asserted-by":"crossref"}]},{"DOI":"10.13039\/501100003725","name":"National Research Foundation of Korea","doi-asserted-by":"crossref","award":["2020R1A6A1A12047945"],"award-info":[{"award-number":["2020R1A6A1A12047945"]}],"id":[{"id":"10.13039\/501100003725","id-type":"DOI","asserted-by":"crossref"}]},{"DOI":"10.13039\/501100003725","name":"National Research Foundation of Korea","doi-asserted-by":"crossref","award":["2021R1I1A3040361"],"award-info":[{"award-number":["2021R1I1A3040361"]}],"id":[{"id":"10.13039\/501100003725","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Multimed Tools Appl"],"abstract":"<jats:title>Abstract<\/jats:title><jats:p>Various studies have been conducted to detect network anomalies. However, because anomaly signals are determined by the pattern characteristics using the dataset, the real-time detection problem continues. Even if there is a signal with an attack sign among the constantly transmitted and received signals, the attack cannot be blocked in advance. Moreover, it appears in many places in a distributed denial-of-service (DDoS) attack, so the real-time defense must be the best option. Therefore, it is necessary first to discover the characteristics and elements regarded as abnormal signals to discover anomalies in real time. Finally, by analyzing the correlation between network data and features, extracting the elements of the anomaly, and analyzing the behavior of the extracted elements in detail, we aim to increase the accuracy of the anomaly. In this study, we used Coburg intrusion detection and KDDCup datasets and analyzed the correlation of elements in the dataset using a graph neural network. The calculated accuracy values of the anomaly detection were 94.5% and 98.85%.<\/jats:p>","DOI":"10.1007\/s11042-023-15635-z","type":"journal-article","created":{"date-parts":[[2023,8,21]],"date-time":"2023-08-21T01:01:32Z","timestamp":1692579692000},"page":"25487-25501","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":9,"title":["Anomaly detection analysis based on correlation of features in graph neural network"],"prefix":"10.1007","volume":"83","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-4604-1735","authenticated-orcid":false,"given":"Hoon","family":"Ko","sequence":"first","affiliation":[]},{"given":"Isabel","family":"Praca","sequence":"additional","affiliation":[]},{"given":"Seong Gon","family":"Choi","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2023,8,21]]},"reference":[{"key":"15635_CR1","doi-asserted-by":"crossref","unstructured":"Berral JL, Poggi N, Alonso J, Gavalda R, Torres J, Parashar M (2008) \u201cAdaptive distributed mechanism against flooding network attacks based on machine learning,\u201d Proceedings of the 1st ACM workshop on Workshop on AISec, 43\u201350","DOI":"10.1145\/1456377.1456389"},{"key":"15635_CR2","doi-asserted-by":"crossref","unstructured":"Cano A (2020) Krawczyk B (2020) \u201cKappa updated ensemble for drifting data stream mining\u201d Machine Learning 109(1):175\u2013218","DOI":"10.1007\/s10994-019-05840-z"},{"issue":"3","key":"15635_CR3","doi-asserted-by":"publisher","first-page":"558","DOI":"10.1177\/0013164418823249","volume":"79","author":"A De Raadt","year":"2019","unstructured":"De Raadt A, Warrens MJ, Bosker RJ, Kiers HA (2019) Kappa coefficients for missing data. Educational and psychological measurement 79(3):558\u2013576","journal-title":"Educational and psychological measurement"},{"key":"15635_CR4","unstructured":"Douligeris C, Mitrokotsa A (2003) \u201cDDoS attacks and defense mechanisms: a classification,\u201d In Proceedings of the 3rd IEEE International Symposium on Signal Processing and Information Technology, 190\u2013193, Dec. 2003"},{"key":"15635_CR5","doi-asserted-by":"crossref","unstructured":"Garg R, Qin E, Mart\u00ednez FM, Guirado R, Jain A, Abadal S, Abell\u00e1n JL, Acacio ME, Alarc\u00f3n E, Rajamanickam S et al (2020) \u201cA Taxonomy for Classification and Comparison of Dataflows for GNN Accelerators,\u201d Sandia National Lab.(SNL-NM), Albuquerque, NM (United States)","DOI":"10.2172\/1817326"},{"key":"15635_CR6","doi-asserted-by":"crossref","unstructured":"Geng T, Li A, Wang T, Wu C, Li Y, Shi R, Tumeo A, Che S, Reinhardt S, Herbordt M (2020) \u201cAwb-gcn: A graph convolutional network accelerator with runtime workload rebalancing,\u201d in 2020 53rd Annual IEEE\/ACM International Symposium on Microarchitecture (MICRO), 922\u2013936","DOI":"10.1109\/MICRO50266.2020.00079"},{"key":"15635_CR7","doi-asserted-by":"publisher","first-page":"234","DOI":"10.1016\/j.cose.2019.02.008","volume":"83","author":"F Gottwalt","year":"2019","unstructured":"Gottwalt F, Chang E, Dillon T (2019) CorrCorr: A feature selection method for multivariate correlation network anomaly detection techniques. Comput Secur 83:234\u2013245","journal-title":"Comput Secur"},{"key":"15635_CR8","doi-asserted-by":"publisher","unstructured":"Lathif MRA, Nasirifard P, Jacobsen HA (2018) \u201cCIDDS: A configurable and distributed DAG-based distributed ledger simulation framework,\u201d In Proceedings of the 19th International Middleware Conference (Posters), pp. 7\u20138, Dec. 2018. https:\/\/doi.org\/10.1145\/3284014.3284018","DOI":"10.1145\/3284014.3284018"},{"issue":"3","key":"15635_CR9","first-page":"118","volume":"29","author":"M Nooribakhsh","year":"2020","unstructured":"Nooribakhsh M, Mollamotalebi M (2020) A review on statistical approaches for anomaly detection in DDoS attacks. Inf Secur J: A Global Perspective 29(3):118\u2013133","journal-title":"Inf Secur J: A Global Perspective"},{"key":"15635_CR10","doi-asserted-by":"crossref","unstructured":"Panigrahi R, Borah S, Bhoi AK, Ijaz MF, Pramanik M, Kumar Y, Jhaveri RHs, (2021) A consolidated decision tree-based intrusion detection system for binary and multiclass imbalanced datasets. Mathematics. 9(7):751","DOI":"10.3390\/math9070751"},{"issue":"6","key":"15635_CR11","doi-asserted-by":"publisher","first-page":"690","DOI":"10.3390\/math9060690","volume":"9","author":"R Panigrahi","year":"2021","unstructured":"Panigrahi R, Borah S, Bhoi AK, Ijaz MF, Pramanik M, Jhaveri RH, Chowdhary CL (2021) Performance assessment of supervised classifiers for designing intrusion detection systems: a comprehensive review and recommendations for future research. Mathematics 9(6):690","journal-title":"Mathematics"},{"issue":"4","key":"15635_CR12","first-page":"40","volume":"16","author":"M Ring","year":"2017","unstructured":"Ring M, Wunderlich S, Gr\u00fcdl D, Landes D, Hotho A (2017) Creation of Flow-Based Data Sets for Intrusion Detection. J Inf Warfare 16(4):40\u201353","journal-title":"J Inf Warfare"},{"key":"15635_CR13","unstructured":"Ring M, Wunderlich S, Gr\u00fcdl D, Landes D, Hotho A (2017) \u201cFlow-based benchmark data sets for intrusion detection,\u201d Proceedings of the 16th European Conference on Cyber Warfare and Security (ECCWS), 361\u2013369"},{"issue":"5","key":"15635_CR14","doi-asserted-by":"publisher","first-page":"23","DOI":"10.14257\/ijdta.2013.6.5.03","volume":"6","author":"MK Siddiqui","year":"2013","unstructured":"Siddiqui MK, Naahid S (2013) Analysis of KDD CUP 99 dataset using clustering based data mining. Int J Database Theory Appl 6(5):23\u201334","journal-title":"Int J Database Theory Appl"},{"key":"15635_CR15","first-page":"39","volume":"38","author":"T Spyridopoulos","year":"2013","unstructured":"Spyridopoulos T, Karanikas G, Tryfonas T, Oikonomou G (2013) A game theoretic defence framework against DoS\/DDoS cyber attacks. Computers 38:39\u201350","journal-title":"Computers"},{"key":"15635_CR16","unstructured":"Veli\u010dkovi\u0107 P, Cucurull G, Casanova A, Romero A, Lio P, Bengio Y (2017) \u201cGraph attention networks,\u201d arXiv preprint arXiv:1710.10903"},{"key":"15635_CR17","doi-asserted-by":"crossref","unstructured":"Xu X, Sun Y, Huang Z (2017) \u201cDefending DDoS attacks using hidden Markov models and cooperative reinforcement learning,\u201d Pacific-Asia Workshop on Intelligence and Security Informatics, 196\u2013207","DOI":"10.1007\/978-3-540-71549-8_17"},{"key":"15635_CR18","doi-asserted-by":"publisher","first-page":"36","DOI":"10.1016\/j.future.2013.08.002","volume":"38","author":"W Zhou","year":"2014","unstructured":"Zhou W, Jia W, Wen S, Xiang Y, Zhou W (2014) Detection and defense of application-layer DDoS attacks in backbone web traffic. Futur Gener Comput Syst 38:36\u201346","journal-title":"Futur Gener Comput Syst"}],"container-title":["Multimedia Tools and Applications"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11042-023-15635-z.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s11042-023-15635-z\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11042-023-15635-z.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,2,29]],"date-time":"2024-02-29T10:23:54Z","timestamp":1709202234000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s11042-023-15635-z"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,8,21]]},"references-count":18,"journal-issue":{"issue":"9","published-online":{"date-parts":[[2024,3]]}},"alternative-id":["15635"],"URL":"https:\/\/doi.org\/10.1007\/s11042-023-15635-z","relation":{},"ISSN":["1573-7721"],"issn-type":[{"value":"1573-7721","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,8,21]]},"assertion":[{"value":"7 April 2022","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"4 August 2022","order":2,"name":"revised","label":"Revised","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"22 April 2023","order":3,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"21 August 2023","order":4,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declaration"}},{"value":"The authors have no conflict of interest.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflicts of interest"}}]}}