{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,7,18]],"date-time":"2024-07-18T00:10:23Z","timestamp":1721261423848},"reference-count":36,"publisher":"Oxford University Press (OUP)","issue":"2","license":[{"start":{"date-parts":[[2024,3,19]],"date-time":"2024-03-19T00:00:00Z","timestamp":1710806400000},"content-version":"vor","delay-in-days":3,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024,3,25]]},"abstract":"<jats:title>Abstract<\/jats:title>\n               <jats:p>There is much effort nowadays to protect communication networks against different cybersecurity attacks (which are more and more sophisticated) that look for systems\u2019 vulnerabilities they could exploit for malicious purposes. Network Intrusion Detection Systems (NIDSs) are popular tools to detect and classify such attacks, most of them based on ML models. However, ML-based NIDSs cannot be trained by feeding them with network traffic data as it is. Thus, a Feature Engineering (FE) process plays a crucial role transforming network traffic raw data onto derived one suitable for ML models. In this work, we study the effects of applying one such FE technique in different ways on the performance of two ML models (linear and non-linear) and their selected features. This the Feature as a Counter approach. The derived observations are computed from either with the same number of raw samples, (batch-based approaches) or by aggregating them by time intervals (timestamp-based approach). Results show that there is no significant differences between the proposed approaches neither in the performance of the models nor in the selected features that validate our proposal making it feasible to be widely used as a standard FE method.<\/jats:p>","DOI":"10.1093\/jigpal\/jzae007","type":"journal-article","created":{"date-parts":[[2024,3,19]],"date-time":"2024-03-19T05:34:00Z","timestamp":1710826440000},"page":"263-280","source":"Crossref","is-referenced-by-count":0,"title":["Evaluating the Impact of Different Feature as a Counter Data Aggregation approaches on the Performance of NIDSs and Their Selected Features"],"prefix":"10.1093","volume":"32","author":[{"given":"Roberto","family":"Mag\u00e1n-Carri\u00f3n","sequence":"first","affiliation":[{"name":"Network Engineering & Security Group , Department of Signal Theory, Communications and Telematics, CITIC-University of Granada, 18014, Granada, Spain , rmagan@ugr.es"}]},{"given":"Daniel","family":"Urda","sequence":"additional","affiliation":[{"name":"Grupo de Inteligencia Computacional Aplicada (GICAP) , Departamento de Digitalizaci\u00f3n, Escuela Polit\u00e9cnica Superior, Universidad de Burgos, Av. Cantabria s\/n, 09006, Burgos, Spain , durda@ubu.es"}]},{"given":"Ignacio","family":"Diaz-Cano","sequence":"additional","affiliation":[{"name":"Applied Robotics Group , Department of Automatic, Electronic, Computer Architecture and Com. Net. Engineering, University of C\u00e1diz, 11519, Puerto Real, C\u00e1diz, Spain , ignacio.diaz@uca.es"}]},{"given":"Bernab\u00e9","family":"Dorronsoro","sequence":"additional","affiliation":[{"name":"Graphical Methods , Optimization & Learning (GOAL) Group, Department of Computer Engineering, University of C\u00e1diz, 11519, Puerto Real, C\u00e1diz, Spain; School of Computer Science, Faculty of Engineering, The University of Sydney, 2008, Darlington, NSW, Australia , bernabe.dorronsorodiaz@sydney.edu.au"}]}],"member":"286","published-online":{"date-parts":[[2024,3,16]]},"reference":[{"key":"2024071718031282500_ref1","author":"Cisco Annual Internet Report (2018\u20132023). White Paper","year":"2020"},{"key":"2024071718031282500_ref2","first-page":"711","article-title":"Deep-intrusion detection system with enhanced unsw-nb15 dataset based on deep learning techniques","volume":"16","author":"Aleesa","year":"2021","journal-title":"Journal of Engineering Science and Technology"},{"key":"2024071718031282500_ref3","first-page":"584","article-title":"A systematic review of artificial intelligence and machine learning techniques for cyber security","volume-title":"Big Data and Security, Communications in Computer and Information Science","author":"Ali","year":"2020"},{"key":"2024071718031282500_ref4","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1016\/j.procs.2018.01.091","article-title":"Performance evaluation of intrusion detection based on machine learning using Apache Spark","volume":"127","author":"Belouch","year":"2018","journal-title":"Procedia Computer Science"},{"key":"2024071718031282500_ref5","doi-asserted-by":"crossref","first-page":"191","DOI":"10.1016\/0098-3004(84)90020-7","article-title":"FCM: the fuzzy c-means clustering algorithm","volume":"10","author":"Bezdek","year":"1984","journal-title":"Computers & Geosciences"},{"key":"2024071718031282500_ref6","doi-asserted-by":"crossref","first-page":"303","DOI":"10.1109\/SURV.2013.052213.00046","article-title":"Network anomaly detection: methods, systems and tools","volume":"16","author":"Bhuyan","year":"2014","journal-title":"IEEE Communications Surveys Tutorials"},{"key":"2024071718031282500_ref7","doi-asserted-by":"crossref","first-page":"5","DOI":"10.1023\/A:1010933404324","article-title":"Random Forests","volume":"45","author":"Breiman","year":"2001","journal-title":"Machine Learning"},{"key":"2024071718031282500_ref8","doi-asserted-by":"crossref","first-page":"500","DOI":"10.1109\/INFCOMW.2014.6849282","article-title":"Tackling the Big Data 4 vs for anomaly detection","volume-title":"2014 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS)","author":"Camacho","year":"2014"},{"key":"2024071718031282500_ref9","doi-asserted-by":"crossref","first-page":"2179","DOI":"10.1109\/TIFS.2019.2894358","article-title":"Semi-supervised multivariate statistical network monitoring for learning security threats","volume":"14","author":"Camacho","year":"2019","journal-title":"IEEE Transactions on Information Forensics and Security"},{"key":"2024071718031282500_ref10","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1016\/j.cose.2019.101603","article-title":"Multivariate Big Data Analysis for intrusion detection: 5 steps from the haystack to the needle","volume":"87","author":"Camacho","year":"2019","journal-title":"Computers & Security"},{"key":"2024071718031282500_ref11","doi-asserted-by":"crossref","first-page":"118","DOI":"10.1016\/j.cose.2016.02.008","article-title":"Pca-based multivariate statistical network monitoring for anomaly detection","volume":"59","author":"Camacho","year":"2016","journal-title":"Computers & Security"},{"key":"2024071718031282500_ref12","doi-asserted-by":"crossref","first-page":"118","DOI":"10.1016\/j.cose.2016.02.008","article-title":"PCA-based multivariate statistical network monitoring for anomaly detection","volume":"59","author":"Camacho","year":"2016","journal-title":"Computers & Security"},{"key":"2024071718031282500_ref13","doi-asserted-by":"crossref","first-page":"101603","DOI":"10.1016\/j.cose.2019.101603","article-title":"Multivariate Big Data Analysis for intrusion detection: 5 steps from the haystack to the needle","volume":"87","author":"Camacho","year":"2019","journal-title":"Computers & Security"},{"key":"2024071718031282500_ref14","volume-title":"ENISA Threat Landscape Report 2020","author":"ENISA"},{"key":"2024071718031282500_ref15","doi-asserted-by":"crossref","first-page":"1","DOI":"10.18637\/jss.v033.i01","article-title":"Regularization paths for generalized linear models via coordinate descent","volume":"33","author":"Friedman","year":"2010","journal-title":"Journal of Statistical Software"},{"key":"2024071718031282500_ref16","doi-asserted-by":"crossref","first-page":"37","DOI":"10.1016\/j.comnet.2018.02.028","article-title":"A hybrid intrusion detection system based on ABC-AFS algorithm for misuse and anomaly detection","volume":"136","author":"Hajisalem","year":"2018","journal-title":"Computer Networks"},{"key":"2024071718031282500_ref17","first-page":"303","article-title":"A novel statistical technique for intrusion detection systems","author":"Kabir","year":"2018"},{"key":"2024071718031282500_ref18","first-page":"1397","article-title":"An integrated rule based intrusion detection system: analysis on UNSW-NB15 data set and the real time online dataset","author":"Kumar","year":"2020"},{"key":"2024071718031282500_ref19","first-page":"253","article-title":"Characterization of tor traffic using time based features","volume":"2017","author":"Lashkari","year":"2017","journal-title":"ICISSP 2017\u2013Proceedings of the 3rd International Conference on Information Systems Security and Privacy"},{"key":"2024071718031282500_ref20","doi-asserted-by":"crossref","first-page":"411","DOI":"10.1016\/j.cose.2017.11.004","article-title":"UGR\u201916: a new dataset for the evaluation of cyclostationarity-based network IDSs","volume":"73","author":"Maci\u00e1-Fern\u00e1ndez","year":"2018","journal-title":"Computers & Security"},{"key":"2024071718031282500_ref21","doi-asserted-by":"crossref","first-page":"155014772092130","DOI":"10.1177\/1550147720921309","article-title":"Multivariate statistical network monitoring\u2013sensor: an effective tool for real-time monitoring and anomaly detection in complex networks and systems","volume":"16","author":"Mag\u00e1n-Carri\u00f3n","year":"2020","journal-title":"International Journal of Distributed Sensor Networks"},{"key":"2024071718031282500_ref22","doi-asserted-by":"crossref","DOI":"10.3390\/app10051775","article-title":"Towards a reliable comparison and evaluation of network intrusion detection systems based on machine learning approaches","volume":"10","author":"Mag\u00e1n-Carri\u00f3n","year":"2020","journal-title":"Applied Sciences"},{"key":"2024071718031282500_ref23","first-page":"116","article-title":"Assessing the impact of batch-based data aggregation techniques for feature engineering on machine learning-based network IDSs","volume-title":"In 14th International Conf. on Comp. Intelligence in Security for Information Systems","author":"Mag\u00e1n-Carri\u00f3n","year":"2022"},{"key":"2024071718031282500_ref24","doi-asserted-by":"crossref","first-page":"1717","DOI":"10.1109\/TETC.2022.3178283","article-title":"Improving the reliability of network intrusion detection systems through dataset integration","volume":"10","author":"Mag\u00e1n-Carri\u00f3n","year":"2022","journal-title":"IEEE Transactions on Emerging Topics in Computing"},{"key":"2024071718031282500_ref25","first-page":"1","article-title":"UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set)","author":"Moustafa","year":"2015","journal-title":"2015 Military Communications and Information Systems Conference (MilCIS)"},{"key":"2024071718031282500_ref26","article-title":"Evaluating neural networks using bi-directional LSTM for network IDS (intrusion detection systems) in cyber security","author":"Pooja","year":"2021","journal-title":"Global Transitions Proceedings"},{"key":"2024071718031282500_ref27","author":"Sharafaldin","year":"2018","journal-title":"Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization"},{"key":"2024071718031282500_ref28","article-title":"Efficient filter based feature selection flow for intrusion detection system","volume":"9","author":"Siddiqi","year":"2020","journal-title":"International Workshop on Emerging ICT"},{"key":"2024071718031282500_ref29","article-title":"Practical bayesian optimization of machine learning algorithms","volume":"25","author":"Snoek","year":"2012","journal-title":"Advances in Neural Information Processing Systems"},{"key":"2024071718031282500_ref30","doi-asserted-by":"crossref","first-page":"94497","DOI":"10.1109\/ACCESS.2019.2928048","article-title":"TSE-IDS: a two-stage classifier ensemble for intelligent anomaly-based intrusion detection system","volume":"7","author":"Tama","year":"2019","journal-title":"IEEE Access"},{"key":"2024071718031282500_ref31","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1109\/CISDA.2009.5356528","article-title":"A detailed analysis of the KDD CUP 99 data set","volume-title":"2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications","author":"Tavallaee","year":"2009"},{"key":"2024071718031282500_ref32","first-page":"3162","article-title":"An intrusion detection approach based on improved deep belief network","author":"Tian","year":"2020"},{"key":"2024071718031282500_ref33","doi-asserted-by":"crossref","DOI":"10.3390\/electronics10151854","volume-title":"A Novel Approach for Network Intrusion Detection Using Multistage Deep Learning Image Recognition","author":"Toldinas","year":"2021"},{"key":"2024071718031282500_ref34","doi-asserted-by":"crossref","first-page":"50","DOI":"10.1007\/978-3-319-59147-6_5","article-title":"Deep learning to analyze rna-seq gene expression data","volume-title":"Advances in Computational Intelligence","author":"Urda","year":"2017"},{"key":"2024071718031282500_ref35","doi-asserted-by":"crossref","first-page":"94","DOI":"10.1186\/s12918-018-0612-8","article-title":"BLASSO: integration of biological knowledge into a regularized linear model","volume":"12","author":"Urda","year":"2018","journal-title":"BMC Systems Biology"},{"key":"2024071718031282500_ref36","doi-asserted-by":"crossref","first-page":"103106","DOI":"10.1016\/j.jnca.2021.103106","article-title":"Prepare for trouble and make it double. Supervised and unsupervised stacking for anomaly based intrusion detection","volume":"189","author":"Zoppi","year":"2022","journal-title":"Journal of Network and Computer Applications"}],"container-title":["Logic Journal of the IGPL"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/academic.oup.com\/jigpal\/article-pdf\/32\/2\/263\/58499062\/jzae007.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/academic.oup.com\/jigpal\/article-pdf\/32\/2\/263\/58499062\/jzae007.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,7,17]],"date-time":"2024-07-17T18:03:37Z","timestamp":1721239417000},"score":1,"resource":{"primary":{"URL":"https:\/\/academic.oup.com\/jigpal\/article\/32\/2\/263\/7625445"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,3,16]]},"references-count":36,"journal-issue":{"issue":"2","published-online":{"date-parts":[[2024,3,16]]},"published-print":{"date-parts":[[2024,3,25]]}},"URL":"https:\/\/doi.org\/10.1093\/jigpal\/jzae007","relation":{},"ISSN":["1367-0751","1368-9894"],"issn-type":[{"value":"1367-0751","type":"print"},{"value":"1368-9894","type":"electronic"}],"subject":[],"published-other":{"date-parts":[[2024,4]]},"published":{"date-parts":[[2024,3,16]]}}}