{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,3]],"date-time":"2025-08-03T22:58:48Z","timestamp":1754261928821,"version":"3.41.2"},"reference-count":33,"publisher":"Emerald","issue":"1","license":[{"start":{"date-parts":[[2024,12,17]],"date-time":"2024-12-17T00:00:00Z","timestamp":1734393600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IJWIS"],"published-print":{"date-parts":[[2025,1,2]]},"abstract":"<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Purpose<\/jats:title>\n<jats:p>Timely intrusion detection in extensive traffic remains a pressing and complex challenge, including for Web services. Current research emphasizes improving detection accuracy through machine learning, with scant attention paid to the dataset\u2019s impact on the capability for fast detection. Many datasets rely on flow-level features, requiring entire flow completion before determining if it constitutes an attack, reducing efficiency. This paper aims to introduce a new feature extraction method and construct a new security dataset that enhances detection efficiency.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Design\/methodology\/approach<\/jats:title>\n<jats:p>This paper proposes a novel partial-flow feature extraction method that extracts packet-level features efficiently to reduce the high latency of flow-level extraction. The method also integrates statistical and temporal features derived from partial flows to improve accuracy. The method was applied to the original packet capture (PCAP) files utilized in creating the CSE-CIC-IDS 2018 dataset, resulting in the development of the WKLIN-WEB-2023 dataset specifically designed for web intrusion detection. The effectiveness of this method was evaluated by training nine classification models on both the WKLIN-WEB-2023 and CSE-CIC-IDS 2018 datasets.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Findings<\/jats:title>\n<jats:p>The experimental results show that models trained on the WKLIN-WEB-2023 dataset consistently outperform those on the CSE-CIC-IDS 2018 dataset across precision, recall, f1-score, and detection latency. This demonstrates the superior effectiveness of the new dataset in enhancing both the efficiency and accuracy of intrusion detection.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Originality\/value<\/jats:title>\n<jats:p>This study proposes the partial-flow feature extraction method, creating the WKLIN-WEB-2023 dataset. This novel approach significantly enhances detection efficiency while maintaining classification performance, providing a valuable foundation for further research on intrusion detection efficiency.<\/jats:p>\n<\/jats:sec>","DOI":"10.1108\/ijwis-09-2024-0261","type":"journal-article","created":{"date-parts":[[2024,12,14]],"date-time":"2024-12-14T00:34:06Z","timestamp":1734136446000},"page":"77-95","source":"Crossref","is-referenced-by-count":2,"title":["Toward fast network intrusion detection for web services: partial-flow feature extraction and dataset construction"],"prefix":"10.1108","volume":"21","author":[{"given":"Tianfeng","family":"Wang","sequence":"first","affiliation":[]},{"given":"Yingying","family":"Xu","sequence":"additional","affiliation":[]},{"given":"Zhenzhou","family":"Tang","sequence":"additional","affiliation":[]}],"member":"140","published-online":{"date-parts":[[2024,12,17]]},"reference":[{"key":"key2025010204283239800_ref001","doi-asserted-by":"crossref","first-page":"100676","DOI":"10.1016\/j.iot.2022.100676","article-title":"Scada intrusion detection scheme exploiting the fusion of modified decision tree and chi-square feature selection","volume":"21","year":"2023","journal-title":"Internet of Things"},{"key":"key2025010204283239800_ref002","first-page":"1","article-title":"Flowrest: practical flow-level inference in programmable switches with random forests","volume-title":"IEEE INFOCOM 2023-IEEE Conference on Computer Communications","year":"2023"},{"key":"key2025010204283239800_ref003","first-page":"1","article-title":"Recurrent neural network model based on a new regularization technique for real-time intrusion detection in sdn environments","volume":"2019","year":"2019","journal-title":"Security and Communication Networks"},{"issue":"10","key":"key2025010204283239800_ref004","doi-asserted-by":"crossref","first-page":"6297","DOI":"10.1007\/s00500-023-07906-6","article-title":"Toward support-vector machine-based ant colony optimization algorithms for intrusion detection","volume":"27","year":"2023","journal-title":"Soft Computing"},{"key":"key2025010204283239800_ref005","doi-asserted-by":"crossref","first-page":"102957","DOI":"10.1016\/j.cose.2022.102957","article-title":"A hierarchical intrusion detection system based on extreme learning machine and nature-inspired optimization","volume":"124","year":"2023","journal-title":"Computers and Security"},{"key":"key2025010204283239800_ref006","unstructured":"Canadian Institute for Cybersecurity (2018), \u201cCicids 2018 intrusion detection system dataset\u201d, available at: www.unb.ca\/cic\/datasets\/ids-2018.html"},{"issue":"4","key":"key2025010204283239800_ref007","first-page":"41","article-title":"Deep learning network intrusion detection with the conv1d-lstm model: integrating cnn and lstm for superior performance","volume":"12","year":"2024","journal-title":"International Journal of Professional Practice"},{"key":"key2025010204283239800_ref008","doi-asserted-by":"crossref","first-page":"104216","DOI":"10.1016\/j.engappai.2021.104216","article-title":"Supervised feature selection techniques in network intrusion detection: a critical review","volume":"101","year":"2021","journal-title":"Engineering Applications of Artificial Intelligence"},{"issue":"1","key":"key2025010204283239800_ref009","first-page":"40","article-title":"Improving detection for intrusion using deep lstm with hybrid feature selection method","volume":"6","year":"2023","journal-title":"Iraqi Journal of Information and Communication Technology"},{"key":"key2025010204283239800_ref010","first-page":"1","article-title":"Deep learning based network intrusion detection system: a systematic literature review and future scopes","year":"2024","journal-title":"International Journal of Information Security"},{"key":"key2025010204283239800_ref011","doi-asserted-by":"crossref","first-page":"289","DOI":"10.1016\/j.ijinfomgt.2018.08.006","article-title":"Real-time big data processing for anomaly detection: a survey","volume":"45","year":"2019","journal-title":"International Journal of Information Management"},{"issue":"1","key":"key2025010204283239800_ref012","article-title":"Adversarial machine learning for network intrusion detection systems: a comprehensive survey","volume":"25","year":"2023","journal-title":"IEEE Communications Surveys and Tutorials"},{"article-title":"Enhancing intrusion detection with ml and deep learning: a survey of cicids 2017 and cse-cic-ids2018 datasets","volume-title":"AIP Conference Proceedings","year":"2024","key":"key2025010204283239800_ref013"},{"issue":"4","key":"key2025010204283239800_ref014","doi-asserted-by":"crossref","first-page":"579","DOI":"10.1016\/S1389-1286(00)00139-0","article-title":"The 1999 darpa off-line intrusion detection evaluation","volume":"34","year":"2000","journal-title":"Computer Networks"},{"issue":"20","key":"key2025010204283239800_ref015","doi-asserted-by":"crossref","first-page":"4396","DOI":"10.3390\/app9204396","article-title":"Machine learning and deep learning methods for intrusion detection systems: a survey","volume":"9","year":"2019","journal-title":"Applied Sciences"},{"first-page":"114","article-title":"Detection of https brute-force attacks with packet-level feature set","year":"2021","key":"key2025010204283239800_ref016"},{"issue":"3","key":"key2025010204283239800_ref017","doi-asserted-by":"crossref","first-page":"191","DOI":"10.3390\/info14030191","article-title":"A survey on feature selection techniques based on filtering methods for cyber attack detection","volume":"14","year":"2023","journal-title":"Information"},{"issue":"5\/6","key":"key2025010204283239800_ref018","article-title":"Meta-analysis and systematic review for anomaly network intrusion detection systems: detection methods, dataset, validation methodology, and challenges","volume":"13","year":"2024","journal-title":"IET Networks"},{"issue":"1\/3","key":"key2025010204283239800_ref019","first-page":"18","article-title":"The evaluation of network anomaly detection systems: Statistical analysis of the unsw-nb15 data set and the comparison with the kdd99 data set","volume":"25","year":"2016","journal-title":"Information Security Journal: A Global Perspective"},{"key":"key2025010204283239800_ref020","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1109\/MilCIS.2015.7348942","article-title":"Unsw-nb15: a comprehensive data set for network intrusion detection systems (unsw-nb15 network data set)","volume-title":"2015 military communications and information systems conference (MilCIS)","year":"2015"},{"key":"key2025010204283239800_ref021","first-page":"1","article-title":"Anomaly-based network intrusion detection using transfer learning","volume-title":"2023 2nd International Conference on Multidisciplinary Engineering and Applied Science (ICMEAS)","year":"2023"},{"issue":"7","key":"key2025010204283239800_ref022","article-title":"Classification of intrusion detection system","volume":"118","year":"2015","journal-title":"International Journal of Computer Applications"},{"key":"key2025010204283239800_ref023","doi-asserted-by":"crossref","first-page":"147","DOI":"10.1016\/j.cose.2019.06.005","article-title":"A survey of network-based intrusion detection data sets","volume":"86","year":"2019","journal-title":"Computers and Security"},{"first-page":"355","article-title":"Deep learning based network intrusion detection system for resource-constrained environments\u201d, International conference on digital forensics and cyber crime","year":"2022","key":"key2025010204283239800_ref024"},{"issue":"23","key":"key2025010204283239800_ref025","doi-asserted-by":"crossref","first-page":"9326","DOI":"10.3390\/s22239326","article-title":"Evaluation of machine learning techniques for traffic flow-based intrusion detection","volume":"22","year":"2022","journal-title":"Sensors"},{"issue":"2","key":"key2025010204283239800_ref026","doi-asserted-by":"crossref","first-page":"1385","DOI":"10.1007\/s11277-022-09609-x","article-title":"Intrusion detection system using deep belief network and particle swarm optimization","volume":"125","year":"2022","journal-title":"Wireless Personal Communications"},{"issue":"3","key":"key2025010204283239800_ref027","doi-asserted-by":"crossref","first-page":"403","DOI":"10.1007\/s10462-017-9567-1","article-title":"A hybrid intrusion detection system (hids) based on prioritized k-nearest neighbors and optimized svm classifiers","volume":"51","year":"2019","journal-title":"Artificial Intelligence Review"},{"year":"2018","key":"key2025010204283239800_ref028","article-title":"A realistic cyber defense dataset (cse-cic-ids2018), 2018"},{"first-page":"1","article-title":"A detailed analysis of the kdd cup 99 data set","year":"2009","key":"key2025010204283239800_ref029"},{"issue":"1","key":"key2025010204283239800_ref030","first-page":"711","article-title":"Machine learning-based intrusion detection system for detecting web attacks","volume":"13","year":"2024","journal-title":"IAES International Journal of Artificial Intelligence"},{"first-page":"1","article-title":"Deep convolutional neural network for improving intrusion detection. a spectogram based nids framework","year":"2024","key":"key2025010204283239800_ref031"},{"issue":"1","key":"key2025010204283239800_ref032","doi-asserted-by":"crossref","first-page":"1","DOI":"10.35842\/ijicom.v1i1.7","article-title":"A survey of intrusion detection system","volume":"1","year":"2020","journal-title":"International Journal of Informatics and Computation"},{"issue":"2","key":"key2025010204283239800_ref033","first-page":"1624","article-title":"Paradise: real-time, generalized, and distributed provenance-based intrusion detection","volume":"20","year":"2022","journal-title":"IEEE Transactions on Dependable and Secure Computing"}],"container-title":["International Journal of Web Information Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/IJWIS-09-2024-0261\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/IJWIS-09-2024-0261\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,24]],"date-time":"2025-07-24T22:24:17Z","timestamp":1753395857000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/ijwis\/article\/21\/1\/77-95\/1239795"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,12,17]]},"references-count":33,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2024,12,17]]},"published-print":{"date-parts":[[2025,1,2]]}},"alternative-id":["10.1108\/IJWIS-09-2024-0261"],"URL":"https:\/\/doi.org\/10.1108\/ijwis-09-2024-0261","relation":{},"ISSN":["1744-0084","1744-0092"],"issn-type":[{"type":"print","value":"1744-0084"},{"type":"electronic","value":"1744-0092"}],"subject":[],"published":{"date-parts":[[2024,12,17]]}}}