{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,26]],"date-time":"2026-02-26T00:04:51Z","timestamp":1772064291602,"version":"3.50.1"},"reference-count":116,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/OAPA.html"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Access"],"published-print":{"date-parts":[[2018]]},"DOI":"10.1109\/access.2018.2872784","type":"journal-article","created":{"date-parts":[[2018,9,28]],"date-time":"2018-09-28T20:36:50Z","timestamp":1538167010000},"page":"56046-56058","source":"Crossref","is-referenced-by-count":105,"title":["Data Mining Techniques in Intrusion Detection Systems: A Systematic Literature Review"],"prefix":"10.1109","volume":"6","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-6521-6978","authenticated-orcid":false,"given":"Fadi","family":"Salo","sequence":"first","affiliation":[]},{"given":"Mohammadnoor","family":"Injadat","sequence":"additional","affiliation":[]},{"given":"Ali Bou","family":"Nassif","sequence":"additional","affiliation":[]},{"given":"Abdallah","family":"Shami","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0228-0371","authenticated-orcid":false,"given":"Aleksander","family":"Essex","sequence":"additional","affiliation":[]}],"member":"263","reference":[{"key":"ref39","first-page":"12","article-title":"Enhanced solutions for misuse network intrusion detection system using SGA and SSGA","volume":"15","author":"jebur","year":"2015","journal-title":"Int J Comput Sci Netw Secur"},{"key":"ref38","doi-asserted-by":"crossref","first-page":"577","DOI":"10.1109\/TSMCB.2007.914695","article-title":"AdaBoost-based algorithm for network intrusion detection","volume":"38","author":"hu","year":"2008","journal-title":"IEEE Trans Syst Man Cybern B Cybern"},{"key":"ref33","first-page":"2001","article-title":"A hybrid intrusion detection system based on C5.0 decision tree and one-class SVM","volume":"5","author":"rani","year":"2015","journal-title":"International Journal of Current Engineering and Technology"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1016\/j.compeleceng.2007.05.010"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1016\/j.patcog.2006.12.009"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1109\/IKT.2015.7288736"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1109\/PERVASIVE.2015.7086963"},{"key":"ref36","doi-asserted-by":"crossref","first-page":"114","DOI":"10.1016\/j.jnca.2005.06.003","article-title":"Modeling intrusion detection system using hybrid intelligent systems","volume":"30","author":"peddabachigari","year":"2007","journal-title":"J Netw Comput Appl"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1016\/j.knosys.2015.01.009"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2005.06.001"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1109\/ICSCN.2015.7219890"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1016\/j.ins.2007.03.025"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1109\/TSMCB.2006.885306"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2017.03.011"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2017.11.004"},{"key":"ref21","first-page":"22","article-title":"An assessment of the DARPA IDS evaluation dataset using snort","volume":"1","author":"brugger","year":"2007"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2010.11.028"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2014.06.006"},{"key":"ref101","doi-asserted-by":"publisher","DOI":"10.1007\/s00521-015-2116-4"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1007\/s10044-011-0255-5"},{"key":"ref100","doi-asserted-by":"publisher","DOI":"10.1109\/CICN.2014.178"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2014.12.040"},{"key":"ref50","first-page":"1825","article-title":"Machine learning-based intrusion detection algorithms","volume":"5","author":"tang","year":"2009","journal-title":"J Comput Inf Syst"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1109\/ICGCIoT.2015.7380455"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.1109\/INDICON.2015.7443752"},{"key":"ref58","doi-asserted-by":"crossref","first-page":"23","DOI":"10.4304\/jcp.5.1.23-31","article-title":"Anomaly network intrusion detection based on improved self adaptive Bayesian algorithm","volume":"5","author":"farid","year":"2010","journal-title":"J Comput"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.1109\/ICITEED.2015.7408971"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2010.2051543"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1109\/ICCUBEA.2015.98"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1016\/j.patcog.2009.05.017"},{"key":"ref53","first-page":"1","article-title":"An adaptive network intrusion detection approach for the cloud environment","author":"chou","year":"2015","journal-title":"Proc IEEE Int Carnahan Conf Security Technol (ICCST)"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2010.02.102"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.4236\/ijcns.2008.14039"},{"key":"ref4","first-page":"120","article-title":"A data mining framework for building intrusion detection models","author":"lee","year":"1999","journal-title":"Proc IEEE Symp Secur Privacy"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1016\/j.engappai.2018.03.011"},{"key":"ref6","first-page":"28","article-title":"Intrusion detection system with data mining approach: A review","volume":"11","author":"khalilian","year":"2011","journal-title":"Global J Comput Sci Technol"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1016\/S0378-7206(01)00091-X"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1016\/j.neucom.2016.06.045"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2014.08.002"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1109\/ICCCI.2012.6158822"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1007\/s10916-014-0128-8"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2008.06.138"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2015.07.015"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1016\/j.asoc.2008.06.001"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1007\/s11276-015-1065-2"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1016\/S1005-8885(08)60074-6"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.5815\/ijcnis.2015.03.05"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2009.03.036"},{"key":"ref43","first-page":"1364","article-title":"Combination of multi classification algorithms for intrusion detection system","volume":"6","author":"abdulrazaq","year":"2015","journal-title":"Int J Sci Eng Res"},{"key":"ref73","doi-asserted-by":"publisher","DOI":"10.1109\/TrustCom.2012.46"},{"key":"ref72","doi-asserted-by":"publisher","DOI":"10.1109\/CSNT.2015.185"},{"key":"ref71","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2011.06.013"},{"key":"ref70","doi-asserted-by":"publisher","DOI":"10.1109\/NGCT.2015.7375219"},{"key":"ref76","doi-asserted-by":"publisher","DOI":"10.1109\/ICSCN.2015.7219899"},{"key":"ref77","doi-asserted-by":"publisher","DOI":"10.1016\/j.neucom.2016.03.031"},{"key":"ref74","doi-asserted-by":"publisher","DOI":"10.1109\/ICACCI.2015.7275914"},{"key":"ref75","doi-asserted-by":"publisher","DOI":"10.1109\/ICPRIME.2013.6496489"},{"key":"ref78","doi-asserted-by":"publisher","DOI":"10.1109\/ICCSE.2013.6554056"},{"key":"ref79","doi-asserted-by":"publisher","DOI":"10.1007\/s11227-015-1615-5"},{"key":"ref60","first-page":"33","article-title":"A hybridization of evolutionary fuzzy systems and ant colony optimization for intrusion detection","volume":"2","author":"abadeh","year":"2010","journal-title":"ISC Int J Inf Security"},{"key":"ref62","doi-asserted-by":"publisher","DOI":"10.1109\/INFRKM.2010.5466919"},{"key":"ref61","doi-asserted-by":"publisher","DOI":"10.1109\/ICSGCE.2015.7454287"},{"key":"ref63","doi-asserted-by":"publisher","DOI":"10.1109\/IntelliSys.2015.7361264"},{"key":"ref64","doi-asserted-by":"publisher","DOI":"10.1109\/ICRITO.2015.7359266"},{"key":"ref65","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2010.12.141"},{"key":"ref66","doi-asserted-by":"publisher","DOI":"10.1109\/ICACCE.2015.49"},{"key":"ref67","first-page":"463","article-title":"An intrusion detection approach using SVM and multiple kernel method","volume":"4","author":"li","year":"2012","journal-title":"Int J Adv Comput Technol"},{"key":"ref68","doi-asserted-by":"publisher","DOI":"10.1109\/ICSNS.2015.7292408"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1145\/357830.357849"},{"key":"ref69","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2011.07.032"},{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1016\/j.comcom.2011.07.001"},{"key":"ref109","doi-asserted-by":"publisher","DOI":"10.1109\/ICATCCT.2016.7912017"},{"key":"ref95","doi-asserted-by":"publisher","DOI":"10.1109\/ICWR.2017.7959324"},{"key":"ref108","first-page":"16","article-title":"A novel network intrusion detection system using two-stage hybrid classification technique","volume":"3","author":"hussain","year":"2015","journal-title":"IJCCER"},{"key":"ref94","doi-asserted-by":"publisher","DOI":"10.12720\/jait.6.1.1-8"},{"key":"ref107","doi-asserted-by":"publisher","DOI":"10.1007\/s00521-015-1964-2"},{"key":"ref93","doi-asserted-by":"publisher","DOI":"10.1109\/BigDataSecurity.2017.56"},{"key":"ref106","first-page":"102","article-title":"Adaptive anomaly intrusion detection system using optimized hoeffding tree","volume":"33","author":"kumari","year":"2014","journal-title":"ARPN J Eng Appl Sci"},{"key":"ref92","doi-asserted-by":"publisher","DOI":"10.1109\/IAdCC.2014.6779330"},{"key":"ref105","doi-asserted-by":"publisher","DOI":"10.1109\/ETFA.2016.7733515"},{"key":"ref91","doi-asserted-by":"publisher","DOI":"10.1016\/j.patcog.2016.08.027"},{"key":"ref104","doi-asserted-by":"publisher","DOI":"10.1007\/s40815-016-0160-6"},{"key":"ref90","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2013.12.048"},{"key":"ref103","doi-asserted-by":"publisher","DOI":"10.1007\/s00500-017-2635-2"},{"key":"ref102","doi-asserted-by":"publisher","DOI":"10.1109\/ICDMIC.2014.6954236"},{"key":"ref111","doi-asserted-by":"publisher","DOI":"10.1109\/ACOSIS.2016.7843930"},{"key":"ref112","doi-asserted-by":"publisher","DOI":"10.1109\/ICNTE.2015.7029925"},{"key":"ref110","first-page":"107","article-title":"Intrusion detection system based on genetic&#x2013;SVM for DoS attacks","volume":"3","author":"devi","year":"2015","journal-title":"Int J Eng Res Gen Sci"},{"key":"ref98","doi-asserted-by":"publisher","DOI":"10.1109\/ICACCCT.2014.7019145"},{"key":"ref99","doi-asserted-by":"publisher","DOI":"10.1007\/s11276-016-1439-0"},{"key":"ref96","doi-asserted-by":"publisher","DOI":"10.1109\/SAI.2014.6918242"},{"key":"ref97","doi-asserted-by":"publisher","DOI":"10.1109\/FUZZ-IEEE.2017.8015710"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1109\/ISCO.2014.7103959"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2014.2336610"},{"key":"ref12","author":"barbara","year":"2007","journal-title":"Guidelines for Performing Systematic Literature Reviews in Software Engineering Version 2 3"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1007\/s10115-007-0114-2"},{"key":"ref14","volume":"11","author":"noblit","year":"1988","journal-title":"Meta-Ethnography Synthesizing Qualitative Studies"},{"key":"ref15","first-page":"420","article-title":"Naive Bayes vs decision trees in intrusion detection systems","author":"ben amor","year":"0","journal-title":"Proc 20th ACM Symp Applied Computing (SAC)"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-19713-5_28"},{"key":"ref82","doi-asserted-by":"publisher","DOI":"10.1109\/ICoAC.2013.6921918"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1613\/jair.953"},{"key":"ref81","doi-asserted-by":"publisher","DOI":"10.1007\/s11227-016-1727-6"},{"key":"ref18","first-page":"27","article-title":"A new evaluation measure for imbalanced datasets","volume":"87","author":"weng","year":"2008","journal-title":"Proc 7th Austral Data Mining Conf"},{"key":"ref84","first-page":"22","article-title":"A text mining-based anomaly detection model in network security","volume":"14","author":"kakavand","year":"2014","journal-title":"Global J Comput Sci Technol"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1109\/ICACTE.2008.26"},{"key":"ref83","doi-asserted-by":"publisher","DOI":"10.1007\/s10586-015-0527-8"},{"key":"ref114","doi-asserted-by":"publisher","DOI":"10.1109\/ICCUBEA.2015.61"},{"key":"ref113","doi-asserted-by":"publisher","DOI":"10.1109\/IEMCON.2016.7746264"},{"key":"ref116","doi-asserted-by":"publisher","DOI":"10.1109\/ICDMW.2012.56"},{"key":"ref80","doi-asserted-by":"publisher","DOI":"10.1109\/JCSSE.2013.6567342"},{"key":"ref115","doi-asserted-by":"publisher","DOI":"10.1109\/ICCOINS.2016.7783222"},{"key":"ref89","doi-asserted-by":"publisher","DOI":"10.1016\/j.ins.2016.04.019"},{"key":"ref85","first-page":"253","article-title":"Cluster based ensemble classification for intrusion detection system","author":"jabbar","year":"0","journal-title":"Proc 9th Int Conf Mach Learn Comput (ICMLC)"},{"key":"ref86","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2013.08.066"},{"key":"ref87","doi-asserted-by":"publisher","DOI":"10.1016\/j.compeleceng.2017.01.006"},{"key":"ref88","doi-asserted-by":"publisher","DOI":"10.1016\/j.asoc.2014.01.028"}],"container-title":["IEEE Access"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/6287639\/8274985\/08476553.pdf?arnumber=8476553","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,1,26]],"date-time":"2022-01-26T19:42:07Z","timestamp":1643226127000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/8476553\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018]]},"references-count":116,"URL":"https:\/\/doi.org\/10.1109\/access.2018.2872784","relation":{},"ISSN":["2169-3536"],"issn-type":[{"value":"2169-3536","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018]]}}}