{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,17]],"date-time":"2026-06-17T13:06:12Z","timestamp":1781701572524,"version":"3.54.5"},"reference-count":131,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/legalcode"},{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"am","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/legalcode"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Access"],"published-print":{"date-parts":[[2021]]},"DOI":"10.1109\/access.2021.3129775","type":"journal-article","created":{"date-parts":[[2021,11,22]],"date-time":"2021-11-22T20:54:49Z","timestamp":1637614489000},"page":"157761-157779","source":"Crossref","is-referenced-by-count":109,"title":["Research Trends in Network-Based Intrusion Detection Systems: A Review"],"prefix":"10.1109","volume":"9","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-5972-671X","authenticated-orcid":false,"given":"Satish","family":"Kumar","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5180-244X","authenticated-orcid":false,"given":"Sunanda","family":"Gupta","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8064-3951","authenticated-orcid":false,"given":"Sakshi","family":"Arora","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"263","reference":[{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.3390\/fi12100167"},{"key":"ref38","first-page":"1307","article-title":"On evaluation of network intrusion detection systems: Statistical analysis of CIDDS-001 dataset using machine learning techniques","volume":"26","author":"verma","year":"2018","journal-title":"Pertanika J Sci Technol"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2923640"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1145\/382912.382923"},{"key":"ref31","first-page":"7249","article-title":"Feature classification and outlier detection to increased accuracy in intrusion detection system","volume":"13","author":"sainis","year":"2018","journal-title":"Int J Appl Eng Res"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2019.06.005"},{"key":"ref37","first-page":"219","article-title":"Intrusion detection in network systems through hybrid supervised and unsupervised mining process&#x2014;A detailed case study on the ISCX benchmark dataset","author":"soheily-khah","year":"2018","journal-title":"Proc 1st Int Conf Data Intell Secur (ICDIS)"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1109\/BIBE.2014.72"},{"key":"ref35","first-page":"48","article-title":"Attacks analysis of TCP and UDP of UNCW-NB15 dataset","volume":"8","author":"shah","year":"2020","journal-title":"Transactions on Computational Science V"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1109\/MilCIS.2015.7348942"},{"key":"ref28","first-page":"317","article-title":"Snort, BRO, NetSTAT, emerald and SAX2: A comparison","volume":"3","author":"patil","year":"2012","journal-title":"Int J Adv Res Comput Sci"},{"key":"ref27","article-title":"Optimizing pattern matching for intrusion detection","author":"norton","year":"2004"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1007\/s41650-017-0033-7"},{"key":"ref20","article-title":"Computer security threat monitoring and surveillance","author":"anderson","year":"1980"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1186\/s40537-015-0013-4"},{"key":"ref21","article-title":"The history and evolution of intrusion detection","volume":"1","author":"bruneau","year":"2001"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.4018\/978-1-4666-8761-5.ch004"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.5121\/ijnsa.2012.4208"},{"key":"ref26","article-title":"A comparative analysis of open-source intrusion detection systems","author":"pihelgas","year":"2012"},{"key":"ref101","doi-asserted-by":"publisher","DOI":"10.4218\/etrij.17.0116.0305"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1007\/978-0-387-88771-5_1"},{"key":"ref100","doi-asserted-by":"publisher","DOI":"10.1016\/j.asoc.2010.12.012"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2015.2494502"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1109\/TSMCB.2009.2034976"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2007.02.001"},{"key":"ref58","doi-asserted-by":"publisher","DOI":"10.1016\/j.knosys.2017.09.014"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.1109\/TSMCB.2006.870629"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.1109\/INFOCOM.2006.258"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1016\/j.inffus.2009.01.003"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1145\/1128817.1128835"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1088\/1742-6596\/1000\/1\/012049"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1109\/ICCPCT.2016.7530231"},{"key":"ref40","author":"moustafa","year":"2016","journal-title":"The UNSW-NB15 data set description"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1016\/j.joi.2017.11.001"},{"key":"ref3","first-page":"83","article-title":"Citation analysis","volume":"30","author":"smith","year":"1981","journal-title":"Library Trends"},{"key":"ref6","year":"2021","journal-title":"The Top List of Academic Search Engines"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1007\/s11192-018-2958-5"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1007\/s11192-020-03690-4"},{"key":"ref7","year":"2021","journal-title":"List of Academic Databases and Search Engines"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.25"},{"key":"ref9","year":"2020","journal-title":"Microsoft Academic"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2011.5958212"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1145\/1978672.1978676"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1016\/j.chb.2015.01.039"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1109\/ICDCS.2017.104"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1109\/CISDA.2009.5356528"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1109\/DISCEX.2000.821515"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.5120\/3399-4730"},{"key":"ref43","year":"0","journal-title":"Nsl-kdd Data Set for Network-based Intrusion Detection Systems"},{"key":"ref127","first-page":"2276","article-title":"Survey of the security alerts correlation algorithms","volume":"25","author":"guo","year":"2005","journal-title":"Comput Appl"},{"key":"ref126","doi-asserted-by":"publisher","DOI":"10.1145\/1167253.1167289"},{"key":"ref125","doi-asserted-by":"publisher","DOI":"10.1109\/TMC.2016.2567396"},{"key":"ref124","doi-asserted-by":"publisher","DOI":"10.1109\/INDIN.2008.4618372"},{"key":"ref73","first-page":"101","article-title":"Network intrusion detection system using fuzzy logic","volume":"2","author":"falke","year":"2014","journal-title":"International Journal of Educational Science and Research"},{"key":"ref72","doi-asserted-by":"publisher","DOI":"10.1109\/SoCPaR.2009.51"},{"key":"ref71","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2004.09.008"},{"key":"ref129","doi-asserted-by":"publisher","DOI":"10.1051\/mmnp\/201611408"},{"key":"ref70","doi-asserted-by":"publisher","DOI":"10.1145\/1167253.1167288"},{"key":"ref128","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-22714-1_69"},{"key":"ref76","doi-asserted-by":"publisher","DOI":"10.1109\/ARES.2006.73"},{"key":"ref77","doi-asserted-by":"publisher","DOI":"10.1109\/TETC.2016.2633228"},{"key":"ref130","doi-asserted-by":"publisher","DOI":"10.1109\/CCNC.2019.8651782"},{"key":"ref74","first-page":"171","article-title":"Zero-day malware detection based on supervised learning algorithms of API call signatures","volume":"121","author":"alazab","year":"2011","journal-title":"Proc 9th Australas Data Mining Conf (AusDM)"},{"key":"ref75","doi-asserted-by":"publisher","DOI":"10.1016\/j.asoc.2015.10.011"},{"key":"ref78","doi-asserted-by":"publisher","DOI":"10.1145\/1180405.1180414"},{"key":"ref131","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2908225"},{"key":"ref79","doi-asserted-by":"publisher","DOI":"10.1016\/j.compeleceng.2008.12.005"},{"key":"ref60","doi-asserted-by":"publisher","DOI":"10.1007\/11856214_1"},{"key":"ref62","doi-asserted-by":"publisher","DOI":"10.1145\/1132462.1132464"},{"key":"ref61","doi-asserted-by":"publisher","DOI":"10.1109\/ISCA.2005.5"},{"key":"ref63","doi-asserted-by":"publisher","DOI":"10.1109\/COMPSAC.2009.79"},{"key":"ref64","doi-asserted-by":"publisher","DOI":"10.1155\/2019\/8954914"},{"key":"ref65","doi-asserted-by":"publisher","DOI":"10.3390\/sym12061046"},{"key":"ref66","doi-asserted-by":"publisher","DOI":"10.1109\/ISDA.2010.5687239"},{"key":"ref67","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2016.09.041"},{"key":"ref68","doi-asserted-by":"publisher","DOI":"10.1007\/978-0-85729-504-0_15"},{"key":"ref69","doi-asserted-by":"publisher","DOI":"10.1016\/j.asoc.2009.06.019"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.3390\/app9204396"},{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.2172\/425295"},{"key":"ref95","first-page":"246","article-title":"A software implementation of a genetic algorithm based approach to network intrusion detection","author":"gong","year":"2005","journal-title":"Proc 6th Int Conf Softw Eng Artif Intell Netw Parallel\/Distrib Comput 1st ACIS Int Workshop Self-Assembling Wireless Netw (SNPD\/SAWN)"},{"key":"ref109","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2018.02.028"},{"key":"ref94","doi-asserted-by":"publisher","DOI":"10.1109\/ICSEngT.2019.8906310"},{"key":"ref108","doi-asserted-by":"publisher","DOI":"10.1109\/NSWCTC.2009.57"},{"key":"ref93","doi-asserted-by":"publisher","DOI":"10.15680\/ijircce.2015.0302038"},{"key":"ref107","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2017.10.016"},{"key":"ref92","doi-asserted-by":"publisher","DOI":"10.1109\/ICCSE.2012.6295306"},{"key":"ref106","doi-asserted-by":"publisher","DOI":"10.1007\/s00500-018-3621-z"},{"key":"ref91","doi-asserted-by":"publisher","DOI":"10.1109\/ARES.2008.119"},{"key":"ref105","doi-asserted-by":"publisher","DOI":"10.1016\/j.icte.2018.01.014"},{"key":"ref90","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2005.05.003"},{"key":"ref104","doi-asserted-by":"publisher","DOI":"10.1109\/IWACI.2010.5585107"},{"key":"ref103","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2013.06.027"},{"key":"ref102","first-page":"51","article-title":"Multi-agent intrusion detection system in industrial network using ant colony clustering approach and unsupervised feature extraction","author":"tsang","year":"2005","journal-title":"Proc IEEE Int Conf Ind Technol"},{"key":"ref111","first-page":"1","article-title":"Bacterial foraging optimization for enhancing the security in intrusion detection system","volume":"8","author":"kalaivani","year":"2019","journal-title":"Int J Eng Res Technol"},{"key":"ref112","doi-asserted-by":"publisher","DOI":"10.1109\/ICPR.2010.1060"},{"key":"ref110","first-page":"129","article-title":"Anomaly detection approach based on quantum-behaved partical swarm optimization","volume":"43","author":"zhang","year":"2007","journal-title":"Jisuanji Gongcheng Yu Yingyong (Computer Engineering and Applications)"},{"key":"ref98","first-page":"237","article-title":"Genetic programming approach for multi-category pattern classification applied to network intrusions detection","volume":"4","author":"faraoun","year":"2007","journal-title":"Int Arab J Inf Technol"},{"key":"ref99","doi-asserted-by":"publisher","DOI":"10.1007\/s00500-012-0890-9"},{"key":"ref96","doi-asserted-by":"publisher","DOI":"10.1007\/s11633-014-0870-x"},{"key":"ref97","doi-asserted-by":"publisher","DOI":"10.1016\/j.dss.2006.04.004"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1016\/S0167-4048(02)01106-9"},{"key":"ref11","first-page":"84","article-title":"Research on intrusion detection and response: A survey","volume":"1","author":"kabiri","year":"2005","journal-title":"Int J Netw Secur"},{"key":"ref12","article-title":"Machine learning techniques for intrusion detection","author":"zamani","year":"2013","journal-title":"arXiv 1312 2177"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1016\/j.procs.2015.08.220"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2015.11.016"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1109\/CYBConf.2015.7175897"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1109\/FiCloud.2016.20"},{"key":"ref82","doi-asserted-by":"publisher","DOI":"10.1109\/MNET.2009.4804323"},{"key":"ref118","doi-asserted-by":"publisher","DOI":"10.1109\/SSP.2018.8450709"},{"key":"ref17","first-page":"645","article-title":"Benchmark datasets for network intrusion detection: A review","volume":"20","author":"hamid","year":"2018","journal-title":"Int J Netw Secur"},{"key":"ref81","doi-asserted-by":"publisher","DOI":"10.1145\/1143549.1143619"},{"key":"ref117","doi-asserted-by":"publisher","DOI":"10.1016\/j.comcom.2011.01.012"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2018.2847722"},{"key":"ref84","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2011.06.013"},{"key":"ref19","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1016\/S0065-2458(08)60506-9","article-title":"Information security in a multi-user computer environment","volume":"12","author":"anderson","year":"1972","journal-title":"Advances in Computers"},{"key":"ref83","doi-asserted-by":"publisher","DOI":"10.1109\/TSMCC.2008.923876"},{"key":"ref119","doi-asserted-by":"publisher","DOI":"10.1007\/11527503_82"},{"key":"ref114","doi-asserted-by":"publisher","DOI":"10.1186\/s42400-019-0038-7"},{"key":"ref113","doi-asserted-by":"publisher","DOI":"10.9708\/jksci.2014.19.6.049"},{"key":"ref80","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-14058-7_65"},{"key":"ref116","doi-asserted-by":"publisher","DOI":"10.1109\/SECPRI.2001.924287"},{"key":"ref115","doi-asserted-by":"publisher","DOI":"10.3390\/fi12030044"},{"key":"ref89","doi-asserted-by":"publisher","DOI":"10.1109\/ISCC.2006.142"},{"key":"ref120","doi-asserted-by":"publisher","DOI":"10.1109\/SNPD.2007.216"},{"key":"ref121","doi-asserted-by":"publisher","DOI":"10.1016\/j.istr.2005.07.001"},{"key":"ref122","doi-asserted-by":"publisher","DOI":"10.1016\/j.adhoc.2013.04.014"},{"key":"ref123","doi-asserted-by":"publisher","DOI":"10.1287\/isre.1050.0041"},{"key":"ref85","doi-asserted-by":"publisher","DOI":"10.1109\/IFITA.2009.34"},{"key":"ref86","doi-asserted-by":"publisher","DOI":"10.1016\/j.patcog.2009.05.017"},{"key":"ref87","doi-asserted-by":"crossref","first-page":"577","DOI":"10.1109\/TSMCB.2007.914695","article-title":"AdaBoost-based algorithm for network intrusion detection","volume":"38","author":"hu","year":"2008","journal-title":"IEEE Trans Syst Man Cybern B Cybern"},{"key":"ref88","doi-asserted-by":"publisher","DOI":"10.1109\/TCYB.2013.2247592"}],"container-title":["IEEE Access"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/6287639\/9312710\/09623451.pdf?arnumber=9623451","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,3,8]],"date-time":"2022-03-08T21:50:33Z","timestamp":1646776233000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/9623451\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021]]},"references-count":131,"URL":"https:\/\/doi.org\/10.1109\/access.2021.3129775","relation":{},"ISSN":["2169-3536"],"issn-type":[{"value":"2169-3536","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021]]}}}