{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,28]],"date-time":"2026-04-28T15:30:17Z","timestamp":1777390217289,"version":"3.51.4"},"reference-count":112,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/legalcode"}],"funder":[{"name":"Brazilian Federal Agency for Support and Evaluation of Graduate Education (CAPES), Brazilian National Council for Scientific and Technological Development","award":["302296\/2023-9"],"award-info":[{"award-number":["302296\/2023-9"]}]},{"DOI":"10.13039\/501100001807","name":"S\u00e3o Paulo Research Foundation","doi-asserted-by":"crossref","award":["2019\/26702-8"],"award-info":[{"award-number":["2019\/26702-8"]}],"id":[{"id":"10.13039\/501100001807","id-type":"DOI","asserted-by":"crossref"}]},{"DOI":"10.13039\/501100001807","name":"S\u00e3o Paulo Research Foundation","doi-asserted-by":"crossref","award":["2023\/00566-6"],"award-info":[{"award-number":["2023\/00566-6"]}],"id":[{"id":"10.13039\/501100001807","id-type":"DOI","asserted-by":"crossref"}]},{"DOI":"10.13039\/100011558","name":"State of Minas Gerais Research Support Foundation","doi-asserted-by":"publisher","award":["APQ-02196-18"],"award-info":[{"award-number":["APQ-02196-18"]}],"id":[{"id":"10.13039\/100011558","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Access"],"published-print":{"date-parts":[[2025]]},"DOI":"10.1109\/access.2025.3561105","type":"journal-article","created":{"date-parts":[[2025,4,15]],"date-time":"2025-04-15T17:38:02Z","timestamp":1744738682000},"page":"72953-72983","source":"Crossref","is-referenced-by-count":3,"title":["A Survey of Data Stream-Based Intrusion Detection Systems"],"prefix":"10.1109","volume":"13","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-8176-8040","authenticated-orcid":false,"given":"Rodrigo Sanches","family":"Miani","sequence":"first","affiliation":[{"name":"Faculty of Computing, Federal University of Uberlândia, Uberlândia, Brazil"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0000-6945-7955","authenticated-orcid":false,"given":"Gustavo Di Giovanni","family":"Bernardo","sequence":"additional","affiliation":[{"name":"Faculty of Computing, Federal University of Uberlândia, Uberlândia, Brazil"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4029-2047","authenticated-orcid":false,"given":"Guilherme Weigert","family":"Cassales","sequence":"additional","affiliation":[{"name":"AI Institute, University of Waikato, Hamilton, New Zealand"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1273-9809","authenticated-orcid":false,"given":"Hermes","family":"Senger","sequence":"additional","affiliation":[{"name":"Department of Computer Science, Federal University of São Carlos, São Carlos, Brazil"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Elaine Ribeiro","family":"de Faria","sequence":"additional","affiliation":[{"name":"Faculty of Computing, Federal University of Uberlândia, Uberlândia, Brazil"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"key":"ref1","volume-title":"Threat Landscape","year":"2022"},{"key":"ref2","volume-title":"Council Post: The Evolution Of Cybersecurity in 2021\u2014Forbes.com","author":"Ehrlicher","year":"2021"},{"key":"ref3","volume-title":"10 Cyber Security Trends You Can\u2019t Ignore in 2021\u2014PurpleSec\u2014purplesec.us","author":"Firch","year":"2021"},{"key":"ref4","volume-title":"The Mobile Malware Threat Landscape in 2023","author":"Kivva","year":"2024"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.3390\/s23115348"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1145\/2808691"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1145\/3472753"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1109\/tnsm.2020.3016246"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1145\/3474369.3486864"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2021.108618"},{"key":"ref11","first-page":"225","article-title":"Online detection of botnets on network flows using stream mining","volume-title":"Proc. Anais do 36th Simp\u00f3sio Brasileiro de Redes de Computadores e Sistemas Distribu\u00eddos (SBRC)","author":"Costa"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1109\/NTMS.2019.8763842"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1109\/ICTAI52525.2021.00157"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1109\/ISCC47284.2019.8969609"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1145\/3407023.3407053"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.3390\/app9204396"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2020.102767"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1007\/s12652-020-02014-x"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1080\/1206212X.2021.1885150"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1109\/FMEC54266.2021.9732566"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1007\/s10207-023-00682-2"},{"key":"ref22","doi-asserted-by":"crossref","DOI":"10.1016\/j.measen.2023.100827","article-title":"A comprehensive review of AI based intrusion detection system","volume":"28","author":"Sowmya","year":"2023","journal-title":"Measurement, Sensors"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1155\/2023\/6048087"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1007\/s11831-023-09943-8"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2018.2836950"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2015.2494502"},{"key":"ref27","doi-asserted-by":"crossref","first-page":"708","DOI":"10.1016\/j.procs.2015.08.220","article-title":"Survey on anomaly detection using data mining techniques","volume":"60","author":"Agrawal","year":"2015","journal-title":"Proc. Comput. Sci."},{"key":"ref28","doi-asserted-by":"crossref","DOI":"10.1016\/j.comnet.2022.108836","article-title":"A comparative study on online machine learning techniques for network traffic streams analysis","volume":"207","author":"Shahraki","year":"2022","journal-title":"Comput. Netw."},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1109\/SURV.2010.032210.00054"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1117\/12.603086"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1016\/j.comcom.2005.01.014"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1117\/12.611168"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1145\/1363686.1363912"},{"key":"ref34","first-page":"735","article-title":"Online boosting based intrusion detection in changing environments","volume-title":"Proc. Int. Conf. Artif. Intell.","author":"Wang"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1145\/1526709.1526897"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1109\/AICI.2009.254"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-02490-0_70"},{"issue":"8","key":"ref38","doi-asserted-by":"crossref","first-page":"1282","DOI":"10.1016\/j.comnet.2009.10.016","article-title":"HiFIND: A high-speed flow-level intrusion detection approach with DoS resiliency","volume":"54","author":"Li","year":"2010","journal-title":"Comput. Netw."},{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1109\/HIS.2012.6421346"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-31909-9_2"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.3182\/20130902-3-cn-3020.00044"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1109\/ICRIIS.2013.6716742"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1109\/BRICS-CCI-CBIC.2013.63"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1007\/s10044-011-0255-5"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1016\/j.knosys.2014.06.018"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2015.07.015"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1109\/IJCNN.2015.7280573"},{"key":"ref48","doi-asserted-by":"crossref","first-page":"91","DOI":"10.1016\/j.ins.2014.07.044","article-title":"Detecting anomalies from big network traffic data using an adaptive detection approach","volume":"318","author":"Zhang","year":"2015","journal-title":"Inf. Sci."},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1109\/JSYST.2013.2294120"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1145\/2908961.2931682"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1016\/j.engappai.2016.01.020"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1109\/icwr.2017.7959324"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1109\/I-SMAC.2017.8058397"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1002\/dac.3002"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1109\/GLOCOM.2017.8254495"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.1109\/ISCC.2017.8024621"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-75307-2_8"},{"key":"ref58","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1016\/j.cose.2018.02.015","article-title":"A training-resistant anomaly detection system","volume":"76","author":"M\u00fcller","year":"2018","journal-title":"Comput. Secur."},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.1109\/Cybermatics_2018.2018.00087"},{"key":"ref60","doi-asserted-by":"publisher","DOI":"10.1016\/j.jisa.2019.102388"},{"key":"ref61","doi-asserted-by":"publisher","DOI":"10.1111\/exsy.12477"},{"key":"ref62","doi-asserted-by":"publisher","DOI":"10.1088\/1742-6596\/1423\/1\/012027"},{"key":"ref63","doi-asserted-by":"crossref","first-page":"338","DOI":"10.1016\/j.neucom.2019.07.031","article-title":"Detecting cyberattacks in industrial control systems using online learning algorithms","volume":"364","author":"Li","year":"2019","journal-title":"Neurocomputing"},{"key":"ref64","doi-asserted-by":"crossref","DOI":"10.1016\/j.compeleceng.2019.106460","article-title":"Designing online network intrusion detection using deep auto-encoder Q-learning","volume":"79","author":"Kim","year":"2019","journal-title":"Comput. Electr. Eng."},{"key":"ref65","doi-asserted-by":"crossref","first-page":"473","DOI":"10.1016\/j.future.2018.09.051","article-title":"BigFlow: Real-time and reliable anomaly-based intrusion detection for high-speed networks","volume":"93","author":"Viegas","year":"2019","journal-title":"Future Gener. Comput. Syst."},{"key":"ref66","doi-asserted-by":"publisher","DOI":"10.1007\/s10586-017-1066-2"},{"key":"ref67","doi-asserted-by":"publisher","DOI":"10.1145\/3416921.3416937"},{"key":"ref68","article-title":"Online DDoS attack detection using Mahalanobis distance and kernel-based learning algorithm","volume":"168","author":"\u00c7akmak\u00e7\u0131","year":"2020","journal-title":"J. Netw. Comput. Appl."},{"key":"ref69","doi-asserted-by":"publisher","DOI":"10.1109\/IGSC51522.2020.9291053"},{"issue":"6","key":"ref70","doi-asserted-by":"crossref","first-page":"315","DOI":"10.3390\/info11060315","article-title":"Ensemble-based online machine learning algorithms for network intrusion detection systems using streaming data","volume":"11","author":"Martindale","year":"2020","journal-title":"Information"},{"key":"ref71","doi-asserted-by":"publisher","DOI":"10.1016\/j.ins.2021.05.076"},{"key":"ref72","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2020.102146","article-title":"Resilient real-time network anomaly detection using novel non-parametric statistical tests","volume":"102","author":"Bollmann","year":"2021","journal-title":"Comput. Secur."},{"key":"ref73","doi-asserted-by":"publisher","DOI":"10.1109\/syscon48628.2021.9447092"},{"key":"ref74","doi-asserted-by":"publisher","DOI":"10.1016\/j.knosys.2022.109542"},{"key":"ref75","doi-asserted-by":"publisher","DOI":"10.1109\/CSR57506.2023.10224989"},{"key":"ref76","doi-asserted-by":"publisher","DOI":"10.3390\/s23073736"},{"key":"ref77","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2023.103451","article-title":"Model update for intrusion detection: Analyzing the performance of delayed labeling and active learning strategies","volume":"134","author":"Ol\u00edmpio","year":"2023","journal-title":"Comput. Secur."},{"key":"ref78","doi-asserted-by":"crossref","first-page":"238","DOI":"10.1016\/j.cose.2017.05.009","article-title":"Flow-based intrusion detection: Techniques and challenges","volume":"70","author":"Umer","year":"2017","journal-title":"Comput. Secur."},{"key":"ref79","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2019.06.005"},{"key":"ref80","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2020.3000179"},{"key":"ref81","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2022.102675"},{"key":"ref82","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2020.102022"},{"key":"ref83","doi-asserted-by":"publisher","DOI":"10.1016\/j.compeleceng.2013.11.024"},{"key":"ref84","doi-asserted-by":"publisher","DOI":"10.1007\/s10618-019-00654-y"},{"key":"ref85","first-page":"44","article-title":"MOA: Massive online analysis, a framework for stream classification and clustering","volume-title":"Proc. 1st Workshop Appl. Pattern Anal.","author":"Bifet"},{"key":"ref86","doi-asserted-by":"publisher","DOI":"10.1007\/s10994-012-5320-9"},{"issue":"4","key":"ref87","doi-asserted-by":"crossref","first-page":"713","DOI":"10.1016\/j.eswa.2005.05.002","article-title":"An intelligent intrusion detection system (IDS) for anomaly and misuse detection in computer networks","volume":"29","author":"Depren","year":"2005","journal-title":"Expert Syst. Appl."},{"key":"ref88","doi-asserted-by":"publisher","DOI":"10.1109\/NOMS.2016.7502965"},{"key":"ref89","doi-asserted-by":"publisher","DOI":"10.1007\/s12046-020-1308-5"},{"key":"ref90","doi-asserted-by":"publisher","DOI":"10.1109\/SECON.2017.7925383"},{"key":"ref91","doi-asserted-by":"publisher","DOI":"10.1109\/RIVF48685.2020.9140751"},{"key":"ref92","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2022.3204171"},{"key":"ref93","doi-asserted-by":"publisher","DOI":"10.1145\/2487788.2488042"},{"issue":"1","key":"ref94","first-page":"1","article-title":"River: Machine learning for streaming data in Python","volume":"22","author":"Montiel","year":"2020","journal-title":"J. Mach. Learn. Res."},{"key":"ref95","doi-asserted-by":"publisher","DOI":"10.1109\/icdmw.2015.140"},{"key":"ref96","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-33486-3_58"},{"key":"ref97","first-page":"117","article-title":"The TCPDUMP manual page","volume":"143","author":"Jacobson","year":"1989"},{"key":"ref98","article-title":"Lossless gigabit remote packet capture with Linux. University of Washington network systems","author":"Satten","year":"2008"},{"key":"ref99","volume-title":"The Zeek Network Security Monitor","year":"2023"},{"key":"ref100","doi-asserted-by":"publisher","DOI":"10.5220\/0005740704070414"},{"key":"ref101","volume-title":"Argus","author":"Bullard","year":"2023"},{"key":"ref102","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2021.108719"},{"key":"ref103","doi-asserted-by":"publisher","DOI":"10.1080\/19393555.2015.1125974"},{"key":"ref104","doi-asserted-by":"publisher","DOI":"10.1109\/SPW53761.2021.00009"},{"key":"ref105","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2021.3056614"},{"key":"ref106","doi-asserted-by":"publisher","DOI":"10.3390\/fi15050169"},{"key":"ref107","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2024.3393122"},{"key":"ref108","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2024.3518636"},{"key":"ref109","doi-asserted-by":"publisher","DOI":"10.1016\/j.neucom.2017.01.078"},{"key":"ref110","doi-asserted-by":"publisher","DOI":"10.1109\/TNNLS.2021.3071311"},{"key":"ref111","doi-asserted-by":"publisher","DOI":"10.1007\/s10462-015-9444-8"},{"key":"ref112","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2022.3222715"}],"container-title":["IEEE Access"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/6287639\/10820123\/10965698.pdf?arnumber=10965698","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,5,5]],"date-time":"2025-05-05T17:58:46Z","timestamp":1746467926000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10965698\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"references-count":112,"URL":"https:\/\/doi.org\/10.1109\/access.2025.3561105","relation":{},"ISSN":["2169-3536"],"issn-type":[{"value":"2169-3536","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025]]}}}