{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,29]],"date-time":"2026-05-29T18:10:51Z","timestamp":1780078251399,"version":"3.54.0"},"reference-count":125,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"1","license":[{"start":{"date-parts":[[2015,1,1]],"date-time":"2015-01-01T00:00:00Z","timestamp":1420070400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/OAPA.html"}],"funder":[{"name":"AFIT Center for Cyberspace Research"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Commun. Surv. Tutorials"],"published-print":{"date-parts":[[2015]]},"DOI":"10.1109\/comst.2014.2336610","type":"journal-article","created":{"date-parts":[[2014,7,11]],"date-time":"2014-07-11T18:49:24Z","timestamp":1405104564000},"page":"70-91","source":"Crossref","is-referenced-by-count":172,"title":["A Survey of Distance and Similarity Measures Used Within Network Intrusion Anomaly Detection"],"prefix":"10.1109","volume":"17","author":[{"given":"David J.","family":"Weller-Fahy","sequence":"first","affiliation":[{"name":"Dept. of Electr. & Comput. Eng., Air Force Inst. of Technol., Dayton, OH, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Brett J.","family":"Borghetti","sequence":"additional","affiliation":[{"name":"Dept. of Electr. & Comput. Eng., Air Force Inst. of Technol., Dayton, OH, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Angela A.","family":"Sodemann","sequence":"additional","affiliation":[{"name":"Dept. of Eng., Arizona State Univ., Mesa, AZ, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"263","reference":[{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.4304\/jsw.6.12.2350-2360"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2010.12.141"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-17857-3_11"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-25734-6_153"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1109\/LCN.2011.6115171"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-22371-6_29"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1016\/j.procs.2011.08.041"},{"key":"ref36","first-page":"19","article-title":"Network anomaly detection using unsupervised model","author":"gogoi","year":"2011","journal-title":"Int J Comput Appl —(Special Issue Netw Security Cryptogr )"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1109\/IWMN.2011.6088496"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1109\/TLA.2011.6030997"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2011.06.013"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2011.07.032"},{"key":"ref29","first-page":"918","article-title":"Multi-layer Bayesian based intrusion detection system","volume":"ii","author":"altwaijry","year":"0","journal-title":"Proc WCECS"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1109\/EC2ND.2008.8"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1109\/IMCSIT.2008.4747223"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-27189-2_21"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1109\/AINA.2009.12"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-25243-3_31"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1016\/j.knosys.2012.01.004"},{"key":"ref101","first-page":"v3-232","article-title":"A network intrusion detection system with the snooping agents","volume":"3","author":"zeng","year":"0","journal-title":"Proc Int Conf Comput Appl Syst Modeling"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1145\/1080091.1080118"},{"key":"ref100","doi-asserted-by":"publisher","DOI":"10.1109\/WICOM.2010.5601345"},{"key":"ref50","first-page":"297","article-title":"An ensemble approach for feature selection of cyber attack dataset","volume":"6","author":"singh","year":"2009","journal-title":"Int J Comput Sci Inf Security"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1109\/APCIP.2009.218"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.1007\/s10489-010-0263-y"},{"key":"ref58","doi-asserted-by":"publisher","DOI":"10.1109\/ICCS.2008.4737333"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2008.12.001"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.1007\/978-1-4419-0522-2_8"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1109\/TSMCC.2010.2050685"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1109\/ICNC.2008.782"},{"key":"ref53","first-page":"196","article-title":"Network intrusion detection design using feature selection of soft computing paradigms","volume":"4","author":"chou","year":"2008","journal-title":"Int J Comput Intell"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1109\/COMPSAC.2009.59"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-13601-6_9"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-00234-2"},{"key":"ref3","first-page":"300","article-title":"Comprehensive survey on distance\/similarity measures between probability density functions","volume":"1","author":"cha","year":"2007","journal-title":"Math Models Methods Appl Sci"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1109\/TKDE.2008.227"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-23291-6_3"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1145\/116873.116880"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1016\/j.ins.2008.10.025"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2013.8"},{"key":"ref9","first-page":"49","article-title":"On the generalised distance in statistics","volume":"2","author":"mahalanobis","year":"1936","journal-title":"Proc Nat Inst Sci India"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1109\/GLOCOMW.2010.5700198"},{"key":"ref45","first-page":"1865","article-title":"Intrusion detection using unsupervised learning","volume":"2","author":"bharti","year":"2010","journal-title":"Int J Comput Sci Eng"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1109\/ACIIDS.2009.59"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1109\/ICCET.2010.5486267"},{"key":"ref42","first-page":"1","article-title":"An adaptive DCT based intrusion detection system","author":"hayat","year":"0","journal-title":"Proc Int Symp Comput Netw Distrib Syst"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1109\/ICNC.2010.5583654"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2010.05.002"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1109\/NSS.2010.23"},{"key":"ref125","first-page":"10","article-title":"A novel network intrusion detection system (NIDS) based on signatures search of data mining","author":"zhengbing","year":"0","journal-title":"Proc Int Workshop Knowl Discov and Data Mining"},{"key":"ref124","first-page":"133","article-title":"CAMNEP: Agent-based network intrusion detection system","author":"rehak","year":"0","journal-title":"Proc Ind Track 4th Int Joint Conf Auton Agents Multiagent Syst"},{"key":"ref73","first-page":"868","article-title":"Classifying attacks in a network intrusion detection system based on artificial neural networks","author":"norouzian","year":"0","journal-title":"Proc 13th Int Conf Adv Commun Technol"},{"key":"ref72","author":"niemel\u00e4","year":"2011","journal-title":"Traffic analysis for intrusion detection in telecommunications networks"},{"key":"ref71","doi-asserted-by":"crossref","first-page":"136","DOI":"10.3923\/ajit.2011.136.141","article-title":"Design and implementation of a data mining-based network intrusion detection scheme","volume":"10","author":"mohammed","year":"2011","journal-title":"Asian J Inf Technol"},{"key":"ref70","first-page":"42","article-title":"Efficient FSM techniques for IDS to reduce the system attacks","volume":"29","author":"khan","year":"2011","journal-title":"Int J Comput Appl"},{"key":"ref76","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2011.07.001"},{"key":"ref77","doi-asserted-by":"publisher","DOI":"10.1007\/s10044-011-0255-5"},{"key":"ref74","doi-asserted-by":"publisher","DOI":"10.1109\/HICSS.2011.12"},{"key":"ref75","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-20505-7_26"},{"key":"ref78","doi-asserted-by":"publisher","DOI":"10.1016\/j.ins.2011.08.011"},{"key":"ref79","first-page":"24","article-title":"Hybrid approach: Detection of intrusion in MANET","volume":"icemc2","author":"tarannum","year":"2011","journal-title":"IJCA Proc Innov Conf Embedded Syst Mobile Commun Comput"},{"key":"ref60","first-page":"49","article-title":"Setting a worm attack warning by using machine learning to classify NetFlow data","volume":"36","author":"abdulla","year":"2011","journal-title":"Int J Comput Appl"},{"key":"ref62","doi-asserted-by":"publisher","DOI":"10.1007\/s11235-011-9541-1"},{"key":"ref61","doi-asserted-by":"crossref","first-page":"6804","DOI":"10.5897\/SRE11.142","article-title":"Intrusion detection using feature subset selection based on MLP","volume":"6","author":"ahmad","year":"2011","journal-title":"Sci Res Essays"},{"key":"ref63","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-22203-0_65"},{"key":"ref64","first-page":"187","article-title":"A performance analysis of Snort and Suricata network intrusion detection and prevention engines","author":"day","year":"0","journal-title":"Proc 5th Int Conf Digit Society"},{"key":"ref65","doi-asserted-by":"publisher","DOI":"10.1109\/DMO.2011.5976506"},{"key":"ref66","doi-asserted-by":"crossref","first-page":"251","DOI":"10.3233\/IDA-2010-0466","article-title":"Exploring discrepancies in findings obtained with the KDD cup '99 data set","volume":"15","author":"engen","year":"2011","journal-title":"Intell Data Anal"},{"key":"ref67","first-page":"12","article-title":"Adaptive intrusion detection based on boosting and naïve Bayesian classifier","volume":"24","author":"farid","year":"2011","journal-title":"Int J Comput Appl"},{"key":"ref68","doi-asserted-by":"publisher","DOI":"10.1109\/ISCAS.2011.5937880"},{"key":"ref2","first-page":"39","article-title":"On the distance norms for detecting anomalies in multidimensional datasets","volume":"2","author":"chmielewski","year":"2007","journal-title":"Zeszyty Naukowe Politechniki Bia?ostockiej"},{"key":"ref69","doi-asserted-by":"publisher","DOI":"10.1109\/RoEduNet.2011.5993703"},{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1145\/1541880.1541882"},{"key":"ref109","doi-asserted-by":"publisher","DOI":"10.1109\/WI-IAT.2009.113"},{"key":"ref95","first-page":"30","article-title":"Network intrusion detection using FP tree rules","volume":"1","author":"srinivasulu","year":"2009","journal-title":"Journal of Advanced Net and App"},{"key":"ref108","first-page":"154","article-title":"Adaptive network intrusion detection learning: Attribute selection and classification","author":"farid","year":"0","journal-title":"Proc Int Conf on Computers in Engineering"},{"key":"ref94","first-page":"302","article-title":"Effects of feature reduction on the performance of attack recognition by static and dynamic neural networks","volume":"8","author":"sheikhan","year":"2010","journal-title":"World Appl Sci J"},{"key":"ref107","doi-asserted-by":"publisher","DOI":"10.1109\/CINC.2009.19"},{"key":"ref93","doi-asserted-by":"publisher","DOI":"10.1109\/IRI.2010.5558967"},{"key":"ref106","first-page":"495","article-title":"Agent IDS based on misuse approach","volume":"4","author":"barika","year":"2009","journal-title":"J Softw"},{"key":"ref92","doi-asserted-by":"publisher","DOI":"10.1109\/SOCPAR.2010.5686163"},{"key":"ref105","first-page":"900","article-title":"MA IDS: Mobile agents for intrusion detection system","author":"barika","year":"0","journal-title":"Proc IEEE Int Conf Adv Comput Commun"},{"key":"ref91","doi-asserted-by":"crossref","first-page":"95","DOI":"10.4156\/jcit.vol5.issue1.11","article-title":"Anomaly detection analysis of intrusion data using supervised & unsupervised approach","volume":"5","author":"gogoi","year":"2010","journal-title":"J Convergence Inf Technol"},{"key":"ref104","doi-asserted-by":"publisher","DOI":"10.1109\/ICITST.2009.5402584"},{"key":"ref90","doi-asserted-by":"publisher","DOI":"10.1007\/s10710-010-9101-6"},{"key":"ref103","doi-asserted-by":"publisher","DOI":"10.1145\/1626195.1626252"},{"key":"ref102","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-16292-3_28"},{"key":"ref111","doi-asserted-by":"publisher","DOI":"10.1145\/1523103.1523204"},{"key":"ref112","doi-asserted-by":"publisher","DOI":"10.1109\/SoCPaR.2009.51"},{"key":"ref110","doi-asserted-by":"crossref","first-page":"93","DOI":"10.1007\/978-3-642-01129-0_11","article-title":"Evolving high-speed, easy-to-understand network intrusion detection rules with genetic programming","volume":"5484","author":"orfila","year":"2009","journal-title":"Applications of Evolutionary Computing"},{"key":"ref98","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-13318-3_71"},{"key":"ref99","first-page":"33","article-title":"A new immunity intrusion detection model based on genetic algorithm and vaccine mechanism","volume":"2","author":"xiao-pei","year":"2010","journal-title":"Int J Comput Netw Inf Security"},{"key":"ref96","first-page":"446","article-title":"An anomaly-based approach for intrusion detection in web traffic","volume":"5","author":"torrano-gim\u00e9nez","year":"2010","journal-title":"Journal of Info Assurance and Security"},{"key":"ref97","first-page":"91","article-title":"A real time IDSs based on artificial bee colony-support vector machine algorithm","author":"wang","year":"0","journal-title":"Proc IEEE 3rd Int Workshop Conf Adv Comput Intell"},{"key":"ref10","doi-asserted-by":"crossref","first-page":"203","DOI":"10.1007\/978-3-540-30143-1_11","article-title":"Anomalous payload-based network intrusion detection","volume":"3224","author":"wang","year":"2004","journal-title":"Recent Advances in Intrusion Detection"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1109\/CSCWD.2010.5471988"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1109\/CEC.2011.5949798"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-22339-6_7"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1109\/NAS.2011.18"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1007\/s11416-006-0030-0"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1109\/IWQoS.2009.5201415"},{"key":"ref118","doi-asserted-by":"publisher","DOI":"10.1109\/AINA.2009.10"},{"key":"ref82","doi-asserted-by":"crossref","first-page":"40","DOI":"10.17485\/ijst\/2011\/v4i1.16","article-title":"A computational intelligence for evaluation of intrusion detection system","volume":"4","author":"visumathi","year":"2011","journal-title":"Proc of Indian Journal of Science and Technology"},{"key":"ref17","first-page":"1","article-title":"The VoIP intrusion detection through a LVQ-based neural network","author":"lu","year":"0","journal-title":"Proc Internet Technol Secured Trans Conf"},{"key":"ref117","first-page":"217","article-title":"Ensemble classifiers for network intrusion detection system","volume":"4","author":"zainal","year":"2009","journal-title":"Journal of Info Assurance and Security"},{"key":"ref81","first-page":"1","article-title":"A system approach to network modeling for DDoS detection using a naïve Bayesian classifier","author":"vijayasarathy","year":"0","journal-title":"Proc Int Conf Commun Syst Netw"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-20042-7_36"},{"key":"ref84","doi-asserted-by":"publisher","DOI":"10.1109\/ICICIS.2011.133"},{"key":"ref19","first-page":"1","article-title":"Botsniffer: Detecting botnet command and control channels in network traffic","author":"gu","year":"0","journal-title":"Proc 10th Annu Netw Distrib Syst Security Symp"},{"key":"ref119","doi-asserted-by":"publisher","DOI":"10.1109\/CIS.2009.215"},{"key":"ref83","doi-asserted-by":"publisher","DOI":"10.1109\/ICMTMA.2011.128"},{"key":"ref114","first-page":"173","article-title":"Generalized discriminant analysis algorithm for feature reduction in cyber attack detection system","volume":"6","author":"singh","year":"2009","journal-title":"Int J Comput Sci Inf Security"},{"key":"ref113","first-page":"45","article-title":"Fast neural intrusion detection system based on hidden weight optimization algorithm and feature selection","volume":"7","author":"sheikhan","year":"2009","journal-title":"World Appl Sci J —(Special Issue Comput IT)"},{"key":"ref116","doi-asserted-by":"publisher","DOI":"10.1109\/AICI.2009.176"},{"key":"ref80","doi-asserted-by":"publisher","DOI":"10.1109\/TrustCom.2011.171"},{"key":"ref115","doi-asserted-by":"publisher","DOI":"10.1109\/NSWCTC.2009.228"},{"key":"ref120","doi-asserted-by":"publisher","DOI":"10.1109\/SCORED.2009.5443345"},{"key":"ref89","first-page":"19","article-title":"Attribute weighting with adaptive NBTree for reducing false positives in intrusion detection","volume":"8","author":"farid","year":"2010","journal-title":"Int J Comput Sci Inf Security"},{"key":"ref121","doi-asserted-by":"publisher","DOI":"10.1109\/IEEC.2009.36"},{"key":"ref122","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-85072-4_10"},{"key":"ref123","doi-asserted-by":"crossref","first-page":"577","DOI":"10.1109\/TSMCB.2007.914695","article-title":"AdaBoost-based algorithm for network intrusion detection","volume":"38","author":"hu","year":"2008","journal-title":"IEEE Trans Syst Man Cybern B Cybern"},{"key":"ref85","first-page":"627","article-title":"Identify features and parameters to devise an accurate intrusion detection system using artificial neural network","volume":"46","author":"abdulla","year":"2010","journal-title":"World Acad Sci Eng Technol"},{"key":"ref86","doi-asserted-by":"publisher","DOI":"10.5121\/ijcsit.2010.2613"},{"key":"ref87","first-page":"148","article-title":"Time based intrusion detection on fast attack for network intrusion detection system","author":"faizal","year":"0","journal-title":"Proc 2nd Int Conf Netw Appl Protocols Serv"},{"key":"ref88","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-14547-6_21"}],"container-title":["IEEE Communications Surveys & Tutorials"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/9739\/7061782\/06853338.pdf?arnumber=6853338","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,3,11]],"date-time":"2024-03-11T18:27:29Z","timestamp":1710181649000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/6853338\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015]]},"references-count":125,"journal-issue":{"issue":"1"},"URL":"https:\/\/doi.org\/10.1109\/comst.2014.2336610","relation":{},"ISSN":["1553-877X","2373-745X"],"issn-type":[{"value":"1553-877X","type":"electronic"},{"value":"2373-745X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2015]]}}}