{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,30]],"date-time":"2026-05-30T04:02:08Z","timestamp":1780113728137,"version":"3.54.0"},"reference-count":186,"publisher":"Association for Computing Machinery (ACM)","issue":"3","license":[{"start":{"date-parts":[[2021,5,8]],"date-time":"2021-05-08T00:00:00Z","timestamp":1620432000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"CSIRO's Data61, Australia and Cyber Security Research Centre Limited"},{"name":"Australian Government's Cooperative Research Centres Programme"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Comput. Surv."],"published-print":{"date-parts":[[2022,4,30]]},"abstract":"<jats:p>\n            <jats:bold>Context<\/jats:bold>\n            : Research at the intersection of cybersecurity, Machine Learning (ML), and Software Engineering (SE) has recently taken significant steps in proposing countermeasures for detecting sophisticated data exfiltration attacks. It is important to systematically review and synthesize the ML-based data exfiltration countermeasures for building a body of knowledge on this important topic.\n            <jats:bold>Objective<\/jats:bold>\n            : This article aims at systematically reviewing ML-based data exfiltration countermeasures to identify and classify ML approaches, feature engineering techniques, evaluation datasets, and performance metrics used for these countermeasures. This review also aims at identifying gaps in research on ML-based data exfiltration countermeasures.\n            <jats:bold>Method<\/jats:bold>\n            : We used Systematic Literature Review (SLR) method to select and review 92 papers.\n            <jats:bold>Results<\/jats:bold>\n            : The review has enabled us to: (a) classify the ML approaches used in the countermeasures into data-driven, and behavior-driven approaches; (b) categorize features into six types: behavioral, content-based, statistical, syntactical, spatial, and temporal; (c) classify the evaluation datasets into simulated, synthesized, and real datasets; and (d) identify 11 performance measures used by these studies.\n            <jats:bold>Conclusion<\/jats:bold>\n            : We conclude that: (i) The integration of data-driven and behavior-driven approaches should be explored; (ii) There is a need of developing high quality and large size evaluation datasets; (iii) Incremental ML model training should be incorporated in countermeasures; (iv) Resilience to adversarial learning should be considered and explored during the development of countermeasures to avoid poisoning attacks; and (v) The use of automated feature engineering should be encouraged for efficiently detecting data exfiltration attacks.\n          <\/jats:p>","DOI":"10.1145\/3442181","type":"journal-article","created":{"date-parts":[[2021,5,8]],"date-time":"2021-05-08T11:03:22Z","timestamp":1620471802000},"page":"1-47","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":50,"title":["Machine Learning for Detecting Data Exfiltration"],"prefix":"10.1145","volume":"54","author":[{"given":"Bushra","family":"Sabir","sequence":"first","affiliation":[{"name":"CREST - The Centre for Research on Engineering Software Technologies, University of Adelaide, CSIRO\/Data61, Australia"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Faheem","family":"Ullah","sequence":"additional","affiliation":[{"name":"CREST - The Centre for Research on Engineering Software Technologies, University of Adelaide, Australia"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"M. Ali","family":"Babar","sequence":"additional","affiliation":[{"name":"CREST - The Centre for Research on Engineering Software Technologies, University of Adelaide, CSCRC - Cyber Security Cooperative Research Centre, Australia"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Raj","family":"Gaire","sequence":"additional","affiliation":[{"name":"CSIRO\/Data61, Australia"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2021,5,8]]},"reference":[{"key":"e_1_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.procs.2015.08.220"},{"key":"e_1_2_1_2_1","first-page":"3","article-title":"KDD 1999 generation faults: A review and analysis","volume":"2","author":"Al Tobi Amjad M.","year":"2018","unstructured":"Amjad M. Al Tobi and Ishbel Duncan . 2018 . KDD 1999 generation faults: A review and analysis . J. Cyber Sec. Technol. 2 , 3 - 4 (2018), 164--200. Amjad M. Al Tobi and Ishbel Duncan. 2018. KDD 1999 generation faults: A review and analysis. J. Cyber Sec. Technol. 2, 3-4 (2018), 164--200.","journal-title":"J. Cyber Sec. Technol."},{"key":"e_1_2_1_3_1","unstructured":"Aldeid. 2020. PE Tools. Retrieved from https:\/\/bit.ly\/2Ak81MF.  Aldeid. 2020. PE Tools. Retrieved from https:\/\/bit.ly\/2Ak81MF."},{"key":"e_1_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICAICT.2014.7035946"},{"key":"e_1_2_1_5_1","first-page":"272","article-title":"Random forests and decision trees","volume":"9","author":"Ali Jehad","year":"2012","unstructured":"Jehad Ali , Rehanullah Khan , Nasir Ahmad , and Imran Maqsood . 2012 . Random forests and decision trees . Int. J. Comput. Sci. Iss. 9 , 5 (2012), 272 . Jehad Ali, Rehanullah Khan, Nasir Ahmad, and Imran Maqsood. 2012. Random forests and decision trees. Int. J. Comput. Sci. Iss. 9, 5 (2012), 272.","journal-title":"Int. J. Comput. Sci. Iss."},{"key":"e_1_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2016.01.008"},{"key":"e_1_2_1_7_1","volume-title":"Introduction to Machine Learning","author":"Alpaydin Ethem","unstructured":"Ethem Alpaydin . 2020. Introduction to Machine Learning . The MIT Press . Ethem Alpaydin. 2020. Introduction to Machine Learning. The MIT Press."},{"key":"e_1_2_1_8_1","volume-title":"An Introduction to Neural Networks","author":"Anderson James A.","unstructured":"James A. Anderson . 1995. An Introduction to Neural Networks . The MIT Press . James A. Anderson. 1995. An Introduction to Neural Networks. The MIT Press."},{"key":"e_1_2_1_9_1","unstructured":"APAC. 2020. APAC-Anti Phishing Alliance of China. Retrieved from http:\/\/en.apac.cn\/.  APAC. 2020. APAC-Anti Phishing Alliance of China. Retrieved from http:\/\/en.apac.cn\/."},{"key":"e_1_2_1_10_1","unstructured":"Internet Archive. 2016. VX Heaven Windows Virus Collection. Retrieved from https:\/\/bit.ly\/2IzmTL9.  Internet Archive. 2016. VX Heaven Windows Virus Collection. Retrieved from https:\/\/bit.ly\/2IzmTL9."},{"key":"e_1_2_1_11_1","unstructured":"Johannes Bader. 2020. baderj\/domain_generation_algorithms: Some Results of My DGA Reversing Efforts. Retrieved from https:\/\/bit.ly\/2XU3DNa.  Johannes Bader. 2020. baderj\/domain_generation_algorithms: Some Results of My DGA Reversing Efforts. Retrieved from https:\/\/bit.ly\/2XU3DNa."},{"key":"e_1_2_1_12_1","first-page":"105","article-title":"Performance evaluation of a variable rate application (VRA) system by artificial neural network (ANN) models","volume":"16","author":"Bagheri Nikrooz","year":"2014","unstructured":"Nikrooz Bagheri , Afshin Eyvani , and Nazilla Tarabi . 2014 . Performance evaluation of a variable rate application (VRA) system by artificial neural network (ANN) models . Agric. Eng. Int.: CIGR J. 16 (2014), 105 -- 111 . Nikrooz Bagheri, Afshin Eyvani, and Nazilla Tarabi. 2014. Performance evaluation of a variable rate application (VRA) system by artificial neural network (ANN) models. Agric. Eng. Int.: CIGR J. 16 (2014), 105--111.","journal-title":"Agric. Eng. Int.: CIGR J."},{"key":"e_1_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/98784.98817"},{"key":"e_1_2_1_14_1","unstructured":"BambenekConsulting. 2020. DGA Feed. Retrieved from https:\/\/bit.ly\/2Yqo1oi.  BambenekConsulting. 2020. DGA Feed. Retrieved from https:\/\/bit.ly\/2Yqo1oi."},{"key":"e_1_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/3128572.3140450"},{"key":"e_1_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2016.07.005"},{"key":"e_1_2_1_17_1","volume-title":"Proceedings of the International Conference on Advances in Neural Information Processing Systems. 577--584","author":"Beal Matthew J.","unstructured":"Matthew J. Beal , Zoubin Ghahramani , and Carl E. Rasmussen . 2002. The infinite hidden Markov model . In Proceedings of the International Conference on Advances in Neural Information Processing Systems. 577--584 . Matthew J. Beal, Zoubin Ghahramani, and Carl E. Rasmussen. 2002. The infinite hidden Markov model. In Proceedings of the International Conference on Advances in Neural Information Processing Systems. 577--584."},{"key":"e_1_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1109\/AINA.2013.157"},{"key":"e_1_2_1_19_1","unstructured":"Vincent Berk Annarita Giani George Cybenko and N. Hanover. 2005. Detection of covert channel encoding in network packet delays. Rapport Technique TR536 de l\u2019Universit\u00e9 de Dartmouth 19 (2005).  Vincent Berk Annarita Giani George Cybenko and N. Hanover. 2005. Detection of covert channel encoding in network packet delays. Rapport Technique TR536 de l\u2019Universit\u00e9 de Dartmouth 19 (2005)."},{"key":"e_1_2_1_20_1","first-page":"10","article-title":"Data center application security: Lateral movement detection of malware using behavioral models. SMU Data Sci","volume":"1","author":"Singh Bhasin Harinder Pal","year":"2018","unstructured":"Harinder Pal Singh Bhasin , Elizabeth Ramsdell , Albert Alva , Rajiv Sreedhar , and Medha Bhadkamkar . 2018 . Data center application security: Lateral movement detection of malware using behavioral models. SMU Data Sci . Rev. 1 , 2 (2018), 10 . Harinder Pal Singh Bhasin, Elizabeth Ramsdell, Albert Alva, Rajiv Sreedhar, and Medha Bhadkamkar. 2018. Data center application security: Lateral movement detection of malware using behavioral models. SMU Data Sci. Rev. 1, 2 (2018), 10.","journal-title":"Rev."},{"key":"e_1_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1109\/SURV.2013.052213.00046"},{"key":"e_1_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.patcog.2018.07.023"},{"key":"e_1_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/2584679"},{"key":"e_1_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/3023872"},{"key":"e_1_2_1_25_1","volume-title":"Tesla Sabotage: A Perfect Storm for Insider Threat.","author":"Blankenship Joseph","year":"2018","unstructured":"Joseph Blankenship . 2018 . Tesla Sabotage: A Perfect Storm for Insider Threat. Retrieved from https:\/\/bit.ly\/2AWFxbr. Joseph Blankenship. 2018. Tesla Sabotage: A Perfect Storm for Insider Threat. Retrieved from https:\/\/bit.ly\/2AWFxbr."},{"key":"e_1_2_1_26_1","unstructured":"Blueliv. 2017. Data breach under GDPR: How threat intelligence can reduce your liabilities. Retrieved from shorturl.at\/apCRU.  Blueliv. 2017. Data breach under GDPR: How threat intelligence can reduce your liabilities. Retrieved from shorturl.at\/apCRU."},{"key":"e_1_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1191\/1478088706qp063oa"},{"key":"e_1_2_1_28_1","volume-title":"Proceedings of the International Conference on Control Instrumentation Communication and Computational Technologies. 350--355","author":"Brindha T.","unstructured":"T. Brindha and R. S. Shaji . 2016. An analysis of data leakage and prevention techniques in cloud environment . In Proceedings of the International Conference on Control Instrumentation Communication and Computational Technologies. 350--355 . T. Brindha and R. S. Shaji. 2016. An analysis of data leakage and prevention techniques in cloud environment. In Proceedings of the International Conference on Control Instrumentation Communication and Computational Technologies. 350--355."},{"key":"e_1_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2015.2494502"},{"key":"e_1_2_1_30_1","volume-title":"Dimension reduction: A guided tour","author":"Burges Christopher J. C.","unstructured":"Christopher J. C. Burges . 2009. Dimension reduction: A guided tour . Now Publishers Inc . Christopher J. C. Burges. 2009. Dimension reduction: A guided tour. Now Publishers Inc."},{"key":"e_1_2_1_31_1","volume-title":"The CERT Guide to Insider Threats: How to Prevent, Detect and Respond to Information Technology Crimes","author":"Cappelli Dawn","unstructured":"Dawn Cappelli , Andrew Moore , and Randall Trzeciak . 2012. The CERT Guide to Insider Threats: How to Prevent, Detect and Respond to Information Technology Crimes . Addison-Wesley Professional . Dawn Cappelli, Andrew Moore, and Randall Trzeciak. 2012. The CERT Guide to Insider Threats: How to Prevent, Detect and Respond to Information Technology Crimes. Addison-Wesley Professional."},{"key":"e_1_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2013.138"},{"key":"e_1_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.compeleceng.2013.11.024"},{"key":"e_1_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-0-387-09823-4_45"},{"key":"e_1_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.5555\/2227057.2227074"},{"key":"e_1_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1109\/EISIC.2017.21"},{"key":"e_1_2_1_37_1","first-page":"63","article-title":"A study on advanced persistent threats","volume":"8735","author":"Chen Ping","year":"2014","unstructured":"Ping Chen , Lieven Desmet , and Christophe Huygens . 2014 . A study on advanced persistent threats . Commun. Multimedia Sec. 8735 (2014), 63 -- 72 . Ping Chen, Lieven Desmet, and Christophe Huygens. 2014. A study on advanced persistent threats. Commun. Multimedia Sec. 8735 (2014), 63--72.","journal-title":"Commun. Multimedia Sec."},{"key":"e_1_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2017.11.007"},{"key":"e_1_2_1_39_1","volume-title":"A case study in security big data analysis. Dark Read. 9","author":"Chickowski Ericka","year":"2012","unstructured":"Ericka Chickowski . 2012. A case study in security big data analysis. Dark Read. 9 ( 2012 ). Ericka Chickowski. 2012. A case study in security big data analysis. Dark Read. 9 (2012)."},{"key":"e_1_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2018.03.050"},{"key":"e_1_2_1_41_1","volume-title":"Empirical evaluation of gated recurrent neural networks on sequence modeling. preprint arXiv:1412.3555","author":"Chung Junyoung","year":"2014","unstructured":"Junyoung Chung , Caglar Gulcehre , KyungHyun Cho , and Yoshua Bengio . 2014. Empirical evaluation of gated recurrent neural networks on sequence modeling. preprint arXiv:1412.3555 ( 2014 ). Junyoung Chung, Caglar Gulcehre, KyungHyun Cho, and Yoshua Bengio. 2014. Empirical evaluation of gated recurrent neural networks on sequence modeling. preprint arXiv:1412.3555 (2014)."},{"key":"e_1_2_1_42_1","unstructured":"Carlos Castillo.2008. Web Spam Detection. Retrieved from https:\/\/chato.cl\/webspam\/.  Carlos Castillo.2008. Web Spam Detection. Retrieved from https:\/\/chato.cl\/webspam\/."},{"key":"e_1_2_1_43_1","unstructured":"Contagio. 2020. Contagio Malware Dump. Retrieved from https:\/\/urlzs.com\/nYZgB.  Contagio. 2020. Contagio Malware Dump. Retrieved from https:\/\/urlzs.com\/nYZgB."},{"key":"e_1_2_1_44_1","unstructured":"Gordon V. Cormack. 2012. Waterloo Spam Rankings for the ClueWeb09 Dataset. Retrieved from https:\/\/plg.uwaterloo.ca\/&sim;gvcormac\/clueweb09spam\/.  Gordon V. Cormack. 2012. Waterloo Spam Rankings for the ClueWeb09 Dataset. Retrieved from https:\/\/plg.uwaterloo.ca\/&sim;gvcormac\/clueweb09spam\/."},{"key":"e_1_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.ins.2013.03.022"},{"key":"e_1_2_1_46_1","volume-title":"2011 International Symposium on Empirical Software Engineering and Measurement. IEEE, 275--284","author":"Daniela","unstructured":"Daniela S. Cruzes and Tore Dyba. 2011. Recommended steps for thematic synthesis in software engineering . In 2011 International Symposium on Empirical Software Engineering and Measurement. IEEE, 275--284 . Daniela S. Cruzes and Tore Dyba. 2011. Recommended steps for thematic synthesis in software engineering. In 2011 International Symposium on Empirical Software Engineering and Measurement. IEEE, 275--284."},{"key":"e_1_2_1_47_1","unstructured":"P\u00e1draig Cunningham and Sarah Jane Delany. 2007. k-nearest neighbour classifiers. arXiv preprint arXiv:2004.04523.  P\u00e1draig Cunningham and Sarah Jane Delany. 2007. k-nearest neighbour classifiers. arXiv preprint arXiv:2004.04523."},{"key":"e_1_2_1_48_1","unstructured":"G Data. 2014. New FrameworkPOS Variant Exfiltrates Data Via DNS Requests | G DATA. Retrieved from https:\/\/bit.ly\/2AXibTl.  G Data. 2014. New FrameworkPOS Variant Exfiltrates Data Via DNS Requests | G DATA. Retrieved from https:\/\/bit.ly\/2AXibTl."},{"key":"e_1_2_1_49_1","unstructured":"Exploit Database. 2020. Exploit Database Submission Guidelines. Retrieved from https:\/\/www.exploit-db.com\/submit.  Exploit Database. 2020. Exploit Database Submission Guidelines. Retrieved from https:\/\/www.exploit-db.com\/submit."},{"key":"e_1_2_1_50_1","volume-title":"International Conference on Enterprise Information Systems (ICEIS\u201910)","author":"Devesa Jaime","year":"2010","unstructured":"Jaime Devesa , Igor Santos , Xabier Cantero , Yoseba K. Penya , and Pablo Garcia Bringas . 2010 . Automatic behaviour-based analysis and classification system for malware detection . International Conference on Enterprise Information Systems (ICEIS\u201910) (2) 2 (2010), 395--399. Jaime Devesa, Igor Santos, Xabier Cantero, Yoseba K. Penya, and Pablo Garcia Bringas. 2010. Automatic behaviour-based analysis and classification system for malware detection. International Conference on Enterprise Information Systems (ICEIS\u201910) (2) 2 (2010), 395--399."},{"key":"e_1_2_1_51_1","unstructured":"Xian Du. 2011. Data mining and machine learning in cybersecurity. Data Mining Mach. Learn. Cybersec. (2011).  Xian Du. 2011. Data mining and machine learning in cybersecurity. Data Mining Mach. Learn. Cybersec. (2011)."},{"key":"e_1_2_1_52_1","unstructured":"Dheeru Dua and Casey Graff. 2017. UCI Machine Learning Repository. Retrieved from http:\/\/archive.ics.uci.edu\/ml.  Dheeru Dua and Casey Graff. 2017. UCI Machine Learning Repository. Retrieved from http:\/\/archive.ics.uci.edu\/ml."},{"key":"e_1_2_1_53_1","volume-title":"Data mining and machine learning in cybersecurity","author":"Dua Sumeet","unstructured":"Sumeet Dua and Xian Du. 2016. Data mining and machine learning in cybersecurity . CRC Press . Sumeet Dua and Xian Du. 2016. Data mining and machine learning in cybersecurity. CRC Press."},{"key":"e_1_2_1_54_1","unstructured":"Elastic. 2021. Download Winlogbeat | Ship Windows Event Logs | Elastic | Elastic. Retrieved from https:\/\/www.elastic.co\/downloads\/beats\/winlogbeat.  Elastic. 2021. Download Winlogbeat | Ship Windows Event Logs | Elastic | Elastic. Retrieved from https:\/\/www.elastic.co\/downloads\/beats\/winlogbeat."},{"key":"e_1_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1023\/A:1007465528199"},{"key":"e_1_2_1_57_1","volume-title":"please! A critical review of neural attention models in natural language processing. preprint arXiv:1902.02181","author":"Galassi Andrea","year":"2019","unstructured":"Andrea Galassi , Marco Lippi , and Paolo Torroni . 2019. Attention , please! A critical review of neural attention models in natural language processing. preprint arXiv:1902.02181 ( 2019 ). Andrea Galassi, Marco Lippi, and Paolo Torroni. 2019. Attention, please! A critical review of neural attention models in natural language processing. preprint arXiv:1902.02181 (2019)."},{"key":"e_1_2_1_58_1","volume-title":"Understanding, Denying and Detecting-A review of malware C2 techniques, detection and defences. arXiv preprint arXiv:1408.1136","author":"Gardiner Joseph","year":"2014","unstructured":"Joseph Gardiner , Marco Cova , and Shishir Nagaraja . 2014. Command & Control : Understanding, Denying and Detecting-A review of malware C2 techniques, detection and defences. arXiv preprint arXiv:1408.1136 ( 2014 ). Joseph Gardiner, Marco Cova, and Shishir Nagaraja. 2014. Command & Control: Understanding, Denying and Detecting-A review of malware C2 techniques, detection and defences. arXiv preprint arXiv:1408.1136 (2014)."},{"key":"e_1_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.1145\/2665943.2665948"},{"key":"e_1_2_1_60_1","volume-title":"Proceedings of the International Conference on Information Science and Security (ICISS\u201916)","author":"Gharib Amirhossein","unstructured":"Amirhossein Gharib , Iman Sharafaldin , Arash Habibi Lashkari , and Ali A. Ghorbani . 2016. An evaluation framework for intrusion detection dataset . In Proceedings of the International Conference on Information Science and Security (ICISS\u201916) . IEEE, 1--6. Amirhossein Gharib, Iman Sharafaldin, Arash Habibi Lashkari, and Ali A. Ghorbani. 2016. An evaluation framework for intrusion detection dataset. In Proceedings of the International Conference on Information Science and Security (ICISS\u201916). IEEE, 1--6."},{"key":"e_1_2_1_61_1","volume-title":"word2vec explained: Deriving Mikolov et\u00a0al.\u2019s negative-sampling word-embedding method. preprint arXiv:1402.3722","author":"Goldberg Yoav","year":"2014","unstructured":"Yoav Goldberg and Omer Levy . 2014. word2vec explained: Deriving Mikolov et\u00a0al.\u2019s negative-sampling word-embedding method. preprint arXiv:1402.3722 ( 2014 ). Yoav Goldberg and Omer Levy. 2014. word2vec explained: Deriving Mikolov et\u00a0al.\u2019s negative-sampling word-embedding method. preprint arXiv:1402.3722 (2014)."},{"key":"e_1_2_1_62_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-44257-0_8"},{"key":"e_1_2_1_64_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2009.02.037"},{"key":"e_1_2_1_65_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2016.12.035"},{"key":"e_1_2_1_66_1","volume-title":"Proceedings of the 20th IEEE\/ACM International Conference on Automated Software Engineering. 174--183","author":"William G.","unstructured":"William G. J. Halfond and Alessandro Orso. 2005. AMNESIA: Analysis and monitoring for Neutralizing SQL-injection attacks . In Proceedings of the 20th IEEE\/ACM International Conference on Automated Software Engineering. 174--183 . William G. J. Halfond and Alessandro Orso. 2005. AMNESIA: Analysis and monitoring for Neutralizing SQL-injection attacks. In Proceedings of the 20th IEEE\/ACM International Conference on Automated Software Engineering. 174--183."},{"key":"e_1_2_1_67_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2011.103"},{"key":"e_1_2_1_68_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-24584-3_11"},{"key":"e_1_2_1_69_1","doi-asserted-by":"publisher","DOI":"10.4310\/SII.2009.v2.n3.a8"},{"key":"e_1_2_1_70_1","volume-title":"Gillies","author":"Hira Zena M.","year":"2015","unstructured":"Zena M. Hira and Duncan F . Gillies . 2015 . A review of feature selection and feature extraction methods applied on microarray data. Advances in Bioinformatics ( 2015). Zena M. Hira and Duncan F. Gillies. 2015. A review of feature selection and feature extraction methods applied on microarray data. Advances in Bioinformatics (2015)."},{"key":"e_1_2_1_71_1","doi-asserted-by":"publisher","DOI":"10.1162\/neco.1997.9.8.1735"},{"key":"e_1_2_1_72_1","first-page":"1","article-title":"Measurements and mitigation of peer-to-peer-based botnets: A case study on storm worm","volume":"8","author":"Holz Thorsten","year":"2008","unstructured":"Thorsten Holz , Moritz Steiner , Frederic Dahl , Ernst Biersack , and Felix Freiling . 2008 . Measurements and mitigation of peer-to-peer-based botnets: A case study on storm worm . Leet 8 , 1 (2008), 1 -- 9 . Thorsten Holz, Moritz Steiner, Frederic Dahl, Ernst Biersack, and Felix Freiling. 2008. Measurements and mitigation of peer-to-peer-based botnets: A case study on storm worm. Leet 8, 1 (2008), 1--9.","journal-title":"Leet"},{"key":"e_1_2_1_73_1","doi-asserted-by":"publisher","DOI":"10.1145\/3303771"},{"key":"e_1_2_1_74_1","doi-asserted-by":"publisher","DOI":"10.1145\/2500892"},{"key":"e_1_2_1_75_1","doi-asserted-by":"publisher","DOI":"10.1007\/s13389-011-0023-x"},{"key":"e_1_2_1_76_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2017.2770124"},{"key":"e_1_2_1_77_1","unstructured":"IBM. 2018. 2018 cost of data breach study. Retrieved from https:\/\/ibm.co\/2Zu2IRp.  IBM. 2018. 2018 cost of data breach study. Retrieved from https:\/\/ibm.co\/2Zu2IRp."},{"key":"e_1_2_1_78_1","unstructured":"Advanced Research in Cyber Systems. 2015. Comprehensive Multi-Source Cyber-Security Events - Cyber Security Research. Retrieved from https:\/\/csr.lanl.gov\/data\/cyber1\/.  Advanced Research in Cyber Systems. 2015. Comprehensive Multi-Source Cyber-Security Events - Cyber Security Research. Retrieved from https:\/\/csr.lanl.gov\/data\/cyber1\/."},{"key":"e_1_2_1_79_1","unstructured":"InfoBlox. 2020. DDI (Secure DNS DHCP IPAM). Retrieved from https:\/\/bit.ly\/2CbxdFH.  InfoBlox. 2020. DDI (Secure DNS DHCP IPAM). Retrieved from https:\/\/bit.ly\/2CbxdFH."},{"key":"e_1_2_1_80_1","unstructured":"Infosec. 2020. ICMP Reverse Shell. Retrieved from https:\/\/bit.ly\/2XRvLQZ.  Infosec. 2020. ICMP Reverse Shell. Retrieved from https:\/\/bit.ly\/2XRvLQZ."},{"key":"e_1_2_1_81_1","doi-asserted-by":"publisher","DOI":"10.1145\/3305268"},{"key":"e_1_2_1_82_1","unstructured":"ITRC. 2018. End of the year data breach report. Retrieved from https:\/bit.ly\/2wZb9bd.  ITRC. 2018. End of the year data breach report. Retrieved from https:\/bit.ly\/2wZb9bd."},{"key":"e_1_2_1_83_1","unstructured":"IWSPA. 2018. IWSPA-AP\/data at Master BarathiGanesh-HB\/IWSPA-AP. Retrieved from https:\/\/bit.ly\/3gz3tmg.  IWSPA. 2018. IWSPA-AP\/data at Master BarathiGanesh-HB\/IWSPA-AP. Retrieved from https:\/\/bit.ly\/3gz3tmg."},{"key":"e_1_2_1_84_1","unstructured":"IWSPA. 2018. Security and Privacy Analytics Anti-Phishing Shared Task. Retrieved from https:\/\/dasavisha.github.io\/IWSPA-sharedtask\/.  IWSPA. 2018. Security and Privacy Analytics Anti-Phishing Shared Task. Retrieved from https:\/\/dasavisha.github.io\/IWSPA-sharedtask\/."},{"key":"e_1_2_1_85_1","volume-title":"Attention is not explanation. preprint arXiv:1902.10186","author":"Jain Sarthak","year":"2019","unstructured":"Sarthak Jain and Byron C Wallace . 2019. Attention is not explanation. preprint arXiv:1902.10186 ( 2019 ). Sarthak Jain and Byron C Wallace. 2019. Attention is not explanation. preprint arXiv:1902.10186 (2019)."},{"key":"e_1_2_1_86_1","doi-asserted-by":"publisher","DOI":"10.1109\/NBiS.2012.139"},{"key":"e_1_2_1_87_1","unstructured":"Jose. 2019. Index of Jose\/phishing. Retrieved from https:\/\/monkey.org\/&sim;jose\/phishing\/.  Jose. 2019. Index of Jose\/phishing. Retrieved from https:\/\/monkey.org\/&sim;jose\/phishing\/."},{"key":"e_1_2_1_88_1","doi-asserted-by":"publisher","DOI":"10.1109\/MIPRO.2015.7160458"},{"key":"e_1_2_1_89_1","doi-asserted-by":"publisher","DOI":"10.1145\/950191.950192"},{"key":"e_1_2_1_90_1","volume-title":"Martin","author":"Jurafsky Daniel","year":"2014","unstructured":"Daniel Jurafsky and James H . Martin . 2014 . N-Grams. Speech and Language Processing . 1--28. Daniel Jurafsky and James H. Martin. 2014. N-Grams. Speech and Language Processing. 1--28."},{"key":"e_1_2_1_91_1","unstructured":"Kaspersky. 2018. Denis and Co. | Securelist. Retrieved from https:\/\/securelist.com\/denis-and-company\/83671\/.  Kaspersky. 2018. Denis and Co. | Securelist. Retrieved from https:\/\/securelist.com\/denis-and-company\/83671\/."},{"key":"e_1_2_1_92_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2017.09.053"},{"key":"e_1_2_1_93_1","doi-asserted-by":"publisher","DOI":"10.5121\/ijnsa.2017.9502"},{"key":"e_1_2_1_94_1","doi-asserted-by":"publisher","DOI":"10.1109\/MS.2018.3571224"},{"key":"e_1_2_1_95_1","first-page":"10","article-title":"Automating feature engineering","volume":"10","author":"Khurana Udayan","year":"2016","unstructured":"Udayan Khurana , Fatemeh Nargesian , Horst Samulowitz , Elias Khalil , and Deepak Turaga . 2016 . Automating feature engineering . Transformation 10 , 10 (2016), 10 . Udayan Khurana, Fatemeh Nargesian, Horst Samulowitz, Elias Khalil, and Deepak Turaga. 2016. Automating feature engineering. Transformation 10, 10 (2016), 10.","journal-title":"Transformation"},{"key":"e_1_2_1_96_1","volume-title":"Guidelines for performing systematic literature reviews in software engineering version 2.3. Engineering","author":"Kitchenham Barbara","year":"2007","unstructured":"Barbara Kitchenham and Stuart Charters . 2007. Guidelines for performing systematic literature reviews in software engineering version 2.3. Engineering ( 2007 ). Barbara Kitchenham and Stuart Charters. 2007. Guidelines for performing systematic literature reviews in software engineering version 2.3. Engineering (2007)."},{"key":"e_1_2_1_97_1","volume-title":"Logistic Regression","author":"Kleinbaum David G.","unstructured":"David G. Kleinbaum , K. Dietz , M. Gail , Mitchel Klein , and Mitchell Klein . 2002. Logistic Regression . Springer , New York . David G. Kleinbaum, K. Dietz, M. Gail, Mitchel Klein, and Mitchell Klein. 2002. Logistic Regression. Springer, New York."},{"key":"e_1_2_1_98_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-30115-8_22"},{"key":"e_1_2_1_99_1","volume-title":"Proceedings of the 14th International Joint Conference on Artificial Intelligence.","author":"Kohavi R.","year":"1995","unstructured":"R. Kohavi . 1995 . A study of cross-validation and bootstrap for accuracy estimation and model selection . In Proceedings of the 14th International Joint Conference on Artificial Intelligence. R. Kohavi. 1995. A study of cross-validation and bootstrap for accuracy estimation and model selection. In Proceedings of the 14th International Joint Conference on Artificial Intelligence."},{"key":"e_1_2_1_100_1","first-page":"1","article-title":"Wrappers for feature subset selection","volume":"97","author":"Kohavi Ron","year":"2002","unstructured":"Ron Kohavi and George H. John . 2002 . Wrappers for feature subset selection . Artif. Intell. 97 , 1 -- 2 (1997), 273--324. Ron Kohavi and George H. John. 2002. Wrappers for feature subset selection. Artif. Intell. 97, 1--2 (1997), 273--324.","journal-title":"Artif. Intell."},{"key":"e_1_2_1_101_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10462-011-9272-4"},{"key":"e_1_2_1_102_1","unstructured":"KrebsOnSecurity. 2019. Wipro data breach. Retrieved from https:\/\/bit.ly\/2ovvCUE.  KrebsOnSecurity. 2019. Wipro data breach. Retrieved from https:\/\/bit.ly\/2ovvCUE."},{"key":"e_1_2_1_103_1","volume-title":"Proceedings of the International Conference on Advances in Neural Information Processing Systems. 1097--1105","author":"Krizhevsky Alex","unstructured":"Alex Krizhevsky , Ilya Sutskever , and Geoffrey E. Hinton . 2012. Imagenet classification with deep convolutional neural networks . In Proceedings of the International Conference on Advances in Neural Information Processing Systems. 1097--1105 . Alex Krizhevsky, Ilya Sutskever, and Geoffrey E. Hinton. 2012. Imagenet classification with deep convolutional neural networks. In Proceedings of the International Conference on Advances in Neural Information Processing Systems. 1097--1105."},{"key":"e_1_2_1_104_1","unstructured":"MIT Lincoln Laboratory. 1998. 1998 DARPA Intrusion Detection Evaluation Dataset. Retrieved from https:\/\/www.ll.mit.edu\/r-d\/datasets\/1998-darpa-intrusion-detection-evaluation-dataset.  MIT Lincoln Laboratory. 1998. 1998 DARPA Intrusion Detection Evaluation Dataset. Retrieved from https:\/\/www.ll.mit.edu\/r-d\/datasets\/1998-darpa-intrusion-detection-evaluation-dataset."},{"key":"e_1_2_1_105_1","volume-title":"Proceedings of the DARPA Information Survivability Conference and Exposition II (DISCEX\u201901)","author":"Lee Wenke","year":"2001","unstructured":"Wenke Lee , S. J. Stolfo , P. K. Chan , E. Eskin , Wei Fan , M. Miller , S. Hershkop , and Junxin Zhang . 2001 . Real time data mining-based intrusion detection . In Proceedings of the DARPA Information Survivability Conference and Exposition II (DISCEX\u201901) . Wenke Lee, S. J. Stolfo, P. K. Chan, E. Eskin, Wei Fan, M. Miller, S. Hershkop, and Junxin Zhang. 2001. Real time data mining-based intrusion detection. In Proceedings of the DARPA Information Survivability Conference and Exposition II (DISCEX\u201901)."},{"key":"e_1_2_1_106_1","first-page":"152","article-title":"Applying the hidden Markov model methodology for unsupervised learning of temporal data. Int. J. Knowl.-based","volume":"6","author":"Li Cen","year":"2002","unstructured":"Cen Li and Gautam Biswas . 2002 . Applying the hidden Markov model methodology for unsupervised learning of temporal data. Int. J. Knowl.-based Intell. Eng. Syst. 6 , 3 (2002), 152 -- 160 . Cen Li and Gautam Biswas. 2002. Applying the hidden Markov model methodology for unsupervised learning of temporal data. Int. J. Knowl.-based Intell. Eng. Syst. 6, 3 (2002), 152--160.","journal-title":"Intell. Eng. Syst."},{"key":"e_1_2_1_107_1","volume-title":"Proceedings of the International Conference on Machine Learning and Cybernetics. IEEE, 3077--3081","author":"Li Kun-Lun","year":"2003","unstructured":"Kun-Lun Li , Hou-Kuan Huang , Sheng-Feng Tian , and Wei Xu . 2003 . Improving one-class SVM for anomaly detection . In Proceedings of the International Conference on Machine Learning and Cybernetics. IEEE, 3077--3081 . Kun-Lun Li, Hou-Kuan Huang, Sheng-Feng Tian, and Wei Xu. 2003. Improving one-class SVM for anomaly detection. In Proceedings of the International Conference on Machine Learning and Cybernetics. IEEE, 3077--3081."},{"key":"e_1_2_1_108_1","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2018.2800740"},{"key":"e_1_2_1_109_1","volume-title":"Proceedings of the 26th International Conference on Machine Learning. 681--688","author":"Ma Justin","unstructured":"Justin Ma , Lawrence K. Saul , Stefan Savage , and Geoffrey M. Voelker . 2009. Identifying suspicious URLs: An application of large-scale online learning . In Proceedings of the 26th International Conference on Machine Learning. 681--688 . Justin Ma, Lawrence K. Saul, Stefan Savage, and Geoffrey M. Voelker. 2009. Identifying suspicious URLs: An application of large-scale online learning. In Proceedings of the 26th International Conference on Machine Learning. 681--688."},{"key":"e_1_2_1_110_1","volume-title":"Chan","author":"Mahoney Matthew V.","year":"2003","unstructured":"Matthew V. Mahoney and Philip K . Chan . 2003 . An analysis of the 1999 DARPA\/Lincoln Laboratory evaluation data for network anomaly detection. In Proceedings of the International Workshop on Recent Advances in Intrusion Detection. Springer , 220--237. Matthew V. Mahoney and Philip K. Chan. 2003. An analysis of the 1999 DARPA\/Lincoln Laboratory evaluation data for network anomaly detection. In Proceedings of the International Workshop on Recent Advances in Intrusion Detection. Springer, 220--237."},{"key":"e_1_2_1_111_1","unstructured":"Mcafee. 2020. Grand theft data REPORT: Data exfiltration study: Actors tactics and detection. Retrieved from https:\/\/bit.ly\/36c2XVP.  Mcafee. 2020. Grand theft data REPORT: Data exfiltration study: Actors tactics and detection. Retrieved from https:\/\/bit.ly\/36c2XVP."},{"key":"e_1_2_1_112_1","doi-asserted-by":"publisher","DOI":"10.1145\/382912.382923"},{"key":"e_1_2_1_113_1","doi-asserted-by":"publisher","DOI":"10.1111\/j.1467-9868.2010.00740.x"},{"key":"e_1_2_1_114_1","volume-title":"Support vector machines. R News","author":"Meyer David","year":"2001","unstructured":"David Meyer . 2001. Support vector machines. R News ( 2001 ). David Meyer. 2001. Support vector machines. R News (2001)."},{"key":"e_1_2_1_115_1","unstructured":"Microsoft. 2021. Sysmon - Windows Sysinternals | Microsoft Docs. Retrieved from https:\/\/bit.ly\/2zu3yGG.  Microsoft. 2021. Sysmon - Windows Sysinternals | Microsoft Docs. Retrieved from https:\/\/bit.ly\/2zu3yGG."},{"key":"e_1_2_1_116_1","first-page":"2","article-title":"The N-intertwined SIS epidemic network model","volume":"93","author":"Mieghem Piet Van","year":"2011","unstructured":"Piet Van Mieghem . 2011 . The N-intertwined SIS epidemic network model . Computing 93 , 2 -- 4 (2011), 147--169. Piet Van Mieghem. 2011. The N-intertwined SIS epidemic network model. Computing 93, 2--4 (2011), 147--169.","journal-title":"Computing"},{"key":"e_1_2_1_117_1","doi-asserted-by":"publisher","DOI":"10.21437\/Interspeech.2010-343"},{"key":"e_1_2_1_118_1","volume-title":"The Discipline of Machine Learning","author":"Mitchell Tom Michael","unstructured":"Tom Michael Mitchell . 2006. The Discipline of Machine Learning . Vol. 9 . Carnegie Mellon University, School of Computer Science, Machine Learning Department . Tom Michael Mitchell. 2006. The Discipline of Machine Learning. Vol. 9. Carnegie Mellon University, School of Computer Science, Machine Learning Department."},{"key":"e_1_2_1_119_1","doi-asserted-by":"publisher","DOI":"10.1049\/iet-ifs.2013.0202"},{"key":"e_1_2_1_120_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2017.02.001"},{"key":"e_1_2_1_121_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2007.21"},{"key":"e_1_2_1_122_1","doi-asserted-by":"publisher","DOI":"10.1109\/MilCIS.2015.7348942"},{"key":"e_1_2_1_123_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-08786-3_34"},{"key":"e_1_2_1_124_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2018.03.001"},{"key":"e_1_2_1_125_1","doi-asserted-by":"publisher","DOI":"10.1186\/s40537-019-0229-9"},{"key":"e_1_2_1_126_1","unstructured":"University of Birmingham. 2012. leakiEst Malicious JavaScript Example Dataset. Retrieved from https:\/\/bit.ly\/3dUn26l.  University of Birmingham. 2012. leakiEst Malicious JavaScript Example Dataset. Retrieved from https:\/\/bit.ly\/3dUn26l."},{"key":"e_1_2_1_127_1","unstructured":"Athens University of Economics and Business. 2020. The Enron-Spam Datasets. Retrieved from https:\/\/bit.ly\/30LqFrB.  Athens University of Economics and Business. 2020. The Enron-Spam Datasets. Retrieved from https:\/\/bit.ly\/30LqFrB."},{"key":"e_1_2_1_128_1","unstructured":"OpenPhish. 2020. Phishing Intelligence. Retrieved from https:\/\/openphish.com\/.  OpenPhish. 2020. Phishing Intelligence. Retrieved from https:\/\/openphish.com\/."},{"key":"e_1_2_1_129_1","volume-title":"Pal and Sushmita Mitra","author":"Sankar","year":"1992","unstructured":"Sankar K. Pal and Sushmita Mitra . 1992 . Multilayer perceptron, fuzzy sets, classifcation. (1992). Sankar K. Pal and Sushmita Mitra. 1992. Multilayer perceptron, fuzzy sets, classifcation. (1992)."},{"key":"e_1_2_1_130_1","doi-asserted-by":"publisher","DOI":"10.1016\/S1389-1286(99)00112-7"},{"key":"e_1_2_1_131_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.engappai.2006.01.003"},{"key":"e_1_2_1_132_1","unstructured":"PhishTank. 2020. PhishTank | Join the Fight Against Phishing. Retrieved from https:\/\/www.phishtank.com\/.  PhishTank. 2020. PhishTank | Join the Fight Against Phishing. Retrieved from https:\/\/www.phishtank.com\/."},{"key":"e_1_2_1_133_1","unstructured":"Daniel Plohmann. 2020. DGArchive - Fraunhofer FKIE. Retrieved from https:\/\/bit.ly\/2MSUiip.  Daniel Plohmann. 2020. DGArchive - Fraunhofer FKIE. Retrieved from https:\/\/bit.ly\/2MSUiip."},{"key":"e_1_2_1_134_1","volume-title":"Proceedings of the USENIX Security Symposium.","author":"Provos Niels","year":"2003","unstructured":"Niels Provos , Markus Friedl , and Peter Honeyman . 2003 . Preventing privilege escalation . In Proceedings of the USENIX Security Symposium. Niels Provos, Markus Friedl, and Peter Honeyman. 2003. Preventing privilege escalation. In Proceedings of the USENIX Security Symposium."},{"key":"e_1_2_1_135_1","unstructured":"Dragomir Radev. 2008. CLAIR Collection of Fraud Email (Repository) - ACL Wiki. Retrieved from https:\/\/bit.ly\/2W5QE9f.  Dragomir Radev. 2008. CLAIR Collection of Fraud Email (Repository) - ACL Wiki. Retrieved from https:\/\/bit.ly\/2W5QE9f."},{"key":"e_1_2_1_136_1","volume-title":"Proceedings of the 6th Symposium on Information Assurance (ASIA\u201911)","author":"Raman Preeti","year":"2011","unstructured":"Preeti Raman , Hilmi G\u00fcne\u015f Kayac\u0131k , and Anil Somayaji . 2011 . Understanding data leak prevention . In Proceedings of the 6th Symposium on Information Assurance (ASIA\u201911) . Citeseer, 27. Preeti Raman, Hilmi G\u00fcne\u015f Kayac\u0131k, and Anil Somayaji. 2011. Understanding data leak prevention. In Proceedings of the 6th Symposium on Information Assurance (ASIA\u201911). Citeseer, 27."},{"key":"e_1_2_1_137_1","unstructured":"Hex Rays. 2020. IDA PRO. Retrieved from https:\/\/www.hex-rays.com\/products\/ida\/.  Hex Rays. 2020. IDA PRO. Retrieved from https:\/\/www.hex-rays.com\/products\/ida\/."},{"key":"e_1_2_1_138_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-34156-4_29"},{"key":"e_1_2_1_139_1","volume-title":"Gaussian mixture models.Encyc. Biomet. 741","author":"Reynolds Douglas A.","year":"2009","unstructured":"Douglas A. Reynolds . 2009. Gaussian mixture models.Encyc. Biomet. 741 ( 2009 ). Douglas A. Reynolds. 2009. Gaussian mixture models.Encyc. Biomet. 741 (2009)."},{"key":"e_1_2_1_140_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2019.06.005"},{"key":"e_1_2_1_141_1","unstructured":"RiskAnalytics. 2018. DNS-BH -- Malware Domain Blocklist. Retrieved from https:\/\/www.malwaredomains.com\/.  RiskAnalytics. 2018. DNS-BH -- Malware Domain Blocklist. Retrieved from https:\/\/www.malwaredomains.com\/."},{"key":"e_1_2_1_142_1","doi-asserted-by":"publisher","DOI":"10.1111\/ecog.02881"},{"key":"e_1_2_1_143_1","volume-title":"International Workshop on Digital Watermarking. Springer","author":"Sallee Phil","year":"2011","unstructured":"Phil Sallee . 2011 . Model-based steganography . In International Workshop on Digital Watermarking. Springer , Berlin, Heidelberg, 154--167. Phil Sallee. 2011. Model-based steganography. In International Workshop on Digital Watermarking. Springer, Berlin, Heidelberg, 154--167."},{"key":"e_1_2_1_144_1","volume-title":"Bridging the Geographic Information Science","author":"Santos Maribel Yasmina","unstructured":"Maribel Yasmina Santos , Joaquim P. Silva , Joao Moura-Pires , and Monica Wachowicz . 2012. Automated traffic route identification through the shared nearest neighbour algorithm . In Bridging the Geographic Information Science . Springer , 231--248. Maribel Yasmina Santos, Joaquim P. Silva, Joao Moura-Pires, and Monica Wachowicz. 2012. Automated traffic route identification through the shared nearest neighbour algorithm. In Bridging the Geographic Information Science. Springer, 231--248."},{"key":"e_1_2_1_145_1","doi-asserted-by":"crossref","unstructured":"Mark Schwabacher. 2005. A survey of data-driven prognostics. In Infotech@ Aerospace. 7002.  Mark Schwabacher. 2005. A survey of data-driven prognostics. In Infotech@ Aerospace. 7002.","DOI":"10.2514\/6.2005-7002"},{"key":"e_1_2_1_146_1","volume-title":"Smith","author":"Serrano Sofia","year":"2019","unstructured":"Sofia Serrano and Noah A . Smith . 2019 . Is attention interpretable?preprint arXiv:1906.03731 (2019). Sofia Serrano and Noah A. Smith. 2019. Is attention interpretable?preprint arXiv:1906.03731 (2019)."},{"key":"e_1_2_1_147_1","volume-title":"A survey of data leakage detection and prevention solutions","author":"Shabtai Asaf","unstructured":"Asaf Shabtai , Yuval Elovici , and Lior Rokach . 2012. A survey of data leakage detection and prevention solutions . Springer Science & Business Media . Asaf Shabtai, Yuval Elovici, and Lior Rokach. 2012. A survey of data leakage detection and prevention solutions. Springer Science & Business Media."},{"key":"e_1_2_1_148_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2017.2685629"},{"key":"e_1_2_1_149_1","doi-asserted-by":"publisher","DOI":"10.1109\/TENCON.2008.4766847"},{"key":"e_1_2_1_150_1","volume-title":"Proceedings of the Mexican International Conference on Artificial Intelligence. Springer, 1--11","author":"Sidorov Grigori","year":"2012","unstructured":"Grigori Sidorov , Francisco Velasquez , Efstathios Stamatatos , Alexander Gelbukh , and Liliana Chanona-Hern\u00e1ndez . 2012 . Syntactic dependency-based n-grams as classification features . In Proceedings of the Mexican International Conference on Artificial Intelligence. Springer, 1--11 . Grigori Sidorov, Francisco Velasquez, Efstathios Stamatatos, Alexander Gelbukh, and Liliana Chanona-Hern\u00e1ndez. 2012. Syntactic dependency-based n-grams as classification features. In Proceedings of the Mexican International Conference on Artificial Intelligence. Springer, 1--11."},{"key":"e_1_2_1_151_1","doi-asserted-by":"publisher","DOI":"10.1007\/s11227-016-1850-4"},{"key":"e_1_2_1_152_1","volume-title":"Proceedings of the 4th International Workshop on Feature Selection in Data Mining 10","author":"Singh Sanasam Ranbir","year":"2010","unstructured":"Sanasam Ranbir Singh , Hema A. Murthy , Timothy A. Gonsalves et\u00a0al. 2010. Feature selection for text classification based on Gini coefficient of inequality . In Proceedings of the 4th International Workshop on Feature Selection in Data Mining 10 ( 2010 ), 76--85. Sanasam Ranbir Singh, Hema A. Murthy, Timothy A. Gonsalves et\u00a0al. 2010. Feature selection for text classification based on Gini coefficient of inequality. In Proceedings of the 4th International Workshop on Feature Selection in Data Mining 10 (2010), 76--85."},{"key":"e_1_2_1_153_1","doi-asserted-by":"publisher","DOI":"10.5555\/2319039.2320637"},{"key":"e_1_2_1_154_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134077"},{"key":"e_1_2_1_155_1","unstructured":"SQLMAP. 2020. Automatic SQL Injection and Database Takeover Tool. Retrieved from http:\/\/sqlmap.org\/.  SQLMAP. 2020. Automatic SQL Injection and Database Takeover Tool. Retrieved from http:\/\/sqlmap.org\/."},{"key":"e_1_2_1_156_1","unstructured":"Matija Stevanovic and Jens Myrup Pedersen. 2013. Machine learning for identifying botnet network traffic. (2013).  Matija Stevanovic and Jens Myrup Pedersen. 2013. Machine learning for identifying botnet network traffic. (2013)."},{"key":"e_1_2_1_157_1","doi-asserted-by":"publisher","DOI":"10.1109\/EC2ND.2009.10"},{"key":"e_1_2_1_158_1","doi-asserted-by":"publisher","DOI":"10.1109\/WCCAIS.2014.6916624"},{"key":"e_1_2_1_159_1","volume-title":"An analysis of attention mechanisms: The case of word sense disambiguation in neural machine translation. preprint arXiv:1810.07595","author":"Tang Gongbo","year":"2018","unstructured":"Gongbo Tang , Rico Sennrich , and Joakim Nivre . 2018. An analysis of attention mechanisms: The case of word sense disambiguation in neural machine translation. preprint arXiv:1810.07595 ( 2018 ). Gongbo Tang, Rico Sennrich, and Joakim Nivre. 2018. An analysis of attention mechanisms: The case of word sense disambiguation in neural machine translation. preprint arXiv:1810.07595 (2018)."},{"key":"e_1_2_1_160_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-11261-4_11"},{"key":"e_1_2_1_161_1","volume-title":"Proceeding of the 4th International Conference on Data Mining. 217--224","author":"Thabtah F.","unstructured":"F. Thabtah , P. Cowling , and Y. Peng . 2004. A new multi-class, multi-label associative classification approach . In Proceeding of the 4th International Conference on Data Mining. 217--224 . F. Thabtah, P. Cowling, and Y. Peng. 2004. A new multi-class, multi-label associative classification approach. In Proceeding of the 4th International Conference on Data Mining. 217--224."},{"key":"e_1_2_1_162_1","unstructured":"Theo Thimou. 2018. What We Know About the Alleged SunTrust Data Breach. Retrieved from https:\/\/bit.ly\/3d6fxZE.  Theo Thimou. 2018. What We Know About the Alleged SunTrust Data Breach. Retrieved from https:\/\/bit.ly\/3d6fxZE."},{"key":"e_1_2_1_163_1","first-page":"103","article-title":"Reinforcement learning: An introduction","volume":"21","author":"Thrun Sebastian","year":"2000","unstructured":"Sebastian Thrun and Michael L. Littman . 2000 . Reinforcement learning: An introduction . AI Mag. 21 , 1 (2000), 103 -- 103 . Sebastian Thrun and Michael L. Littman. 2000. Reinforcement learning: An introduction. AI Mag. 21, 1 (2000), 103--103.","journal-title":"AI Mag."},{"key":"e_1_2_1_164_1","unstructured":"The NewYork Times. 2010. Researchers trace data theft to intruders in China. Retrieved from https:\/\/nyti.ms\/3glzxJC.  The NewYork Times. 2010. Researchers trace data theft to intruders in China. Retrieved from https:\/\/nyti.ms\/3glzxJC."},{"key":"e_1_2_1_165_1","unstructured":"Kali Tools. 2020. Dns2tcp Penetration Testing Tools. Retrieved from https:\/\/bit.ly\/37pv1pf.  Kali Tools. 2020. Dns2tcp Penetration Testing Tools. Retrieved from https:\/\/bit.ly\/37pv1pf."},{"key":"e_1_2_1_166_1","doi-asserted-by":"publisher","DOI":"10.5120\/2400-3193"},{"key":"e_1_2_1_167_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2019.01.051"},{"key":"e_1_2_1_168_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2017.10.016"},{"key":"e_1_2_1_169_1","volume-title":"Muhammad Ali Babar, David Hutchison, and Ruzanna Chitchyan.","author":"Rashid Awais","year":"2014","unstructured":"Awais Rashid , Rajiv Ramdhany , Matthew Edwards , Sarah Kibirige Mukisa , Muhammad Ali Babar, David Hutchison, and Ruzanna Chitchyan. 2014 . Detecting and preventing data exfiltration. Awais Rashid, Rajiv Ramdhany, Matthew Edwards, Sarah Kibirige Mukisa, Muhammad Ali Babar, David Hutchison, and Ruzanna Chitchyan. 2014. Detecting and preventing data exfiltration."},{"key":"e_1_2_1_170_1","volume-title":"Proceedings of the International Conference on Advances in Neural Information Processing Systems. 5998--6008","author":"Vaswani Ashish","year":"2017","unstructured":"Ashish Vaswani , Noam Shazeer , Niki Parmar , Jakob Uszkoreit , Llion Jones , Aidan N. Gomez , \u0141ukasz Kaiser , and Illia Polosukhin . 2017 . Attention is all you need . In Proceedings of the International Conference on Advances in Neural Information Processing Systems. 5998--6008 . Ashish Vaswani, Noam Shazeer, Niki Parmar, Jakob Uszkoreit, Llion Jones, Aidan N. Gomez, \u0141ukasz Kaiser, and Illia Polosukhin. 2017. Attention is all you need. In Proceedings of the International Conference on Advances in Neural Information Processing Systems. 5998--6008."},{"key":"e_1_2_1_171_1","doi-asserted-by":"crossref","unstructured":"Verizon. 2018. 2018 Data Breach Investigations Report. Retrieved from https:\/\/vz.to\/3fqidBQ.  Verizon. 2018. 2018 Data Breach Investigations Report. Retrieved from https:\/\/vz.to\/3fqidBQ.","DOI":"10.1016\/S1361-3723(18)30040-X"},{"key":"e_1_2_1_172_1","unstructured":"Verizon. 2019. Data Breach Investigations Report. Retrieved from https:\/\/vz.to\/36tVx0o.  Verizon. 2019. Data Breach Investigations Report. Retrieved from https:\/\/vz.to\/36tVx0o."},{"key":"e_1_2_1_173_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363267"},{"key":"e_1_2_1_174_1","unstructured":"Wikipedia. 2017. Operation shady RAT. Retrieved from https:\/\/goo.gl\/XfNJcQ.  Wikipedia. 2017. Operation shady RAT. Retrieved from https:\/\/goo.gl\/XfNJcQ."},{"key":"e_1_2_1_175_1","first-page":"916","article-title":"The box plot: A simple visual method to interpret data.Ann","volume":"110","author":"Williamson D. F.","year":"1989","unstructured":"D. F. Williamson , R. A. Parker , and J. S. Kendrick . 1989 . The box plot: A simple visual method to interpret data.Ann . Internal Med. 110 , 11 (1989), 916 -- 921 . D. F. Williamson, R. A. Parker, and J. S. Kendrick. 1989. The box plot: A simple visual method to interpret data.Ann. Internal Med. 110, 11 (1989), 916--921.","journal-title":"Internal Med."},{"key":"e_1_2_1_176_1","doi-asserted-by":"publisher","DOI":"10.1145\/2601248.2601268"},{"key":"e_1_2_1_177_1","unstructured":"Wooyun. 2020. What Kind of Website is WooYun? - Know Almost. Retrieved from https:\/\/www.zhihu.com\/question\/19993185.  Wooyun. 2020. What Kind of Website is WooYun? - Know Almost. Retrieved from https:\/\/www.zhihu.com\/question\/19993185."},{"key":"e_1_2_1_178_1","doi-asserted-by":"publisher","DOI":"10.1145\/3232116.3232152"},{"key":"e_1_2_1_179_1","unstructured":"XSSed. 2012. Cross Site Scripting (XSS) Attacks Information and Archive. Retrieved from http:\/\/www.xssed.com\/.  XSSed. 2012. Cross Site Scripting (XSS) Attacks Information and Archive. Retrieved from http:\/\/www.xssed.com\/."},{"key":"e_1_2_1_180_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-64701-2"},{"key":"e_1_2_1_181_1","doi-asserted-by":"publisher","DOI":"10.1109\/TKDE.2020.2987299"},{"key":"e_1_2_1_182_1","volume-title":"Proceedings of the 23rd USENIX Security Symposium (USENIX Security\u201914)","author":"Yarom Yuval","year":"2014","unstructured":"Yuval Yarom and Katrina Falkner . 2014 . FLUSH+ RELOAD: A high resolution, low noise, L3 cache side-channel attack . In Proceedings of the 23rd USENIX Security Symposium (USENIX Security\u201914) . 719--732. Yuval Yarom and Katrina Falkner. 2014. FLUSH+ RELOAD: A high resolution, low noise, L3 cache side-channel attack. In Proceedings of the 23rd USENIX Security Symposium (USENIX Security\u201914). 719--732."},{"key":"e_1_2_1_183_1","doi-asserted-by":"publisher","DOI":"10.1145\/3073559"},{"key":"e_1_2_1_184_1","doi-asserted-by":"publisher","DOI":"10.1109\/MCI.2018.2840738"},{"key":"e_1_2_1_185_1","doi-asserted-by":"publisher","DOI":"10.1145\/3375708.3380313"},{"key":"e_1_2_1_186_1","volume-title":"Generating textual adversarial examples for deep learning models: A survey. CoRR, abs\/1901.06796","author":"Zhang Wei Emma","year":"2019","unstructured":"Wei Emma Zhang , Quan Z. Sheng , Ahoud Abdulrahmn F. Alhazmi , and Chenliang Li. 2019. Generating textual adversarial examples for deep learning models: A survey. CoRR, abs\/1901.06796 ( 2019 ). Wei Emma Zhang, Quan Z. Sheng, Ahoud Abdulrahmn F. Alhazmi, and Chenliang Li. 2019. Generating textual adversarial examples for deep learning models: A survey. CoRR, abs\/1901.06796 (2019)."},{"key":"e_1_2_1_187_1","volume-title":"Proceedings of the USENIX Workshop on Cyber Security Experimentation and Test.","author":"Zheng Muwei","year":"2018","unstructured":"Muwei Zheng , Hannah Robbins , Zimo Chai , Prakash Thapa , and Tyler Moore . 2018 . Cybersecurity research datasets: Taxonomy and empirical analysis . In Proceedings of the USENIX Workshop on Cyber Security Experimentation and Test. Muwei Zheng, Hannah Robbins, Zimo Chai, Prakash Thapa, and Tyler Moore. 2018. Cybersecurity research datasets: Taxonomy and empirical analysis. In Proceedings of the USENIX Workshop on Cyber Security Experimentation and Test."},{"key":"e_1_2_1_188_1","unstructured":"Zone-H. 2020. Unrestricted Information | Defacements Archive. Retrieved from http:\/\/www.zone-h.org\/archive?hz&equals;1.  Zone-H. 2020. Unrestricted Information | Defacements Archive. Retrieved from http:\/\/www.zone-h.org\/archive?hz&equals;1."}],"container-title":["ACM Computing Surveys"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3442181","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3442181","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T20:48:56Z","timestamp":1750193336000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3442181"}},"subtitle":["A Review"],"short-title":[],"issued":{"date-parts":[[2021,5,8]]},"references-count":186,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2022,4,30]]}},"alternative-id":["10.1145\/3442181"],"URL":"https:\/\/doi.org\/10.1145\/3442181","relation":{},"ISSN":["0360-0300","1557-7341"],"issn-type":[{"value":"0360-0300","type":"print"},{"value":"1557-7341","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,5,8]]},"assertion":[{"value":"2019-08-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2020-12-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2021-05-08","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}