{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,2]],"date-time":"2025-12-02T15:06:34Z","timestamp":1764687994290,"version":"3.40.5"},"reference-count":70,"publisher":"Wiley","license":[{"start":{"date-parts":[[2022,2,12]],"date-time":"2022-02-12T00:00:00Z","timestamp":1644624000000},"content-version":"unspecified","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100011322","name":"Macau Science and Technology Foundation","doi-asserted-by":"crossref","award":["045\/2016\/A2","0025\/2019\/AKP"],"award-info":[{"award-number":["045\/2016\/A2","0025\/2019\/AKP"]}],"id":[{"id":"10.13039\/501100011322","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Security and Communication Networks"],"published-print":{"date-parts":[[2022,2,12]]},"abstract":"<jats:p>With successful machine learning applications in many fields, researchers tried to introduce machine learning into intrusion detection systems for building classification models. Although experimental results showed that these classification models could produce higher accuracy in predicting network attacks on the offline datasets, compared with the operational intrusion detection systems, machine learning is rarely deployed in the real intrusion detection environment. This is what we call the last mile problem with the machine learning approach to network intrusion detection, the discrepancy between the strength and requirements of machine learning and network operational semantics. In this paper, we aim to bridge the aforementioned gap. In particular, an LCC-RF-RFEX feature selection approach is proposed to select optimal features of the specific type of attacks from dataset, and then, an intrusion-specific approach is introduced to convert them into detection patterns that can be used by the nonmachine-learning detector for the corresponding specific attack detection in the real-world network environment. To substantiate our approach, we take Snort, KDDCup\u201999 dataset, and Dos attacks as the experimental subjects to demonstrate how to close the last-mile gap. For the specific type of Dos attacks in the KDDCup\u201999 dataset, we use the LCC-RF-RFEX method to select optimal feature subset and utilize our intrusion-specific approach to generate new rules in Snort by using them. Comparing performance differences between the existing Snort rule set and our augmented Snort rule set with regard to Dos attacks, the experimental results showed that our approach expanded Snort\u2019s detection capability of Dos attacks, on average, reduced up to 25.28% false-positive alerts for Teardrop attacks and Synflood attacks, and decreased up to 98.87% excessive alerts for Mail bomb attacks.<\/jats:p>","DOI":"10.1155\/2022\/3990386","type":"journal-article","created":{"date-parts":[[2022,2,12]],"date-time":"2022-02-12T20:35:10Z","timestamp":1644698110000},"page":"1-20","source":"Crossref","is-referenced-by-count":4,"title":["Bridging the Last-Mile Gap in Network Security via Generating Intrusion-Specific Detection Patterns through Machine Learning"],"prefix":"10.1155","volume":"2022","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-5308-467X","authenticated-orcid":true,"given":"Xibin","family":"Sun","sequence":"first","affiliation":[{"name":"Faculty of Information Technology, Macau University of Science and Technology, Macau, China"},{"name":"Guangdong Polytechnic of Science and Technology, Zhuhai, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8301-2706","authenticated-orcid":true,"given":"Du","family":"Zhang","sequence":"additional","affiliation":[{"name":"Faculty of Information Technology, Macau University of Science and Technology, Macau, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2048-348X","authenticated-orcid":true,"given":"Haiou","family":"Qin","sequence":"additional","affiliation":[{"name":"Faculty of Information Technology, Macau University of Science and Technology, Macau, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8645-5337","authenticated-orcid":true,"given":"Jiahua","family":"Tang","sequence":"additional","affiliation":[{"name":"Faculty of Information Technology, Macau University of Science and Technology, Macau, China"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"311","reference":[{"issue":"3","key":"1","first-page":"35","article-title":"Signature-based intrusion detection system using SNORT","volume":"1","author":"V. Kumar","year":"2012","journal-title":"Int.J.Comput.ppl.Inf.Technol"},{"volume-title":"Anomaly Detection Algorithms and Techniques for Network Intrusion Detection Systems","year":"2020","author":"M. Mishin","key":"2"},{"key":"3","doi-asserted-by":"publisher","DOI":"10.1109\/sp.2010.25"},{"key":"4","doi-asserted-by":"publisher","DOI":"10.1186\/1687-1499-2013-271"},{"issue":"6","key":"5","first-page":"27","article-title":"Survey of current network intrusion detection techniques","volume":"3","author":"R. Srivastava","year":"2013","journal-title":"Journal of Information Engineering and Applications"},{"key":"6","doi-asserted-by":"publisher","DOI":"10.1016\/j.knosys.2017.09.014"},{"key":"7","doi-asserted-by":"publisher","DOI":"10.1007\/s10462-019-09762-z"},{"key":"8","doi-asserted-by":"publisher","DOI":"10.1109\/cse-euc.2017.118"},{"key":"9","doi-asserted-by":"publisher","DOI":"10.1109\/access.2018.2810198"},{"key":"10","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2018.2869577"},{"key":"11","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-63645-0"},{"key":"12","doi-asserted-by":"publisher","DOI":"10.5120\/13209-0587"},{"key":"13","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-36126-6_70"},{"key":"14","doi-asserted-by":"publisher","DOI":"10.1016\/j.procs.2018.05.186"},{"key":"15","first-page":"3414","article-title":"An LSTMbased deep learning approach for classifying malicious traffic at the packet level","volume-title":"Applied Sciences","author":"R. H. Hwang","year":". 2019"},{"key":"16","doi-asserted-by":"publisher","DOI":"10.1109\/ICOIN.2017.7899588"},{"key":"17","doi-asserted-by":"publisher","DOI":"10.1109\/access.2017.2762418"},{"key":"18","doi-asserted-by":"publisher","DOI":"10.1007\/s00521-010-0487-0"},{"key":"19","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2015.11.016"},{"key":"20","doi-asserted-by":"publisher","DOI":"10.1109\/ICIoT48696.2020.9089465"},{"key":"21","unstructured":"MahoneyM.ChanP. K.PHAD: packet header anomaly detection for identifying hostile network trafficFlorida Tech2001technical report CS-2001-04"},{"key":"22","doi-asserted-by":"crossref","unstructured":"MahoneyM.ChanP. K.Learning nonstationary models of normal network traffic for detecting novel attacksFlorida Tech2002technical report CS-2001-06","DOI":"10.1145\/775047.775102"},{"key":"23","doi-asserted-by":"publisher","DOI":"10.3233\/jcs-2002-101-205"},{"key":"24","doi-asserted-by":"publisher","DOI":"10.1109\/MSN.2015.40"},{"key":"25","first-page":"79","article-title":"Network intrusion detection model using one-class support vector machine","volume-title":"Advances in Machine Learning and Computational Intelligence","author":"M. Ahmed","year":"2020"},{"author":"M. Roesch","key":"26","article-title":"Snort-light weight intrusion detection for networks"},{"author":"D. Day","key":"27","article-title":"A performance analysis of Snort and Suricata network intrusion detection and prevention engines"},{"key":"28","doi-asserted-by":"publisher","DOI":"10.1109\/UBMK.2017.8093538"},{"key":"29","doi-asserted-by":"publisher","DOI":"10.1109\/IEMCON.2016.7746286"},{"key":"30","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2010.11.028"},{"key":"31","doi-asserted-by":"publisher","DOI":"10.1109\/72.298224"},{"key":"32","doi-asserted-by":"publisher","DOI":"10.1109\/72.977291"},{"key":"33","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2011.01.002"},{"key":"34","doi-asserted-by":"publisher","DOI":"10.1109\/TC.2016.2519914"},{"key":"35","doi-asserted-by":"publisher","DOI":"10.3390\/app8091535"},{"key":"36","doi-asserted-by":"publisher","DOI":"10.1109\/tdsc.2008.20"},{"issue":"1","key":"37","first-page":"46","article-title":"An intelligent CRF based feature selection for effective intrusion detection","volume":"13","author":"S. Ganapathy","year":"2016","journal-title":"The International Arab Journal of Information Technology"},{"issue":"3","key":"38","first-page":"1048","article-title":"Filter versus wrapper feature subset selection in large dimensionality microarray: a review","volume":"2","author":"B. Kumar","year":"2011","journal-title":"International Journal of Computer Science and Information Technologies"},{"key":"39","doi-asserted-by":"publisher","DOI":"10.4236\/jis.2016.73009"},{"key":"40","doi-asserted-by":"publisher","DOI":"10.1109\/ICDCSW.2014.14"},{"key":"41","first-page":"148","article-title":"Firefly algorithm based feature selection for network intrusion detection","volume":"83","author":"B. Selvakumar","year":"2018","journal-title":"Computers & Security"},{"key":"42","doi-asserted-by":"publisher","DOI":"10.1016\/j.procs.2020.03.438"},{"key":"43","doi-asserted-by":"crossref","DOI":"10.1016\/j.eswa.2020.113249","article-title":"A feature selection algorithm for intrusion detection system based on Pigeon Inspired Optimizer","volume":"148","author":"H. Alazzam","year":"2020","journal-title":"Expert Systems with Applications"},{"issue":"5","key":"44","doi-asserted-by":"crossref","first-page":"888","DOI":"10.1049\/iet-com.2019.0172","article-title":"Intrusion detection using dynamic feature selection and fuzzy temporal decision tree classification for wireless sensor networks","volume":"14","author":"B. Riyaz","year":"2020","journal-title":"IET Communications"},{"key":"45","doi-asserted-by":"publisher","DOI":"10.1016\/j.jisa.2018.11.007"},{"key":"46","doi-asserted-by":"publisher","DOI":"10.1109\/TrustCom.2014.15"},{"key":"47","doi-asserted-by":"publisher","DOI":"10.1007\/s00500-020-05017-0"},{"key":"48","doi-asserted-by":"publisher","DOI":"10.1109\/icissec.2016.7885840"},{"key":"49","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2007.9"},{"issue":"IV","key":"50","article-title":"Hybrid intrusion detection with weighted signature generation","volume":"1","author":"K. J. Sahana Devi","year":"2011","journal-title":"International Journal of Computer Applications in Engineering Sciences"},{"key":"51","doi-asserted-by":"publisher","DOI":"10.5614\/itbj.ict.res.appl.2015.8.3.4"},{"issue":"6","key":"52","first-page":"4059","article-title":"Detection and analysis of network intrusions using data mining approaches","volume":"13","author":"M. Naga Surya Lakshmi","year":"2018","journal-title":"International Journal of Applied Engineering Research, ISSN 0973-4562"},{"key":"53","doi-asserted-by":"publisher","DOI":"10.1504\/ijesdf.2007.013596"},{"key":"54","first-page":"1","article-title":"Extending signature-based intrusion detection systems with Bayesian abductive reasoning","volume":"10","author":"A. Ganesan","year":"2018","journal-title":"Learn. Intell. Cyber Secur. (DYNAMICS) Workshop"},{"key":"55","doi-asserted-by":"publisher","DOI":"10.1109\/isco.2016.7726909"},{"volume-title":"Detecting the Unknown with Snort and the Statistical Packet Anomaly Detection Engine (SPADE)","year":"2003","author":"S. Biles","key":"56"},{"key":"57","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-02481-8_75"},{"first-page":"198","article-title":"Automated signature creator for a signature based intrusion detection system (pancakes)","author":"D. Ocampo","key":"58"},{"key":"59","doi-asserted-by":"publisher","DOI":"10.1155\/2016\/1075648"},{"key":"60","doi-asserted-by":"publisher","DOI":"10.1109\/ICICTA.2018.00074"},{"key":"61","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-45248-5_10"},{"key":"62","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2012.12.020"},{"key":"63","unstructured":"HallM. A.Correlation-based Feature Selection for Machine Learning1999Hamilton, New ZealandUniversity of WaikatoPh.D. thesis"},{"key":"64","doi-asserted-by":"publisher","DOI":"10.1177\/875647939000600106"},{"key":"65","doi-asserted-by":"crossref","first-page":"213","DOI":"10.1016\/j.procs.2016.06.047","article-title":"Random forest modeling for network intrusion detection system","volume":"89","author":"N. Farnaaz","year":"2016","journal-title":"Procedia Computer Science"},{"key":"66","doi-asserted-by":"publisher","DOI":"10.1023\/a:1006624031083"},{"key":"67","doi-asserted-by":"publisher","DOI":"10.1155\/2021\/8830431"},{"key":"68","doi-asserted-by":"publisher","DOI":"10.1145\/382912.382923"},{"volume-title":"The GitHub URL of the Dos Attacks","author":"Eldon","key":"69"},{"key":"70","doi-asserted-by":"publisher","DOI":"10.26438\/ijcse\/v7i4.248258"}],"container-title":["Security and Communication Networks"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/downloads.hindawi.com\/journals\/scn\/2022\/3990386.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/downloads.hindawi.com\/journals\/scn\/2022\/3990386.xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/downloads.hindawi.com\/journals\/scn\/2022\/3990386.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,2,12]],"date-time":"2022-02-12T20:35:31Z","timestamp":1644698131000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.hindawi.com\/journals\/scn\/2022\/3990386\/"}},"subtitle":[],"editor":[{"given":"Kuo-Hui","family":"Yeh","sequence":"additional","affiliation":[],"role":[{"role":"editor","vocabulary":"crossref"}]}],"short-title":[],"issued":{"date-parts":[[2022,2,12]]},"references-count":70,"alternative-id":["3990386","3990386"],"URL":"https:\/\/doi.org\/10.1155\/2022\/3990386","relation":{},"ISSN":["1939-0122","1939-0114"],"issn-type":[{"type":"electronic","value":"1939-0122"},{"type":"print","value":"1939-0114"}],"subject":[],"published":{"date-parts":[[2022,2,12]]}}}