{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,20]],"date-time":"2026-06-20T16:55:31Z","timestamp":1781974531062,"version":"3.54.5"},"reference-count":100,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2021,3,8]],"date-time":"2021-03-08T00:00:00Z","timestamp":1615161600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2021,3,8]],"date-time":"2021-03-08T00:00:00Z","timestamp":1615161600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"name":"Internet Commerce Security Lab"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Cybersecur"],"abstract":"<jats:title>Abstract<\/jats:title><jats:p>The Internet of Things (IoT) has been rapidly evolving towards making a greater impact on everyday life to large industrial systems. Unfortunately, this has attracted the attention of cybercriminals who made IoT a target of malicious activities, opening the door to a possible attack on the end nodes. To this end, Numerous IoT intrusion detection Systems (IDS) have been proposed in the literature to tackle attacks on the IoT ecosystem, which can be broadly classified based on detection technique, validation strategy, and deployment strategy. This survey paper presents a comprehensive review of contemporary IoT IDS and an overview of techniques, deployment Strategy, validation strategy and datasets that are commonly applied for building IDS. We also review how existing IoT IDS detect intrusive attacks and secure communications on the IoT. It also presents the classification of IoT attacks and discusses future research challenges to counter such IoT attacks to make IoT more secure. These purposes help IoT security researchers by uniting, contrasting, and compiling scattered research efforts. Consequently, we provide a unique IoT IDS taxonomy, which sheds light on IoT IDS techniques, their advantages and disadvantages, IoT attacks that exploit IoT communication systems, corresponding advanced IDS and detection capabilities to detect IoT attacks.<\/jats:p>","DOI":"10.1186\/s42400-021-00077-7","type":"journal-article","created":{"date-parts":[[2021,3,8]],"date-time":"2021-03-08T11:03:50Z","timestamp":1615201430000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":426,"title":["A critical review of intrusion detection systems in the internet of things: techniques, deployment strategy, validation strategy, attacks, public datasets and challenges"],"prefix":"10.1186","volume":"4","author":[{"given":"Ansam","family":"Khraisat","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Ammar","family":"Alazab","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2021,3,8]]},"reference":[{"key":"77_CR1","doi-asserted-by":"publisher","first-page":"384","DOI":"10.1007\/978-3-319-11379-1_19","volume-title":"Research in attacks, Intrusions and Defenses: 17th International Symposium, RAID 2014, Gothenburg, Sweden, September 17\u201319, 2014. Proceedings","author":"A Abbasi","year":"2014","unstructured":"A. Abbasi, J. Wetzels, W. Bokslag, E. Zambon, S. Etalle, \"On emulation-based network intrusion detection systems,\" in Research in attacks, Intrusions and Defenses: 17th International Symposium, RAID 2014, Gothenburg, Sweden, September 17\u201319, 2014. Proceedings, A. Stavrou, H. Bos, G. Portokalidis, Cham: Springer International Publishing, 2014, pp. 384\u2013404"},{"key":"77_CR2","doi-asserted-by":"publisher","first-page":"360","DOI":"10.1016\/j.asoc.2015.10.011","volume":"38","author":"AA Aburomman","year":"2016","unstructured":"Aburomman AA, Ibne Reaz MB (2016) A novel SVM-kNN-PSO ensemble method for intrusion detection system. Appl Soft Comput 38:360\u2013372","journal-title":"Appl Soft Comput"},{"key":"77_CR3","doi-asserted-by":"publisher","first-page":"135","DOI":"10.1016\/j.cose.2016.11.004","volume":"65","author":"AA Aburomman","year":"2017","unstructured":"Aburomman AA, Reaz MBI (2017) A survey of intrusion detection systems based on ensemble and hybrid classifiers. Comput Security 65:135\u2013152","journal-title":"Comput Security"},{"key":"77_CR4","doi-asserted-by":"publisher","first-page":"708","DOI":"10.1016\/j.procs.2015.08.220","volume":"60","author":"S Agrawal","year":"2015","unstructured":"Agrawal S, Agrawal J (2015) Survey on anomaly detection using data mining techniques. Procedia Computer Science 60:708\u2013713","journal-title":"Procedia Computer Science"},{"key":"77_CR5","doi-asserted-by":"publisher","first-page":"296","DOI":"10.1109\/ISCIT.2012.6380910","volume-title":"2012 International Symposium on Communications and Information Technologies (ISCIT)","author":"A Alazab","year":"2012","unstructured":"Alazab A, Hobbs M, Abawajy J, Alazab M (2012) Using feature selection for intrusion detection system. In: 2012 International Symposium on Communications and Information Technologies (ISCIT), pp 296\u2013301"},{"issue":"5","key":"77_CR6","doi-asserted-by":"publisher","first-page":"431","DOI":"10.1108\/IMCS-02-2013-0007","volume":"22","author":"A Alazab","year":"2014","unstructured":"Alazab A, Hobbs M, Abawajy J, Khraisat A, Alazab M (2014) Using response action with intelligent intrusion detection and prevention system against web application malware. Inf Manag Comput Secur 22(5):431\u2013449","journal-title":"Inf Manag Comput Secur"},{"issue":"1","key":"77_CR7","doi-asserted-by":"publisher","first-page":"76","DOI":"10.1109\/MWC.2018.1700231","volume":"25","author":"C Alcaraz","year":"2018","unstructured":"Alcaraz C (2018) Cloud-assisted dynamic resilience for cyber-physical control systems. IEEE Wirel Commun 25(1):76\u201382","journal-title":"IEEE Wirel Commun"},{"issue":"2","key":"77_CR8","doi-asserted-by":"publisher","first-page":"59","DOI":"10.1007\/s11416-014-0215-x","volume":"11","author":"C Annachhatre","year":"2015","unstructured":"Annachhatre C, Austin TH, Stamp M (2015) Hidden Markov models for malware classification. J Comput Virol Hack Technique 11(2):59\u201373","journal-title":"J Comput Virol Hack Technique"},{"key":"77_CR9","volume-title":"\"Intrusion detection systems: A survey and taxonomy,\" Technical report","author":"S Axelsson","year":"2000","unstructured":"Axelsson S (2000) \"Intrusion detection systems: A survey and taxonomy,\" Technical report"},{"issue":"4","key":"77_CR10","first-page":"324","volume":"10","author":"K Bajaj","year":"2013","unstructured":"Bajaj K, Arora A (2013) Dimension reduction in intrusion detection features using discriminative machine learning approach. IJCSI Int J Comput Sci Issues 10(4):324\u2013328","journal-title":"IJCSI Int J Comput Sci Issues"},{"issue":"4","key":"77_CR11","doi-asserted-by":"publisher","first-page":"3496","DOI":"10.1109\/COMST.2018.2844742","volume":"20","author":"E Benkhelifa","year":"2018","unstructured":"Benkhelifa E, Welsh T, Hamouda W (2018) A critical review of practices and challenges in intrusion detection systems for IoT: toward universal and resilient systems. IEEE Commun Survey Tutor 20(4):3496\u20133509","journal-title":"IEEE Commun Survey Tutor"},{"issue":"1","key":"77_CR12","doi-asserted-by":"publisher","first-page":"303","DOI":"10.1109\/SURV.2013.052213.00046","volume":"16","author":"MH Bhuyan","year":"2014","unstructured":"Bhuyan MH, Bhattacharyya DK, Kalita JK (2014) Network anomaly detection: methods, systems and tools. IEEE Commun Survey Tutorial 16(1):303\u2013336","journal-title":"IEEE Commun Survey Tutorial"},{"issue":"2","key":"77_CR13","doi-asserted-by":"publisher","first-page":"123","DOI":"10.1007\/BF00058655","volume":"24","author":"L Breiman","year":"1996","unstructured":"Breiman L (1996) Bagging predictors. Machine Learn 24(2):123\u2013140","journal-title":"Machine Learn"},{"issue":"2","key":"77_CR14","doi-asserted-by":"publisher","first-page":"1153","DOI":"10.1109\/COMST.2015.2494502","volume":"18","author":"AL Buczak","year":"2016","unstructured":"Buczak AL, Guven E (2016) A survey of data mining and machine learning methods for cyber security intrusion detection. IEEE Commun Surveys Tutorial 18(2):1153\u20131176","journal-title":"IEEE Commun Surveys Tutorial"},{"issue":"1","key":"77_CR15","doi-asserted-by":"publisher","first-page":"266","DOI":"10.1109\/SURV.2013.050113.00191","volume":"16","author":"I Butun","year":"2014","unstructured":"Butun I, Morgera SD, Sankar R (2014) A survey of intrusion detection systems in wireless sensor networks. IEEE Commun Survey Tutorial 16(1):266\u2013282","journal-title":"IEEE Commun Survey Tutorial"},{"key":"77_CR16","first-page":"1","volume-title":"2015 6th International Conference on Modeling, Simulation, and Applied Optimization (ICMSAO)","author":"O Can","year":"2015","unstructured":"Can O, Sahingoz OK (2015) A survey of intrusion detection systems in wireless sensor networks. In: 2015 6th International Conference on Modeling, Simulation, and Applied Optimization (ICMSAO), pp 1\u20136 IEEE"},{"key":"77_CR17","doi-asserted-by":"publisher","first-page":"606","DOI":"10.1109\/INM.2015.7140344","volume-title":"2015 IFIP\/IEEE International Symposium on Integrated Network Management (IM)","author":"C Cervantes","year":"2015","unstructured":"Cervantes C, Poplade D, Nogueira M, Santos A (2015) Detection of sinkhole attacks for supporting secure routing on 6LoWPAN for Internet of Things. In: 2015 IFIP\/IEEE International Symposium on Integrated Network Management (IM), pp 606\u2013611 IEEE"},{"key":"77_CR18","doi-asserted-by":"publisher","unstructured":"Chaabouni N, Mosbah M, Zemmari A, Sauvignac C, Faruki P (2019) Network Intrusion Detection for IoT Security Based on Learning Techniques, in IEEE Communications Surveys & Tutorials, vol. 21, no. 3, pp. 2671\u20132701, thirdquarter 2019. https:\/\/doi.org\/10.1109\/COMST.2019.2896380","DOI":"10.1109\/COMST.2019.2896380"},{"key":"77_CR19","doi-asserted-by":"publisher","first-page":"13","DOI":"10.1016\/j.knosys.2015.01.009","volume":"78","author":"L Chao","year":"2015","unstructured":"Chao L, Wen S, Fong C (2015) CANN: An intrusion detection system based on combining cluster centers and nearest neighbors. Knowledge Based Syst 78:13\u201321","journal-title":"Knowledge Based Syst"},{"issue":"4","key":"77_CR20","doi-asserted-by":"publisher","first-page":"295","DOI":"10.1016\/j.cose.2004.09.008","volume":"24","author":"S Chebrolu","year":"2005","unstructured":"Chebrolu S, Abraham A, Thomas JP (2005) Feature deduction and ensemble design of intrusion detection systems. Comput Security 24(4):295\u2013307","journal-title":"Comput Security"},{"key":"77_CR21","first-page":"515","volume-title":"Attack model and detection scheme for botnet on 6LoWPAN","author":"EJ Cho","year":"2009","unstructured":"Cho EJ, Kim JH, Hong CS (2009) Attack model and detection scheme for botnet on 6LoWPAN. Springer Berlin Heidelberg, Berlin, pp 515\u2013518"},{"issue":"4","key":"77_CR22","doi-asserted-by":"publisher","first-page":"807","DOI":"10.1109\/TC.2013.13","volume":"63","author":"Creech and Hu","year":"2014","unstructured":"Creech and Hu (2014) A semantic approach to host-based intrusion detection systems using contiguous and Discontiguous system call patterns. IEEE Trans Comput 63(4):807\u2013819","journal-title":"IEEE Trans Comput"},{"key":"77_CR23","volume-title":"Developing a high-accuracy cross platform host-based intrusion detection system capable of reliably detecting zero-day attacks","author":"G Creech","year":"2014","unstructured":"Creech G (2014) Developing a high-accuracy cross platform host-based intrusion detection system capable of reliably detecting zero-day attacks. University of New South Wales, Canberra"},{"key":"77_CR24","doi-asserted-by":"publisher","first-page":"147","DOI":"10.1016\/j.comnet.2019.01.023","volume":"151","author":"KAP da Costa","year":"2019","unstructured":"da Costa KAP, Papa JP, Lisboa CO, Munoz R, de Albuquerque VHC (2019) Internet of Things: A survey on machine learning-based intrusion detection approaches. Comput Network 151:147\u2013157","journal-title":"Comput Network"},{"issue":"7\u20138","key":"77_CR25","doi-asserted-by":"publisher","first-page":"361","DOI":"10.1007\/BF02994844","volume":"55","author":"H Debar","year":"2000","unstructured":"Debar H, Dacier M, Wespi A (2000) A revised taxonomy for intrusion-detection systems. Annales des t\u00e9l\u00e9communications 55(7\u20138):361\u2013378 Springer","journal-title":"Annales des t\u00e9l\u00e9communications"},{"key":"77_CR26","doi-asserted-by":"publisher","first-page":"761","DOI":"10.1016\/j.future.2017.08.043","volume":"82","author":"AA Diro","year":"2018","unstructured":"Diro AA, Chilamkurti N (2018) Distributed attack detection scheme using deep learning approach for internet of things. Futur Gener Comput Syst 82:761\u2013768","journal-title":"Futur Gener Comput Syst"},{"key":"77_CR27","doi-asserted-by":"crossref","unstructured":"Dua S, Du X (2016) Data Mining and Machine Learning in Cybersecurity Publishers Auerbach. Publications Location UK","DOI":"10.1201\/b10867"},{"issue":"1","key":"77_CR28","doi-asserted-by":"publisher","first-page":"193","DOI":"10.1016\/j.eswa.2014.08.002","volume":"42","author":"S Elhag","year":"2015","unstructured":"Elhag S, Fern\u00e1ndez A, Bawakid A, Alshomrani S, Herrera F (2015) On the combination of genetic fuzzy systems and pairwise learning for improving detection rates on Intrusion Detection Systems. Expert Syst Appl 42(1):193\u2013202","journal-title":"Expert Syst Appl"},{"issue":"3","key":"77_CR29","doi-asserted-by":"publisher","first-page":"1294","DOI":"10.1109\/COMST.2015.2388550","volume":"17","author":"J Granjal","year":"2015","unstructured":"Granjal J, Monteiro E, Silva JS (2015) Security for the internet of things: a survey of existing protocols and open research issues. IEEE Commun Survey Tutor 17(3):1294\u20131312","journal-title":"IEEE Commun Survey Tutor"},{"issue":"1","key":"77_CR30","doi-asserted-by":"publisher","first-page":"10","DOI":"10.1145\/1656274.1656278","volume":"11","author":"M Hall","year":"2009","unstructured":"Hall M, Frank E, Holmes G, Pfahringer B, Reutemann P, Witten IH (2009) The WEKA data mining software: an update. ACM SIGKDD explorations newsletter 11(1):10\u201318","journal-title":"ACM SIGKDD explorations newsletter"},{"key":"77_CR31","volume-title":"\"the CAIDA DDoS attack 2007 dataset,\" ed","author":"P Hick","year":"2007","unstructured":"Hick P, Aben E, Claffy K, Polterock J (2007) \"the CAIDA DDoS attack 2007 dataset,\" ed"},{"key":"77_CR32","volume-title":"\"A taxonomy and survey of intrusion detection system design techniques, network threats and datasets,\" arXiv preprint arXiv:1806.03517","author":"H Hindy","year":"2018","unstructured":"H. Hindy et al., \"A taxonomy and survey of intrusion detection system design techniques, network threats and datasets,\" arXiv preprint arXiv:1806.03517, 2018"},{"key":"77_CR33","first-page":"1","volume-title":"2016 International Symposium on Networks, Computers and Communications (ISNCC)","author":"E Hodo","year":"2016","unstructured":"Hodo E et al (2016) Threat analysis of IoT networks using artificial neural network intrusion detection system. In: 2016 International Symposium on Networks, Computers and Communications (ISNCC), pp 1\u20136"},{"key":"77_CR34","doi-asserted-by":"crossref","unstructured":"Hoque MAM, Bikas AN (2012) An implementation of intrusion detection system using genetic algorithm. arXiv preprint arXiv:1204.1336. Chicago; 109\u2013120","DOI":"10.5121\/ijnsa.2012.4208"},{"key":"77_CR35","doi-asserted-by":"publisher","first-page":"226","DOI":"10.1016\/j.procs.2017.09.129","volume":"115","author":"MA Jabbar","year":"2017","unstructured":"Jabbar MA, Aluvalu R, S. S. Reddy S (2017) RFAODE: A Novel Ensemble Intrusion Detection System. Procedia Comput Sci 115:226\u2013234","journal-title":"Procedia Comput Sci"},{"issue":"Supplement C","key":"77_CR36","doi-asserted-by":"publisher","first-page":"9","DOI":"10.1016\/j.jnca.2015.12.004","volume":"62","author":"S-Y Ji","year":"2016","unstructured":"Ji S-Y, Jeong B-K, Choi S, Jeong DH (2016) A multi-level intrusion detection method for abnormal network behaviors. J Network Comput Application 62(Supplement C):9\u201317","journal-title":"J Network Comput Application"},{"key":"77_CR37","volume-title":"The 1999 KDD intrusion detection","author":"KDD","year":"1999","unstructured":"KDD. (1999). The 1999 KDD intrusion detection. Available: http:\/\/kdd.ics.uci.edu\/databases\/kddcup99\/task.html"},{"key":"77_CR38","doi-asserted-by":"publisher","first-page":"405","DOI":"10.1007\/978-3-319-11933-5_44","volume-title":"Proceedings of the 3rd international conference on Frontiers of intelligent computing: theory and applications (FICTA) 2014: volume 1","author":"PS Kenkre","year":"2015","unstructured":"Kenkre PS, Pai A, Colaco L (2015) Real time intrusion detection and prevention system. In: Satapathy SC, Biswal BN, Udgata SK, Mandal JK (eds) Proceedings of the 3rd international conference on Frontiers of intelligent computing: theory and applications (FICTA) 2014: volume 1. Springer International Publishing, Cham, pp 405\u2013411"},{"key":"77_CR39","first-page":"1","volume-title":"IEEE Globecom 2006","author":"M Khabbazian","year":"2006","unstructured":"Khabbazian M, Mercier H, Bhargava VK (2006) Nis02\u20131: Wormhole attack in wireless ad hoc networks: Analysis and countermeasure. In: IEEE Globecom 2006, pp 1\u20136 IEEE"},{"issue":"2","key":"77_CR40","doi-asserted-by":"publisher","first-page":"33","DOI":"10.5815\/ijwmt.2012.02.06","volume":"2","author":"WZ Khan","year":"2012","unstructured":"Khan WZ, Xiang Y, Aalsalem MY, Arshad Q (2012) The selective forwarding attack in sensor networks: Detections and countermeasures. Int J Wireless Microwave Technol (IJWMT) 2(2):33","journal-title":"Int J Wireless Microwave Technol (IJWMT)"},{"key":"77_CR41","doi-asserted-by":"crossref","unstructured":"Khraisat A, Gondal I, Vamplew P (2018) An Anomaly Intrusion Detection System Using C5 Decision Tree Classifier. In: Trends and Applications in Knowledge Discovery and Data Mining, Cham. Springer International Publishing, pp 149\u2013155","DOI":"10.1007\/978-3-030-04503-6_14"},{"issue":"1","key":"77_CR42","doi-asserted-by":"crossref","first-page":"20","DOI":"10.7202\/1055844ar","volume":"2","author":"A Khraisat","year":"2019","unstructured":"Khraisat A, Gondal I, Vamplew P, Kamruzzaman J (2019a) \"Survey of intrusion detection systems: techniques, datasets and challenges,\" Cybersecurity. J Article 2(1):20","journal-title":"J Article"},{"issue":"11","key":"77_CR43","doi-asserted-by":"publisher","first-page":"1210","DOI":"10.3390\/electronics8111210","volume":"8","author":"A Khraisat","year":"2019","unstructured":"Khraisat A, Gondal I, Vamplew P, Kamruzzaman J, Alazab A (2019b) A Novel Ensemble of Hybrid Intrusion Detection System for Detecting Internet of Things Attacks. Electronics 8(11):1210","journal-title":"Electronics"},{"issue":"1","key":"77_CR44","doi-asserted-by":"publisher","first-page":"173","DOI":"10.3390\/electronics9010173","volume":"9","author":"A Khraisat","year":"2020","unstructured":"Khraisat A, Gondal I, Vamplew P, Kamruzzaman J, Alazab A (2020) Hybrid Intrusion Detection System Based on the Stacking Ensemble of C5 Decision Tree Classifier and One Class Support Vector Machine. Electronics 9(1):173","journal-title":"Electronics"},{"issue":"18","key":"77_CR45","doi-asserted-by":"publisher","first-page":"13492","DOI":"10.1016\/j.eswa.2012.07.009","volume":"39","author":"L Koc","year":"2012","unstructured":"Koc L, Mazzuchi TA, Sarkani S (2012) A network intrusion detection system based on a Hidden Na\u00efve Bayes multiclass classifier. Expert Syst Appl 39(18):13492\u201313500","journal-title":"Expert Syst Appl"},{"key":"77_CR46","volume-title":"\"Towards the Development of Realistic Botnet Dataset in the Internet of Things for Network Forensic Analytics: Bot-IoT Dataset,\" arXiv preprint arXiv:1811.00701","author":"N Koroniotis","year":"2018","unstructured":"Koroniotis N, Moustafa N, Sitnikova E, Turnbull B (2018) \"Towards the Development of Realistic Botnet Dataset in the Internet of Things for Network Forensic Analytics: Bot-IoT Dataset,\" arXiv preprint arXiv:1811.00701"},{"issue":"1","key":"77_CR47","doi-asserted-by":"publisher","first-page":"51","DOI":"10.1145\/972374.972384","volume":"34","author":"C Kreibich","year":"2004","unstructured":"Kreibich C, Crowcroft J (2004) Honeycomb: creating intrusion detection signatures using honeypots. SIGCOMM Comput Commun Rev 34(1):51\u201356","journal-title":"SIGCOMM Comput Commun Rev"},{"issue":"1","key":"77_CR48","doi-asserted-by":"publisher","first-page":"424","DOI":"10.1016\/j.eswa.2011.07.032","volume":"39","author":"Y Li","year":"2012","unstructured":"Li Y, Xia J, Zhang S, Yan J, Ai X, Dai K (2012) An efficient intrusion detection system based on support vector machines and gradually feature removal method. Expert Syst Appl 39(1):424\u2013430","journal-title":"Expert Syst Appl"},{"issue":"1","key":"77_CR49","doi-asserted-by":"publisher","first-page":"16","DOI":"10.1016\/j.jnca.2012.09.004","volume":"36","author":"H-J Liao","year":"2013","unstructured":"Liao H-J, Lin C-HR, Lin Y-C, Tung K-Y (2013b) Intrusion detection system: a comprehensive review. J Netw Comput Appl 36(1):16\u201324","journal-title":"J Netw Comput Appl"},{"issue":"1","key":"77_CR50","doi-asserted-by":"publisher","first-page":"16","DOI":"10.1016\/j.jnca.2012.09.004","volume":"36","author":"H-J Liao","year":"2013","unstructured":"Liao H-J, Richard Lin C-H, Lin Y-C, Tung K-Y (2013a) Intrusion detection system: A comprehensive review. J Network Comput Appl 36(1):16\u201324","journal-title":"J Network Comput Appl"},{"issue":"4","key":"77_CR51","doi-asserted-by":"publisher","first-page":"594","DOI":"10.1109\/TC.2010.95","volume":"60","author":"C Lin","year":"2011","unstructured":"Lin C, Lin Y-D, Lai Y-C (2011) A hybrid algorithm of backward hashing and automaton tracking for virus scanning. IEEE Trans Comput 60(4):594\u2013601","journal-title":"IEEE Trans Comput"},{"issue":"Supplement C","key":"77_CR52","doi-asserted-by":"publisher","first-page":"13","DOI":"10.1016\/j.knosys.2015.01.009","volume":"78","author":"W-C Lin","year":"2015","unstructured":"Lin W-C, Ke S-W, Tsai C-F (2015) CANN: An intrusion detection system based on combining cluster centers and nearest neighbors. Knowledge Based Syst 78(Supplement C):13\u201321","journal-title":"Knowledge Based Syst"},{"key":"77_CR53","volume-title":"DARPA Intrusion Detection Data Sets","author":"MIT Lincoln Laboratory","year":"1999","unstructured":"MIT Lincoln Laboratory. (1999). DARPA Intrusion Detection Data Sets. Available: https:\/\/www.ll.mit.edu\/ideval\/data\/"},{"key":"77_CR54","unstructured":"Lunt TF (1988) Automated audit trail analysis and intrusion detection: a survey. In: Proceedings of the 11th National Computer Security Conference, Washington, D.C.: National Bureau of Standards, National Computer Security Center; vol 353, Baltimore"},{"issue":"3","key":"77_CR55","first-page":"459","volume":"18","author":"A Mayzaud","year":"2016","unstructured":"Mayzaud A, Badonnel R, Chrisment I (2016) A taxonomy of attacks in RPL-based internet of things. Int J Network Security 18(3):459\u2013473","journal-title":"Int J Network Security"},{"issue":"4","key":"77_CR56","doi-asserted-by":"publisher","first-page":"262","DOI":"10.1145\/382912.382923","volume":"3","author":"J McHugh","year":"2000","unstructured":"McHugh J (2000) Testing intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory. ACM Trans Inf Syst Secur 3(4):262\u2013294","journal-title":"ACM Trans Inf Syst Secur"},{"key":"77_CR57","volume-title":"\"Fast regular expression matching using small TCAMs for network intrusion detection and prevention systems,\" presented at the proceedings of the 19th USENIX conference on security, Washington, DC","author":"CR Meiners","year":"2010","unstructured":"Meiners CR, Patel J, Norige E, Torng E, Liu AX (2010) \"Fast regular expression matching using small TCAMs for network intrusion detection and prevention systems,\" presented at the proceedings of the 19th USENIX conference on security, Washington, DC"},{"key":"77_CR58","doi-asserted-by":"publisher","first-page":"65","DOI":"10.1007\/978-3-662-53806-7_8","volume-title":"Machine Learning for Cyber Physical Systems: Selected papers from the International Conference ML4CPS 2016","author":"A Meshram","year":"2017","unstructured":"Meshram A, Haas C (2017) Anomaly Detection in Industrial Networks using Machine Learning: A Roadmap. In: Beyerer J, Niggemann O, K\u00fchnert C (eds) Machine Learning for Cyber Physical Systems: Selected papers from the International Conference ML4CPS 2016. Springer Berlin Heidelberg, Berlin, pp 65\u201372"},{"key":"77_CR59","volume-title":"\"Kitsune: an ensemble of autoencoders for online network intrusion detection,\" arXiv preprint arXiv:1802.09089","author":"Y Mirsky","year":"2018","unstructured":"Mirsky Y, Doitshman T, Elovici Y, Shabtai A (2018) \"Kitsune: an ensemble of autoencoders for online network intrusion detection,\" arXiv preprint arXiv:1802.09089"},{"issue":"1","key":"77_CR60","doi-asserted-by":"publisher","first-page":"42","DOI":"10.1016\/j.jnca.2012.05.003","volume":"36","author":"C Modi","year":"2013","unstructured":"Modi C, Patel D, Borisaniya B, Patel H, Patel A, Rajarajan M (2013) A survey of intrusion detection techniques in Cloud. J Network Comput Appl 36(1):42\u201357","journal-title":"J Network Comput Appl"},{"key":"77_CR61","unstructured":"Mohurle S, Patil M (2017) A brief study of wannacry threat: Ransomware attack 2017. Int J Adv Res Comput Sci 8(5):1938\u20131940"},{"key":"77_CR62","doi-asserted-by":"crossref","unstructured":"Moustafa N, Turnbull B,Choo KR (2019) \"An Ensemble Intrusion Detection Technique Based on Proposed Statistical Flow Features for Protecting Network Traffic of Internet of Things,\" IEEE Internet of Things Journal, vol. 6, pp. 4815-4830","DOI":"10.1109\/JIOT.2018.2871719"},{"issue":"Supplement C","key":"77_CR63","doi-asserted-by":"publisher","first-page":"98","DOI":"10.1016\/j.buildenv.2014.01.011","volume":"75","author":"SN Murray","year":"2014","unstructured":"Murray SN, Walsh BP, Kelliher D, O'Sullivan DTJ (2014) Multi-variable optimization of thermal energy efficiency retrofitting of buildings using static modelling and genetic algorithms \u2013 A case study. Build Environ 75(Supplement C):98\u2013107","journal-title":"Build Environ"},{"issue":"3","key":"77_CR64","doi-asserted-by":"publisher","first-page":"2702","DOI":"10.1109\/COMST.2019.2910750","volume":"21","author":"N Neshenko","year":"2019","unstructured":"Neshenko N, Bou-Harb E, Crichigno J, Kaddoum G, Ghani N (2019) Demystifying IoT security: an exhaustive survey on IoT vulnerabilities and a first empirical look on internet-scale IoT exploitations. IEEE Commun Survey Tutorial 21(3):2702\u20132733","journal-title":"IEEE Commun Survey Tutorial"},{"issue":"1","key":"77_CR65","doi-asserted-by":"publisher","first-page":"2","DOI":"10.1109\/TDSC.2015.2509994","volume":"15","author":"A Nourian","year":"2018","unstructured":"Nourian A, Madnick S (2018) A systems theoretic approach to the security threats in cyber physical systems applied to Stuxnet. IEEE Transact Dependable Secure Comput 15(1):2\u201313","journal-title":"IEEE Transact Dependable Secure Comput"},{"issue":"3","key":"77_CR66","doi-asserted-by":"publisher","first-page":"1","DOI":"10.4018\/IJCWT.2016070101","volume":"6","author":"B Pretorius","year":"2016","unstructured":"Pretorius B, van Niekerk B (2016) Cyber-security for ICS\/SCADA: a south African perspective. Int J Cyber Warfare Terrorism (IJCWT) 6(3):1\u201316","journal-title":"Int J Cyber Warfare Terrorism (IJCWT)"},{"issue":"1","key":"77_CR67","doi-asserted-by":"publisher","first-page":"81","DOI":"10.1007\/BF00116251","volume":"1","author":"JR Quinlan","year":"1986","unstructured":"Quinlan JR (1986) Induction of decision trees. Mach Learn 1(1):81\u2013106","journal-title":"Mach Learn"},{"key":"77_CR68","unstructured":"Quinlan JR (2014) C4. 5: Programs for Machine Learning; Morgan Kaufmann Publishers Inc.: San Francisco; 2014;8"},{"key":"77_CR69","doi-asserted-by":"publisher","first-page":"79","DOI":"10.1016\/j.asoc.2018.05.049","volume":"72","author":"S Rathore","year":"2018","unstructured":"Rathore S, Park JH (2018) Semi-supervised learning based distributed attack detection framework for IoT. Appl Soft Comput 72:79\u201389","journal-title":"Appl Soft Comput"},{"issue":"3","key":"77_CR70","doi-asserted-by":"publisher","first-page":"261","DOI":"10.1080\/14786010903166965","volume":"22","author":"A Rege-Patwardhan","year":"2009","unstructured":"Rege-Patwardhan A (2009) Cybercrimes against critical infrastructures: a study of online criminal organization and techniques. Crim Justice Stud 22(3):261\u2013271","journal-title":"Crim Justice Stud"},{"key":"77_CR71","doi-asserted-by":"publisher","first-page":"287","DOI":"10.1007\/978-3-540-89689-0_33","volume-title":"Structural, Syntactic, and Statistical Pattern Recognition: Joint IAPR International Workshop, SSPR & SPR 2008, Orlando, USA, December 4\u20136, 2008. Proceedings","author":"K Riesen","year":"2008","unstructured":"K. Riesen, H. Bunke, \"IAM Graph Database Repository for Graph Based Pattern Recognition and Machine Learning,\" in Structural, Syntactic, and Statistical Pattern Recognition: Joint IAPR International Workshop, SSPR & SPR 2008, Orlando, USA, December 4\u20136, 2008. Proceedings, N. da Vitoria Lobo et al., Berlin: Springer Berlin Heidelberg, 2008, pp. 287\u2013297"},{"key":"77_CR72","unstructured":"Roesch M (1999) Snort-lightweight intrusion detection for networks. In: Proceedings of LISA '99: 13th Systems Administration Conference Seattle, Seattle, pp 229\u2013238"},{"issue":"1","key":"77_CR73","doi-asserted-by":"publisher","first-page":"108","DOI":"10.1109\/TKDE.2013.34","volume":"26","author":"L Rutkowski","year":"2014","unstructured":"Rutkowski L, Jaworski M, Pietruczuk L, Duda P (2014) Decision trees for mining data streams based on the Gaussian approximation. IEEE Trans Knowl Data Eng 26(1):108\u2013119","journal-title":"IEEE Trans Knowl Data Eng"},{"issue":"Supplement C","key":"77_CR74","first-page":"46","volume":"61","author":"S. Duque and M. N. b. Omar","year":"2015","unstructured":"S. Duque and M. N. b. Omar (2015) Using Data Mining Algorithms for Developing a Model for Intrusion Detection System (IDS). Procedia Comput Sci 61(Supplement C):46\u201351","journal-title":"Procedia Comput Sci"},{"key":"77_CR75","doi-asserted-by":"publisher","first-page":"139","DOI":"10.1016\/j.comcom.2020.05.048","volume":"160","author":"S. P. R. M","year":"2020","unstructured":"S. P. R. M et al (2020) An effective feature engineering for DNN using hybrid PCA-GWO for intrusion detection in IoMT architecture. Comput Commun 160:139\u2013149","journal-title":"Comput Commun"},{"key":"77_CR76","first-page":"108","volume-title":"ICISSP","author":"I Sharafaldin","year":"2018","unstructured":"Sharafaldin I, Lashkari AH, Ghorbani AA (2018) Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization. In: ICISSP, pp 108\u2013116"},{"issue":"6","key":"77_CR77","doi-asserted-by":"publisher","first-page":"26","DOI":"10.1109\/MWC.2017.1800132","volume":"25","author":"C Shen","year":"2018","unstructured":"Shen C, Liu C, Tan H, Wang Z, Xu D, Su X (2018) Hybrid-augmented device fingerprinting for intrusion detection in industrial control system networks. IEEE Wirel Commun 25(6):26\u201331","journal-title":"IEEE Wirel Commun"},{"key":"77_CR78","unstructured":"Sherasiya T, Upadhyay H, Patel HB (2016) A survey: Intrusion detection system for internet of things. Int J Comput Sci Eng (IJCSE) 5(2):91\u201398"},{"issue":"3","key":"77_CR79","doi-asserted-by":"publisher","first-page":"357","DOI":"10.1016\/j.cose.2011.12.012","volume":"31","author":"A Shiravi","year":"2012","unstructured":"Shiravi A, Shiravi H, Tavallaee M, Ghorbani AA (2012) Toward developing a systematic approach to generate benchmark datasets for intrusion detection. Comput Security 31(3):357\u2013374","journal-title":"Comput Security"},{"key":"77_CR80","unstructured":"Singh AP, Singh P, Kumar R (2015) A Review on Impact of Sinkhole Attack in Wireless Sensor Networks. Int J 5(8)"},{"issue":"11","key":"77_CR81","first-page":"1242","volume":"9","author":"S Subramanian","year":"2012","unstructured":"Subramanian S, Srinivasan VB, Ramasa C (2012) Study on classification algorithms for network intrusion systems. J Commun Comput 9(11):1242\u20131246","journal-title":"J Commun Comput"},{"key":"77_CR82","unstructured":"Symantec (2017) Internet Security Threat Report 2017, vol 22"},{"issue":"3","key":"77_CR83","doi-asserted-by":"publisher","first-page":"317","DOI":"10.1109\/TBDATA.2017.2723570","volume":"5","author":"M Tang","year":"2019","unstructured":"Tang M, Alazab M, Luo Y (2019) Big data for Cybersecurity: vulnerability disclosure trends and dependencies. IEEE Transact Big Data 5(3):317\u2013329","journal-title":"IEEE Transact Big Data"},{"key":"77_CR84","first-page":"1","volume-title":"\"A detailed analysis of the KDD CUP 99 data set,\" in 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications","author":"M Tavallaee","year":"2009","unstructured":"Tavallaee M, Bagheri E, Lu W, Ghorbani AA (2009) \"A detailed analysis of the KDD CUP 99 data set,\" in 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications, pp 1\u20136"},{"key":"77_CR85","doi-asserted-by":"publisher","first-page":"294","DOI":"10.1109\/ICPRIME.2013.6496489","volume-title":"2013 International Conference on Pattern Recognition, Informatics and Mobile Engineering","author":"S Thaseen","year":"2013","unstructured":"Thaseen S, Kumar CA (2013) An analysis of supervised tree based classifiers for intrusion detection system. In: 2013 International Conference on Pattern Recognition, Informatics and Mobile Engineering, pp 294\u2013299"},{"issue":"11","key":"77_CR86","doi-asserted-by":"publisher","first-page":"1654","DOI":"10.1109\/TC.2020.3015584","volume":"69","author":"D Vasan","year":"2020","unstructured":"Vasan D, Alazab M, Venkatraman S, Akram J, Qin Z (2020a) MTHAEL: cross-architecture IoT malware detection based on neural network advanced ensemble learning. IEEE Trans Comput 69(11):1654\u20131667","journal-title":"IEEE Trans Comput"},{"key":"77_CR87","doi-asserted-by":"publisher","first-page":"107138","DOI":"10.1016\/j.comnet.2020.107138","volume":"171","author":"D Vasan","year":"2020","unstructured":"Vasan D, Alazab M, Wassan S, Naeem H, Safaei B, Zheng Q (2020b) IMCFN: Image-based malware classification using fine-tuned convolutional neural network architecture. Computer Networks 171:107138","journal-title":"Computer Networks"},{"key":"77_CR88","doi-asserted-by":"publisher","first-page":"101748","DOI":"10.1016\/j.cose.2020.101748","volume":"92","author":"D Vasan","year":"2020","unstructured":"Vasan D, Alazab M, Wassan S, Safaei B, Zheng Q (2020c) Image-Based malware classification using ensemble of CNN architectures (IMCEC). Comput Security 92:101748","journal-title":"Comput Security"},{"key":"77_CR89","doi-asserted-by":"publisher","first-page":"1728303","DOI":"10.1155\/2018\/1728303","volume":"2018","author":"S Venkatraman","year":"2018","unstructured":"Venkatraman S, Alazab M (2018) Use of Data Visualisation for Zero-Day Malware Detection. Security Commun Network 2018:1728303","journal-title":"Security Commun Network"},{"key":"77_CR90","doi-asserted-by":"publisher","first-page":"37","DOI":"10.3233\/JCS-1999-7103","volume":"7","author":"G Vigna","year":"1999","unstructured":"Vigna G, Kemmerer RA (1999) NetSTAT: a network-based intrusion detection system. J Comput Secur 7:37\u201372","journal-title":"J Comput Secur"},{"issue":"9","key":"77_CR91","doi-asserted-by":"publisher","first-page":"6225","DOI":"10.1016\/j.eswa.2010.02.102","volume":"37","author":"G Wang","year":"2010","unstructured":"Wang G, Hao J, Ma J, Huang L (2010) A new approach to intrusion detection using Artificial Neural Networks and fuzzy clustering. Expert Syst Application 37(9):6225\u20136232","journal-title":"Expert Syst Application"},{"key":"77_CR92","doi-asserted-by":"publisher","first-page":"1792","DOI":"10.1109\/ACCESS.2017.2780250","volume":"6","author":"W Wang","year":"2018","unstructured":"Wang W et al (2018) HAST-IDS: learning hierarchical spatial-temporal features using deep neural networks to improve intrusion detection. IEEE Access 6:1792\u20131806","journal-title":"IEEE Access"},{"key":"77_CR93","doi-asserted-by":"crossref","unstructured":"Wang X, Han Y, Leung VC, Niyato D, Yan X, Chen X (2020) Convergence of edge computing and deep learning: a comprehensive survey. IEEE Commun Survey Tutorial","DOI":"10.1109\/COMST.2020.2970550"},{"issue":"5","key":"77_CR94","doi-asserted-by":"publisher","first-page":"41","DOI":"10.1109\/MSP.2018.2825478","volume":"35","author":"L Xiao","year":"2018","unstructured":"Xiao L, Wan X, Lu X, Zhang Y, Wu D (2018) IoT security techniques based on machine learning: how do IoT devices use AI to enhance security? IEEE Signal Process Mag 35(5):41\u201349","journal-title":"IEEE Signal Process Mag"},{"key":"77_CR95","doi-asserted-by":"publisher","first-page":"14","DOI":"10.1109\/CVPRW.2012.6239232","volume-title":"2012 IEEE Computer Society Conference on Computer Vision and Pattern Recognition Workshops","author":"X Yang","year":"2012","unstructured":"Yang X, Tian YL (2012) EigenJoints-based action recognition using Na\u00efve-Bayes-Nearest-Neighbor. In: 2012 IEEE Computer Society Conference on Computer Vision and Pattern Recognition Workshops, pp 14\u201319"},{"issue":"5","key":"77_CR96","doi-asserted-by":"publisher","first-page":"1250","DOI":"10.1109\/JIOT.2017.2694844","volume":"4","author":"Y Yang","year":"2017","unstructured":"Yang Y, Wu L, Yin G, Li L, Zhao H (2017) A survey on security and privacy issues in internet-of-things. IEEE Internet Things J 4(5):1250\u20131258","journal-title":"IEEE Internet Things J"},{"key":"77_CR97","unstructured":"Yar M, Steinmetz KF (2019) Cybercrime and society. SAGE Publications Limited"},{"key":"77_CR98","doi-asserted-by":"publisher","first-page":"21954","DOI":"10.1109\/ACCESS.2017.2762418","volume":"5","author":"C Yin","year":"2017","unstructured":"Yin C, Zhu Y, Fei J, He X (2017) A deep learning approach for intrusion detection using recurrent neural networks. IEEE Access 5:21954\u201321961","journal-title":"IEEE Access"},{"key":"77_CR99","doi-asserted-by":"publisher","first-page":"25","DOI":"10.1016\/j.jnca.2017.02.009","volume":"84","author":"BB Zarpelao","year":"2017","unstructured":"Zarpelao BB, Miani RS, Kawakani CT, de Alvarenga SC (2017) A survey of intrusion detection in internet of things. J Netw Comput Appl 84:25\u201337","journal-title":"J Netw Comput Appl"},{"key":"77_CR100","doi-asserted-by":"publisher","first-page":"103","DOI":"10.1145\/3133956.3134052","volume-title":"Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security","author":"G Zhang","year":"2017","unstructured":"Zhang G, Yan C, Ji X, Zhang T, Zhang T, Xu W (2017) Dolphinattack: Inaudible voice commands. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp 103\u2013117"}],"container-title":["Cybersecurity"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-021-00077-7.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1186\/s42400-021-00077-7\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-021-00077-7.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,1,29]],"date-time":"2023-01-29T22:06:21Z","timestamp":1675029981000},"score":1,"resource":{"primary":{"URL":"https:\/\/cybersecurity.springeropen.com\/articles\/10.1186\/s42400-021-00077-7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,3,8]]},"references-count":100,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2021,12]]}},"alternative-id":["77"],"URL":"https:\/\/doi.org\/10.1186\/s42400-021-00077-7","relation":{},"ISSN":["2523-3246"],"issn-type":[{"value":"2523-3246","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,3,8]]},"assertion":[{"value":"18 November 2020","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"4 February 2021","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"8 March 2021","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"The authors declare that they have no competing interests.","order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}}],"article-number":"18"}}