{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,7]],"date-time":"2026-02-07T22:33:20Z","timestamp":1770503600562,"version":"3.49.0"},"reference-count":76,"publisher":"SAGE Publications","issue":"3","license":[{"start":{"date-parts":[[2018,3,22]],"date-time":"2018-03-22T00:00:00Z","timestamp":1521676800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/journals.sagepub.com\/page\/policies\/text-and-data-mining-license"}],"content-domain":{"domain":["journals.sagepub.com"],"crossmark-restriction":true},"short-container-title":["Journal of Intelligent &amp; Fuzzy Systems"],"published-print":{"date-parts":[[2018,3,22]]},"abstract":"<jats:p>With the increasingly growing internal and external attacks on computer systems and online services, cybersecurity has become a vibrant research area. Countering intrusive attacks is a daunting task with no universal magic solution that can successfully handle all scenarios. A variety of machine-learning and computational intelligence techniques have been applied extensively to detect and classify these attacks. However, the effectiveness of these techniques greatly depends on the adopted data preprocessing methods for feature extraction and engineering. This paper presents an extended taxonomy of the work related to intrusion detection and reviews the state-of-the-art techniques for data preprocessing. It offers a critical up-to-date survey which can be an instrumental pedagogy to help junior researchers conceive the vast amount of research work and gain a holistic view and awareness of various contemporary research directions in this domain.<\/jats:p>","DOI":"10.3233\/jifs-169432","type":"journal-article","created":{"date-parts":[[2018,3,23]],"date-time":"2018-03-23T12:21:29Z","timestamp":1521807689000},"page":"1369-1383","update-policy":"https:\/\/doi.org\/10.1177\/sage-journals-update-policy","source":"Crossref","is-referenced-by-count":12,"title":["Intrusion detection taxonomy and data preprocessing mechanisms"],"prefix":"10.1177","volume":"34","author":[{"given":"Khaled A.","family":"Al-Utaibi","sequence":"first","affiliation":[{"name":"College of Computer Sciences and Engineering, University of Ha\u2019il, Ha\u2019il, Saudi Arabia"}]},{"given":"El-Sayed M.","family":"El-Alfy","sequence":"additional","affiliation":[{"name":"Department of Information and Computer Science, College of Computer Sciences and Engineering, King Fahd University of Petroleum and Minerals, Dhahran, Saudi Arabia"}]}],"member":"179","published-online":{"date-parts":[[2018,3,22]]},"reference":[{"key":"e_1_3_2_2_2","doi-asserted-by":"crossref","unstructured":"ScarfoneK. and MellP. Guide to intrusion detection and prevention systems (IDPS). Special Publication 800-94 National Institute of Standards and Technology 2007.","DOI":"10.6028\/NIST.SP.800-94"},{"key":"e_1_3_2_3_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2013.08.001"},{"key":"e_1_3_2_4_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.asoc.2009.06.019"},{"key":"e_1_3_2_5_2","doi-asserted-by":"publisher","DOI":"10.1007\/s12652-010-0012-4"},{"key":"e_1_3_2_6_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2012.05.003"},{"key":"e_1_3_2_7_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2012.09.004"},{"key":"e_1_3_2_8_2","doi-asserted-by":"publisher","DOI":"10.1109\/TIE.2012.2196010"},{"key":"e_1_3_2_9_2","doi-asserted-by":"publisher","DOI":"10.1109\/SURV.2013.050113.00191"},{"key":"e_1_3_2_10_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2012.08.007"},{"key":"e_1_3_2_11_2","doi-asserted-by":"publisher","DOI":"10.1002\/sec.1224"},{"key":"e_1_3_2_12_2","doi-asserted-by":"publisher","DOI":"10.1145\/2542049"},{"key":"e_1_3_2_13_2","doi-asserted-by":"publisher","DOI":"10.1016\/S1389-1286(98)00017-6"},{"key":"e_1_3_2_14_2","unstructured":"AxelssonS. Intrusion detection systems: A survey and taxonomy. Techn. Report 99-15 Chalmers Univ. Technology Sweden March 2000."},{"key":"e_1_3_2_15_2","doi-asserted-by":"publisher","DOI":"10.1007\/s10115-017-1027-3"},{"key":"e_1_3_2_16_2","doi-asserted-by":"publisher","DOI":"10.1145\/2716260"},{"key":"e_1_3_2_17_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2011.05.008"},{"key":"e_1_3_2_18_2","doi-asserted-by":"publisher","DOI":"10.1007\/11937807_13"},{"issue":"1","key":"e_1_3_2_19_2","first-page":"41","article-title":"Performance evaluation of wireless IPSec VPN","volume":"2","author":"Pruthi S.","year":"2009","unstructured":"PruthiS. and PruthiG., Performance evaluation of wireless IPSec VPN, Int J Information Technology and Knowledge Management2(1) (2009), 41\u201344.","journal-title":"Int J Information Technology and Knowledge Management"},{"key":"e_1_3_2_20_2","doi-asserted-by":"publisher","DOI":"10.1109\/MWC.2004.1269716"},{"key":"e_1_3_2_21_2","first-page":"1","article-title":"An investigation and survey of response options for intrusion response systems (IRSs)","author":"Anuar N.B.","year":"2010","unstructured":"AnuarN.B., PapadakiM., FurnellS. and ClarkeN., An investigation and survey of response options for intrusion response systems (IRSs), In Information Security for South Africa (2010), 1\u20138.","journal-title":"Information Security for South Africa"},{"key":"e_1_3_2_22_2","doi-asserted-by":"publisher","DOI":"10.1504\/IJICS.2007.012248"},{"key":"e_1_3_2_23_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2016.03.042"},{"key":"e_1_3_2_24_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2017.01.028"},{"key":"e_1_3_2_25_2","doi-asserted-by":"publisher","DOI":"10.1016\/S1389-1286(99)00114-0"},{"key":"e_1_3_2_26_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2005.06.008"},{"key":"e_1_3_2_27_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.comcom.2007.11.018"},{"key":"e_1_3_2_28_2","doi-asserted-by":"publisher","DOI":"10.1145\/262793.262811"},{"key":"e_1_3_2_29_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2011.08.009"},{"key":"e_1_3_2_30_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.compeleceng.2012.05.013"},{"key":"e_1_3_2_31_2","doi-asserted-by":"publisher","DOI":"10.1016\/S0140-3664(02)00037-3"},{"key":"e_1_3_2_32_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2008.08.003"},{"key":"e_1_3_2_33_2","unstructured":"DenningD.E. and NeumannP.G. Requirements and model for IDES: A real-time intrusion detection system. Technical Report 83F83-01-00 Computer Science Lab. SRI Int 1985."},{"key":"e_1_3_2_34_2","doi-asserted-by":"publisher","DOI":"10.1109\/TC.2002.1017701"},{"key":"e_1_3_2_35_2","doi-asserted-by":"publisher","DOI":"10.1145\/1128817.1128835"},{"key":"e_1_3_2_36_2","doi-asserted-by":"publisher","DOI":"10.1145\/586110.586146"},{"key":"e_1_3_2_37_2","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2015.2494502"},{"key":"e_1_3_2_38_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2004.02.016"},{"key":"e_1_3_2_39_2","doi-asserted-by":"publisher","DOI":"10.1109\/AINA.2006.161"},{"key":"e_1_3_2_40_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2009.06.008"},{"key":"e_1_3_2_41_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2009.02.010"},{"key":"e_1_3_2_42_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.adhoc.2016.08.014"},{"key":"e_1_3_2_43_2","doi-asserted-by":"publisher","DOI":"10.1109\/MCOM.2002.1039856"},{"key":"e_1_3_2_44_2","first-page":"576","article-title":"Efficient and beneficial defense against ddos direct attack and reflector attack","author":"He Y.","year":"2005","unstructured":"HeY., ChenW., PengW. and YangM., Efficient and beneficial defense against ddos direct attack and reflector attack, Parallel and Distributed Processing and Appl (2005), 576\u2013587.","journal-title":"Parallel and Distributed Processing and Appl"},{"issue":"2","key":"e_1_3_2_45_2","first-page":"111","article-title":"Data preprocessing for supervised leaning","volume":"1","author":"Kotsiantis S.B.","year":"2006","unstructured":"KotsiantisS.B., KanellopoulosD. and PintelasP.E., Data preprocessing for supervised leaning, Int J Computer Science1(2) (2006), 111\u2013117.","journal-title":"Int J Computer Science"},{"key":"e_1_3_2_46_2","doi-asserted-by":"publisher","DOI":"10.1109\/TKDE.2012.35"},{"key":"e_1_3_2_47_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-1-4615-5689-3"},{"key":"e_1_3_2_48_2","doi-asserted-by":"publisher","DOI":"10.1098\/rspa.2011.0704"},{"key":"e_1_3_2_49_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.proenv.2011.12.040"},{"key":"e_1_3_2_50_2","doi-asserted-by":"publisher","DOI":"10.1016\/S0167-8655(00)00112-4"},{"key":"e_1_3_2_51_2","doi-asserted-by":"publisher","DOI":"10.1080\/713827181"},{"key":"e_1_3_2_52_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.jsp.2009.10.001"},{"key":"e_1_3_2_53_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2009.02.054"},{"key":"e_1_3_2_54_2","volume-title":"A general purpose separability criterion for classification systems","author":"Grabczewski K.","year":"1999","unstructured":"GrabczewskiK. and DuchW., A general purpose separability criterion for classification systems, InProc 4th Conf Neural Networks and their Appl (1999)."},{"key":"e_1_3_2_55_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2010.11.028"},{"key":"e_1_3_2_56_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-27189-2_21"},{"key":"e_1_3_2_57_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2010.12.160"},{"key":"e_1_3_2_58_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2012.11.016"},{"key":"e_1_3_2_59_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICNSC.2007.372892"},{"key":"e_1_3_2_60_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2010.12.141"},{"key":"e_1_3_2_61_2","doi-asserted-by":"publisher","DOI":"10.1109\/DCABES.2010.98"},{"key":"e_1_3_2_62_2","volume-title":"Reducing network intrusion detection association rules using chi-squared pruning technique","author":"Namik A.F.","year":"2011","unstructured":"NamikA.F. and OthmanZ.A., Reducing network intrusion detection association rules using chi-squared pruning technique. InProc 3rd Conf Data Mining and Optimization (2011)."},{"key":"e_1_3_2_63_2","doi-asserted-by":"publisher","DOI":"10.1109\/TKDE.2005.66"},{"key":"e_1_3_2_64_2","first-page":"1157","article-title":"An introduction to variable and feature selection","volume":"3","author":"Guyon I.","year":"2003","unstructured":"GuyonI. and ElisseeffA., An introduction to variable and feature selection, J Machine Learning Research3 (2003), 1157\u20131182.","journal-title":"J Machine Learning Research"},{"key":"e_1_3_2_65_2","doi-asserted-by":"publisher","DOI":"10.3233\/IDA-1997-1302"},{"key":"e_1_3_2_66_2","first-page":"1205","article-title":"Efficient feature selection via analysis of relevance and redundancy","volume":"5","author":"Yu L.","year":"2004","unstructured":"YuL., LiuH. and GuyonI., Efficient feature selection via analysis of relevance and redundancy, J Machine Learning Research5 (2004), 1205\u20131224.","journal-title":"J Machine Learning Research"},{"key":"e_1_3_2_67_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.procs.2014.07.037"},{"key":"e_1_3_2_68_2","article-title":"Abstracting massive data for lightweight intrusion detection in computer networks","author":"Wang W.","year":"2016","unstructured":"WangW., LiuJ., PitsilisG. and ZhangX., Abstracting massive data for lightweight intrusion detection in computer networks, Information Sciences (2016).","journal-title":"Information Sciences"},{"key":"e_1_3_2_69_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2011.06.013"},{"key":"e_1_3_2_70_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.simpat.2016.01.010"},{"key":"e_1_3_2_71_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2017.06.005"},{"key":"e_1_3_2_72_2","doi-asserted-by":"publisher","DOI":"10.1007\/11599548_24"},{"key":"e_1_3_2_73_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.asoc.2012.05.004"},{"issue":"1","key":"e_1_3_2_74_2","first-page":"332","article-title":"Performance comparison of features reduction techniques for intrusion detection system","volume":"3","author":"Datti R.","year":"2012","unstructured":"DattiR. and LakinaS., Performance comparison of features reduction techniques for intrusion detection system, Int J Computer Science and Emerging Technologies3(1) (2012), 332\u2013335.","journal-title":"Int J Computer Science and Emerging Technologies"},{"key":"e_1_3_2_75_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.ins.2007.02.034"},{"key":"e_1_3_2_76_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.pisc.2016.05.010"},{"key":"e_1_3_2_77_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2009.05.029"}],"container-title":["Journal of Intelligent &amp; Fuzzy Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/journals.sagepub.com\/doi\/pdf\/10.3233\/JIFS-169432","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/journals.sagepub.com\/doi\/full-xml\/10.3233\/JIFS-169432","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/journals.sagepub.com\/doi\/pdf\/10.3233\/JIFS-169432","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,2,6]],"date-time":"2026-02-06T21:50:42Z","timestamp":1770414642000},"score":1,"resource":{"primary":{"URL":"https:\/\/journals.sagepub.com\/doi\/10.3233\/JIFS-169432"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,3,22]]},"references-count":76,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2018,3,22]]}},"alternative-id":["10.3233\/JIFS-169432"],"URL":"https:\/\/doi.org\/10.3233\/jifs-169432","relation":{},"ISSN":["1064-1246","1875-8967"],"issn-type":[{"value":"1064-1246","type":"print"},{"value":"1875-8967","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018,3,22]]}}}