{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,2]],"date-time":"2026-05-02T06:50:09Z","timestamp":1777704609258,"version":"3.51.4"},"reference-count":22,"publisher":"SAGE Publications","issue":"6","license":[{"start":{"date-parts":[[2018,8,1]],"date-time":"2018-08-01T00:00:00Z","timestamp":1533081600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/journals.sagepub.com\/page\/policies\/text-and-data-mining-license"}],"content-domain":{"domain":["journals.sagepub.com"],"crossmark-restriction":true},"short-container-title":["Journal of Intelligent & Fuzzy Systems"],"published-print":{"date-parts":[[2018,12,24]]},"abstract":"\n Anomaly-based intrusion detection system (IDS) is gaining wide attention from the research community, due to its robustness in detecting and profiling the newly discovered network attacks. Unlike signature-based IDS which solely relying on a set of pre-defined rules through some massive human efforts, anomaly-based IDS utilises the collected network traces in building its own classification model. The classification model can optimised when a large set of network traces is available. The ideal way of pooling the network traces is through database sharing. However, not many organisations are willing to release or share their network databases due to some privacy concerns, i.e. to avoid some kinds of internet traffic behaviour profiling. To address this issue, a number of anonymisation techniques was developed. The main usage of anonymisation techniques is to conceal the potentially sensitive information in the network traces. However, it is also important to ensure the anonymisation techniques are not over abusing the performances of IDS. To do so, the convention way is by using a Snort IDS to measure the number of alarms generated before-and-after an anonymisation solution is applied. However, this approach is infeasible for Anomaly-Based IDS. Thus, an alternative way of using machine learning approach is proposed and explored in this manuscript. Instead of manual evaluation through the usage of Snort IDS, a J48 decision tree (Weka package of C4.5 algorithm) is used. In this manuscript, two anonymisation techniques, (1)\n black-marker<\/jats:italic>\n , and (2)\n bilateral classification<\/jats:italic>\n are used to hide the value of port numbers; and their before-and-after performances are evaluated through a J48 decision tree.\n <\/jats:p>","DOI":"10.3233\/jifs-169834","type":"journal-article","created":{"date-parts":[[2018,8,5]],"date-time":"2018-08-05T06:38:03Z","timestamp":1533451083000},"page":"5927-5937","update-policy":"https:\/\/doi.org\/10.1177\/sage-journals-update-policy","source":"Crossref","is-referenced-by-count":1,"title":["Evaluation of black-marker and bilateral classification with J48 decision tree in anomaly based intrusion detection system"],"prefix":"10.1177","volume":"35","author":[{"given":"Yee Jian","family":"Chew","sequence":"first","affiliation":[{"name":"Faculty of Information Science and Technology, Multimedia University, Jalan Ayer Keroh Lama, Bukit Beruang, Melaka, Malaysia"}]},{"given":"Shih Yin","family":"Ooi","sequence":"additional","affiliation":[{"name":"Faculty of Information Science and Technology, Multimedia University, Jalan Ayer Keroh Lama, Bukit Beruang, Melaka, Malaysia"}]},{"given":"Kok-Seng","family":"Wong","sequence":"additional","affiliation":[{"name":"School of Software, Soongsil University, Sang-Doro, Sangdo-Dong, Dongjak-Gu, Seoul, South Korea"}]},{"given":"Ying Han","family":"Pang","sequence":"additional","affiliation":[{"name":"Faculty of Information Science and Technology, Multimedia University, Jalan Ayer Keroh Lama, Bukit Beruang, Melaka, Malaysia"}]},{"given":"Seong Oun","family":"Hwang","sequence":"additional","affiliation":[{"name":"Department of Software and Communications Engineering, Hongik University, Sejong, Korea"}]}],"member":"179","published-online":{"date-parts":[[2018,8]]},"reference":[{"key":"e_1_3_2_2_2","doi-asserted-by":"crossref","unstructured":"QardajiW. and LiN. Anonymizing Network Traces with Temporal Pseudonym Consistency 2012.","DOI":"10.1109\/ICDCSW.2012.11"},{"issue":"2","key":"e_1_3_2_3_2","first-page":"2372","article-title":"Obfuscation of sensitive data in network flows","volume":"23","author":"Riboni D.","year":"2015","unstructured":"RiboniD., VillaniA., VitaliD., BettiniC. and ManciniL.V., Obfuscation of sensitive data in network flows, IEEE Conf Comput Commun INFOCOM 201223(2) (2015), 2372\u20132380.","journal-title":"IEEE Conf Comput Commun INFOCOM 2012"},{"key":"e_1_3_2_4_2","first-page":"237","article-title":"Privacy\/analysis tradeoffs in sharing anonymized packet traces: Single-field case","author":"Yurcik W.","year":"2008","unstructured":"YurcikW., WoolamC., HellingsG., KhanL. and ThuraisinghamB., Privacy\/analysis tradeoffs in sharing anonymized packet traces: Single-field case, ARES 2008 - 3rd Int Conf Availability, Secur Reliab Proc, no. October 2007, 2008, pp. 237\u2013244.","journal-title":"ARES 2008 - 3rd Int Conf Availability, Secur Reliab Proc, no. October 2007"},{"key":"e_1_3_2_5_2","doi-asserted-by":"publisher","DOI":"10.1109\/69.971193"},{"key":"e_1_3_2_6_2","first-page":"24","article-title":"L-Diversity: Privacy beyond k-anonymity","volume":"2006","author":"Machanavajjhala A.","year":"2006","unstructured":"MachanavajjhalaA., GehrkeJ., KiferD. and VenkitasubramaniamM., L-Diversity: Privacy beyond k-anonymity, Proc - Int Conf Data Eng, vol.2006, 2006, p.24.","journal-title":"Proc - Int Conf Data Eng"},{"key":"e_1_3_2_7_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICDE.2007.367856"},{"key":"e_1_3_2_8_2","first-page":"1","article-title":"Differential privacy","author":"Dwork C.","year":"2006","unstructured":"DworkC., Differential privacy, Proc 33rd Int Colloq Autom Lang Program, 2006, pp. 1\u201312.","journal-title":"Proc 33rd Int Colloq Autom Lang Program"},{"key":"e_1_3_2_9_2","first-page":"1293","article-title":"A study of usability-aware network trace anonymization","author":"Mivule K.","year":"2015","unstructured":"MivuleK. and AndersonB., A study of usability-aware network trace anonymization, Proc 2015 Sci Inf Conf SAI 2015, 2015, pp. 1293\u20131304.","journal-title":"Proc 2015 Sci Inf Conf SAI 2015"},{"key":"e_1_3_2_10_2","unstructured":"BoschiiE. TrammellB. and ZurichE. IP Flow Anonymization Support Internet Engineering Task Force (IETF) 2011. [Online]. Available: https:\/\/tools.ietf.org\/html\/rfc6235. [Accessed: 11-Feb-2018]."},{"key":"e_1_3_2_11_2","doi-asserted-by":"publisher","DOI":"10.1109\/NOMS.2008.4575265"},{"key":"e_1_3_2_12_2","first-page":"49","article-title":"SCRUB-tcpdump: A multi-level packet anonymizer demonstrating privacy\/analysis tradeoffs, no. 1","author":"Yurcik W.","year":"2007","unstructured":"YurcikW., WoolamC., HellingsG., KhanL. and ThuraisinghamB., SCRUB-tcpdump: A multi-level packet anonymizer demonstrating privacy\/analysis tradeoffs, no. 1, Proc 3rd Int Conf Secur Priv Commun Networks, Secur, 2007, pp. 49\u201356.","journal-title":"Proc 3rd Int Conf Secur Priv Commun Networks, Secur"},{"key":"e_1_3_2_13_2","first-page":"16","article-title":"FLAIM: A Multi-level Anonymization Framework for Computer and Network Logs","author":"Slagell A.","year":"2006","unstructured":"SlagellA., LakkarajuK. and LuoK., FLAIM: A Multi-level Anonymization Framework for Computer and Network Logs, Proc LISA 06 20th Large Install Syst Adm Conf Washingt DC USENIX Assoc, 2006, p. 16.","journal-title":"Proc LISA 06 20th Large Install Syst Adm Conf Washingt DC USENIX Assoc"},{"key":"e_1_3_2_14_2","first-page":"33","article-title":"Flexible and high-performance anonymization of Netflow records using anontool","author":"Foukarakis M.","year":"2007","unstructured":"FoukarakisM., AntoniadesD., AntonatosS. and MarkatosE.P., Flexible and high-performance anonymization of Netflow records using anontool, Proc 3rd Int Conf Secur Priv Commun Networks, Secur, 2007, pp. 33\u201338.","journal-title":"Proc 3rd Int Conf Secur Priv Commun Networks, Secur"},{"key":"e_1_3_2_15_2","first-page":"261","article-title":"Anonym: A tool for anonymization of the internet traffic","author":"Farah T.","year":"2013","unstructured":"FarahT. and Trajkovi\u0107L., Anonym: A tool for anonymization of the internet traffic, 2013 IEEE Int Conf Cybern CYBCONF 2013, 2013, pp. 261\u2013266.","journal-title":"2013 IEEE Int Conf Cybern CYBCONF 2013"},{"key":"e_1_3_2_16_2","unstructured":"J. Bongertz TraceWrangler. [Online]. Available: https:\/\/www.tracewrangler.com\/ [Accessed: 01-Nov-2017]."},{"key":"e_1_3_2_17_2","doi-asserted-by":"publisher","DOI":"10.1109\/JSYST.2014.2301464"},{"key":"e_1_3_2_18_2","first-page":"1","article-title":"Evaluating the utility of anonymized network traces for intrusion detection","author":"Lakkaraju K.","year":"2008","unstructured":"LakkarajuK. and SlagellA., Evaluating the utility of anonymized network traces for intrusion detection, Proc 4th Int Conf Secur Priv Commun netowrks - Secur \u201908, 2008, p. 1.","journal-title":"Proc 4th Int Conf Secur Priv Commun netowrks - Secur \u201908"},{"key":"e_1_3_2_19_2","article-title":"Effects of network trace sampling methods on privacy and utility metrics","author":"Fazio P.","year":"2012","unstructured":"FazioP., TanK. and KotzD., Effects of network trace sampling methods on privacy and utility metrics, 2012 4th Int Conf Commun Syst Networks, COMSNETS 2012, 2012.","journal-title":"2012 4th Int Conf Commun Syst Networks, COMSNETS 2012"},{"key":"e_1_3_2_20_2","doi-asserted-by":"publisher","DOI":"10.1109\/SECCOMW.2006.359577"},{"key":"e_1_3_2_21_2","unstructured":"LuoK. LiY. ErmopoulosC. YurcikW. and SlagellA. SCRUB-PA: A Multi-Level Multi-Dimensional Anonymization Tool for Process Accounting Arxiv Prepr.cs\/0601079 2006."},{"key":"e_1_3_2_22_2","first-page":"1348","article-title":"A detail analysis on intrusion detection datasets","author":"Sahu S.K.","year":"2014","unstructured":"SahuS.K., SarangiS. and JenaS.K., A detail analysis on intrusion detection datasets, Souvenir 2014 IEEE Int Adv Comput Conf IACC 2014, 2014, pp. 1348\u20131353.","journal-title":"Souvenir 2014 IEEE Int Adv Comput Conf IACC 2014"},{"key":"e_1_3_2_23_2","unstructured":"PeronaI. ArbelaitzO. GurrutxagaI. MartinJ.I. MuguerzaJ. and PerezJ.M. Generation of the database gurekddcup 2016."}],"container-title":["Journal of Intelligent & Fuzzy Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/journals.sagepub.com\/doi\/pdf\/10.3233\/JIFS-169834","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/journals.sagepub.com\/doi\/full-xml\/10.3233\/JIFS-169834","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/journals.sagepub.com\/doi\/pdf\/10.3233\/JIFS-169834","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,4,29]],"date-time":"2026-04-29T09:41:36Z","timestamp":1777455696000},"score":1,"resource":{"primary":{"URL":"https:\/\/journals.sagepub.com\/doi\/10.3233\/JIFS-169834"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,8]]},"references-count":22,"journal-issue":{"issue":"6","published-print":{"date-parts":[[2018,12,24]]}},"alternative-id":["10.3233\/JIFS-169834"],"URL":"https:\/\/doi.org\/10.3233\/jifs-169834","relation":{},"ISSN":["1064-1246","1875-8967"],"issn-type":[{"value":"1064-1246","type":"print"},{"value":"1875-8967","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018,8]]}}}