{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,26]],"date-time":"2026-03-26T19:01:41Z","timestamp":1774551701071,"version":"3.50.1"},"reference-count":138,"publisher":"MDPI AG","issue":"5","license":[{"start":{"date-parts":[[2021,4,25]],"date-time":"2021-04-25T00:00:00Z","timestamp":1619308800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["61941113, 81674099, 61502233"],"award-info":[{"award-number":["61941113, 81674099, 61502233"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"name":"the Fundamental Research Fund for the Central Universities","award":["30918015103, 30918012204"],"award-info":[{"award-number":["30918015103, 30918012204"]}]},{"name":"Nanjing Science and Technology Development Plan Project","award":["201805036"],"award-info":[{"award-number":["201805036"]}]},{"name":"13th Five-Year&quot; equipment field fund","award":["61403120501"],"award-info":[{"award-number":["61403120501"]}]},{"name":"China Academy of Engineering Consulting Research Project","award":["2019-ZD-1-02-02"],"award-info":[{"award-number":["2019-ZD-1-02-02"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Entropy"],"abstract":"<jats:p>Network anomaly detection systems (NADSs) play a significant role in every network defense system as they detect and prevent malicious activities. Therefore, this paper offers an exhaustive overview of different aspects of anomaly-based network intrusion detection systems (NIDSs). Additionally, contemporary malicious activities in network systems and the important properties of intrusion detection systems are discussed as well. The present survey explains important phases of NADSs, such as pre-processing, feature extraction and malicious behavior detection and recognition. In addition, with regard to the detection and recognition phase, recent machine learning approaches including supervised, unsupervised, new deep and ensemble learning techniques have been comprehensively discussed; moreover, some details about currently available benchmark datasets for training and evaluating machine learning techniques are provided by the researchers. In the end, potential challenges together with some future directions for machine learning-based NADSs are specified.<\/jats:p>","DOI":"10.3390\/e23050529","type":"journal-article","created":{"date-parts":[[2021,4,25]],"date-time":"2021-04-25T22:31:39Z","timestamp":1619389899000},"page":"529","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":44,"title":["A Review on Machine Learning Approaches for Network Malicious Behavior Detection in Emerging Technologies"],"prefix":"10.3390","volume":"23","author":[{"given":"Mahdi","family":"Rabbani","sequence":"first","affiliation":[{"name":"School of Computer Science and Engineering, Nanjing University of Science and Technology, Nanjing 210094, China"}]},{"given":"Yongli","family":"Wang","sequence":"additional","affiliation":[{"name":"School of Computer Science and Engineering, Nanjing University of Science and Technology, Nanjing 210094, China"}]},{"given":"Reza","family":"Khoshkangini","sequence":"additional","affiliation":[{"name":"Center for Applied Intelligent Systems Research (CAISR), Halmstad University, 30118 Halmstad, Sweden"}]},{"given":"Hamed","family":"Jelodar","sequence":"additional","affiliation":[{"name":"Faculty of Computer Science, Dalhousie University, Halifax, NS B3H 4R2, Canada"}]},{"given":"Ruxin","family":"Zhao","sequence":"additional","affiliation":[{"name":"School of Computer Science and Engineering, Nanjing University of Science and Technology, Nanjing 210094, China"}]},{"given":"Sajjad","family":"Bagheri Baba Ahmadi","sequence":"additional","affiliation":[{"name":"School of Computer Science and Engineering, Nanjing University of Science and Technology, Nanjing 210094, China"}]},{"given":"Seyedvalyallah","family":"Ayobi","sequence":"additional","affiliation":[{"name":"School of Computer Science and Engineering, Nanjing University of Science and Technology, Nanjing 210094, China"}]}],"member":"1968","published-online":{"date-parts":[[2021,4,25]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"303","DOI":"10.1109\/SURV.2013.052213.00046","article-title":"Network anomaly detection: Methods, systems and tools","volume":"16","author":"Bhuyan","year":"2014","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"ref_2","doi-asserted-by":"crossref","unstructured":"Gasti, P., Tsudik, G., Uzun, E., and Zhang, L. (August, January 30). DoS and DDoS in named data networking. Proceedings of the 2013 22nd International Conference on Computer Communication and Networks (ICCCN), Nassau, Bahamas.","DOI":"10.1109\/ICCCN.2013.6614127"},{"key":"ref_3","unstructured":"Ahvanooey, M.T., Li, Q., Rabbani, M., and Rajput, A.R. (2020). A survey on smartphones security: Software vulnerabilities, malware, and attacks. arXiv Prepr."},{"key":"ref_4","unstructured":"Hindy, H., Brosset, D., Bayne, E., Seeam, A., Tachtatzis, C., Atkinson, R., and Bellekens, X. (2018). A taxonomy and survey of intrusion detection system design techniques, network threats and datasets. arXiv Prepr."},{"key":"ref_5","unstructured":"Lu, S., Ying, L., Lin, W., Wang, Y., Nie, M., Shen, K., Liu, L., and Duan, H. (2019). New Era of Deeplearning-Based Malware Intrusion Detection: The Malware Detection and Prediction Based On Deep Learning. arXiv Prepr."},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"201","DOI":"10.1016\/j.ins.2013.03.022","article-title":"Adversarial attacks against intrusion detection systems: Taxonomy, solutions and open issues","volume":"239","author":"Corona","year":"2013","journal-title":"Inf. Sci."},{"key":"ref_7","unstructured":"Hodo, E., Bellekens, X., Hamilton, A., Tachtatzis, C., and Atkinson, R. (2017). Shallow and deep networks intrusion detection system: A taxonomy and survey. arXiv Prepr."},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"135","DOI":"10.1016\/j.cose.2016.11.004","article-title":"A survey of intrusion detection systems based on ensemble and hybrid classifiers","volume":"65","author":"Aburomman","year":"2017","journal-title":"Comput. Secur."},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"278","DOI":"10.1016\/j.future.2015.01.001","article-title":"A survey of anomaly detection techniques in financial domain","volume":"55","author":"Ahmed","year":"2016","journal-title":"Future Gener. Comput. Syst."},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"1153","DOI":"10.1109\/COMST.2015.2494502","article-title":"A survey of data mining and machine learning methods for cyber security intrusion detection","volume":"18","author":"Buczak","year":"2015","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"19","DOI":"10.1016\/j.jnca.2015.11.016","article-title":"A survey of network anomaly detection techniques","volume":"60","author":"Ahmed","year":"2016","journal-title":"J. Netw. Comput. Appl."},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"16","DOI":"10.1016\/j.jnca.2012.09.004","article-title":"Intrusion detection system: A comprehensive review","volume":"36","author":"Liao","year":"2013","journal-title":"J. Netw. Comput. Appl."},{"key":"ref_13","doi-asserted-by":"crossref","first-page":"33","DOI":"10.1016\/j.jnca.2018.12.006","article-title":"A holistic review of Network Anomaly Detection Systems: A comprehensive survey","volume":"128","author":"Moustafa","year":"2019","journal-title":"J. Netw. Comput. Appl."},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"102507","DOI":"10.1016\/j.jnca.2019.102507","article-title":"A Hybrid Machine Learning Approach for Malicious Behaviour Detection and Recognition in Cloud Computing","volume":"151","author":"Rabbani","year":"2019","journal-title":"J. Netw. Comput. Appl."},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Keshk, M., Moustafa, N., Sitnikova, E., and Creech, G. (2017, January 14\u201316). Privacy preservation intrusion detection technique for SCADA systems. Proceedings of the 2017 Military Communications and Information Systems Conference (MilCIS), Canberra, ACT, Australia.","DOI":"10.1109\/MilCIS.2017.8190422"},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"1881","DOI":"10.1016\/j.comcom.2009.07.013","article-title":"Network forensics based on fuzzy logic and expert system","volume":"32","author":"Liao","year":"2009","journal-title":"Comput. Commun."},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"54","DOI":"10.1109\/MSP.2013.51","article-title":"Automatic attack signature generation systems: A review","volume":"11","author":"Kaur","year":"2013","journal-title":"IEEE Secur. Priv."},{"key":"ref_18","doi-asserted-by":"crossref","unstructured":"Khoshkangini, R., and Pashami, S. (2020, January 1\u20135). Baysian Network for Failure Prediction in Different Seasons. Proceedings of the 30th European Safety and Reliability Conference and 15th Probabilistic Safety Assessment and Management Conference (ESREL2020 PSAM15), Venice, Italy.","DOI":"10.3850\/978-981-14-8593-0_4441-cd"},{"key":"ref_19","doi-asserted-by":"crossref","unstructured":"Khoshkangini, R., and Pashami, S. (2019, January 3\u20136). Warranty claim rate prediction using logged vehicle data. Proceedings of the EPIA Conference on Artificial Intelligence, Vila Real, Portugal.","DOI":"10.1007\/978-3-030-30241-2_55"},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"481","DOI":"10.1109\/TBDATA.2017.2715166","article-title":"Novel geometric area analysis technique for anomaly detection using trapezoidal area estimation on large-scale networks","volume":"5","author":"Moustafa","year":"2017","journal-title":"IEEE Trans. Big Data"},{"key":"ref_21","doi-asserted-by":"crossref","first-page":"32910","DOI":"10.1109\/ACCESS.2018.2844794","article-title":"A new threat intelligence scheme for safeguarding industry 4.0 systems","volume":"6","author":"Moustafa","year":"2018","journal-title":"IEEE Access"},{"key":"ref_22","doi-asserted-by":"crossref","first-page":"3496","DOI":"10.1109\/COMST.2018.2844742","article-title":"A Critical Review of Practices and Challenges in Intrusion Detection Systems for IoT: Toward Universal and Resilient Systems","volume":"20","author":"Benkhelifa","year":"2018","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"ref_23","doi-asserted-by":"crossref","first-page":"314","DOI":"10.1109\/TETC.2016.2633228","article-title":"A two-layer dimension reduction and two-tier classification model for anomaly-based intrusion detection in IoT backbone networks","volume":"7","author":"Pajouh","year":"2016","journal-title":"IEEE Trans. Emerg. Top. Comput."},{"key":"ref_24","unstructured":"(2021, April 19). The Acsc Threat Report, Available online: https:\/\/www.acsc.gov.au\/publications\/."},{"key":"ref_25","unstructured":"(2021, April 19). The Macafee Threat Report. Available online: https:\/\/www.mcafee.com."},{"key":"ref_26","unstructured":"Schultz, M.G., Eskin, E., Zadok, F., and Stolfo, S.J. (2001, January 14\u201316). Data mining methods for detection of new malicious executables. Proceedings of the 2001 IEEE Symposium on Security and Privacy S&P 2001, Oakland, CA, USA."},{"key":"ref_27","first-page":"1","article-title":"A survey on malware detection using data mining techniques","volume":"50","author":"Ye","year":"2017","journal-title":"ACM Comput. Surv. CSUR"},{"key":"ref_28","doi-asserted-by":"crossref","unstructured":"Honda, S., Unno, Y., Maruhashi, K., Takenaka, M., and Torii, S. (2015, January 11\u201315). TOPASE: Detection of brute force attacks used disciplined IPs from IDS log. Proceedings of the 2015 IFIP\/IEEE International Symposium on Integrated Network Management (IM), Ottawa, ON, Canada.","DOI":"10.1109\/INM.2015.7140496"},{"key":"ref_29","doi-asserted-by":"crossref","unstructured":"Ayobi, S., Wang, Y., Rabbani, M., Dorri, A., Jelodar, H., Huang, H., and Yarmohammadi, S. (2020, January 18\u201320). A Lightweight Blockchain-Based Trust Model for Smart Vehicles in VANETs. Proceedings of the International Conference on Security, Privacy and Anonymity in Computation, Communication and Storage, Nanjing, China.","DOI":"10.1007\/978-3-030-68851-6_20"},{"key":"ref_30","doi-asserted-by":"crossref","unstructured":"Moustafa, N., and Slay, J. (2015, January 10\u201312). UNSW-NB15: A comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). Proceedings of the 2015 Military Communications and Information Systems Conference (MilCIS), Canberra, ACT, Australia.","DOI":"10.1109\/MilCIS.2015.7348942"},{"key":"ref_31","doi-asserted-by":"crossref","first-page":"1113","DOI":"10.1002\/cpe.3061","article-title":"A distributed approach to network anomaly detection based on independent component analysis","volume":"26","author":"Palmieri","year":"2014","journal-title":"Concurr. Comput. Pract. Exp."},{"key":"ref_32","doi-asserted-by":"crossref","unstructured":"Xanthopoulos, P., Pardalos, P.M., and Trafalis, T.B. (2013). Principal component analysis. Robust Data Mining, Springer.","DOI":"10.1007\/978-1-4419-9878-1"},{"key":"ref_33","first-page":"259","article-title":"Category-based intrusion detection using PCA","volume":"3","author":"Zargar","year":"2012","journal-title":"J. Inf. Secur."},{"key":"ref_34","doi-asserted-by":"crossref","first-page":"3899","DOI":"10.1016\/j.eswa.2011.06.033","article-title":"A differentiated one-class classification method with applications to intrusion detection","volume":"39","author":"Kang","year":"2012","journal-title":"Expert Syst. Appl."},{"key":"ref_35","first-page":"488","article-title":"Using an Ensemble of One-Class SVM Classifiers to Harden Payload-based Anomaly Detection Systems","volume":"6","author":"Perdisci","year":"2006","journal-title":"ICDM Citeseer"},{"key":"ref_36","doi-asserted-by":"crossref","unstructured":"Zargar, G.R., and Kabiri, P. (2009, January 28\u201331). Identification of effective network features for probing attack detection. Proceedings of the 2009 First International Conference on Networked Digital Technologies, Ostrava, Czech Republic.","DOI":"10.1109\/NDT.2009.5272124"},{"key":"ref_37","doi-asserted-by":"crossref","first-page":"811","DOI":"10.1016\/j.comnet.2012.10.002","article-title":"Repids: A multi tier real-time payload-based intrusion detection system","volume":"57","author":"Jamdagni","year":"2013","journal-title":"Comput. Networks"},{"key":"ref_38","unstructured":"Wikipedia (2019, October 27). Regression Analysis\u2014Wikipedia, The Free Encyclopedia. Available online: http:\/\/en.wikipedia.org\/w\/index.php?title=Regression%20analysis&oldid=922071233."},{"key":"ref_39","doi-asserted-by":"crossref","unstructured":"Sirageldin, A., Baharudin, B.B., and Jung, L.T. (2014). Malicious web page detection: A machine learning approach. Advances in Computer Science and Its Applications, Springer.","DOI":"10.1007\/978-3-642-41674-3_32"},{"key":"ref_40","doi-asserted-by":"crossref","first-page":"3311","DOI":"10.1002\/sec.1255","article-title":"DLLMiner: Structural mining for malware detection","volume":"8","author":"Narouei","year":"2015","journal-title":"Secur. Commun. Netw."},{"key":"ref_41","doi-asserted-by":"crossref","first-page":"488","DOI":"10.1016\/j.ins.2014.03.066","article-title":"Big data analytics framework for peer-to-peer botnet detection using random forests","volume":"278","author":"Singh","year":"2014","journal-title":"Inf. Sci."},{"key":"ref_42","doi-asserted-by":"crossref","first-page":"226","DOI":"10.1016\/j.procs.2017.09.129","article-title":"RFAODE: A novel ensemble intrusion detection system","volume":"115","author":"Jabbar","year":"2017","journal-title":"Procedia Comput. Sci."},{"key":"ref_43","doi-asserted-by":"crossref","first-page":"2986","DOI":"10.1109\/TC.2016.2519914","article-title":"Building an intrusion detection system using a filter-based feature selection algorithm","volume":"65","author":"Ambusaidi","year":"2016","journal-title":"IEEE Trans. Comput."},{"key":"ref_44","doi-asserted-by":"crossref","unstructured":"Wagner, C., Fran\u00e7ois, J., and Engel, T. (2011). Machine learning approach for ip-flow record anomaly detection. International Conference on Research in Networking, Springer.","DOI":"10.1007\/978-3-642-20757-0_3"},{"key":"ref_45","unstructured":"Poornachandran, P., Praveen, S., Ashok, A., Krishnan, M.R., and Soman, K. Drive-by-download malware detection in hosts by analyzing system resource utilization using one class support vector machines. Proceedings of the 5th International Conference on Frontiers in Intelligent Computing: Theory and Applications."},{"key":"ref_46","doi-asserted-by":"crossref","first-page":"3216","DOI":"10.1109\/TII.2017.2789219","article-title":"Significant permission identification for machine-learning-based android malware detection","volume":"14","author":"Li","year":"2018","journal-title":"IEEE Trans. Ind. Inform."},{"key":"ref_47","doi-asserted-by":"crossref","unstructured":"Wang, T.Y., Wu, C.H., and Hsieh, C.C. (2008, January 8\u201311). A virus prevention model based on static analysis and data mining methods. Proceedings of the 2008 IEEE 8th International Conference on Computer and Information Technology Workshops, Sydney, NSW, Australia.","DOI":"10.1109\/CIT.2008.Workshops.102"},{"key":"ref_48","doi-asserted-by":"crossref","first-page":"91","DOI":"10.1016\/j.jss.2014.10.031","article-title":"Profiling and classifying the behavior of malicious codes","volume":"100","author":"Alazab","year":"2015","journal-title":"J. Syst. Softw."},{"key":"ref_49","doi-asserted-by":"crossref","unstructured":"Bar-Yanai, R., Langberg, M., Peleg, D., and Roditty, L. (2010, January 20\u201322). Realtime classification for encrypted traffic. Proceedings of the International Symposium on Experimental Algorithms, Naples, Italy.","DOI":"10.1007\/978-3-642-13193-6_32"},{"key":"ref_50","doi-asserted-by":"crossref","first-page":"13","DOI":"10.1016\/j.knosys.2015.01.009","article-title":"CANN: An intrusion detection system based on combining cluster centers and nearest neighbors","volume":"78","author":"Lin","year":"2015","journal-title":"Knowl. Based Syst."},{"key":"ref_51","unstructured":"Kirk, A., Legg, J., and El-Mahassni, E. (2014). Anomaly Detection and Attribution Using Bayesian Networks, Technical Report."},{"key":"ref_52","doi-asserted-by":"crossref","first-page":"745","DOI":"10.1613\/jair.3050","article-title":"Intrusion detection using continuous time Bayesian networks","volume":"39","author":"Xu","year":"2010","journal-title":"J. Artif. Intell. Res."},{"key":"ref_53","doi-asserted-by":"crossref","unstructured":"Altwaijry, H. (2013). Bayesian based intrusion detection system. IAENG Transactions on Engineering Technologies, Springer.","DOI":"10.1007\/978-94-007-4786-9_3"},{"key":"ref_54","unstructured":"Moustafa, N., and Slay, J. (, January 3\u20135). A network forensic scheme using correntropy-variation for attack detection. Proceedings of the IFIP International Conference on Digital Forensics, New Delhi, India."},{"key":"ref_55","unstructured":"Shen, X., and Agrawal, S. (2006). Kernel Density Estimation for An Anomaly Based Intrusion Detection System. MLMTA, 161\u2013167. Available online: https:\/\/www.researchgate.net\/profile\/Xiaoping-Shen-2\/publication\/221188648_Kernel_Density_Estimation_for_An_Anomaly_Based_Intrusion_Detection_System\/links\/54de03c60cf22a26721dd528\/Kernel-Density-Estimation-for-An-Anomaly-Based-Intrusion-Detection-System.pdf."},{"key":"ref_56","unstructured":"Bridges, S.M., and Vaughn, R.B. (2000, January 16\u201319). Fuzzy data mining and genetic algorithms applied to intrusion detection. Proceedings of the 12th Annual Canadian Information Technology Security Symposium, Baltimore, MD, USA."},{"key":"ref_57","unstructured":"Dickerson, J.E., and Dickerson, J.A. (2000, January 13\u201315). Fuzzy network profiling for intrusion detection. Proceedings of the PeachFuzz 2000, 19th International Conference of the North American Fuzzy Information Processing Society-NAFIPS (Cat. No. 00TH8500), Atlanta, GA, USA."},{"key":"ref_58","doi-asserted-by":"crossref","first-page":"3448","DOI":"10.1016\/j.comnet.2007.02.001","article-title":"An overview of anomaly detection techniques: Existing solutions and latest technological trends","volume":"51","author":"Patcha","year":"2007","journal-title":"Comput. Netw."},{"key":"ref_59","doi-asserted-by":"crossref","first-page":"185","DOI":"10.1016\/j.jnca.2017.03.018","article-title":"Generating realistic intrusion detection system dataset based on fuzzy qualitative modeling","volume":"87","author":"Haider","year":"2017","journal-title":"J. Netw. Comput. Appl."},{"key":"ref_60","doi-asserted-by":"crossref","first-page":"306","DOI":"10.1016\/j.eswa.2010.06.066","article-title":"A novel intrusion detection system based on hierarchical clustering and support vector machines","volume":"38","author":"Horng","year":"2011","journal-title":"Expert Syst. Appl."},{"key":"ref_61","doi-asserted-by":"crossref","unstructured":"Li, H. (2010, January 28\u201329). Research and implementation of an anomaly detection model based on clustering analysis. Proceedings of the 2010 International Symposium on Intelligence Information Processing and Trusted Computing, Huanggang, China.","DOI":"10.1109\/IPTC.2010.94"},{"key":"ref_62","doi-asserted-by":"crossref","first-page":"1659","DOI":"10.1016\/j.eswa.2007.01.040","article-title":"DDoS attack detection method using cluster analysis","volume":"34","author":"Lee","year":"2008","journal-title":"Expert Syst. Appl."},{"key":"ref_63","doi-asserted-by":"crossref","first-page":"95","DOI":"10.1016\/j.ins.2014.09.025","article-title":"A nature-inspired approach to speed up optimum-path forest clustering and its application to intrusion detection in computer networks","volume":"294","author":"Costa","year":"2015","journal-title":"Inf. Sci."},{"key":"ref_64","doi-asserted-by":"crossref","unstructured":"Jadhav, A., Jadhav, A., Jadhav, P., and Kulkarni, P. (2013, January 18\u201319). A novel approach for the design of network intrusion detection system (NIDS). Proceedings of the 2013 International Conference on Sensor Network Security Technology and Privacy Communication System, Harbin, China.","DOI":"10.1109\/SNS-PCS.2013.6553828"},{"key":"ref_65","doi-asserted-by":"crossref","first-page":"15","DOI":"10.1145\/1541880.1541882","article-title":"Anomaly Detection: A Survey","volume":"41","author":"Chandola","year":"2009","journal-title":"ACM Comput. Surv."},{"key":"ref_66","doi-asserted-by":"crossref","unstructured":"Nguyen, H.H., Harbi, N., and Darmont, J. (2011, January 21\u201323). An efficient local region and clustering-based ensemble system for intrusion detection. Proceedings of the 15th Symposium on International Database Engineering & Applications, Lisbon, Portugal.","DOI":"10.1145\/2076623.2076647"},{"key":"ref_67","unstructured":"Moustafa, N., Misra, G., and Slay, J. (2018). Generalized outlier gaussian mixture technique based on automated association features for simulating and detecting web application attacks. IEEE Trans. Sustain. Comput."},{"key":"ref_68","doi-asserted-by":"crossref","unstructured":"Fan, W., Bouguila, N., and Sallay, H. (2013, January 11\u201314). Anomaly intrusion detection using incremental learning of an infinite mixture model with feature selection. Proceedings of the International Conference on Rough Sets and Knowledge Technology, Halifax, NS, Canada.","DOI":"10.1007\/978-3-642-41299-8_35"},{"key":"ref_69","doi-asserted-by":"crossref","unstructured":"Moustafa, N., Creech, G., Sitnikova, E., and Keshk, M. (2017, January 14\u201316). Collaborative anomaly detection framework for handling big data of cloud computing. Proceedings of the 2017 Military Communications and Information Systems Conference (MilCIS), Canberra, ACT, Australia.","DOI":"10.1109\/MilCIS.2017.8190421"},{"key":"ref_70","doi-asserted-by":"crossref","unstructured":"Moustafa, N., Creech, G., and Slay, J. (2018). Anomaly detection system using beta mixture models and outlier detection. Progress in Computing, Analytics and Networking, Springer.","DOI":"10.1007\/978-981-10-7871-2_13"},{"key":"ref_71","doi-asserted-by":"crossref","unstructured":"Revanur, V., Ayibiowu, A., Rahat, M., and Khoshkangini, R. (2020). Embeddings Based Parallel Stacked Autoencoder Approach for Dimensionality Reduction and Predictive Maintenance of Vehicles. IoT Streams for Data-Driven Predictive Maintenance and IoT, Edge, and Mobile for Embedded Machine Learning, Springer.","DOI":"10.1007\/978-3-030-66770-2_10"},{"key":"ref_72","doi-asserted-by":"crossref","first-page":"1460","DOI":"10.1109\/TKDE.2012.99","article-title":"Anomaly detection via online oversampling principal component analysis","volume":"25","author":"Lee","year":"2012","journal-title":"IEEE Trans. Knowl. Data Eng."},{"key":"ref_73","doi-asserted-by":"crossref","unstructured":"Han, X., Xu, L., Ren, M., and Gu, W. (2015, January 13\u201315). A Naive Bayesian network intrusion detection algorithm based on Principal Component Analysis. Proceedings of the 2015 7th International Conference on Information Technology in Medicine and Education (ITME), Huangshan, China.","DOI":"10.1109\/ITME.2015.29"},{"key":"ref_74","unstructured":"Bhagoji, A.N., Cullina, D., and Mittal, P. (2017). Dimensionality reduction as a defense against evasion attacks on machine learning classifiers. arXiv Prepr."},{"key":"ref_75","doi-asserted-by":"crossref","first-page":"7419","DOI":"10.1109\/TIT.2013.2278017","article-title":"A compressed PCA subspace method for anomaly detection in high-dimensional data","volume":"59","author":"Ding","year":"2013","journal-title":"IEEE Trans. Inf. Theory"},{"key":"ref_76","doi-asserted-by":"crossref","first-page":"17742","DOI":"10.1109\/ACCESS.2017.2749538","article-title":"The effects of traditional anti-virus labels on malware detection using dynamic runtime opcodes","volume":"5","author":"Carlin","year":"2017","journal-title":"IEEE Access"},{"key":"ref_77","doi-asserted-by":"crossref","first-page":"201","DOI":"10.1007\/s11416-010-0148-y","article-title":"Hunting for undetectable metamorphic viruses","volume":"7","author":"Lin","year":"2011","journal-title":"J. Comput. Virol."},{"key":"ref_78","doi-asserted-by":"crossref","unstructured":"Saber, M., El Farissi, I., Chadli, S., Emharraf, M., and Belkasmi, M.G. (2017). Performance Analysis of an Intrusion Detection Systems Based of Artificial Neural Network. Europe and MENA Cooperation Advances in Information and Communication Technologies, Springer.","DOI":"10.1007\/978-3-319-46568-5_52"},{"key":"ref_79","doi-asserted-by":"crossref","unstructured":"Ramadas, M., Ostermann, S., and Tjaden, B. (2003). Detecting anomalous network traffic with self-organizing maps. International Workshop on Recent Advances in Intrusion Detection, Springer.","DOI":"10.1007\/978-3-540-45248-5_3"},{"key":"ref_80","doi-asserted-by":"crossref","unstructured":"Hawkins, S., He, H., Williams, G., and Baxter, R. (2002, January 4\u20146). Outlier detection using replicator neural networks. Proceedings of the International Conference on Data Warehousing and Knowledge Discovery, Aix-en-Provence, France.","DOI":"10.1007\/3-540-46145-0_17"},{"key":"ref_81","first-page":"928","article-title":"Hybrid neural networks for intrusion detection system","volume":"7","author":"Jirapummin","year":"2002","journal-title":"Proc. ITC-CSCC"},{"key":"ref_82","doi-asserted-by":"crossref","unstructured":"Ghosh, A.K., Michael, C., and Schatz, M. (2000, January 2\u20134). A real-time intrusion detection system based on learning program behavior. Proceedings of the International Workshop on Recent Advances in Intrusion Detection, Toulouse, France.","DOI":"10.1007\/3-540-39945-3_7"},{"key":"ref_83","first-page":"12","article-title":"A Study in Using Neural Networks for Anomaly and Misuse Detection","volume":"99","author":"Ghosh","year":"1999","journal-title":"USENIX Secur. Symp."},{"key":"ref_84","doi-asserted-by":"crossref","first-page":"311","DOI":"10.1016\/j.eswa.2016.03.042","article-title":"An efficient proactive artificial immune system based anomaly detection and prevention system","volume":"60","author":"Saurabh","year":"2016","journal-title":"Expert Syst. Appl."},{"key":"ref_85","first-page":"1","article-title":"Learning Program Behavior Profiles for Intrusion Detection","volume":"51462","author":"Ghosh","year":"1999","journal-title":"Workshop Intrusion Detect. Netw. Monit."},{"key":"ref_86","doi-asserted-by":"crossref","first-page":"131","DOI":"10.1007\/s10710-010-9101-6","article-title":"An ensemble-based evolutionary framework for coping with distributed intrusion detection","volume":"11","author":"Folino","year":"2010","journal-title":"Genet. Program. Evolvable Mach."},{"key":"ref_87","unstructured":"Pillai, M., Eloff, J.H., and Venter, H. (2004). An approach to implement a network intrusion detection system using genetic algorithms. Proceedings of the 2004 Annual Research Conference of the South African Institute of Computer Scientists and Information Technologists on IT Research in Developing Countries, South African Institute for Computer Scientists and Information Technologists."},{"key":"ref_88","doi-asserted-by":"crossref","unstructured":"Huang, H.D., Acampora, G., Loia, V., Lee, C.S., and Kao, H.Y. (2011, January 27\u201330). Applying FML and Fuzzy Ontologies to malware behavioural analysis. Proceedings of the IEEE International Conference on Fuzzy Systems, Taipei, Taiwan.","DOI":"10.1109\/FUZZY.2011.6007716"},{"key":"ref_89","first-page":"1","article-title":"Identification of malicious activities in industrial internet of things based on deep learning models","volume":"41","author":"Muna","year":"2018","journal-title":"J. Inf. Secur. Appl."},{"key":"ref_90","doi-asserted-by":"crossref","unstructured":"Bontemps, L., McDermott, J., and Le-Khac, N.A. (2016, January 23\u201325). Collective anomaly detection based on long short-term memory recurrent neural networks. Proceedings of the International Conference on Future Data and Security Engineering, Can Tho City, Vietnam.","DOI":"10.1007\/978-3-319-48057-2_9"},{"key":"ref_91","doi-asserted-by":"crossref","first-page":"41","DOI":"10.1109\/TETCI.2017.2772792","article-title":"A deep learning approach to network intrusion detection","volume":"2","author":"Shone","year":"2018","journal-title":"IEEE Trans. Emerg. Top. Comput. Intell."},{"key":"ref_92","doi-asserted-by":"crossref","first-page":"137","DOI":"10.1007\/s41060-019-00186-0","article-title":"dLSTM: A new approach for anomaly detection using deep learning with delayed prediction","volume":"8","author":"Maya","year":"2019","journal-title":"Int. J. Data Sci. Anal."},{"key":"ref_93","doi-asserted-by":"crossref","unstructured":"Su, Y., Zhao, Y., Niu, C., Liu, R., Sun, W., and Pei, D. (2019, January 4\u20138). Robust Anomaly Detection for Multivariate Time Series through Stochastic Recurrent Neural Network. Proceedings of the 25th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining, Anchorage, AK, USA.","DOI":"10.1145\/3292500.3330672"},{"key":"ref_94","doi-asserted-by":"crossref","first-page":"436","DOI":"10.1038\/nature14539","article-title":"Deep learning","volume":"521","author":"LeCun","year":"2015","journal-title":"Nature"},{"key":"ref_95","unstructured":"Goodfellow, I., Bengio, Y., and Courville, A. (2016). Deep Learning, MIT Press."},{"key":"ref_96","doi-asserted-by":"crossref","unstructured":"Wu, P., and Guo, H. (2019). LuNet: A Deep Neural Network for Network Intrusion Detection. arXiv Prepr.","DOI":"10.1109\/SSCI44817.2019.9003126"},{"key":"ref_97","doi-asserted-by":"crossref","first-page":"41525","DOI":"10.1109\/ACCESS.2019.2895334","article-title":"Deep Learning Approach for Intelligent Intrusion Detection System","volume":"7","author":"Vinayakumar","year":"2019","journal-title":"IEEE Access"},{"key":"ref_98","doi-asserted-by":"crossref","unstructured":"Ludwig, S.A. (December, January 27). Intrusion detection of multiple attack classes using a deep neural net ensemble. Proceedings of the 2017 IEEE Symposium Series on Computational Intelligence (SSCI), Honolulu, HI, USA.","DOI":"10.1109\/SSCI.2017.8280825"},{"key":"ref_99","doi-asserted-by":"crossref","unstructured":"Alom, M.Z., Bontupalli, V., and Taha, T.M. (2015, January 15\u201319). Intrusion detection using deep belief networks. Proceedings of the 2015 National Aerospace and Electronics Conference (NAECON), Dayton, OH, USA.","DOI":"10.1109\/NAECON.2015.7443094"},{"key":"ref_100","doi-asserted-by":"crossref","first-page":"222","DOI":"10.1016\/j.patcog.2009.05.017","article-title":"A triangle area based nearest neighbors approach to intrusion detection","volume":"43","author":"Tsai","year":"2010","journal-title":"Pattern Recognit."},{"key":"ref_101","doi-asserted-by":"crossref","unstructured":"Comar, P.M., Liu, L., Saha, S., Tan, P.N., and Nucci, A. (2013, January 14\u201319). Combining supervised and unsupervised learning for zero-day malware detection. Proceedings of the 2013 IEEE INFOCOM, Turin, Italy.","DOI":"10.1109\/INFCOM.2013.6567003"},{"key":"ref_102","doi-asserted-by":"crossref","first-page":"113","DOI":"10.1016\/j.knosys.2017.03.012","article-title":"Ramp loss K-Support Vector Classification-Regression; a robust and sparse multi-class approach to the intrusion detection problem","volume":"126","author":"Bamakan","year":"2017","journal-title":"Knowl. Based Syst."},{"key":"ref_103","doi-asserted-by":"crossref","unstructured":"Dubey, S., and Dubey, J. (2015, January 10\u201312). KBB: A hybrid method for intrusion detection. Proceedings of the 2015 International Conference on Computer, Communication and Control (IC4), Indore, India.","DOI":"10.1109\/IC4.2015.7375704"},{"key":"ref_104","doi-asserted-by":"crossref","first-page":"507","DOI":"10.1007\/s00778-006-0002-5","article-title":"A new intrusion detection system using support vector machines and hierarchical clustering","volume":"16","author":"Khan","year":"2007","journal-title":"VLDB J."},{"key":"ref_105","doi-asserted-by":"crossref","first-page":"4815","DOI":"10.1109\/JIOT.2018.2871719","article-title":"An ensemble intrusion detection technique based on proposed statistical flow features for protecting network traffic of internet of things","volume":"6","author":"Moustafa","year":"2018","journal-title":"IEEE Internet Things J."},{"key":"ref_106","doi-asserted-by":"crossref","unstructured":"Jongsuebsuk, P., Wattanapongsakorn, N., and Charnsripinyo, C. (2013, January 15\u201317). Real-time intrusion detection with fuzzy genetic algorithm. Proceedings of the 2013 10th International Conference on Electrical Engineering\/Electronics, Computer, Telecommunications and Information Technology, Krabi, Thailand.","DOI":"10.1109\/ECTICon.2013.6559603"},{"key":"ref_107","doi-asserted-by":"crossref","unstructured":"Jongsuebsuk, P., Wattanapongsakorn, N., and Charnsripinyo, C. (2013, January 28\u201330). Network intrusion detection with Fuzzy Genetic Algorithm for unknown attacks. Proceedings of the The International Conference on Information Networking 2013 (ICOIN), Bangkok, Thailand.","DOI":"10.1109\/ICOIN.2013.6496342"},{"key":"ref_108","doi-asserted-by":"crossref","unstructured":"Dama\u0161evi\u010dius, R., Ven\u010dkauskas, A., Toldinas, J., and Grigali\u016bnas, \u0160. (2021). Ensemble-Based Classification Using Neural Networks and Machine Learning Models for Windows PE Malware Detection. Electronics, 10.","DOI":"10.3390\/electronics10040485"},{"key":"ref_109","first-page":"447","article-title":"A system for denial-of-service attack detection based on multivariate correlation analysis","volume":"25","author":"Tan","year":"2013","journal-title":"IEEE Trans. Parallel Distrib. Syst."},{"key":"ref_110","doi-asserted-by":"crossref","first-page":"251","DOI":"10.1016\/j.cose.2015.04.001","article-title":"Amal: High-fidelity, behavior-based automated malware analysis and classification","volume":"52","author":"Mohaisen","year":"2015","journal-title":"Comput. Secur."},{"key":"ref_111","doi-asserted-by":"crossref","first-page":"71","DOI":"10.1016\/j.neucom.2014.09.083","article-title":"PCA filtering and probabilistic SOM for network intrusion detection","volume":"164","author":"Ortiz","year":"2015","journal-title":"Neurocomputing"},{"key":"ref_112","doi-asserted-by":"crossref","first-page":"66","DOI":"10.1109\/TCYB.2013.2247592","article-title":"Online adaboost-based parameterized methods for dynamic distributed network intrusion detection","volume":"44","author":"Hu","year":"2013","journal-title":"IEEE Trans. Cybern."},{"key":"ref_113","doi-asserted-by":"crossref","first-page":"360","DOI":"10.1016\/j.asoc.2015.10.011","article-title":"A novel SVM-kNN-PSO ensemble method for intrusion detection system","volume":"38","author":"Aburomman","year":"2016","journal-title":"Appl. Soft Comput."},{"key":"ref_114","doi-asserted-by":"crossref","unstructured":"Gruhl, C., Sick, B., Wacker, A., Tomforde, S., and H\u00e4hner, J. (2015, January 22\u201324). A building block for awareness in technical systems: Online novelty detection and reaction with an application in intrusion detection. Proceedings of the 2015 IEEE 7th International Conference on Awareness Science and Technology (iCAST), Qinhuangdao, China.","DOI":"10.1109\/ICAwST.2015.7314046"},{"key":"ref_115","doi-asserted-by":"crossref","first-page":"64","DOI":"10.1016\/j.ins.2011.08.020","article-title":"Opcode sequences as representation of executables for data-mining-based unknown malware detection","volume":"231","author":"Santos","year":"2013","journal-title":"Inf. Sci."},{"key":"ref_116","doi-asserted-by":"crossref","first-page":"646","DOI":"10.1016\/j.jnca.2012.10.004","article-title":"Classification of malware based on integrated static and dynamic features","volume":"36","author":"Islam","year":"2013","journal-title":"J. Netw. Comput. Appl."},{"key":"ref_117","doi-asserted-by":"crossref","first-page":"987","DOI":"10.1016\/j.future.2017.01.019","article-title":"Detecting Android malicious apps and categorizing benign apps with ensemble of classifiers","volume":"78","author":"Wang","year":"2018","journal-title":"Future Gener. Comput. Syst."},{"key":"ref_118","doi-asserted-by":"crossref","unstructured":"Chadha, K., and Jain, S. (2015). Hybrid genetic fuzzy rule based inference engine to detect intrusion in networks. Intelligent Distributed Computing, Springer.","DOI":"10.1007\/978-3-319-11227-5_17"},{"key":"ref_119","unstructured":"Hasan, M., Dean, T., Imam, F.T., Garcia, F., Leblanc, S.P., and Zulkernine, M. (September, January 31). A constraint-based intrusion detection system. Proceedings of the Fifth European Conference on the Engineering of Computer-Based Systems, Larnaca, Cyprus."},{"key":"ref_120","doi-asserted-by":"crossref","first-page":"21954","DOI":"10.1109\/ACCESS.2017.2762418","article-title":"A deep learning approach for intrusion detection using recurrent neural networks","volume":"5","author":"Yin","year":"2017","journal-title":"IEEE Access"},{"key":"ref_121","unstructured":"(2021, April 19). The Unsw-nb15 Dataset. Available online: https:\/\/www.unsw.adfa.edu.au\/australian-centre-forcyber-security\/cybersecurity\/ADFA-NB15-Datasets\/."},{"key":"ref_122","doi-asserted-by":"crossref","unstructured":"Moustafa, N., and Slay, J. (2015, January 5). The significant features of the UNSW-NB15 and the KDD99 data sets for network intrusion detection systems. Proceedings of the Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS), 2015 4th International Workshop on, Kyoto, Japan.","DOI":"10.1109\/BADGERS.2015.014"},{"key":"ref_123","unstructured":"(2021, April 19). The darpa98 and kddcup99 Datasets. Available online: http:\/\/www.ll.mit.edu\/ideval\/data\/1998data.html."},{"key":"ref_124","unstructured":"(2021, April 19). The nslkdd Dataset. Available online: http:\/\/nsl.cs.unb.ca\/NSL-KDD\/."},{"key":"ref_125","doi-asserted-by":"crossref","unstructured":"Damasevicius, R., Venckauskas, A., Grigaliunas, S., Toldinas, J., Morkevicius, N., Aleliunas, T., and Smuikys, P. (2020). LITNET-2020: An annotated real-world network flow dataset for network intrusion detection. Electronics, 9.","DOI":"10.3390\/electronics9050800"},{"key":"ref_126","unstructured":"(2021, April 19). The Caida Dataset. Available online: https:\/\/www.caida.org\/data\/."},{"key":"ref_127","unstructured":"(2021, April 19). The Defcon Dataset. Available online: http:\/\/www.netresec.com\/?page=PcapFiles."},{"key":"ref_128","unstructured":"(2021, April 19). The unibs Dataset. Available online: http:\/\/netweb.ing.unibs.it\/ntw\/tools\/traces\/."},{"key":"ref_129","unstructured":"(2021, April 19). The Darpa-2009 Dataset. Available online: https:\/\/www.predict.org\/."},{"key":"ref_130","doi-asserted-by":"crossref","unstructured":"Sharafaldin, I., Lashkari, A.H., and Ghorbani, A.A. (2018, January 22\u201324). Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization. Proceedings of the 2018 International Conference on Information Systems Security and Privacy, Maderia, Portugal.","DOI":"10.5220\/0006639801080116"},{"key":"ref_131","unstructured":"(2021, April 19). The ISCX Dataset. Available online: http:\/\/www.unb.ca\/research\/iscx\/dataset\/iscx-IDS-dataset.html."},{"key":"ref_132","doi-asserted-by":"crossref","unstructured":"Bhuyan, M.H., Bhattacharyya, D.K., and Kalita, J.K. (2017). Network Traffic Anomaly Detection Techniques and Systems. Network Traffic Anomaly Detection and Prevention, Springer.","DOI":"10.1007\/978-3-319-65188-0"},{"key":"ref_133","doi-asserted-by":"crossref","unstructured":"Gogoi, P., Bhuyan, M.H., Bhattacharyya, D., and Kalita, J.K. (2012, January 6\u20138). Packet and flow based network intrusion dataset. Proceedings of the International Conference on Contemporary Computing, Noida, India.","DOI":"10.1007\/978-3-642-32129-0_34"},{"key":"ref_134","unstructured":"(2021, April 19). The CDX Datasets. Available online: https:\/\/www.usma.edu\/crc\/SitePages\/DataSets.aspx."},{"key":"ref_135","unstructured":"(2021, April 19). The ctu-13 Dataset. Available online: https:\/\/www.usma.edu\/crc\/SitePages\/DataSets.aspx."},{"key":"ref_136","unstructured":"(2021, April 19). The LBNL Dataset, Available online: http:\/\/powerdata.lbl.gov\/download.html."},{"key":"ref_137","unstructured":"(2021, April 19). The ADFA Intrusion Detection Datasets. Available online: https:\/\/www.unsw.adfa.edu.au\/australiancentre-for-cyber-security\/cybersecurity\/ADFA-IDS-Datasets\/."},{"key":"ref_138","doi-asserted-by":"crossref","unstructured":"Khoshkangini, R., and Mashhadi, P. (2020). Early prediction of quality issues in automotive modern industry. Information, 11.","DOI":"10.3390\/info11070354"}],"container-title":["Entropy"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1099-4300\/23\/5\/529\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T05:52:44Z","timestamp":1760161964000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1099-4300\/23\/5\/529"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,4,25]]},"references-count":138,"journal-issue":{"issue":"5","published-online":{"date-parts":[[2021,5]]}},"alternative-id":["e23050529"],"URL":"https:\/\/doi.org\/10.3390\/e23050529","relation":{},"ISSN":["1099-4300"],"issn-type":[{"value":"1099-4300","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,4,25]]}}}