{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,6]],"date-time":"2026-01-06T13:46:13Z","timestamp":1767707173281,"version":"build-2065373602"},"reference-count":37,"publisher":"MDPI AG","issue":"2","license":[{"start":{"date-parts":[[2015,5,6]],"date-time":"2015-05-06T00:00:00Z","timestamp":1430870400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"Military University","award":["ING1199"],"award-info":[{"award-number":["ING1199"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Future Internet"],"abstract":"<jats:p>A wide range of IDS implementations with anomaly detection modules have been deployed. In general, those modules depend on intrusion knowledge databases, such as Knowledge Discovery Dataset (KDD99), Center for Applied Internet Data Analysis (CAIDA) or Community Resource for Archiving Wireless Data at Dartmouth (CRAWDAD), among others. Once the database is analyzed and a machine learning method is employed to generate detectors, some classes of new detectors are created. Thereafter, detectors are supposed to be deployed in real network environments in order to achieve detection with good results for false positives and detection rates. Since the traffic behavior is quite different according to the user\u2019s network activities over available services, restrictions and applications, it is supposed that behavioral-based detectors are not well suited to all kind of networks. This paper presents the differences of detection results between some network scenarios by applying traditional detectors that were calculated with artificial neural networks. The same detector is deployed in different scenarios to measure the efficiency or inefficiency of static training detectors.<\/jats:p>","DOI":"10.3390\/fi7020094","type":"journal-article","created":{"date-parts":[[2015,5,6]],"date-time":"2015-05-06T10:58:41Z","timestamp":1430909921000},"page":"94-109","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":7,"title":["Inefficiency of IDS Static Anomaly Detectors in  Real-World Networks"],"prefix":"10.3390","volume":"7","author":[{"given":"Edward","family":"Guillen","sequence":"first","affiliation":[{"name":"Telecommunication Engineering Department, Nueva Granada Military University, Bogot\u00e1 110911, Colombia"}]},{"given":"Jeisson","family":"S\u00e1nchez","sequence":"additional","affiliation":[{"name":"Telecommunication Engineering Department, Nueva Granada Military University, Bogot\u00e1 110911, Colombia"}]},{"given":"Rafael","family":"Paez","sequence":"additional","affiliation":[{"name":"Engineering Systems Department, Xaverian University, Bogot\u00e1 110911, Colombia"}]}],"member":"1968","published-online":{"date-parts":[[2015,5,6]]},"reference":[{"doi-asserted-by":"crossref","unstructured":"Zhao, D., Xu, Q., and Feng, Z. (2010, January 6\u20137). Analysis and Design for Intrusion Detection System Based on Data Mining. Proceedings of the 2010 Second International Workshop on Education Technology and Computer Science (ETCS), Wuhan, China.","key":"ref_1","DOI":"10.1109\/ETCS.2010.478"},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"477","DOI":"10.1016\/j.comcom.2009.10.010","article-title":"An efficient network intrusion detection","volume":"33","author":"Chen","year":"2010","journal-title":"Comput. Commun."},{"key":"ref_3","first-page":"109","article-title":"An implementation of intrusion detection system using genetic algorithm","volume":"4","author":"Hoque","year":"2012","journal-title":"Int. J. Network Secur. Appl."},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"1690","DOI":"10.1016\/j.eswa.2013.08.066","article-title":"A novel hybrid intrusion detection method integrating anomaly detection with misuse detection","volume":"41","author":"Kim","year":"2014","journal-title":"Expert Syst. Appl."},{"unstructured":"Axelsson, S. (2000). Intrusion Detection Systems: A Survey and Taxonomy, Technical Report.","key":"ref_5"},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"16","DOI":"10.1016\/j.jnca.2012.09.004","article-title":"Intrusion detection system: A comprehensive review","volume":"36","author":"Liao","year":"2013","journal-title":"J. Netw. Comput. Appl."},{"unstructured":"Cannady, J., and Harrell, J. (, January May). A comparative analysis of current intrusion detection technologies. Proceedings of the Fourth Technology for Information Security Conference, Houston, TX, USA.","key":"ref_7"},{"key":"ref_8","first-page":"94","article-title":"Guide to intrusion detection and prevention systems (idps)","volume":"800","author":"Scarfone","year":"2007","journal-title":"NIST Spec. Publ."},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"2042","DOI":"10.1016\/j.asoc.2010.07.002","article-title":"Neural visualization of network traffic data for intrusion detection","volume":"11","author":"Corchado","year":"2011","journal-title":"Appl. Soft Comput."},{"key":"ref_10","first-page":"57","article-title":"Machine Learning Approach for Intrusion Detection on Cloud Virtual Machines","volume":"2","author":"Bhat","year":"2013","journal-title":"Int. J. Appl. Innov. Eng. Manage."},{"doi-asserted-by":"crossref","unstructured":"Guillen, E., Padilla, D., and Colorado, Y. (2009, January 10\u201311). Weaknesses and strengths analysis over network-based intrusion detection and prevention systems. Proceedings on the IEEE Latin-American Conference on Communications, 2009 (LATINCOM'09), Medell\u00edn, Colombia.","key":"ref_11","DOI":"10.1109\/LATINCOM.2009.5305047"},{"unstructured":"Denning, D.E., and Neumann, P.G. (1985). Requirements and Model for Ides\u2014A Real-Time Intrusion Detection Expert System, SRI Intermational Final Technical Report.","key":"ref_12"},{"doi-asserted-by":"crossref","unstructured":"Kayacik, H.G., Zincir-Heywood, A.N., and Heywood, M.I. (2005, January 12\u201314). Selecting features for intrusion detection: A feature relevance analysis on KDD 99 intrusion detection datasets. Proceedings of the Third Annual Conference on Privacy, Security and Trust, New Brunswick, Canada.","key":"ref_13","DOI":"10.4018\/978-1-59140-561-0.ch071"},{"unstructured":"Mukkamala, S., Janoski, G., and Sung, A. (2002, January 12\u201317). Intrusion detection using neural networks and support vector machines. Proceedings of the 2002 International Joint Conference on Neural Networks, 2002 (IJCNN'02.), Honolulu, HI, USA.","key":"ref_14"},{"key":"ref_15","first-page":"1825","article-title":"Machine Learning-based Intrusion Detection Algorithms","volume":"5","author":"Tang","year":"2009","journal-title":"J. Comput. Inf. Syst."},{"doi-asserted-by":"crossref","unstructured":"Lazarevic, A., Ert\u0446z, L., Kumar, V., Ozgur, A., and Srivastava, J. (2003, January 1\u20133). A Comparative Study of Anomaly Detection Schemes in Network Intrusion Detection. Proceedings of the Third SIAM International Conference on Data Mining, San Francisco, CA, USA.","key":"ref_16","DOI":"10.1137\/1.9781611972733.3"},{"unstructured":"Olusola, A.A., Oladele, A.S., and Abosede, D.O. (2010, January 20\u201322). Analysis of KDD 99 intrusion detection dataset for selection of relevance features. Proceedings of the World Congress on Engineering and Computer Science, San Francisco, CA, USA.","key":"ref_17"},{"unstructured":"Rodriguez, J. GTS: GNU Triangulated Surface Library. Available online: http:\/\/gts.sourceforge.net\/.","key":"ref_18"},{"unstructured":"Stolfo, S.J., Fan, W., Lee, W., Prodromidis, A., and Chan, P.K. (2000, January 25\u201327). Cost-based modeling for fraud and intrusion detection: Results from the JAM project. Proceedings of the DARPA Information Survivability Conference and Exposition, 2000 (DISCEX'00), Hilton Head, SC, USA.","key":"ref_19"},{"doi-asserted-by":"crossref","unstructured":"Kim, B.-J., and Kim, I.K. (2005). Machine Learning Approach to Realtime Intrusion Detection Systems. AI 2005: Advances in Artificial Intelligence, Springer Berlin Heidelberg.","key":"ref_20","DOI":"10.1007\/11589990_18"},{"doi-asserted-by":"crossref","unstructured":"Camacho, J., Macia-Fernandez, G., Diaz-Verdejo, J., and Garcia-Teodoro, P. (May, January 27). Tackling the Big Data 4 vs for anomaly detection. Proceedings of the 2014 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), Toronto, Canad\u00e1.","key":"ref_21","DOI":"10.1109\/INFCOMW.2014.6849282"},{"unstructured":"Eid, H.F., Darwish, A., and Abraham, A. (December, January 29). Principle components analysis and support vector machine based intrusion detection system. Proceedings of the 2010 10th International Conference on Intelligent Systems Design and Applications (ISDA), Cairo, Egypt.","key":"ref_22"},{"unstructured":"Chen, Y., Li, Y., Cheng, X.Q., and Guo, L. (2006). Information Security and Cryptology, Springer Berlin Heidelberg.","key":"ref_23"},{"unstructured":"Kuchimanchi, G.K., Phoha, V.V., Balagani, K.S., and Gaddam, S.R. (2004, January 10\u201311). Dimension reduction using feature extraction methods for Real-time misuse detection systems. Proceedings of the Fifth Annual IEEE SMC on Information Assurance Workshop, West Point, NY, USA.","key":"ref_24"},{"key":"ref_25","doi-asserted-by":"crossref","first-page":"1662","DOI":"10.1016\/j.comnet.2010.12.008","article-title":"Intrusion detection using neural based hybrid classification methods","volume":"55","author":"Govindarajan","year":"2011","journal-title":"Comput. Netw."},{"key":"ref_26","doi-asserted-by":"crossref","first-page":"1184","DOI":"10.1016\/j.jnca.2011.01.002","article-title":"Mutual information based feature selection for intrusion detection systems","volume":"34","author":"Amiri","year":"2011","journal-title":"J. Netw. Comput. Appl."},{"doi-asserted-by":"crossref","unstructured":"Rangadurai Karthick, R., Hattiwale, V.P., and Ravindran, B. (2012, January 3\u20137). Adaptive network intrusion detection system using a hybrid approach. Proceedings of 2012 Fourth International Conference on Communication Systems and Networks (COMSNETS), Bangalore, India.","key":"ref_27","DOI":"10.1109\/COMSNETS.2012.6151345"},{"key":"ref_28","first-page":"836","article-title":"Evaluating Performance of an Anomaly Detection Module with Artificial Neural Network Implementation","volume":"7","author":"Rodriguez","year":"2013","journal-title":"Int. J. Comput. Inf. Syst. Control Eng."},{"doi-asserted-by":"crossref","unstructured":"Sommer, R., and Paxson, V. (2010, January 16-19). Outside the closed world: On using machine learning for network intrusion detection. Proeedings of the 2010 IEEE Symposium on Security and Privacy (SP), Oakland, CA, USA.","key":"ref_29","DOI":"10.1109\/SP.2010.25"},{"doi-asserted-by":"crossref","unstructured":"Wang, K., and Stolfo, S.J. (2004, January 15\u201317). Anomalous payload-based network intrusion detection. Proceedings of the Recent Advances in Intrusion Detection, Sophia Antipolis, France.","key":"ref_30","DOI":"10.1007\/978-3-540-30143-1_11"},{"key":"ref_31","doi-asserted-by":"crossref","first-page":"33","DOI":"10.1109\/35.312841","article-title":"Kerberos: An authentication service for computer networks","volume":"32","author":"Neuman","year":"1994","journal-title":"IEEE Commun. Mag."},{"unstructured":"Mahoney, M.V., and Chan, P.K. (2001). PHAD: Packet header anomaly detection for identifying hostile network traffic, Florida Institute of Technology Technical Report.","key":"ref_32"},{"unstructured":"Sung, A.H., and Mukkamala, S. (2003, January 27\u201331). Identifying important features for intrusion detection using support vector machines and neural networks. Proceedings of the 2003 Symposium on Applications and the Internet, Orlando, FL, USA.","key":"ref_33"},{"key":"ref_34","doi-asserted-by":"crossref","first-page":"930","DOI":"10.1109\/TNN.2010.2045657","article-title":"Improved computation for Levenberg\u2013Marquardt training","volume":"21","author":"Wilamowski","year":"2010","journal-title":"IEEE Trans. Neural Netw."},{"key":"ref_35","first-page":"1","article-title":"Levenberg-Marquardt Training","volume":"5","author":"Yu","year":"2011","journal-title":"Ind. Electron. Handb."},{"unstructured":"Guill\u00e9n, E., Rodriguez, J., P\u00e1ez, R., and Rodriguez, A. (2012, January 24\u201326). Detection of non-content based attacks using GA with extended KDD features. Proceedings of the World Congress on Engineering and Computer Science, San Francisco, CA, USA.","key":"ref_36"},{"key":"ref_37","first-page":"1345","article-title":"A survey on transfer learning. Knowledge and Data Engineering","volume":"22","author":"Pan","year":"2010","journal-title":"IEEE Trans."}],"container-title":["Future Internet"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1999-5903\/7\/2\/94\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T20:45:54Z","timestamp":1760215554000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1999-5903\/7\/2\/94"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015,5,6]]},"references-count":37,"journal-issue":{"issue":"2","published-online":{"date-parts":[[2015,6]]}},"alternative-id":["fi7020094"],"URL":"https:\/\/doi.org\/10.3390\/fi7020094","relation":{},"ISSN":["1999-5903"],"issn-type":[{"type":"electronic","value":"1999-5903"}],"subject":[],"published":{"date-parts":[[2015,5,6]]}}}