Network anomaly detection: Methods, systems and tools

IEEE Communications Surveys and Tutorials

Volumn 16, Issue 1, 2014, Pages 303-336

  Bhuyan, Monowar H ^a   Bhattacharyya, D K ^a   Kalita, J K ^b  

^a TEZPUR UNIVERSITY   (India)

^b University of Colorado Colorado Springs   (United States)

Author keywords

Anomaly detection; attack; classifier; dataset; intrusion detection; NIDS; tools

Indexed keywords

EID: 84894646147     PISSN: None     EISSN: 1553877X     Source Type: Journal    
DOI: 10.1109/SURV.2013.052213.00046     Document Type: Article

References (231)

1. A. Sundaram, "An introduction to intrusion detection," Crossroads, vol. 2, no. 4, pp. 3-7, April 1996.
2. J. P. Anderson, "Computer Security Threat Monitoring and Surveillance," James P Anderson Co, Fort Washington, Pennsylvania, Tech. Rep., April 1980.
3. V. Chandola, A. Banerjee, and V. Kumar, "Anomaly Detection : A Survey," ACM Computing Surveys, vol. 41, no. 3, pp. 15:1-15:58, September 2009.
4. N. K. Ampah, C. M. Akujuobi, M. N. O. Sadiku, and S. Alam, "An intrusion detection technique based on continuous binary communication channels," International J. Security and Networks, vol. 6, no. 2/3, pp. 174-180, November 2011.
5. F. Y. Edgeworth, "On discordant observations," Philosophy Mag., vol. 23, no. 5, pp. 364-375, 1887.
6. A. Patcha and J. M. Park, "An overview of anomaly detection techniques: Existing solutions and latest technological trends," Computer Networks, vol. 51, no. 12, pp. 3448-3470, 2007. (Pubitemid 46921030)
7. P. Garcia-Teodoro, J. Diaz-Verdejo, G. Macia-Fernandez, and E. Vazquez, "Anomaly-based network intrusion detection : Techniques, systems and challenges," Computers & Security, vol. 28, no. 1-2, pp. 18-28, 2009.
8. V. Hodge and J. Austin, "A survey of outlier detection methodologies," Artificial Intellligence Review, vol. 22, no. 2, pp. 85-126, 2004.
9. T. Nguyen and G. Armitage, "A Survey of Techniques for Internet Traffic Classification using Machine Learning," IEEE Commun. Surveys Tutorials, vol. 10, no. 4, pp. 56-76, 2008.
10. M. Agyemang, K. Barker, and R. Alhajj, "A comprehensive survey of numeric and symbolic outlier mining techniques," Intelligence Data Analysis, vol. 10, no. 6, pp. 521-538, 2006.
11. J. Ma and S. Perkings, "Online novelty detection on temporal sequences," in Proc. 9th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. ACM, 2003, pp. 613-618.
12. D. Snyder, "Online intrusion detection using sequences of system calls," Master's thesis, Department of Computer Science, Florida State University, 2001.
13. P. J. Rousseeuw and A. M. Leroy, Robust Regression and Outlier Detection. John Wiley & Sons, 1987.
14. V. Barnett and T. Lewis, Outliers in Statistical Data. John Wiley & Sons, 1994.
15. D. Hawkins, Identification of Outliers. New York: Chapman and Hall, 1980.
16. R. J. Beckman and R. D. Cook, "Outliers," Technometrics, vol. 25, no. 2, pp. 119-149, 1983.
17. Z. Bakar, R. Mohemad, A. Ahmad, and M. Andderis, "A comparative study for outlier detection techniques in data mining," in Proc. IEEE Conference on Cybernetics and Intelligent Systems, 2006, pp. 1-6.
18. P. Gogoi, D. K. Bhattacharyya, B. Borah, and J. K. Kalita, "A Survey of Outlier Detection Methods in Network Anomaly Identification," Computer Journal, vol. 54, no. 4, pp. 570-588, April 2011.
19. A. Callado, C. Kamienski, G. Szabo, B. Gero, J. Kelner, S. Fernandes, and D. Sadok, "A Survey on Internet Traffic Identification," IEEE Commun. Surveys Tutorials, vol. 11, no. 3, pp. 37-52, 2009.
20. W. Zhang, Q. Yang, and Y. Geng, "A Survey of Anomaly Detection Methods in Networks," in Proc.International Symposium on Computer Network and Multimedia Technology, January 2009, pp. 1-3.
21. A. Sperotto, G. Schaffrath, R. Sadre, C. Morariu, A. Pras, and B. Stiller, "An Overview of IP Flow-Based Intrusion Detection," IEEE Commun. Surveys Tutorials, vol. 12, no. 3, pp. 343-356, quarter 2010.
22. B. Sun, F. Yu, K. Wu, Y. Xiao, and V. C. M. Leung, "Enhancing security using mobility-based anomaly detection in cellular mobile networks," IEEE Trans. Veh. Technol., vol. 55, no. 4, pp. 1385-1396, July 2006. (Pubitemid 44111432)
23. B. Sun, L. Osborne, Y. Xiao, and S. Guizani, "Intrusion detection techniques in mobile ad hoc and wireless sensor networks," IEEE Wireless Commun., vol. 14, no. 5, pp. 56-63, October 2007. (Pubitemid 350231654)
24. B. Sun, Y. Xiao, and R. Wang, "Detection of Fraudulent Usage in Wireless Networks," IEEE Trans. Veh. Technol., vol. 56, no. 6, pp. 3912-3923, November 2007. (Pubitemid 350201083)
25. B. Sun, K. Wu, Y. Xiao, and R. Wang, "Integration of mobility and intrusion detection for wireless ad hoc networks," International J. Communication Systems, vol. 20, no. 6, pp. 695-721, June 2007. (Pubitemid 46959707)
26. T. Peng, C. Leckie, and K. Ramamohanarao, "Survey of network-based defense mechanisms countering the DoS and DDoS problems," ACM Computing Surveys, vol. 39, no. 1, pp. 1-42, April 2007.
27. M. Al-Kuwaiti, N. Kyriakopoulos, and S. Hussein, "A comparative analysis of network dependability, fault-tolerance, reliability, security, and survivability," IEEE Commun. Surveys Tutorials, vol. 11, no. 2, pp. 106-124, April 2009.
28. B. Donnet, B. Gueye, and M. A. Kaafar, "A Survey on Network Coordinates Systems, Design, and Security," IEEE Commun. Surveys Tutorials, vol. 12, no. 4, pp. 488-503, October 2010.
29. S. X. Wu and W. Banzhaf, "The use of computational intelligence in intrusion detection systems: A review," Applied Soft Computing, vol. 10, no. 1, pp. 1-35, January 2010.
30. Y. Dong, S. Hsu, S. Rajput, and B. Wu, "Experimental Analysis of Application Level Intrusion Detection Algorithms," International J. Security and Networks, vol. 5, no. 2/3, pp. 198-205, 2010.
31. M. Tavallaee, N. Stakhanova, and A. A. Ghorbani, "Toward credible evaluation of anomaly-based intrusion-detection methods," IEEE Trans. Syst. Man Cybern. C Appl. Rev., vol. 40, no. 5, pp. 516-524, September 2010.
32. B. Daniel, C. Julia, J. Sushil, and W. Ningning, "ADAM: a testbed for exploring the use of data mining in intrusion detection," ACM SIGMOD Record, vol. 30, no. 4, pp. 15-24, 2001.
33. Z. Zhang, J. Li, C. N. Manikopoulos, J. Jorgenson, and J. Ucles, "HIDE: a Hierarchical Network Intrusion Detection System Using Statistical Preprocessing and Neural Network Classification," in Proc. IEEE Man Systems and Cybernetics Information Assurance Workshop, 2001.
34. L. Ertoz, E. Eilertson, A. Lazarevic, P. Tan, V. Kumar, and J. Srivastava, Data Mining-Next Generation Challenges and Future Directions. MIT Press, 2004, ch. MINDS-Minnesota Intrusion Detection System.
35. M. Thottan and C. Ji, "Anomaly detection in IP networks," IEEE Trans. Signal Process., vol. 51, no. 8, pp. 2191-2204, 2003.
36. J. M. Estevez-Tapiador, P. Garcia-Teodoro, and J. E. Diaz-Verdejo, "Anomaly detection methods in wired networks : a survey and taxonomy," Computer Communication, vol. 27, no. 16, pp. 1569-1584, October 2004.
37. A. Fragkiadakis, E. Tragos, and I. Askoxylakis, "A Survey on Security Threats and Detection Techniques in Cognitive Radio Networks," IEEE Commun. Surveys Tutorials, vol. PP, no. 99, pp. 1-18, January 2012.
38. R. Heady, G. Luger, A. Maccabe, and M. Servilla, "The Architecture of a Network Level Intrusion Detection System," Computer Science Department, University of New Mexico, Tech. Rep. TR-90, 1990.
39. H. G. Kayacik, A. N. Zincir-Heywood, and M. I. Heywood, "Selecting Features for Intrusion Detection: A Feature Relevance Analysis on KDD 99 Intrusion Detection Datasets," in Proc. 3rd Annual Conference on Privacy, Security and Trust, October 2005.
40. A. A. Ghorbani, W. Lu, and M. Tavallaee, Network Intrusion Detection and Prevention : Concepts and Techniques, ser. Advances in Information Security. Springer-verlag, October 28 2009.
41. P. Ning and S. Jajodia, Intrusion Detection Techniques. H Bidgoli (Ed.), The Internet Encyclopedia, 2003.
42. F. Wikimedia, "Intrusion detection system," http://en.wikipedia.org/wiki/Intrusion-detection system, Feb 2009.
43. M. H. Bhuyan, D. K. Bhattacharyya, and J. K. Kalita, "Surveying Port Scans and Their Detection Methodologies," The Computer Journal, vol. 54, no. 10, pp. 1565-1581, October 2011.
44. B. C. Park, Y. J. Won, M. S. Kim, and J. W. Hong, "Towards automated application signature generation for traffic identification," in Proc. IEEE/IFIP Network Operations and Management Symposium: Pervasive Management for Ubiquitous Networks and Services, 2008, pp. 160-167.
45. V. Kumar, "Parallel and distributed computing for cybersecurity," IEEE Distributed Systems Online, vol. 6, no. 10, 2005.
46. P. N. Tan, M. Steinbach, and V. Kumar, Introduction to Data Mining. Addison-Wesley, 2005.
47. M. J. Lesot and M. Rifqi, "Anomaly-based network intrusion detection : Techniques, systems and challenges," International J. Knowledge Engineering and Soft Data Paradigms, vol. 1, no. 1, pp. 63-84, 2009.
48. S. H. Cha, "Comprehensive Survey on Distance/Similarity Measures between Probability Density Functions," International J. Mathematical Models and Methods in Applied Science, vol. 1, no. 4, pp. 300-307, November 2007.
49. S. Choi, S. Cha, and C. C. Tappert, "A Survey of Binary Similarity and Distance Measures," J. Systemics, Cybernetics and Informatics, vol. 8, no. 1, pp. 43-48, 2010.
50. M. J. Lesot, M. Rifqi, and H. Benhadda, "Similarity measures for binary and numerical data: a survey," International J. Knowledge Engineering and Soft Data Paradigms, vol. 1, no. 1, pp. 63-84, December 2009.
51. S. Boriah, V. Chandola, and V. Kumar, "Similarity measures for categorical data: A comparative evaluation," in Proc. 8th SIAM International Conference on Data Mining, 2008, pp. 243-254.
52. G. Gan, C. Ma, and J. Wu, Data Clustering Theory, Algorithms and Applications. SIAM, 2007.
53. C. C. Hsu and S. H. Wang, "An integrated framework for visualized and exploratory pattern discovery in mixed data," IEEE Trans. Knowl. Data Eng., vol. 18, no. 2, pp. 161-173, 2005.
54. M. V. Joshi, R. C. Agarwal, and V. Kumar, "Mining needle in a haystack: classifying rare classes via two-phase rule induction," in Proc. 7th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. ACM, 2001, pp. 293-298.
55. J. Theiler and D. M. Cai, "Resampling approach for anomaly detection in multispectral images," in Proc. SPIE, vol. 5093. SPIE, 2003, pp. 230-240.
56. R. Fujimaki, T. Yairi, and K. Machida, "An approach to spacecraft anomaly detection problem using kernel feature space," in Proc. 11th ACM SIGKDD International Conference on Knowledge Discovery in Data Mining. USA: ACM, 2005, pp. 401-410. (Pubitemid 43218302)
57. L. Portnoy, E. Eskin, and S. J. Stolfo, "Intrusion detection with unlabeled data using clustering," in Proc. ACM Workshop on Data Mining Applied to Security, 2001.
58. H. H. Nguyen, N. Harbi, and J. Darmont, "An efficient local region and clustering-based ensemble system for intrusion detection," in Proc. 15th Symposium on International Database Engineering & Applications. USA: ACM, 2011, pp. 185-191.
59. M. Dash and H. Liu, "Feature Selection for Classification," Intelligent Data Analysis, vol. 1, pp. 131-156, 1997.
60. Y. Chen, Y. Li, X. Q. Cheng, and L. Guo, "Survey and taxonomy of feature selection algorithms in intrusion detection system," in Proc. 2nd SKLOIS conference on Information Security and Cryptology. Berlin, Heidelberg: Springer-Verlag, 2006, pp. 153-167. (Pubitemid 46039537)
61. Y. Li, J. L. Wang, Z. Tian, T. Lu, and C. Young, "Building lightweight intrusion detection system using wrapper-based feature selection mechanisms," Computers & Security, vol. 28, no. 6, pp. 466-475, 2009.
62. H. T. Nguyen, K. Franke, and S. Petrovic, "Towards a Generic Feature-Selection Measure for Intrusion Detection," in Proc. 20th International Conference on Pattern Recognition, August 2010, pp. 1529-1532.
63. A. H. Sung and S. Mukkamala, "Identifying Important Features for Intrusion Detection Using Support Vector Machines and Neural Networks," in Proc. Symposium on Applications and the Internet. USA: IEEE CS, 2003, pp. 209-217.
64. H. Peng, F. Long, and C. Ding, "Feature Selection Based on Mutual Information : Criteria of Max-Dependency, Max-Relevance, and Min-Redundancy," IEEE Trans. Pattern Anal. Mach. Intell., vol. 27, no. 8, pp. 1226-1238, August 2005. (Pubitemid 41245053)
65. F. Amiri, M. M. R. Yousefi, C. Lucas, A. Shakery, and N. Yazdani, "Mutual information-based feature selection for intrusion detection systems," J. Network and Computer Applications, vol. 34, no. 4, pp. 1184-1199, 2011.
66. J. Dunn, "Well separated clusters and optimal fuzzy partitions," J. Cybernetics, vol. 4, pp. 95-104, 1974.
67. D. L. Davies and D. W. Bouldin, "A Cluster Separation Measure," IEEE Trans. Pattern Anal. Mach. Intell., vol. 1, no. 2, pp. 224-227, 1979.
68. L. Hubert and J. Schultz, "Quadratic assignment as a general data analysis strategy," British J. Mathematical and Statistical Psychology, vol. 29, no. 2, pp. 190-241, 1976.
69. F. B. Baker and L. J. Hubert, "Measuring the power of hierarchical cluster analysis," J. American Statistics Association, vol. 70, no. 349, pp. 31-38, 1975.
70. F. J. Rohlf, "Methods of Comparing Classifications," Annual Review of Ecology and Systematics, vol. 5, no. 1, pp. 101-113, 1974.
71. P. J. Rousseeuw, "Silhouettes : a graphical aid to the interpretation and validation of cluster analysis," J. Computational and Applied Mathematics, vol. 20, no. 1, pp. 53-65, 1987.
72. L. Goodman and W. Kruskal, "Measures of associations for crossvalidations," J. American Statistics Association, vol. 49, pp. 732-764, 1954.
73. P. Jaccard, "The distribution of flora in the alpine zone," New Phytologist, vol. 11, no. 2, pp. 37-50, 1912.
74. W. M. Rand, "Objective criteria for the evaluation of clustering methods," J. American Statistical Association, vol. 66, no. 336, pp. 846-850, 1971.
75. J. C. Bezdek, "Numerical taxonomy with fuzzy sets," J. Mathematical Biology, vol. 1, no. 1, pp. 57-71, 1974.
76. , "Cluster Validity with fuzzy sets," J. Cybernetics, vol. 3, no. 3, pp. 58-78, 1974.
77. X. L. Xie and G. Beni, "A Validity measure for Fuzzy Clustering," IEEE Trans. Pattern Anal. Mach. Intell., vol. 13, no. 4, pp. 841-847, 1991. (Pubitemid 21704193)
78. F. J. Anscombe and I. Guttman, "Rejection of outliers," Technometrics, vol. 2, no. 2, pp. 123-147, 1960.
79. E. Eskin, "Anomaly detection over noisy data using learned probability distributions," in Proc. 7th International Conference on Machine Learning. Morgan Kaufmann, 2000, pp. 255-262.
80. M. Desforges, P. Jacob, and J. Cooper, "Applications of probability density estimation to the detection of abnormal conditions in engineering," in Proc. Institute of Mechanical Engineers, vol. 212, 1998, pp. 687-703.
81. C. Manikopoulos and S. Papavassiliou, "Network Intrusion and Fault Detection: A Statistical Anomaly Approach," IEEE Commun. Mag., vol. 40, no. 10, pp. 76-82, October 2002. (Pubitemid 35311949)
82. P. K. Chan, M. V. Mahoney, and M. H. Arshad, "A machine learning approach to anomaly detection," Department of Computer Science, Florida Institute of Technology, Tech. Rep. CS-2003-06, 2003.
83. M. V. Mahoney and P. K. Chan, "Learning rules for anomaly detection of hostile network traffic," in Proc. 3rd IEEE International Conference on Data Mining. Washington: IEEE CS, 2003.
84. K. Wang and S. J. Stolfo, "Anomalous Payload-Based Network Intrusion Detection," in Proc. Recent Advances in Intrusion Detection. springer, 2004, pp. 203-222. (Pubitemid 39741895)
85. X. Song, M. Wu, C. Jermaine, and S. Ranka, "Conditional Anomaly Detection," IEEE Trans. Knowl. Data Eng., vol. 19, pp. 631-645, 2007.
86. P. Chhabra, C. Scott, E. D. Kolaczyk, and M. Crovella, "Distributed Spatial Anomaly Detection," in Proc. 27th IEEE International Conference on Computer Communications, 2008, pp. 1705-1713.
87. W. Lu and A. A. Ghorbani, "Network Anomaly Detection Based on Wavelet Analysis," EURASIP J. Advances in Signal Processing, vol. 2009, no. 837601, January 2009.
88. F. S. Wattenberg, J. I. A. Perez, P. C. Higuera, M. M. Fernandez, and I. A. Dimitriadis, "Anomaly Detection in Network Traffic Based on Statistical Inference and ?-Stable Modeling," IEEE Trans. Dependable Secure Computing, vol. 8, no. 4, pp. 494-509, July/August 2011.
89. M. Yu, "A Nonparametric Adaptive CUSUM Method And Its Application In Network Anomaly Detection," International J. Advancements in Computing Technology, vol. 4, no. 1, pp. 280-288, 2012.
90. N. Friedman, D. Geiger, and M. Goldszmidt, "Bayesian Network Classifiers," Machine Learning, vol. 29, no. 2-3, pp. 131-163, November 1997. (Pubitemid 127510036)
91. C. Kruegel, D. Mutz, W. Robertson, and F. Valeur, "Bayesian event classification for intrusion detection," in Proc. 19th Annual Computer Security Applications Conference, 2003.
92. R. Agrawal and R. Srikant, "Fast Algorithms for Mining Association Rules in Large Databases," in Proc. 20th International Conference on Very Large Data Bases. San Francisco, CA, USA: Morgan Kaufmann, 1994, pp. 487-499.
93. N. Subramoniam, P. S. Pawar, M. Bhatnagar, N. S. Khedekar, S. Guntupalli, N. Satyanarayana, V. A. Vijayakumar, P. K. Ampatt, R. Ranjan, and P. S. Pandit, "Development of a Comprehensive Intrusion Detection System-Challenges and Approaches," in Proc. 1st International Conference on Information Systems Security, Kolkata, India, 2005, pp. 332-335. (Pubitemid 43775420)
94. S. Song, L. Ling, and C. N. Manikopoulo, "Flow-based Statistical Aggregation Schemes for Network Anomaly Detection," in Proc. IEEE International Conference on Networking, Sensing, 2006.
95. H. Tong, C. Li, J. He, J. Chen, Q. A. Tran, H. X. Duan, and X. Li, "Anomaly Internet Network Traffic Detection by Kernel Principle Component Classifier," in Proc. 2nd International Symposium on Neural Networks, vol. LNCS. 3498, 2005, pp. 476-481. (Pubitemid 41315131)
96. S. R. Gaddam, V. V. Phoha, and K. S. Balagani, "K-Means+ID3: A Novel Method for Supervised Anomaly Detection by Cascading KMeans Clustering and ID3 Decision Tree Learning Methods," IEEE Trans. Knowl. Data Eng., vol. 19, no. 3, pp. 345-354, Mar 2007. (Pubitemid 46374532)
97. K. Das, J. Schneider, and D. B. Neill, "Anomaly pattern detection in categorical datasets," in Proc. 14th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. USA:ACM, 2008, pp. 169-176.
98. W. Lu and H. Tong, "Detecting Network Anomalies Using CUSUM and EM Clustering," in Proc. 4th International Symposium on Advances in Computation and Intelligence. Springer-verlag, 2009, pp. 297-308.
99. M. A. Qadeer, A. Iqbal, M. Zahid, and M. R. Siddiqui, "Network Traffic Analysis and Intrusion Detection Using Packet Sniffer," in Proc. 2nd International Conference on Communication Software and Networks. Washington, DC, USA: IEEE Computer Society, 2010, pp. 313-317.
100. I. Kang, M. K. Jeong, and D. Kong, "A differentiated one-class classification method with applications to intrusion detection," Expert Systems with Applications, vol. 39, no. 4, pp. 3899-3905, March 2012.
101. C. F. Tsai, Y. F. Hsu, C. Y. Lin, and W. Y. Lin, "Intrusion detection by machine learning: A review," Expert Systems with Applications, vol. 36, no. 10, pp. 11 994-12 000, December 2009.
102. T. Abbes, A. Bouhoula, and M. Rusinowitch, "Efficient decision tree for protocol analysis in intrusion detection," International J. Security and Networks, vol. 5, no. 4, pp. 220-235, December 2010.
103. C. Wagner, J. François, R. State, and T. Engel, "Machine Learning Approach for IP-Flow Record Anomaly Detection," in Proc. 10th International IFIP TC 6 conference on Networking-Volume Part I, 2011, pp. 28-39.
104. B. Scḧolkopf, J. C. Platt, J. C. Shawe-Taylor, A. J. Smola, and R. C. Williamson, "Estimating the Support of a High-Dimensional Distribution," Neural Computation, vol. 13, no. 7, pp. 1443-1471, July 2001. (Pubitemid 33595028)
105. M. Y. Su, G. J. Yu, and C. Y. Lin, "A real-time network intrusion detection system for large-scale attacks based on an incremental mining approach," Computers & Security, vol. 28, no. 5, pp. 301-309, 2009.
106. L. Khan, M. Awad, and B. Thuraisingham, "A New Intrusion Detection System Using Support Vector Machines and Hierarchical Clustering," The VLDB Journal, vol. 16, no. 4, pp. 507-521, October 2007.
107. Z. Muda, W. Yassin, M. N. Sulaiman, and N. I. Udzir, "A K-means and naive bayes learning approach for better intrusion detection," Information Technology J., vol. 10, no. 3, pp. 648-655, 2011.
108. J. R. Quinlan, "Induction of Decision Trees," Machine Learning, vol. 1, no. 1, pp. 81-106, March 1986.
109. H. Yu and S. Kim, Handbook of Natural Computing. Springer, 2003, ch. SVM Tutorial-Classification, Regression and Ranking.
110. L. V. Kuang, "DNIDS: A Dependable Network Intrusion Detection System Using the CSI-KNN Algorithm," Master's thesis, Queen's University Kingston, Ontario, Canada, Sep 2007.
111. M. H. Bhuyan, D. K. Bhattacharyya, and J. K. Kalita, "RODD: An Effective Reference-Based Outlier Detection Technique for Large Datasets," in Advanced Computing. Springer, 2011, vol. 133, pp. 76-84.
112. W. Lee, S. J. Stolfo, and K. W. Mok, "Adaptive Intrusion Detection : A Data Mining Approach," Artificial Intelligence Review, vol. 14, no. 6, pp. 533-567, 2000. (Pubitemid 32286605)
113. M. Roesch, "Snort-Lightweight Intrusion Detection for Networks," in Proc. 13th USENIX Conference on System Administration, Washington, 1999, pp. 229-238.
114. B. Neumann, "Knowledge Management and Assistance Systems," http://kogs-www.informatik.uni-hamburg.de/neumann/, 2007.
115. Y. F. Zhang, Z. Y. Xiong, and X. Q. Wang, "Distributed intrusion detection based on clustering," in Proc. International Conference on Machine Learning and Cybernetics, vol. 4, August 2005, pp. 2379-2383.
116. K. Leung and C. Leckie, "Unsupervised anomaly detection in network intrusion detection using clusters," in Proc. 28th Australasian conference on Computer Science-Volume 38. Darlinghurst, Australia, Australia: Australian Computer Society, Inc., 2005, pp. 333-342.
117. C. Zhang, G. Zhang, and S. Sun, "A Mixed Unsupervised Clustering-Based Intrusion Detection Model," in Proc. 3rd International Conference on Genetic and Evolutionary Computing. USA: IEEE CS, 2009, pp. 426-428.
118. P. Casas, J. Mazel, and P. Owezarski, "Unsupervised Network Intrusion Detection Systems: Detecting the Unknown without Knowledge," Computer Communications, vol. 35, no. 7, pp. 772-783, April 2012.
119. K. Sequeira and M. Zaki, "ADMIT: anomaly-based data mining for intrusions," in Proc. eighth ACM SIGKDD international conference on Knowledge discovery and data mining. New York, NY, USA: ACM, 2002, pp. 386-395.
120. E. Eskin, A. Arnold, M. Prerau, L. Portnoy, and S. Stolfo, Applications of Data Mining in Computer Security. Kluwer Academic, 2002, ch. A geometric framework for unsupervised anomaly detection: Detecting intrusions in unlabeled data.
121. Z. Zhuang, Y. Li, and Z. Chen, "Enhancing Intrusion Detection System with proximity information," International J. Security and Networks, vol. 5, no. 4, pp. 207-219, December 2010.
122. M. H. Bhuyan, D. K. Bhattacharyya, and J. K. Kalita, "An effective unsupervised network anomaly detection method," in Proc. International Conference on Advances in Computing, Communications and Informatics. New York, NY, USA: ACM, 2012, pp. 533-539.
123. M. E. Otey, A. Ghoting, and S. Parthasarathy, "Fast distributed outlier detection in mixed-attribute data sets," Data Mining and Knowledge Discovery, vol. 12, no. 2-3, pp. 203-228, 2006.
124. M. H. Bhuyan, D. K. Bhattacharyya, and J. K. Kalita, "NADO: network anomaly detection using outlier approach," in Proc. ACM International Conference on Communication, Computing & Security. USA:ACM, 2011, pp. 531-536.
125. S. Jiang, X. Song, H. Wang, J.-J. Han, and Q.-H. Li, "A clusteringbased method for unsupervised intrusion detections," Pattern Recognition Letters, vol. 27, no. 7, pp. 802-810, May 2006. (Pubitemid 43374863)
126. Z. Chen and C. Chen, "A Closed-Form Expression for Static Worm-Scanning Strategies," in Proc. IEEE International Conference on Communications. Beijing, China: IEEE CS, May 2008, pp. 1573-1577.
127. B. Balajinath and S. V. Raghavan, "Intrusion detection through learning behavior model," Computer Communications, vol. 24, no. 12, pp. 1202-1212, July 2001. (Pubitemid 32610612)
128. M. S. A. Khan, "Rule based Network Intrusion Detection using Genetic Algorithm," International J. Computer Applications, vol. 18, no. 8, pp. 26-29, March 2011.
129. S. Haykin, Neural Networks. New Jersey: Prentice Hall, 1999.
130. M. Amini, R. Jalili, and H. R. Shahriari, "RT-UNNID: A practical solution to real-time network-based intrusion detection using unsupervised neural networks," Computers & Security, vol. 25, no. 6, pp. 459-468, 2006. (Pubitemid 44307350)
131. G. Carpenter and S. Grossberg, "Adaptive resonance theory," CAS/CNS Technical Report Series, no. 008, 2010.
132. T. Kohonen, "The self-organizing map," Proc. IEEE, vol. 78, no. 9, pp. 1464-1480, 1990.
133. J. Cannady, "Applying CMAC-Based On-Line Learning to Intrusion Detection," in Proc. IEEE-INNS-ENNS International Joint Conference on Neural Networks, vol. 5, 2000, pp. 405-410.
134. S. C. Lee and D. V. Heinbuch, "Training a neural-network based intrusion detector to recognize novel attacks," IEEE Trans. Syst. Man Cybern. A, vol. 31, no. 4, pp. 294-299, 2001. (Pubitemid 33142055)
135. G. Liu, Z. Yi, and S. Yang, "A hierarchical intrusion detection model based on the PCA neural networks," Neurocomputing, vol. 70, no. 7-9, pp. 1561-1568, 2007. (Pubitemid 46336771)
136. J. Sun, H. Yang, J. Tian, and F. Wu, "Intrusion Detection Method Based on Wavelet Neural Network," in Proc. 2nd International Workshop on Knowledge Discovery and Data Mining. USA: IEEE CS, 2009, pp. 851-854.
137. H. Yong and Z. X. Feng, "Expert System Based Intrusion Detection System," in Proc. International Conference on Information Management, Innovation Management and Industrial Engineering, vol. 4, November 2010, pp. 404-407.
138. A. Parlos, K. Chong, and A. Atiya, "Application of the recurrent multilayer perceptron in modeling complex process dynamics," IEEE Trans. Neural Netw., vol. 5, no. 2, pp. 255-266, 1994.
139. K. Labib and R. Vemuri, "NSOM: A Tool To Detect Denial Of Service Attacks Using Self-Organizing Maps," Department of Applied Science University of California, Davis Davis, California, U.S.A., Tech. Rep., 2002.
140. D. Bolzoni, S. Etalle, P. H. Hartel, and E. Zambon, "POSEIDON: a 2-tier Anomaly-based Network Intrusion Detection System," in Proc. 4th IEEE International Workshop on Information Assurance, 2006, pp. 144-156. (Pubitemid 44732189)
141. M. V. Mahoney and P. K. Chan, "PHAD: Packet Header Anomaly Detection for Identifying Hostile Network Traffic," Dept. of Computer Science, Florida Tech, Tech. Rep. cs-2001-04, 2001.
142. J. E. Dickerson, "Fuzzy network profiling for intrusion detection," in Proc. 19th International Conference of the North American Fuzzy Information Processing Society, Atlanta, July 2000, pp. 301-306.
143. F. Geramiraz, A. S. Memaripour, and M. Abbaspour, "Adaptive Anomaly-Based Intrusion Detection System Using Fuzzy Controller," International Journal of Network Security, vol. 14, no. 6, pp. 352-361, 2012.
144. A. Tajbakhsh, M. Rahmati, and A. Mirzaei, "Intrusion detection using fuzzy association rules," Applied Soft Computing, vol. 9, no. 2, pp. 462-469, March 2009.
145. S. Mabu, C. Chen, N. Lu, K. Shimada, and K. Hirasawa, "An Intrusion-Detection Model Based on Fuzzy Class-Association-Rule Mining Using Genetic Network Programming," IEEE Trans. Syst. Man Cybern. Part C Appl. Rev., vol. 41, no. 1, pp. 130-139, 2011.
146. J. Q. Xian, F. H. Lang, and X. L. Tang, "A novel intrusion detection method based on clonal selection clustering algorithm," in Proc. International Conference on Machine Learning and Cybernetics. USA: IEEE Press, 2005, vol. 6.
147. M. Mohajerani, A. Moeini, and M. Kianie, "NFIDS: A Neuro-Fuzzy Intrusion Detection System," in Proc. 10th IEEE International Conference on Electronics, Circuits and Systems, vol. 1, December 2003, pp. 348-351.
148. Z. Pawlak, "Rough sets," International J. Parallel Programming, vol. 11, no. 5, pp. 341-356, 1982.
149. Z. Cai, X. Guan, P. Shao, Q. Peng, and G. Sun, "A rough set theory based method for anomaly intrusion detection in computer network systems," Expert Systems, vol. 20, no. 5, pp. 251-259, November 2003.
150. W. Chimphlee, A. H. Abdullah, M. S. M. Noor, S. Srinoy, and S. Chimphlee, "Anomaly-Based Intrusion Detection using Fuzzy Rough Clustering," in Proc. International Conference on Hybrid Information Technology, vol. 01. Washington, DC, USA: IEEE Computer Society, 2006, pp. 329-334. (Pubitemid 46604098)
151. A. O. Adetunmbi, S. O. Falaki, O. S. Adewale, and B. K. Alese, "Network Intrusion Detection based on Rough Set and k-Nearest Neighbour," International J. Computing and ICT Research, vol. 2, no. 1, pp. 60-66, 2008.
152. R. C. Chen, K. F. Cheng, Y. H. Chen, and C. F. Hsieh, "Using Rough Set and Support Vector Machine for Network Intrusion Detection System," in Proc. First Asian Conference on Intelligent Information and Database Systems. Washington, DC, USA: IEEE Computer Society, 2009, pp. 465-470.
153. M. Dorigo, V. Maniezzo, and A. Colorni, "Ant system: optimization by a colony of cooperating agents," IEEE Trans. Syst. Man Cybern. B, Cybern., vol. 26, no. 1, pp. 29-41, 1996. (Pubitemid 126780573)
154. H. H. Gao, H. H. Yang, and X. Y. Wang, "Ant colony optimization based network intrusion feature selection and detection," in Proc. International Conference on Machine Learning and Cybernetics, vol. 6, aug. 2005, pp. 3871-3875.
155. A. Visconti and H. Tahayori, "Artificial immune system based on interval type-2 fuzzy set paradigm," Applied Soft Computing, vol. 11, no. 6, pp. 4055-4063, September 2011.
156. S. Noel, D. Wijesekera, and C. Youman, "Modern Intrusion Detection, Data Mining, and Degrees of Attack Guilt," in Proc. International Conference on Applications of Data Mining in Computer Security. Springer, 2002.
157. R. Sekar, A. Gupta, J. Frullo, T. Shanbhag, A. Tiwari, H. Yang, and et al., "Specification-based anomaly detection: a new approach for detecting network intrusions," in Proc. 9th ACM Conference on Computer and Communications Security, 2002, pp. 265-274.
158. X. Xu, "Sequential anomaly detection based on temporal-difference learning: Principles, models and case studies," Applied Soft Computing, vol. 10, no. 3, pp. 859-867, 2010.
159. A. Prayote, "Knowledge Based Anomaly Detection," Ph.D. dissertation, School of Computer Science and Egineering, The University of New South Wales, November 2007.
160. K. Ilgun, R. A. Kemmerer, and P. A. Porras, "State transition analysis: A rule-based intrusion detection approach," IEEE Trans. Software Eng., vol. 21, no. 3, pp. 181-199, 1995.
161. D. E. Denning and P. G. Neumann, "Requirements and model for IDES a real-time intrusion detection system," Computer Science Laboratory, SRI International, USA, Tech. Rep. 83F83-01-00, 1985.
162. D. Anderson, T. F. Lunt, H. Javitz, A. Tamaru, and A. Valdes, "Detecting unusual program behaviour using the statistical component of the next-generation intrusion detection expert system (NIDES)," Computer Science Laboratory, SRI International, USA, Tech. Rep. SRIO-CSL-95-06, 1995.
163. N. G. Duffield, P. Haffner, B. Krishnamurthy, and H. Ringberg, "Rule-Based Anomaly Detection on IP Flows," in Proc. 28th IEEE International Conference on Computer Communications, Joint Conference of the IEEE Computer and Communications Societies. Rio de Janeiro, Brazil: IEEE press, 2009, pp. 424-432.
164. R. E. Schapire, "A brief introduction to boosting," in Proc. 16th International Joint Conference on Artificial Intelligence, Morgan Kaufmann, 1999, pp. 1401-1406.
165. A. Prayote and P. Compton, "Detecting anomalies and intruders," AI 2006: Advances in Artificial Intelligence, pp. 1084-1088, 2006.
166. G. Edwards, B. Kang, P. Preston, and P. Compton, "Prudent expert systems with credentials: Managing the expertise of decision support systems," International journal of biomedical computing, vol. 40, no. 2, pp. 125-132, 1995. (Pubitemid 26019936)
167. W. Scheirer and M. C. Chuah, "Syntax vs. semantics : competing approaches to dynamic network intrusion detection," International Journal Securrity and Networks, vol. 3, no. 1, pp. 24-35, December 2008. (Pubitemid 351546019)
168. P. Naldurg, K. Sen, and P. Thati, "A Temporal Logic Based Framework for Intrusion Detection," in Proc. 24th IFIP WG 6.1 International Conference on Formal Techniques for Networked and Distributed Systems, 2004, pp. 359-376.
169. J. M. Estevez-Tapiador, P. Garcya-Teodoro, and J. E. Dyaz-Verdejo, "Stochastic protocol modeling for anomaly based network intrusion detection," in Proc. 1st International Workshop on Information Assurance. IEEE CS, 2003, pp. 3-12.
170. A. Shabtai, U. Kanonov, and Y. Elovici, "Intrusion detection for mobile devices using the knowledge-based, temporal abstraction method," J. System Software, vol. 83, no. 8, pp. 1524-1537, August 2010.
171. S. S. Hung and D. S. M. Liu, "A user-oriented ontology-based approach for network intrusion detection," Computer Standards & Interfaces, vol. 30, no. 1-2, pp. 78-88, January 2008.
172. R. Polikar, "Ensemble based systems in decision making," IEEE Circuits Syst. Mag., vol. 6, no. 3, pp. 21-45, 2006.
173. A. Borji, "Combining heterogeneous classifiers for network intrusion detection," in Proc. 12th Asian Computing Science Conference on Advances in Computer Science: Computer and Network Security. Springer, 2007, pp. 254-260.
174. G. Giacinto, R. Perdisci, M. D. Rio, and F. Roli, "Intrusion detection in computer networks by a modular ensemble of one-class classifiers," Information Fusion, vol. 9, no. 1, pp. 69-82, January 2008. (Pubitemid 47589059)
175. L. Rokach, "Ensemble-based classifiers," Artificial Intelligence Review, vol. 33, no. 1-2, pp. 1-39, February 2010.
176. K. Noto, C. Brodley, and D. Slonim, "Anomaly Detection Using an Ensemble of Feature Models," in Proc. IEEE International Conference on Data Mining. USA: IEEE CS, 2010, pp. 953-958.
177. P. M. Mafra, V. Moll, J. D. S. Fraga, and A. O. Santin, "Octopus-IIDS: An Anomaly Based Intelligent Intrusion Detection System," in Proc. IEEE Symposium on Computers and Communications. USA: IEEE CS, 2010, pp. 405-410.
178. S. Chebrolu, A. Abraham, and J. P. Thomas, "Feature deduction and ensemble design of intrusion detection systems," Computers & Security, vol. 24, no. 4, pp. 295-307, 2005. (Pubitemid 40752313)
179. L. Breiman, J. Friedman, R. Olshen, and C. Stone, Classification and Regression Trees. Monterey, CA: Wadsworth and Brooks, 1984.
180. R. Perdisci, G. Gu, and W. Lee, "Using an Ensemble of One-Class SVM Classifiers to Harden Payload-based Anomaly Detection Systems," in Proc. 6th International Conference on Data Mining. USA: IEEE CS, 2006, pp. 488-498. (Pubitemid 47485828)
181. G. Folino, C. Pizzuti, and G. Spezzano, "An ensemble-based evolutionary framework for coping with distributed intrusion detection," Genetic Programming and Evolvable Machines, vol. 11, no. 2, pp. 131-146, June 2010.
182. M. Rehak, M. Pechoucek, P. Celeda, J. Novotny, and P. Minarik, "CAMNEP: Agent-based Network Intrusion Detection System," in Proc. 7th International Joint Conference on Autonomous Agents and Multiagent Systems: Industrial Track. Richland, SC: IFAAMS, 2008, pp. 133-136.
183. R. Perdisci, D. Ariu, P. Fogla, G. Giacinto, and W. Lee, "McPAD: A multiple classifier system for accurate payload-based anomaly detection," Computer Networks, vol. 53, no. 6, pp. 864-881, April 2009.
184. W. Khreich, E. Granger, A. Miri, and R. Sabourin, "Adaptive ROCbased ensembles of HMMs applied to anomaly detection," Pattern Recognition, vol. 45, no. 1, pp. 208-230, January 2012.
185. G. Giacinto, F. Roli, and L. Didaci, "Fusion of multiple classifiers for intrusion detection in computer networks," Pattern Recognition Letters, vol. 24, no. 12, pp. 1795-1803, August 2003. (Pubitemid 36558001)
186. J. Shifflet, "A Technique Independent Fusion Model For Network Intrusion Detection," in Proc. Midstates Conference on Undergraduate Research in Computer Science and Mathematics, vol. 3, 2005, pp. 13-19.
187. D. Parikh and T. Chen, "Data Fusion and Cost Minimization for Intrusion Detection," IEEE Trans. Inf. For. Security, vol. 3, no. 3, pp. 381-389, 2008.
188. L. Zhi-dong, Y. Wu, W. Wei, and M. Da-peng, "Decision-level fusion model of multi-source intrusion detection alerts," J. Communications, vol. 32, no. 5, pp. 121-128, 2011.
189. R. Yan and C. Shao, "Hierarchical Method for Anomaly Detection and Attack Identification in High-speed Network," Information Technology J., vol. 11, no. 9, pp. 1243-1250, 2012.
190. V. Chatzigiannakis, G. Androulidakis, K. Pelechrinis, S. Papavassiliou, and V. Maglaris, "Data fusion algorithms for network anomaly detection: classification and evaluation," in Proc. 3rd International Conference on Networking and Services. Greece: IEEE CS, 2007, pp. 50-57.
191. W. Gong, W. Fu, and L. Cai, "A Neural Network Based Intrusion Detection Data Fusion Model," in Proc. 3rd International Joint Conference on Computational Science and Optimization-Volume 02. USA: IEEE CS, 2010, pp. 410-414.
192. D. Ariu, R. Tronci, and G. Giacinto, "HMMPayl: An intrusion detection system based on Hidden Markov Models," Computers & Security, vol. 30, no. 4, pp. 221-241, 2011.
193. M. Arumugam, P. Thangaraj, P. Sivakumar, and P. Pradeepkumar, "Implementation of two class classifiers for hybrid intrusion detection," in Proc. International Conference on Communication and Computational Intelligence, December 2010, pp. 486-490.
194. J. Zhang and M. Zulkernine, "A Hybrid Network Intrusion Detection Technique Using Random Forests," in Proc. 1st International Conference on Availability, Reliability and Security. USA: IEEE CS, 2006, pp. 262-269. (Pubitemid 44732653)
195. M. A. Aydin, A. H. Zaim, and K. G. Ceylan, "A hybrid intrusion detection system design for computer network security," Computers & Electrical Engineering, vol. 35, no. 3, pp. 517-526, May 2009.
196. M. Panda, A. Abraham, and M. R. Patra, "Hybrid intelligent systems for detecting network intrusions," Computer Physics Communications, vol. Early, 2012.
197. A. Herrero, M. Navarro, E. Corchado, and V. Julian, "RT-MOVICABIDS: Addressing real-time intrusion detection," Future Generation Computer Systems, vol. 29, no. 1, pp. 250-261, 2011.
198. M. E. Locasto, K. Wang, A. D. Keromytis, and S. J. Stolfo, "FLIPS: Hybrid Adaptive Intrusion Prevention," in Recent Advances in Intrusion Detection, 2005, pp. 82-101.
199. S. Peddabachigari, A. Abraham, C. Grosan, and J. Thomas, "Modeling intrusion detection system using hybrid intelligent systems," J. Network and Computer Applications, vol. 30, no. 1, pp. 114-132, January 2007. (Pubitemid 44666486)
200. J. Zhang, M. Zulkernine, and A. Haque, "Random-Forests-Based Network Intrusion Detection Systems," IEEE Trans. Syst. Man Cybern. C, vol. 38, no. 5, pp. 649-659, 2008.
201. X. Tong, Z. Wang, and H. Yu, "A research using hybrid RBF/Elman neural networks for intrusion detection system secure model," Computer Physics Communications, vol. 180, no. 10, pp. 1795-1801, 2009.
202. X. Yu, "A New Model of Intelligent Hybrid Network Intrusion Detection System," in Proc. International Conference on Bioinformatics and Biomedical Technology. IEEE CS, 2010, pp. 386-389.
203. S. Selim, M. Hashem, and T. M. Nazmy, "Hybrid Multi-level Intrusion Detection System," International J. Computer Science and Information Security, vol. 9, no. 5, pp. 23-29, 2011.
204. A. Soule, K. Salamatian, and N. Taft, "Combining filtering and statistical methods for anomaly detection," in Proc. 5th ACM SIGCOMM conference on Internet Measurement. USA: ACM, 2005, pp. 1-14.
205. KDDcup99, "Knowledge discovery in databases DARPA archive," http://www.kdd.ics.uci.edu/databases/kddcup99/task.html, 1999.
206. S. J. Stolfo, W. Fan, W. Lee, A. Prodromidis, and P. K. Chan, "Cost-Based Modeling for Fraud and Intrusion Detection: Results from the JAM Project," in Proc. DARPA Information Survivability Conference and Exposition, vol. 2. USA: IEEE CS, 2000, pp. 130-144.
207. M. Tavallaee, E. Bagheri, W. Lu, and A. A. Ghorbani, "A detailed analysis of the KDD CUP 99 data set," in Proc. 2nd IEEE International Conference on Computational Intelligence for Security and Defense Applications. USA: IEEE Press, 2009, pp. 53-58.
208. NSL-KDD, "NSL-KDD data set for network-based intrusion detection systems," http://iscx.cs.unb.ca/NSL-KDD/, March 2009.
209. I. S. T. G. MIT Lincoln Lab, "DARPA Intrusion Detection Data Sets," http://www.ll.mit.edu/mission/communications/ist/corpora/ideval/ data/2000data.html, March 2000.
210. Defcon, "The Shmoo Group," http://cctf.shmoo.com/, 2011.
211. CAIDA, "The cooperative Analysis for Internet Data Analysis," http://www.caida.org, 2011.
212. LBNL, "Lawrence Berkeley National Laboratory and ICSI, LBNL/ICSI Enterprise Tracing Project," http://www.icir.org/enterprisetracing/, 2005.
213. UNIBS, "University of Brescia dataset," http://www.ing.unibs. it/ntw/tools/traces/, 2009.
214. A. Shiravi, H. Shiravi, M. Tavallaee, and A. A. Ghorbani, "Towards developing a systematic approach to generate benchmark datasets for intrusion detection," Computers & Security, vol. 31, no. 3, pp. 357-374, 2012.
215. P. Gogoi, M. H. Bhuyan, D. K. Bhattacharyya, and J. K. Kalita, "Packet and Flow Based Network Intrusion Datasets," in Proc. 5th International Conference on Contemporary Computing, vol. LNCSCCIS 306. Springer, August 6-8 2012, pp. 322-334.
216. M. H. Bhuyan, D. K. Bhattacharyya, and J. K. Kalita, "AOCD : An Adaptive Outlier Based Coordinated Scan Detection Approach," International J. Network Security, vol. 14, no. 6, pp. 339-351, 2012.
217. C. Satten, "Lossless Gigabit Remote Packet Capture With Linux," http://staff.washington.edu/corey/gulp/, 2007.
218. NFDUMP, "NFDUMP Tool," http://nfdump.sourceforge.net/, 2011.
219. M. V. Mahoney and P. K. Chan, "An Analysis of the 1999 DARPA/Lincoln Laboratory Evaluation Data for Network Anomaly Detection," in Proc. 6th International Symposium on Recent Advances in Intrusion Detection. Springer, 2003, pp. 220-237. (Pubitemid 137633167)
220. J. McHugh, "Testing Intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory," ACM Trans. Inf. System Security, vol. 3, no. 4, pp. 262-294, November 2000.
221. P. Mell, V. Hu, R. Lippmann, J. Haines, and M. Zissman, "An Overview of Issues in Testing Intrusion Detection Systems," http://citeseer.ist. psu.edu/621355.html, 2003.
222. J. Xu and C. R. Shelton, "Intrusion Detection using Continuous Time Bayesian Networks," J. Artificial Intelligence Research, vol. 39, pp. 745-774, 2010.
223. S. Axelsson, "The base-rate fallacy and the difficulty of intrusion detection," ACM Trans. Inf. System Security, vol. 3, no. 3, pp. 186-205, August 2000.
224. R. P. Lippmann, D. J. Fried, I. Graf, J. Haines, K. Kendall, D. McClung, D. Weber, S. W. D. Wyschogord, R. K. Cunningham, and M. A. Zissman, "Evaluating Intrusion Detection Systems: The 1998 DARPA Offline Intrusion Detection Evaluation," in Proc. DARPA Information Survivability Conference and Exposition, January 2000, pp. 12-26.
225. M. V. Joshi, R. C. Agarwal, and V. Kumar, "Predicting rare classes : can boosting make any weak learner strong?" in Proc. 8th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. USA: ACM, 2002, pp. 297-306.
226. P. Dokas, L. Ertoz, A. Lazarevic, J. Srivastava, and P. N. Tan, "Data Mining for Network Intrusion Detection," in Proc. NSF Workshop on Next Generation Data Mining, November 2002.
227. Y. Wang, Statistical Techniques for Network Security : Modern Statistically-Based Intrusion Detection and Protection. Hershey,PA: Information Science Reference, IGI Publishing, 2008.
228. S. M. Weiss and T. Zhang, The handbook of data mining. Lawrence Erlbaum Assoc Inc, 2003, ch. Performance Alanysis and Evaluation, pp. 426-439.
229. F. J. Provost and T. Fawcett, "Robust Classification for Imprecise Environments," Machine Learning, vol. 42, no. 3, pp. 203-231, 2001. (Pubitemid 32188799)
230. R. A. Maxion and R. R. Roberts, "Proper Use of ROC Curves in Intrusion/Anomaly Detection," School of Computing Science, University of Newcastle upon Tyne, Tech. Rep. CS-TR-871, November 2004.
231. R. Sekar, Y. Guang, S. Verma, and T. Shanbhag, "A high-performance network intrusion detection system," in Proc. 6th ACM Conference on Computer and Communications Security. USA: ACM, 1999, pp. 8-17. (Pubitemid 32213895)