Ensemble based collaborative and distributed intrusion detection systems: A survey

Journal of Network and Computer Applications

Volumn 66, Issue , 2016, Pages 1-16

  Folino, Gianluigi ^a   Sabatino, Pietro ^a  

^a ICAR CNR   (Italy)

Author keywords

[No Author keywords available]

Indexed keywords

ALGORITHMS; COMPUTER CRIME; DATA MINING; MERCURY (METAL); REAL TIME SYSTEMS;

DATA MINING ALGORITHM; DISTRIBUTED APPROACHES; DISTRIBUTED IMPLEMENTATION; DISTRIBUTED INTRUSION DETECTION SYSTEMS; ENSEMBLE-BASED METHOD; INTRUSION DETECTION SYSTEMS; NETWORK INTRUSION DETECTION SYSTEMS; REAL TIME REQUIREMENT;

INTRUSION DETECTION;

EID: 84962205019     PISSN: 10848045     EISSN: 10958592     Source Type: Journal    
DOI: 10.1016/j.jnca.2016.03.011     Document Type: Review

References (109)

1. Abdulla Amin Aburomman, and Mamun Bin Ibne Reaz A novel SVM-kNN-PSO ensemble method for intrusion detection system Appl. Soft Comput. 38 2016 360 372
2. Rakesh Agrawal, Johannes Gehrke, Dimitrios Gunopulos, and Prabhakar Raghavan Automatic subspace clustering of high dimensional data Data Min. Knowl. Discov. 11 1 2005 5 33
3. Alshawabkeh, Malak, Jang, Byunghyun, Kaeli, David, 2010. Accelerating the Local Outlier Factor algorithm on a GPU for intrusion detection systems. In: Proceedings of the 3rd Workshop on General-Purpose Computation on Graphics Processing Units, GPGPU-3, ACM, New York, NY, USA, pp. 104-110.
4. Fatemeh Amiri, Mohammad Mahdi Rezaei Yousefi, Caro Lucas, Azadeh Shakery, and Nasser Yazdani Mutual information-based feature selection for intrusion detection systems J. Netw. Comput. Appl. 34 4 2011 1184 1199
5. Ariu, Davide, Giacinto, Giorgio, 2010. HMMP ayl: an application of HMM to the analysis of the HTTP payload. In: Tom Diethe, Nello Cristianini, John Shawe-Taylor (Eds.), Proceedings of the First Workshop on Applications of Pattern Analysis, WAPA 2010, September 1-3, vol. 11. Cumberland Lodge, Windsor, UK, pp. 81-87.
6. Davide Ariu, Roberto Tronci, and Giorgio Giacinto HMMPayl: an intrusion detection system based on Hidden Markov Models Comput. Secur. 30 4 2011 221 241
7. Bandrek, S.R., Nandimath, J.N., 2015. Design consideration of network intrusion detection system using Hadoop and GPGPU. In: 2015 International Conference on Pervasive Computing (ICPC), January, pp. 1-6.
8. Bellekens, Xavier J.A., Tachtatzis, Christos, Atkinson, Robert C., Renfrew, Craig, Kirkham, Tony, 2014. A highly-efficient memory-compression scheme for GPU-accelerated intrusion detection systems. In: Proceedings of the 7th International Conference on Security of Information and Networks, SIN 14. ACM, New York, NY, USA, pp. 302:302-302:309.
9. M. Hussain Bhuyan, D.K. Bhattacharyya, and J.K. Kalita Survey on incremental approaches for network anomaly detection Int. J. Commun. Netw. Inf. Secur. 3 3 2011
10. M.H. Bhuyan, D.K. Bhattacharyya, and J.K. Kalita Network anomaly detection: methods, systems and tools IEEE Commun. Surv. Tutor. 16 1 2014 303 336 First
11. Bhuyan, Monowar H., Bhattacharyya, D.K., Kalita, J.K., 2011. NADO: network anomaly detection using outlier approach. In: Proceedings of the 2011 International Conference on Communication, Computing& Security, ICCCS '11. ACM, New York, NY, USA, pp. 531-536.
12. Monowar H. Bhuyan, D.K. Bhattacharyya, and J.K. Kalita Surveying Port Scans and their detection methodologies Comput. J. 54 October (10) 2011 1565 1581
13. Monowar H. Bhuyan, Bhattacharyya, D.K., Kalita, J.K., 2012. An effective unsupervised network anomaly detection method. In: Proceedings of the International Conference on Advances in Computing, Communications and Informatics, ICACCI '12. ACM, New York, NY, USA, pp. 533-539.
14. Burton H. Bloom Space/time trade-offs in hash coding with allowable errors Commun. ACM 13 7 1970 422 426
15. Boggs, Nathaniel, Hiremagalore, Sharath, Stavrou, Angelos, Stolfo, J. Salvatore, 2011. Cross-domain collaborative anomaly detection: so far yet so close. In: Sommer, Robin, Balzarotti, Davide, Maier, Gregor (Eds.), Recent Advances in Intrusion Detection, Lecture Notes in Computer Science, vol. 6961. Springer, Berlin, Heidelberg, pp. 142-160.
16. Borji, Ali, 2007. Combining heterogeneous classifiers for network intrusion detection. In: Cervesato, Iliano, (Ed.), Advances in Computer Science - ASIAN 2007. Computer and Network Security, Lecture Notes in Computer Science, vol. 4846. Springer, Berlin, Heidelberg, pp. 254-260.
17. Boro, Debojit, Nongpoh, Bernard, Bhattacharyya, Dhruba K., 2012. Anomaly based intrusion detection using meta ensemble classifier. In: Proceedings of the Fifth International Conference on Security of Information and Networks, SIN '12. ACM, New York, NY, USA, pp. 143-147.
18. Brahmi, Imen, Yahia, Sadok Ben, Aouadi, Hamed, Poncelet, Pascal, 2012. Towards a multiagent-based distributed intrusion detection system using data mining approaches. In: Proceedings of the 7th International Conference on Agents and Data Mining Interaction, ADMI'11. Springer-Verlag, Berlin, Heidelberg, 2012, pp. 173-194.
19. Leo Breiman Random forests Mach. Learn. 45 1 2001 5 32
20. Bukhtoyarov, V.V., Semenkina, O.E., 2010. Comprehensive evolutionary approach for neural network ensemble automatic design. In: 2010 IEEE Congress on Evolutionary Computation (CEC), Barcelona, Spain, July, pp. 1-6.
21. Bukhtoyarov, Vladimir, Zhukov, Vadim, 2014. Ensemble-distributed approach in classification problem solution for intrusion detection systems. In: Corchado, Emilio, Lozano, José A., Quintián, Héctor, Yin, Hujun (Eds.), Intelligent Data Engineering and Automated Learning, IDEAL 2014, Lecture Notes in Computer Science, vol. 8669. Springer International Publishing, Salamanca, Spain, pp. 255-265.
22. Campos, M.M., Milenova, B.L., 2005. Creation and deployment of data mining-based intrusion detection systems in Oracle Database 10g. In: Fourth International Conference on Machine Learning and Applications, 2005. Proceedings. IEEE Computer Society, Los Angeles, California, USA, December.
23. Pedro Casas, Johan Mazel, and Philippe Owezarski Unsupervised network intrusion detection systems: detecting the unknown without knowledge Comput. Commun. 35 7 2012 772 783
24. Corona, I., Ariu, D., Giacinto, G., 2009. HMM-Web: a framework for the detection of attacks against web applications. In: IEEE International Conference on Communications, 2009. ICC '09, June, pp. 1-6.
25. Corona, Igino, Giacinto, Giorgio, Mazzariello, Claudio, Roli, Fabio, Sansone, Carlo, 2009. Information fusion for computer security: state of the art and open issues. Inf. Fusion, 10(4), 274-284, Special Issue on Information Fusion in Computer Security.
26. Cretu, G.F., Stavrou, A., Locasto, M.E., Stolfo, S.J., Keromytis, A.D., 2008. Casting out demons: Sanitizing training data for anomaly sensors. In: IEEE Symposium on Security and Privacy, 2008. SP 2008, May, pp. 81-95.
27. Cretu, Gabriela F., Stavrou, Angelos, Stolfo, Salvatore J., Keromytis, Angelos D., 2007. Data sanitization: improving the forensic utility of anomaly detection systems. In: Proceedings of the 3rd Workshop on Hot Topics in System Dependability, HotDep'07, USENIX Association, Berkeley, CA, USA.
28. Cretu-Ciocarlie, Gabriela F., Stavroum, Angelos, Locasto, Michael E., Stolfo, Salvatore J., 2009. Adaptive anomaly detection via self-calibration and dynamic updating. In: Recent Advances in Intrusion Detection, Springer, Saint-Malo, France, pp. 41-60.
29. Marc Damashek Gauging similarity with n-grams: language-independent categorization of text Science 267 5199 1995 843 848
30. Belur V. Dasarathy Intrusion detection Inf. Fusion 4 4 2003 243 245
31. David L. Davis, and Donald W. Bouldin A cluster separation measure IEEE Trans. Pattern Anal. Mach. Intell. PAMI - 1 2 1979 224 227
32. Jonathan J. Davis, and Andrew J. Clark Data preprocessing for anomaly based network intrusion detection: a review Comput. Secur. 30 6-7 2011 353 375
33. Inderjit S. Dhillon, Subramanyam Mallela, and Rahul Kumar A divisive information theoretic feature clustering algorithm for text classification J. Mach. Learn. Res. 3 March 2003 1265 1287
34. S. Dua, and X. Du Data Mining and Machine Learning in Cybersecurity 2011 CRC Press, Taylor & Francis Group
35. R.O. Duda, P.E. Hart, and D.G. Stork Pattern Classification 2nd edition 2001 John Wiley & Sons New York, NY
36. J.C. Dunn Well-separated clusters and optimal fuzzy partitions J. Cybern. 4 1 1974 95 104
37. Reda M. Elbasiony, Elsayed A. Sallam, Tarek E. Eltobely, and Mahmoud M. Fahmy A hybrid network intrusion detection framework based on random forests and weighted k-means Ain Shams Eng. J. 4 4 2013 753 762
38. Eskin, Eleazar, Arnold, Andrew, Prerau, Michael, Portnoy, Leonid, Stolfo, Salvatore J., 2002. A geometric framework for unsupervised anomaly detection. In: Barbará, Daniel, Jajodia, Sushil (Eds.), Applications of Data Mining in Computer Security, Advances in Information Security, vol. 6. Springer, US, pp. 77-101.
39. Ester, Martin, Kriegel, Hans-Peter, Sander, Jörg, Xu, Xiaowei, 1996. A density-based algorithm for discovering clusters in large spatial databases with noise. In: Proceedings of the Second International Conference on Knowledge Discovery and Data Mining (KDD-96), vol. 96. AAAI Press, Portland, OR, USA, pp. 226-231.
40. Gianluigi Folino, Clara Pizzuti, and Giandomenico Spezzano An ensemble-based evolutionary framework for coping with distributed intrusion detection Genet. Program. Evol. Mach. 11 June (2) 2010 131 146
41. Folino, Gianluigi, Sabatino, Pietro, Pisani, Francesco S., 2016. Combining ensemble of classifiers by using genetic programming for cyber security applications. In: Applications of Evolutionary Computation - 19th European Conference, EvoApplications 2016, 30 March-1 April. Proceedings. Lecture Notes in Computer Science. Springer International Publishing, Porto, Portugal.
42. Ford, David, 2004. Application of Thermodynamics to the Reduction of Data Generated by a Non-standard System. arxiv:cond-mat/0402325
43. Ana L.N. Fred, and Anil K. Jain Combining multiple clusterings using evidence accumulation IEEE Trans. Pattern Anal. Mach. Intell. 27 6 2005 835 850
44. P. Garcìa-Teodoro, J. Dìaz-Verdejo, G. Maciá-Fernández, and J. Vázquez Anomaly-based network intrusion detection: techniques, systems and challenges Comput. Secur. 28 1-2 2009 18 28
45. Giorgio Giacinto, Roberto Perdisci, Mauro Del Rio, and Fabio Roli Intrusion detection in computer networks by a modular ensemble of one-class classifiers Inf. Fusion 9 1 2008 69 82 Special Issue on Applications of Ensemble Methods
46. N. Hoque, Monowar H. Bhuyan, R.C. Baishya, D.K. Bhattacharyya, and J.K. Kalita Network attacks: taxonomy, tools and systems J. Netw. Comput. Appl. 40 0 2014 307 324
47. Shi-Jinn Horng, Ming-Yang Su, Yuan-Hsin Chen, Tzong-Wann Kao, Rong-Jian Chen, Jui-Lin Lai, and Citra Dwi Perkasa A novel intrusion detection system based on hierarchical clustering and support vector machines Expert Syst. Appl. 38 1 2011 306 313
48. Weiming Hu, Jun Gao, Yanguo Wang, Ou Wu, and S. Maybank Online Adaboost-based parameterized methods for dynamic distributed network intrusion detection IEEE Trans. Cybern. 44 January (1) 2014 66 82
49. Shan Huang, Botao Wang, Junhao Qiu, Jitao Yao, Guoren Wang, and Ge Yu Parallel ensemble of online sequential extreme learning machine based on MapReduce Neurocomputing 174 Part A 2016 352 367
50. Lawrence Hubert, and James Schultz Quadratic assignment as a general data analysis strategy Br. J. Math. Stat. Psychol. 29 2 1976 190 241
51. Ingham, Kenneth L., Inoue, Hajime, 2007. Comparing anomaly detection techniques for HTTP. In: Kruegel, Christopher, Lippmann, Richard, Clark, Andrew (Eds.), Recent Advances in Intrusion Detection. Lecture Notes in Computer Science, vol. 4637. Springer, Berlin, Heidelberg, pp. 42-62.
52. Jamshed, Muhammad Asim., Lee, Jihyung, Moon, Sangwoo, Yun, Insu, Kim, Deokjin, Lee, Sungryoul, Yi, Yung, Park, Kyoung Soo, 2012. Kargus: a highly-scalable software-based intrusion detection system. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS 12. ACM, New York, NY, USA, pp. 317-328.
53. J.-S.R. Jang ANFIS: adaptive-network-based fuzzy inference system IEEE Trans. Syst. Man Cybern. 23 May (3) 1993 665 685
54. I.T. Jolliffe Principal Component Analysis 2002 Springer Series in Statistics Springer
55. Song Jungsuk, Hiroki Takakura, Yasuo Okabe, and Kwon Yongjin Unsupervised anomaly detection based on clustering and multiple one-class SVM IEICE Trans. Commun. 92 6 2009 1981 1990
56. Kayacik Günes, H., Nur Zincir-Heywood, A., Heywood Malcolm, I., 2005. Selecting features for intrusion detection: a feature relevance analysis on KDD 99 intrusion detection datasets. In: Proceedings of the Third Annual Conference on Privacy, Security and Trust.
57. R.A. Kemmerer, and G. Vigna Intrusion detection: a brief history and overview Computer 35 April (4) 2002 27 30
58. Jeffrey O. Kephart, and David M. Chess The vision of autonomic computing Computer 36 January (1) 2003 41 50
59. R. Khanna, and Huaping Liu Control theoretic approach to intrusion detection using a distributed hidden Markov model IEEE Wireless Commun. 15 August (4) 2008 24 33
60. Khanna, Rahul, Liu, Huaping, 2006. System approach to intrusion detection using Hidden Markov Model. In: Proceedings of the 2006 International Conference on Wireless Communications and Mobile Computing, IWCMC '06. ACM, New York, NY, USA, pp. 349-354.
61. S. Kullback, and R.A. Leibler On information and sufficiency Ann. Math. Stat. 22 1 1951 79 86 03
62. P.Arun Raj Kumar, and S. Selvakumar Distributed denial of service attack detection using an ensemble of neural classifier Comput. Commun. 34 11 2011 1328 1341
63. P.Arun Raj Kumar, and S. Selvakumar Detection of distributed denial of service attacks using an ensemble of adaptive and hybrid neuro-fuzzy systems Comput. Commun. 36 3 2013 303 319
64. Ludmila Kuncheva Combining Pattern Classifiers: Methods and Algorithms 2004 John Wiley & Sons
65. Lai, Haiguang, Cai, Shengwen, Huang, Hao, Xie, Junyuan, Li, Hui, 2004. A parallel intrusion detection system for high-speed networks. In: Jakobsson, Markus, Yung, Moti, Zhou, Jianying (Eds.), Applied Cryptography and Network Security, Lecture Notes in Computer Science, vol. 3089. Springer, Berlin, Heidelberg, pp. 439-451.
66. Edda Leopold, and Jörg Kindermann Text categorization with support vector machines. How to represent texts in input space Mach. Learn. 46 1-3 2002 423 444
67. Leung, Kingsly, Leckie, Christopher, 2005. Unsupervised anomaly detection in network intrusion detection using clusters. In: Proceedings of the Twenty-eighth Australasian Conference on Computer Science, ACSC '05, vol. 38. Australian Computer Society, Inc., Darlinghurst, Australia, pp. 333-342.
68. A. Levey, and M. Lindenbaum Sequential Karhunen-Loeve basis extraction and its application to images IEEE Trans. Image Process. 9 August (8) 2000 1371 1374
69. Nan-Ying Liang, Guang-Bin Huang, Paramasivan Saratchandran, and Narasimhan Sundararajan A fast and accurate online sequential learning algorithm for feedforward networks IEEE Trans. Neural Netw. 17 6 2006 1411 1423
70. Nick Littlestone, and Manfred K. Warmuth The weighted majority algorithm Inf. Comput. 108 February (2) 1994 212 261
71. Locasto, E. Michael, Parekh, Janak J., Keromytis, Angelos D., Stolfo, Salvatore J., 2005. Towards collaborative security and p2p intrusion detection. In: Information Assurance Workshop, 2005. IAW'05. Proceedings from the Sixth Annual IEEE SMC. IEEE, New York, USA, pp. 333-339.
72. McEachen, John C., Wai Kah, Cheng, 2007. An analysis of distributed sensor data aggregation for network intrusion detection. Microprocess. Microsyst. 31(4), 263-272. Special Issue with selected papers from the 11th IEEE Symposium on Computers and Communications (ISCC'06).
73. Srinivas Mukkamala, and Andrew H. Sung Identifying significant features for network forensic analysis using artificial intelligent techniques Int. J. Digit. Evid. 1 4 2003 1 17
74. Nagesh, H.S., Goil, S., Choudhary, A., 2000. A scalable parallel subspace clustering algorithm for massive data sets. In: 2000 International Conference on Parallel Processing, 2000. Proceedings. IEEE, Toronto, Canada, pp. 477-484.
75. Newsome, J., Karp, B., Song, D., 2005. Polygraph: automatically generating signatures for polymorphic worms. In: 2005 IEEE Symposium on Security and Privacy, May, pp. 226-241.
76. Nguyen, Hoa Huu, Harbi, Nouria, Darmont, Jérôme, 2011. An efficient local region and clustering-based ensemble system for intrusion detection. In: Proceedings of the 15th Symposium on International Database Engineering & Applications, IDEAS ' 11, ACM, New York, NY, USA, pp. 185-191.
77. Kanubhai Patel, and Bharat V. Buddhadev Machine learning based research for network intrusion detection: a state-of-the-art Int. J. Inf. Netw. Secur. 3 3 2014
78. Roberto Perdisci, Davide Ariu, Prahlad Fogla, Giorgio Giacinto, and Wenke Lee McPAD: a multiple classifier system for accurate payload-based anomaly detection Comput. Netw. 53 6 2009 864 881
79. Roberto Perdisci, Davide Ariu, and Davide Giacinto Scalable fine-grained behavioral clustering of http-based malware Comput. Netw. 57 2 2013 487 500
80. Perdisci, Roberto, Lee, Wenke, Feamster, Nick, 2010. Behavioral clustering of http-based malware and signature generation using malicious network traces. In: Proceedings of the 7th USENIX Conference on Networked Systems Design and Implementation, NSDI'10, USENIX Association, Berkeley, CA, USA, pp. 26-26.
81. Abhinav S. Raut, and Kavita R. Singh Anomaly based intrusion detection - a review Int. J. Netw. Secur. 5 2014
82. Riedmiller, M., Braun, H., 1993. A direct adaptive method for faster backpropagation learning: the RPROP algorithm. In: IEEE International Conference on Neural Networks, vol. 1, pp. 586-591.
83. Peter J. Rousseeuw Silhouettes: a graphical aid to the interpretation and validation of cluster analysis J. Comput. Appl. Math. 20 0 1987 53 65
84. Schaelicke, Lambert, Wheeler, Kyle, Freeland, Curt, 2005. SPANIDS: a scalable network intrusion detection loadbalancer. In: Proceedings of the Second Conference on Computing Frontiers, CF'05. ACM, New York, NY, USA, 2005, pp. 315-322.
85. R.E. Schapire The strength of weak learnability Mach. Learn. 5 2 1990 197 227
86. R.E. Schapire Boosting a weak learning by majority Inf. Comput. 121 2 1995 256 285
87. Bernhard Schölkopf, John C. Platt, John C. Shawe-Taylor, Alex J. Smola, and Robert C. Williamson Estimating the support of a high-dimensional distribution Neural Comput. 13 July (7) 2001 1443 1471
88. C. Scott, and R. Nowak A Neyman-Pearson approach to statistical learning IEEE Trans. Inf. Theory 51 November (11) 2005 3806 3819
89. Siva S. Sivatha Sindhu, S. Geetha, and A. Kannan Decision tree based light weight intrusion detection using a wrapper approach Expert Syst. Appl. 39 1 2012 129 141
90. Raman Singh, Harish Kumar, and R.K. Singla An intrusion detection system using network traffic profiling and online sequential extreme learning machine Expert Syst. Appl. 42 22 2015 8609 8624
91. Jungsuk Song, Hiroki Takakura, Yasuo Okabe, and Koji Nakao Toward a more practical unsupervised anomaly detection system Inf. Sci. 231 0 2013 4 14 Data Mining for Information Security
92. Song, Yingbo, Keromytis, Angelos D., Stolfo, Salvatore, 2009. Spectrogram: a mixture-of-Markov-chains model for anomaly detection in web traffic. In: Network and Distributed System Security Symposium 2009. Proceedings, February 8-11, Internet Society, San Diego, CA, pp. 121-135.
93. A. Sperotto, G. Schaffrath, R. Sadre, C. Morariu, A. Pras, and B. Stiller An overview of IP flow-based intrusion detection Commun. Surv. Tutor. IEEE 12 3 2010 343 356 Third
94. Vasiliadis, Giorgos, Polychronakis, Michalis, 2011. Sotiris Ioannidis. MIDe A: a multi-parallel intrusion detection architecture. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS '11, ACM, New York, NY, USA, pp. 297-308.
95. Emmanouil Vasilomanolakis, Shankar Karuppayah, Max Mühlhäuser, and Mathias Fischer Taxonomy and survey of collaborative intrusion detection ACM Comput. Surv. 47 May (4) 2015 55:1 55:33
96. Vokorokos, L., Ennert, M., Cajkovsky, M., Turinska, A., 2013. A distributed network intrusion detection system architecture based on computer stations using GPGPU. In: 2013 IEEE 17th International Conference on Intelligent Engineering Systems (INES), June, pp. 323-326.
97. Liberios Vokorokos, Michal Ennert, Marek Čajkovský, and Ján Raduǒvský A survey of parallel intrusion detection on graphical processors Central Eur. J. Comput. Sci. 4 4 2014 222 230
98. Wang, Ke, Cretu, Gabriela, Stolfo Salvatore J., 2006. Anomalous payload-based worm detection and signature generation. In: Valdes Alfonso, Zamboni Diego (Eds.), Recent Advances in Intrusion Detection. Lecture Notes in Computer Science, vol. 3858. Springer, Berlin, Heidelberg, 2006. pp. 227-246.
99. Wang, Ke, Parekh, Janak J, Stolfo, Salvatore J., 2006. Anagram: a content anomaly detector resistant to mimicry attack. In: Recent Advances in Intrusion Detection. Springer, Hamburg, Germany, pp. 226-248.
100. Wang, Ke, Stolfo, Salvatore J., 2004. Anomalous payload-based network intrusion detection. In: Erland, Jonsson, Alfonso, Valdes, Magnus, Almgren, (Eds.), Recent Advances in Intrusion Detection. Lecture Notes in Computer Science, vol. 3224. Springer, Berlin, Heidelberg, pp. 203-222.
101. Wei Wang, Thomas Guyet, René Quiniou, and Marie-Odile Cordier Autonomic intrusion detection: adaptively detecting anomalies over unlabeled audit data streams in computer networks Knowledge-Based Syst. 70 0 2014 103 117
102. Witten, I.H., Frank, E., Hall, M.A., 1991. Data Mining: Practical Machine Learning Tools and Techniques: Practical Machine Learning Tools and Techniques. The Morgan Kaufmann Series in Data Management Systems. Elsevier Science.
103. Xuanli Lisa Xie, and G. Beni A validity measure for fuzzy clustering IEEE Trans. Pattern Anal. Mach. Intell. 13 August (8) 1991 841 847
104. Zhang, Jiong, Zulkernine, M., 2006. Anomaly based network intrusion detection with unsupervised outlier detection. In: ICC'06. IEEE International Conference on Communications, vol. 5, June, pp. 2388-2393.
105. Jiong Zhang, M. Zulkernine, and A. Haque Random-forests-based network intrusion detection systems IEEE Trans. Syst. Man Cybern. Part C: Appl. Rev. 38 September (5) 2008 649 659
106. Zhang, Tian, Ramakrishnan, Raghu, Livny, Miron, 1996. Birch: an efficient data clustering method for very large databases. In: ACM SIGMOD Record, vol. 25. ACM, pp. 103-114.
107. Kai Zheng, Zhiping Cai, Xin Zhang, Zhijun Wang, and Baohua Yang Algorithms to speedup pattern matching for network intrusion detection systems Computer Communications, Elsevier Science Publishers 62 2015 47 58
108. Chenfeng Vincent Zhou, Christopher Leckie, and Shanika Karunasekera Decentralized multi-dimensional alert correlation for collaborative intrusion detection J. Netw. Comput. Appl. 32 5 2009 1106 1123
109. Chenfeng Vincent Zhou, Christopher Leckie, and Shanika Karunasekera A survey of coordinated attacks and collaborative intrusion detection Comput. Secur. 29 1 2010 124 140