Skip to main content
SpringerLink
Log in

Contextual information fusion for intrusion detection: a survey and taxonomy

  • Survey Paper
  • Published:
Knowledge and Information Systems Aims and scope Submit manuscript

Abstract

Research in cyber-security has demonstrated that dealing with cyber-attacks is by no means an easy task. One particular limitation of existing research originates from the uncertainty of information that is gathered to discover attacks. This uncertainty is partly due to the lack of attack prediction models that utilize contextual information to analyze activities that target computer networks. The focus of this paper is a comprehensive review of data analytics paradigms for intrusion detection along with an overview of techniques that apply contextual information for intrusion detection. A new research taxonomy is introduced consisting of several dimensions of data mining techniques, which create attack prediction models. The survey reveals the need to use multiple categories of contextual information in a layered manner with consistent, coherent, and feasible evidence toward the correct prediction of cyber-attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12

Similar content being viewed by others

References

  1. Abadeh MS, Habibi J (2007) Computer intrusion detection using an iterative fuzzy rule learning approach. In: IEEE international fuzzy systems conference, Imperial College, London, UK, 23–26 July 2007, pp 1–6. doi:10.1109/FUZZY.2007.4295375

  2. Abdoli F, Kahani M (2009) Ontology-based distributed intrusion detection system. In: 14th international CSI computer conference, Tehran, Iran, 20–21 Oct 2009, pp 65–70. doi:10.1109/CSICC.2009.5349372

  3. Abe N, Zadrozny B, Langford J (2006) Outlier detection by active learning. In: Proceedings of the 12th ACM SIGKDD international conference on knowledge discovery and data mining, Philadelphia, PA, USA. 1150459. ACM, pp 504–509. doi:10.1145/1150402.1150459

  4. Abouzakhar NS, Gani A, Manson G (2003) Bayesian learning networks approach to cybercrime detection. In: Proceedings of the PostGraduate networking conference (PGNET’03), Liverpool, UK

  5. Adetunmbi AO, Falaki SO, Adewale OS, Alese BK (2008) Network intrusion detection based on rough set and k-nearest neighbour. Int J Comput ICT Res 2(1):60–66

    Google Scholar 

  6. Agrawal R, Imielinski T, Swami A (1993) Mining association rules between sets of items in large databases. In: Proceedings of the ACM SIGMOD international conference on management of data, Washington, D.C., USA, 170072. ACM, pp 207–216. doi:10.1145/170035.170072

  7. Agrawal R, Srikant R (1994) Fast algorithms for mining association rules in large databases. Paper presented at the proceedings of the 20th international conference on very large data bases, Santiago de Chile, Chile

  8. Ahmed U, Masood A (2009) Host based intrusion detection using rbf neural networks. In: International conference on emerging technologies (ICET’09), Slamabad, Pakistan, 19–20 Oct 2009, pp 48–51. doi:10.1109/ICET.2009.5353204

  9. Al-Subaie M, Zulkernine M (2006) Efficacy of hidden Markov models over neural networks in anomaly intrusion detection. In: 30th annual international computer software and applications conference (COMPSAC’06), Illinois, USA. IEEE, pp 325–332

  10. Albayrak S, Muller A, Scheel C, Milosevic D (2005) Combining self-organizing map algorithms for robust and scalable intrusion detection. In: International conference on computational intelligence for modelling, control, and automation, Vienna, Austria, 28–30 Nov 2005, vol 2, pp 123–130. doi:10.1109/CIMCA.2005.1631456

  11. AlEroud A, Karabatis G (2013a) A contextual anomaly detection approach to discover zero-day attacks. In: ASE international conference on cyber security, Washington, D.C., USA, pp 40–45

  12. AlEroud A, Karabatis G (2013b) A contextual anomaly detection approach to discover zero-day attacks. ASE international conference on cyber security, Washington, D.C, USA, pp 386–388

  13. AlEroud A, Karabatis G (2013c) A system for cyber attack detection using contextual semantics. In: 7th international conference on knowledge management in organizations: service and cloud computing, vol 172 (Advances in Intelligent Systems and Computing). Springer, Berlin, pp 431–442

  14. AlEroud A, Karabatis G (2013d) Toward zero-day attack identification using linear data transformation techniques. In: IEEE 7th international conference on software security and reliability (SERE’13), Washington, D.C., 18–20 June 2013, pp 159–168. doi:10.1109/SERE.2013.16

  15. Aleroud A, Karabatis G (2014a) Context infusion in semantic link networks to detect cyber-attacks: a flow-based detection approach. In: IEEE international conference on semantic computing (ICSC) LA, California 16–18 June 2014, pp 175–182. doi:10.1109/ICSC.2014.29

  16. AlEroud A, Karabatis G (2014b) Context infusion in semantic link networks to detect cyber-attacks: a flow-based detection approach. In: Eighth IEEE international conference on semantic computing, Newport Beach, California, USA, IEEE

  17. AlEroud A, Karabatis G (2016) Queryable semantics for the detection of cyber-attacks a flow-based detection approach. IEEE transactions on systems, man, and cybernetics: systems

  18. AlEroud A, Karabatis G, Sharma P, He P (2014) Context and semantics for detection of cyber attacks. Int J Inf Comput Secur 6(1):63–92. doi:10.1504/ijics.2014.059791

    Google Scholar 

  19. Alserhani F, Akhlaq M, Awan IU, Cullen AJ, Mirchandani P (2010) MARS: multi-stage attack recognition system. In: 24th IEEE international conference on advanced information networking and applications (AINA’10), Perth, Australia, 20–23 April 2010, pp 753–759. doi:10.1109/AINA.2010.57

  20. Ambwani T (2003) Multi class support vector machine implementation to intrusion detection. In: Proceedings of the international joint conference on neural networks, Portland, vol 3. IEEE, pp 2300–2305

  21. An X, Jutla D, Cercone N (2006) Privacy intrusion detection using dynamic Bayesian networks. In: Proceedings of the 8th international conference on electronic commerce, Fredericton, New Brunswick, Canada. 1151493. ACM, pp 208–215. doi:10.1145/1151454.1151493

  22. Angelini M, Prigent N, Santucci G (2015) PERCIVAL: proactive and reactive attack and response assessment for cyber incidents using visual analytics. In: IEEE symposium on visualization for cyber security (VizSec), 25–25 Oct 2015, pp 1–8. doi:10.1109/VIZSEC.2015.7312764

  23. Apiletti D, Baralis E, Cerquitelli T, D’Elia V (2008) Network digest analysis by means of association rules. In: 4th international IEEE conference on intelligent systems(IS ’08), Varna, 6–8 Sept 2008, vol 2, pp 11–32. doi:10.1109/is.2008.4670505

  24. Arya A, Kumar, S (2014) Information theoretic feature extraction to reduce dimensionality of Genetic Network Programming based intrusion detection model. In: Issues and challenges in intelligent computing techniques (ICICT). IEEE, pp 34–37

  25. Atallah M, Szpankowski W, Gwadera R (2004) Detection of significant sets of episodes in event sequences. In: Fourth IEEE international conference on data mining (ICDM’04) Brighton, UK. IEEE, pp 3–10

  26. Axelsson S (2000) Intrusion detection systems: a survey and taxonomy. Accessed (2000)

  27. Ayd MA, Zaim AH, Ceylan K (2009) A hybrid intrusion detection system design for computer network security. Comput Electr Eng 35(3):517–526. doi:10.1016/j.compeleceng.2008.12.005

  28. Baldauf M, Dustdar S, Rosenberg F (2007) A survey on context-aware systems. Int J Ad Hoc Ubiquitous Comput 2(4):263–277. doi:10.1504/ijahuc.2007.014070

    Article  Google Scholar 

  29. Barbar D, Couto J, Jajodia S, Wu N (2001) ADAM: a testbed for exploring the use of data mining in intrusion detection. SIGMOD Rec 30(4):15–24. doi:10.1145/604264.604268

    Article  Google Scholar 

  30. Barbara D, Wu N, Jajodia S (2001) Detecting novel network intrusions using Bayes estimators. In: First SIAM conference on data mining, Chicago IL, Citeseer, pp 1–17

  31. Bazire M, Brézillon P (2005) Understanding context before using it. In: Proceedings of the 5th international conference on modeling and using context, Paris, France, pp 113–192

  32. Beauquier J, Hu Y (2007) Intrusion detection based on distance combination. In: World Acacemy of Science and Engineering (CESSE’07), Venice, Italy

  33. Bloedorn E, Christiansen AD, Hill W, Skorupka C, Talbot LM, Tivel J (2001) Data mining for network intrusion detection: how to get started. Accessed (2001)

  34. Blum AL, Langley P (1997) Selection of relevant features and examples in machine learning. Artif Intell 97(1):245–271

    Article  MathSciNet  MATH  Google Scholar 

  35. Böhmer M, Bauer G, Krüge A (2011) Context tags: exploiting user-given contextual cues for disambiguation. In: Proceedings of the 13th international conference on human computer interaction with mobile devices and services, Stockholm, Sweden. ACM, pp 611–616, 2037469. doi:10.1145/2037373.2037469

  36. Bonifacio JM, Jr Cansian AM, de Carvalho A, Moreira ES (1998) Neural networks applied in intrusion detection systems. In: The IEEE international joint conference on neural networks, Anchorage, AK, 4–8 May 1998, vol 1, pp 205–210. doi:10.1109/IJCNN.1998.682263

  37. Boriah S, Chandola V, Kumar V (2008) Similarity measures for categorical data: a comparative evaluation. In: In Proceedings of the eighth SIAM international conference on data mining, Atlanta, Georgia

  38. Botha M, von Solms R (2003) Utilising fuzzy logic and trend analysis for effective intrusion detection. Comput Secur 22(5):423–434. doi:10.1016/S0167-4048(03)00511-X

    Article  Google Scholar 

  39. Bouramoul A, Kholladi MK, Doan BL (2011) Using context to improve the evaluation of information retrieval systems. Int J Database Manag Syst (IJDMS ) 3(2):22–39

    Article  Google Scholar 

  40. Bouzida Y, Cuppens F, Cuppens-Boulahia N, Gombault S (2004) Intrusion detection using principal component analysis. In: In proceedings of the 7th world multiconference on systemics, cybernetics and informatics, Orlando, USA

  41. Bridges SM, Vaughn RB (2000) Fuzzy data mining and genetic algorithms applied to intrusion detection. In: In Proceedings of the national information systems security conference (NISSC), Baltimore, MD

  42. Bringas PG (2007) Intensive use of Bayesian belief networks for the unified, flexible and adaptable analysis of misuses and anomalies in network intrusion detection and prevention systems. In: 18th international workshop on database and expert systems applications(DEXA ’07), Regensburg, Germany, 3–7 Sept 2007, pp 365–371. doi:10.1109/DEXA.2007.38

  43. Brown PJ, Bovey JD, Chen X (1997) Context-aware applications: from the laboratory to the marketplace. IEEE Pers Commun 4(5):58–64

    Article  Google Scholar 

  44. Buczak AL, Guven E (2015) A survey of data mining and machine learning methods for cyber security intrusion detection. IEEE Commun Surv Tutor 18(2):1153–1176

    Article  Google Scholar 

  45. Burroughs DJ, Wilson LF, Cybenko GV (2002) Analysis of distributed intrusion detection systems using Bayesian methods. In: 21st IEEE international performance, computing, and communications conference, Austin, Texas, USA, pp 329–334. doi:10.1109/IPCCC.2002.995166

  46. Cannady J (1998) Artificial neural networks for misuse detection. In: National information systems security conference, Crystal City Arlington, Virginia, USA, pp 368–381

  47. Cha BR, Vaidya B, Han S (2005) Anomaly intrusion detection for system call using the soundex algorithm and neural networks. In: 10th IEEE symposium on computers and communications (ISCC’05), Cartagena, Spain. IEEE, pp 427–433

  48. Chandola V, Banerjee A, Kumar V (2009) Anomaly detection: a survey. ACM Comput Surv 41(3):1–58. doi:10.1145/1541880.1541882

    Article  Google Scholar 

  49. Chandola V, Eilertson E, Ertoz L, Simon G, Kumar V (2006) Data mining for cyber security, book chapter in data warehousing and data mining techniques for computer security, 1st edn. Springer, Berlin

    Google Scholar 

  50. Cheboli D (2010) Anomaly detection of time series. PhD Thesis, University of Minnesota

  51. Chebrolu S, Abraham A, Thomas JP (2005) Feature deduction and ensemble design of intrusion detection systems. Comput Secur 24(4):295–307. doi:10.1016/j.cose.2004.09.008

    Article  Google Scholar 

  52. Chen H, Finin T, Joshi A (2003) An ontology for context-aware pervasive computing environments. Knowl Eng Rev 18(3):197–207. doi:10.1017/s0269888904000025

    Article  Google Scholar 

  53. Chen RC, Chen SP (2008) Intrusion Detection Using a Hybrid Support Vector Machine Based on Entropy and TF-IDF. Int J Innov Comput Inf Control 4(2):413–424

    Google Scholar 

  54. Chen RC, Cheng KF, Chen YH, Hsieh CF (2009) Using rough set and support vector machine for network intrusion detection system. In: First Asian conference on intelligent information and database systems (ACIIDS’09), Quang binh, Vietnam. IEEE, pp 465–470

  55. Cheng X, Liu B-x, Li K, Yan J (2009) Intrusion detection system based on KNN-MARS. In: WRI world congress on software engineering (WCSE ’09), Xiamen, China, 19–21 May 2009, vol 1, pp 392–396. doi:10.1109/WCSE.2009.79

  56. Chimphlee W, Abdullah AH, Noor Md Sap M, Srinoy S, Chimphlee S (2006) Anomaly-based intrusion detection using fuzzy rough clustering. In: International conference on hybrid information technology (ICHIT ’06), Jeju Island, Korea, 9–11 Nov 2006, vol 1, pp 329–334. doi:10.1109/ICHIT.2006.253508

  57. Chitta R, Jin R, Jain AK (2012) Efficient kernel clustering using random fourier features. In: IEEE 12th international conference on data mining, IEEE, pp 161–170

  58. Chuanliang C, Yunchao G, Yingjie T (2008) Semi-supervised learning methods for network intrusion detection. In: IEEE international conference on systems, man and cybernetics (SMC’08), Seoul, Korea, 12–15 Oct 2008, pp 2603–2608. doi:10.1109/ICSMC.2008.4811688

  59. Dasgupta D, González F (2002) An immunity-based technique to characterize intrusions in computer networks. IEEE Trans Evol Comput 6(3):281–291

    Article  Google Scholar 

  60. Dasgupta D, Nino F (2000) A comparison of negative and positive selection algorithms in novel pattern detection. In: IEEE international conference on systems, man, and cybernetics, Nashville, TN, vol 1. IEEE, pp 125–130

  61. Dayu Y, Hairong Q (2008) A network intrusion detection method using independent component analysis. In: 19th international conference on pattern recognition (ICPR’08), Tampa, Florida, USA, 8–11 Dec 2008, pp 1–4. doi:10.1109/ICPR.2008.4761087

  62. de Lima IVM, Degaspari JA, Sobral JBM (2008) Intrusion detection through artificial neural networks. In: IEEE network operations and management symposium (NOMS’08), Bahia, Brazil, 7–11 April 2008, pp 867–870. doi:10.1109/NOMS.2008.4575234

  63. Debar H, Becker M, Siboni D (1992) A neural network component for an intrusion detection system. In: IEEE computer society symposium on research in security and privacy, Oakland, California, 4–6 May 1992, pp 240–250. doi:10.1109/RISP.1992.213257

  64. Debar H, Dacier M, Wespi A (1999) Towards a taxonomy of intrusion-detection systems. Comput Netw 31(8):805–822

    Article  Google Scholar 

  65. Debar H, Dacier M, Wespi A (2000) A revised taxonomy for intrusion-detection systems. Ann Telecommun 55(7):361–378

    Google Scholar 

  66. Denning DE (1987) An intrusion-detection model. IEEE Trans Software Eng 13(2):222–232

    Article  Google Scholar 

  67. Depren O, Topallar M, Anarim E, Ciliz MK (2005) An intelligent intrusion detection system (IDS) for anomaly and misuse detection in computer networks. Expert Syst Appl 29(4):713–722. doi:10.1016/j.eswa.2005.05.002

    Article  Google Scholar 

  68. Desheng F, Shu Z, Ping G (2009) Research on a distributed network intrusion detection system based on association rule mining. In: 1st international conference on information science and engineering (ICISE), Nanjing, 26–28 Dec 2009, pp 1816–1818. doi:10.1109/icise.2009.929

  69. Dey AK (2000) Providing architectural support for building context-aware applications. PhD Thesis , Georgia Institute of Technology

  70. Dharap C (Google Patents, Patent version number: 6,256,633, 2001). Context-based and user-profile driven information retrieval. Google Patents

  71. Dickerson JE, Dickerson JA (2000) Fuzzy network profiling for intrusion detection. In: 19th international conference of the North American on Fuzzy Information Processing Society, Atlanta, Georgia, 2000, pp 301–306. doi:10.1109/NAFIPS.2000.877441

  72. Dickerson JE, Juslin J, Koukousoula O, Dickerson JA (2001) Fuzzy intrusion detection. In: IFSA (International Fuzzy Systems Association) world congress and 20th NAFIPS (North American Fuzzy Information Processing Society) international conference, Vancouver, British Columbia, vol 3. IEEEE, pp 1506–1510

  73. Ding T, AlEroud A Karabatis G (2015) Multi-granular aggregation of network flows for security analysis. In: IEEE international conference on intelligence and security informatics (ISI). IEEE, pp 173–175

  74. Ding X, Zhang G, Ke Y, Ma B, Li Z (2008) High efficient intrusion detection methodology with twin support vector machines. In: International symposium on information science and engineering (ISISE’08), Shanghai, China, vol 1. IEEE, pp 560–564

  75. Dwen-Ren T, Wen-Pin T, Chi-Fang C (2003) A hybrid intelligent intrusion detection system to recognize novel attacks. In: IEEE 37th Annual international Carnahan conference on security technology, Taipei, Taiwan, 14–16 Oct 2003, pp 428–434. doi:10.1109/CCST.2003.1297598

  76. Eiland EE, Liebrock LM (2006) An application of information theory to intrusion detection. In: Fourth IEEE international workshop on information assurance (IWIA’06), Egham, Surrey, UK, 13–14 April 2006, pp 66–81. doi:10.1109/IWIA.2006.3

  77. El-Semary A, Edmonds J, Gonzalez-Pino J, Papa M (2006) Applying data mining of fuzzy association rules to network intrusion detection. In: IEEE information assurance workshop, New York, USA, 21–23 June 2006, pp 100–107. doi:10.1109/iaw.2006.1652083

  78. Eskin E, Arnold A, Prerau M, Portnoy L, Stolfo S (2002) A geometric framework for unsupervised anomaly detection: detecting intrusions in unlabeled data. In: Proceedings of the conference on applications of data mining in computer security. Kluwer Academics, pp 78–100

  79. Eskin E, Lee W, Stolfo SJ (2001) Modeling system calls for intrusion detection with dynamic window sizes. In: Proceedings of DARPA information survivability conference & exposition (DISCEX’01), Anaheim, California, vol 1. IEEE, pp 165–175

  80. Estévez-Tapiador JM, Garcıa-Teodoro P, Dıaz-Verdejo JE (2004) Measuring normality in HTTP traffic for anomaly-based intrusion detection. Comput Netw 45(2):175–193. doi:10.1016/j.comnet.2003.12.016

    Article  Google Scholar 

  81. Fan W, Miller M, Stolfo S, Lee W, Chan P (2004) Using artificial anomalies to detect unknown and known network intrusions. Knowl Inf Syst 6(5):507–527

    Article  Google Scholar 

  82. Fangfei W, Qingshan J, Lifei C, Zhiling H (2007) Clustering ensemble based on the fuzzy KNN algorithm. In: Eighth ACIS international conference on software engineering, artificial intelligence, networking, and parallel/distributed computing (SNPD’07), Qingdao, July 30 2007–Aug 1 2007, vol 3, pp 1001–1006. doi:10.1109/SNPD.2007.504

  83. Fischer F, Mansmann F, Keim DA, Pietzko S, Waldvogel M (2008) Large-scale network monitoring for visual analysis of attacks. In: Visualization for computer security. Springer, pp 111–118

  84. Florez G, Bridges S, Vaughn RB (2002) An improved algorithm for fuzzy data mining for intrusion detection. In: Annual meeting of the North American fuzzy information processing society (NAFIPS’02), Ann Arbor, MI. IEEE, pp 457–462

  85. Fortu O, Moldovan D (2005) Identification of textual contexts. In: Proceedings of the 5th international conference on modeling and using context, Paris, France. 2136862. Springer, pp 169–182. doi:10.1007/11508373_13

  86. Gao B, Ma HY, Yang YH (2002) HMMS (Hidden Markov Models) based on anomaly intrusion detection method. In: International conference on machine learning and cybernetics, Beijing, vol 1. IEEE, pp 381–385

  87. Gao M, Tian J, Xia M (2009) Intrusion detection method based on classify support vector machine. In: Second international conference on intelligent computation technology and automation (ICICTA’09), Zhangjiajie, China, vol 2. IEEE, pp 391–394

  88. Giseop N, Ilkyeun R (2009) An efficient and reliable DDoS attack detection using a fast entropy computation method. In: 9th international symposium on communications and information technology (ISCIT’09), Icheon, South Korea, 28–30 Sept 2009, pp 1223–1228. doi:10.1109/ISCIT.2009.5341118

  89. Gomez J, Dasgupta D (2002) Evolving fuzzy classifiers for intrusion detection. In: Proceedings of the IEEE workshop on information assurance, West Point, NY, vol 6. IEEE Computer Press, New York, vol 3, pp 321–323

  90. Gómez J, González F, Dasgupta D (2003) An immuno-fuzzy approach to anomaly detection. In: The 12th IEEE international conference on fuzzy systems(FUZZ’03), St. Louis, MO, USA, vol 2. IEEE, pp 1219–1224

  91. Granitzer M, Kroll M, Seifert C, Rath AS, Weber N, Dietzel O, et al (2008) Analysis of machine learning techniques for context extraction. In: Third international conference on digital information management (ICDIM’08), London, UK. IEEE, pp 233–240

  92. Gray D, Kraus R (2012, Available: https://www.necam.com/docs/?id=36eda3e2-ec01-4117-a7cc-3483db8422e7). Contextual security provides actionable intelligence. Accessed 2012, Available: https://www.necam.com/docs/?id=36eda3e2-ec01-4117-a7cc-3483db8422e7

  93. Green DM, Swets JA (1966) Signal detection theory and psychophysics, vol 1974. Wiley, New, York

    Google Scholar 

  94. Greenberg S (2001) Context as a dynamic construct. Hum Comput Interact 16(2):257–268. doi:10.1207/s15327051hci16234_09

    Article  Google Scholar 

  95. Grobelnik M, Mladenic D, Leban G, Stajner T (2011) Context and semantics for knowledge management: technologies for personal productivity: machine learning techniques for understanding context and process (1st ed). Springer, Berlin, pp 127–145

  96. Gross T, Specht M (2001) Awareness in context-aware information systems. In: Mensch & computer conference, Germany, vol 1. Citeseer, pp 173–182

  97. Gruber TR (1993) A translation approach to portable ontology specifications. Knowl Acquis 5(2):199–220. doi:10.1006/knac.1993.1008

    Article  Google Scholar 

  98. Gruschke B (1998) Integrated event management: event correlation using dependency graphs. In: Proceedings of the 9th IFIP/IEEE international workshop on distributed systems: operations & management (DSOM 98), Newark, DE, USA, pp 130–141

  99. Gu G, Fogla P, Dagon D, Lee W, Skorić B (2006) Measuring intrusion detection capability: an information-theoretic approach. In: Proceedings of the ACM symposium on information, computer and communications security, Taipei, Taiwan. ACM, pp 90–101

  100. Guan Y, Ghorbani AA, Belacel N (2003) Y-means: a clustering method for intrusion detection. In: IEEE Canadian conference on electrical and computer engineering, Canada; Montreal, 4–7 May 2003, vol 2, pp 1083–1086. doi:10.1109/CCECE.2003.1226084

  101. Gujral S, Ortiz E, Syrmos VL (2009) An unsupervised method for intrusion detection using spectral clustering. In: IEEE symposium on computational intelligence in cyber security (CICS ’09), Nashville, TN, USA, March 30 2009–April 2 2009, pp 99–106. doi:10.1109/CICYBS.2009.4925096

  102. Guo C, Zhou Y-J, Ping Y, Luo S-S, Lai Y-P, Zhang Z-K (2013) Efficient intrusion detection using representative instances. Comput Secur 39:255–267. doi:10.1016/j.cose.2013.08.003

    Article  Google Scholar 

  103. Haijun X, Fang P, Ling W, Hongwei L (2007) Ad hoc-based feature selection and support vector machine classifier for intrusion detection. In: IEEE international conference on grey systems and intelligent services, (GSIS07), Macau, China. IEEE, pp 1117–1121

  104. Hall MA (1999) Correlation-based feature selection for machine learning. PhD thesis, the University of Waikato

  105. Halme LR (1995) AIN’T misbehaving-A taxonomy of anti-intrusion techniques. Comput Secur 14(7):606–606

    Google Scholar 

  106. Han J, Pei J, Yin Y (2000) Mining frequent patterns without candidate generation. SIGMOD Rec 29(2):1–12. doi:10.1145/335191.335372

    Article  Google Scholar 

  107. Han SJ, Cho SB (2005) Evolutionary neural networks for anomaly detection based on the behavior of a program. IEEE Trans Syst Man Cybern B Cybern 36(3):559–570

    Article  Google Scholar 

  108. Han W, Xiong W, Xiao Y, Ellabidy M, Vasilakos AV, Xiong N (2012) A class of non-statistical traffic anomaly detection in complex network systems. In: 32nd international conference on distributed computing systems workshops (ICDCSW), Macau, China. IEEE, pp 6400–6406

  109. Handra SI, Ciocarlie H (2011) Anomaly detection in data mining. Hybrid approach between filtering-and-refinement and DBSCAN. In: 6th IEEE international symposium on applied computational intelligence and informatics (SACI), Timisoara, Romania, 19–21 May 2011, pp 75–83. doi:10.1109/SACI.2011.5872976

  110. Hassanzadeh A, Sadeghian B (2008) Intrusion detection with data correlation relation graph. In: Third international conference on availability, reliability and security (ARES’08), Washington, DC, USA, 4–7 March 2008, pp 982–989. doi:10.1109/ARES.2008.119

  111. Hawkins S, He H, Williams G, Baxter R (2002) Outlier detection using replicator neural networks. In: 4th international conference on data warehousing and knowledge discovery, Aix-en-Provence, France, pp 113–123

  112. Hayes MA, Capretz MA (2014) Contextual anomaly detection in big sensor data. In: 2014 IEEE international congress on big data. IEEE, pp 64–71

  113. Hellemons L, Hendriks L, Hofstede R, Sperotto A, Sadre R, Pras A (2012) SSHCure: a flow-based SSH intrusion detection system. In: Sadre R, Novotný J, Čeleda P, Waldburger M, Stiller B (eds) Dependable networks and services, vol 7279 (Lecture Notes in Computer Science), Springer, Berlin, pp 86–97

  114. Heller K, Svore K, Keromytis AD, Stolfo S (2003) One class support vector machines for detecting anomalous windows registry accesses. In: Workshop on data mining for computer security (DMSEC), Melbourne, FL, pp 2–9

  115. Hendry GR, Yang SJ (2008) Intrusion signature creation via clustering anomalies. In: Proceeding of SPIE, Bellingham, WA, pp 69730–69731

  116. Hu W, Gao J, Wang Y, Wu O, Maybank S (2014) Online Adaboost-based parameterized methods for dynamic distributed network intrusion detection. IEEE Trans Cybern 44(1):66–82

    Article  Google Scholar 

  117. Hu W, Liao Y, Vemuri VR (2003) Robust anomaly detection using support vector machines. In: Proceedings of the international conference on machine learning, Washington, DC USA, pp 282–289

  118. Hunt EB, Marin J, Stone PJ (1966) Experiments in induction, 1st ed. The University of Michigan, Academic Press, Michigan

  119. Hussein M, Zulkernine M (2006) UMLINTR: A UML profile for specifying intrusions. In: Proceedings of the 13th annual IEEE international symposium and workshop on engineering of computer based systems, Potsdam, Germany. 1126211: IEEE Computer Society, pp. 279–288. doi:10.1109/ecbs.2006.70

  120. Ide T, Kashima H (2004) Eigenspace-based anomaly detection in computer systems. In: Proceedings of the tenth ACM SIGKDD international conference on knowledge discovery and data mining, Seattle, WA, USA. 1014102: ACM, pp 440–449. doi:10.1145/1014052.1014102

  121. Idris NB, Shanmugam B (2005) Artificial intelligence techniques applied to intrusion detection. In: EEE India conference Indicon (INDICON’05), Chennai, India, 11–13 Dec 2005, pp 52–55. doi:10.1109/INDCON.2005.1590122

  122. Ippoliti D, Xiaobo Z (2010) An adaptive growing hierarchical self organizing map for network intrusion detection. In: Proceedings of 19th international conference on computer communications and networks (ICCCN’10), Zurich, Switzerland, 2–5 Aug 2010, pp 1–7. doi:10.1109/ICCCN.2010.5560165

  123. Jadidi Z, Muthukkumarasamy V, Sithirasenan E, Sheikhan M (2013) Flow-based anomaly detection using neural network optimized with GSA algorithm. In: Distributed computing systems workshops (ICDCSW), 2013 IEEE 33rd international conference on, 8–11 July 2013, pp 76–81. doi:10.1109/ICDCSW.2013.40

  124. Jakobson G (2003) The technology and practice of integrated multiagent event correlation systems. In: International conference on integration of knowledge intensive multi-agent systems, Boston MA, USA, 30 Sept–4 Oct 2003, pp 568–573. doi:10.1109/KIMAS.2003.1245102

  125. Jha S, Tan K, Maxion RA (2001) Markov chains, classifiers, and intrusion detection. In: Proceedings. 14th IEEE Computer Security Foundations., Nova Scotia, Canada, 2001, pp 206–219. doi:10.1109/CSFW.2001.930147

  126. Ji-Qing X, Feng-Hua L, Xian-Lun T (2005) A novel intrusion detection method based on clonal selection clustering algorithm. In: Proceedings of international conference on machine learning and cybernetics, Guangzhou, China, 18–21 Aug 2005, vol 6, pp 3905–3910. doi:10.1109/ICMLC.2005.1527620

  127. Ji S-Y, Jeong B-K, Choi S, Jeong DH (2016) A multi-level intrusion detection method for abnormal network behaviors. J Netw Comput Appl 62:9–17

    Article  Google Scholar 

  128. Jianxiong L, Bridges SM, Vaughn RB Jr (2001) Fuzzy frequent episodes for real-time intrusion detection. In: The 10th IEEE international conference on fuzzy systems, Melbourne, VIC, 2001, vol 1, pp 368–371. doi:10.1109/FUZZ.2001.1007325

  129. Jie L, Zhi-tang L (2007) Using network attack graph to predict the future attacks. In: Second international conference on communications and networking in China (CHINACOM ’07), Xi’an, China, 22–24 Aug 2007, pp 403–407. doi:10.1109/CHINACOM.2007.4469413

  130. Jing-xin W, Zhi-ying W, Kui D (2004) A network intrusion detection system based on the artificial neural networks. In: Proceedings of the 3rd international conference on information security, Shanghai, China. ACM, pp 166–170

  131. Jing Z, Hongjuan W, Yushu L (2011) Intrusion detection using evolving fuzzy classifiers. In: 6th IEEE joint international information technology and artificial intelligence conference (ITAIC’11), Chongqing, 20–22 Aug 2011, vol 1, pp 119–122. doi:10.1109/ITAIC.2011.6030165

  132. Jirapummin C, Wattanapongsakorn N, Kanthamanon P (2002) Hybrid neural networks for intrusion detection system. In: International conference on multimedia technology (ICMT), Wuhan, China, pp 928–931

  133. Johnson RA, Wichern DW (1992) Applied multivariate statistical analysis, vol 4, 3rd edn. Prentice Hall, Englewood Cliffs

    MATH  Google Scholar 

  134. Jones AK, Sielken RS (2000) Computer system intrusion detection. A survey Accessed (2000)

  135. Jou YF, Gong F, Sargor C, Wu SF, Cleaveland WR (1997) Architecture design of a scalable intrusion detection system for the emerging network infrastructure. Accessed (1997)

  136. Juan W, Feng-Li Z, Jing J, Wei C (2010) Alert analysis and threat evaluation in network situation awareness. In: 2010 international conference on communications, circuits and systems (ICCCAS’10), Chengdu, China, 28–30 July 2010, pp 278–281. doi:10.1109/ICCCAS.2010.5582005

  137. Jun L, Manikopoulos C (2003) Early statistical anomaly intrusion detection of DoS attacks using MIB traffic parameters. In: IEEE systems, man and cybernetics society information assurance workshop, West Point, New York, USA, 18–20 June 2003, pp 53–59. doi:10.1109/SMCSIA.2003.1232401

  138. Jun M, Guanzhong D, Zhong X (2009) Network anomaly detection using dissimilarity-based one-class SVM classifier. In: International conference on parallel processing workshops (ICPPW ’09), Kaohsiung, 22–25 Sept 2009, pp 409–414. doi:10.1109/ICPPW.2009.6

  139. Kim G, Lee S, Kim S (2014) A novel hybrid intrusion detection method integrating anomaly detection with misuse detection. Expert Syst Appl 41(4, Part 2):1690–1700. doi:10.1016/j.eswa.2013.08.066

  140. Kind A, Stoecklin MP, Dimitropoulos X (2009) Histogram-based Traffic Anomaly Detection. IEEE Trans Netw Serv Manag 6(2):110–121. doi:10.1109/TNSM.2009.090604

    Article  Google Scholar 

  141. Kohavi R, John GH (1995) Automatic parameter selection by minimizing estimated error. In: Proceedings of the twelfth annual international conference on machine learning, Tahoe City, California, USA. Citeseer, pp 304–312)

  142. Kruegel C, Mutz D, Robertson W, Valeur F (2003) Bayesian event classification for intrusion detection. In: 19th annual computer security applications conference, Las Vegas, NV, USA, 8–12 Dec 2003, pp 14–23. doi:10.1109/CSAC.2003.1254306

  143. Kruegel C, Valeur F, Vigna G (2004) Intrusion detection and correlation: challenges and solutions, vol 14). Springer, Berlin

  144. Kuang L, Zulkernine M (2008) An anomaly intrusion detection method using the CSI-KNN algorithm. In: Proceedings of the 2008 ACM symposium on applied computing, Fortaleza, Ceara, Brazil. 1363897: ACM, pp 921–926. doi:10.1145/1363686.1363897

  145. Kulsoom A, Lee C, Conti G, Copeland JA (2005) Visualizing network data for intrusion detection. In: Proceedings from the sixth annual IEEE SMC information assurance workshop (IAW ’05), West Point, NY, 15–17 June 2005, pp 100–108. doi:10.1109/IAW.2005.1495940

  146. Kumar P, Rao M, Krishna P, Bapi R (2005a) Using sub-sequence information with K-NN for classification of sequential data. In: Distributed computing and internet technology, Bhubaneswar, India, pp 1–11

  147. Kumar P, Rao M, Krishna P, Bapi R (2005b) Using sub-sequence information with kNN for classification of sequential data. In: Distributed computing and internet technology, Bhubaneswar, India, pp 1–11

  148. Kun-Lun L, Hou-Kuan H, Sheng-Feng T, Wei X (2003) Improving one-class SVM for anomaly detection. In: International conference on machine learning and cybernetics, Xi’an, China, 2–5 Nov 2003, vol 5, pp 3077–3081, vol 3075. doi:10.1109/ICMLC.2003.1260106

  149. Labib K, Vemuri VR (2006) An application of principal component analysis to the detection and visualization of computer network attacks. Annales des télécommunications 61(1–2):218–234

    Article  Google Scholar 

  150. Lakhina A, Crovella M, Diot C (2005) Mining anomalies using traffic feature distributions. In: Proceedings of the conference on applications, technologies, architectures, and protocols for computer communications (SIGCOMM ’05), Philadelphia, PA, USA, vol 35. ACM, pp 217–228, vol 4

  151. Lazarevic A, Ertoz L, Kumar V, Ozgur A, Srivastava J (2003) A Comparative study of anomaly detection schemes in network intrusion detection. In: Proceedings of the third SIAM international conference on data mining, San Francisco, CA, USA, vol 3, pp 25–36. Society for Industrial & Applied

  152. Lee SC, Heinbuch DV (2001) Training a neural-network based intrusion detector to recognize novel attacks. IEEE Trans Syst Man Cybern Syst Hum 31(4):294–299

    Article  Google Scholar 

  153. Lee W, Stolfo SJ (1998a) Data mining approaches for intrusion detection. In: Proceedings of the 7th conference on USENIX security symposium, San Antonio, Texas, pp 6–12. 1267555: USENIX Association

  154. Lee W, Stolfo SJ (1998b) Data mining approaches for intrusion detection. In: Usenix security

  155. Lee W, Stolfo SJ (2000) A framework for constructing features and models for intrusion detection systems. ACM Trans Inf Syst Secur (TISSEC) 3(4):227–261

    Article  Google Scholar 

  156. Lee W, Stolfo SJ, Mok KW (2000) Adaptive intrusion detection: a data mining approach. Artif Intell Rev 14(6):533–567

    Article  MATH  Google Scholar 

  157. Lei JZ, Ghorbani A (2004) Network intrusion detection using an improved competitive learning neural network. In: Second annual conference on communication networks and services research, Fredericton, N.B., Canada, 19–21 May 2004, pp 190–197. doi:10.1109/DNSR.2004.1344728

  158. Leung K, Leckie C (2005) Unsupervised anomaly detection in network intrusion detection using clusters. In: Proceedings of the twenty-eighth Australasian conference on computer science, Newcastle, NSW, Australia. Australian Computer Society, Inc, pp 333–342

  159. Li H, Guan XH, Zan X, Han CZ (2003) Network intrusion detection based on support vector machine. J Comput Res Dev 6(1):799–807

    Google Scholar 

  160. Li X-B (2005) A scalable decision tree system and its application in pattern recognition and intrusion detection. Decis Support Syst 41(1):112–130. doi:10.1016/j.dss.2004.06.0l6

    Article  Google Scholar 

  161. Li Xy, Gao Gh, Sun Jx (2010) A new intrusion detection method based on improved DBSCAN. In: WASE international conference on information engineering (ICIE), Beidaihe, 14–15 Aug 2010, vol 2, pp 117–120. doi:10.1109/ICIE.2010.123

  162. Li Y, Fang B, Guo L, Chen Y (2007) Network anomaly detection based on TCM-KNN algorithm. In: Proceedings of the 2nd ACM symposium on information, computer and communications security, Singapore. 1229292: ACM, pp 13–19. doi:10.1145/1229285.1229292

  163. Li Y, Guo L (2007) An active learning based TCM-KNN algorithm for supervised network intrusion detection. Comput Secur 26(7):459–467

    Article  Google Scholar 

  164. Liang Y, Wang HQ, Cai HB, He YJ (2008) A novel stochastic modeling method for network security situational awareness. In: 3rd IEEE conference on industrial electronics and applications (ICIEA’08), Singapore, 3–5 June 2008, pp 2422–2426. doi:10.1109/ICIEA.2008.4582951

  165. Liao Y, Vemuri VR (2002) Use of K-nearest neighbor classifier for intrusion detection. Comput Secur 21(5):439–448

    Article  Google Scholar 

  166. Lichodzijewski P, Nur Zincir-Heywood A, Heywood MI (2002) Host-based intrusion detection using self-organizing maps. In: Proceedings of the international joint conference on neural networks (IJCNN’02), Honolulu, Hawaii, vol 2. IEEE, pp 1714–1719

  167. Likas A, Vlassis N, Verbeek JJ (2003) The global k-means clustering algorithm. Pattern Recognit 36(2):451–461

    Article  Google Scholar 

  168. Liu G, Yi Z, Yang S (2007) A hierarchical intrusion detection model based on the PCA neural networks. Neurocomputing 70(7–9):1561–1568. doi:10.1016/j.neucom.2006.10.146

    Article  Google Scholar 

  169. Liu L, Liu Y (2009) MQPSO based on wavelet neural network for network anomaly detection. In: 5th international conference on wireless communications (WiCom’09), Bijing, China. IEEE, pp 1–5

  170. Livnat Y, Agutter J, Moon S, Erbacher RF, Foresti S (2005) A visualization paradigm for network intrusion detection. In: Proceedings from the sixth annual IEEE SMC information assurance workshop. IEEE, pp 92–99

  171. Lizhong X, Zhiqing S, Gang L (2006) K-means algorithm based on particle swarm optimization algorithm for anomaly intrusion detection. In: The sixth world congress on intelligent control and automation (WCICA’06), Dalian, China, vol 2, pp 5854–5858. doi:10.1109/WCICA.2006.1714200

  172. Lopes CT (2009) Context features and their use in information retrieval. Paper presented at the proceedings of the third BCS-IRSG conference on Future directions in information access, Padua, Italy

  173. Lu H, Chen J, Wei W (2008) Two stratum bayesian network based anomaly detection model for intrusion detection system. In: International symposium on electronic commerce and security, Guangzhou, China 3–5:482–487. doi:10.1109/ISECS.2008.178

  174. Lu N, Mabu S, Wang T, Hirasawa K (2012) Integrated fuzzy GNP rule mining with distance-based classification for intrusion detection system. In: IEEE international conference on systems, man, and cybernetics (SMC). Seoul, Korea, 14–17 Oct 2012, pp 1569–1574. doi:10.1109/ICSMC.2012.6377960

  175. Luo J, Bridges SM (2000) Mining fuzzy association rules and fuzzy frequency episodes for intrusion detection. Int J Intell Syst 15(8):687–703

    Article  MATH  Google Scholar 

  176. Mehdi MSZ, Bensebti AAaM (2007) A bayesian networks in intrusion detection systems. J Comput Sci 3(5):259–265

  177. Ma J, Perkins S (2003) Time-series novelty detection using one-class support vector machines. In: Proceedings of the international joint conference on neural networks, Portland, 20–24 July 2003, vol 3, pp 1741–1745, vol 1743. doi:10.1109/IJCNN.2003.1223670

  178. Ma Y (2010) The intrusion detection system based on fuzzy association rules mining. In: 2nd international conference on computer engineering and technology (ICCET), Chengdu, China, 16–18 April 2010, vol 7, pp V7-667–V667-672). doi:10.1109/iccet.2010.5485674

  179. Mahoney MV, Chan PK (2002) Learning nonstationary models of normal network traffic for detecting novel attacks. Paper presented at the proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining, Edmonton, Alberta, Canada

  180. Mamei M, Nagpal R (2007) Macro programming through Bayesian networks: distributed inference and anomaly detection. In: Fifth annual IEEE international conference on pervasive computing and communications (PerCom ’07). White Plains, New York, USA, 19-23 March 2007, pp 87–96. doi:10.1109/PERCOM.2007.19

  181. Manganaris S, Christensen M, Zerkle D, Hermiz K (2000) A data mining analysis of RTID alarms. Comput Netw 34(4):571–577

    Article  Google Scholar 

  182. Martinez CA, Echeverri GI, Sanz AGC (2010) Malware detection based on cloud computing integrating intrusion ontology representation. In: IEEE Latin-American conference on communications (LATINCOM’10), Belem, Brazil, 15–17 Sept 2010, pp 1–6. doi:10.1109/LATINCOM.2010.5641013

  183. Mathew S, Shah C, Upadhyaya S (2005) An alert fusion framework for situation awareness of coordinated multistage attacks. In: Third IEEE international workshop on information assurance, College Park, MD, USA, 23–24 March 2005, pp 95–104. doi:10.1109/IWIA.2005.3

  184. Meng J, Shang H, Bian L (2009) The application on intrusion detection based on K-means cluster algorithm. In: International forum on information technology and applications(IFITA ’09), Chengdu, China, 15–17 May 2009, vol 1, pp 150–152. doi:10.1109/IFITA.2009.34

  185. Middlemiss M, Dick G (2003) Feature selection of intrusion detection data using a hybrid genetic algorithm/KNN approach. Design Appl Hybrid Intell Syst 3(1):519–527

    Google Scholar 

  186. Min L, Xiaohong L, Shouhe X (2008) An intrusion detection research based on spectral clustering. In: 4th international conference on wireless communications, networking and mobile computing (WiCOM ’08), Dalian, China, 12–14 Oct 2008, pp 1–4. doi:10.1109/WiCom.2008.1100

  187. Mitrokotsa A, Dimitrakakis C (2013) Intrusion detection in MANET using classification algorithms: the effects of cost and model selection. Ad Hoc Netw 11(1):226–237. doi:10.1016/j.adhoc.2012.05.006

    Article  Google Scholar 

  188. Mohajerani M, Moeini A, Kianie M (2003) NFIDS: a neuro-fuzzy intrusion detection system. In: 10th IEEE international conference on electronics, circuits and systems(ICECS’03), Sharjah, United Arab Emirates, vol 1. IEEE, pp 348–351

  189. Mora FJ, Macia F, Garcia JM, Ramos H (2006) Intrusion detection system based on growing grid neural network. In: IEEE Mediterranean electrotechnical conference(MELECON’06), Malaga, Spain. IEEE, pp 839–842

  190. Mukkamala S, Janoski G, Sung A (2002) Intrusion detection using neural networks and support vector machines. In: Proceedings of the international joint conference on neural networks( IJCNN’02), Honolulu, Hawaii, vol 2. IEEE, pp 1702–1707

  191. Mukkamala S, Sung AH (2002) Identifying key features for intrusion detection using neural networks. In: Proceedings of the 15th international conference on computer communication, Maharashtra, India. 838234: International Council for Computer Communication, pp 1132–1138

  192. Mukkamala S, Sung AH, Abraham A (2005) Intrusion detection using an ensemble of intelligent paradigms. J Netw Comput Appl 28(2):167–182. doi:10.1016/j.jnca.2004.01.003

    Article  Google Scholar 

  193. Mulay SA, Devale PR, Garje GV (2010) Decision tree based support vector machine for intrusion detection. In: International conference on networking and information technology (ICNIT), Manila, Philippines, 11–12 June 2010, pp 59–63. doi:10.1109/icnit.2010.5508557

  194. Muntean M, Valean H, Miclea L, Incze A (2010) A novel intrusion detection method based on support vector machines. In: 11th international symposium on computational intelligence and informatics (CINTI’11), Hungary. IEEE, pp 47–52

  195. Naveen N (2012) Application of relevance vector machines in real time intrusion detection. Int J Adv Comput Sci Appl 3(9):48–53

    Google Scholar 

  196. Niu W, Li G, Zhao Z, Tang H, Shi Z (2011) Multi-granularity context model for dynamic Web service composition. J Netw Comput Appl 34(1):312–326. doi:10.1016/j.jnca.2010.07.014

    Article  Google Scholar 

  197. Noel S, Jajodia S (2005) Understanding complex network attack graphs through clustered adjacency matrices. In: 21st annual computer security applications conference, AZ, USA, 5–9 Dec 2005, pp 159–169. doi:10.1109/CSAC.2005.58

  198. Noel S, Robertson E, Jajodia S (2004) Correlating intrusion events and building attack scenarios through attack graph distances. In: 20th annual computer security applications conference, Tucson, AZ, USA, 2004, pp 350–359. doi:10.1109/CSAC.2004.11

  199. Noel S, Sushil J, O’Berry B, Jacobs M (2003) Efficient minimum-cost network hardening via exploit dependency graphs. In: Proceedings 19th annual computer security applications conference, Orlando, FL USA, 8–12 Dec 2003, pp 86–95. doi:10.1109/CSAC.2003.1254313

  200. Nong Y, Yebin Z, Borror CM (2004) Robustness of the Markov-Chain model for Cyber-Attack Detection. IEEE Trans Reliab 53(1):116–123. doi:10.1109/TR.2004.823851

    Article  Google Scholar 

  201. Nwanze N, Summerville D (2008) Detection of anomalous network packets using lightweight stateless payload inspection. In: 33rd IEEE conference on local computer networks (LCN’08), Montreal, Que, 14–17 Oct 2008, pp 911–918. doi:10.1109/LCN.2008.4664303

  202. Otey M, Parthasarathy S, Ghoting A, Li G, Narravula S, Panda D (2003) Towards NIC-based intrusion detection. In: Proceedings of the ninth ACM SIGKDD international conference on knowledge discovery and data mining, Washington, D.C. 956847: ACM, pp 723–728. doi:10.1145/956750.956847

  203. Pan ZS, Chen SC, Hu GB, Zhang DQ (2003) Hybrid neural network and C4. 5 for misuse detection. In: International conference on machine learning and cybernetics, Xi’an, China, vol 4. IEEE, pp 2463–2467

  204. Panda M, Patra MR (2007) Network intrusion detection using Naïve Bayes. IJCSNS Int J Comput Sci Netw Secur 7(12):259–263

    Google Scholar 

  205. Patcha A, Park JM (2005) Detecting denial-of-service attacks with incomplete audit data. In: Proceedings of 14th international conference on computer communications and networks ( ICCCN’05), Washington, DC, USA, 17–19 Oct 2005, pp 263–268. doi:10.1109/ICCCN.2005.1523864

  206. Peddabachigari S, Abraham A, Grosan C, Thomas J (2007) Modeling intrusion detection system using hybrid intelligent systems. J Netw Comput Appl 30(1):114–132

    Article  Google Scholar 

  207. Peddabachigari S, Abraham A, Thomas J (2004) Intrusion detection systems using decision trees and support vector machines. Int J Appl Sci Comput 2:18–134

    Google Scholar 

  208. Peng T, Chen X, Liu H, Chen K (2010) Data reduction for network forensics using manifold learning. In: 2nd international workshop on database technology and applications (DBTA), Wuhan, Hubei, China, 27–28 Nov 2010, pp 1–5. doi:10.1109/DBTA.2010.5659004

  209. Pensa RG, Leschi C, Besson J, Boulicaut JF (2004) Assessment of discretization techniques for relevant pattern discovery from gene expression data. In: Proceedings of ACM BIOKDD, Seattle, Washington, USA, vol 4, pp 24–30

  210. Phua C, Alahakoon D, Lee V (2004) Minority report in Fraud detection: classification of Skewed Data. ACM SIGKDD Explor Newsl 6(1):50–59

    Article  Google Scholar 

  211. Portnoy L (2001) Intrusion detection with unlabeled data using clustering, Accessed (2001)

  212. Powell D, Stroud R (2001) Malicious-and accidental-fault tolerance for internet applications conceptual model and architecture. Accessed (2001)

  213. Qiao Y, Xin XW, Bin Y, Ge S (2002) Anomaly intrusion detection method based on HMM. Electron Lett 38(13):663–664. doi:10.1049/el:20020467

    Article  Google Scholar 

  214. Qin M, Hwang K (2004) Frequent episode rules for intrusive anomaly detection with internet datamining. In: USENIX security symposium, San Diego, CA

    Google Scholar 

  215. Qin X (2005) A probabilistic-based framework for Infosec alert correlation, PhD thesis. Georgia Institute of Technology

  216. Qin X, Lee W (2004) Attack plan recognition and prediction using causal networks. In: 20th annual computer security applications conference, Tucson, AZ, USA, 6–10 Dec 2004, pp 370–379. doi:10.1109/CSAC.2004.7

  217. Qishi W, Ferebee D, Yunyue L, Dasgupta D (2009) An integrated cyber security monitoring system using correlation-based techniques. In: IEEE international conference on system of systems engineering, Albuquerque, NM, May 30 2009–June 3 2009, pp 1–6

  218. Qiu H, Eklund N, Hu X, Yan W, Iyer N (2008) Anomaly detection using data clustering and neural networks. In: IEEE international joint conference on neural networks, Hong Kong, China. IEEE, pp 3627–3633

  219. Ranganathan A, Campbell RH (2003) A middleware for context-aware agents in ubiquitous computing environments. In: Proceedings of the ACM/IFIP/USENIX international conference on middleware, Rio de Janeiro, Brazil. 1515926: Springer, New York, pp 143–161

  220. Reichle R, Wagner M, Khan MU, Geihs K, Lorenzo J, Valla M, et al. (2008) A comprehensive context modeling framework for pervasive computing systems. In: Proceedings of the 8th IFIP WG 6.1 international conference on distributed applications and interoperable systems, Oslo, Norway. 1789105: Springer, pp 281–295

  221. Ren P, Gao Y, Li Z, Chen Y, Watson B (2005) IDGraphs: intrusion detection and analysis using histographs. In: IEEE workshop on visualization for computer security, 2005 (VizSEC 05). IEEE, pp 39–46

  222. Ritchey R, O’Berry B, Noel S (2002) Representing TCP/IP connectivity for topological analysis of network security. In: Proceedings of the 18th annual computer security applications conference, Las Vegas, Nevada, 2002, pp 25–31. doi:10.1109/CSAC.2002.1176275

  223. Roesch M Snort intrusion detection system. http://www.snort.org. Accessed 22 Dec 2013

  224. Roschke S, Feng C, Meinel C (2010) Using vulnerability information and attack graphs for intrusion detection. In: Sixth international conference on information assurance and security (IAS), GA, USA, 23–25 Aug 2010, pp 68–73. doi:10.1109/ISIAS.2010.5604041

  225. Rui Z, Yongquan Y, Mingjun C (2009) An intrusion detection algorithm model based on extension clustering support vector machine. In: International conference on artificial intelligence and computational intelligence (AICI’09), Shanghai, China, vol 1. IEEE, pp 15–18

  226. Ryan J, Lin MJ, Miikkulainen R (1998) Intrusion detection with neural networks. In: Proceedings of advances in neural information processing systems, Denver, Colorado, USA. Morgan Kaufmann Publishers, pp 943–949

  227. Saad S, Traore I (2010) Method ontology for intelligent network forensics analysis. In: Eighth annual international conference on privacy security and trust (PST’10), Ottawa, Ontario, Canada, 17–19 Aug 2010, pp 7–14. doi:10.1109/PST.2010.5593235

  228. Sánchez R, Herrero Á, Corchado E (2013) Visualization and clustering for SNMP intrusion detection. Cybern Syst 44(6–7):505–532

    Article  Google Scholar 

  229. Sang-Hyun O, Jin-Suk K, Yung-Cheol B, Gyung-Leen P, Sang-Yong B (2005) Intrusion detection based on clustering a data stream. In: Third ACIS international conference on software engineering research, management and applications, Michigan, USA, 11–13 Aug 2005, pp 220–227. doi:10.1109/SERA.2005.49

  230. Sang JH, Cho SB (2003) Combining multiple host-based detectors using decision tree. In: Gedeon T, Fung L (eds) Proceedings of 16th Australian conferenceon artificial intelligence, Perth, Australia, 2003/01/01 (vol 2903, Lecture Notes in Computer Science). Springer Berlin, pp 208–220. doi:10.1007/978-3-540-24581-0_18

  231. Sarasamma ST, Zhu QA, Huff J (2005) Hierarchical Kohonenen net for anomaly detection in network security. IEEE Trans Syst Man Cybern B Cybern 35(2):302–312. doi:10.1109/TSMCB.2005.843274

    Article  Google Scholar 

  232. Schölkopflkopf Platt JC, Shawe-Taylor JC, Smola AJ, Williamson RC (2001) Estimating the support of a high-dimensional distribution. Neural Comput 13(7):1443–1471. doi:10.1162/089976601750264965

    Article  MATH  Google Scholar 

  233. Schifanella C, Sapino ML, Sel K, Candan U (2012) On context-aware co-clustering with metadata support. J Intell Inf Syst 38(1):209–239. doi:10.1007/s10844-011-0151-x

    Article  Google Scholar 

  234. Schilit B, Adams N, Want R (1994) Context-aware computing applications. In:First workshop on mobile computing systems and applications (WMCSA’94). Santa Cruz, CA, USA. IEEE, pp 85–90

  235. Schmidt A, Beigl M, Gellersen H-W (1999) There is more to context than location. Comput Graph 23(6):893–901. doi:10.1016/S0097-8493(99)00120-X

    Article  Google Scholar 

  236. Scott SL (2004) A Bayesian paradigm for designing intrusion detection systems. Comput Stat Data Anal 45(1):69–83. doi:10.1016/S0167-9473(03)00177-4

    Article  MathSciNet  MATH  Google Scholar 

  237. Sebyala AA, Olukemi T, Sacks L (2002) Active platform security through intrusion detection using Naive Bayesian network for anomaly detection. In: The London communications symposium. Citeseer, London

  238. Sekeh MA, bin Maarof MA (2009) Fuzzy intrusion detection system via data mining technique with sequences of system calls. In: Fifth international conference on information assurance and security (IAS ’09), Xi’An, China, 18–20 Aug 2009, vol 1, pp 154–157. doi:10.1109/IAS.2009.32

  239. Shah H, Undercoffer J, Joshi A (2003) Fuzzy clustering for intrusion detection. In: The 12th IEEE international conference on fuzzy systems (FUZZ ’03), St Louis, MO, USA, 25–28 May 2003, vol 2, pp 1274–1278. doi:10.1109/FUZZ.2003.1206614

  240. Sharma SK, Pandey P, Tiwari SK, Sisodia MS (2012) An improved network intrusion detection technique based on K-means clustering via Naive Bayes classification. In: International conference on advances in engineering, science and management (ICAESM), EGS Pillay Engineering College, Nagapattinam, 30–31 March 2012, pp 417–422

  241. Shaw DG (2011) Reducing false-positives and false-negatives in security event data using context. https://www.nasa.gov/ppt/583349main_2011_Present_NASA_IT_Summit_Shaw_Reducing_False_Positives_(2).ppt. Accessed 2011

  242. Shekhar RG, Vir VP, Kiran SB (2007) K-Means+ID3: a novel method for supervised anomaly detection by Cascading K-Means clustering and ID3 decision tree learning methods. IEEE Trans Knowl Data Eng 19(3):345–354. doi:10.1109/TKDE.2007.44

    Article  Google Scholar 

  243. Sheyner O, Haines J, Jha S, Lippmann R, Wing JM (2002) Automated Generation and Analysis of Attack Graphs. In: IEEE symposium on security and privacy, Oakland, California, USA 2002:273–284. doi:10.1109/SECPRI.2002.1004377

    Google Scholar 

  244. Shokri R, Oroumchian F, Yazdani N (2005) CLUSID: a clustering scheme for intrusion detection improved by information theory. In: 13th IEEE international conference on networks, 16–18 Nov 2005, pp 553–558. doi:10.1109/ICON.2005.1635546

  245. Shon T, Moon J (2007) A hybrid machine learning approach to network anomaly detection. Inf Sci 177(18):3799–3821

    Article  Google Scholar 

  246. Shun J, Malki HA (2008) Network intrusion detection system using neural networks. In: Fourth international conference on natural computation (ICNC’08), Jinan, China, vol. 5. IEEE, pp 242–246

  247. Shyu ML, Chen SC, Sarinnapakorn K, Chang LW (2003) A novel anomaly detection scheme based on principal component classifier. In: Third IEEE international conference on data mining (ICDM’03), Melbourne, Florida, USA, pp 172–179

  248. Sinclair C, Pierce L, Matzner S (1999) An application of machine learning to network intrusion detection. In: 15th annual computer security applications conference (ACSAC ’99), Phoenix, AZ, USA, pp 371–377. doi:10.1109/csac.1999.816048

  249. Sindhu S, Geetha S, Kannan A (2012) Decision tree based light weight intrusion detection using a wrapper approach. Expert Syst Appl 39(1):129–141. doi:10.1016/j.eswa.2011.06.013

    Article  Google Scholar 

  250. Siraj MM, Maarof MA, Hashim SZM (2009) Intelligent clustering with PCA and unsupervised learning algorithm in intrusion alert correlation. In: Fifth international conference on information assurance and security ( IAS ’09), Xi’an, China, 18–20 Aug 2009, vol 1, pp 679–682. doi:10.1109/IAS.2009.261

  251. Song J, Takakura H, Kwon Y (2008) A generalized feature extraction scheme to detect 0-Day attacks via IDS alerts. In: Proceedings of the 2008 international symposium on applications and the internet, Urku, Finland, 1442004. IEEE Computer Society, pp 55–61. doi:10.1109/saint.2008.85

  252. Song S, Ling L, Manikopoulo C (2006) Flow-based statistical aggregation schemes for network anomaly detection. In: Proceedings of the IEEE international conference on networking, sensing and control (ICNSC’06), Hainan, China. IEEE, pp 786–791

  253. Song X, Wu M, Jermaine C, Ranka S (2007) Conditional anomaly detection. IEEE Trans Knowl Data Eng 19(5):631–645. doi:10.1109/tkde.2007.1009

  254. Sperotto A, Sadre R, Vliet F, Pras A (2009) A labeled data set for flow-based intrusion detection. In: Nunzi G, Scoglio C, Li X (eds) 9th IEEE international workshop on IP operations and management ((IPOM’09), Venice, Italy, 2009/01/01, vol 5843. Lecture Notes in Computer Science, pp 39–50. doi:10.1007/978-3-642-04968-2_4

  255. Sperotto A, Schaffrath G, Sadre R, Morariu C, Pras A, Stiller B An overview of IP flow-based intrusion detection. IEEE Commun Surv Tutor 12(3):343–356

  256. Sperotto A, Schaffrath G, Sadre R, Morariu C, Pras A, Stiller B (2010) An overview of IP flow-based intrusion detection. Commun Surv Tutor IEEE 12(3):343–356. doi:10.1109/SURV.2010.032210.00054

    Article  Google Scholar 

  257. Stein G, Chen B, Wu AS, Hua KA (2005) Decision tree classifier for network intrusion detection with GA-based feature selection. In: Proceedings of the 43rd annual Southeast Regional Conference, Kennesaw, GA, USA. ACM, pp 136–141

  258. Steinwart I, Hush D, Scovel C (2006) A classification framework for anomaly detection. J Mach Learn Res 6(1):211–232

    MathSciNet  MATH  Google Scholar 

  259. Tabia K, Benferhat S, Leray P, Mé L (2011) Alert correlation in intrusion detection: combining AI-based approaches for exploiting security operators’ knowledge and preferences. In: Security and artificial intelligence (SecArt)

  260. Takeuchi J-I, Yamanishi K (2006) A unifying framework for detecting outliers and change points from time series. IEEE Trans Knowl Data Eng 18(4):482–492

    Article  Google Scholar 

  261. Tang P, Jiang R, Zhao M (2010) Feature selection and design of intrusion detection system based on K-means and triangle area support vector machine. In: Second international conference on future networks (ICFN’10), Hainan, China. IEEE, pp 144–148

  262. Tao L, Ai-ling Q, Yuan-bin H, Xin-tan C (2008a) Method for anomaly detection based on classifier with time function. In: IEEE international conference on industrial technology (ICIT’08). Chengdu, China, 21–24 April 2008, pp 1–4. doi:10.1109/ICIT.2008.4608512

  263. Tao L, Ailing Q, Yuanbin H, Xintan C (2008b) Method for network anomaly detection based on bayesian statistical model with time slicing. In: 7th world congress on intelligent control and automation (WCICA’08), Chongqing, China, 25–27 June 2008, pp 3359–3362. doi:10.1109/WCICA.2008.4593458

  264. Te-Shun C, Yen KK (2007) Fuzzy belief k-nearest neighbors anomaly detection of user to root and remote to local attacks. In: IEEE SMC information assurance and security workshop (IAW ’07), West Point, New York, 20–22 June 2007, pp 207–213. doi:10.1109/IAW.2007.381934

  265. Te-Shun C, Yen KK, Pissinou N, Makki K (2007) Fuzzy belief reasoning for intrusion detection design. In: Third international conference on intelligent information hiding and multimedia signal processing ( IIHMSP’07), Kaohsiung, Taiwan, 26–28 Nov 2007, pp 621–624. doi:10.1109/IIHMSP.2007.4457786

  266. Thottan M, Ji C (2003) Anomaly detection in IP networks. IEEE Trans Signal Process 51(8):2191–2204

    Article  Google Scholar 

  267. Tombini E, Debar H, Me L, Ducasse M (2004) A serial combination of anomaly and misuse IDSs applied to HTTP traffic. In: Proceedings of the 20th annual computer security applications conference, Tucson, Arizona, USA. 1038335: IEEE Computer Society, pp 428–437. doi:10.1109/csac.2004.4

  268. Tsai CF, Hsu YF, Lin CY, Lin WY (2009) Intrusion detection by machine learning: a review. Expert Syst Appl 36(10):11994–12000

    Article  Google Scholar 

  269. Tylman W (2008a) Anomaly-based intrusion detection using bayesian networks. In: Third international conference on dependability of computer systems (DepCos-RELCOMEX ’08), Szklarska Poreba, Poland, 26–28 June 2008, pp 211–218. doi:10.1109/DepCoS-RELCOMEX.2008.52

  270. Tylman W (2008b) Misuse-based intrusion detection using bayesian networks. In: International conference on dependability of computer systems, Zklarska Poreba, Poland, pp 203–210

  271. Ukil A (2010) Application of Kolmogorov complexity in anomaly detection. In: 16th Asia-Pacific conference on communications (APCC), Auckland, New Zealand, Oct 31 2010–Nov 3 2010, pp 141–146. doi:10.1109/APCC.2010.5679753

  272. Vapnik V (1999) The nature of statistical learning theory, 2nd edn. Springer, New York

    MATH  Google Scholar 

  273. Viinikka J, Debar H, Mé L, Lehikoinen A, Tarvainen M (2009) Processing intrusion detection alert aggregates with time series modeling. Inf Fusion 10(4):312–324

    Article  Google Scholar 

  274. Voelker GM, Bershad BN (1994) Mobisaic: an information system for a mobile wireless computing environment. In: Workshop on mobile computing systems and applications, California, USA, pp 185–190. doi:10.1109/mcsa.1994.513481

  275. Vorobiev A, Jun H (2006) Security attack ontology for Web services. In: Second international conference on semantics, knowledge and grid (SKG ’06), Guangxi, China, 1–3 Nov 2006, pp 42–48. doi:10.1109/SKG.2006.85

  276. Wagner D, Soto P (2002) Mimicry attacks on host-based intrusion detection systems. In: Proceedings of the 9th ACM conference on computer and communications security, Berlin, German. ACM, pp 255–264

  277. Wan L, Shengfeng T (2009) Preprocessor of intrusion alerts correlation based on ontology. In: WRI international conference on communications and mobile computing (CMC ’09), Yunnan, China, 6–8 Jan 2009, pp 460–464. doi:10.1109/CMC.2009.63

  278. Wang G, Hao J, Ma J, Huang L (2010) A new approach to intrusion detection using artificial neural networks and fuzzy clustering. Expert Syst Appl 37(9):6225–6232. doi:10.1016/j.eswa.2010.02.102

    Article  Google Scholar 

  279. Wang K, Stolfo S (2004) Anomalous payload-based network intrusion detection. In: Recent advances in intrusion detection, Sophia Antipolis, France. Springer, pp 203–222

  280. Wang W, Battiti R (2006) Identifying intrusions in computer networks with principal component analysis. In: The first international conference on availability, reliability and security, Vienna, Austria. IEEE, pp 8–15

  281. Wang W, Guan X, Zhang X (2004) A novel intrusion detection method based on principle component analysis in computer security. In: IEEE international symposium on neural networks in computer security, Dalian, China. IEEE, pp 88–89

  282. Wang X, He F (2006) Improving intrusion detection performance using rough set theory and association rule mining. In: International conference on hybrid information technology (ICHIT ’06), Jeju Island, Korea, 9–11 Nov. 2006, vol 2, pp 114–119. doi:10.1109/ichit.2006.253599

  283. Wei W, Daniels TE (2005) Building evidence graphs for network forensics analysis. In: 21st Annual computer security applications conference, AZ, USA, 5–9 Dec 2005, p 11, 266. doi:10.1109/CSAC.2005.14

  284. Weller-Fahy DJ, Borghetti BJ, Sodemann AA (2015) A survey of distance and similarity measures used within network intrusion anomaly detection. IEEE Commun Surv Tutor 17(1):70–91

    Article  Google Scholar 

  285. Wenge R, Kecheng L, Lin L (2008) Association rule based context modeling for web service discovery. In: 10th IEEE conference on e-commerce technology, Washington, DC, 21–24 July 2008, pp 299–304. doi:10.1109/CECandEEE.2008.137

  286. Wenke L, Stolfo SJ, Mok KW (1999) A data mining framework for building intrusion detection models. In: Proceedings of the IEEE symposium on security and privacy, Oakland, California 1999:120–132. doi:10.1109/secpri.1999.766909

    Google Scholar 

  287. Wentao F, Bouguila N, Ziou D (2011) Unsupervised anomaly intrusion detection via localized Bayesian feature selection. In: IEEE 11th international conference on data mining (ICDM’11), Vancouver, Canada, 11–14 Dec 2011, pp 1032–1037. doi:10.1109/ICDM.2011.152

  288. White RW, Bailey P, Chen L (2009) Predicting user interests from contextual information. In: Proceedings of the 32nd international ACM SIGIR conference on research and development in information retrieval. ACM, pp 363–370

  289. Williams G, Baxter R, He H, Hawkins S, Gu L (2002) A comparative study of RNN for outlier detection in data mining. In: Proceedings of IEEE international conference on data mining (ICDM’02), Maebashi City, Japan. IEEE, pp 709–712

  290. Winter P, Hermann E, Zeilinger M (2011) Inductive intrusion detection in flow-based network data using one-class support vector machines. In: 4th IFIP international conference on new technologies, mobility and security (NTMS ’11), Paris, France. IEEE, pp 1–5

  291. Wu N, Zhang J (2003) Factor analysis based anomaly detection. In: IEEE systems, man and cybernetics society information assurance workshop, West Point, New York, USA. IEEE, pp 108–115

  292. Wuling R, Jinzhu C, Xianjie W (2009) Application of network intrusion detection based on fuzzy C-means clustering algorithm. In: Third international symposium on intelligent information technology application (IITA’09), Nanchang, China, 21–22 Nov 2009, vol 3, pp 19–22. doi:10.1109/IITA.2009.269

  293. Xiao L, Chen Y, Chang CK (2014) Bayesian model averaging of Bayesian network classifiers for intrusion detection. In: 9th IEEE international workshop on security, trust, and privacy for software applications”, pp 21–15

  294. Xiaolin W, Chou PA, Xiaohui X (2000) Minimum conditional entropy context quantization. In: IEEE international symposium on information theory, Sorrento, Italy, 2000, p 43. doi:10.1109/isit.2000.866333

  295. Xiaorong C, Shanshan W (2010) A real-time hybrid intrusion detection system based on principle component analysis and self organizing maps. In: Sixth international conference on natural computation (ICNC’10), Shandong, China, 10–12 Aug 2010, vol 3, pp 1182–1185. doi:10.1109/ICNC.2010.5583654

  296. Xie P, Li JH, Ou X, Liu P, Levy R (2010) Using Bayesian networks for cyber security analysis. In: IEEE/IFIP international conference on dependable systems and networks (DSN), Chicago, IL, pp 211–220

  297. Xu J, Croft WB (2000) Improving the effectiveness of information retrieval with local context analysis. ACM Trans Inf Syst (TOIS) 18(1):79–112

    Article  Google Scholar 

  298. Xu J, Shelton CR (2010) Intrusion detection using continuous time bayesian networks. J Artif Intell Res 39(1):745–774

    MathSciNet  MATH  Google Scholar 

  299. Xuedou Y (2009) Research on active defence technology with host intrusion based on K-nearest neighbor algorithm of kernel. In: Fifth international conference on information assurance and security (IAS’09), Xi’an, China, 18–20 Aug 2009, vol 1, pp 411–414. doi:10.1109/IAS.2009.255

  300. Ye C, Wei N, Wang T, Zhang Q, Zhu X (2009a) The research on the application of association rules mining algorithm in network intrusion detection. In: First international workshop on education technology and computer science (ETCS ’09), Wuhan, China, 7–8 March 2009, vol 2, pp 849–852. doi:10.1109/etcs.2009.451

  301. Ye C, Zhang Q, Zhou J, Wei N, Zhu X, Wang T (2009b) Improvement of association rules mining algorithm in wireless network intrusion detection. In: International conference on computational intelligence and natural computing, Wuhan, China, 6–7 June 2009, vol 2, pp 413–416. doi:10.1109/cinc.2009.19

  302. Ye D, Huiqiang W, Yonggang P (2004) A hidden markov models-based anomaly intrusion detection method. In: Fifth world congress on intelligent control and automation (WCICA’04), Hangzhou, China, 15–19 June 2004, vol 5, pp 4348–4351. doi:10.1109/WCICA.2004.1342334

  303. Ye D, Tong W (2008) An anomaly intrusion detection method based on shell commands. In: IEEE international symposium on knowledge acquisition and modeling workshop(KAM’08), Wuhan, China, 21–22 Dec 2008, pp 798–801. doi:10.1109/KAMW.2008.4810611

  304. Yeung DY, Ding Y (2003) Host-based intrusion detection using dynamic and static behavioral models. Pattern Recognit 36(1):229–243

    Article  MATH  Google Scholar 

  305. Yoshida K (2003) Entropy based Intrusion Detection. In: IEEE Pacific RIM Conference on Communications, Computers and Signal Processing (PACRIM’03), Victoria, B.C., Canada, 28–30 Aug 2003, vol 2, pp 840–843. doi:10.1109/PACRIM.2003.1235912

  306. Yu Y, Wei Y, Fu-Xiang G, Ge Y (2006) Anomaly Intrusion Detection Approach Using Hybrid MLP/CNN Neural Network. In: Kong H (ed) Sixth international conference on intelligent systems design and applications (ISDA’06), Wroclaw, Poland. IEEE, pp 1095–1102

  307. Yun Y, Guyu H, Shize G, Jun L (2010) Imbalanced classification algorithm in Botnet detection. In: First international conference on pervasive computing signal processing and applications (PCSPA’10), Gjøvik, Norway, 17–19 Sept 2010, pp 116–119. doi:10.1109/PCSPA.2010.37

  308. Zanero S, Savaresi SM (2004) Unsupervised learning techniques for an intrusion detection system. In: Proceedings of the 2004 ACM symposium on applied computing.ACM, pp 412–419

  309. Zhang J, Zulkernine M (2006) A hybrid network intrusion detection technique using random forests. In: The first international conference on availability, reliability and security (ARES’06), Vienna University of Technology, Austria. IEEE, pp 262–269

  310. Zhang Z, Li J, Manikopoulos C, Jorgenson J, Ucles J (2001) HIDE: a hierarchical network intrusion detection system using statistical preprocessing and neural network classification. In: IEEE workshop on information assurance and security, West Point, NY, pp 85–90

  311. Zhang Z, Shen H (2004) Online training of SVMs for real-time intrusion detection. In: 18th international conference on advanced information networking and applications(AINA’04), Fukuoka, Japan, vol 1. IEEE, pp 568–573

  312. Zhang Z, Shen H (2005) Application of online-training SVMs for real-time intrusion detection with different considerations. Comput Commun 28(12):1428–1442

    Article  Google Scholar 

  313. Zhao W, Ma H, He Q (2009) Parallel k-means clustering based on mapreduce. In: IEEE international conference on cloud computing. Springer, pp 674–679

  314. Zheng K, Qian X, Zhou Y, Jia L (2009) Intrusion detection using ISOMAP and support vector machine. In: International conference on artificial intelligence and computational intelligence (AICI’09), Shanghai, China, vol 3. IEEE, pp 235–239

  315. Zhong LL, Ming ZY, Bin ZY (2010) Network intrusion detection method by least squares support vector machine classifier. In: 3rd IEEE international conference on computer science and information technology (ICCSIT’10), Beijing, China, vol 2. IEEE, pp 295–297

  316. Zhou H, Meng X, Zhang L (2007) Application of support vector machine and genetic algorithms to network intrusion detection. In: International conference on wireless communications, networking and mobile computing (WiCom 07), Shanghai, China. IEEE, pp 2267–2269

  317. Zhou M, Huang H, Wang Q (2012) A graph-based clustering algorithm for anomaly intrusion detection. In: 7th international conference on computer science & education (ICCSE’12), Melbourne, Australia, 14–17 July 2012, pp 1311–1314. doi:10.1109/ICCSE.2012.6295306

  318. Zimmermann A, Lorenz A, Oppermann R (2007) An operational definition of context. In: Proceedings of the 6th international and interdisciplinary conference on modeling and using context (Context’07), Roskilde University, Denmark, pp 558–571

Download references

Acknowledgements

This research has been partially funded by grants from the State of Maryland, TEDCO (MII), and Northrop-Grumman Corporation, USA.

Author information

Authors and Affiliations

  1. Department of Computer Information Systems, Yarmouk University, Irbid, 21163, Jordan

    Ahmed Aleroud

  2. Department of Information Systems, University of Maryland, Baltimore County (UMBC), 1000 Hilltop Circle, Baltimore, MD, 21250, USA

    George Karabatis

Authors
  1. Ahmed Aleroud
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. George Karabatis
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ahmed Aleroud.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Aleroud, A., Karabatis, G. Contextual information fusion for intrusion detection: a survey and taxonomy. Knowl Inf Syst 52, 563–619 (2017). https://doi.org/10.1007/s10115-017-1027-3

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10115-017-1027-3

Keywords

Search

Navigation