openargus - Publications

Publications

Argus has been used in a large number of network and cyber security research publications, dissertations, theses, books, presentations and blogs. We're proud that we could support so much research and development in computer networking, cyber security, machine learning, and general science with our work.

Maintaining a complete list has been non-trivial, and the list below is the result of keyword web searches, primarily looking at the Google, and the ACM Library for articles since 2010. If you do not see a research paper, dissertaion, book, presentation, reference that you wrote, or you liked, please send us a pointer. Also, if you find that a link on this page is stale, please send us a note to This email address is being protected from spambots. You need JavaScript enabled to view it..

Standards Organizations

European Union Agency for Cyber Security (ENISA)

Introduction to Network Forensics, Final, Version 1.1, August 2019. ISBN: 978-92-9204-288-2, DOI: 10.2824/995110

Incident Handling Management 1.0, Handbook, Document for Teachers, December 2016.

Incident Handling Management 1.0, Toolset, Document for Students, December 2016.

Standards and tools for exchange and processing of actionable information, Jan 2015, ISBN: 978-92-9204-105-2 doi: 10.2824/37776 Catalog number: TP-04-14-999-EN-N

Actionable Information for Security Incident Response, November 2014, ISBN: 978-92-9204-107-6 doi: 10.2824/38111 Catalog number: TP-05-14-107-EN-N.

Proactive detection of security incidents II - Honeypots, November 2012, © European Network and Information Security Agency (ENISA), 2011.

Proactive detection of network security incidents, December 2011, © European Network and Information Security Agency (ENISA), 2011.

Dissertations and Thesis

Towards Examining Supervised and Unsupervised Learning for IoT Attack Detection, Dalhousie University, Thesis, Nevetha Govindaraju, April 2023.

The identification of DoS and DDoS attacks to IoT devices in software defined networks by using machine learning and deep learning models, Instituto Tecnológico y de Estudios Superiores de Monterrey, Thesis, Almaraz Rivera, Josué Genaro, May 2022.

A Review and Analysis of Bot-IoT Security Data for Machine Learning, Thesis, Florida Atlantic University, Jared M. Peterson, Dec 2021.

Detecting malicious DNS tunnels via network flow entropy, Thesis, Dalhousie University, Yulduz Khodjaeva, Dec 2021.

Botnet Command & Control Detection in IoT Networks, Thesis, Najwa Laabid, July 2021.

TACTICAL APPLICATION OF MACHINE LEARNING TECHNIQUES FOR ANALYZING AUDIT RECORD GENERATION AND UTILIZATION SYSTEM (ARGUS) DATA TO DETECT BOTNET TRAFFIC, Thesis, John T. Ross II and Nathaniel J. Males, June 2021.

Machine leaning-based DoS attacks detection for MQTT sensor networks, Thesis, SCHOOL OF INDUSTRIAL AND INFORMATION ENGINEERING, Politecnico di Milano , Ali Ghannadrad, July 2021.

The Attacker IP Prioritizer: An IoT Optimized Blacklisting Algorithm, Thesis, Czech Technical University in Prague, Thomas O'Hara, May 2021.

Tensor Based Monitoring of Large-Scale Network Traffic, Thesis, Gerald Liso, December 2018.

Adaptive Network Flow Parameters for Stealthy Botnet Behavior - Machine Learning techniques for providing perturbations to network flow patterns, Thesis, Torgeir Fladby, Autumn 2018.

Machine Learning and Cybersecurity: Studying network behaviour to detect anomalies MSc in High Performance Computing with Data Science, The University of Edinburgh, Jiawen Chen, July 25, 2018.

Investigating A Behaviour Analysis-Based Early Warning System To Identify Botnets Using Machine Learning Algorithms Ph.D. Thesis, Fariba Haddadi, September 2018.

InSight2: An Interactive Web Based Platform for Modeling and Analysis of Large Scale Argus Network Flow Data, Thesis, Hansaka Angel Dias Edirisinghe Kodituwakku, Aug 2017.

An Online Anomaly-Detection Neural Networks-based Clustering for Adaptive Intrusion Detection Systems, Thesis, Roshan Kokabha, Setareh, Feb 2016.

Intensional Cyberforensics, Thesis, Serguei A. Mokhov, Mar 2014.

Salting Public Traces With Attack Traffic To Test Flow Classifiers, Thesis, Zeynel Berkay Celik, Aug 2011.

A comparative study of in-band and out-of-band VoIP protocols in layer 3 and layer 2.5 environments, Thesis, George Pallis, Jan 2011.

Detecting malicious network activity using flow data and learning automata , Thesis, Christian Auby Torbjørn Skagestad Kristian Tveiten, May 2009.

Visualization of Network Traffic to Detect Malicious Network Activity, Thesis, Zhihua Jin, June 2008.

Supporting the Visualization and Forensic Analysis of Network Events, Disseration, Doantham Phan, December 2007.

Keeping Track of Network Flows: An Inexpensive and Fexible Solution, Thesis, Alexander Fedyukin, November 2005.

Using Netflows for slow portscan detection, Thesis, Bjarte Malmedal, 2005.

Research Articles

Research articles include published peer review articles that either use or reference Argus, Argus clients programs or Argus data in the work. Many of the AI/ML research papers use or reference the UNSW NB-15 dataset which is generated using argus data and programs. We are proud to have contributed directly and indirectly to so many research projects and efforts and hope that all the authors are "most excellent" in their efforts.

Tristan Bilot, Nour El Madhoun, Khaldoun Al Agha, and Anis Zouaoui. 2024. A Survey on Malware Detection with Graph Representation Learning. ACM Comput. Surv. Just Accepted (May 2024). https://doi.org/10.1145/3664649

Na Li, Yiyang Qi, Chaoran Li, and Zhiming Zhao. 2024. Active Learning for Data Quality Control: A Survey. J. Data and Information Quality 16, 2, Article 11 (June 2024), 45 pages. https://doi.org/10.1145/3663369

Noor, U., Kanwal, R. and Rashid, Z., 2024. Enhancing Smart Cities Through Real-Time Insights and Safety: A Comparative Study of Supervised Machine Learning Algorithms for Anomaly Detection in Emerging Urban Landscapes. Technical Journal, 29(01), pp.47-60.

Hasan, M., & Malik, T. (2024, June). AI-Enhanced VPN Security Framework: Integrating Open-Source Threat Intelligence and Machine Learning to Secure Digital Networks. In European Conference on Cyber Warfare and Security (Vol. 23, No. 1, pp. 760-768). https://doi.org/10.34190/eccws.23.1.2505

Q. Zeng and Y. Hara-Azumi, "Hardware/Software Codesign of Real-Time Intrusion Detection System for Internet of Things Devices," in IEEE Internet of Things Journal, vol. 11, no. 12, pp. 22351-22363, 15 June15, 2024, doi: 10.1109/JIOT.2024.3380822.

Mohammed Ayub, Yasser El-Alfy, and Ayaz H Khan. 2024. Distributed Intrusion Detection Systems Based on Deep Learning Techniques and Boosting Ensemble. In Proceedings of the 7th International Conference on Future Networks and Distributed Systems (ICFNDS '23). Association for Computing Machinery, New York, NY, USA, 180–191. https://doi.org/10.1145/3644713.3644736

Ohtani, T., Yamamoto, R. and Ohzahata, S., 2024. IDAC: Federated Learning-Based Intrusion Detection Using Autonomously Extracted Anomalies in IoT. Sensors, 24(10), p.3218.

Yazan Otoum, Navya Gottimukkala, Neeraj Kumar, and Amiya Nayak. 2024. Machine Learning in Metaverse Security: Current Solutions and Future Challenges. ACM Comput. Surv. 56, 8, Article 215 (August 2024), 36 pages. https://doi.org/10.1145/3654663

Shalli Rani, Ankita Sharma, and Muhammad Zohaib. 2024. Study for Integrating IoT-IDS Datasets: Machine and Deep Learning for Secure IoT Network System. In Proceedings of the 28th International Conference on Evaluation and Assessment in Software Engineering (EASE '24). Association for Computing Machinery, New York, NY, USA, 686–691. https://doi.org/10.1145/3661167.3661286

Paul Kiyambu Mvula, Paula Branco, Guy-Vincent Jourdan, and Herna Lydia Viktor. 2024. A Survey on the Applications of Semi-supervised Learning to Cyber-security. ACM Comput. Surv. 56, 10, Article 253 (October 2024), 41 pages. https://doi.org/10.1145/3657647

Peddle, B., Lu, W., Yu, Q. (2024). Detecting DDoS Attacks in the Internet of Medical Things Through Machine Learning-Based Classification. In: Woungang, I., Dhurandher, S.K. (eds) The 6th International Conference on Wireless, Intelligent and Distributed Environment for Communication. WIDECOM 2023. Lecture Notes on Data Engineering and Communications Technologies, vol 185. Springer, Cham. https://doi.org/10.1007/978-3-031-47126-1_13

Junyi Liu, Yifu Tang, Haimeng Zhao, Xieheng Wang, Fangyu Li, and Jingyi Zhang. 2024. CPS Attack Detection under Limited Local Information in Cyber Security: An Ensemble Multi-Node Multi-Class Classification Approach. ACM Trans. Sen. Netw. 20, 2, Article 33 (March 2024), 27 pages. https://doi.org/10.1145/3585520

Nuñez-Agurto, D., Fuertes, W., Marrone, L., Castillo-Camacho, M., Benavides-Astudillo, E., Perez, F. (2024). Attack Classification Using Machine Learning Techniques in Software-Defined Networking. In: Botto-Tobar, M., Zambrano Vizuete, M., Montes León, S., Torres-Carrión, P., Durakovic, B. (eds) International Conference on Applied Technologies. ICAT 2023. Communications in Computer and Information Science, vol 2050. Springer, Cham. https://doi.org/10.1007/978-3-031-58953-9_19

Ortega-Fernandez, I., Sestelo, M., Burguillo, J.C. et al. Network intrusion detection system for DDoS attacks in ICS using deep autoencoders. Wireless Netw (2023). https://doi.org/10.1007/s11276-022-03214-3

Lisa-Marie Geiginger and Tanja Zseby. 2024. Evading Botnet Detection. In Proceedings of the 39th ACM/SIGAPP Symposium on Applied Computing (SAC '24). Association for Computing Machinery, New York, NY, USA, 1331–1340. https://doi.org/10.1145/3605098.3635921

T. Bilot, N. E. Madhoun, K. A. Agha and A. Zouaoui, "Graph Neural Networks for Intrusion Detection: A Survey," in IEEE Access, vol. 11, pp. 49114-49139, 2023, doi: 10.1109/ACCESS.2023.3275789.

Kostas, K., Just, M. and Lones, M.A., 2023. IoTGeM: Generalizable Models for Behaviour-Based IoT Attack Detection. arXiv preprint arXiv:2401.01343.

Schumacher, N. et al. (2023). One-Class Models for Intrusion Detection at ISP Customer Networks. In: Maglogiannis, I., Iliadis, L., MacIntyre, J., Dominguez, M. (eds) Artificial Intelligence Applications and Innovations. AIAI 2023. IFIP Advances in Information and Communication Technology, vol 676. Springer, Cham. https://doi.org/10.1007/978-3-031-34107-6_3

Chagas de Brito Guimarães, Lucas, DEEP LEARNING-BASED REAL-TIME BOTNET DETECTION FOR EDGE DEVICES. – Rio de Janeiro: UFRJ/COPPE, 2023. XIII, 42 p.: il.; 29, 7cm.

Muhammad Asim Mukhtar Bhatti, Muhammad Awais, and Aamna Iqtidar. 2023. Machine Learning based Intrusion Detection System for IoT Applications using Explainable AI. In Proceedings of the 2023 Asia Conference on Artificial Intelligence, Machine Learning and Robotics (AIMLR '23). Association for Computing Machinery, New York, NY, USA, Article 11, 1–6. https://doi.org/10.1145/3625343.3625356

Mohamed Amine Merzouk, Frédéric Cuppens, Nora Boulahia-Cuppens, and Reda Yaich. 2023. Parameterizing poisoning attacks in federated learning-based intrusion detection. In Proceedings of the 18th International Conference on Availability, Reliability and Security (ARES '23). Association for Computing Machinery, New York, NY, USA, Article 104, 1–8. https://doi.org/10.1145/3600160.3605090

Hooman Alavizadeh, Julian Jang-Jaccard, Simon Yusuf Enoch, Harith Al-Sahaf, Ian Welch, Seyit A. Camtepe, and Dan Dongseong Kim. 2022. A Survey on Cyber Situation-awareness Systems: Framework, Techniques, and Insights. ACM Comput. Surv. 55, 5, Article 107 (May 2023), 37 pages. https://doi.org/10.1145/3530809

Shruti Sureshan and Debasis Das. 2023. Few-Shot Learning based Anomaly Detection in Security Applications. In Proceedings of the 6th Joint International Conference on Data Science & Management of Data (10th ACM IKDD CODS and 28th COMAD) (CODS-COMAD '23). Association for Computing Machinery, New York, NY, USA, 295–296. https://doi.org/10.1145/3570991.3571040

Lewandowski B. Guidelines and a Framework to Improve the Delivery of Network Intrusion Detection Datasets. In SECRYPT 2023 (pp. 649-658).

Ezeh, D.A. and de Oliveira, J., 2023. An SDN controller-based framework for anomaly detection using a GAN ensemble algorithm. INFOCOMMUNICATIONS JOURNAL: A PUBLICATION OF THE SCIENTIFIC ASSOCIATION FOR INFOCOMMUNICATIONS (HTE), 15(2), pp.29-36.

Abeer Alalmaie, Priyadarsi Nanda, and Xiangjian He. 2023. Zero Trust Network Intrusion Detection System (NIDS) using Auto Encoder for Attention-based CNN-BiLSTM. In Proceedings of the 2023 Australasian Computer Science Week (ACSW '23). Association for Computing Machinery, New York, NY, USA, 1–9. https://doi.org/10.1145/3579375.3579376

Ilhan Firat Kilincer, Fatih Ertam, Abdulkadir Sengur, Ru-San Tan, U. Rajendra Acharya, Automated detection of cybersecurity attacks in healthcare systems with recursive feature elimination and multilayer perceptron optimization, Biocybernetics and Biomedical Engineering, Volume 43, Issue 1, 2023, Pages 30-41, ISSN 0208-5216, https://doi.org/10.1016/j.bbe.2022.11.005. (https://www.sciencedirect.com/science/article/pii/S0208521622001012)

Wen Fei, Hiroyuki Ohno, and Srinivas Sampalli. 2023. A Systematic Review of IoT Security: Research Potential, Challenges, and Future Directions. ACM Comput. Surv. 56, 5, Article 111 (May 2024), 40 pages. https://doi.org/10.1145/3625094

Weixi Wu. 2023. Traffic anomaly detection method based on bidirectional autoencoder generative adversarial network. In Proceedings of the 2023 International Conference on Communication Network and Machine Learning (CNML '23). Association for Computing Machinery, New York, NY, USA, 337–340. https://doi.org/10.1145/3640912.3640979

Andrea Venturi, Matteo Ferrari, Mirco Marchetti, and Michele Colajanni. 2023. ARGANIDS: a novel Network Intrusion Detection System based on adversarially Regularized Graph Autoencoder. In Proceedings of the 38th ACM/SIGAPP Symposium on Applied Computing (SAC '23). Association for Computing Machinery, New York, NY, USA, 1540–1548. https://doi.org/10.1145/3555776.3577651

Zengri Zeng, Baokang Zhao, Han-Chieh Chao, Ilsun You, Kuo-Hui Yeh, and Weizhi Meng. 2023. Towards Intelligent Attack Detection Using DNA Computing. ACM Trans. Multimedia Comput. Commun. Appl. 19, 3s, Article 126 (June 2023), 27 pages. https://doi.org/10.1145/3561057

Cole, Robert G., Fustos, Jacob, Hart, Brian, Hill, Brennan, Wade, Susan, Cooper, Alexis, Cardona, Daniel, Sabbaghi, Arman, and Bullard, Carter. Emulation Modeling for Development of Cyber-Defense Capabilities for Satellite Systems. United States: N. p., 2022. Web. doi:10.2172/1894014.

Almaraz-Rivera, J.G., Perez-Diaz, J.A. and Cantoral-Ceballos, J.A., 2022. Transport and application layer DDoS attacks detection to IoT devices by using machine learning and deep learning models. Sensors, 22(9), p.3367.

J. G. Almaraz-Rivera, J. A. Perez-Diaz, J. A. Cantoral-Ceballos, J. F. Botero and L. A. Trejo, "Toward the Protection of IoT Networks: Introducing the LATAM-DDoS-IoT Dataset," in IEEE Access, vol. 10, pp. 106909-106920, 2022, doi: 10.1109/ACCESS.2022.3211513.

Zhiyan Chen, Jinxin Liu, Yu Shen, Murat Simsek, Burak Kantarci, Hussein T. Mouftah, and Petar Djukic. 2022. Machine Learning-Enabled IoT Security: Open Issues and Challenges Under Advanced Persistent Threats. ACM Comput. Surv. 55, 5, Article 105 (May 2023), 37 pages. https://doi.org/10.1145/3530812

Khodjaeva, Y., Zincir-Heywood, N. and Zincir, I., Can We Detect Malicious Behaviours in Encrypted DNS Tunnels Using Network Flow Entropy. Journal of Cyber Security and Mobility, Vol. 11_3 (Aug 2022), 461–496.

Chaganti, R., Mourade, A., Ravi, V., Vemprala, N., Dua, A. and Bhushan, B., 2022. A particle swarm optimization and deep learning approach for intrusion detection system in internet of medical things. Sustainability, 14(19), p.12828.

Y. Feng, J. Luo, C. Ma, T. Li and L. Hui, "I Can Still Observe You: Flow-level Behavior Fingerprinting for Online Social Network," GLOBECOM 2022 - 2022 IEEE Global Communications Conference, Rio de Janeiro, Brazil, 2022, pp. 6427-6432, doi: 10.1109/GLOBECOM48099.2022.10001510.

Ying Xing, Hui Shu, Fei Kang, Hao Zhao, "Peertrap: An Unstructured P2P Botnet Detection Framework Based on SAW Community Discovery", Wireless Communications and Mobile Computing, vol. 2022, Article ID 9900396, 18 pages, 2022. https://doi.org/10.1155/2022/9900396

Veronica Valeros, Sebastian Garcia, Hornet 40: Network dataset of geographically placed honeypots, Data in Brief, Volume 40, 2022, 107795, ISSN 2352-3409, https://doi.org/10.1016/j.dib.2022.107795. (https://www.sciencedirect.com/science/article/pii/S2352340922000075)

Eva Papadogiannaki and Sotiris Ioannidis. 2021. A Survey on Encrypted Network Traffic Analysis Applications, Techniques, and Countermeasures. ACM Comput. Surv. 54, 6, Article 123 (July 2022), 35 pages. https://doi.org/10.1145/3457904

Nguyen P.C. et al. (2022) An Intrusion Detection Approach for Small-Sized Networks. In: Smys S., Balas V.E., Palanisamy R. (eds) Inventive Computation and Information Technologies. Lecture Notes in Networks and Systems, vol 336. Springer, Singapore. https://doi.org/10.1007/978-981-16-6723-7_67

A. N. M. Bazlur Rashid, Mohiuddin Ahmed, Leslie F. Sikos, and Paul Haskell-Dowland. 2022. Anomaly Detection in Cybersecurity Datasets via Cooperative Co-evolution-based Feature Selection. ACM Trans. Manage. Inf. Syst. 13, 3, Article 29 (September 2022), 39 pages. https://doi.org/10.1145/3495165

Arora, Pallavi, Baljeet Kaur, and Marcio Andrey Teixeira. "HOME NETWORK SECURITY INCORPORATING MACHINE LEARNING ALGORITHMS IN INTERNET OF MEDICAL THINGS." networks 7 (2021): 8.

Huu-Khoi Bui, Ying-Dar Lin, Ren-Hung Hwang, Po-Ching Lin, Van-Linh Nguyen, Yuan-Cheng Lai, CREME: A toolchain of automatic dataset collection for machine learning in intrusion detection, Journal of Network and Computer Applications, Volume 193, 2021, 103212, ISSN 1084-8045. (https://www.sciencedirect.com/science/article/pii/S1084804521002137)

Andrea Venturi, Giovanni Apruzzese, Mauro Andreolini, Michele Colajanni, Mirco Marchetti, DReLAB - Deep REinforcement Learning Adversarial Botnet: A benchmark dataset for adversarial attacks against botnet Intrusion Detection Systems, Data in Brief, Volume 34, 2021, 106631, ISSN 2352-3409, https://doi.org/10.1016/j.dib.2020.106631.

Norouzian, M.R., Xu, P., Eckert, C., Zarras, A. (2021). Hybroid: Toward Android Malware Detection and Categorization with Program Code and Network Traffic. In: Liu, J.K., Katsikas, S., Meng, W., Susilo, W., Intan, R. (eds) Information Security. ISC 2021. Lecture Notes in Computer Science(), vol 13118. Springer, Cham. https://doi.org/10.1007/978-3-030-91356-4_14

Nazar Waheed, Xiangjian He, Muhammad Ikram, Muhammad Usman, Saad Sajid Hashmi, and Muhammad Usman. 2020. Security and Privacy in IoT Using Machine Learning and Blockchain: Threats and Countermeasures. ACM Comput. Surv. 53, 6, Article 122 (November 2021), 37 pages. https://doi.org/10.1145/3417987

Jassim Happa, Ioannis Agrafiotis, Martin Helmhout, Thomas Bashford-Rogers, Michael Goldsmith, and Sadie Creese. 2021. Assessing a Decision Support Tool for SOC Analysts. Digital Threats 2, 3, Article 22 (September 2021), 35 pages. https://doi.org/10.1145/3430753

Siddharth Bhatia, Arjit Jain, Pan Li, Ritesh Kumar, and Bryan Hooi. 2021. MStream: Fast Anomaly Detection in Multi-Aspect Streams. In Proceedings of the Web Conference 2021 (WWW '21). Association for Computing Machinery, New York, NY, USA, 3371–3382. https://doi.org/10.1145/3442381.3450023

E. Tufan, C. Tezcan and C. Acartürk, "Anomaly-Based Intrusion Detection by Machine Learning: A Case Study on Probing Attacks to an Institutional Network," in IEEE Access, vol. 9, pp. 50078-50092, 2021, doi: 10.1109/ACCESS.2021.3068961.

Yulduz Khodjaeva and Nur Zincir-Heywood. 2021. Network Flow Entropy for Identifying Malicious Behaviours in DNS Tunnels. In Proceedings of the 16th International Conference on Availability, Reliability and Security (ARES '21). Association for Computing Machinery, New York, NY, USA, Article 72, 1–7. https://doi.org/10.1145/3465481.3470089

J. L. Leevy, J. Hancock, T. M. Khoshgoftaar and J. M. Peterson, "An Easy-to-Classify Approach for the Bot-IoT Dataset," 2021 IEEE Third International Conference on Cognitive Machine Intelligence (CogMI), Atlanta, GA, USA, 2021, pp. 172-179, doi: 10.1109/CogMI52975.2021.00031.

Idrissi, I., Azizi, M. and Moussaoui, O., 2021. Accelerating the update of a DL-based IDS for IoT using deep transfer learning. Indonesian Journal of Electrical Engineering and Computer Science, 23(2), pp.1059-1067.

Prabhat Kumar, Rakesh Tripathi, and Govind P. Gupta. 2021. P2IDF: A Privacy-Preserving based Intrusion Detection Framework for Software Defined Internet of Things-Fog (SDIoT-Fog). In Adjunct Proceedings of the 2021 International Conference on Distributed Computing and Networking (ICDCN '21). Association for Computing Machinery, New York, NY, USA, 37–42. https://doi.org/10.1145/3427477.3429989

Gautam Srivastava, Thippa Reddy G, N. Deepa, B. Prabadevi, and Praveen Kumar Reddy M. 2021. An ensemble model for intrusion detection in the Internet of Softwarized Things. In Adjunct Proceedings of the 2021 International Conference on Distributed Computing and Networking (ICDCN '21). Association for Computing Machinery, New York, NY, USA, 25–30. https://doi.org/10.1145/3427477.3429987

Ertza Warraich and Muhammad Shahbaz. 2021. Constructing the face of network data. In Proceedings of the SIGCOMM '21 Poster and Demo Sessions (SIGCOMM '21). Association for Computing Machinery, New York, NY, USA, 21–23. https://doi.org/10.1145/3472716.3472852

Safari Khatouni, A., Seddigh, N., Nandy, B. et al. Machine Learning Based Classification Accuracy of Encrypted Service Channels: Analysis of Various Factors. J Netw Syst Manage 29, 8 (2021). https://doi.org/10.1007/s10922-020-09566-5

Dylan Chou and Meng Jiang. 2021. A Survey on Data-driven Network Intrusion Detection. ACM Comput. Surv. 54, 9, Article 182 (December 2022), 36 pages. https://doi.org/10.1145/3472753

Andrea Corsini, Shanchieh Jay Yang, and Giovanni Apruzzese. 2021. On the Evaluation of Sequential Machine Learning for Network Intrusion Detection. In The 16th International Conference on Availability, Reliability and Security (ARES 2021), August 17–20, 2021, Vienna, Austria. ACM, New York, NY, USA, 10 pages. https://doi.org/10.1145/3465481.3470065

Cheng H., Shen Y., Cheng T., Fang Y., Ling J. (2021) Botnet Detection Based on Multilateral Attribute Graph. In: Lu W., Sun K., Yung M., Liu F. (eds) Science of Cyber Security. SciSec 2021. Lecture Notes in Computer Science, vol 13005. Springer, Cham. https://doi.org/10.1007/978-3-030-89137-4_5

Ilievski G, Latkoski P. Network Traffic Classification in an NFV Environment using Supervised ML Algorithms. Journal of Telecommunications and Information Technology. 2021;23–31.

Y. Song, W. Luo, J. Li, P. Xu and J. Wei, "SDN-based Industrial Internet Security Gateway," 2021 International Conference on Security, Pattern Analysis, and Cybernetics（SPAC), 2021, pp. 238-243, doi: 10.1109/SPAC53836.2021.9539961.

Sirajuddin Qureshi, Saima Tunio, Faheem Akhtar, Ahsan Wajahat, Ahsan Nazir, Faheem Ullah. Network Forensics: A Comprehensive Review of Tools and Techniques. (IJACSA) International Journal of Advanced Computer Science and Applications, Vol. 12, No. 5, 2021

Clark, D. and Turnbull, B. Interactive 3D Visualization of Network Traffic in Time for Forensic Analysis. DOI: 10.5220/0008950601770184 In Proceedings of the 15th International Joint Conference on Computer Vision, Imaging and Computer Graphics Theory and Applications (VISIGRAPP 2020) - Volume 3: IVAPP, pages 177-184 ISBN: 978-989-758-402-2; ISSN: 2184-4321

Nour Moustafa and Alireza Jolfaei. 2020. Autonomous detection of malicious events using machine learning models in drone networks. In Proceedings of the 2nd ACM MobiCom Workshop on Drone Assisted Wireless Communications for 5G and Beyond (DroneCom '20). Association for Computing Machinery, New York, NY, USA, 61–66. https://doi.org/10.1145/3414045.3415951

Jinxin Liu, Burak Kantarci, and Carlisle Adams. 2020. Machine learning-driven intrusion detection for Contiki-NG-based IoT networks exposed to NSL-KDD dataset. In Proceedings of the 2nd ACM Workshop on Wireless Security and Machine Learning (WiseML '20). Association for Computing Machinery, New York, NY, USA, 25–30. https://doi.org/10.1145/3395352.3402621

Mubarak Albarka Umar, Chen Zhanfang, and Yan Liu. 2020. Network Intrusion Detection Using Wrapper-based Decision Tree for Feature Selection. In Proceedings of the 2020 International Conference on Internet Computing for Science and Engineering (ICICSE '20). Association for Computing Machinery, New York, NY, USA, 5–13. https://doi.org/10.1145/3424311.3424330

Kay Boldt, Kenneth B. Kent, and Rainer Herpers. 2020. Investigation of encrypted and obfuscated network traffic utilizing machine learning. In Proceedings of the 30th Annual International Conference on Computer Science and Software Engineering (CASCON '20). IBM Corp., USA, 43–52.

Torgeir Fladby, Hårek Haugerud, Stefano Nichele, Kyrre Begnum, and Anis Yazidi. 2020. Evading a Machine Learning-based Intrusion Detection System through Adversarial Perturbations. In Proceedings of the International Conference on Research in Adaptive and Convergent Systems (RACS '20). Association for Computing Machinery, New York, NY, USA, 161–166. https://doi.org/10.1145/3400286.3418252

A. A. Hady, A. Ghubaish, T. Salman, D. Unal and R. Jain, "Intrusion Detection System for Healthcare Systems Using Medical and Network Data: A Comparison Study," in IEEE Access, vol. 8, pp. 106576-106584, 2020, doi: 10.1109/ACCESS.2020.3000421.

Manas Kumar Yogi and KVV Subba Rao, Impact analysis of using ML techniques on imbalanced datasets for leveraging security of industrial IoT. International Journal of Circuit, Computing and Networking 2020; 2(2): 41-46

Chaouki Khammassiab, Saoussen Krichena, "A NSGA2-LR Wrapper Approach for Feature Selection in Network Intrusion Detection". Computer Networks. Volume 172, 8 May 2020, 107183. ISSN 1389-1286, https://doi.org/10.1016/j.comnet.2020.107183

Rajagopal S., Hareesha K.S., Kundapur P.P. (2020) Feature Relevance Analysis and Feature Reduction of UNSW NB-15 Using Neural Networks on MAMLS. In: Pati B., Panigrahi C., Buyya R., Li KC. (eds) Advanced Computing and Intelligent Engineering. Advances in Intelligent Systems and Computing, vol 1082. Springer, Singapore

Abirami M.S., Yash U., Singh S. (2020) Building an Ensemble Learning Based Algorithm for Improving Intrusion Detection System. In: Dash S., Lakshmi C., Das S., Panigrahi B. (eds) Artificial Intelligence and Evolutionary Computations in Engineering Systems. Advances in Intelligent Systems and Computing, vol 1056. Springer, Singapore

Almogren, Ahmad S. Intrusion Detection in Edge-of-Things Computing. Journal of Parallel and Distributed Computing, Volume 137, March 2020, Pages 259-265.

Gjorgji ILIEVSKI , Pero LATKOSKI. Efficiency of Supervised Machine Learning Algorithms in Regular and Encrypted VoIP Classification within NFV Environment, RADIOENGINEERING, VOL. 29, NO. 1, APRIL 2020, 243-250.

Gupta N., Bedi P., Jindal V. (2020) Effect of Activation Functions on the Performance of Deep Learning Algorithms for Network Intrusion Detection Systems. In: Singh P., Panigrahi B., Suryadevara N., Sharma S., Singh A. (eds) Proceedings of ICETIT 2019. Lecture Notes in Electrical Engineering, vol 605. Springer, Cham

Dwivedi, S., Vardhan, M. & Tripathi, S. Incorporating evolutionary computation for securing wireless network against cyberthreats. J Supercomput (2020). https://doi.org/10.1007/s11227-020-03161-w

Molina-Coronado, B., Mori, U., Mendiburu, A., & Miguel-Alonso, J. (2020). Survey of Network Intrusion Detection Methods from the Perspective of the Knowledge Discovery in Databases Process. ArXiv, abs/2001.09697.

Apruzzese, G.; Andreolini, M.; Marchetti, M.; Colacino, V.G.; Russo, G. AppCon: Mitigating Evasion Attacks to ML Cyber Detectors. Symmetry 2020, 12, 653.

J. Aiken and S. Scott-Hayward, "Investigating Adversarial Attacks against Network Intrusion Detection Systems in SDNs," 2019 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN), 2019, pp. 1-7, doi: 10.1109/NFV-SDN47374.2019.9040101.

Haney M. (2019) Leveraging Cyber-Physical System Honeypots to Enhance Threat Intelligence. In: Staggs J., Shenoi S. (eds) Critical Infrastructure Protection XIII. ICCIP 2019. IFIP Advances in Information and Communication Technology, vol 570. Springer, Cham. https://doi.org/10.1007/978-3-030-34647-8_11

Guo, H., Fan, X., Cao, A., Outhred, G., & Heidemann, J.S. (2019). Peek Inside the Closed World: Evaluating Autoencoder-Based Detection of DDoS to Cloud. ArXiv, abs/1912.05590.

D. C. Le and N. Zincir-Heywood, "Learning From Evolving Network Data for Dependable Botnet Detection," 2019 15th International Conference on Network and Service Management (CNSM), 2019, pp. 1-5, doi: 10.23919/CNSM46954.2019.9012710.

M. Zolanvari, M. A. Teixeira, L. Gupta, K. M. Khan and R. Jain, "Machine Learning-Based Network Vulnerability Analysis of Industrial Internet of Things," in IEEE Internet of Things Journal, vol. 6, no. 4, pp. 6822-6834, Aug. 2019.

Robert A. Bridges, Tarrah R Glass-Vanderlan, Michael D Iannacone, Maria S Vincent, Qian (Guenevere) Chen, A Survey of Intrusion Detection Systems Leveraging Host Data. ACM Computing Surveys, November 2019 Article No.: 128 https://doi.org/10.1145/3344382

C. R. Taylor and J. P. Lanson, "Network-based Classification of Authentication Attempts using Machine Learning," 2019 International Conference on Computing, Networking and Communications (ICNC), Honolulu, HI, USA, 2019, pp. 669-673

Tuan, T.A., Long, H.V., Son, L.H. et al. Performance evaluation of Botnet DDoS attack detection using machine learning. Evol. Intel. (2019). https://doi.org/10.1007/s12065-019-00310-w

Chapaneri R., Shah S. (2019) A Comprehensive Survey of Machine Learning-Based Network Intrusion Detection. In: Satapathy S., Bhateja V., Das S. (eds) Smart Intelligent Computing and Applications. Smart Innovation, Systems and Technologies, vol 104. Springer, Singapore

Fan Zhang, J. Wesley Hines & Jamie B. Coble (2019) A Robust Cybersecurity Solution Platform Architecture for Digital Instrumentation and Control Systems in Nuclear Power Facilities, Nuclear Technology, DOI: 10.1080/00295450.2019.1666599

F. A. Khan, A. Gumaei, A. Derhab and A. Hussain, "A Novel Two-Stage Deep Learning Model for Efficient Network Intrusion Detection," in IEEE Access, vol. 7, pp. 30373-30385, 2019.

S. Khanchi, N. Zincir-Heywood and M. Heywood, "Network Analytics for Streaming Traffic Analysis," 2019 IFIP/IEEE Symposium on Integrated Network and Service Management (IM), 2019, pp. 25-30.

G. Apruzzese, M. Colajanni and M. Marchetti, "Evaluating the effectiveness of Adversarial Attacks against Botnet Detectors," 2019 IEEE 18th International Symposium on Network Computing and Applications (NCA), 2019, pp. 1-8, doi: 10.1109/NCA.2019.8935039.

Nickolaos Koroniotis, Nour Moustafa, Elena Sitnikova, Benjamin Turnbull, Towards the development of realistic botnet dataset in the Internet of Things for network forensic analytics: Bot-IoT dataset, Future Generation Computer Systems, Volume 100, 2019, Pages 779-796, ISSN 0167-739X, https://doi.org/10.1016/j.future.2019.05.041.

Pektaş, A, Acarman, T. A deep learning method to detect network intrusion through flow‐based features. Int J Network Mgmt. 2019; 29:e2050. https://doi.org/10.1002/nem.2050

A. S. Khatouni and N. Zincir-Heywood, "Integrating Machine Learning with Off-the-Shelf Traffic Flow Features for HTTP/HTTPS Traffic Classification," 2019 IEEE Symposium on Computers and Communications (ISCC), Barcelona, Spain, 2019, pp. 1-7.

A. S. Khatouni, L. Zhang, K. Aziz, I. Zincir and N. Zincir-Heywood, "Exploring NAT Detection and Host Identification Using Machine Learning," 2019 15th International Conference on Network and Service Management (CNSM), Halifax, NS, Canada, 2019, pp. 1-8.

R. R. Karn, P. Kudva and I. A. M. Elfadel, "Dynamic Autoselection and Autotuning of Machine Learning Models for Cloud Network Analytics," in IEEE Transactions on Parallel and Distributed Systems, vol. 30, no. 5, pp. 1052-1064, 1 May 2019.

Andreoni Lopez, M, Mattos, DMF, Duarte, OCMB, Pujolle, G. Toward a monitoring and threat detection system based on stream processing as a virtual network function for big data. Concurrency Computat Pract Exper. 2019; 31:e5344. https://doi.org/10.1002/cpe.5344

D. Zhuang and J. M. Chang, "Enhanced PeerHunter: Detecting Peer-to-Peer Botnets Through Network-Flow Level Community Behavior Analysis," in IEEE Transactions on Information Forensics and Security, vol. 14, no. 6, pp. 1485-1500, June 2019. doi: 10.1109/TIFS.2018.2881657

Osama Faker and Erdogan Dogdu. 2019. Intrusion Detection Using Big Data and Deep Learning Techniques. In Proceedings of the 2019 ACM Southeast Conference (ACM SE '19). ACM, New York, NY, USA, 86-93. DOI: https://doi.org/10.1145/3299815.3314439

P. Mishra, V. Varadharajan, U. Tupakula and E. S. Pilli, "A Detailed Investigation and Analysis of Using Machine Learning Techniques for Intrusion Detection," in IEEE Communications Surveys & Tutorials, vol. 21, no. 1, pp. 686-728, Firstquarter 2019.

X. Wu, T. Miskell, Y. Luo, L. Wang and L. Chen, "Edison: Event-driven Distributed System of Network Measurement," 2019 IFIP/IEEE Symposium on Integrated Network and Service Management (IM), Arlington, VA, USA, 2019, pp. 545-550.

N. Moustafa, B. Turnbull and K. R. Choo, "Towards Automation of Vulnerability and Exploitation Identification in IIoT Networks," 2018 IEEE International Conference on Industrial Internet (ICII), 2018, pp. 139-145, doi: 10.1109/ICII.2018.00023.

Marcio Andrey Teixeira, Tara Salman, Maede Zolanvari, Raj Jain, Nader Meskin and Mohammed Samaka. 2018. SCADA System Testbed for Cybersecurity Research Using Machine Learning Approach. Future Internet 2018, 10(8), 76; https://doi.org/10.3390/fi10080076

A. Divekar, M. Parekh, V. Savla, R. Mishra and M. Shirole, "Benchmarking datasets for Anomaly-based Network Intrusion Detection: KDD CUP 99 alternatives," 2018 IEEE 3rd International Conference on Computing, Communication and Security (ICCCS), Kathmandu, 2018, pp. 1-8.

Sean Peisert, Eli Dart, William Barnett, Edward Balas, James Cuff, Robert L Grossman, Ari Berman, Anurag Shankar, Brian Tierney. 2018. The medical science DMZ: a network design pattern for data-intensive medical science. Journal of the American Medical Informatics Association, Volume 25, Issue 3, March 2018, Pages 267–274, https://doi.org/10.1093/jamia/ocx104.

Stephanie Ding. 2018. Machine Learning for Cybersecurity: Network-based Botnet Detection Using Time-Limited Flows. Caltech Undergraduate Research Journal, July, 2018.

S. Khanchi, N. Zincir-Heywood and M. Heywood, "Streaming Botnet traffic analysis using bio-inspired active learning," NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium, 2018, pp. 1-6, doi: 10.1109/NOMS.2018.8406293.

M. Zolanvari, M. A. Teixeira and R. Jain, "Effect of Imbalanced Datasets on Security of Industrial IoT Using Machine Learning," 2018 IEEE International Conference on Intelligence and Security Informatics (ISI), Miami, FL, 2018, pp. 112-117.

Verma, A., Ranga, V. Evaluation of Network Intrusion Detection Systems for RPL Based 6LoWPAN Networks in IoT. Wireless Pers Commun 108, 1571–1594 (2019). https://doi.org/10.1007/s11277-019-06485-w

Homayoun S., Ahmadzadeh M., Hashemi S., Dehghantanha A., Khayami R. (2018) BoTShark: A Deep Learning Approach for Botnet Traffic Detection. In: Dehghantanha A., Conti M., Dargahi T. (eds) Cyber Threat Intelligence. Advances in Information Security, vol 70. Springer, Cham

Atli, B.G., Miche, Y., Kalliola, A. et al. Anomaly-Based Intrusion Detection Using Extreme Learning Machine and Aggregation of Network Traffic Statistics in Probability Space, Cognitive Computing (2018) 10: 848. https://doi.org/10.1007/s12559-018-9564-y.

Pektaş, A, Acarman, T. Botnet detection based on network flow summary and deep learning. Int J Network Mgmt. 2018; 28:e2039. https://doi.org/10.1002/nem.2039

Nascimento, Zuleika and Djamel Fawzi Hadj Sadok. “MODC: A Pareto-Optimal Optimization Approach for Network Traffic Classification Based on the Divide and Conquer Strategy.” Information 9 (2018): 233.

Meghdouri, Fares, Tanja Zseby and Félix Iglesias. “Analysis of Lightweight Feature Vectors for Attack Detection in Network Traffic.” (2018).

B. G. Atli, Y. Miche and A. Jung, "Network Intrusion Detection Using Flow Statistics," 2018 IEEE Statistical Signal Processing Workshop (SSP), Freiburg, 2018, pp. 70-74. doi: 10.1109/SSP.2018.8450709

Meghdouri, Fares; Zseby, Tanja; Iglesias, Félix. 2018. "Analysis of Lightweight Feature Vectors for Attack Detection in Network Traffic." Appl. Sci. 8, no. 11: 2196.

Koroniotis N., Moustafa N., Sitnikova E., Slay J. (2018) Towards Developing Network Forensic Mechanism for Botnet Activities in the IoT Based on Machine Learning Techniques. In: Hu J., Khalil I., Tari Z., Wen S. (eds) Mobile Networks and Management. MONAMI 2017. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 235. Springer, Cham

Y. Wan, J. Chang, R. Chen and S. Wang, "Feature-Selection-Based Ransomware Detection with Machine Learning of Data Analysis," 2018 3rd International Conference on Computer and Communication Systems (ICCCS), Nagoya, 2018, pp. 85-88. doi: 10.1109/CCOMS.2018.8463300

M. J. Vargas-Muñoz, R. Martínez-Peláez, P. Velarde-Alvarado, E. Moreno-García, D. L. Torres-Roman and J. J. Ceballos-Mejía, "Classification of network anomalies in flow level network traffic using Bayesian networks," 2018 International Conference on Electronics, Communications and Computers (CONIELECOMP), Cholula, 2018, pp. 238-243. doi: 10.1109/CONIELECOMP.2018.8327205

Chowdhury, S., Khanzadeh, M., Akula, R. et al. Botnet detection using graph-based feature clustering. Journal of Big Data (2017) 4: 14. https://doi.org/10.1186/s40537-017-0074-7

Cho B., Kim K.J., Kim H. (2018) The Isolation Algorithm of Problem Location with Multi-agent Approach for End-to-End Network Performance Management. In: Kim K., Joukov N. (eds) Mobile and Wireless Technologies 2017. ICMWT 2017. Lecture Notes in Electrical Engineering, vol 425. Springer, Singapore

Bhuyan M.H., Bhattacharyya D.K., Kalita J.K. (2017) Practical Tools for Attackers and Defenders. In: Network Traffic Anomaly Detection and Prevention. Computer Communications and Networks. Springer, Cham. https://doi.org/10.1007/978-3-319-65188-0_6

O. Yavanoglu and M. Aydos, "A review on cyber security datasets for machine learning algorithms," 2017 IEEE International Conference on Big Data (Big Data), Boston, MA, 2017, pp. 2186-2193.

Ankit Bansal and Sudipta Mahapatra. 2017. A comparative analysis of machine learning techniques for botnet detection. In Proceedings of the 10th International Conference on Security of Information and Networks (SIN '17). ACM, New York, NY, USA, 91-98. DOI: https://doi.org/10.1145/3136825.3136874

T. Salman, D. Bhamare, A. Erbad, R. Jain and M. Samaka, "Machine Learning for Anomaly Detection and Categorization in Multi-Cloud Environments," 2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud), New York, NY, 2017, pp. 97-103.

Luis Miguel Torres, Eduardo Magaña, Daniel Morató, Santiago Garcia-Jimenez, Mikel Izal, TBDClust: Time-based density clustering to enable free browsing of sites in pay-per-use mobile Internet providers. Journal of Network and Computer Applications Volume 99, 1 December 2017, Pages 17-27. ISSN 1084-8045, https://doi.org/10.1016/j.jnca.2017.10.007

F. Haddadi, D. Phan and A. N. Zincir-Heywood, "How to choose from different botnet detection systems?," NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium, Istanbul, 2016, pp. 1079-1084. doi: 10.1109/NOMS.2016.7502964

Christopher R. Harshaw, Robert A. Bridges, Michael D. Iannacone, Joel W. Reed, and John R. Goodall. 2016. GraphPrints: Towards a Graph Analytic Method for Network Anomaly Detection. In Proceedings of the 11th Annual Cyber and Information Security Research Conference (CISRC '16). ACM, New York, NY, USA, Article 15, 4 pages. DOI: https://doi.org/10.1145/2897795.2897806

D. Bhamare, T. Salman, M. Samaka, A. Erbad and R. Jain, "Feasibility of Supervised Machine Learning for Cloud Security," 2016 International Conference on Information Science and Security (ICISS), Pattaya, 2016, pp. 1-5.

Sebasitan Garcia. 2016. Modelling the network behaviour of malware to block malicious patterns. The Stratosphere Project: A Behavioural IPS. Virus Bulletin, Sept 2015.

Nour Moustafa and Jill Slay. 2016. The evaluation of Network Anomaly Detection Systems: Statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set. Inf. Sec. J.: A Global Perspective 25, 1-3 (April 2016), 18-31. DOI: http://dx.doi.org/10.1080/19393555.2015.1125974

Kayla M. Straub, Avik Sengupta, Joseph M. Ernst, Robert W. McGwier, Merrick Watchorn, Richard Tilley, and Randolph Marchany. 2016. Malware Propagation in Fully Connected Networks: A Netflow-Based Analysis. MILCOM 2016 - 2016 IEEE Military Communications Conference, Baltimore, MD, 2016, pp. 497-502. doi: 10.1109/MILCOM.2016.7795376.

Shing-Han Li, Yucheng Kao, Zongcyuan Zhang, Yingping Chuang, David C. Yen. A Network Behavior-Based Botnet Detection Mechanism Using PSO and K-means. ACM Transactions on Management Information Systems, April 2015. Article No.: 3 https://doi.org/10.1145/2676869

Buseung Cho, Kyuil Kim, Hyungwoo Park and Jin-Wook Chung. Oct 2015. Network Flow Awareness System for E-Science Collaborative Application. Indian Journal of Science and Technology, Vol 8(26), DOI: 10.17485/ijst/2015/v8i26/81060.

H. Lim, Y. Yamaguchi, H. Shimada and H. Takakura, "Malware classification method based on sequence of traffic flow," 2015 International Conference on Information Systems Security and Privacy (ICISSP), Angers, 2015, pp. 1-8.

Serguei A. Mokhov, Michael J. Assels, Joey Paquet, and Mourad Debbabi. 2014. Toward Automated MAC Spoofer Investigations. In Proceedings of the 2014 International C* Conference on Computer Science; Software Engineering (C3S2E '14). ACM, New York, NY, USA, , Article 27 , 6 pages. DOI=10.1145/2641483.2641540 http://doi.acm.org/10.1145/2641483.2641540

N. Hoque, Monowar H. Bhuyan, R.C. Baishya, D.K. Bhattacharyya, J.K. Kalita, Network attacks: Taxonomy, tools and systems, Journal of Network and Computer Applications, Volume 40, 2014, Pages 307-324, ISSN 1084-8045, https://doi.org/10.1016/j.jnca.2013.08.001.

S. García, M. Grill, J. Stiborek, and A. Zunino. 2014. An empirical comparison of botnet detection methods. Comput. Secur. 45 (September 2014), 100-123. DOI=10.1016/j.cose.2014.05.011 http://dx.doi.org/10.1016/j.cose.2014.05.011

Pratik Narang, Abhishek Thakur, and Chittaranjan Hota. 2014. Hades: a Hadoop-based framework for detection of peer-to-peer botnets. In Proceedings of the 20th International Conference on Management of Data (COMAD '14). Computer Society of India, Mumbai, India, India, 121-124.

N. Hoque, Monowar H. Bhuyan, R. C. Baishya, D. K. Bhattacharyya, and J. K. Kalita. 2014. Review: Network attacks: Taxonomy, tools and systems. J. Netw. Comput. Appl. 40 (April 2014), 307-324. DOI=10.1016/j.jnca.2013.08.001 http://dx.doi.org/10.1016/j.jnca.2013.08.001

Serguei A. Mokhov, Michael J. Assels, Joey Paquet, and Mourad Debbabi. 2014. Automating MAC Spoofer Evidence Gathering and Encoding for Investigations. In Foundations and Practice of Security: 7th International Symposium, FPS 2014, Montreal, QC, Canada, November 3-5, 2014. ISBN 3319170406, 9783319170404

Serguei A. Mokhov, Michael J. Assels, Joey Paquet, and Mourad Debbabi. 2014. Toward Automated MAC Spoofer Investigations. In Proceedings of the 2014 International C* Conference on Computer Science & Software Engineering (C3S2E '14). ACM, New York, NY, USA, Article 27, 6 pages. DOI: https://doi.org/10.1145/2641483.2641540

García, S. , Zunino, A. and Campo, M. (2014), Survey on network‐based botnet detection methods. Security Comm. Networks, 7: 878-903. doi:10.1002/sec.800

Skrzewski M. (2013) Monitoring System’s Network Activity for Rootkit Malware Detection. In: Kwiecień A., Gaj P., Stera P. (eds) Computer Networks. CN 2013. Communications in Computer and Information Science, vol 370. Springer, Berlin, Heidelberg

Jin, Hongying & Li, Linhao. (2013). Dynamic Network Traffic Flow Prediction Model based on Modified Quantum-Behaved Particle Swarm Optimization. Journal of Networks. 8. 2332-2339. 10.4304/jnw.8.10.2332-2339.

Mansour Alsaleh, Abdullah Alqahtani, Abdulrahman Alarifi, and AbdulMalik Al-Salman. 2013. Visualizing PHPIDS log files for better understanding of web server attacks. In Proceedings of the Tenth Workshop on Visualization for Cyber Security (VizSec '13), John Goodall, Kwan-Liu Ma, Sophie Engle, and Fabian Fischer (Eds.). ACM, New York, NY, USA, 1-8. DOI=10.1145/2517957.2517958 http://doi.acm.org/10.1145/2517957.2517958

P. Celeda, P. Velan, M. Rabek, R. Hofstede, and A. Pras, Large-scale geolocation for NetFlow. Proceedings of IM. 2013, 1015-1020.

Nichole Boscia. 2012. Flow Analysis Tool Whitepaper. https://www.nas.nasa.gov/assets/pdf/papers/boscia_n_flow_analysis_tools_2012.pdf

R. Hunt, "New developments in network forensics — Tools and techniques," 2012 18th IEEE International Conference on Networks (ICON), Singapore, 2012, pp. 376-381. doi: 10.1109/ICON.2012.6506587

Amit Kumar Tyagi and Sadique Nayeem. Article: Detecting HTTP Botnet using Artificial Immune System (AIS). International Journal of Applied Information Systems 2(6):34-37, May 2012. Published by Foundation of Computer Science, New York, USA.

H. Li, G. Hu, J. Yuan and H. Lai, "P2P Botnet Detection Based on Irregular Phased Similarity," 2012 Second International Conference on Instrumentation, Measurement, Computer, Communication and Control, Harbin, 2012, pp. 79-82. doi: 10.1109/IMCCC.2012.25

Yeonhee Lee and Youngseok Lee. 2012. Toward scalable internet traffic measurement and analysis with Hadoop. SIGCOMM Comput. Commun. Rev. 43, 1 (January 2012), 5-13. DOI=10.1145/2427036.2427038 http://doi.acm.org/10.1145/2427036.2427038

Rodrigo M. P. Silva and Ronaldo M. Salles. 2012. Methodology for detection and restraint of p2p applications in the network. In Proceedings of the 12th international conference on Computational Science and Its Applications - Volume Part IV (ICCSA'12), Beniamino Murgante, Osvaldo Gervasi, Sanjay Misra, Nadia Nedjah, and Ana C. Rocha (Eds.), Vol. Part IV. Springer-Verlag, Berlin, Heidelberg, 326-339. DOI=10.1007/978-3-642-31128-4_24 http://dx.doi.org/10.1007/978-3-642-31128-4_24

Monowar H. Bhuyan, D.K. Bhattacharyya, J.K. Kalita, Surveying Port Scans and Their Detection Methodologies, The Computer Journal, Volume 54, Issue 10, October 2011, Pages 1565–1581, https://doi.org/10.1093/comjnl/bxr035

Skrzewski M. (2011) Analyzing Outbound Network Traffic. In: Kwiecień A., Gaj P., Stera P. (eds) Computer Networks. CN 2011. Communications in Computer and Information Science, vol 160. Springer, Berlin, Heidelberg

Michael J. Assels, Dana Echtner, Michael Spanner, Serguei A. Mokhov, François Carrière, and Manny Taveroff. 2011. Multifaceted faculty network design and management: practice and experience. In Proceedings of The Fourth International C* Conference on Computer Science and Software Engineering (C3S2E '11). ACM, New York, NY, USA, 151-155. DOI=10.1145/1992896.1992916 http://doi.acm.org/10.1145/1992896.1992916

Saptarshi Guha, Paul Kidwell, Asgrith Barthur, William S Cleveland, John Gerth, and Carter Bullard. 2011. SSH Keystroke Packet Detection, ICS-2011—Monterey, California, Jan 9-11.

Skrzewski M. (2011) Flow Based Algorithm for Malware Traffic Detection. In: Kwiecień A., Gaj P., Stera P. (eds) Computer Networks. CN 2011. Communications in Computer and Information Science, vol 160. Springer, Berlin, Heidelberg

Apeksha Godiyal, Michael Garland, John C. Hart. 2010. Enhancing Network Traffic Visualization by Graph Pattern Analysis.

Robin Berthier, Michel Cukier, Matti Hiltunen, Dave Kormann, Gregg Vesonder, and Dan Sheleheda. 2010. Nfsight: netflow-based network awareness tool. In Proceedings of the 24th international conference on Large installation system administration (LISA'10). USENIX Association, Berkeley, CA, USA, 1-8.

Hossein Rouhani Zeidanloo, Azizah Bt Abdul Manaf, Rabiah Bt Ahmad, Mazdak Zamani, Saman Shojae Chaeikar. 2010. A Proposed Framework for P2P Botnet Detection. IACSIT International Journal of Engineering and Technology, Vol.2, No.2, April 2010 ISSN: 1793-8236.

Emmanuel S. Pilli, R. C. Joshi, and Rajdeep Niyogi. 2010. Network forensic frameworks: Survey and research challenges. Digit. Investig. 7, 1-2 (October 2010), 14-27. DOI=10.1016/j.diin.2010.02.003 http://dx.doi.org/10.1016/j.diin.2010.02.003

Christopher M. Inacio and Brian Trammell. 2010. YAF: yet another flowmeter. In Proceedings of the 24th international conference on Large installation system administration (LISA'10). USENIX Association, Berkeley, CA, USA, 1-16.

2010. Proceedings of the Seventh International Symposium on Visualization for Cyber Security. ACM, New York, NY, USA.

Lin Quan and John Heidemann. 2010. On the characteristics and reasons of long-lived internet flows. In Proceedings of the 10th Annual Conference on Internet Measurement (IMC '10). ACM, New York, NY, USA, 444-450. [doi=10.1145/1879141.1879198]

Mohammed Sqalli, Raed AlShaikh, and Ezzat Ahmed. 2010. A distributed honeynet at KFUPM: a case study. In Proceedings of the 13th International Conference on Recent Advances in Intrusion Detection (RAID'10), Somesh Jha, Robin Sommer, and Christian Kreibich (Eds.). Springer-Verlag, Berlin, Heidelberg, 486-487.

Pavel Minarik, Jan Vykopal, and Vojtech Krmicek. 2009. Improving Host Profiling with Bidirectional Flows. In Proceedings of the 2009 International Conference on Computational Science and Engineering - Volume 03 (CSE '09), Vol. 3. IEEE Computer Society, Washington, DC, USA, 231-237. [doi=10.1109/CSE.2009.23]

Cristian Morariu, Peter Racz, and Burkhard Stiller. 2009. Design and Implementation of a Distributed Platform for Sharing IP Flow Records. In Proceedings of the 20th IFIP/IEEE International Workshop on Distributed Systems: Operations and Management: Integrated Management of Systems, Services, Processes and People in IT (DSOM '09), Claudio Bartolini and Luciano Paschoal Gaspary (Eds.). Springer-Verlag, Berlin, Heidelberg, 1-14. [doi=10.1007/978-3-642-04989-7_1]

H. Okamura, T. Dohi, K. S. Trivedi, Markovian Arrival Process Parameter Estimation With Group Data, IEEE/ACM Transactions on Networking (TON) Vol 17, Issue 4, p.1326-1339, August , 2009, Piscataway, NJ, USA [doi>10.1109/TNET.2008.2008750]

T. Yen, X. Huang, F. Monrose, M. Reiter, Browser Fingerprinting from Coarse Traffic Summaries: Techniques and Implications, Detection of Intrusions and Malware, and Vulnerability Assessment 6th International Conference, DIMVA 2009, Como, Italy, July 9-10, 2009. Proceedings [doi>10.1007/978-3-642-02918-9]

S. Lin, Z. Gao, K. Xu, Web 2.0 traffic measurement: analysis on online map applications, Proceedings of the 18th international workshop on Network and operating systems support for digital audio and video, p.7-12, June 03 - 05, 2009, Williamsburg, VA, USA [doi>10.1145/1542245.1542248]

S. Tricaud, P. Saadé, Applied Parallel Coordinates for Logs and Network Traffic Attack Analysis, European Institute for Computer Anti-Virus Research (EICAR) 18th Annual Conference, May 11 - 12, 2009, Berlin, Germany [pdf]

G. Louthan, B. Deetz, M. Walker, J. Hale, Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies, Session: Track 8, Article No. 67, Apr 13 - 15, 2009, Oak Ridge, Tennessee, USA [doi>10.1145/1558607.1558684]

G. Vandenberghe, Network Traffic Exploration Application: A Tool to Assess, Visualize, and Analyze Network Security Events, Proceedings of the 5th International Workshop on Visualization for Computer Security, VizSec 2008, p. 181-196, September 15, 2008, Cambridge, MA, USA [doi>10.1007/978-3-540-85933-8_18]

Rodrigo Werlinger , Kirstie Hawkey , Kasia Muldner , Pooya Jaferian , Konstantin Beznosov, The challenges of using an intrusion detection system: is it worth the effort?, Proceedings of the 4th symposium on Usable privacy and security, July 23-25, 2008, Pittsburgh, Pennsylvania [doi>10.1145/1408664.1408679]

Guofei Gu , Roberto Perdisci , Junjie Zhang , Wenke Lee, BotMiner: clustering analysis of network traffic for protocol- and structure-independent botnet detection, Proceedings of the 17th conference on Security symposium, p.139-154, July 28-August 01, 2008, San Jose, CA

T-F Yen and M. K. Reiter, Traffic aggregation for malware detection, In Detection of Intrusions and Malware, and Vulnerability Assessment, 5th International Conference, DIMVA 2008 (Lecture Notes in Computer Science 5137), pages 207-227, July 10-11 2008, Paris, France [doi:10.1007/978-3-540-70542-0_11]

Mansour Alsaleh, David Barrera, and P. C. van Oorschot. 2008. Improving Security Visualization with Exposure Map Filtering. In Proceedings of the 2008 Annual Computer Security Applications Conference (ACSAC '08). IEEE Computer Society, Washington, DC, USA, 205-214. DOI=10.1109/ACSAC.2008.16 http://dx.doi.org/10.1109/ACSAC.2008.16

G. Nychis, V. Sekar, D Andersen, H Kim, H Zhang, An empirical evaluation of entropy-based traffic anomaly detection, Proceedings of the 8th ACM SIGCOMM conference on Internet measurement, p 151-156, October 20-22, 2008, Vouliagmeni, Greece

Kiran Lakkaraju , Adam Slagell, Evaluating the utility of anonymized network traces for intrusion detection, Proceedings of the 4th international conference on Security and privacy in communication networks, September 22-25, 2008, Istanbul, Turkey [doi>10.1145/1460877.1460899]

L. Merkle, Automated Network Forensics, Proceedings of the 2008 GECCO Conference Companion on Genetic and Evolutionary Computation, p.1929-1932, 2008, Atlanta, GA, USA.

M. Ekmanis, V Novikovs, A Rusko, Unauthorized Network Services Detection by Flow Analysis, Electronics and Electrical Engineering. – Kaunas: Technologija, No. 5(85), p.49-56, 2008.

J. Naous, D. Ericson, A. Covington, G Appenzeller, N. McKeown, Implementing an OpenFlow switch on the NetFPGA platform, Symposium On Architecture For Networking And Communications Systems, p.1-9, 2008, San Jose, CA

Doantam Phan, John Gerth, Marcia Lee, Andreas Paepcke, and Terry Winograd, Visual Analysis of Network Flow Data with Timelines and Event Plots, VizSEC 2007: Proceedings of the Workshop on Visualization for Computer Security, 2007 [doi>10.1007/978-3-540-78243-8_6]

Christoforos Kachris, Chidamber Kulkarni, Configurable Transactional Memory, Field-Programmable Custom Computing Machines, 2007. FCCM 2007. 15th Annual IEEE Symposium on, Page(s):65 - 72, April 2007 Napa, Ca, USA. [doi>10.1109/FCCM.2007.41]

David Botta , Rodrigo Werlinger , André Gagné , Konstantin Beznosov , Lee Iverson , Sidney Fels , Brian Fisher, Towards understanding IT security professionals and their tools, Proceedings of the 3rd symposium on Usable privacy and security, July 18-20, 2007, Pittsburgh, Pennsylvania [doi>10.1145/1280680.1280693]

H. Okamura, Y. Kamahara, T. Dohi, Estimating Markov-modulated compound Poisson processes, Proceedings of the 2nd international conference on Performance evaluation methodologies and tools, Article 28, October 22-27, 2007, Nantes, France.

M. Masuya, t Yamanoue, S. Kubota, An experience of monitoring university network security using a commercial service and DIY monitoring, Proceedings of the 34th annual ACM SIGUCCS conference on User services, p.225-230, November 5-8, 2006, Edmonton, Alberta, Canada [doi>10.1145/1181216.1181267]

A. Ferro, I Delgado, A Munoz, F Liberal, An analytical model for loss estimation in network traffic analysis systems, Journal of Computer and System Sciences, Vol. 72, Issue 7, November 2006 [doi>10.1016/j.jcss.2005.12.004]

L. Xiao, J. Gerth, P. Hanrahan, Enhancing Visual Analysis of Network Traffic Using a Knowledge Representation, Visual Analytics Science And Technology, 2006 IEEE Symposium On, p 107-114, Oct 31 - Nov 2, 2006, Baltimore, MD, USA [doi>10.1109/VAST.2006.261436]

Javier Verdú , Jorge Garcí , Mario Nemirovsky , Mateo Valero, Architectural impact of stateful networking applications, Proceedings of the 2005 ACM symposium on Architecture for networking and communications systems, October 26-28, 2005, Princeton, NJ, USA [doi>10.1145/1095890.1095893]

William Yurcik, Visualizing NetFlows for security at line speed: the SIFT tool suite, Proceedings of the 19th conference on Large Installation System Administration Conference, p.16-16, December 04-09, 2005, San Diego, CA

Kiran Lakkaraju , William Yurcik , Adam J. Lee, NVisionIP: netflow visualizations of system state for security situational awareness, Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security, October 29-29, 2004, Washington DC, USA [doi>10.1145/1029208.1029219]

Dogu Arifler , Gustavo de Veciana , Brian L. Evans, A factor analytic approach to inferring congestion sharing based on flow level measurements, IEEE/ACM Transactions on Networking (TON), v.15 n.1, p.67-79, February 2007 [doi>10.1109/TNET.2006.890103]

Thorsten Voss, Klaus-Peter Kossakowski, "Detecting New Patterns of Attacks - Results and Applications of Large Scale Sensoring Networks.," IT-Incidents Management & IT-Forensics - IMF 2006, Conference Proceedings, October, 18th-19th, 2006, Stuttgart.

Sun-Myung Hwang, "P2P Protocol Analysis and Blocking Algorithm", Computational Science and Its Applications – ICCSA 2005 Lecture Notes in Computer Science Volume 3481, 2005, pp 21-30

Javier Verdu, Mario Nemirovsky, Jorge Garcia, and Mateo Valero, "Workload Characterization of Stateful Networking Applications", In Procs. of the 6th International Symposium on High Performance Computing (ISHPC-VI), Higashikasugano, Nara City, Japan, September 2005.

Nick Duffield, "Sampling for Passive Internet Measurement: A Review", Statistical Science, vol. 19, no. 3 472-498, 2004, doi:10.1214/088342304000000206.

Kevin Chen, Jennifer Tu, Alex Vandiver, "Analyzing Network Traffic from a Class B Darknet", This email address is being protected from spambots. You need JavaScript enabled to view it. http://web.mit.edu/~austein/www/darknet.pdf, Dec 2004.

Frederic Raynal, Yann Berthier, Philippe Biondi, Danielle Kaminsky, "Honeypot Forensics Part I: Analyzing the Network," IEEE Security and Privacy, vol. 2, no. 4, pp. 72-78, July 2004, doi:10.1109/MSP.2004.47

Nick Duffield, Carsten Lund, and Mikkel Thorup. 2002. Properties and prediction of flow statistics from sampled packet streams. In Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment (IMW '02). ACM, New York, NY, USA, 159-171. DOI=10.1145/637201.637225 http://doi.acm.org/10.1145/637201.637225

Nick Duffield , Carsten Lund , Mikkel Thorup, Charging from sampled network usage, Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement, November 01-02, 2001, San Francisco, California, USA [doi>10.1145/505202.505232]

Steve Romig. 2000. The OSU Flow-tools Package and CISCO NetFlow Logs. In Proceedings of the 14th USENIX conference on System administration (LISA '00). USENIX Association, Berkeley, CA, USA, 291-304.

Marcus J. Ranum, Kent Landfield, Mike Stolarchuk, Mark Sienkiewicz, Andrew Lambeth, and Eric Wall. 1997. Implementing a Generalized Tool for Network Monitoring: ("Best Paper" Award!). In Proceedings of the 11th USENIX conference on System administration (LISA '97). USENIX Association, Berkeley, CA, USA, 1-8.

Books

C Sanders, J Smith, Applied Network Security Monitoring: Collection, Detection, and Analysis, Waltham, MA, Syngress, 2014.

R. Bejtlich, The Practice of Network Security Monitoring: Understanding Incident Detection and Response, San Francisco: No Starch Press, 2013.

Wireless Networking in the Developing World 3rd Edition, http://wndw.net, 2013.

S. Davidoff, J. Ham, Network Forensics: Tracking Hackers through Cyberspace, Prentice Hall, 1st Edition, 2012.

J. Vacca, Managing Information Secuirty, Syngress Publishing, 2010.

R. Marty, Applied Security Visualization, New York:Addison-Wesley Professional, Aug 2008.

A. Lockhart, Network Security Hacks 2nd Edition, O'Reilly Media, Inc., Sestaphol, CA, USA 2007.

J Babbin, et. al., Security Log Management: Identifying Patterns in the Chaos 2nd Edition, Syngress Publishing, Inc., Rockland, MA, USA 2006.

Flickenger R.; Belcher M.; Canessa E.; Zennaro M, How to Accelerate Your Internet: A practical Guide to Bandwidth Management and Optimisation Using Open Source Software Oxford: INASP/ICTP. ISBN: 0-9778093-1-5. 2006.

V Oppleman, O Friedrichs and B Watson, Extreme Exploits: Advanced Defenses Against Hardcore Hacks (Hacking Exposed), McGraw-Hill Osborne Media; 1 edition July 18, 2005.

R. Bejtlich, Extrusion Detection : Security Monitoring for Internal Intrusions, New York:Addison-Wesley, November 2005.

I. Ristic, Apache Security, O'Reilly Media Inc., Sebastopol, CA, USA, 2005.

R. Bejtlich, The Tao of Network Security Monitoring: Beyond Intrusion Detection , New York:Addison-Wesley, 2004.

D. Farmer, W. Venema, Forensic Discovery, New York:Addison-Wesley, 2004.

J. Nazario, Defense and Detection Strategies against Internet Worms, Boston:Artech House, 2004.

Eoghan Casey, Digital Evidence and Computer Crime 2nd Edition, Academic Press, Inc., Orlando, FL, 2004.