{"id":"https://openalex.org/W4409857493","doi":"https://doi.org/10.1007/s12083-025-01947-4","title":"A feature selection-driven machine learning framework for anomaly-based intrusion detection systems","display_name":"A feature selection-driven machine learning framework for anomaly-based intrusion detection systems","publication_year":2025,"publication_date":"2025-04-28","ids":{"openalex":"https://openalex.org/W4409857493","doi":"https://doi.org/10.1007/s12083-025-01947-4"},"language":"en","primary_location":{"id":"doi:10.1007/s12083-025-01947-4","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s12083-025-01947-4","pdf_url":"https://link.springer.com/content/pdf/10.1007/s12083-025-01947-4.pdf","source":{"id":"https://openalex.org/S177487720","display_name":"Peer-to-Peer Networking and Applications","issn_l":"1936-6442","issn":["1936-6442","1936-6450"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319965","host_organization_name":"Springer Nature","host_organization_lineage":["https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Nature"],"type":"journal"},"license":"cc-by-nc-nd","license_id":"https://openalex.org/licenses/cc-by-nc-nd","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Peer-to-Peer Networking and Applications","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://link.springer.com/content/pdf/10.1007/s12083-025-01947-4.pdf","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5117345506","display_name":"Emre Emirmahmuto\u011flu","orcid":null},"institutions":[{"id":"https://openalex.org/I79305253","display_name":"National Defence University","ror":"https://ror.org/045vxh980","country_code":"PK","type":"education","lineage":["https://openalex.org/I79305253"]}],"countries":["PK"],"is_corresponding":true,"raw_author_name":"Emre Emirmahmuto\u011flu","raw_affiliation_strings":["Department of Cyber Security, Alparslan Defence Sciences and National Security Institute, National Defence University, Ankara, Turkey"],"affiliations":[{"raw_affiliation_string":"Department of Cyber Security, Alparslan Defence Sciences and National Security Institute, National Defence University, Ankara, Turkey","institution_ids":["https://openalex.org/I79305253"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5059163959","display_name":"Y\u0131lmaz Atay","orcid":"https://orcid.org/0000-0002-3298-3334"},"institutions":[{"id":"https://openalex.org/I95634034","display_name":"Gazi University","ror":"https://ror.org/054xkpr46","country_code":"TR","type":"education","lineage":["https://openalex.org/I95634034"]}],"countries":["TR"],"is_corresponding":false,"raw_author_name":"Y\u0131lmaz Atay","raw_affiliation_strings":["Department of Computer Engineering, Faculty of Engineering, Gazi University, Ankara, Turkey"],"affiliations":[{"raw_affiliation_string":"Department of Computer Engineering, Faculty of Engineering, Gazi University, Ankara, Turkey","institution_ids":["https://openalex.org/I95634034"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5117345506"],"corresponding_institution_ids":["https://openalex.org/I79305253"],"apc_list":{"value":2790,"currency":"EUR","value_usd":3590},"apc_paid":{"value":2790,"currency":"EUR","value_usd":3590},"fwci":11.4835,"has_fulltext":true,"cited_by_count":7,"citation_normalized_percentile":{"value":0.98256379,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":97,"max":99},"biblio":{"volume":"18","issue":"3","first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9927999973297119,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9846000075340271,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/feature-selection","display_name":"Feature selection","score":0.7757219672203064},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.7473942041397095},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.6930643320083618},{"id":"https://openalex.org/keywords/anomaly-based-intrusion-detection-system","display_name":"Anomaly-based intrusion detection system","score":0.6413964629173279},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6122636795043945},{"id":"https://openalex.org/keywords/anomaly","display_name":"Anomaly (physics)","score":0.6079034805297852},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.5725663900375366},{"id":"https://openalex.org/keywords/selection","display_name":"Selection (genetic algorithm)","score":0.5541999936103821},{"id":"https://openalex.org/keywords/feature","display_name":"Feature (linguistics)","score":0.522892415523529},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.47716325521469116},{"id":"https://openalex.org/keywords/pattern-recognition","display_name":"Pattern recognition (psychology)","score":0.3902234733104706},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.37990128993988037}],"concepts":[{"id":"https://openalex.org/C148483581","wikidata":"https://www.wikidata.org/wiki/Q446488","display_name":"Feature selection","level":2,"score":0.7757219672203064},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.7473942041397095},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.6930643320083618},{"id":"https://openalex.org/C137524506","wikidata":"https://www.wikidata.org/wiki/Q2247688","display_name":"Anomaly-based intrusion detection system","level":3,"score":0.6413964629173279},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6122636795043945},{"id":"https://openalex.org/C12997251","wikidata":"https://www.wikidata.org/wiki/Q567560","display_name":"Anomaly (physics)","level":2,"score":0.6079034805297852},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.5725663900375366},{"id":"https://openalex.org/C81917197","wikidata":"https://www.wikidata.org/wiki/Q628760","display_name":"Selection (genetic algorithm)","level":2,"score":0.5541999936103821},{"id":"https://openalex.org/C2776401178","wikidata":"https://www.wikidata.org/wiki/Q12050496","display_name":"Feature (linguistics)","level":2,"score":0.522892415523529},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.47716325521469116},{"id":"https://openalex.org/C153180895","wikidata":"https://www.wikidata.org/wiki/Q7148389","display_name":"Pattern recognition (psychology)","level":2,"score":0.3902234733104706},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.37990128993988037},{"id":"https://openalex.org/C41895202","wikidata":"https://www.wikidata.org/wiki/Q8162","display_name":"Linguistics","level":1,"score":0.0},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0},{"id":"https://openalex.org/C26873012","wikidata":"https://www.wikidata.org/wiki/Q214781","display_name":"Condensed matter physics","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1007/s12083-025-01947-4","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s12083-025-01947-4","pdf_url":"https://link.springer.com/content/pdf/10.1007/s12083-025-01947-4.pdf","source":{"id":"https://openalex.org/S177487720","display_name":"Peer-to-Peer Networking and Applications","issn_l":"1936-6442","issn":["1936-6442","1936-6450"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319965","host_organization_name":"Springer Nature","host_organization_lineage":["https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Nature"],"type":"journal"},"license":"cc-by-nc-nd","license_id":"https://openalex.org/licenses/cc-by-nc-nd","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Peer-to-Peer Networking and Applications","raw_type":"journal-article"}],"best_oa_location":{"id":"doi:10.1007/s12083-025-01947-4","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s12083-025-01947-4","pdf_url":"https://link.springer.com/content/pdf/10.1007/s12083-025-01947-4.pdf","source":{"id":"https://openalex.org/S177487720","display_name":"Peer-to-Peer Networking and Applications","issn_l":"1936-6442","issn":["1936-6442","1936-6450"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319965","host_organization_name":"Springer Nature","host_organization_lineage":["https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Nature"],"type":"journal"},"license":"cc-by-nc-nd","license_id":"https://openalex.org/licenses/cc-by-nc-nd","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Peer-to-Peer Networking and Applications","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[],"funders":[{"id":"https://openalex.org/F4320321861","display_name":"Gazi \u00dcniversitesi","ror":"https://ror.org/054xkpr46"}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4409857493.pdf","grobid_xml":"https://content.openalex.org/works/W4409857493.grobid-xml"},"referenced_works_count":61,"referenced_works":["https://openalex.org/W7191366","https://openalex.org/W181537749","https://openalex.org/W861925310","https://openalex.org/W1606402766","https://openalex.org/W1772700132","https://openalex.org/W1859314164","https://openalex.org/W1908991523","https://openalex.org/W1995341919","https://openalex.org/W2087890993","https://openalex.org/W2108513376","https://openalex.org/W2169619350","https://openalex.org/W2490324144","https://openalex.org/W2492578998","https://openalex.org/W2507770834","https://openalex.org/W2517975492","https://openalex.org/W2548124629","https://openalex.org/W2789654058","https://openalex.org/W2789828921","https://openalex.org/W2794951181","https://openalex.org/W2890230859","https://openalex.org/W2903452648","https://openalex.org/W2921619317","https://openalex.org/W2921708219","https://openalex.org/W2933912020","https://openalex.org/W2950250245","https://openalex.org/W2958489519","https://openalex.org/W2973032842","https://openalex.org/W3000225415","https://openalex.org/W3001675796","https://openalex.org/W3010157523","https://openalex.org/W3014732532","https://openalex.org/W3032021129","https://openalex.org/W3043799819","https://openalex.org/W3093410479","https://openalex.org/W3100933494","https://openalex.org/W3117829857","https://openalex.org/W3156522613","https://openalex.org/W3157280532","https://openalex.org/W3212457727","https://openalex.org/W3213213154","https://openalex.org/W4206130810","https://openalex.org/W4211114749","https://openalex.org/W4213061225","https://openalex.org/W4213102919","https://openalex.org/W4242552899","https://openalex.org/W4245439404","https://openalex.org/W4253007548","https://openalex.org/W4293093536","https://openalex.org/W4300106150","https://openalex.org/W4301028200","https://openalex.org/W4313591247","https://openalex.org/W4382654565","https://openalex.org/W4385418220","https://openalex.org/W4389513574","https://openalex.org/W4390736927","https://openalex.org/W4390738702","https://openalex.org/W4391258395","https://openalex.org/W4393011491","https://openalex.org/W4393409607","https://openalex.org/W4395678231","https://openalex.org/W4406346523"],"related_works":["https://openalex.org/W2337148208","https://openalex.org/W3004832009","https://openalex.org/W2806741695","https://openalex.org/W3036013726","https://openalex.org/W1971929717","https://openalex.org/W2351051591","https://openalex.org/W2369534771","https://openalex.org/W2357468538","https://openalex.org/W1548126107","https://openalex.org/W2209997499"],"abstract_inverted_index":{"Abstract":[0],"In":[1,39,75,133,272,306],"light":[2],"of":[3,29,117,121,286,317,377,389,396],"rapid":[4],"technological":[5],"developments,":[6],"a":[7,93,284,315],"marked":[8],"rise":[9],"in":[10,87,119,190,249,256,264,288,295,303,319,326,334,337,385,412],"global":[11],"internet":[12],"usage":[13],"has":[14,203],"contributed":[15],"to":[16,26,41,70,83,113,160,194,232],"increased":[17],"sensitive":[18],"data":[19],"flow":[20],"across":[21],"networks.":[22],"This":[23,90,109],"increase":[24],"leads":[25],"the":[27,115,134,226,233,236,246,253,261,267,273,277,280,290,298,307,311,321,329,338,341,346,352,357,363,374,387,394],"diversification":[28],"malicious":[30,60],"attacks":[31],"and":[32,59,68,106,124,143,153,209,258,297,328,360,381,406],"makes":[33],"cyber":[34],"security":[35],"requirements":[36],"more":[37],"evident.":[38],"order":[40],"ensure":[42],"network":[43,63,66,88,382],"security,":[44],"intrusion":[45,390],"detection":[46,55,100,126,391],"systems":[47,56,101],"stand":[48],"out":[49],"as":[50,242,276],"an":[51,186],"essential":[52],"component.":[53],"Intrusion":[54],"detect":[57],"suspicious":[58],"activities":[61],"over":[62],"traffic,":[64],"allowing":[65],"administrators":[67],"experts":[69],"monitor":[71],"current":[72],"threats":[73],"continuously.":[74],"anomaly-based":[76,98,162],"systems,":[77],"machine":[78,104,155],"learning":[79,105,156],"approaches":[80],"are":[81,158,212,229,241],"applied":[82],"identify":[84],"abnormal":[85],"attempts":[86],"traffic.":[89],"study":[91,111],"presents":[92],"feature":[94,140,183,200,215,368,397],"selection":[95,141,184,398],"framework":[96],"for":[97,214,245,252,260,351,356,362,409],"attack":[99,125],"by":[102,127],"combining":[103],"heuristic":[107,131],"algorithms.":[108],"proposed":[110,135],"aims":[112],"improve":[114],"performance":[116,388],"IDSs":[118],"terms":[120],"both":[122],"time":[123,191],"selecting":[128],"features":[129,178],"with":[130,176,222],"approaches.":[132],"approach,":[136],"PSO,":[137,208],"FPA,":[138,210],"DE":[139,247,281,312,353],"methods":[142],"LR,":[144],"DT,":[145,296,320,327],"RF,":[146,304],"KNN,":[147],"NB,":[148],"GB,":[149,250,257,265,289],"LDA,":[150],"QDA,":[151],"AdaBoost,":[152],"NN":[154],"algorithms":[157],"used":[159,213,275],"perform":[161],"comparative":[163],"analyses":[164],"on":[165,173,266,367],"KDDCup99,":[166],"NSL-KDD,":[167,274],"UNSW-NB15,":[168,310],"CSE-CIS-IDS2018":[169],"datasets.":[170],"Analyses":[171],"conducted":[172],"these":[174],"datasets":[175],"various":[177],"demonstrated":[179],"that":[180,196,206],"models":[181,195],"employing":[182],"achieved":[185,240,283,314,344],"approximate":[187],"two-hundred-percent":[188],"improvement":[189],"efficiency":[192],"compared":[193],"did":[197],"not":[198],"utilize":[199],"selection.":[201,369],"It":[202],"been":[204],"determined":[205],"DE,":[207],"which":[211],"selection,":[216],"provide":[217],"high-accuracy":[218],"outputs":[219],"when":[220],"combined":[221],"different":[223],"classifiers.":[224],"When":[225],"analysis":[227],"results":[228,372],"assessed":[230],"according":[231],"specified":[234],"criteria,":[235],"highest":[237,342],"F1-Score":[238],"values":[239],"follows:":[243],"0.9972":[244],"method":[248,255,263,282,292,300,313,323,331],"0.9969":[251],"PSO":[254,291,322,358],"0.9948":[259],"FPA":[262,299,330,364],"KDD":[268],"CUP":[269],"99":[270],"dataset.":[271],"second":[278],"dataset,":[279,309,340],"score":[285,316],"0.9713":[287],"reached":[293,324],"0.9112":[294],"obtained":[301,332,371],"0.9894":[302],"respectively.":[305],"third":[308],"0.9507":[318],"0.9068":[325],"0.8924":[333],"NN.":[335],"Finally,":[336],"CSE-CIC-IDS2018":[339],"scores":[343],"using":[345],"RF":[347],"algorithm":[348],"were":[349],"0.99986":[350],"method,":[354,359,365],"0.99989":[355],"0.99987":[361],"based":[366],"The":[370],"underscore":[373],"critical":[375],"role":[376],"dataset":[378],"generation":[379],"processes":[380],"traffic":[383],"dynamics":[384],"enhancing":[386],"systems.":[392],"Additionally,":[393],"significance":[395],"was":[399],"highlighted.":[400],"These":[401],"findings":[402],"offer":[403],"valuable":[404],"insights":[405],"present":[407],"opportunities":[408],"further":[410],"advancements":[411],"future":[413],"research.":[414]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":6}],"updated_date":"2026-03-10T16:38:18.471706","created_date":"2025-10-10T00:00:00"}