{"id":"https://openalex.org/W3126814579","doi":"https://doi.org/10.1109/access.2021.3056614","title":"Benchmarking of Machine Learning for Anomaly Based Intrusion Detection Systems in the CICIDS2017 Dataset","display_name":"Benchmarking of Machine Learning for Anomaly Based Intrusion Detection Systems in the CICIDS2017 Dataset","publication_year":2021,"publication_date":"2021-01-01","ids":{"openalex":"https://openalex.org/W3126814579","doi":"https://doi.org/10.1109/access.2021.3056614","mag":"3126814579"},"language":"en","primary_location":{"id":"doi:10.1109/access.2021.3056614","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2021.3056614","pdf_url":"https://ieeexplore.ieee.org/ielx7/6287639/9312710/09345704.pdf","source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://ieeexplore.ieee.org/ielx7/6287639/9312710/09345704.pdf","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5044295227","display_name":"Ziadoon Kamil Maseer","orcid":"https://orcid.org/0000-0002-2338-6650"},"institutions":[{"id":"https://openalex.org/I32589535","display_name":"Technical University of Malaysia Malacca","ror":"https://ror.org/01xb6rs26","country_code":"MY","type":"education","lineage":["https://openalex.org/I32589535"]}],"countries":["MY"],"is_corresponding":true,"raw_author_name":"Ziadoon Kamil Maseer","raw_affiliation_strings":["Faculty of Information and Communication Technology, Universiti Teknikal Malaysia Melaka, Malacca, Malaysia"],"raw_orcid":"https://orcid.org/0000-0002-2338-6650","affiliations":[{"raw_affiliation_string":"Faculty of Information and Communication Technology, Universiti Teknikal Malaysia Melaka, Malacca, Malaysia","institution_ids":["https://openalex.org/I32589535"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5087588973","display_name":"Robiah Yusof","orcid":"https://orcid.org/0000-0002-0582-7512"},"institutions":[{"id":"https://openalex.org/I32589535","display_name":"Technical University of Malaysia Malacca","ror":"https://ror.org/01xb6rs26","country_code":"MY","type":"education","lineage":["https://openalex.org/I32589535"]}],"countries":["MY"],"is_corresponding":false,"raw_author_name":"Robiah Yusof","raw_affiliation_strings":["Faculty of Information and Communication Technology, Universiti Teknikal Malaysia Melaka, Malacca, Malaysia"],"raw_orcid":"https://orcid.org/0000-0002-0582-7512","affiliations":[{"raw_affiliation_string":"Faculty of Information and Communication Technology, Universiti Teknikal Malaysia Melaka, Malacca, Malaysia","institution_ids":["https://openalex.org/I32589535"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5050148299","display_name":"Nazrulazhar Bahaman","orcid":"https://orcid.org/0000-0003-0549-900X"},"institutions":[{"id":"https://openalex.org/I32589535","display_name":"Technical University of Malaysia Malacca","ror":"https://ror.org/01xb6rs26","country_code":"MY","type":"education","lineage":["https://openalex.org/I32589535"]}],"countries":["MY"],"is_corresponding":false,"raw_author_name":"Nazrulazhar Bahaman","raw_affiliation_strings":["Faculty of Information and Communication Technology, Universiti Teknikal Malaysia Melaka, Malacca, Malaysia"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Faculty of Information and Communication Technology, Universiti Teknikal Malaysia Melaka, Malacca, Malaysia","institution_ids":["https://openalex.org/I32589535"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5016511172","display_name":"Salama A. Mostafa","orcid":"https://orcid.org/0000-0001-5348-502X"},"institutions":[{"id":"https://openalex.org/I930072361","display_name":"Tun Hussein Onn University of Malaysia","ror":"https://ror.org/01c5wha71","country_code":"MY","type":"education","lineage":["https://openalex.org/I930072361"]}],"countries":["MY"],"is_corresponding":false,"raw_author_name":"Salama A. Mostafa","raw_affiliation_strings":["Faculty of Computer Science and Information Technology, Universiti Tun Hussein Onn Malaysia, Batu Pahat, Malaysia"],"raw_orcid":"https://orcid.org/0000-0001-5348-502X","affiliations":[{"raw_affiliation_string":"Faculty of Computer Science and Information Technology, Universiti Tun Hussein Onn Malaysia, Batu Pahat, Malaysia","institution_ids":["https://openalex.org/I930072361"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5042265520","display_name":"Cik Feresa Mohd Foozy","orcid":"https://orcid.org/0000-0002-9085-6819"},"institutions":[{"id":"https://openalex.org/I930072361","display_name":"Tun Hussein Onn University of Malaysia","ror":"https://ror.org/01c5wha71","country_code":"MY","type":"education","lineage":["https://openalex.org/I930072361"]}],"countries":["MY"],"is_corresponding":false,"raw_author_name":"Cik Feresa Mohd Foozy","raw_affiliation_strings":["Faculty of Computer Science and Information Technology, Universiti Tun Hussein Onn Malaysia, Batu Pahat, Malaysia"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Faculty of Computer Science and Information Technology, Universiti Tun Hussein Onn Malaysia, Batu Pahat, Malaysia","institution_ids":["https://openalex.org/I930072361"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5044295227"],"corresponding_institution_ids":["https://openalex.org/I32589535"],"apc_list":{"value":1850,"currency":"USD","value_usd":1850},"apc_paid":{"value":1850,"currency":"USD","value_usd":1850},"fwci":47.3991,"has_fulltext":true,"cited_by_count":415,"citation_normalized_percentile":{"value":0.99972011,"is_in_top_1_percent":true,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":99,"max":100},"biblio":{"volume":"9","issue":null,"first_page":"22351","last_page":"22370"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9962999820709229,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9919000267982483,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7924505472183228},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.7490801811218262},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.7020552754402161},{"id":"https://openalex.org/keywords/support-vector-machine","display_name":"Support vector machine","score":0.6124710440635681},{"id":"https://openalex.org/keywords/random-forest","display_name":"Random forest","score":0.5674940347671509},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.5618994832038879},{"id":"https://openalex.org/keywords/decision-tree","display_name":"Decision tree","score":0.5552248954772949},{"id":"https://openalex.org/keywords/benchmarking","display_name":"Benchmarking","score":0.5328816771507263},{"id":"https://openalex.org/keywords/artificial-neural-network","display_name":"Artificial neural network","score":0.522788941860199},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.5132629871368408},{"id":"https://openalex.org/keywords/naive-bayes-classifier","display_name":"Naive Bayes classifier","score":0.49510374665260315},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.3979477882385254},{"id":"https://openalex.org/keywords/algorithm","display_name":"Algorithm","score":0.3897433876991272}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7924505472183228},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.7490801811218262},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.7020552754402161},{"id":"https://openalex.org/C12267149","wikidata":"https://www.wikidata.org/wiki/Q282453","display_name":"Support vector machine","level":2,"score":0.6124710440635681},{"id":"https://openalex.org/C169258074","wikidata":"https://www.wikidata.org/wiki/Q245748","display_name":"Random forest","level":2,"score":0.5674940347671509},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.5618994832038879},{"id":"https://openalex.org/C84525736","wikidata":"https://www.wikidata.org/wiki/Q831366","display_name":"Decision tree","level":2,"score":0.5552248954772949},{"id":"https://openalex.org/C86251818","wikidata":"https://www.wikidata.org/wiki/Q816754","display_name":"Benchmarking","level":2,"score":0.5328816771507263},{"id":"https://openalex.org/C50644808","wikidata":"https://www.wikidata.org/wiki/Q192776","display_name":"Artificial neural network","level":2,"score":0.522788941860199},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.5132629871368408},{"id":"https://openalex.org/C52001869","wikidata":"https://www.wikidata.org/wiki/Q812530","display_name":"Naive Bayes classifier","level":3,"score":0.49510374665260315},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.3979477882385254},{"id":"https://openalex.org/C11413529","wikidata":"https://www.wikidata.org/wiki/Q8366","display_name":"Algorithm","level":1,"score":0.3897433876991272},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.0},{"id":"https://openalex.org/C162853370","wikidata":"https://www.wikidata.org/wiki/Q39809","display_name":"Marketing","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/access.2021.3056614","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2021.3056614","pdf_url":"https://ieeexplore.ieee.org/ielx7/6287639/9312710/09345704.pdf","source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},{"id":"pmh:oai:doaj.org/article:6c9a5d2c900348c9bfc55c5632a3a67e","is_oa":true,"landing_page_url":"https://doaj.org/article/6c9a5d2c900348c9bfc55c5632a3a67e","pdf_url":null,"source":{"id":"https://openalex.org/S112646816","display_name":"SHILAP Revista de lepidopterolog\u00eda","issn_l":"0300-5267","issn":["0300-5267","2340-4078"],"is_oa":true,"is_in_doaj":true,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by-sa","license_id":"https://openalex.org/licenses/cc-by-sa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"IEEE Access, Vol 9, Pp 22351-22370 (2021)","raw_type":"article"}],"best_oa_location":{"id":"doi:10.1109/access.2021.3056614","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2021.3056614","pdf_url":"https://ieeexplore.ieee.org/ielx7/6287639/9312710/09345704.pdf","source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"sustainable_development_goals":[{"display_name":"Good health and well-being","id":"https://metadata.un.org/sdg/3","score":0.6299999952316284}],"awards":[],"funders":[{"id":"https://openalex.org/F4320310112","display_name":"Universiti Tun Hussein Onn Malaysia","ror":"https://ror.org/01c5wha71"},{"id":"https://openalex.org/F4320322873","display_name":"Universiti Teknikal Malaysia Melaka","ror":"https://ror.org/01xb6rs26"},{"id":"https://openalex.org/F4320337051","display_name":"Faculty of Information and Communication Technology, Mahidol University","ror":null}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W3126814579.pdf","grobid_xml":"https://content.openalex.org/works/W3126814579.grobid-xml"},"referenced_works_count":95,"referenced_works":["https://openalex.org/W1679074130","https://openalex.org/W1861185757","https://openalex.org/W1924689489","https://openalex.org/W1985690171","https://openalex.org/W1988918299","https://openalex.org/W1995678176","https://openalex.org/W2028070713","https://openalex.org/W2046079134","https://openalex.org/W2099940443","https://openalex.org/W2122111042","https://openalex.org/W2153611261","https://openalex.org/W2155926039","https://openalex.org/W2226171561","https://openalex.org/W2250670532","https://openalex.org/W2313731608","https://openalex.org/W2328120369","https://openalex.org/W2334852362","https://openalex.org/W2336023257","https://openalex.org/W2346481270","https://openalex.org/W2346714907","https://openalex.org/W2399941526","https://openalex.org/W2409437973","https://openalex.org/W2460037574","https://openalex.org/W2490000250","https://openalex.org/W2494923188","https://openalex.org/W2512144135","https://openalex.org/W2515842558","https://openalex.org/W2524532866","https://openalex.org/W2526290843","https://openalex.org/W2555759334","https://openalex.org/W2565788054","https://openalex.org/W2586126971","https://openalex.org/W2594748684","https://openalex.org/W2605995648","https://openalex.org/W2625602624","https://openalex.org/W2626309987","https://openalex.org/W2626468835","https://openalex.org/W2729006349","https://openalex.org/W2730943916","https://openalex.org/W2732560875","https://openalex.org/W2740755977","https://openalex.org/W2743483681","https://openalex.org/W2759043405","https://openalex.org/W2760553397","https://openalex.org/W2762776925","https://openalex.org/W2777579789","https://openalex.org/W2783796368","https://openalex.org/W2786885650","https://openalex.org/W2787944753","https://openalex.org/W2789654058","https://openalex.org/W2793174642","https://openalex.org/W2793538912","https://openalex.org/W2794951181","https://openalex.org/W2807319534","https://openalex.org/W2807707859","https://openalex.org/W2884875744","https://openalex.org/W2923817828","https://openalex.org/W2926251634","https://openalex.org/W2937711216","https://openalex.org/W2944210580","https://openalex.org/W2952078967","https://openalex.org/W2953448948","https://openalex.org/W2959003478","https://openalex.org/W2962621836","https://openalex.org/W2964937598","https://openalex.org/W2973187060","https://openalex.org/W2973883034","https://openalex.org/W2982676361","https://openalex.org/W2982853004","https://openalex.org/W2987485128","https://openalex.org/W2989230867","https://openalex.org/W2989882788","https://openalex.org/W2990206796","https://openalex.org/W2994950844","https://openalex.org/W2994963040","https://openalex.org/W3003089566","https://openalex.org/W3004993122","https://openalex.org/W3032021129","https://openalex.org/W3043486047","https://openalex.org/W3043530913","https://openalex.org/W3092815249","https://openalex.org/W3123463689","https://openalex.org/W3147663529","https://openalex.org/W4233164402","https://openalex.org/W4238294603","https://openalex.org/W4285719527","https://openalex.org/W6638937254","https://openalex.org/W6640261747","https://openalex.org/W6714243528","https://openalex.org/W6736409263","https://openalex.org/W6770055351","https://openalex.org/W6770129978","https://openalex.org/W6773009785","https://openalex.org/W6778721199","https://openalex.org/W7018722687"],"related_works":["https://openalex.org/W4389954502","https://openalex.org/W2771255398","https://openalex.org/W2930428186","https://openalex.org/W3200027047","https://openalex.org/W4385770464","https://openalex.org/W2122022187","https://openalex.org/W2115529843","https://openalex.org/W4224262160","https://openalex.org/W3120363735","https://openalex.org/W2394323384"],"abstract_inverted_index":{"An":[0],"intrusion":[1],"detection":[2],"system":[3],"(IDS)":[4],"is":[5,243],"an":[6,192,244],"important":[7,245],"protection":[8],"instrument":[9],"for":[10,27,115,228],"detecting":[11,287],"complex":[12],"network":[13,133,154,267],"attacks.":[14,268],"Various":[15],"machine":[16,149],"learning":[17,21],"(ML)":[18],"or":[19,60],"deep":[20],"(DL)":[22],"algorithms":[23,114,128,161,176],"have":[24],"been":[25],"proposed":[26],"implementing":[28],"anomaly-based":[29],"IDS":[30],"(AIDS).":[31],"Our":[32],"review":[33],"of":[34,47,57,65,80,87,121,174,185,204,219],"the":[35,45,48,55,66,96,130,158,163,180,202,208,271,278],"AIDS":[36,75,98,205],"literature":[37],"identifies":[38],"some":[39],"issues":[40],"in":[41,234,247,286],"related":[42],"work,":[43],"including":[44],"randomness":[46],"selected":[49],"algorithms,":[50,99,156],"parameters,":[51,100],"and":[52,63,85,101,111,118,123,151,167,179,182,211,217,225,258,274,281,297],"testing":[53,102,226],"criteria,":[54],"application":[56],"old":[58],"datasets,":[59],"shallow":[61],"analyses":[62],"validation":[64],"results.":[67,299],"This":[68],"paper":[69,106],"comprehensively":[70],"reviews":[71],"previous":[72,197],"studies":[73],"on":[74],"by":[76,206,254],"using":[77,255],"a":[78,256,283],"set":[79,90],"criteria":[81],"with":[82,291],"different":[83],"datasets":[84],"types":[86],"attacks":[88,289],"to":[89,190],"benchmarking":[91],"outcomes":[92],"that":[93,240,264,294],"can":[94],"reveal":[95],"suitable":[97],"criteria.":[103],"Specifically,":[104],"this":[105,199],"applies":[107],"10":[108],"popular":[109],"supervised":[110,126],"unsupervised":[112,159],"ML":[113,127,160],"identifying":[116],"effective":[117],"efficient":[119],"ML-AIDS":[120,221,229,250],"networks":[122],"computers.":[124],"These":[125],"include":[129,162],"artificial":[131],"neural":[132,153],"(ANN),":[134],"decision":[135],"tree":[136],"(DT),":[137],"k-nearest":[138],"neighbor":[139],"(k-NN),":[140],"naive":[141],"Bayes":[142],"(NB),":[143],"random":[144],"forest":[145],"(RF),":[146],"support":[147],"vector":[148],"(SVM),":[150],"convolutional":[152],"(CNN)":[155],"whereas":[157],"expectation-maximization":[164],"(EM),":[165],"k-means,":[166],"self-organizing":[168],"maps":[169],"(SOM)":[170],"algorithms.":[171],"Several":[172],"models":[173,230,251,276,293],"these":[175],"are":[177,188,231,252],"introduced,":[178],"turning":[181],"training":[183,224],"parameters":[184],"each":[186],"algorithm":[187],"examined":[189],"achieve":[191],"optimal":[193],"classifier":[194],"evaluation.":[195],"Unlike":[196],"studies,":[198],"study":[200],"evaluates":[201],"performance":[203,237],"measuring":[207,235],"true":[209],"positive":[210],"negative":[212],"rates,":[213],"accuracy,":[214],"precision,":[215],"recall,":[216],"F-Score":[218],"31":[220],"models.":[222],"The":[223,249],"time":[227,241],"also":[232],"considered":[233],"their":[236],"efficiency":[238],"given":[239],"complexity":[242],"factor":[246],"AIDSs.":[248],"tested":[253],"recent":[257],"highly":[259],"unbalanced":[260],"multiclass":[261],"CICIDS2017":[262],"dataset":[263],"involves":[265],"real-world":[266],"In":[269],"general,":[270],"k-NN-AIDS,":[272],"DT-AIDS,":[273],"NB-AIDS":[275],"obtain":[277],"best":[279],"results":[280],"show":[282],"greater":[284],"capability":[285],"web":[288],"compared":[290],"other":[292],"demonstrate":[295],"irregular":[296],"inferior":[298]},"counts_by_year":[{"year":2026,"cited_by_count":16},{"year":2025,"cited_by_count":103},{"year":2024,"cited_by_count":114},{"year":2023,"cited_by_count":104},{"year":2022,"cited_by_count":46},{"year":2021,"cited_by_count":32}],"updated_date":"2026-05-02T08:42:23.175194","created_date":"2025-10-10T00:00:00"}