{"id":"https://openalex.org/W3212175245","doi":"https://doi.org/10.1145/3444757.3485098","title":"A hierarchical network intrusion detection model based on unsupervised clustering","display_name":"A hierarchical network intrusion detection model based on unsupervised clustering","publication_year":2021,"publication_date":"2021-11-01","ids":{"openalex":"https://openalex.org/W3212175245","doi":"https://doi.org/10.1145/3444757.3485098","mag":"3212175245"},"language":"en","primary_location":{"id":"doi:10.1145/3444757.3485098","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3444757.3485098","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 13th International Conference on Management of Digital EcoSystems","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5103138596","display_name":"Yujie Zhu","orcid":"https://orcid.org/0000-0002-9094-4173"},"institutions":[{"id":"https://openalex.org/I96733725","display_name":"Shanghai Maritime University","ror":"https://ror.org/04z7qrj66","country_code":"CN","type":"education","lineage":["https://openalex.org/I96733725"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Yujie Zhu","raw_affiliation_strings":["Shanghai Maritime University, Shanghai, China"],"affiliations":[{"raw_affiliation_string":"Shanghai Maritime University, Shanghai, China","institution_ids":["https://openalex.org/I96733725"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101744803","display_name":"Dezhi Han","orcid":"https://orcid.org/0000-0001-8861-5461"},"institutions":[{"id":"https://openalex.org/I96733725","display_name":"Shanghai Maritime University","ror":"https://ror.org/04z7qrj66","country_code":"CN","type":"education","lineage":["https://openalex.org/I96733725"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Dezhi Han","raw_affiliation_strings":["Shanghai Maritime University, Shanghai, China"],"affiliations":[{"raw_affiliation_string":"Shanghai Maritime University, Shanghai, China","institution_ids":["https://openalex.org/I96733725"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5066758842","display_name":"Xinming Yin","orcid":"https://orcid.org/0000-0002-2078-3335"},"institutions":[{"id":"https://openalex.org/I1302611135","display_name":"Ministry of Public Security of the People's Republic of China","ror":"https://ror.org/00bt9we26","country_code":"CN","type":"government","lineage":["https://openalex.org/I1302611135"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Xinming Yin","raw_affiliation_strings":["The Third Research Institute of Ministry of Public Security Shanghai, China"],"affiliations":[{"raw_affiliation_string":"The Third Research Institute of Ministry of Public Security Shanghai, China","institution_ids":["https://openalex.org/I1302611135"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5103138596"],"corresponding_institution_ids":["https://openalex.org/I96733725"],"apc_list":null,"apc_paid":null,"fwci":0.7641,"has_fulltext":false,"cited_by_count":5,"citation_normalized_percentile":{"value":0.74034185,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":96},"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7967098355293274},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.778854489326477},{"id":"https://openalex.org/keywords/cluster-analysis","display_name":"Cluster analysis","score":0.7123713493347168},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.6859282851219177},{"id":"https://openalex.org/keywords/network-packet","display_name":"Network packet","score":0.5766171813011169},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.5552065372467041},{"id":"https://openalex.org/keywords/unsupervised-learning","display_name":"Unsupervised learning","score":0.514234721660614},{"id":"https://openalex.org/keywords/network-security","display_name":"Network security","score":0.5049753785133362},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.49478358030319214},{"id":"https://openalex.org/keywords/anomaly-based-intrusion-detection-system","display_name":"Anomaly-based intrusion detection system","score":0.46840330958366394},{"id":"https://openalex.org/keywords/traffic-generation-model","display_name":"Traffic generation model","score":0.45679593086242676},{"id":"https://openalex.org/keywords/mixture-model","display_name":"Mixture model","score":0.43416279554367065},{"id":"https://openalex.org/keywords/pattern-recognition","display_name":"Pattern recognition (psychology)","score":0.37053585052490234},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.20498302578926086}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7967098355293274},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.778854489326477},{"id":"https://openalex.org/C73555534","wikidata":"https://www.wikidata.org/wiki/Q622825","display_name":"Cluster analysis","level":2,"score":0.7123713493347168},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.6859282851219177},{"id":"https://openalex.org/C158379750","wikidata":"https://www.wikidata.org/wiki/Q214111","display_name":"Network packet","level":2,"score":0.5766171813011169},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.5552065372467041},{"id":"https://openalex.org/C8038995","wikidata":"https://www.wikidata.org/wiki/Q1152135","display_name":"Unsupervised learning","level":2,"score":0.514234721660614},{"id":"https://openalex.org/C182590292","wikidata":"https://www.wikidata.org/wiki/Q989632","display_name":"Network security","level":2,"score":0.5049753785133362},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.49478358030319214},{"id":"https://openalex.org/C137524506","wikidata":"https://www.wikidata.org/wiki/Q2247688","display_name":"Anomaly-based intrusion detection system","level":3,"score":0.46840330958366394},{"id":"https://openalex.org/C176715033","wikidata":"https://www.wikidata.org/wiki/Q2080768","display_name":"Traffic generation model","level":2,"score":0.45679593086242676},{"id":"https://openalex.org/C61224824","wikidata":"https://www.wikidata.org/wiki/Q2260434","display_name":"Mixture model","level":2,"score":0.43416279554367065},{"id":"https://openalex.org/C153180895","wikidata":"https://www.wikidata.org/wiki/Q7148389","display_name":"Pattern recognition (psychology)","level":2,"score":0.37053585052490234},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.20498302578926086}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3444757.3485098","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3444757.3485098","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 13th International Conference on Management of Digital EcoSystems","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Life in Land","score":0.6800000071525574,"id":"https://metadata.un.org/sdg/15"}],"awards":[{"id":"https://openalex.org/G6864120074","display_name":null,"funder_award_id":"61873160,61672338","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":9,"referenced_works":["https://openalex.org/W1978779053","https://openalex.org/W2015887370","https://openalex.org/W2113462162","https://openalex.org/W2732560875","https://openalex.org/W2921871306","https://openalex.org/W2964937598","https://openalex.org/W2965481252","https://openalex.org/W3012553816","https://openalex.org/W3027374119"],"related_works":["https://openalex.org/W2742053845","https://openalex.org/W2363068348","https://openalex.org/W2183239701","https://openalex.org/W2901647851","https://openalex.org/W2368329025","https://openalex.org/W2061466315","https://openalex.org/W2355532322","https://openalex.org/W149420723","https://openalex.org/W3157271777","https://openalex.org/W2345595457"],"abstract_inverted_index":{"In":[0],"the":[1,7,14,26,32,38,86,108,127,132,140,148,160,165,177],"complex":[2],"Internet":[3],"of":[4,9,34,135,147,150,180],"Things(IoT)":[5],"environment,":[6],"security":[8],"digital":[10],"ecosystems":[11],"connected":[12],"to":[13],"Web":[15],"is":[16,65,112],"guaranteed":[17],"by":[18,67,139],"network":[19,35,45,56,78,93],"Intrusion":[20],"Detection":[21],"Systems":[22],"(IDS).":[23],"So":[24],"far,":[25],"existing":[27,185],"unsupervised":[28,62,186],"learning":[29],"methods":[30],"extract":[31],"features":[33,81],"traffic":[36,120,137,153,174,182],"at":[37],"overall":[39],"level,":[40],"which":[41,64,90,116],"cannot":[42],"guarantee":[43,91],"real-time":[44,92],"intrusion":[46,57,94],"detection.":[47,95],"To":[48],"fill":[49],"this":[50],"gap,":[51],"we":[52],"propose":[53],"a":[54,100],"hierarchical":[55,102],"detection":[58,110,142],"model":[59,98,167],"based":[60,84,113],"on":[61,85,114,159],"clustering,":[63],"realized":[66],"combining":[68],"Deep":[69],"Auto-Encoder(DAE)":[70],"and":[71,144,175],"Gaussian":[72],"Mixture":[73],"Model":[74],"(GMM).":[75],"For":[76],"new":[77],"traffic,":[79],"essential":[80],"are":[82],"extracted":[83],"first":[87,105],"few":[88],"packets,":[89],"The":[96,104,123,156],"proposed":[97,166],"adopts":[99],"two-layer":[101],"structure.":[103],"layer":[106,125],"namely":[107,126],"anomaly":[109,141],"sub-model":[111,130],"DAGMM,":[115],"can":[117],"detect":[118],"abnormal":[119,136,152,173,181],"in":[121,154,171],"real-time.":[122],"second":[124],"attack":[128,133,178],"recognition":[129],"identifies":[131],"categories":[134,179],"detected":[138],"sub-model,":[143],"getting":[145],"rid":[146],"difficulty":[149],"reconstructing":[151],"DAE.":[155],"experimental":[157],"results":[158],"CICIDS2017":[161],"dataset":[162],"show":[163],"that":[164],"has":[168],"better":[169],"performance":[170],"detecting":[172],"identifying":[176],"than":[183],"other":[184],"methods.":[187]},"counts_by_year":[{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":2},{"year":2022,"cited_by_count":2}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}