From 79f59a8ec1f59937d0e5d8c56b7bda8e877cfeb0 Mon Sep 17 00:00:00 2001 From: Daniel Ferreira Date: Tue, 16 Oct 2018 12:43:01 +0200 Subject: [PATCH 1/4] 2005/moore_internet uses filter feature selection --- v2_papers/2005/moore_internet.json | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/v2_papers/2005/moore_internet.json b/v2_papers/2005/moore_internet.json index 6ad7e93..a63178d 100644 --- a/v2_papers/2005/moore_internet.json +++ b/v2_papers/2005/moore_internet.json @@ -21,8 +21,8 @@ }, "access_open": false, "curated_by": "maloku, b.", - "curated_last_revision": "06-06-2018", - "curated_revision_number": 3 + "curated_last_revision": "16-10-2018", + "curated_revision_number": 4 }, "data": { "datasets": [ @@ -96,8 +96,7 @@ "feature_selections": [ { "name": "Fast Correlation-Based Filter (FCBF)", - "type": "wrapper", - "classifier": "Naive Bayes", + "type": "filter", "role": "main" } ], @@ -438,4 +437,4 @@ ], "reproducibility": "repeatable" } -} \ No newline at end of file +} From 01879966f4e56786543d81a04c00d3de09f41e32 Mon Sep 17 00:00:00 2001 From: Daniel Ferreira Date: Mon, 12 Nov 2018 12:28:25 +0100 Subject: [PATCH 2/4] manually upgraded paper to 3.0.0 --- v2_papers/2009/kind_histogram-based.json | 46 +++++++++++++----------- 1 file changed, 25 insertions(+), 21 deletions(-) diff --git a/v2_papers/2009/kind_histogram-based.json b/v2_papers/2009/kind_histogram-based.json index 19418d2..5e85b67 100644 --- a/v2_papers/2009/kind_histogram-based.json +++ b/v2_papers/2009/kind_histogram-based.json @@ -1,5 +1,5 @@ { - "version": "v2.3.0", + "version": "v3.0.0", "reference": { "title": "histogram-based traffic anomaly detection", "authors": [ @@ -22,8 +22,8 @@ }, "access_open": false, "curated_by": "fiv", - "curated_last_revision": "06-06-2018", - "curated_revision_number": 3 + "curated_last_revision": "12-11-2018", + "curated_revision_number": 4 }, "data": { "datasets": [ @@ -124,7 +124,8 @@ "tools": "missing", "algorithms": [ { - "name": "Hierarchical Agglomerative Clustering", + "family": "hierarchical_clustering", + "detail": "Hierarchical Agglomerative Clustering", "learning": "unsupervised", "role": "main", "type": "clustering", @@ -132,7 +133,8 @@ "parameters_provided": false }, { - "name": "Hierarchical Agglomerative Clustering", + "family": "hierarchical_clustering", + "detail": "Hierarchical Agglomerative Clustering", "learning": "unsupervised", "role": "main", "type": "clustering", @@ -140,7 +142,8 @@ "parameters_provided": false }, { - "name": "Hierarchical Agglomerative Clustering", + "family": "hierarchical_clustering", + "detail": "Hierarchical Agglomerative Clustering", "learning": "unsupervised", "role": "main", "type": "clustering", @@ -148,7 +151,8 @@ "parameters_provided": false }, { - "name": "Hierarchical Agglomerative Clustering", + "family": "hierarchical_clustering", + "detail": "Hierarchical Agglomerative Clustering", "learning": "unsupervised", "role": "main", "type": "clustering", @@ -156,38 +160,38 @@ "parameters_provided": false }, { - "name": "number_of_clusters_optimization", - "subname": "Calinski-Harabasz_index", + "family": "cluster_validation", + "detail": "Calinski-Harabasz index", "learning": "statistics/model_fit", "role": "main", - "type": "statistics", + "type": "validation_optimization", "metric/decision_criteria": "error/fitting_function", "parameters_provided": false }, { - "name": "negligible_cluster_removal", - "subname": "0.05p", + "family": "statistics", + "detail": "cluster removal 0.05p", "learning": "statistics/model_fit", "role": "main", - "type": "statistics", + "type": "outlier_detection", "metric/decision_criteria": "error/fitting_function", "parameters_provided": true }, { - "name": "anomaly_detection", - "subname": "threshold_eq_3std.dev", + "family": "statistics", + "detail": "3std dev.dev", "learning": "statistics/model_fit", "role": "main", - "type": "anomaly_detection", + "type": "outlier_detection", "metric/decision_criteria": "__normalized_euclidean", "parameters_provided": true }, { - "name": "anomaly_detection", - "subname": "entropy_based", + "family": "entropy_based", + "detail": "anomaly detection", "learning": "statistics/model_fit", "role": "competitor", - "type": "anomaly_detection", + "type": "outlier_detection", "metric/decision_criteria": "probabilistic", "parameters_provided": false } @@ -216,7 +220,7 @@ ] }, "result": { - "main_goal": "anomaly_detection", + "main_goal": "detect_anomalies", "subgoals": [ "anomaly_detection" ], @@ -228,4 +232,4 @@ ], "reproducibility": "no" } -} \ No newline at end of file +} From 009b79f40556dfa77dc92fe1918953df6475548f Mon Sep 17 00:00:00 2001 From: Daniel Ferreira Date: Mon, 12 Nov 2018 12:36:53 +0100 Subject: [PATCH 3/4] automatic upgrade from v2.3.0 to v3.0.0 (according to #34) --- v2_papers/2003/mahoney_learning.json | 14 ++--- v2_papers/2004/wang_anomalous.json | 16 +++--- v2_papers/2005/lakhina_mining.json | 22 ++++---- v2_papers/2005/moore_internet.json | 30 +++++------ v2_papers/2006/williams_apreliminary.json | 29 +++++----- v2_papers/2006/wright_oninferring.json | 26 +++++---- v2_papers/2007/auld_bayesian.json | 15 +++--- v2_papers/2007/liu_network.json | 15 +++--- v2_papers/2008/dainotti_classification.json | 14 ++--- v2_papers/2008/gu_botminer.json | 26 ++++----- v2_papers/2008/nychis_anempirical.json | 19 +++---- v2_papers/2008/yang_ap2pnetwork.json | 14 ++--- v2_papers/2008/zhao_realtime.json | 26 +++++---- v2_papers/2009/alshammari_machine.json | 26 +++++---- v2_papers/2009/este_support.json | 16 +++--- v2_papers/2009/zhani_analysis.json | 26 ++++----- v2_papers/2010/dewaele_unsupervised.json | 13 ++--- v2_papers/2010/shrivastav_network.json | 12 ++--- v2_papers/2010/zeidanloo_botnet.json | 11 ++-- v2_papers/2011/amiri_mutual.json | 12 ++--- v2_papers/2012/agarwal_hybrid.json | 16 +++--- v2_papers/2012/bujlow_amethod.json | 8 +-- v2_papers/2012/jin_modular.json | 30 +++++------ v2_papers/2012/yin_network.json | 20 ++++--- v2_papers/2012/zargari_feature.json | 11 ++-- v2_papers/2012/zhang_feature.json | 16 +++--- v2_papers/2013/comar_combining.json | 35 ++++++------ v2_papers/2013/fiore_network.json | 14 ++--- v2_papers/2013/huang_network.json | 14 ++--- v2_papers/2013/zhang_aneffective.json | 13 ++--- v2_papers/2013/zhang_aneffectivenetwork.json | 35 ++++++------ v2_papers/2013/zhang_network.json | 23 ++++---- v2_papers/2014/jun_ddos.json | 13 ++--- v2_papers/2014/ma_ddos.json | 14 ++--- v2_papers/2014/singh_big.json | 11 ++-- v2_papers/2015/qin_ddos.json | 11 ++-- v2_papers/2015/singha_intrusion.json | 14 ++--- v2_papers/2015/vandertoorn_afirst.json | 13 ++--- v2_papers/2015/zhang_robust.json | 33 ++++++------ v2_papers/2016/ambusaidi_building.json | 13 ++--- .../2016/anderson_identifying-encrypted.json | 21 ++++---- v2_papers/2016/gharaee_anew.json | 16 +++--- v2_papers/2016/iglesias_time-activity.json | 18 +++---- v2_papers/2016/javaid_adeep.json | 19 +++---- v2_papers/2016/mishra_nvcloudids.json | 20 +++---- v2_papers/2017/al_experimental.json | 12 ++--- v2_papers/2017/anderson_machine-learning.json | 53 ++++++++++--------- v2_papers/2017/ashfaq_fuzziness.json | 14 ++--- v2_papers/2017/bamakan_ramp.json | 24 ++++----- .../2017/iglesias_pattern-discovery.json | 24 +++++---- v2_papers/2017/taylor_robust.json | 19 ++++--- 51 files changed, 515 insertions(+), 464 deletions(-) diff --git a/v2_papers/2003/mahoney_learning.json b/v2_papers/2003/mahoney_learning.json index bd4ee8e..62bbfe1 100644 --- a/v2_papers/2003/mahoney_learning.json +++ b/v2_papers/2003/mahoney_learning.json @@ -1,5 +1,5 @@ { - "version": "v2.3.0", + "version": "v3.0.0", "reference": { "title": "Learning rules for anomaly detection of hostile network traffic", "authors": [ @@ -20,8 +20,8 @@ }, "access_open": false, "curated_by": "vormayr, g.", - "curated_last_revision": "06-06-2018", - "curated_revision_number": 3 + "curated_last_revision": "12-11-2018", + "curated_revision_number": 4 }, "data": { "datasets": [ @@ -359,11 +359,11 @@ "tools": "missing", "algorithms": [ { - "name": "LERAD", - "subname": "Learning Rules for Anomaly Detection", + "family": "rule_extraction", + "detail": "LERAD", "learning": "unsupervised", "role": "main", - "type": "heuristics", + "type": "classification", "metric/decision_criteria": "probabilistic", "source": "own_proposed", "parameters_provided": false @@ -392,7 +392,7 @@ ] }, "result": { - "main_goal": "anomaly_detection", + "main_goal": "detect_attacks", "subgoals": [ "anomaly_detection" ], diff --git a/v2_papers/2004/wang_anomalous.json b/v2_papers/2004/wang_anomalous.json index 25d22a1..0f58a35 100644 --- a/v2_papers/2004/wang_anomalous.json +++ b/v2_papers/2004/wang_anomalous.json @@ -1,5 +1,5 @@ { - "version": "v2.3.0", + "version": "v3.0.0", "reference": { "title": "Anomalous Payload-based Network Intrusion Detection", "authors": [ @@ -18,8 +18,8 @@ }, "access_open": false, "curated_by": "bachl, m.", - "curated_last_revision": "06-06-2018", - "curated_revision_number": 3 + "curated_last_revision": "12-11-2018", + "curated_revision_number": 4 }, "data": { "datasets": [ @@ -189,14 +189,14 @@ "tools": "missing", "algorithms": [ { - "name": "PAYL", + "family": "signature", + "detail": "payload-based anomaly detection", "learning": "unsupervised", "role": "main", - "type": "anomaly_detection", + "type": "specific_detection", "metric/decision_criteria": "mahalanobis", "source": "own_proposed", - "parameters_provided": false, - "subname": "payload-based anomaly detection" + "parameters_provided": false } ] }, @@ -247,7 +247,7 @@ ] }, "result": { - "main_goal": "anomaly_detection", + "main_goal": "detect_attacks", "subgoals": [ "attack_classification" ], diff --git a/v2_papers/2005/lakhina_mining.json b/v2_papers/2005/lakhina_mining.json index 9073339..e81bdf2 100644 --- a/v2_papers/2005/lakhina_mining.json +++ b/v2_papers/2005/lakhina_mining.json @@ -1,5 +1,5 @@ { - "version": "v2.3.0", + "version": "v3.0.0", "reference": { "title": "Mining Anomalies Using Traffic Feature Distributions", "authors": [ @@ -22,8 +22,8 @@ }, "access_open": false, "curated_by": "maloku, b.", - "curated_last_revision": "06-06-2018", - "curated_revision_number": 3 + "curated_last_revision": "12-11-2018", + "curated_revision_number": 4 }, "data": { "datasets": [ @@ -216,18 +216,18 @@ "tools": "missing", "algorithms": [ { - "name": "multiway subspace method", - "subname": "multiway subspace method", + "family": "_multiway_space_transformation", + "detail": "multiway subspace method", "learning": "unsupervised", "role": "main", - "type": "anomaly_detection", + "type": "space_transformation", "metric/decision_criteria": "euclidean", "source": "referenced", "parameters_provided": false }, { - "name": "Hierarchical Agglomerative Clustering", - "subname": "hierarchical agglomerative", + "family": "hierarchical_clustering", + "detail": "agglomerative", "learning": "unsupervised", "role": "main", "type": "clustering", @@ -236,8 +236,8 @@ "parameters_provided": false }, { - "name": "K-means", - "subname": "k-means", + "family": "kmeans_clustering", + "detail": "none", "learning": "unsupervised", "role": "competitor", "type": "clustering", @@ -285,7 +285,7 @@ ] }, "result": { - "main_goal": "anomaly_detection", + "main_goal": "detect_anomalies", "subgoals": [ "anomaly_detection", "attack_classification" diff --git a/v2_papers/2005/moore_internet.json b/v2_papers/2005/moore_internet.json index a63178d..4c0ba1d 100644 --- a/v2_papers/2005/moore_internet.json +++ b/v2_papers/2005/moore_internet.json @@ -1,5 +1,5 @@ { - "version": "v2.3.0", + "version": "v3.0.0", "reference": { "title": "Internet Traffic Classification Using Bayesian Analysis Techniques", "authors": [ @@ -21,8 +21,8 @@ }, "access_open": false, "curated_by": "maloku, b.", - "curated_last_revision": "16-10-2018", - "curated_revision_number": 4 + "curated_last_revision": "12-11-2018", + "curated_revision_number": 5 }, "data": { "datasets": [ @@ -319,8 +319,8 @@ "tools": "missing", "algorithms": [ { - "name": "Naive Bayes", - "subname": "Naïve Bayes", + "family": "bayesian", + "detail": "naive bayes", "learning": "supervised", "role": "competitor", "type": "classification", @@ -336,11 +336,11 @@ "parameters_provided": false }, { - "name": "Naı̈ve Bayes with kernel density estimation", - "subname": "Naı̈ve Bayes with kernel density estimation", + "family": "bayesian", + "detail": "Naive Bayes with Kernel Estimation Method", "learning": "supervised", "role": "competitor", - "type": "statistics", + "type": "classification", "metric/decision_criteria": "euclidean", "tools": [ { @@ -353,8 +353,8 @@ "parameters_provided": false }, { - "name": "Naive Bayes", - "subname": "Naïve Bayes with FCBF prefiltering", + "family": "bayesian", + "detail": "Naive Bayes with FCBF prefiltering", "learning": "supervised", "role": "competitor", "type": "classification", @@ -370,11 +370,11 @@ "parameters_provided": false }, { - "name": "Naı̈ve Bayes with kernel density estimation and FCBF prefiltering", - "subname": "Naı̈ve Bayes with kernel density estimation and FCBF prefiltering", + "family": "bayesian", + "detail": "Naive Bayes with Kernel Estimation Method and FCBF prefiltering", "learning": "supervised", "role": "main", - "type": "statistics", + "type": "classification", "metric/decision_criteria": "euclidean", "tools": [ { @@ -426,7 +426,7 @@ ] }, "result": { - "main_goal": "traffic_classification", + "main_goal": "classify_traffic", "subgoals": [ "traffic_classification" ], @@ -437,4 +437,4 @@ ], "reproducibility": "repeatable" } -} +} \ No newline at end of file diff --git a/v2_papers/2006/williams_apreliminary.json b/v2_papers/2006/williams_apreliminary.json index 0e10afa..4993803 100644 --- a/v2_papers/2006/williams_apreliminary.json +++ b/v2_papers/2006/williams_apreliminary.json @@ -1,5 +1,5 @@ { - "version": "v2.3.0", + "version": "v3.0.0", "reference": { "title": "a preliminary performance comparison of five machine learning algorithms for practical ip traffic flow classification", "authors": [ @@ -22,8 +22,8 @@ }, "access_open": false, "curated_by": "ferreira, d.", - "curated_last_revision": "06-06-2018", - "curated_revision_number": 4 + "curated_last_revision": "12-11-2018", + "curated_revision_number": 5 }, "data": { "datasets": [ @@ -606,8 +606,8 @@ ], "algorithms": [ { - "name": "Naive Bayes", - "subname": "naive bayes with discretization", + "family": "bayesian", + "detail": "naive bayes with discretization", "learning": "supervised", "role": "main", "type": "classification", @@ -623,8 +623,8 @@ "parameters_provided": false }, { - "name": "Naive Bayes", - "subname": "naive bayes with kernel density estimation", + "family": "bayesian", + "detail": "Naive Bayes with Kernel Estimation Method", "learning": "supervised", "role": "main", "type": "classification", @@ -640,8 +640,8 @@ "parameters_provided": false }, { - "name": "Decision Tree", - "subname": "c4.5 decision tree", + "family": "decision_tree", + "detail": "C4.5", "learning": "supervised", "role": "main", "type": "classification", @@ -657,10 +657,11 @@ "parameters_provided": false }, { - "name": "Bayesian Network", + "family": "bayesian", + "detail": "bayesian network", "learning": "supervised", "role": "main", - "type": "classification", + "type": "modeling", "metric/decision_criteria": "probabilistic", "tools": [ { @@ -673,8 +674,8 @@ "parameters_provided": false }, { - "name": "Decision Tree", - "subname": "naive bayes decision tree", + "family": "decision_tree", + "detail": "naive bayes decision tree", "learning": "supervised", "role": "main", "type": "classification", @@ -721,7 +722,7 @@ ] }, "result": { - "main_goal": "traffic_classification", + "main_goal": "classify_traffic", "subgoals": [ "traffic_classification" ], diff --git a/v2_papers/2006/wright_oninferring.json b/v2_papers/2006/wright_oninferring.json index a63764f..8e7a568 100644 --- a/v2_papers/2006/wright_oninferring.json +++ b/v2_papers/2006/wright_oninferring.json @@ -1,5 +1,5 @@ { - "version": "v2.3.0", + "version": "v3.0.0", "reference": { "title": "on inferring application protocol behaviors in encrypted network traffic", "authors": [ @@ -19,8 +19,8 @@ }, "access_open": true, "curated_by": "vormayr, g.", - "curated_last_revision": "06-06-2018", - "curated_revision_number": 7 + "curated_last_revision": "12-11-2018", + "curated_revision_number": 8 }, "data": { "datasets": [ @@ -128,34 +128,38 @@ "tools": "missing", "algorithms": [ { - "name": "Hidden Markov Model (HMM)", + "family": "markov_process", + "detail": "Hidden Markov Model (HMM)", "learning": "supervised", "role": "main", - "type": "classification", + "type": "modeling", "metric/decision_criteria": "probabilistic", "source": "referenced", "parameters_provided": false }, { - "name": "viterbi", + "family": "markov_process", + "detail": "viterbi", "learning": "supervised", "role": "main", - "type": "classification", + "type": "modeling", "metric/decision_criteria": "probabilistic", "source": "referenced", "parameters_provided": false }, { - "name": "K-nearest Neighbors (KNN)", + "family": "knn", + "detail": "none", "learning": "semisupervised", "role": "main", - "type": "clustering", + "type": "classification", "metric/decision_criteria": "mutual_information", "source": "referenced", "parameters_provided": false }, { - "name": "vector quantization", + "family": "_vector_quantization", + "detail": "vector quantization", "learning": "semisupervised", "role": "main", "type": "clustering", @@ -189,7 +193,7 @@ ] }, "result": { - "main_goal": "traffic_classification", + "main_goal": "classify_traffic", "subgoals": [ "application_classification", "classification_of_encrypted_traffic", diff --git a/v2_papers/2007/auld_bayesian.json b/v2_papers/2007/auld_bayesian.json index e995382..d790700 100644 --- a/v2_papers/2007/auld_bayesian.json +++ b/v2_papers/2007/auld_bayesian.json @@ -1,5 +1,5 @@ { - "version": "v2.3.0", + "version": "v3.0.0", "reference": { "title": "Bayesian Neural Networks for Internet Traffic Classification", "authors": [ @@ -24,8 +24,8 @@ }, "access_open": false, "curated_by": "vormayr, g.", - "curated_last_revision": "06-06-2018", - "curated_revision_number": 3 + "curated_last_revision": "12-11-2018", + "curated_revision_number": 4 }, "data": { "datasets": [ @@ -375,7 +375,8 @@ "tools": "missing", "algorithms": [ { - "name": "Naive Bayes", + "family": "bayesian", + "detail": "none", "learning": "supervised", "role": "competitor", "type": "classification", @@ -384,8 +385,8 @@ "parameters_provided": false }, { - "name": "Neural Network", - "subname": "bayesian", + "family": "neural_networks", + "detail": "bayesian neural network", "learning": "supervised", "role": "main", "type": "classification", @@ -425,7 +426,7 @@ ] }, "result": { - "main_goal": "traffic_classification", + "main_goal": "classify_traffic", "subgoals": [ "traffic_classification" ], diff --git a/v2_papers/2007/liu_network.json b/v2_papers/2007/liu_network.json index c6af21b..d30bf5c 100644 --- a/v2_papers/2007/liu_network.json +++ b/v2_papers/2007/liu_network.json @@ -1,5 +1,5 @@ { - "version": "v2.3.0", + "version": "v3.0.0", "reference": { "title": "Network Traffic Classification Using K-means Clustering", "authors": [ @@ -22,8 +22,8 @@ }, "access_open": false, "curated_by": "bachl, m.", - "curated_last_revision": "06-06-2018", - "curated_revision_number": 4 + "curated_last_revision": "12-11-2018", + "curated_revision_number": 5 }, "data": { "datasets": [ @@ -264,7 +264,8 @@ ], "algorithms": [ { - "name": "K-means", + "family": "kmeans_clustering", + "detail": "none", "learning": "unsupervised", "role": "main", "type": "clustering", @@ -273,8 +274,8 @@ "parameters_provided": true }, { - "name": "Decision Tree", - "subname": "C4.5 Decision Tree", + "family": "decision_tree", + "detail": "C4.5", "learning": "supervised", "role": "main", "type": "classification", @@ -314,7 +315,7 @@ ] }, "result": { - "main_goal": "traffic_classification", + "main_goal": "classify_traffic", "subgoals": [ "traffic_classification" ], diff --git a/v2_papers/2008/dainotti_classification.json b/v2_papers/2008/dainotti_classification.json index 0e6a8e1..8464c38 100644 --- a/v2_papers/2008/dainotti_classification.json +++ b/v2_papers/2008/dainotti_classification.json @@ -1,5 +1,5 @@ { - "version": "v2.3.0", + "version": "v3.0.0", "reference": { "title": "Classification of Network Traffic via Packet-Level Hidden Markov Models", "authors": [ @@ -22,8 +22,8 @@ }, "access_open": false, "curated_by": "ferreira, d.", - "curated_last_revision": "06-06-2018", - "curated_revision_number": 3 + "curated_last_revision": "12-11-2018", + "curated_revision_number": 4 }, "data": { "datasets": [ @@ -127,11 +127,11 @@ "tools": "missing", "algorithms": [ { - "name": "Hidden Markov Model (HMM)", - "subname": "Packet-Level Hidden Markov Model", + "family": "markov_process", + "detail": "Packet-Level Hidden Markov Model", "learning": "supervised", "role": "main", - "type": "classification", + "type": "modeling", "metric/decision_criteria": "probabilistic", "source": "own_proposed", "parameters_provided": true @@ -160,7 +160,7 @@ ] }, "result": { - "main_goal": "traffic_classification", + "main_goal": "classify_traffic", "subgoals": [ "traffic_classification", "application_classification" diff --git a/v2_papers/2008/gu_botminer.json b/v2_papers/2008/gu_botminer.json index d28984e..37a0e03 100644 --- a/v2_papers/2008/gu_botminer.json +++ b/v2_papers/2008/gu_botminer.json @@ -1,5 +1,5 @@ { - "version": "v2.3.0", + "version": "v3.0.0", "reference": { "title": "BotMiner: clustering analysis of network traffic for protocol- and structure-independent botnet detection", "authors": [ @@ -23,8 +23,8 @@ }, "access_open": true, "curated_by": "ferreira, d.", - "curated_last_revision": "06-06-2018", - "curated_revision_number": 4, + "curated_last_revision": "12-11-2018", + "curated_revision_number": 5, "1st_author": "gu, g." }, "data": { @@ -1284,8 +1284,8 @@ "tools": "missing", "algorithms": [ { - "name": "K-means", - "subname": "x-means", + "family": "kmeans_clustering", + "detail": "X-means clustering", "learning": "unsupervised", "role": "main", "type": "clustering", @@ -1293,8 +1293,8 @@ "source": "referenced" }, { - "name": "two step clustering", - "subname": "using x-means", + "family": "two_step_clustering", + "detail": "two step clustering using x-means", "learning": "unsupervised", "role": "main", "type": "clustering", @@ -1302,8 +1302,8 @@ "source": "own_proposed" }, { - "name": "a-plane clustering", - "subname": "a-plane two step clustering algorithm", + "family": "two_step_clustering", + "detail": "two step clustering using a-plane", "learning": "unsupervised", "role": "main", "type": "clustering", @@ -1318,11 +1318,11 @@ "parameters_provided": false }, { - "name": "cross-plane correlation", - "subname": "cross-plane correlation with davies-bouldin validation index for dendogram cut", + "family": "_crossplane_correlation_clustering", + "detail": "cross-plane correlation with davies-bouldin validation index for dendogram cut", "learning": "no", "role": "main", - "type": "heuristics", + "type": "clustering", "metric/decision_criteria": "vote", "source": "own_proposed", "parameters_provided": true @@ -1359,7 +1359,7 @@ ] }, "result": { - "main_goal": "botnet_detection", + "main_goal": "detect_attacks", "subgoals": [ "botnet_detection", "p2p_botnet_detection" diff --git a/v2_papers/2008/nychis_anempirical.json b/v2_papers/2008/nychis_anempirical.json index 3c0c946..dfd7a23 100644 --- a/v2_papers/2008/nychis_anempirical.json +++ b/v2_papers/2008/nychis_anempirical.json @@ -1,5 +1,5 @@ { - "version": "v2.3.0", + "version": "v3.0.0", "reference": { "title": "An empirical evaluation of entropy-based traffic anomaly detection", "authors": [ @@ -21,8 +21,8 @@ }, "access_open": false, "curated_by": "bachl, m.", - "curated_last_revision": "06-06-2018", - "curated_revision_number": 4 + "curated_last_revision": "12-11-2018", + "curated_revision_number": 5 }, "data": { "datasets": [ @@ -140,20 +140,21 @@ "tools": "missing", "algorithms": [ { - "name": "Wavelet Analysis", - "subname": "Wavelet Analysis as done by Barford et al. (2002)", + "family": "wavelet_transform", + "detail": "Wavelet Analysis as done by Barford et al. (2002)", "learning": "unsupervised", "role": "competitor", - "type": "anomaly_detection", + "type": "space_transformation", "metric/decision_criteria": "no", "source": "referenced", "parameters_provided": true }, { - "name": "Entropy-based Traffic Anomaly Detection", + "family": "entropy_based ", + "detail": "Entropy-based (time series)", "learning": "unsupervised", "role": "main", - "type": "anomaly_detection", + "type": "modeling", "metric/decision_criteria": "euclidean", "source": "own_proposed", "parameters_provided": true @@ -177,7 +178,7 @@ ] }, "result": { - "main_goal": "anomaly_detection", + "main_goal": "detect_anomalies", "subgoals": [ "ddos_detection", "attack_classification", diff --git a/v2_papers/2008/yang_ap2pnetwork.json b/v2_papers/2008/yang_ap2pnetwork.json index 6d72ace..3c5ef7f 100644 --- a/v2_papers/2008/yang_ap2pnetwork.json +++ b/v2_papers/2008/yang_ap2pnetwork.json @@ -1,5 +1,5 @@ { - "version": "v2.3.0", + "version": "v3.0.0", "reference": { "title": "A P2P Network Traffic Classification Method Using SVM", "authors": [ @@ -22,8 +22,8 @@ }, "access_open": false, "curated_by": "vormayr, g.", - "curated_last_revision": "06-06-2018", - "curated_revision_number": 3 + "curated_last_revision": "12-11-2018", + "curated_revision_number": 4 }, "data": { "datasets": [ @@ -274,13 +274,13 @@ "tools": "missing", "algorithms": [ { - "name": "Support Vector Machine (SVM)", + "family": "svm", + "detail": "SVM with polynomial kernel", "learning": "supervised", "role": "main", "type": "classification", "metric/decision_criteria": "euclidean", - "parameters_provided": false, - "subname": "polynomial kernel" + "parameters_provided": false } ] }, @@ -308,7 +308,7 @@ ] }, "result": { - "main_goal": "traffic_classification", + "main_goal": "classify_traffic", "subgoals": [ "traffic_classification" ], diff --git a/v2_papers/2008/zhao_realtime.json b/v2_papers/2008/zhao_realtime.json index 6a408f9..215f3b3 100644 --- a/v2_papers/2008/zhao_realtime.json +++ b/v2_papers/2008/zhao_realtime.json @@ -1,5 +1,5 @@ { - "version": "v2.3.0", + "version": "v3.0.0", "reference": { "title": "Real-time feature selection in traffic classification", "authors": [ @@ -22,8 +22,8 @@ }, "access_open": false, "curated_by": "bachl, m.", - "curated_last_revision": "06-06-2018", - "curated_revision_number": 4 + "curated_last_revision": "12-11-2018", + "curated_revision_number": 5 }, "data": { "datasets": [ @@ -233,8 +233,8 @@ ], "algorithms": [ { - "name": "Decision Tree", - "subname": "C4.5 Decision Tree", + "family": "decision_tree", + "detail": "C4.5", "learning": "supervised", "role": "main", "type": "classification", @@ -243,7 +243,8 @@ "parameters_provided": false }, { - "name": "Random Forest", + "family": "random_forest", + "detail": "none", "learning": "supervised", "role": "main", "type": "classification", @@ -252,7 +253,8 @@ "parameters_provided": false }, { - "name": "Naive Bayes", + "family": "bayesian", + "detail": "none", "role": "main", "type": "classification", "metric/decision_criteria": "probabilistic", @@ -260,7 +262,8 @@ "parameters_provided": false }, { - "name": "K-means", + "family": "kmeans_clustering", + "detail": "none", "learning": "unsupervised", "role": "main", "type": "clustering", @@ -269,10 +272,11 @@ "parameters_provided": false }, { - "name": "Expectation Maximization", + "family": "parameter_search", + "detail": "Expectation Maximization", "learning": "unsupervised", "role": "main", - "type": "clustering", + "type": "validation_optimization", "metric/decision_criteria": "probabilistic", "source": "referenced", "parameters_provided": false @@ -317,7 +321,7 @@ ] }, "result": { - "main_goal": "traffic_classification", + "main_goal": "classify_traffic", "subgoals": [ "traffic_classification" ], diff --git a/v2_papers/2009/alshammari_machine.json b/v2_papers/2009/alshammari_machine.json index 78366f7..2c69384 100644 --- a/v2_papers/2009/alshammari_machine.json +++ b/v2_papers/2009/alshammari_machine.json @@ -1,5 +1,5 @@ { - "version": "v2.3.0", + "version": "v3.0.0", "reference": { "title": "Machine Learning Based Encrypted Traffic Classification: Identifying SSH and Skype", "authors": [ @@ -20,8 +20,8 @@ }, "access_open": false, "curated_by": "ferreira, d.", - "curated_last_revision": "06-06-2018", - "curated_revision_number": 3 + "curated_last_revision": "12-11-2018", + "curated_revision_number": 4 }, "data": { "datasets": [ @@ -325,7 +325,8 @@ ], "algorithms": [ { - "name": "Support Vector Machine (SVM)", + "family": "svm", + "detail": "none", "learning": "supervised", "role": "competitor", "type": "classification", @@ -340,10 +341,11 @@ "parameters_provided": true }, { - "name": "RIPPER", + "family": "signature", + "detail": "RIPPER", "learning": "supervised", "role": "competitor", - "type": "classification", + "type": "specific_detection", "metric/decision_criteria": "mutual_information", "tools": [ { @@ -355,7 +357,8 @@ "parameters_provided": true }, { - "name": "AdaBoost", + "family": "ensemble", + "detail": "Adaboost", "learning": "supervised", "role": "competitor", "type": "classification", @@ -370,7 +373,8 @@ "parameters_provided": true }, { - "name": "Naive Bayes", + "family": "bayesian", + "detail": "naive bayes", "learning": "supervised", "role": "competitor", "type": "classification", @@ -385,8 +389,8 @@ "parameters_provided": true }, { - "name": "Decision Tree", - "subname": "C4.5", + "family": "decision_tree", + "detail": "C4.5", "learning": "supervised", "role": "main", "type": "classification", @@ -432,7 +436,7 @@ ] }, "result": { - "main_goal": "traffic_classification", + "main_goal": "classify_traffic", "subgoals": [ "application_classification", "classification_of_encrypted_traffic", diff --git a/v2_papers/2009/este_support.json b/v2_papers/2009/este_support.json index b08544c..1fe81aa 100644 --- a/v2_papers/2009/este_support.json +++ b/v2_papers/2009/este_support.json @@ -1,5 +1,5 @@ { - "version": "v2.3.0", + "version": "v3.0.0", "reference": { "title": "Support vector Machines for TCP traffic classification", "authors": [ @@ -22,8 +22,8 @@ }, "access_open": false, "curated_by": "vormayr, g.", - "curated_last_revision": "06-06-2018", - "curated_revision_number": 7 + "curated_last_revision": "12-11-2018", + "curated_revision_number": 8 }, "data": { "datasets": [ @@ -174,8 +174,8 @@ "tools": "missing", "algorithms": [ { - "name": "Support Vector Machine (SVM)", - "subname": "single-class", + "family": "svm", + "detail": "Multi-class svm", "learning": "supervised", "role": "main", "type": "classification", @@ -184,8 +184,8 @@ "parameters_provided": "partially" }, { - "name": "Support Vector Machine (SVM)", - "subname": "multi-class", + "family": "svm", + "detail": "single-class svm", "learning": "supervised", "role": "main", "type": "classification", @@ -217,7 +217,7 @@ ] }, "result": { - "main_goal": "traffic_classification", + "main_goal": "classify_traffic", "subgoals": [ "application_classification" ], diff --git a/v2_papers/2009/zhani_analysis.json b/v2_papers/2009/zhani_analysis.json index f5f5bbc..e78ed80 100644 --- a/v2_papers/2009/zhani_analysis.json +++ b/v2_papers/2009/zhani_analysis.json @@ -1,5 +1,5 @@ { - "version": "v2.3.0", + "version": "v3.0.0", "reference": { "title": "Analysis and Prediction of Real Network Traffic", "authors": [ @@ -22,8 +22,8 @@ }, "access_open": true, "curated_by": "ferreira, d.", - "curated_last_revision": "06-06-2018", - "curated_revision_number": 3 + "curated_last_revision": "12-11-2018", + "curated_revision_number": 4 }, "data": { "datasets": [ @@ -355,29 +355,29 @@ "tools": "missing", "algorithms": [ { - "name": "ARMA", - "subname": "AutoRegressive Moving Average", + "family": "autoregressive_models", + "detail": "ARMA", "learning": "supervised", "role": "competitor", - "type": "regression", + "type": "modeling", "metric/decision_criteria": "error/fitting_function", "source": "referenced" }, { - "name": "ARIMA", - "subname": "Integrated AutoRegressive Moving Average", + "family": "autoregressive_models", + "detail": "ARIMA", "learning": "supervised", "role": "main", - "type": "regression", + "type": "modeling", "metric/decision_criteria": "error/fitting_function", "source": "referenced" }, { - "name": "neurofuzzy", - "subname": "α_SNF", + "family": "neural_networks", + "detail": "neurofuzzy sfm", "learning": "supervised", "role": "main", - "type": "regression", + "type": "classification", "metric/decision_criteria": "error/fitting_function", "source": "referenced" } @@ -413,7 +413,7 @@ ] }, "result": { - "main_goal": "network_properties_monitoring", + "main_goal": "_monitor_network_properties", "subgoals": [ "traffic_rate_prediction" ], diff --git a/v2_papers/2010/dewaele_unsupervised.json b/v2_papers/2010/dewaele_unsupervised.json index e572148..7dd31aa 100644 --- a/v2_papers/2010/dewaele_unsupervised.json +++ b/v2_papers/2010/dewaele_unsupervised.json @@ -1,5 +1,5 @@ { - "version": "v2.3.0", + "version": "v3.0.0", "reference": { "title": "Unsupervised host behavior classification from connection patterns", "authors": [ @@ -28,8 +28,8 @@ }, "access_open": false, "curated_by": "ferreira, d.", - "curated_last_revision": "06-06-2018", - "curated_revision_number": 3 + "curated_last_revision": "12-11-2018", + "curated_revision_number": 4 }, "data": { "datasets": [ @@ -241,12 +241,13 @@ "tools": "missing", "algorithms": [ { - "name": "Minimum Spanning Tree Clustering", + "family": "_minimum_spanning_tree_clustering", + "detail": "Minimum Spanning Tree Clustering", "learning": "unsupervised", "role": "main", + "type": "clustering", "parameters_provided": true, "source": "own_proposed", - "type": "clustering", "metric/decision_criteria": "euclidean" } ] @@ -278,7 +279,7 @@ ] }, "result": { - "main_goal": "traffic_classification", + "main_goal": "classify_traffic", "subgoals": [ "traffic_classification", "_host_classification" diff --git a/v2_papers/2010/shrivastav_network.json b/v2_papers/2010/shrivastav_network.json index f958420..0e68c7a 100644 --- a/v2_papers/2010/shrivastav_network.json +++ b/v2_papers/2010/shrivastav_network.json @@ -1,5 +1,5 @@ { - "version": "v2.3.0", + "version": "v3.0.0", "reference": { "title": "Network Traffic Classification using Semi-Supervised Approach", "authors": [ @@ -20,8 +20,8 @@ }, "access_open": false, "curated_by": "ferreira, d.", - "curated_last_revision": "06-06-2018", - "curated_revision_number": 3 + "curated_last_revision": "12-11-2018", + "curated_revision_number": 4 }, "data": { "datasets": [ @@ -124,8 +124,8 @@ ], "algorithms": [ { - "name": "K-means", - "subname": "K-means with probabilistic cluster labeling", + "family": "kmeans_clustering", + "detail": "K-means with probabilistic cluster labeling", "learning": "semisupervised", "role": "main", "type": "clustering", @@ -163,7 +163,7 @@ ] }, "result": { - "main_goal": "traffic_classification", + "main_goal": "detect_attacks", "subgoals": [ "traffic_classification" ], diff --git a/v2_papers/2010/zeidanloo_botnet.json b/v2_papers/2010/zeidanloo_botnet.json index 65e96c6..7996bce 100644 --- a/v2_papers/2010/zeidanloo_botnet.json +++ b/v2_papers/2010/zeidanloo_botnet.json @@ -1,5 +1,5 @@ { - "version": "v2.3.0", + "version": "v3.0.0", "reference": { "title": "Botnet Detection Based on Traffic Monitoring", "authors": [ @@ -24,8 +24,8 @@ }, "access_open": false, "curated_by": "vormayr, g.", - "curated_last_revision": "06-06-2018", - "curated_revision_number": 3 + "curated_last_revision": "12-11-2018", + "curated_revision_number": 4 }, "data": { "datasets": "missing" @@ -84,7 +84,8 @@ "tools": "missing", "algorithms": [ { - "name": "clustering by hand in plotted graphs", + "family": "_manual_clustering", + "detail": "clustering by hand in plotted graphs", "learning": "unsupervised", "role": "main", "type": "clustering", @@ -106,7 +107,7 @@ "train_test_separation": false }, "result": { - "main_goal": "botnet_detection", + "main_goal": "detect_attacks", "subgoals": [ "botnet_detection" ], diff --git a/v2_papers/2011/amiri_mutual.json b/v2_papers/2011/amiri_mutual.json index f93e17b..c505ac9 100644 --- a/v2_papers/2011/amiri_mutual.json +++ b/v2_papers/2011/amiri_mutual.json @@ -1,5 +1,5 @@ { - "version": "v2.3.0", + "version": "v3.0.0", "reference": { "title": "Mutual information-based feature selection for intrusion detection systems", "authors": [ @@ -25,8 +25,8 @@ }, "access_open": false, "curated_by": "ferreira, d.", - "curated_last_revision": "06-06-2018", - "curated_revision_number": 3 + "curated_last_revision": "12-11-2018", + "curated_revision_number": 4 }, "data": { "datasets": [ @@ -221,8 +221,8 @@ ], "algorithms": [ { - "name": "Support Vector Machine (SVM)", - "subname": "Least Squares SVM", + "family": "svm", + "detail": "Least Squares SVM", "learning": "supervised", "role": "main", "type": "classification", @@ -292,7 +292,7 @@ ] }, "result": { - "main_goal": "traffic_classification", + "main_goal": "detect_attacks", "subgoals": [ "attack_classification", "traffic_classification" diff --git a/v2_papers/2012/agarwal_hybrid.json b/v2_papers/2012/agarwal_hybrid.json index 82d8d59..e39c29a 100644 --- a/v2_papers/2012/agarwal_hybrid.json +++ b/v2_papers/2012/agarwal_hybrid.json @@ -1,5 +1,5 @@ { - "version": "v2.3.0", + "version": "v3.0.0", "reference": { "title": "Hybrid Approach for Detection of Anomaly Network Traffic using Data Mining Techniques", "authors": [ @@ -21,8 +21,8 @@ }, "access_open": true, "curated_by": "ferreira, d.", - "curated_last_revision": "06-06-2018", - "curated_revision_number": 3 + "curated_last_revision": "12-11-2018", + "curated_revision_number": 4 }, "data": { "datasets": [ @@ -231,7 +231,8 @@ "tools": "missing", "algorithms": [ { - "name": "Support Vector Machine (SVM)", + "family": "svm", + "detail": "none", "learning": "supervised", "role": "main", "type": "classification", @@ -240,10 +241,11 @@ "parameters_provided": false }, { - "name": "Threshold based rule", + "family": "rule_extraction", + "detail": "none", "learning": "no", "role": "competitor", - "type": "anomaly_detection", + "type": "classification", "metric/decision_criteria": "exact_matching", "source": "referenced", "parameters_provided": false @@ -272,7 +274,7 @@ ] }, "result": { - "main_goal": "anomaly_detection", + "main_goal": "detect_attacks", "subgoals": [ "anomaly_detection" ], diff --git a/v2_papers/2012/bujlow_amethod.json b/v2_papers/2012/bujlow_amethod.json index 9cbef21..74cf173 100644 --- a/v2_papers/2012/bujlow_amethod.json +++ b/v2_papers/2012/bujlow_amethod.json @@ -1,5 +1,5 @@ { - "version": "v2.3.0", + "version": "v3.0.0", "reference": { "title": "A method for classification of network traffic based on C5.0 Machine Learning Algorithm", "authors": [ @@ -20,8 +20,8 @@ }, "access_open": false, "curated_by": "bachl, m.", - "curated_last_revision": "06-06-2018", - "curated_revision_number": 3 + "curated_last_revision": "12-11-2018", + "curated_revision_number": 4 }, "data": { "datasets": [ @@ -589,7 +589,7 @@ ] }, "result": { - "main_goal": "traffic_classification", + "main_goal": "classify_traffic", "subgoals": [ "traffic_classification" ], diff --git a/v2_papers/2012/jin_modular.json b/v2_papers/2012/jin_modular.json index e7f4bee..df3bab1 100644 --- a/v2_papers/2012/jin_modular.json +++ b/v2_papers/2012/jin_modular.json @@ -1,5 +1,5 @@ { - "version": "v2.3.0", + "version": "v3.0.0", "reference": { "title": "A Modular Machine Learning System for Flow-Level Traffic Classification in Large Networks", "authors": [ @@ -25,8 +25,8 @@ }, "access_open": false, "curated_by": "bachl, m.", - "curated_last_revision": "06-06-2018", - "curated_revision_number": 4 + "curated_last_revision": "12-11-2018", + "curated_revision_number": 5 }, "data": { "datasets": [ @@ -270,8 +270,8 @@ "tools": "missing", "algorithms": [ { - "name": "AdaBoost", - "subname": "BStump", + "family": "ensemble", + "detail": "Adaboost Bstump", "learning": "supervised", "role": "main", "type": "classification", @@ -280,8 +280,8 @@ "parameters_provided": true }, { - "name": "Decision Tree", - "subname": "Boosting decision trees", + "family": "decision_tree", + "detail": "Boosting decision trees", "learning": "supervised", "role": "main", "type": "classification", @@ -290,8 +290,8 @@ "parameters_provided": true }, { - "name": "Maximum entropy", - "subname": "L1-Maxent", + "family": "entropy_based", + "detail": "L1-Maxent", "learning": "supervised", "role": "main", "type": "classification", @@ -300,8 +300,8 @@ "parameters_provided": true }, { - "name": "Naive Bayes", - "subname": "Weka implementation of Naive Bayes", + "family": "bayesian", + "detail": "Naive bayes – weka", "learning": "supervised", "role": "main", "type": "classification", @@ -310,11 +310,11 @@ "parameters_provided": true }, { - "name": "Traffic Activity Graph", - "subname": "Colored Traffic Activity Graph", + "family": "statistics", + "detail": "Colored Traffic Activity Graph", "learning": "supervised", "role": "main", - "type": "classification", + "type": "space_transformation", "metric/decision_criteria": "euclidean", "source": "own_proposed", "parameters_provided": true @@ -375,7 +375,7 @@ ] }, "result": { - "main_goal": "traffic_classification", + "main_goal": "classify_traffic", "subgoals": [ "traffic_classification" ], diff --git a/v2_papers/2012/yin_network.json b/v2_papers/2012/yin_network.json index 1d03595..7c367c5 100644 --- a/v2_papers/2012/yin_network.json +++ b/v2_papers/2012/yin_network.json @@ -1,5 +1,5 @@ { - "version": "v2.3.0", + "version": "v3.0.0", "reference": { "title": "Network traffic classification via HMM under the guidance of syntactic structure", "authors": [ @@ -23,8 +23,8 @@ }, "access_open": false, "curated_by": "ferreira, d.", - "curated_last_revision": "06-06-2018", - "curated_revision_number": 3 + "curated_last_revision": "12-11-2018", + "curated_revision_number": 4 }, "data": { "datasets": [ @@ -117,7 +117,8 @@ ], "algorithms": [ { - "name": "Naive Bayes", + "family": "bayesian", + "detail": "naive bayes", "learning": "supervised", "role": "competitor", "type": "classification", @@ -132,7 +133,8 @@ "parameters_provided": false }, { - "name": "Neural Network", + "family": "neural_networks", + "detail": "none", "learning": "supervised", "role": "competitor", "type": "classification", @@ -147,7 +149,8 @@ "parameters_provided": false }, { - "name": "Support Vector Machine (SVM)", + "family": "svm", + "detail": "none", "learning": "supervised", "role": "competitor", "type": "classification", @@ -162,7 +165,8 @@ "parameters_provided": false }, { - "name": "Hidden Markov Model (HMM)", + "family": "markov_process", + "detail": "Hidden Markov Model (HMM)", "learning": "supervised", "role": "main", "type": "classification", @@ -194,7 +198,7 @@ ] }, "result": { - "main_goal": "traffic_classification", + "main_goal": "classify_traffic", "subgoals": [ "traffic_classification" ], diff --git a/v2_papers/2012/zargari_feature.json b/v2_papers/2012/zargari_feature.json index 1ae0dee..b558d4f 100644 --- a/v2_papers/2012/zargari_feature.json +++ b/v2_papers/2012/zargari_feature.json @@ -1,5 +1,5 @@ { - "version": "v2.3.0", + "version": "v3.0.0", "reference": { "title": "Feature Selection in the Corrected KDD-dataset ", "authors": [ @@ -20,8 +20,8 @@ }, "access_open": false, "curated_by": "ferreira, d.", - "curated_last_revision": "06-06-2018", - "curated_revision_number": 4 + "curated_last_revision": "12-11-2018", + "curated_revision_number": 5 }, "data": { "datasets": [ @@ -144,7 +144,8 @@ ], "algorithms": [ { - "name": "Random Forest", + "family": "random_forest", + "detail": "none", "learning": "supervised", "role": "main", "type": "classification", @@ -197,7 +198,7 @@ ] }, "result": { - "main_goal": "anomaly_detection", + "main_goal": "detect_attacks", "subgoals": [ "attack_classification", "anomaly_detection" diff --git a/v2_papers/2012/zhang_feature.json b/v2_papers/2012/zhang_feature.json index 73af731..63eb216 100644 --- a/v2_papers/2012/zhang_feature.json +++ b/v2_papers/2012/zhang_feature.json @@ -1,5 +1,5 @@ { - "version": "v2.3.0", + "version": "v3.0.0", "reference": { "title": "Feature selection for optimizing traffic classification", "authors": [ @@ -25,8 +25,8 @@ }, "access_open": false, "curated_by": "ferreira, d.", - "curated_last_revision": "06-06-2018", - "curated_revision_number": 3 + "curated_last_revision": "12-11-2018", + "curated_revision_number": 4 }, "data": { "datasets": [ @@ -258,8 +258,8 @@ "tools": "missing", "algorithms": [ { - "name": "Naive Bayes", - "subname": "Naive Bayes with Kernel Estimation method", + "family": "bayesian", + "detail": "Naive Bayes with Kernel Estimation method", "learning": "supervised", "role": "main", "type": "classification", @@ -268,8 +268,8 @@ "parameters_provided": true }, { - "name": "Decision Tree", - "subname": "C4.5 Decision Tree", + "family": "decision_tree", + "detail": "C4.5", "learning": "supervised", "role": "main", "type": "classification", @@ -333,7 +333,7 @@ ] }, "result": { - "main_goal": "traffic_classification", + "main_goal": "classify_traffic", "subgoals": [ "application_classification", "traffic_classification" diff --git a/v2_papers/2013/comar_combining.json b/v2_papers/2013/comar_combining.json index c3b2e23..e95b7da 100644 --- a/v2_papers/2013/comar_combining.json +++ b/v2_papers/2013/comar_combining.json @@ -1,5 +1,5 @@ { - "version": "v2.3.0", + "version": "v3.0.0", "reference": { "title": "Combining supervised and unsupervised learning for zero-day malware detection", "authors": [ @@ -23,8 +23,8 @@ }, "access_open": false, "curated_by": "ferreira, d.", - "curated_last_revision": "06-06-2018", - "curated_revision_number": 3 + "curated_last_revision": "12-11-2018", + "curated_revision_number": 4 }, "data": { "datasets": [ @@ -72,7 +72,8 @@ "tools": "missing", "algorithms": [ { - "name": "Random Forest", + "family": "random_forest", + "detail": "none", "learning": "supervised", "role": "main", "type": "classification", @@ -81,41 +82,41 @@ "parameters_provided": false }, { - "name": "Support Vector Machine (SVM)", - "subname": "One-class SVM with RBF kernel with profiling", + "family": "svm", + "detail": "One-class SVM with RBF kernel with profiling", "learning": "supervised", "role": "competitor", - "type": "classification", + "type": "outlier_detection", "metric/decision_criteria": "euclidean", "source": "own_proposed", "parameters_provided": false }, { - "name": "Support Vector Machine (SVM)", - "subname": "One-class SVM with WL kernel with profiling", + "family": "svm", + "detail": "One-class SVM with WL kernel with profiling", "learning": "supervised", "role": "main", - "type": "classification", + "type": "outlier_detection", "metric/decision_criteria": "euclidean", "source": "own_proposed", "parameters_provided": false }, { - "name": "Support Vector Machine (SVM)", - "subname": "One-class SVM with WL kernel", + "family": "svm", + "detail": "One-class SVM with WL kernel", "learning": "supervised", "role": "competitor", - "type": "classification", + "type": "outlier_detection", "metric/decision_criteria": "euclidean", "source": "referenced", "parameters_provided": false }, { - "name": "Support Vector Machine (SVM)", - "subname": "One-class SVM with RBF kernel", + "family": "svm", + "detail": "One-class SVM with RBF kernel", "learning": "supervised", "role": "competitor", - "type": "classification", + "type": "outlier_detection", "metric/decision_criteria": "euclidean", "source": "referenced", "parameters_provided": false @@ -152,7 +153,7 @@ ] }, "result": { - "main_goal": "traffic_classification", + "main_goal": "detect_attacks", "subgoals": [ "attack_classification", "anomaly_detection" diff --git a/v2_papers/2013/fiore_network.json b/v2_papers/2013/fiore_network.json index bb59d0d..ea2856f 100644 --- a/v2_papers/2013/fiore_network.json +++ b/v2_papers/2013/fiore_network.json @@ -1,5 +1,5 @@ { - "version": "v2.3.0", + "version": "v3.0.0", "reference": { "title": "Network anomaly detection with the restricted Boltzmann machine", "authors": [ @@ -23,8 +23,8 @@ }, "access_open": false, "curated_by": "ferreira, d.", - "curated_last_revision": "06-06-2018", - "curated_revision_number": 3 + "curated_last_revision": "12-11-2018", + "curated_revision_number": 4 }, "data": { "datasets": [ @@ -139,11 +139,11 @@ "tools": "missing", "algorithms": [ { - "name": "Restricted Boltzmann Machine", - "subname": "Discriminative Restricted Boltzmann Machine", + "family": "neural_networks", + "detail": "Discriminative Restricted Boltzmann Machine", "learning": "semisupervised", "role": "main", - "type": "anomaly_detection", + "type": "outlier_detection", "metric/decision_criteria": "probabilistic", "source": "referenced", "parameters_provided": false @@ -180,7 +180,7 @@ ] }, "result": { - "main_goal": "anomaly_detection", + "main_goal": "detect_anomalies", "subgoals": [ "anomaly_detection" ], diff --git a/v2_papers/2013/huang_network.json b/v2_papers/2013/huang_network.json index 96ca42a..beddf37 100644 --- a/v2_papers/2013/huang_network.json +++ b/v2_papers/2013/huang_network.json @@ -1,5 +1,5 @@ { - "version": "v2.3.0", + "version": "v3.0.0", "reference": { "title": "Network forensic analysis using growing hierarchical SOM", "authors": [ @@ -19,8 +19,8 @@ }, "access_open": false, "curated_by": "bachl, m.", - "curated_last_revision": "06-06-2018", - "curated_revision_number": 3 + "curated_last_revision": "12-11-2018", + "curated_revision_number": 4 }, "data": { "datasets": [ @@ -78,7 +78,8 @@ "tools": "missing", "algorithms": [ { - "name": "Growing Hierarchical Self-Organizing Map", + "family": "neural_networks", + "detail": "som", "learning": "unsupervised", "role": "main", "type": "clustering", @@ -87,7 +88,8 @@ "parameters_provided": true }, { - "name": "K-means", + "family": "kmeans_clustering", + "detail": "none", "learning": "unsupervised", "role": "main", "type": "clustering", @@ -127,7 +129,7 @@ ] }, "result": { - "main_goal": "anomaly_detection", + "main_goal": "detect_attacks", "subgoals": [ "traffic_visualization", "ddos_detection", diff --git a/v2_papers/2013/zhang_aneffective.json b/v2_papers/2013/zhang_aneffective.json index d2a7754..6c8d590 100644 --- a/v2_papers/2013/zhang_aneffective.json +++ b/v2_papers/2013/zhang_aneffective.json @@ -1,5 +1,5 @@ { - "version": "v2.3.0", + "version": "v3.0.0", "reference": { "title": "An effective feature selection approach for network intrusion detection", "authors": [ @@ -20,8 +20,8 @@ }, "access_open": false, "curated_by": "ferreira, d.", - "curated_last_revision": "06-06-2018", - "curated_revision_number": 4 + "curated_last_revision": "12-11-2018", + "curated_revision_number": 5 }, "data": { "datasets": [ @@ -123,10 +123,11 @@ ], "algorithms": [ { - "name": "Bayesian Network", + "family": "bayesian", + "detail": "bayesian network", "learning": "supervised", "role": "main", - "type": "classification", + "type": "modeling", "metric/decision_criteria": "probabilistic", "tools": [ { @@ -186,7 +187,7 @@ ] }, "result": { - "main_goal": "traffic_classification", + "main_goal": "detect_attacks", "subgoals": [ "attack_classification", "traffic_classification" diff --git a/v2_papers/2013/zhang_aneffectivenetwork.json b/v2_papers/2013/zhang_aneffectivenetwork.json index fdc12bf..27310f7 100644 --- a/v2_papers/2013/zhang_aneffectivenetwork.json +++ b/v2_papers/2013/zhang_aneffectivenetwork.json @@ -1,5 +1,5 @@ { - "version": "v2.3.0", + "version": "v3.0.0", "reference": { "title": "An Effective Network Traffic Classification Method with Unknown Flow Detection", "authors": [ @@ -24,8 +24,8 @@ }, "access_open": false, "curated_by": "ferreira, d.", - "curated_last_revision": "06-06-2018", - "curated_revision_number": 3 + "curated_last_revision": "12-11-2018", + "curated_revision_number": 4 }, "data": { "datasets": [ @@ -286,8 +286,8 @@ "tools": "missing", "algorithms": [ { - "name": "Decision Tree", - "subname": "C4.5 Decision Tree", + "family": "decision_tree", + "detail": "C4.5", "learning": "supervised", "role": "competitor", "type": "classification", @@ -296,7 +296,8 @@ "parameters_provided": false }, { - "name": "K-nearest Neighbors (KNN)", + "family": "knn", + "detail": "none", "learning": "supervised", "role": "competitor", "type": "classification", @@ -305,7 +306,8 @@ "parameters_provided": false }, { - "name": "Naive Bayes", + "family": "bayesian", + "detail": "naive bayes", "learning": "supervised", "role": "competitor", "type": "classification", @@ -314,30 +316,31 @@ "parameters_provided": false }, { - "name": "Bayesian Network", + "family": "bayesian", + "detail": "bayesian network", "learning": "supervised", "role": "competitor", - "type": "classification", + "type": "modeling", "metric/decision_criteria": "probabilistic", "source": "referenced", "parameters_provided": false }, { - "name": "K-means", - "subname": "K-means using with manual labeling of a subset of flows", + "family": "kmeans_clustering", + "detail": "K-means using with manual labeling of a subset of flows", "learning": "semisupervised", "role": "competitor", - "type": "classification", + "type": "clustering", "metric/decision_criteria": "euclidean", "source": "referenced", "parameters_provided": true }, { - "name": "K-means", - "subname": "K-means with label propagation through bag of flows", + "family": "kmeans_clustering", + "detail": "K-means with label propagation through bag of flows", "learning": "semisupervised", "role": "main", - "type": "classification", + "type": "clustering", "metric/decision_criteria": "euclidean", "source": "own_proposed", "parameters_provided": true @@ -390,7 +393,7 @@ ] }, "result": { - "main_goal": "traffic_classification", + "main_goal": "classify_traffic", "subgoals": [ "application_classification", "traffic_classification" diff --git a/v2_papers/2013/zhang_network.json b/v2_papers/2013/zhang_network.json index 68ec206..d2172b0 100644 --- a/v2_papers/2013/zhang_network.json +++ b/v2_papers/2013/zhang_network.json @@ -1,5 +1,5 @@ { - "version": "v2.3.0", + "version": "v3.0.0", "reference": { "title": "Network Traffic Classification Using Correlation Information", "authors": [ @@ -25,8 +25,8 @@ }, "access_open": false, "curated_by": "ferreira, d.", - "curated_last_revision": "06-06-2018", - "curated_revision_number": 3 + "curated_last_revision": "12-11-2018", + "curated_revision_number": 4 }, "data": { "datasets": [ @@ -295,7 +295,8 @@ ], "algorithms": [ { - "name": "Nearest Neighbor", + "family": "knn", + "detail": "none", "learning": "supervised", "role": "validation", "type": "classification", @@ -310,8 +311,8 @@ "parameters_provided": true }, { - "name": "Nearest Neighbor", - "subname": "Average Nearest Neighbor (AVG-NN)", + "family": "knn", + "detail": "average knn", "learning": "supervised", "role": "main", "type": "classification", @@ -326,8 +327,8 @@ "parameters_provided": true }, { - "name": "Nearest Neighbor", - "subname": "Minimum Nearest Neighbor (MIN-NN)", + "family": "knn", + "detail": "minimum knn", "learning": "supervised", "role": "competitor", "type": "classification", @@ -342,8 +343,8 @@ "parameters_provided": true }, { - "name": "Nearest Neighbor", - "subname": "Majority Vote Nearest Neighbor (MVT-NN)", + "family": "knn", + "detail": "majority-vote knn", "learning": "supervised", "role": "competitor", "type": "classification", @@ -389,7 +390,7 @@ ] }, "result": { - "main_goal": "traffic_classification", + "main_goal": "classify_traffic", "subgoals": [ "traffic_classification", "application_classification" diff --git a/v2_papers/2014/jun_ddos.json b/v2_papers/2014/jun_ddos.json index d4c2d59..2d34634 100644 --- a/v2_papers/2014/jun_ddos.json +++ b/v2_papers/2014/jun_ddos.json @@ -1,5 +1,5 @@ { - "version": "v2.3.0", + "version": "v3.0.0", "reference": { "title": "DDoS attack detection by using packet sampling and flow features", "authors": [ @@ -21,8 +21,8 @@ }, "access_open": false, "curated_by": "ferreira, d.", - "curated_last_revision": "06-06-2018", - "curated_revision_number": 3 + "curated_last_revision": "12-11-2018", + "curated_revision_number": 4 }, "data": { "datasets": [ @@ -113,10 +113,11 @@ "tools": "missing", "algorithms": [ { - "name": "Threshold based rule", + "family": "rule_extraction", + "detail": "none", "learning": "no", "role": "main", - "type": "heuristics", + "type": "classification", "metric/decision_criteria": "_comparison", "source": "own_proposed", "parameters_provided": false @@ -145,7 +146,7 @@ ] }, "result": { - "main_goal": "anomaly_detection", + "main_goal": "detect_attacks", "subgoals": [ "ddos_detection", "anomaly_detection" diff --git a/v2_papers/2014/ma_ddos.json b/v2_papers/2014/ma_ddos.json index 221e1b3..a635863 100644 --- a/v2_papers/2014/ma_ddos.json +++ b/v2_papers/2014/ma_ddos.json @@ -1,5 +1,5 @@ { - "version": "v2.3.0", + "version": "v3.0.0", "reference": { "title": "DDoS Detection Method Based on Chaos Analysis of Network Traffic Entropy", "authors": [ @@ -22,8 +22,8 @@ }, "access_open": false, "curated_by": "ferreira, d.", - "curated_last_revision": "06-06-2018", - "curated_revision_number": 4 + "curated_last_revision": "12-11-2018", + "curated_revision_number": 5 }, "data": { "datasets": [ @@ -85,11 +85,11 @@ "tools": "missing", "algorithms": [ { - "name": "Autoregressive model", - "subname": "Autoregressive model with Lyuponov exponent to detect separation", + "family": "autoregressive_models", + "detail": "Autoregressive model with Lyuponov exponent to detect separation", "learning": "unsupervised", "role": "main", - "type": "anomaly_detection", + "type": "modeling", "source": "own_proposed", "parameters_provided": true } @@ -125,7 +125,7 @@ ] }, "result": { - "main_goal": "anomaly_detection", + "main_goal": "detect_attacks", "subgoals": [ "anomaly_detection" ], diff --git a/v2_papers/2014/singh_big.json b/v2_papers/2014/singh_big.json index bb1b891..d985e78 100644 --- a/v2_papers/2014/singh_big.json +++ b/v2_papers/2014/singh_big.json @@ -1,5 +1,5 @@ { - "version": "v2.3.0", + "version": "v3.0.0", "reference": { "title": "Big data analytics framework for peer-to-peer botnet detection using random forests", "authors": [ @@ -23,8 +23,8 @@ }, "access_open": false, "curated_by": "ferreira, d.", - "curated_last_revision": "06-06-2018", - "curated_revision_number": 3 + "curated_last_revision": "12-11-2018", + "curated_revision_number": 4 }, "data": { "datasets": [ @@ -176,7 +176,8 @@ ], "algorithms": [ { - "name": "Random Forest", + "family": "random_forest", + "detail": "none", "learning": "supervised", "role": "main", "type": "classification", @@ -238,7 +239,7 @@ ] }, "result": { - "main_goal": "botnet_detection", + "main_goal": "detect_attacks", "subgoals": [ "botnet_detection" ], diff --git a/v2_papers/2015/qin_ddos.json b/v2_papers/2015/qin_ddos.json index ddc22d6..83ca044 100644 --- a/v2_papers/2015/qin_ddos.json +++ b/v2_papers/2015/qin_ddos.json @@ -1,5 +1,5 @@ { - "version": "v2.3.0", + "version": "v3.0.0", "reference": { "title": "DDoS attack detection using flow entropy and clustering technique", "authors": [ @@ -21,8 +21,8 @@ }, "access_open": false, "curated_by": "ferreira, d.", - "curated_last_revision": "06-06-2018", - "curated_revision_number": 3 + "curated_last_revision": "12-11-2018", + "curated_revision_number": 4 }, "data": { "datasets": [ @@ -581,7 +581,8 @@ "tools": "missing", "algorithms": [ { - "name": "K-means", + "family": "kmeans_clustering", + "detail": "none", "learning": "unsupervised", "role": "main", "type": "clustering", @@ -622,7 +623,7 @@ ] }, "result": { - "main_goal": "anomaly_detection", + "main_goal": "detect_attacks", "subgoals": [ "ddos_detection", "anomaly_detection" diff --git a/v2_papers/2015/singha_intrusion.json b/v2_papers/2015/singha_intrusion.json index fa6f1e7..bb298c5 100644 --- a/v2_papers/2015/singha_intrusion.json +++ b/v2_papers/2015/singha_intrusion.json @@ -1,5 +1,5 @@ { - "version": "v2.3.0", + "version": "v3.0.0", "reference": { "title": "An intrusion detection system using network traffic profiling and online sequential extreme learning machine", "authors": [ @@ -25,8 +25,8 @@ }, "access_open": false, "curated_by": "vormayr, g.", - "curated_last_revision": "06-06-2018", - "curated_revision_number": 3 + "curated_last_revision": "12-11-2018", + "curated_revision_number": 4 }, "data": { "datasets": [ @@ -159,11 +159,11 @@ ], "algorithms": [ { - "name": "OS-ELM", - "subname": "online sequential learning for SLFN", + "family": "neural_networks", + "detail": "single hidden layer feedforward neural network (SLFN) with online sequential extreme learning machine (OSELM) algorithm", "learning": "supervised", "role": "main", - "type": "anomaly_detection", + "type": "regression", "metric/decision_criteria": "euclidean", "source": "referenced", "parameters_provided": false @@ -216,7 +216,7 @@ ] }, "result": { - "main_goal": "anomaly_detection", + "main_goal": "detect_attacks", "focus_main": "methodology/framework", "claimed_improvements": [ "improved_detection_rates", diff --git a/v2_papers/2015/vandertoorn_afirst.json b/v2_papers/2015/vandertoorn_afirst.json index 90c77b7..64c31a6 100644 --- a/v2_papers/2015/vandertoorn_afirst.json +++ b/v2_papers/2015/vandertoorn_afirst.json @@ -1,5 +1,5 @@ { - "version": "v2.3.0", + "version": "v3.0.0", "reference": { "title": "A first look at HTTP(S) intrusion detection using NetFlow/IPFIX", "authors": [ @@ -23,8 +23,8 @@ }, "access_open": false, "curated_by": "vormayr, g.", - "curated_last_revision": "06-06-2018", - "curated_revision_number": 3 + "curated_last_revision": "12-11-2018", + "curated_revision_number": 4 }, "data": { "datasets": [ @@ -124,10 +124,11 @@ ], "algorithms": [ { - "name": "Signature based IDS", + "family": "signature", + "detail": "Signature based IDS", "learning": "supervised", "role": "main", - "type": "heuristics", + "type": "specific_detection", "parameters_provided": true } ] @@ -162,7 +163,7 @@ ] }, "result": { - "main_goal": "anomaly_detection", + "main_goal": "detect_attacks", "subgoals": [ "http_intrusion_detection" ], diff --git a/v2_papers/2015/zhang_robust.json b/v2_papers/2015/zhang_robust.json index 51c058c..d865352 100644 --- a/v2_papers/2015/zhang_robust.json +++ b/v2_papers/2015/zhang_robust.json @@ -1,5 +1,5 @@ { - "version": "v2.3.0", + "version": "v3.0.0", "reference": { "title": "Robust network traffic classification", "authors": [ @@ -26,8 +26,8 @@ }, "access_open": false, "curated_by": "ferreira, d.", - "curated_last_revision": "06-06-2018", - "curated_revision_number": 3 + "curated_last_revision": "12-11-2018", + "curated_revision_number": 4 }, "data": { "datasets": [ @@ -208,37 +208,38 @@ "tools": "missing", "algorithms": [ { - "name": "K-means", - "subname": "K-means using with manual labeling of a subset of flows", + "family": "kmeans_clustering", + "detail": "K-means using with manual labeling of a subset of flows", "learning": "semisupervised", "role": "competitor", - "type": "classification", + "type": "clustering", "metric/decision_criteria": "euclidean", "parameters_provided": true, "source": "referenced" }, { - "name": "K-means", - "subname": "K-means with Robust Traffic Classification (RTC)", + "family": "kmeans_clustering", + "detail": "K-means with Robust Traffic Classification (RTC)", "learning": "semisupervised", "role": "main", - "type": "classification", + "type": "clustering", "metric/decision_criteria": "euclidean", "source": "own_proposed", "parameters_provided": true }, { - "name": "Support Vector Machine (SVM)", - "subname": "One-class SVM", + "family": "svm", + "detail": "single-class svm", "learning": "unsupervised", "role": "competitor", - "type": "anomaly_detection", + "type": "outlier_detection", "metric/decision_criteria": "euclidean", "source": "referenced", "parameters_provided": false }, { - "name": "Random Forest", + "family": "random_forest", + "detail": "none", "learning": "supervised", "role": "competitor", "type": "classification", @@ -247,8 +248,8 @@ "parameters_provided": false }, { - "name": "Random Forest", - "subname": "Random Forest with BoF-based Traffic Classification", + "family": "random_forest", + "detail": "Random Forest with BoF-based Traffic Classification", "learning": "supervised", "role": "competitor", "type": "classification", @@ -320,7 +321,7 @@ ] }, "result": { - "main_goal": "traffic_classification", + "main_goal": "classify_traffic", "subgoals": [ "attack_classification", "traffic_classification", diff --git a/v2_papers/2016/ambusaidi_building.json b/v2_papers/2016/ambusaidi_building.json index 0f161b1..023234d 100644 --- a/v2_papers/2016/ambusaidi_building.json +++ b/v2_papers/2016/ambusaidi_building.json @@ -1,5 +1,5 @@ { - "version": "v2.3.0", + "version": "v3.0.0", "reference": { "title": "Building an Intrusion Detection System Using a Filter-Based Feature Selection Algorithm", "authors": [ @@ -23,8 +23,8 @@ }, "access_open": false, "curated_by": "ferreira, d.", - "curated_last_revision": "06-06-2018", - "curated_revision_number": 4 + "curated_last_revision": "12-11-2018", + "curated_revision_number": 5 }, "data": { "datasets": [ @@ -655,9 +655,10 @@ "tools": "missing", "algorithms": [ { - "name": "Support Vector Machine (SVM)", - "subname": "Least Squares Support Vector Machine", + "family": "svm", + "detail": "Least Squares SVM", "role": "main", + "type": "classification", "parameters_provided": false } ] @@ -716,7 +717,7 @@ ] }, "result": { - "main_goal": "anomaly_detection", + "main_goal": "detect_attacks", "subgoals": [ "anomaly_detection", "attack_classification", diff --git a/v2_papers/2016/anderson_identifying-encrypted.json b/v2_papers/2016/anderson_identifying-encrypted.json index a188131..6d73c09 100644 --- a/v2_papers/2016/anderson_identifying-encrypted.json +++ b/v2_papers/2016/anderson_identifying-encrypted.json @@ -1,5 +1,5 @@ { - "version": "v2.3.0", + "version": "v3.0.0", "reference": { "title": "identifying encrypted malware traffic with contextual flow data", "authors": [ @@ -19,8 +19,8 @@ }, "access_open": false, "curated_by": "fiv", - "curated_last_revision": "06-06-2018", - "curated_revision_number": 3 + "curated_last_revision": "12-11-2018", + "curated_revision_number": 4 }, "data": { "datasets": [ @@ -166,7 +166,8 @@ ], "algorithms": [ { - "name": "l1-logistic regression", + "family": "glm_regression", + "detail": "l1- logistic regression", "learning": "statistics/model_fit", "role": "main", "type": "regression", @@ -182,8 +183,8 @@ "parameters_provided": false }, { - "name": "Support Vector Machine (SVM)", - "subname": "Gaussian kernel, exhaustive parameter search CV", + "family": "svm", + "detail": " SVM – gaussian kernel", "learning": "supervised", "role": "competitor", "type": "classification", @@ -199,11 +200,11 @@ "parameters_provided": false }, { - "name": "Xfold-cross-validation", - "subname": "10-fold", + "family": "crossvalidation", + "detail": "10-fold", "learning": "nest", "role": "main", - "type": "classification", + "type": "validation_optimization", "metric/decision_criteria": "euclidean", "tools": [ { @@ -247,7 +248,7 @@ ] }, "result": { - "main_goal": "anomaly_detection", + "main_goal": "detect_attacks", "subgoals": [ "traffic_classification" ], diff --git a/v2_papers/2016/gharaee_anew.json b/v2_papers/2016/gharaee_anew.json index 90dfe0b..d228497 100644 --- a/v2_papers/2016/gharaee_anew.json +++ b/v2_papers/2016/gharaee_anew.json @@ -1,5 +1,5 @@ { - "version": "v2.3.0", + "version": "v3.0.0", "reference": { "title": "A new feature selection IDS based on genetic algorithm and SVM", "authors": [ @@ -20,8 +20,8 @@ }, "access_open": false, "curated_by": "ferreira, d.", - "curated_last_revision": "06-06-2018", - "curated_revision_number": 3 + "curated_last_revision": "12-11-2018", + "curated_revision_number": 4 }, "data": { "datasets": [ @@ -96,8 +96,8 @@ ], "algorithms": [ { - "name": "Support Vector Machine (SVM)", - "subname": "Least Squares Support Vector Machine (LSSVM)", + "family": "svm", + "detail": "Least Squares SVM", "learning": "supervised", "role": "main", "type": "classification", @@ -112,8 +112,8 @@ "parameters_provided": false }, { - "name": "Decision Tree", - "subname": "C4.5 Decision Tree", + "family": "decision_tree", + "detail": "C4.5", "learning": "supervised", "role": "competitor", "type": "classification", @@ -161,7 +161,7 @@ ] }, "result": { - "main_goal": "anomaly_detection", + "main_goal": "detect_attacks", "subgoals": [ "attack_classification", "anomaly_detection" diff --git a/v2_papers/2016/iglesias_time-activity.json b/v2_papers/2016/iglesias_time-activity.json index 72b8d8a..03480d1 100644 --- a/v2_papers/2016/iglesias_time-activity.json +++ b/v2_papers/2016/iglesias_time-activity.json @@ -1,5 +1,5 @@ { - "version": "v2.3.0", + "version": "v3.0.0", "reference": { "title": "time-activity footprints in ip traffic", "authors": [ @@ -21,8 +21,8 @@ }, "access_open": false, "curated_by": "fiv", - "curated_last_revision": "06-06-2018", - "curated_revision_number": 4 + "curated_last_revision": "12-11-2018", + "curated_revision_number": 5 }, "data": { "datasets": [ @@ -204,8 +204,8 @@ ], "algorithms": [ { - "name": "fuzzy clustering", - "subname": "gustafson-kessel", + "family": "fuzzy_clustering", + "detail": "Gustafson-kessel fuzzy clustering", "learning": "unsupervised", "role": "main", "type": "clustering", @@ -221,11 +221,11 @@ "parameters_provided": false }, { - "name": "mad-based outlier removal", - "subname": "double mad", + "family": "statistics", + "detail": "Mad-based outlier removal", "learning": "statistics/model_fit", "role": "main", - "type": "anomaly_detection", + "type": "outlier_detection", "metric/decision_criteria": "euclidean", "tools": [ { @@ -309,7 +309,7 @@ ] }, "result": { - "main_goal": "traffic_classification", + "main_goal": "detect_anomalies", "subgoals": [ "traffic_classification" ], diff --git a/v2_papers/2016/javaid_adeep.json b/v2_papers/2016/javaid_adeep.json index e6f5c7c..dd48f69 100644 --- a/v2_papers/2016/javaid_adeep.json +++ b/v2_papers/2016/javaid_adeep.json @@ -1,5 +1,5 @@ { - "version": "v2.3.0", + "version": "v3.0.0", "reference": { "title": "A Deep Learning Approach for Network Intrusion Detection System", "authors": [ @@ -22,8 +22,8 @@ }, "access_open": true, "curated_by": "ferreira, d.", - "curated_last_revision": "06-06-2018", - "curated_revision_number": 5 + "curated_last_revision": "12-11-2018", + "curated_revision_number": 6 }, "data": { "datasets": [ @@ -121,20 +121,21 @@ "tools": "missing", "algorithms": [ { - "name": "Autoencoder", - "subname": "Sparse Autoencoder", + "family": "neural_networks", + "detail": "autoencoders sparse", "learning": "unsupervised", "role": "main", - "type": "regression", + "type": "classification", "metric/decision_criteria": "error/fitting_function", "source": "referenced", "parameters_provided": false }, { - "name": "Softmax Regression Classifier", + "family": "glm_regression", + "detail": "Softmax Regression Classifier", "learning": "supervised", "role": "main", - "type": "classification", + "type": "regression", "metric/decision_criteria": "error/fitting_function", "source": "referenced", "parameters_provided": true @@ -187,7 +188,7 @@ ] }, "result": { - "main_goal": "anomaly_detection", + "main_goal": "detect_attacks", "subgoals": [ "anomaly_detection", "attack_classification" diff --git a/v2_papers/2016/mishra_nvcloudids.json b/v2_papers/2016/mishra_nvcloudids.json index cb836ed..d41d544 100644 --- a/v2_papers/2016/mishra_nvcloudids.json +++ b/v2_papers/2016/mishra_nvcloudids.json @@ -1,5 +1,5 @@ { - "version": "v2.3.0", + "version": "v3.0.0", "reference": { "title": "NvCloudIDS: A security architecture to detect intrusions at network and virtualization layer in cloud environment", "authors": [ @@ -22,8 +22,8 @@ }, "access_open": false, "curated_by": "ferreira, d.", - "curated_last_revision": "06-06-2018", - "curated_revision_number": 3 + "curated_last_revision": "12-11-2018", + "curated_revision_number": 4 }, "data": { "datasets": [ @@ -179,7 +179,8 @@ "tools": "missing", "algorithms": [ { - "name": "Random Forest", + "family": "random_forest", + "detail": "none", "learning": "supervised", "role": "competitor", "type": "classification", @@ -188,17 +189,18 @@ "parameters_provided": false }, { - "name": "Logistic Regression", + "family": "glm_regression", + "detail": "logistic", "learning": "supervised", "role": "competitor", - "type": "classification", + "type": "regression", "metric/decision_criteria": "probabilistic", "source": "referenced", "parameters_provided": false }, { - "name": "Ensemble", - "subname": "Ensemble of Random Forests weighed according to a Logistic Regression", + "family": "random_forest", + "detail": "Ensemble of Random Forests weighed according to a Logistic Regression", "learning": "supervised", "role": "main", "type": "classification", @@ -245,7 +247,7 @@ ] }, "result": { - "main_goal": "anomaly_detection", + "main_goal": "detect_attacks", "subgoals": [ "anomaly_detection" ], diff --git a/v2_papers/2017/al_experimental.json b/v2_papers/2017/al_experimental.json index d8e47c4..1b3b3bd 100644 --- a/v2_papers/2017/al_experimental.json +++ b/v2_papers/2017/al_experimental.json @@ -1,5 +1,5 @@ { - "version": "v2.3.0", + "version": "v3.0.0", "reference": { "title": "Experimental Evaluation of a Multi-layer Feed-Forward Artificial Neural Network Classifier for Network Intrusion Detection System", "authors": [ @@ -21,8 +21,8 @@ }, "access_open": false, "curated_by": "ferreira, d.", - "curated_last_revision": "06-06-2018", - "curated_revision_number": 3 + "curated_last_revision": "12-11-2018", + "curated_revision_number": 4 }, "data": { "datasets": [ @@ -206,8 +206,8 @@ ], "algorithms": [ { - "name": "Neural Network", - "subname": "Multilayer Feedforward Neural Network", + "family": "neural_networks", + "detail": "Multilayer Feedforward Neural Network", "learning": "supervised", "role": "main", "type": "classification", @@ -294,7 +294,7 @@ ] }, "result": { - "main_goal": "anomaly_detection", + "main_goal": "detect_attacks", "subgoals": [ "anomaly_detection" ], diff --git a/v2_papers/2017/anderson_machine-learning.json b/v2_papers/2017/anderson_machine-learning.json index ab44323..202fce1 100644 --- a/v2_papers/2017/anderson_machine-learning.json +++ b/v2_papers/2017/anderson_machine-learning.json @@ -1,5 +1,5 @@ { - "version": "v2.3.0", + "version": "v3.0.0", "reference": { "title": "machine learning for encrypted malware traffic classification: accounting for noisy labels and non-stationarity", "authors": [ @@ -19,8 +19,8 @@ }, "access_open": true, "curated_by": "fiv", - "curated_last_revision": "06-06-2018", - "curated_revision_number": 3 + "curated_last_revision": "12-11-2018", + "curated_revision_number": 4 }, "data": { "datasets": [ @@ -505,7 +505,8 @@ ], "algorithms": [ { - "name": "linear regression", + "family": "glm_regression", + "detail": "linear", "learning": "statistics/model_fit", "role": "competitor", "type": "regression", @@ -521,7 +522,8 @@ "parameters_provided": true }, { - "name": "Logistic Regression", + "family": "glm_regression", + "detail": "l1 and l2 logistic regression", "learning": "statistics/model_fit", "role": "competitor", "type": "regression", @@ -534,11 +536,11 @@ } ], "source": "referenced", - "parameters_provided": false, - "subname": "l1 and l2" + "parameters_provided": false }, { - "name": "Decision Tree", + "family": "decision_tree", + "detail": "optimized CART", "learning": "supervised", "role": "competitor", "type": "classification", @@ -551,11 +553,11 @@ } ], "source": "referenced", - "parameters_provided": true, - "subname": "optimized CART" + "parameters_provided": true }, { - "name": "Random Forest", + "family": "random_forest", + "detail": "none", "learning": "supervised", "role": "competitor", "type": "classification", @@ -571,7 +573,8 @@ "parameters_provided": true }, { - "name": "Support Vector Machine (SVM)", + "family": "svm", + "detail": "gaussian and polynomial kernels", "learning": "supervised", "role": "competitor", "type": "classification", @@ -584,11 +587,11 @@ } ], "source": "referenced", - "parameters_provided": true, - "subname": "gaussian and polynimial kernels" + "parameters_provided": true }, { - "name": "Neural Network", + "family": "neural_networks", + "detail": "mlp", "learning": "supervised", "role": "competitor", "type": "classification", @@ -601,13 +604,14 @@ } ], "source": "referenced", - "parameters_provided": true, - "subname": "multi-layer perceptron" + "parameters_provided": true }, { - "name": "grid search", + "family": "parameter_search", + "detail": "grid", "learning": "nest", - "type": "classification", + "role": "validation", + "type": "validation_optimization", "metric/decision_criteria": "error/fitting_function", "tools": [ { @@ -617,15 +621,14 @@ } ], "source": "referenced", - "parameters_provided": true, - "role": "validation" + "parameters_provided": true }, { - "name": "cross-validation", - "subname": "10-fold", + "family": "crossvalidation", + "detail": "10-fold", "learning": "nest", "role": "validation", - "type": "classification", + "type": "validation_optimization", "metric/decision_criteria": "error/fitting_function", "tools": [ { @@ -674,7 +677,7 @@ "_algorithm_testing", "improved_data_description" ], - "main_goal": "traffic_classification", + "main_goal": "detect_attacks", "focus_main": "algorithm", "reproducibility": "repeatable" } diff --git a/v2_papers/2017/ashfaq_fuzziness.json b/v2_papers/2017/ashfaq_fuzziness.json index 04b7f21..355408f 100644 --- a/v2_papers/2017/ashfaq_fuzziness.json +++ b/v2_papers/2017/ashfaq_fuzziness.json @@ -1,5 +1,5 @@ { - "version": "v2.3.0", + "version": "v3.0.0", "reference": { "title": "Fuzziness based semi-supervised learning approach for intrusion detection system", "authors": [ @@ -24,8 +24,8 @@ }, "access_open": false, "curated_by": "ferreira, d.", - "curated_last_revision": "23-08-2018", - "curated_revision_number": 5 + "curated_last_revision": "12-11-2018", + "curated_revision_number": 6 }, "data": { "datasets": [ @@ -60,8 +60,8 @@ "tools": "missing", "algorithms": [ { - "name": "neural network", - "subname": "with random weights and membership fuzziness calculation", + "family": "neural_networks", + "detail": "with random weights and membership fuzziness calculation", "learning": "semisupervised", "role": "main", "type": "classification", @@ -92,7 +92,7 @@ ] }, "result": { - "main_goal": "anomaly_detection", + "main_goal": "detect_attacks", "subgoals": [ "anomaly_detection" ], @@ -102,4 +102,4 @@ ], "reproducibility": "replicable" } -} +} \ No newline at end of file diff --git a/v2_papers/2017/bamakan_ramp.json b/v2_papers/2017/bamakan_ramp.json index 81f423c..aecb82f 100644 --- a/v2_papers/2017/bamakan_ramp.json +++ b/v2_papers/2017/bamakan_ramp.json @@ -1,5 +1,5 @@ { - "version": "v2.3.0", + "version": "v3.0.0", "reference": { "title": "Ramp loss K-Support Vector Classification-Regression; a robust and sparse multi-class approach to the intrusion detection problem", "authors": [ @@ -22,8 +22,8 @@ }, "access_open": false, "curated_by": "ferreira, d.", - "curated_last_revision": "06-06-2018", - "curated_revision_number": 4 + "curated_last_revision": "12-11-2018", + "curated_revision_number": 5 }, "data": { "datasets": [ @@ -114,8 +114,8 @@ ], "algorithms": [ { - "name": "Support Vector Machine (SVM)", - "subname": "Ramp-KSVCR", + "family": "svm", + "detail": "Ramp-KSVCR", "learning": "supervised", "role": "main", "type": "classification", @@ -130,8 +130,8 @@ "parameters_provided": true }, { - "name": "Support Vector Machine (SVM)", - "subname": "K-SVCR", + "family": "svm", + "detail": "K-SVCR", "learning": "supervised", "role": "competitor", "type": "classification", @@ -140,8 +140,8 @@ "parameters_provided": false }, { - "name": "Support Vector Machine (SVM)", - "subname": "1-vs-all SVM", + "family": "svm", + "detail": "1-vs-all SVM", "learning": "supervised", "role": "competitor", "type": "classification", @@ -150,8 +150,8 @@ "parameters_provided": false }, { - "name": "Support Vector Machine (SVM)", - "subname": "1-vs-1 SVM", + "family": "svm", + "detail": "1-vs-1 SVM", "learning": "supervised", "role": "competitor", "type": "classification", @@ -223,7 +223,7 @@ ] }, "result": { - "main_goal": "anomaly_detection", + "main_goal": "detect_attacks", "subgoals": [ "anomaly_detection", "attack_classification" diff --git a/v2_papers/2017/iglesias_pattern-discovery.json b/v2_papers/2017/iglesias_pattern-discovery.json index f0bc017..7928062 100644 --- a/v2_papers/2017/iglesias_pattern-discovery.json +++ b/v2_papers/2017/iglesias_pattern-discovery.json @@ -1,5 +1,5 @@ { - "version": "v2.3.0", + "version": "v3.0.0", "reference": { "title": "pattern discovery in internet background radiation", "authors": [ @@ -21,8 +21,8 @@ }, "access_open": false, "curated_by": "fiv", - "curated_last_revision": "06-06-2018", - "curated_revision_number": 3 + "curated_last_revision": "12-11-2018", + "curated_revision_number": 4 }, "data": { "datasets": [ @@ -319,8 +319,8 @@ ], "algorithms": [ { - "name": "fuzzy clustering", - "subname": "gustafson-kessel", + "family": "fuzzy_clustering", + "detail": "Gustafson-kessel fuzzy clustering", "learning": "unsupervised", "role": "main", "type": "clustering", @@ -336,7 +336,8 @@ "parameters_provided": false }, { - "name": "K-medoids", + "family": "kmedoids_clustering", + "detail": "none", "learning": "unsupervised", "role": "main", "type": "clustering", @@ -352,7 +353,8 @@ "parameters_provided": false }, { - "name": "clustering consensus", + "family": "_clustering_consensus", + "detail": "none", "learning": "nest", "role": "main", "type": "clustering", @@ -367,11 +369,11 @@ "parameters_provided": false }, { - "name": "mad-based outlier removal", - "subname": "double mad", + "family": "statistics", + "detail": "Mad-based outlier removal", "learning": "statistics/model_fit", "role": "main", - "type": "anomaly_detection", + "type": "outlier_detection", "metric/decision_criteria": "euclidean", "tools": [ { @@ -438,7 +440,7 @@ ] }, "result": { - "main_goal": "traffic_classification", + "main_goal": "detect_anomalies", "subgoals": [ "traffic_classification" ], diff --git a/v2_papers/2017/taylor_robust.json b/v2_papers/2017/taylor_robust.json index fb7bd9e..8156512 100644 --- a/v2_papers/2017/taylor_robust.json +++ b/v2_papers/2017/taylor_robust.json @@ -1,5 +1,5 @@ { - "version": "v2.3.0", + "version": "v3.0.0", "reference": { "title": "Robust Smartphone App Identification Via Encrypted Network Traffic Analysis", "authors": [ @@ -21,8 +21,8 @@ }, "access_open": false, "curated_by": "ferreira, d.", - "curated_last_revision": "06-06-2018", - "curated_revision_number": 3 + "curated_last_revision": "12-11-2018", + "curated_revision_number": 4 }, "data": { "datasets": [ @@ -564,7 +564,8 @@ ], "algorithms": [ { - "name": "Random Forest", + "family": "random_forest", + "detail": "none", "learning": "supervised", "role": "main", "type": "classification", @@ -579,7 +580,8 @@ "parameters_provided": true }, { - "name": "Ambiguity detection", + "family": "_ambiguity_detection", + "detail": "Ambiguity detection – two phase classification", "learning": "supervised", "role": "main", "type": "classification", @@ -594,10 +596,11 @@ "parameters_provided": true }, { - "name": "Classification validation", + "family": "crossvalidation", + "detail": "none", "learning": "supervised", "role": "main", - "type": "classification", + "type": "validation_optimization", "metric/decision_criteria": "mutual_information", "tools": [ { @@ -648,7 +651,7 @@ ] }, "result": { - "main_goal": "traffic_classification", + "main_goal": "classify_traffic", "subgoals": [ "traffic_classification" ], From 8c8ec946d1971070357969911a677c39130b119b Mon Sep 17 00:00:00 2001 From: Daniel Ferreira Date: Mon, 12 Nov 2018 13:54:30 +0100 Subject: [PATCH 4/4] typo --- v2_papers/2008/nychis_anempirical.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/v2_papers/2008/nychis_anempirical.json b/v2_papers/2008/nychis_anempirical.json index dfd7a23..9653d7a 100644 --- a/v2_papers/2008/nychis_anempirical.json +++ b/v2_papers/2008/nychis_anempirical.json @@ -150,7 +150,7 @@ "parameters_provided": true }, { - "family": "entropy_based ", + "family": "entropy_based", "detail": "Entropy-based (time series)", "learning": "unsupervised", "role": "main", @@ -190,4 +190,4 @@ ], "reproducibility": "repeatable" } -} \ No newline at end of file +}