R. Kremmerer and G. Vigna, “Intrusion Detection: A Brief History and Overview,” 2002.
 D. Marc Dacier and A. wespi, “Towards a taxonomy of intrusion-detection systems,” 1999.
 A. Sperotto G. Schaffrath, R. Sadre, C. Morariu, A. Pras, and B. Stiller, “An Overview of IP Flow-Based Intrusion Detection,” pp. 343-356, 2010.
 W. Lee, S. J. Stolfo, “A Framework for Constructing Features and Models for Intrusion Detection Systems,” ACM Transaction on Information and System Security 3, pp. 227-261, 2000.
 X. Yan and J. Ying Zhang, “Early Detection of Cyber Security Threats using Structured Behavior Modeling,” ACM Transaction on Information and System Security, vol. V, 2013.
 A. Lakhina, M. Crovella, and C. Diot, “Diagnosing network-wide traffic anomalies,” New York : s. n, conference on Applications, technologies, architectures, and protocols, pp. 219-230, 2004.
 M. Saniee Abadeh, J. Habibi, and C. Lucas,” Intrusion detection using a fuzzy genetics-based learning algorithm,” pp. 414-428, 2007.
 G. Wang, J. Hao, J. Ma, and L. Huang, “A new approach to intrusion detection using Artificial Neural Networks and fuzzy clustering,” pp. 6225–6232, 2010.
 A. J. Rashidi, K. Dadashtabar Ahmadi, and F. Samsami Khodadad, “Projection of Multistage Cyber Attack Based on Belief Model and Fuzzy Inference,” Journal of electronical & cyber defence, vol. 3, no. 2, 2015. (In Persian)
 B. Thomas Adler, L. de Alfaro, S. M. Mola-Velasco, P. Rosso, and A. G. West, “Wikipedia Vandalism Detection: Combining Natural Language, Metadata, and Reputation Feature,” International Conference on Intelligent Text Processing and Computational Linguistics, pp. 277-288, 2011.
 N.-A. Le-Khac, M.-T. Kechadi, and M. Banerveld, “Performance Evaluation of a Natural Language Processing approach applied in White Collar crime investigation,” School of Computer Science & Informatics, University College Dublin Belfield, Dublin, Ireland, 2014.
 H.-K. Peng, P. Wu, J. Zhu, and J. Ying Zhang, “Helix:Unsupervised Grammar Induction for Structured Activity Recognition,” 11th IEEE International Conference on Data Mining. pp. 1195-1199, 2011.
 K. Rieck and P. Laskov, “Detecting unknown network attacks using language models,” Third international conference on Detection of Intrusions, pp. 74-90, 2006.
 Sunoallah, Wesam Ashour and Saad, “Multi Density DBSCAN,” International Conference on Intelligent Data Engineering and Automated Learning, pp. 446-453, 2011.
 A. Özgür and H. Erdem, “A review of KDD99 dataset usage in intrusion detection and machine learning between 2010 and 2015,” Ankara : s.n., Apr. 2016.
 J. C. Gower, “A general coefficient of similarity and some of its properties,” pp. 857–871, 1971.
 W. G. Cochran, “The X2 test of goodness of fit,” Annals of Mathematical Statistics, vol. 25 , pp. 315–345, 1952.
 Peterson, A. C. Lin, and L. Gilbert, “Activity Pattern Discovery from Network Captures,” IEEE Symposium on Security and Privacy Workshop, 2016.