[1] H.-J. Liao, C.-H. R. Lin, Y.-C. Lin, and K.-Y. Tung, “Intrusion detection system: A comprehensive review,” Journal of Network and Computer Applications, vol. 36, no. 1, Art. no. 1, 2013.##
[2] B. Morin and H. Debar, “Correlation of Intrusion Symptoms: An Application of Chronicles,” in Recent Advances in Intrusion Detection, Berlin, Heidelberg, 2003, pp. 94 112, doi: 10.1007/978-3-540-45248-5_6.##
[3] A. A. Ghorbani, W. Lu, and M. Tavallaee, Network Intrusion Detection and Prevention: Concepts and Techniques. Springer Science & Business Media, 2010.##
[4] C. V. Zhou, C. Leckie, and S. Karunasekera, “A survey of coordinated attacks and collaborative intrusion detection,” Computers & Security, vol. 29, no. 1, pp. 124–140, Feb. 2010, doi: 10.1016/j.cose.2009.06.008.##
[5] Y. Bai and H. Kobayashi, “Intrusion Detection Systems: technology and development,” in 17th International Conference on Advanced Information Networking and Applications, 2003. AINA 2003., Mar. 2003, pp. 710–715, doi: 10.1109/AINA.2003.1192972.##
[6] A. S. Sodiya, H. O. D. Longe, and A. T. Akinwale, “A new two‐ tiered strategy to intrusion detection,” Information Management & Computer Security, vol. 12, no. 1, Art. no. 1, Jan. 2004, doi: 10.1108/09685220410518810.##
[7] S. Duque and Mohd. N. bin Omar, “Using Data Mining Algorithms for Developing a Model for Intrusion Detection System (IDS),” Procedia Computer Science, vol. 61, pp. 46– 51, Jan. 2015, doi: 10.1016/j.procs.2015.09.145.##
[8] N. K. Kanakarajan and K. Muniasamy, “Improving the Accuracy of Intrusion Detection Using GAR-Forest with Feature Selection,” in Proceedings of the 4th International Conference on Frontiers in Intelligent Computing: Theory and Applications (FICTA) 2015, New Delhi, 2016, pp. 539–547, doi: 10.1007/978-81-322-2695-6_45.##
[9] J. A. Khan and N. Jain, “A survey on intrusion detection systems and classification techniques,” Int. J. Sci. Res. Sci., Eng. Technol., vol. 2, no. 5, pp. 202–208, 2016.##
[10] D. Gupta, S. Singhal, S. Malik, and A. Singh, “Network intrusion detection system using various data mining techniques,” in 2016 International Conference on Research Advances in Integrated Navigation Systems (RAINS), May 2016, pp. 1–6, doi: 10.1109/RAINS.2016.7764418.##
[11] W.-Y. Yu and H.-M. Lee, “An incremental-learning method for supervised anomaly detection by cascading service classifier and ITI decision tree methods,” in Pacific-Asia Workshop on Intelligence and Security Informatics, 2009, pp. 155–160.##
[12] Y. Yi, J. Wu, and W. Xu, “Incremental SVM based on reserved set for network intrusion detection,” Expert Systems with Applications, vol. 38, no. 6, pp. 7698–7707, 2011.##
[13] K. K. Gupta, B. Nath, and R. Kotagiri, “Layered Approach Using Conditional Random Fields for Intrusion Detection,” IEEE Transactions on Dependable and Secure Computing, vol. 7, no. 1, pp. 35–49, Jan. 2010, doi: 10.1109/TDSC.2008.20.##
[14] R. Sadoddin and A. A. Ghorbani, “An incremental frequent structure mining framework for real-time alert correlation,” Computers & Security, vol. 28, no. 3, pp. 153–173, 2010, doi: 10.1016/j.cose.2008.11.010.##
[15] G. P. Spathoulas and S. K. Katsikas, “Reducing false positives in intrusion detection systems,” Computers & Security, vol. 29, no. 1, pp. 35–44, Feb. 2010, doi: 10.1016/j.cose.2009.07.008.##
[16] B. Zhu and A. A. Ghorbani, “Alert correlation for extracting attack strategies,” IJ Network Security, vol. 3, no. 3, pp. 244– 258, 2006.##
[17] P. Ning, Y. Cui, and D. S. Reeves, “Constructing attack scenarios through correlation of intrusion alerts,” in Proceedings of the 9th ACM conference on Computer and communications security, Washington, DC, USA, Nov. 2002, pp. 245–254, doi: 10.1145/586110.586144.##
[18] P. Ning, Y. Cui, D. S. Reeves, and D. Xu, “Techniques and tools for analyzing intrusion alerts,” ACM Trans. Inf. Syst. Secur., vol. 7, no. 2, pp. 274–318, May 2004, doi: 10.1145/996943.996947.##
[19] S. O. Al-Mamory and H. L. Zhang, “Building Scenario Graph Using Clustering,” in 2007 International Conference on Convergence Information Technology (ICCIT 2007), Nov. 2007, pp. 799–804, doi: 10.1109/ICCIT.2007.51.##
[20] S. O. Al-Mamory and H. L. Zhang, “Scenario Discovery Using Abstracted Correlation Graph,” in 2007 International Conference on Computational Intelligence and Security (CIS 2007) , Dec. 2007, pp. 702–706, doi: 10.1109/CIS.2007.21##
[21] A. Milenkoski, M. Vieira, S. Kounev, A. Avritzer, and B. D. Payne, “Evaluating Computer Intrusion Detection Systems: A Survey of Common Practices,” ACM Comput. Surv., vol. 48, no. 1, p. 12:1–12:41, Sep. 2015, doi: 10.1145/2808691.##
[22] R. Kandhari, V. Chandola, A. Banerjee, V. Kumar, and R. Kandhari, “Anomaly detection,” ACM Comput. Surv, vol. 41, no. 3, pp. 1–6, 2009.##
[23] J. Arshad, P. Townend, and J. Xu, “A novel intrusion severity analysis approach for Clouds,” Future Generation Computer Systems, vol. 29, no. 1, pp. 416–428, Jan. 2013, doi: 10.1016/j.future.2011.08.009.##
[24] F. Shen and O. Hasegawa, “A fast nearest neighbor classifier based on self-organizing incremental neural network,” Neural Networks, vol. 21, no. 10, pp. 1537–1547, Dec. 2008, doi: 10.1016/j.neunet.2008.07.001.##
[25] F. A. Gers, J. Schmidhuber, and F. Cummins, “Learning to forget: Continual prediction with LSTM,” 1999.##
[26] A. Valdes and K. Skinner, “Probabilistic Alert Correlation,” in Recent Advances in Intrusion Detection, Berlin, Heidelberg, 2001, pp. 54–68, doi: 10.1007/3-540-45474-8_4.##
[27] K. Polat and S. Güneş, “Principles component analysis, fuzzy weighting pre-processing and artificial immune recognition system based diagnostic system for diagnosis of lung cancer,” Expert Systems with Applications, vol. 34, no. 1, pp. 214–221, Jan. 2008, doi: 10.1016/j.eswa.2006.09.001.##
[28] “DARPA 2000 Intrusion Detection Scenario Specific Datasets | MIT Lincoln Laboratory.”
https://www.ll.mit.edu/rd/ datasets/2000-darpa-intrusion-detection-scenario-specificdatasets (accessed Aug. 07, 2020).##
[31] W.-Y. Yu and H.-M. Lee, “An incremental-learning method for supervised anomaly detection by cascading service classifier and ITI decision tree methods,” in Pacific-Asia Workshop on Intelligence and Security Informatics, 2009, pp. 155–160.##
[32] S. T. Sarasamma and Q. A. Zhu, “Min-max hyperellipsoidal clustering for anomaly detection in network security,” IEEE Transactions on Systems, Man, and Cybernetics, Part B (Cybernetics), vol. 36, no. 4, pp. 887–901, Aug. 2006, doi: 10.1109/TSMCB.2006.870629.##
)
