A comparative analysis of machine learning techniques for detecting probing attack with SHAP algorithm

Internet-based network safety has transformed into a major global issue because of the rising dependency of people, businesses, and countries. Therefore, it is vitally important for individuals to use an intrusion detection system (IDS) that may protect computer networks from potential threats and d...

Full description

Saved in:
Bibliographic Details
Published inExpert systems with applications Vol. 271; p. 126718
Main Authors Rabbi, Fazla, Ibne Hossain, Niamat Ullah, Das, Saikat
Format Journal Article
LanguageEnglish
Published Elsevier Ltd 01.05.2025
Online AccessGet full text
ISSN0957-4174
DOI10.1016/j.eswa.2025.126718

Cover

Abstract Internet-based network safety has transformed into a major global issue because of the rising dependency of people, businesses, and countries. Therefore, it is vitally important for individuals to use an intrusion detection system (IDS) that may protect computer networks from potential threats and data leakage. It is gradually improving with the growth of machine learning (ML) methods. In this research, we present an intrusion detection method utilizing several ML algorithms to detect probe attacks using the NSL-KDD dataset. This attack targets the potential weak point of the network to get an idea about the structure and vulnerabilities. Therefore, the objective of this study is to build a best-performed ML model that provides the lowest possible false positive rate, the lowest run time, and the highest possible F1 score. To that end, different ML models have been developed, such as Neural Network (NN), Random Forest (RF), K-Nearest Neighbor (KNN), Bagging Classifier, and Extreme Gradient Boosting Classifier (XGBoost). Furthermore, cross-validation, sampling methods, and hyperparameter tuning were conducted on those ML models to improve their efficiency. Moreover, a SHAP algorithm has been conducted to interpret the prediction of the ML models and figure out the most influential features that affect cyber-attack detection. We performed a comparative analysis among all ML models that we built, and it shows the XGBoost model is the best-performing model that outperformed all other models with a 92.93% F1 score, the lowest 2.35% false positive rate, and with a minimum runtime of 13 s. Furthermore, our feature importance study shows that the “src_bytes” or source bytes feature, which offers information on the number of bytes an attacker sends to each port during the scanning phase, has the greatest influence on identifying probing attacks. Compared to existing research on probe attack detection, our proposed model demonstrates an excellent example in terms of fast and accurate anomaly detection with negligible false positives. Additionally, it outperforms traditional probe attack detection in terms of computational efficiency and handling diverse network scenarios in the presence of high traffic volumes and dynamic environments.
AbstractList Internet-based network safety has transformed into a major global issue because of the rising dependency of people, businesses, and countries. Therefore, it is vitally important for individuals to use an intrusion detection system (IDS) that may protect computer networks from potential threats and data leakage. It is gradually improving with the growth of machine learning (ML) methods. In this research, we present an intrusion detection method utilizing several ML algorithms to detect probe attacks using the NSL-KDD dataset. This attack targets the potential weak point of the network to get an idea about the structure and vulnerabilities. Therefore, the objective of this study is to build a best-performed ML model that provides the lowest possible false positive rate, the lowest run time, and the highest possible F1 score. To that end, different ML models have been developed, such as Neural Network (NN), Random Forest (RF), K-Nearest Neighbor (KNN), Bagging Classifier, and Extreme Gradient Boosting Classifier (XGBoost). Furthermore, cross-validation, sampling methods, and hyperparameter tuning were conducted on those ML models to improve their efficiency. Moreover, a SHAP algorithm has been conducted to interpret the prediction of the ML models and figure out the most influential features that affect cyber-attack detection. We performed a comparative analysis among all ML models that we built, and it shows the XGBoost model is the best-performing model that outperformed all other models with a 92.93% F1 score, the lowest 2.35% false positive rate, and with a minimum runtime of 13 s. Furthermore, our feature importance study shows that the “src_bytes” or source bytes feature, which offers information on the number of bytes an attacker sends to each port during the scanning phase, has the greatest influence on identifying probing attacks. Compared to existing research on probe attack detection, our proposed model demonstrates an excellent example in terms of fast and accurate anomaly detection with negligible false positives. Additionally, it outperforms traditional probe attack detection in terms of computational efficiency and handling diverse network scenarios in the presence of high traffic volumes and dynamic environments.
ArticleNumber 126718
Author Rabbi, Fazla
Ibne Hossain, Niamat Ullah
Das, Saikat
Author_xml – sequence: 1
  givenname: Fazla
  surname: Rabbi
  fullname: Rabbi, Fazla
  organization: Department of Engineering Management, Arkansas State University, AR 72467, USA
– sequence: 2
  givenname: Niamat Ullah
  surname: Ibne Hossain
  fullname: Ibne Hossain, Niamat Ullah
  email: nibnehossain@astate.edu
  organization: Department of Engineering Management, Arkansas State University, AR 72467, USA
– sequence: 3
  givenname: Saikat
  surname: Das
  fullname: Das, Saikat
  organization: Department of Computer Science, Utah Valley University, Orem, UT 84058, USA
BookMark eNp9kMFOwzAMhnMYEtvgBTjlBVqSrGkaics0AUOaBBJwjtLE2TLaZiRl096eVuPM6ZdtfZb9zdCkCx0gdEdJTgkt7_c5pJPOGWE8p6wUtJqgKZFcZAUVxTWapbQnhApCxBS5JTahPeioe38ErDvdnJNPODjcarPzHeAGdOx8t8U9mF3nv38gYRcitjA0-nFwiKEeU_e9Nl_45Psdfl8v37ButiEOVXuDrpxuEtz-5Rx9Pj1-rNbZ5vX5ZbXcZIYJ2WeMFJZr5ySxIG1Z28LqypBSSEG5464wFacSeCGYXTAwUFWmhkryui4LJheLOWKXvSaGlCI4dYi-1fGsKFGjHbVXox012lEXOwP0cIFguOzoIapkPHQGrI_Dh8oG_x_-C2o4c9I
Cites_doi 10.1016/j.eswa.2012.07.009
10.1613/jair.953
10.1007/3-540-45014-9_1
10.1109/ICCCNT.2018.8494186
10.1109/TNSM.2021.3138457
10.1007/978-981-10-6602-3_3
10.22266/ijies2020.0630.39
10.1007/978-981-16-8059-5_22
10.1109/NOMS.2018.8406212
10.1016/j.cose.2007.10.002
10.1016/j.jnca.2016.01.008
10.1016/j.ecolmodel.2019.06.002
10.1109/ICOSEC49089.2020.9215232
10.47738/jads.v5i4.280
10.1109/ACCESS.2019.2923640
10.1109/TSMC.1976.5409182
10.1109/CISDA.2009.5356528
10.1109/AICI.2009.235
10.1109/CUBE.2013.31
10.1093/mnras/stv373
10.3390/s23042333
10.1016/j.eswa.2011.07.032
10.1007/978-3-319-66939-7_17
10.1109/TSMCA.2009.2029559
10.1093/comjnl/bxx101
10.1109/ICHIT.2006.253508
10.1023/A:1010933404324
10.1007/s10115-008-0139-1
10.1142/S0218001409007326
10.1016/B978-0-12-809633-8.20349-X
10.1016/j.neucom.2020.07.061
10.1016/j.procs.2016.06.016
10.1016/j.jnca.2011.01.002
10.1007/BF00058655
10.1109/ARES.2006.73
10.24251/HICSS.2020.795
10.1016/S2212-5671(15)01077-1
10.1007/978-3-662-44851-9_15
10.1007/s11036-019-01353-0
10.1145/2939672.2939785
10.1109/ACCESS.2020.3048198
10.1109/SSPD.2017.8233268
10.1080/095281300146272
10.1109/ICCICT.2015.7045674
10.1016/j.comnet.2020.107247
ContentType Journal Article
Copyright 2025 Elsevier Ltd
Copyright_xml – notice: 2025 Elsevier Ltd
DBID AAYXX
CITATION
DOI 10.1016/j.eswa.2025.126718
DatabaseName CrossRef
DatabaseTitle CrossRef
DatabaseTitleList
DeliveryMethod fulltext_linktorsrc
Discipline Computer Science
ExternalDocumentID 10_1016_j_eswa_2025_126718
S0957417425003409
GroupedDBID --K
--M
.DC
.~1
0R~
13V
1B1
1RT
1~.
1~5
4.4
457
4G.
5GY
5VS
7-5
71M
8P~
9JN
9JO
AAAKF
AABNK
AACTN
AAEDT
AAEDW
AAIKJ
AAKOC
AALRI
AAOAW
AAQFI
AARIN
AATTM
AAXKI
AAXUO
AAYFN
ABBOA
ABFNM
ABJNI
ABMAC
ABMVD
ABUCO
ACDAQ
ACGFS
ACHRH
ACNTT
ACRLP
ACZNC
ADBBV
ADEZE
ADTZH
AEBSH
AECPX
AEIPS
AEKER
AENEX
AFJKZ
AFTJW
AFXIZ
AGCQF
AGHFR
AGUBO
AGUMN
AGYEJ
AHHHB
AHJVU
AHZHX
AIALX
AIEXJ
AIKHN
AITUG
AKRWK
ALEQD
ALMA_UNASSIGNED_HOLDINGS
AMRAJ
ANKPU
AOUOD
APLSM
APXCP
AXJTR
BJAXD
BKOJK
BLXMC
BNPGV
BNSAS
CS3
DU5
EBS
EFJIC
EO8
EO9
EP2
EP3
F5P
FDB
FIRID
FNPLU
FYGXN
G-Q
GBLVA
GBOLZ
HAMUX
IHE
J1W
JJJVA
KOM
LG9
LY1
LY7
M41
MO0
N9A
O-L
O9-
OAUVE
OZT
P-8
P-9
P2P
PC.
PQQKQ
Q38
ROL
RPZ
SDF
SDG
SDP
SDS
SES
SEW
SPC
SPCBC
SSB
SSD
SSH
SSL
SST
SSV
SSZ
T5K
TN5
~G-
29G
AAAKG
AAQXK
AAYWO
AAYXX
ABKBG
ABWVN
ABXDB
ACLOT
ACNNM
ACRPL
ACVFH
ADCNI
ADJOM
ADMUD
ADNMO
AEUPX
AFPUW
AGQPQ
AIGII
AIIUN
AKBMS
AKYEP
ASPBG
AVWKF
AZFZN
CITATION
EFKBS
EFLBG
EJD
FEDTE
FGOYB
G-2
HLZ
HVGLF
HZ~
R2-
SBC
SET
WUQ
XPP
ZMT
~HD
ID FETCH-LOGICAL-c279t-204d5aff90de9d6bd4da8c0679715f5f4c8519e5472d32ece88cbe895bb642933
IEDL.DBID .~1
ISSN 0957-4174
IngestDate Wed Oct 01 08:25:04 EDT 2025
Sat Apr 26 15:42:03 EDT 2025
IsPeerReviewed true
IsScholarly true
Language English
LinkModel DirectLink
MergedId FETCHMERGED-LOGICAL-c279t-204d5aff90de9d6bd4da8c0679715f5f4c8519e5472d32ece88cbe895bb642933
ParticipantIDs crossref_primary_10_1016_j_eswa_2025_126718
elsevier_sciencedirect_doi_10_1016_j_eswa_2025_126718
ProviderPackageCode CITATION
AAYXX
PublicationCentury 2000
PublicationDate 2025-05-01
PublicationDateYYYYMMDD 2025-05-01
PublicationDate_xml – month: 05
  year: 2025
  text: 2025-05-01
  day: 01
PublicationDecade 2020
PublicationTitle Expert systems with applications
PublicationYear 2025
Publisher Elsevier Ltd
Publisher_xml – name: Elsevier Ltd
References Narkhede (b0325) 2018
Zeng, Martinez (b0505) 2000; 12
Hastie, Tibshirani, Friedman (b0185) 2008
Ghanem, K., Aparicio-Navarro, F. J., Kyriakopoulos, K. G., Lambotharan, S., & Chambers, J. A. (2017). Support Vector Machine for Network Intrusion and Cyber-Attack Detection.
Tomek, I. (1976). A generalization of the k-nn rule.
El-Taj, Najjar, Alsenawi, Najjar (b0145) 2012; 10
Schratz, Muenchow, Iturritxa, Richter, Brenning (b0390) 2019; 406
Devi, Abualkibash (b0130) 2019; 11
(2), 121-126.
Kaur, P., & Gosain, A. (2018). Comparing the Behavior of Oversampling and Undersampling Approach of Class Imbalance Learning by Combining Class Imbalance Problem with Noise.
785-796.
Li, Fang, Guo, Chen (b0270) 2007
Burukanli, Yumuşak (b0100) 2024
Turku, Finland.
New Orelans.
Revathi, Malathi (b0380) 2013; 2
Belavagi, Muniyal (b0065) 2016; 89
(pp. 1-6). Mumbai, India.
Bace, Mell (b0055) 2001
Botha, M., & Solms, R. (2004). Utilizing Neural Networks For Effective Intrusion Detection.
Hoyle, Rau, Zitlau, Seitz, Weller (b0190) 2015; 449
Kumar, Lalotra, Sasikala, Rajput, Kaluri, Lakshmanna, Uddin (b0250) 2022; 10
Bhuyan, Bhattacharyya, Kalita (b0080) 2011
Qraitem, Saenko, Plummer (b0345) 2023
Liu, Wang, Lin, Liu (b0290) 2020; 9
Lemaitre, Nogueira, Aridas (b0260) 2017; 18
,
Oxford, UK.
.
lulu.com.
Mohammed, Rawashdeh, Abdullah (b0305) 2020
Zhou, Cheng, Jiang, Dai (b0510) 2020; 174
Koc, Mazzuchi, Sarkani (b0240) 2012; 39
Rijsbergen (b0385) 2004
Reed, J. (2023, june 05). $10.3 billion in cyber crime losses shatters previous totals. Security Intelligence. Retrieved 10 8, 2023, from https://securityintelligence.com/news/10-billion-in-cyber-crime-losses-shatters-previous-totals/.
Sharifi, Kasmani, Pourebrahimi (b0410) 2015; 10
Berrar, D. (2019). Cross-Validation.
Chawla, Bowyer, Hall, Kegelmeyer (b0105) 2002; 16
Gao, Shan, Hu, Niu, Liu (b0160) 2019; 7
Das, Saha, Priyoti, Roy, Haque, Shiva (b0120) 2022; 19
Tavallaee, M., Bagheri, E., W. Lu, & Ghorbani, A. A. (2009). A detailed analysis of the KDD CUP 99 data set.
Uma, Padmavathi (b0470) 2013; 15
Dhanabal, Shantharajah (b0135) 2015; 4
Kumar, Glisson, Benton (b0245) 2020
Cieslak, Chawla (b0115) 2009; 18
Allaf, Z., Adda, M., & Gegov, A. (2017). A Comparison Study on Flush+Reload and Prime+Probe Attacks on AES Using Machine Learning Approaches.
Bace (b0050) 2000
Qu, X., Yang, L., Guo, K., Ma, L., Sun, M., Ke, M., & Li, M. (2019). A Survey on the Development of Self-Organizing Maps for Unsupervised Intrusion Detection.
https://www.ibm.com/reports/data-breach. Retrieved April 25, 2023, from Available online: https://www.ibm.com/security/data-breach.
Huang, F., Xie, G., & Xiao, R. (2009). Research on Ensemble Learning .
Rabbi, F., Raut, S., Hossain, N. U., & Mim, S. J. (2024). STUDY OF PRIMARY BILIARY CIRRHOSIS PREDICTION USING MACHINE LEARNING ALGORITHMS.
Bendovschi, A. (2015). Cyber-Attacks – Trends, Patterns and Security Countermeasures .
Maniriho, Mahoro, Niyigaba, Bizimana, Ahmad (b0295) 2020; 13
Lipton, Elkan, Naryanaswamy (b0285) 2015; 8725
Singh, Silakari (b0425) 2009; 9
Tavallaee, M., Bagheri, E., Lu, W., & Ghorbani, A. A. (2009). A Detailed Analysis of the KDD CUP 99 Data Set.
Singapore.
False Positives and False Negatives in Information Security (b0150) 2023
Virginia Beach,VA.
Li, Xia, Zhang, Yan, Ai, Dai (b0275) 2012; 39
Shen, Zheng, Wu, Zhang, Niu, Yang (b0415) 2018; 61
Masoodi, Bamhdi, Teli (b0300) 2021; 12
Breiman (b0090) 1996; 24
Abrar, I., Ayub, Z., Masoodi, F., & Bamhdi, A. M. (2020). A Machine Learning Approach for Intrusion Detection System on NSL-KDD Dataset.
Vienna, Austria.
Cheju, Korea (South).
Kenaza, S., T., B., & Mokhtari, A. (2008). A Naive Bayes Approach for Detecting Coordinated Attacks.
Molnar, C. (2021).
Li, Guo (b0265) 2007; 26
Parsaei, Rostami, Javidan (b0335) 2016; 7
Seiffert, Khoshgoftaar (b0395) 2010; 40
Verma, P., Anwar, S., Khan, S., & Mane, D. S. (2018). Network intrusion detection using clustering and gradient boosting .
IBM. (2024).
Powell, O. (2023). X-based NFT phishing attack causes losses of over $691,000. Cyber Security Hub. Retrieved 10 07, 2023, from https://www.cshub.com/attacks/news/x-based-nft-phishing-attack-causes-losses-of-over-691000.
Dietterich, T. G. (2000). Ensemble methods in machine learning.
Szeghalmy, Fazekas (b0440) 2023; 23
Zaman, M., & Lung, C.-H. (2018). Evaluation of machine learning techniques for network intrusion detection.
Tianqi, C., & Guestrin, C. (2016). Xgboost: A scalable tree boosting system.
Breiman (b0095) 2001; 45
Amiri, Yousefi, Lucas, Shakery, Yazdani (b0035) 2011; 34
Ravipati, Munther (b0370) 2019; 11
Han, Wang, Mao (b0180) 2005
Alshamy, R., Ghurab, M., Othman, S., & Alshami, F. (2021). Intrusion Detection Model for Imbalanced Dataset using SMOTE and Random Forest Algorithm.
Deshmukh, D. H., Ghorpade, T., & Padiya, P. (2015). Improving classification using preprocessing and machine learning algorithms on NSL-KDD dataset.
Al-Mimi, Hamad, Abualhaj (b0020) 2023
Sun, Wong, Kamel (b0435) 2009; 23
Sokolova, Japkowicz, Szpakowicz (b0430) 2006
Tesfahun, A., & Bhaskari, D. L. (2013). Intrusion Detection using Random Forests Classifier with SMOTE and Feature Reduction.
Yang, Shami (b0495) 2020; 415
Basu, R., Cunningham, R. K., & Seth E. Webster, R. P. (2001). Detecting Low-Profile Probes and Novel Denial-of-Service Attacks.
Iwendi, Anajemba, Biamba, Ngabo (b0210) 2021; 10
Kayacık, H. G., Zincir-Heywood, A. N., & Heywood, M. I. (2005). Selecting Features for Intrusion Detection: A Feature Relevance Analysis on KDD 99 Intrusion Detection Datasets.
Mourabit, Bouirden, Moussaidr (b0315) 2015; 6
Alneyadi, Sithirasenan, Muthukkumarasamy (b0025) 2016; 62
Chimphlee, W., Abdullah, A. H., Sap, M. N., Srinoy, S., & Chimphlee, S. (2006). Anomaly-Based Intrusion Detection using Fuzzy Rough Clustering.
Rabbi, F., Hossain, N. U., & Sokolov, A. M. (2023). A Machine Learning Ensemble Approach for Sustainable Economic Development.
Axelsson, S. (2000). Intrusion Detection Systems: A Survey and Taxonomy. 1-15.
Kanstrén (b0220) 2020; 10 19
Alemerien, Alsarayreh, Altarawneh (b0010) 2024; 5
China.
Taipei, Taiwan.
Weerts, H. J., Mueller, A. C., & Vanschoren, J. (2020). Importance of Tuning Hyperparameters of Machine Learning Algorithms.
London.
Siddiqui, Z. (2023). Casino giant MGM expects $100 million hit from hack that led to data breach. www.reuters.com. Retrieved 10 07, 2023, from https://www.reuters.com/business/mgm-expects-cybersecurity-issue-negatively-impact-third-quarter-earnings-2023-10-05/.
Wang, W., & Battiti, R. (2006). Identifying intrusions in computer networks with principal component analysis.
(pp. 23-30). Singapore: Springer .
10.1016/j.eswa.2025.126718_b0005
Cieslak (10.1016/j.eswa.2025.126718_b0115) 2009; 18
10.1016/j.eswa.2025.126718_b0445
10.1016/j.eswa.2025.126718_b0205
Bace (10.1016/j.eswa.2025.126718_b0055) 2001
Revathi (10.1016/j.eswa.2025.126718_b0380) 2013; 2
10.1016/j.eswa.2025.126718_b0085
10.1016/j.eswa.2025.126718_b0360
Alneyadi (10.1016/j.eswa.2025.126718_b0025) 2016; 62
Zeng (10.1016/j.eswa.2025.126718_b0505) 2000; 12
10.1016/j.eswa.2025.126718_b0200
10.1016/j.eswa.2025.126718_b0365
10.1016/j.eswa.2025.126718_b0045
10.1016/j.eswa.2025.126718_b0485
10.1016/j.eswa.2025.126718_b0125
Hastie (10.1016/j.eswa.2025.126718_b0185) 2008
Singh (10.1016/j.eswa.2025.126718_b0425) 2009; 9
10.1016/j.eswa.2025.126718_b0170
Yang (10.1016/j.eswa.2025.126718_b0495) 2020; 415
Mourabit (10.1016/j.eswa.2025.126718_b0315) 2015; 6
10.1016/j.eswa.2025.126718_b0490
Rijsbergen (10.1016/j.eswa.2025.126718_b0385) 2004
Belavagi (10.1016/j.eswa.2025.126718_b0065) 2016; 89
Szeghalmy (10.1016/j.eswa.2025.126718_b0440) 2023; 23
Li (10.1016/j.eswa.2025.126718_b0270) 2007
False Positives and False Negatives in Information Security (10.1016/j.eswa.2025.126718_b0150)
10.1016/j.eswa.2025.126718_b0075
Masoodi (10.1016/j.eswa.2025.126718_b0300) 2021; 12
10.1016/j.eswa.2025.126718_b0350
10.1016/j.eswa.2025.126718_b0030
10.1016/j.eswa.2025.126718_b0110
Chawla (10.1016/j.eswa.2025.126718_b0105) 2002; 16
10.1016/j.eswa.2025.126718_b0230
10.1016/j.eswa.2025.126718_b0310
10.1016/j.eswa.2025.126718_b0475
Lemaitre (10.1016/j.eswa.2025.126718_b0260) 2017; 18
10.1016/j.eswa.2025.126718_b0235
Bhuyan (10.1016/j.eswa.2025.126718_b0080) 2011
Zhou (10.1016/j.eswa.2025.126718_b0510) 2020; 174
Seiffert (10.1016/j.eswa.2025.126718_b0395) 2010; 40
Burukanli (10.1016/j.eswa.2025.126718_b0100) 2024
Hoyle (10.1016/j.eswa.2025.126718_b0190) 2015; 449
Dhanabal (10.1016/j.eswa.2025.126718_b0135) 2015; 4
Das (10.1016/j.eswa.2025.126718_b0120) 2022; 19
10.1016/j.eswa.2025.126718_b0225
Maniriho (10.1016/j.eswa.2025.126718_b0295) 2020; 13
10.1016/j.eswa.2025.126718_b0500
Shen (10.1016/j.eswa.2025.126718_b0415) 2018; 61
Kumar (10.1016/j.eswa.2025.126718_b0250) 2022; 10
Sun (10.1016/j.eswa.2025.126718_b0435) 2009; 23
10.1016/j.eswa.2025.126718_b0460
10.1016/j.eswa.2025.126718_b0140
Ravipati (10.1016/j.eswa.2025.126718_b0370) 2019; 11
10.1016/j.eswa.2025.126718_b0340
10.1016/j.eswa.2025.126718_b0420
Koc (10.1016/j.eswa.2025.126718_b0240) 2012; 39
10.1016/j.eswa.2025.126718_b0465
Liu (10.1016/j.eswa.2025.126718_b0290) 2020; 9
Parsaei (10.1016/j.eswa.2025.126718_b0335) 2016; 7
Qraitem (10.1016/j.eswa.2025.126718_b0345) 2023
10.1016/j.eswa.2025.126718_b0070
Iwendi (10.1016/j.eswa.2025.126718_b0210) 2021; 10
Alemerien (10.1016/j.eswa.2025.126718_b0010) 2024; 5
El-Taj (10.1016/j.eswa.2025.126718_b0145) 2012; 10
Li (10.1016/j.eswa.2025.126718_b0265) 2007; 26
Li (10.1016/j.eswa.2025.126718_b0275) 2012; 39
Breiman (10.1016/j.eswa.2025.126718_b0095) 2001; 45
Sokolova (10.1016/j.eswa.2025.126718_b0430) 2006
Gao (10.1016/j.eswa.2025.126718_b0160) 2019; 7
Mohammed (10.1016/j.eswa.2025.126718_b0305) 2020
Kanstrén (10.1016/j.eswa.2025.126718_b0220) 2020; 10 19
Devi (10.1016/j.eswa.2025.126718_b0130) 2019; 11
10.1016/j.eswa.2025.126718_b0450
10.1016/j.eswa.2025.126718_b0375
10.1016/j.eswa.2025.126718_b0015
10.1016/j.eswa.2025.126718_b0455
Lipton (10.1016/j.eswa.2025.126718_b0285) 2015; 8725
Narkhede (10.1016/j.eswa.2025.126718_b0325) 2018
10.1016/j.eswa.2025.126718_b0060
Uma (10.1016/j.eswa.2025.126718_b0470) 2013; 15
Amiri (10.1016/j.eswa.2025.126718_b0035) 2011; 34
Schratz (10.1016/j.eswa.2025.126718_b0390) 2019; 406
Sharifi (10.1016/j.eswa.2025.126718_b0410) 2015; 10
Al-Mimi (10.1016/j.eswa.2025.126718_b0020) 2023
Bace (10.1016/j.eswa.2025.126718_b0050) 2000
Han (10.1016/j.eswa.2025.126718_b0180) 2005
Kumar (10.1016/j.eswa.2025.126718_b0245) 2020
Breiman (10.1016/j.eswa.2025.126718_b0090) 1996; 24
References_xml – reference: https://www.ibm.com/reports/data-breach. Retrieved April 25, 2023, from Available online: https://www.ibm.com/security/data-breach.
– reference: Taipei, Taiwan.
– volume: 39
  start-page: 424
  year: 2012
  end-page: 430
  ident: b0275
  article-title: Efficient intrusion detection system based on support vector machines and gradually feature removal method
– start-page: 1
  year: 2024
  end-page: 23
  ident: b0100
  article-title: StackGridCov: A robust stacking ensemble learning-based model integrated with GridSearchCV hyperparameter tuning technique for mutation prediction of COVID-19 virus
– year: 2020
  ident: b0245
  article-title: Network Attack Detection using an Unsupervised Machine Learning Algorithm
– volume: 9
  year: 2009
  ident: b0425
  article-title: A Survey of Cyber Attack Detection Systems
– reference: Axelsson, S. (2000). Intrusion Detection Systems: A Survey and Taxonomy. 1-15.
– reference: Oxford, UK.
– reference: Kaur, P., & Gosain, A. (2018). Comparing the Behavior of Oversampling and Undersampling Approach of Class Imbalance Learning by Combining Class Imbalance Problem with Noise.
– reference: Chimphlee, W., Abdullah, A. H., Sap, M. N., Srinoy, S., & Chimphlee, S. (2006). Anomaly-Based Intrusion Detection using Fuzzy Rough Clustering.
– reference: (pp. 23-30). Singapore: Springer .
– volume: 18
  start-page: 83
  year: 2009
  end-page: 108
  ident: b0115
  article-title: A framework for monitoring classifiers’ performance: When and why failure occurs?
– reference: Tomek, I. (1976). A generalization of the k-nn rule.
– reference: Molnar, C. (2021).
– reference: Rabbi, F., Hossain, N. U., & Sokolov, A. M. (2023). A Machine Learning Ensemble Approach for Sustainable Economic Development.
– reference: Basu, R., Cunningham, R. K., & Seth E. Webster, R. P. (2001). Detecting Low-Profile Probes and Novel Denial-of-Service Attacks.
– reference: lulu.com.
– volume: 11
  year: 2019
  ident: b0130
  article-title: INTRUSION DETECTION SYSTEM CLASSIFICATION USING DIFFERENT MACHINE LEARNING ALGORITHMS ON KDD-99 AND NSL-KDD DATASETS - A REVIEW PAPER
– year: 2018
  ident: b0325
  publication-title: Towards Data Science
– reference: Rabbi, F., Raut, S., Hossain, N. U., & Mim, S. J. (2024). STUDY OF PRIMARY BILIARY CIRRHOSIS PREDICTION USING MACHINE LEARNING ALGORITHMS.
– volume: 45
  start-page: 5
  year: 2001
  end-page: 32
  ident: b0095
  article-title: Random Forests
– year: 2008
  ident: b0185
– reference: Singapore.
– volume: 23
  year: 2023
  ident: b0440
  article-title: A comparative study of the use of stratified cross-validation and distribution-balanced stratified cross-validation in imbalanced learning
– volume: 13
  year: 2020
  ident: b0295
  article-title: Detecting intrusions in computer network traffic with machine learning approaches
– volume: 10
  year: 2012
  ident: b0145
  article-title: Intrusion Detection and Prevention Response based on Signature-Based and Anomaly-Based: Investigation Study .
– volume: 10 19
  start-page: 2023
  year: 2020
  ident: b0220
  article-title: A Look at Precision, Recall, and F1-Score Exploring the relations between machine learning metrics
  publication-title: . Retrieved
– reference: Kayacık, H. G., Zincir-Heywood, A. N., & Heywood, M. I. (2005). Selecting Features for Intrusion Detection: A Feature Relevance Analysis on KDD 99 Intrusion Detection Datasets.
– reference: Cheju, Korea (South).
– reference: Dietterich, T. G. (2000). Ensemble methods in machine learning.
– volume: 34
  start-page: 1184
  year: 2011
  end-page: 1199
  ident: b0035
  article-title: Mutual information-based feature selection for intrusion detection systems
– reference: Weerts, H. J., Mueller, A. C., & Vanschoren, J. (2020). Importance of Tuning Hyperparameters of Machine Learning Algorithms.
– reference: ,
– reference: Deshmukh, D. H., Ghorpade, T., & Padiya, P. (2015). Improving classification using preprocessing and machine learning algorithms on NSL-KDD dataset.
– year: 2000
  ident: b0050
– reference: Abrar, I., Ayub, Z., Masoodi, F., & Bamhdi, A. M. (2020). A Machine Learning Approach for Intrusion Detection System on NSL-KDD Dataset.
– volume: 39
  start-page: 13492
  year: 2012
  end-page: 13500
  ident: b0240
  article-title: A network intrusion detection system based on a hidden naive bayes multiclass classifier
– volume: 4
  year: 2015
  ident: b0135
  article-title: A Study on NSL-KDD Dataset for Intrusion Detection System Based on Classification Algorithms
– start-page: 878
  year: 2005
  end-page: 887
  ident: b0180
  article-title: Borderline-smote : A new oversampling method in imbalanced datasets learning
– reference: Ghanem, K., Aparicio-Navarro, F. J., Kyriakopoulos, K. G., Lambotharan, S., & Chambers, J. A. (2017). Support Vector Machine for Network Intrusion and Cyber-Attack Detection.
– reference: London.
– reference: IBM. (2024).
– volume: 16
  start-page: 321
  year: 2002
  end-page: 357
  ident: b0105
  article-title: SMOTE: Synthetic Minority Over-sampling Technique
– volume: 7
  start-page: 82512
  year: 2019
  end-page: 82521
  ident: b0160
  article-title: An Adaptive Ensemble Machine Learning Model for Intrusion Detection
– reference: (2), 121-126.
– reference: Turku, Finland.
– volume: 449
  start-page: 1275
  year: 2015
  end-page: 1283
  ident: b0190
  article-title: Feature importance for machine learning redshifts applied to SDSS galaxies
– volume: 24
  start-page: 123
  year: 1996
  end-page: 140
  ident: b0090
  article-title: Bagging Predictors
– volume: 61
  start-page: 526
  year: 2018
  end-page: 538
  ident: b0415
  article-title: An ensemble method based on selection using bat algorithm for intrusion detection
– reference: , (pp. 1-6). Mumbai, India.
– reference: Botha, M., & Solms, R. (2004). Utilizing Neural Networks For Effective Intrusion Detection.
– volume: 40
  year: 2010
  ident: b0395
  article-title: RUSBoost:A Hybrid Approachto Alleviating Class Imbalance
– year: 2001
  ident: b0055
  article-title: Intrusion Detection Systems
– volume: 11
  year: 2019
  ident: b0370
  article-title: Intrusion detection system classification using different machine learning algorithms on KDD-99 And NSL-kdd datasets - A review paper
– year: 2004
  ident: b0385
– reference: Verma, P., Anwar, S., Khan, S., & Mane, D. S. (2018). Network intrusion detection using clustering and gradient boosting .
– volume: 26
  start-page: 459
  year: 2007
  end-page: 467
  ident: b0265
  article-title: An active learning based TCM-KNN algorithm for supervised network intrusion detection
– year: 2007
  ident: b0270
  article-title: Network Anomaly Detection Based on TCM-KNN Algorithm
– year: 2006
  ident: b0430
  article-title: Beyond Accuracy, F-scoreand ROC: A Family of Discriminant Measures for Performance Evaluation
– volume: 12
  start-page: 2286
  year: 2021
  end-page: 2293
  ident: b0300
  article-title: Machine learning for classification analysis of intrusion detection on NSL-KDD
– reference: , 785-796.
– volume: 89
  start-page: 117
  year: 2016
  end-page: 123
  ident: b0065
  article-title: Performance evaluation of supervised machine learning algorithms for intrusion detection
– volume: 2
  year: 2013
  ident: b0380
  article-title: A Detailed Analysis on NSL-KDD Dataset Using Various Machine Learning Techniques for Intrusion Detection
– volume: 23
  start-page: 687
  year: 2009
  end-page: 719
  ident: b0435
  article-title: Classification of imbalanced data : A review
– volume: 9
  start-page: 7550
  year: 2020
  end-page: 7563
  ident: b0290
  article-title: Intrusion detection of imbalanced network traffic based on machine learning and deep learning
– volume: 415
  start-page: 295
  year: 2020
  end-page: 316
  ident: b0495
  article-title: On hyperparameter optimization of machine learning algorithms : Theory and practice
– reference: Qu, X., Yang, L., Guo, K., Ma, L., Sun, M., Ke, M., & Li, M. (2019). A Survey on the Development of Self-Organizing Maps for Unsupervised Intrusion Detection.
– volume: 5
  start-page: 1539
  year: 2024
  end-page: 1552
  ident: b0010
  article-title: Diagnosing Cardiovascular Diseases using Optimized Machine Learning Algorithms with GridSearchCV
– reference: Vienna, Austria.
– volume: 10
  year: 2015
  ident: b0410
  article-title: Intrusion detection based on joint of K-Means and KNN
– volume: 19
  year: 2022
  ident: b0120
  article-title: Network Intrusion Detection and Comparative Analysis Using Ensemble Machine Learning and Feature Selection
– reference: Allaf, Z., Adda, M., & Gegov, A. (2017). A Comparison Study on Flush+Reload and Prime+Probe Attacks on AES Using Machine Learning Approaches.
– volume: 18
  start-page: 559
  year: 2017
  end-page: 563
  ident: b0260
  article-title: Imbalanced - learn: a python tool box to tackle the curse of imbalanced datasets in machine learning
– reference: New Orelans.
– reference: Virginia Beach,VA.
– reference: Tianqi, C., & Guestrin, C. (2016). Xgboost: A scalable tree boosting system.
– reference: Powell, O. (2023). X-based NFT phishing attack causes losses of over $691,000. Cyber Security Hub. Retrieved 10 07, 2023, from https://www.cshub.com/attacks/news/x-based-nft-phishing-attack-causes-losses-of-over-691000.
– reference: Wang, W., & Battiti, R. (2006). Identifying intrusions in computer networks with principal component analysis.
– reference: Tesfahun, A., & Bhaskari, D. L. (2013). Intrusion Detection using Random Forests Classifier with SMOTE and Feature Reduction.
– reference: Huang, F., Xie, G., & Xiao, R. (2009). Research on Ensemble Learning .
– reference: Siddiqui, Z. (2023). Casino giant MGM expects $100 million hit from hack that led to data breach. www.reuters.com. Retrieved 10 07, 2023, from https://www.reuters.com/business/mgm-expects-cybersecurity-issue-negatively-impact-third-quarter-earnings-2023-10-05/.
– year: 2023
  ident: b0150
  article-title: May)
– reference: Berrar, D. (2019). Cross-Validation.
– start-page: 20311
  year: 2023
  end-page: 20320
  ident: b0345
  article-title: Bias Mimicking: A Simple Sampling Approach for Bias Mitigation
– year: 2023
  ident: b0020
  article-title: A Model for the Disclosure of Probe Attacks Based on the Utilization of Machine Learning Algorithms
– volume: 12
  start-page: 1
  year: 2000
  end-page: 12
  ident: b0505
  article-title: Distribution-balanced stratified cross-validation for accuracy estimation
– volume: 62
  start-page: 137
  year: 2016
  end-page: 152
  ident: b0025
  article-title: A survey on data leakage prevention systems
– volume: 8725
  start-page: 225
  year: 2015
  end-page: 239
  ident: b0285
  article-title: Optimal Thresholding of Classifiers to Maximize F1 Measure
– reference: Zaman, M., & Lung, C.-H. (2018). Evaluation of machine learning techniques for network intrusion detection.
– volume: 15
  start-page: 390
  year: 2013
  end-page: 396
  ident: b0470
  article-title: A survey on various cyber-attacks and their classification
– reference: Alshamy, R., Ghurab, M., Othman, S., & Alshami, F. (2021). Intrusion Detection Model for Imbalanced Dataset using SMOTE and Random Forest Algorithm.
– volume: 10
  year: 2021
  ident: b0210
  article-title: Security of things intrusion detection system for smart healthcare
– volume: 7
  year: 2016
  ident: b0335
  article-title: A hybrid data mining approach for intrusion detection on imbalanced NSL-KDD dataset.
– reference: Reed, J. (2023, june 05). $10.3 billion in cyber crime losses shatters previous totals. Security Intelligence. Retrieved 10 8, 2023, from https://securityintelligence.com/news/10-billion-in-cyber-crime-losses-shatters-previous-totals/.
– reference: .
– reference: Bendovschi, A. (2015). Cyber-Attacks – Trends, Patterns and Security Countermeasures .
– reference: China.
– volume: 6
  start-page: 164
  year: 2015
  end-page: 172
  ident: b0315
  article-title: Intrusion detection techniques in wireless sensor network using data mining algorithms: comparative evaluation based on attacks detection
– volume: 174
  year: 2020
  ident: b0510
  article-title: Building an efficient intrusion detection system based on feature selection and ensemble classifier
– year: 2020
  ident: b0305
  article-title: Machine learning with oversampling and undersampling techniques: Overview study and experimental results
  publication-title: IEEE
– reference: Tavallaee, M., Bagheri, E., W. Lu, & Ghorbani, A. A. (2009). A detailed analysis of the KDD CUP 99 data set.
– volume: 10
  year: 2022
  ident: b0250
  article-title: Addressing binary classification over class imbalanced clinical datasets using computationally intelligent techniques
– reference: Tavallaee, M., Bagheri, E., Lu, W., & Ghorbani, A. A. (2009). A Detailed Analysis of the KDD CUP 99 Data Set.
– volume: 406
  start-page: 109
  year: 2019
  end-page: 120
  ident: b0390
  article-title: Hyperparameter tuning and performance assessment of statistical and machine-learning algorithms using spatial data
– year: 2011
  ident: b0080
  article-title: Incremental Approaches for Network AnomalyDetection: Existing Solutions and Challenges
– reference: Kenaza, S., T., B., & Mokhtari, A. (2008). A Naive Bayes Approach for Detecting Coordinated Attacks.
– volume: 12
  start-page: 2286
  issue: 10
  year: 2021
  ident: 10.1016/j.eswa.2025.126718_b0300
  article-title: Machine learning for classification analysis of intrusion detection on NSL-KDD
  publication-title: Turkish Journal of Computer and Mathematics Education
– volume: 39
  start-page: 13492
  issue: 18
  year: 2012
  ident: 10.1016/j.eswa.2025.126718_b0240
  article-title: A network intrusion detection system based on a hidden naive bayes multiclass classifier
  publication-title: Expert Systems with Applications
  doi: 10.1016/j.eswa.2012.07.009
– volume: 10
  issue: 5
  year: 2015
  ident: 10.1016/j.eswa.2025.126718_b0410
  article-title: Intrusion detection based on joint of K-Means and KNN
  publication-title: Journal of Convergence Information Technology(JCIT)
– volume: 16
  start-page: 321
  year: 2002
  ident: 10.1016/j.eswa.2025.126718_b0105
  article-title: SMOTE: Synthetic Minority Over-sampling Technique
  publication-title: Journal of Artificial Intelligence Research
  doi: 10.1613/jair.953
– ident: 10.1016/j.eswa.2025.126718_b0140
  doi: 10.1007/3-540-45014-9_1
– volume: 11
  issue: 3
  year: 2019
  ident: 10.1016/j.eswa.2025.126718_b0370
  article-title: Intrusion detection system classification using different machine learning algorithms on KDD-99 And NSL-kdd datasets - A review paper
  publication-title: International Journal of Computer Science & Information Technology
– ident: 10.1016/j.eswa.2025.126718_b0475
  doi: 10.1109/ICCCNT.2018.8494186
– start-page: 878
  year: 2005
  ident: 10.1016/j.eswa.2025.126718_b0180
  article-title: Borderline-smote : A new oversampling method in imbalanced datasets learning
  publication-title: International conference on intelligent computing
– volume: 19
  issue: 4
  year: 2022
  ident: 10.1016/j.eswa.2025.126718_b0120
  article-title: Network Intrusion Detection and Comparative Analysis Using Ensemble Machine Learning and Feature Selection
  publication-title: IEEE TRANSACTIONS ON NETWORK AND SERVICE MANAGEMENT
  doi: 10.1109/TNSM.2021.3138457
– ident: 10.1016/j.eswa.2025.126718_b0225
  doi: 10.1007/978-981-10-6602-3_3
– ident: 10.1016/j.eswa.2025.126718_b0365
– volume: 13
  issue: 3
  year: 2020
  ident: 10.1016/j.eswa.2025.126718_b0295
  article-title: Detecting intrusions in computer network traffic with machine learning approaches
  publication-title: International Journal of Intelligent Engineering and Systems
  doi: 10.22266/ijies2020.0630.39
– year: 2020
  ident: 10.1016/j.eswa.2025.126718_b0305
  article-title: Machine learning with oversampling and undersampling techniques: Overview study and experimental results
– year: 2011
  ident: 10.1016/j.eswa.2025.126718_b0080
  article-title: Incremental Approaches for Network AnomalyDetection: Existing Solutions and Challenges
  publication-title: International Journal of Communication Networks and Information Security
– ident: 10.1016/j.eswa.2025.126718_b0030
  doi: 10.1007/978-981-16-8059-5_22
– ident: 10.1016/j.eswa.2025.126718_b0500
  doi: 10.1109/NOMS.2018.8406212
– volume: 26
  start-page: 459
  year: 2007
  ident: 10.1016/j.eswa.2025.126718_b0265
  article-title: An active learning based TCM-KNN algorithm for supervised network intrusion detection
  publication-title: Computers & Security
  doi: 10.1016/j.cose.2007.10.002
– start-page: 20311
  year: 2023
  ident: 10.1016/j.eswa.2025.126718_b0345
  article-title: Bias Mimicking: A Simple Sampling Approach for Bias Mitigation
– volume: 10 19
  start-page: 2023
  year: 2020
  ident: 10.1016/j.eswa.2025.126718_b0220
  article-title: A Look at Precision, Recall, and F1-Score Exploring the relations between machine learning metrics
  publication-title: Towards Data Science. Retrieved
– ident: 10.1016/j.eswa.2025.126718_b0150
– ident: 10.1016/j.eswa.2025.126718_b0310
– volume: 62
  start-page: 137
  year: 2016
  ident: 10.1016/j.eswa.2025.126718_b0025
  article-title: A survey on data leakage prevention systems
  publication-title: J. Netw. Comput. Applic.
  doi: 10.1016/j.jnca.2016.01.008
– year: 2004
  ident: 10.1016/j.eswa.2025.126718_b0385
– volume: 15
  start-page: 390
  issue: 5
  year: 2013
  ident: 10.1016/j.eswa.2025.126718_b0470
  article-title: A survey on various cyber-attacks and their classification
  publication-title: International Journal of Network Security
– ident: 10.1016/j.eswa.2025.126718_b0205
– volume: 406
  start-page: 109
  year: 2019
  ident: 10.1016/j.eswa.2025.126718_b0390
  article-title: Hyperparameter tuning and performance assessment of statistical and machine-learning algorithms using spatial data
  publication-title: Ecological Modelling
  doi: 10.1016/j.ecolmodel.2019.06.002
– year: 2008
  ident: 10.1016/j.eswa.2025.126718_b0185
– ident: 10.1016/j.eswa.2025.126718_b0005
  doi: 10.1109/ICOSEC49089.2020.9215232
– volume: 5
  start-page: 1539
  issue: 4
  year: 2024
  ident: 10.1016/j.eswa.2025.126718_b0010
  article-title: Diagnosing Cardiovascular Diseases using Optimized Machine Learning Algorithms with GridSearchCV
  publication-title: Journal of Applied Data Sciences
  doi: 10.47738/jads.v5i4.280
– volume: 7
  start-page: 82512
  year: 2019
  ident: 10.1016/j.eswa.2025.126718_b0160
  article-title: An Adaptive Ensemble Machine Learning Model for Intrusion Detection
  publication-title: IEEE Access
  doi: 10.1109/ACCESS.2019.2923640
– volume: 7
  issue: 6
  year: 2016
  ident: 10.1016/j.eswa.2025.126718_b0335
  article-title: A hybrid data mining approach for intrusion detection on imbalanced NSL-KDD dataset. (IJACSA)
  publication-title: International Journal of Advanced Computer Science and Applications
– ident: 10.1016/j.eswa.2025.126718_b0465
  doi: 10.1109/TSMC.1976.5409182
– year: 2007
  ident: 10.1016/j.eswa.2025.126718_b0270
  article-title: Network Anomaly Detection Based on TCM-KNN Algorithm
– ident: 10.1016/j.eswa.2025.126718_b0045
– volume: 10
  issue: 1375
  year: 2021
  ident: 10.1016/j.eswa.2025.126718_b0210
  article-title: Security of things intrusion detection system for smart healthcare
  publication-title: Electronics
– ident: 10.1016/j.eswa.2025.126718_b0450
  doi: 10.1109/CISDA.2009.5356528
– ident: 10.1016/j.eswa.2025.126718_b0200
  doi: 10.1109/AICI.2009.235
– ident: 10.1016/j.eswa.2025.126718_b0455
  doi: 10.1109/CUBE.2013.31
– year: 2000
  ident: 10.1016/j.eswa.2025.126718_b0050
– volume: 10
  issue: 1293
  year: 2022
  ident: 10.1016/j.eswa.2025.126718_b0250
  article-title: Addressing binary classification over class imbalanced clinical datasets using computationally intelligent techniques
  publication-title: Healthcare
– volume: 449
  start-page: 1275
  issue: 2
  year: 2015
  ident: 10.1016/j.eswa.2025.126718_b0190
  article-title: Feature importance for machine learning redshifts applied to SDSS galaxies
  publication-title: Monthly Notices of the Royal Astronomical Society
  doi: 10.1093/mnras/stv373
– volume: 6
  start-page: 164
  issue: 9
  year: 2015
  ident: 10.1016/j.eswa.2025.126718_b0315
  article-title: Intrusion detection techniques in wireless sensor network using data mining algorithms: comparative evaluation based on attacks detection
  publication-title: International Journal of Advanced Computer Science and Applications
– volume: 23
  issue: 4
  year: 2023
  ident: 10.1016/j.eswa.2025.126718_b0440
  article-title: A comparative study of the use of stratified cross-validation and distribution-balanced stratified cross-validation in imbalanced learning
  publication-title: Sensors
  doi: 10.3390/s23042333
– volume: 39
  start-page: 424
  issue: 1
  year: 2012
  ident: 10.1016/j.eswa.2025.126718_b0275
  article-title: Efficient intrusion detection system based on support vector machines and gradually feature removal method
  publication-title: Expert Systems with Applications
  doi: 10.1016/j.eswa.2011.07.032
– ident: 10.1016/j.eswa.2025.126718_b0445
  doi: 10.1109/CISDA.2009.5356528
– ident: 10.1016/j.eswa.2025.126718_b0015
  doi: 10.1007/978-3-319-66939-7_17
– volume: 2
  issue: 12
  year: 2013
  ident: 10.1016/j.eswa.2025.126718_b0380
  article-title: A Detailed Analysis on NSL-KDD Dataset Using Various Machine Learning Techniques for Intrusion Detection
  publication-title: International Journal of Engineering Research & Technology (IJERT)
– volume: 40
  issue: 1
  year: 2010
  ident: 10.1016/j.eswa.2025.126718_b0395
  article-title: RUSBoost:A Hybrid Approachto Alleviating Class Imbalance
  publication-title: IEEE TRANSACTIONS ON SYSTEMS, MAN AND CYBERNETICS—PART A : SYSTEMS AND HUMANS
  doi: 10.1109/TSMCA.2009.2029559
– year: 2001
  ident: 10.1016/j.eswa.2025.126718_b0055
– ident: 10.1016/j.eswa.2025.126718_b0340
– volume: 61
  start-page: 526
  issue: 4
  year: 2018
  ident: 10.1016/j.eswa.2025.126718_b0415
  article-title: An ensemble method based on selection using bat algorithm for intrusion detection
  publication-title: The Computer Journal
  doi: 10.1093/comjnl/bxx101
– volume: 10
  issue: 6
  year: 2012
  ident: 10.1016/j.eswa.2025.126718_b0145
  article-title: Intrusion Detection and Prevention Response based on Signature-Based and Anomaly-Based: Investigation Study . (IJCSIS) International Journal of Computer Science and Information
  publication-title: Security
– ident: 10.1016/j.eswa.2025.126718_b0110
  doi: 10.1109/ICHIT.2006.253508
– volume: 45
  start-page: 5
  year: 2001
  ident: 10.1016/j.eswa.2025.126718_b0095
  article-title: Random Forests
  publication-title: Machine Learning
  doi: 10.1023/A:1010933404324
– volume: 18
  start-page: 83
  issue: 1
  year: 2009
  ident: 10.1016/j.eswa.2025.126718_b0115
  article-title: A framework for monitoring classifiers’ performance: When and why failure occurs?
  publication-title: Knowledge and Information Systems
  doi: 10.1007/s10115-008-0139-1
– volume: 23
  start-page: 687
  issue: 04
  year: 2009
  ident: 10.1016/j.eswa.2025.126718_b0435
  article-title: Classification of imbalanced data : A review
  publication-title: International Journal of Pattern Recognition and Artificial Intelligence
  doi: 10.1142/S0218001409007326
– ident: 10.1016/j.eswa.2025.126718_b0075
  doi: 10.1016/B978-0-12-809633-8.20349-X
– volume: 415
  start-page: 295
  year: 2020
  ident: 10.1016/j.eswa.2025.126718_b0495
  article-title: On hyperparameter optimization of machine learning algorithms : Theory and practice
  publication-title: Neurocomputing
  doi: 10.1016/j.neucom.2020.07.061
– volume: 89
  start-page: 117
  issue: 1
  year: 2016
  ident: 10.1016/j.eswa.2025.126718_b0065
  article-title: Performance evaluation of supervised machine learning algorithms for intrusion detection
  publication-title: Procedia Computer Science
  doi: 10.1016/j.procs.2016.06.016
– ident: 10.1016/j.eswa.2025.126718_b0420
– volume: 11
  issue: 3
  year: 2019
  ident: 10.1016/j.eswa.2025.126718_b0130
  article-title: INTRUSION DETECTION SYSTEM CLASSIFICATION USING DIFFERENT MACHINE LEARNING ALGORITHMS ON KDD-99 AND NSL-KDD DATASETS - A REVIEW PAPER
  publication-title: International Journal of Computer Science & Information Technology (IJCSIT)
– volume: 34
  start-page: 1184
  issue: 4
  year: 2011
  ident: 10.1016/j.eswa.2025.126718_b0035
  article-title: Mutual information-based feature selection for intrusion detection systems
  publication-title: Journal of Network and Computer Applications
  doi: 10.1016/j.jnca.2011.01.002
– volume: 24
  start-page: 123
  issue: 2
  year: 1996
  ident: 10.1016/j.eswa.2025.126718_b0090
  article-title: Bagging Predictors
  publication-title: Machine Learning
  doi: 10.1007/BF00058655
– ident: 10.1016/j.eswa.2025.126718_b0235
– ident: 10.1016/j.eswa.2025.126718_b0485
  doi: 10.1109/ARES.2006.73
– start-page: 1
  year: 2024
  ident: 10.1016/j.eswa.2025.126718_b0100
  article-title: StackGridCov: A robust stacking ensemble learning-based model integrated with GridSearchCV hyperparameter tuning technique for mutation prediction of COVID-19 virus
  publication-title: Neural Computing and Applications
– year: 2020
  ident: 10.1016/j.eswa.2025.126718_b0245
  article-title: Network Attack Detection using an Unsupervised Machine Learning Algorithm
  doi: 10.24251/HICSS.2020.795
– ident: 10.1016/j.eswa.2025.126718_b0070
  doi: 10.1016/S2212-5671(15)01077-1
– volume: 8725
  start-page: 225
  year: 2015
  ident: 10.1016/j.eswa.2025.126718_b0285
  article-title: Optimal Thresholding of Classifiers to Maximize F1 Measure
  publication-title: Mach Learn Knowl Discov Databases
  doi: 10.1007/978-3-662-44851-9_15
– ident: 10.1016/j.eswa.2025.126718_b0350
  doi: 10.1007/s11036-019-01353-0
– volume: 4
  issue: 6
  year: 2015
  ident: 10.1016/j.eswa.2025.126718_b0135
  article-title: A Study on NSL-KDD Dataset for Intrusion Detection System Based on Classification Algorithms
  publication-title: International Journal of Advanced Research in Computer and Communication Engineering
– ident: 10.1016/j.eswa.2025.126718_b0460
  doi: 10.1145/2939672.2939785
– ident: 10.1016/j.eswa.2025.126718_b0060
– volume: 18
  start-page: 559
  issue: 1
  year: 2017
  ident: 10.1016/j.eswa.2025.126718_b0260
  article-title: Imbalanced - learn: a python tool box to tackle the curse of imbalanced datasets in machine learning
  publication-title: The Journal of Machine Learning Research
– volume: 9
  start-page: 7550
  year: 2020
  ident: 10.1016/j.eswa.2025.126718_b0290
  article-title: Intrusion detection of imbalanced network traffic based on machine learning and deep learning
  publication-title: Ieee Access
  doi: 10.1109/ACCESS.2020.3048198
– ident: 10.1016/j.eswa.2025.126718_b0170
  doi: 10.1109/SSPD.2017.8233268
– ident: 10.1016/j.eswa.2025.126718_b0375
– volume: 9
  issue: 5
  year: 2009
  ident: 10.1016/j.eswa.2025.126718_b0425
  article-title: A Survey of Cyber Attack Detection Systems
  publication-title: IJCSNS International Journal of Computer Science and Network Security
– year: 2023
  ident: 10.1016/j.eswa.2025.126718_b0020
  article-title: A Model for the Disclosure of Probe Attacks Based on the Utilization of Machine Learning Algorithms
– year: 2006
  ident: 10.1016/j.eswa.2025.126718_b0430
– ident: 10.1016/j.eswa.2025.126718_b0085
– ident: 10.1016/j.eswa.2025.126718_b0490
– volume: 12
  start-page: 1
  issue: 1
  year: 2000
  ident: 10.1016/j.eswa.2025.126718_b0505
  article-title: Distribution-balanced stratified cross-validation for accuracy estimation
  publication-title: Journal of Experimental & Theoretical Artificial Intelligence
  doi: 10.1080/095281300146272
– ident: 10.1016/j.eswa.2025.126718_b0360
– ident: 10.1016/j.eswa.2025.126718_b0125
  doi: 10.1109/ICCICT.2015.7045674
– ident: 10.1016/j.eswa.2025.126718_b0230
– year: 2018
  ident: 10.1016/j.eswa.2025.126718_b0325
  article-title: Understanding auc-roc curve
  publication-title: Towards Data Science
– volume: 174
  year: 2020
  ident: 10.1016/j.eswa.2025.126718_b0510
  article-title: Building an efficient intrusion detection system based on feature selection and ensemble classifier
  publication-title: Computer Networks
  doi: 10.1016/j.comnet.2020.107247
SSID ssj0017007
Score 2.474803
Snippet Internet-based network safety has transformed into a major global issue because of the rising dependency of people, businesses, and countries. Therefore, it is...
SourceID crossref
elsevier
SourceType Index Database
Publisher
StartPage 126718
Title A comparative analysis of machine learning techniques for detecting probing attack with SHAP algorithm
URI https://dx.doi.org/10.1016/j.eswa.2025.126718
Volume 271
hasFullText 1
inHoldings 1
isFullTextHit
isPrint
journalDatabaseRights – providerCode: PRVESC
  databaseName: Baden-Württemberg Complete Freedom Collection (Elsevier)
  issn: 0957-4174
  databaseCode: GBLVA
  dateStart: 20110101
  customDbUrl:
  isFulltext: true
  dateEnd: 99991231
  titleUrlDefault: https://www.sciencedirect.com
  omitProxy: true
  ssIdentifier: ssj0017007
  providerName: Elsevier
– providerCode: PRVESC
  databaseName: Elsevier ScienceDirect Freedom Collection Journals
  issn: 0957-4174
  databaseCode: ACRLP
  dateStart: 19950101
  customDbUrl:
  isFulltext: true
  dateEnd: 99991231
  titleUrlDefault: https://www.sciencedirect.com
  omitProxy: true
  ssIdentifier: ssj0017007
  providerName: Elsevier
– providerCode: PRVESC
  databaseName: Elsevier SD Freedom Collection Journals [SCFCJ]
  issn: 0957-4174
  databaseCode: AIKHN
  dateStart: 19950101
  customDbUrl:
  isFulltext: true
  dateEnd: 99991231
  titleUrlDefault: https://www.sciencedirect.com
  omitProxy: true
  ssIdentifier: ssj0017007
  providerName: Elsevier
– providerCode: PRVESC
  databaseName: ScienceDirect (Elsevier)
  issn: 0957-4174
  databaseCode: .~1
  dateStart: 19950101
  customDbUrl:
  isFulltext: true
  dateEnd: 99991231
  titleUrlDefault: https://www.sciencedirect.com
  omitProxy: true
  ssIdentifier: ssj0017007
  providerName: Elsevier
– providerCode: PRVLSH
  databaseName: Elsevier Journals
  issn: 0957-4174
  databaseCode: AKRWK
  dateStart: 19900101
  customDbUrl:
  isFulltext: true
  mediaType: online
  dateEnd: 99991231
  omitProxy: true
  ssIdentifier: ssj0017007
  providerName: Library Specific Holdings
link http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwnV1JS8NAFB5KvXhxF-tS5uBN0jbLZDmGYokKRaiF3sIsb0rVLrQRb_525yWTqiAePIXJAuGbyZvvTb75HiHXbqhjjwvpeEEkMEHhjhklPUf5oQIlkAOXKt9hmI2D-wmbNEi_3guDskob-6uYXkZre6Zr0eyuZrPuyJADMx2a1I6hyUq5iS8IIqxi0PnYyjzQfi6q_PYiB--2G2cqjRds3tF7yGMd1wsjLPzx2-T0bcIZHJA9yxRpWr3MIWnA4ojs11UYqP0oj4lOqfyy8KbcuozQpabzUikJ1JaGmNKtY-uGGrJKFeAvBLyAdWXwyIuCyxeKq7N0lKWPlL9Ol2vTmp-Q8eD2qZ85tnqCI70oKczwDxTjWic9BYkKhQoUjyWuG0Uu00wH0pCtBJiBTPkeSIhjKSBOmBAmJ0l8_5Q0F8sFnBGagOamP3pCgiEwJqMEL-LaVS64wnel3yI3NWz5qjLJyGv12HOOIOcIcl6B3CKsRjb_0dW5ieJ_PHf-z-cuyC62KpXiJWkW6ze4MkyiEO1yqLTJTnr3kA0_Ac1wyb8
linkProvider Elsevier
linkToHtml http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwnV3JTsMwELWqcoALO6KsPnBDaRsnjpNjVVEVKBVSW6m3yGtVoIvaIG58O57EYZEQB05R4liKxs74jf3mDUJXfmRiwoX0SMgEBCjcs7Ok6akgUloJwMA5y7cfdUfh3ZiOK6hd5sIArdL5_sKn597aPWk4azaW02ljYMGBXQ5taEdBZAWS-DZCShhEYPX3T54H6M-xQnCPefC6y5wpSF56_QbiQ4TWfRIxqPzx2-r0bcXp7KJtBxVxq_iaPVTR8320U5ZhwO6vPECmheWXhjfmTmYELwye5VRJjV1tiAn-lGxdY4tWsdJwhgANUFgGrjzLuHzGsD2LB93WI-Yvk8XK3s0O0ahzM2x3PVc-wZOEJZmd_6Gi3JikqXSiIqFCxWMJG0fMp4aaUFq0lWgaMqICoqWOYyl0nFAhbFCSBMERqs4Xc32McKINtwPSFFJbBGNDSk0YN77ytS8CXwY1dF2aLV0WKhlpSR97SsHIKRg5LYxcQ7S0bPpjrFPrxv_od_LPfpdoszt86KW92_79KdqCloKyeIaq2epVn1tYkYmLfNp8AK2dy1Q
openUrl ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=A+comparative+analysis+of+machine+learning+techniques+for+detecting+probing+attack+with+SHAP+algorithm&rft.jtitle=Expert+systems+with+applications&rft.au=Rabbi%2C+Fazla&rft.au=Ibne+Hossain%2C+Niamat+Ullah&rft.au=Das%2C+Saikat&rft.date=2025-05-01&rft.issn=0957-4174&rft.volume=271&rft.spage=126718&rft_id=info:doi/10.1016%2Fj.eswa.2025.126718&rft.externalDBID=n%2Fa&rft.externalDocID=10_1016_j_eswa_2025_126718
thumbnail_l http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=0957-4174&client=summon
thumbnail_m http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=0957-4174&client=summon
thumbnail_s http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=0957-4174&client=summon