I
AE
S
I
nte
rna
t
io
na
l J
o
urna
l o
f
Art
if
icia
l In
t
ellig
ence
(
I
J
-
AI
)
Vo
l.
6
,
No
.
4
,
Dec
em
b
er
2017
,
p
p
.
1
6
6
~
1
7
3
I
SS
N:
2252
-
8938
,
DOI
: 1
0
.
1
1
5
9
1
/i
j
ai.
v
6
.
i
4
.
p
p
1
6
6
-
1
7
3
166
J
o
ur
na
l ho
m
ep
a
g
e
:
h
ttp
:
//ia
e
s
jo
u
r
n
a
l.c
o
m/o
n
lin
e/in
d
ex
.
p
h
p
/I
J
AI
Neura
l
K
DE Ba
se
d Beha
v
io
ur Mo
del f
o
r D
etec
ting I
ntrusio
ns in
Netw
o
rk
Env
iro
nm
en
t
V.
B
rindh
a
Dev
i
1
,
K
.
L
.
Sh
un
m
ug
a
na
t
ha
n
2
1
S
ri
S
a
iram
In
stit
u
te o
f
T
e
c
h
n
o
lo
g
y
,
Ta
m
il
Na
d
u
,
In
d
ia
2
De
p
a
rtme
n
t
o
f
Co
m
p
u
ter S
c
ien
c
e
,
R.
M
.
K.
E
n
g
in
e
e
rin
g
Co
ll
e
g
e
,
Ka
v
a
r
a
ip
e
tt
a
i
Art
icle
I
nfo
AB
ST
RAC
T
A
r
ticle
his
to
r
y:
R
ec
eiv
ed
Au
g
2
6
,
2
0
1
7
R
ev
i
s
ed
Oct
28
,
2
0
1
7
A
cc
ep
ted
No
v
11
,
2
0
1
7
Ne
tw
o
rk
in
tru
sio
n
is
o
n
e
o
f
th
e
g
ro
w
in
g
c
o
n
c
e
rn
t
h
ro
u
g
h
o
u
t
t
h
e
g
l
o
b
e
a
b
o
u
t
th
e
in
f
o
rm
a
ti
o
n
ste
a
li
n
g
a
n
d
d
a
ta
e
x
f
il
tratio
n
.
In
re
c
e
n
t
y
e
a
rs
th
is
w
a
s
c
o
u
p
le
d
w
it
h
th
e
d
a
ta
e
x
f
il
tratio
n
a
n
d
in
f
il
trati
o
n
t
h
ro
u
g
h
th
e
i
n
ter
n
a
l
th
re
a
ts.
V
a
rio
u
s
se
c
u
rit
y
e
n
c
o
u
n
ter
s
h
a
v
e
b
e
e
n
tak
e
n
in
o
r
d
e
r
to
re
d
u
c
e
th
e
in
tru
sio
n
a
n
d
to
p
re
v
e
n
t
in
tr
u
sio
n
,
sin
c
e
t
h
e
sta
ts
re
v
e
a
ls
th
a
t
e
v
e
r
y
4
se
c
o
n
d
s,
a
t
lea
st
o
n
e
in
tr
u
sio
n
is
d
e
tec
ted
in
th
e
d
e
tec
ti
o
n
e
n
g
in
e
s.
A
n
e
x
tern
a
l
so
f
t
w
a
r
e
m
e
c
h
a
n
is
m
is
re
q
u
ired
i
n
o
rd
e
r
t
o
d
e
tec
t
t
h
e
n
e
tw
o
r
k
in
tr
u
sio
n
s.
Ba
se
d
o
n
t
h
e
a
b
o
v
e
sta
ted
p
r
o
b
lem
,
h
e
re
w
e
p
ro
p
o
se
d
a
n
e
w
h
y
b
rid
b
e
h
a
v
io
u
r
m
o
d
e
l
b
a
se
d
o
n
Ne
u
ra
l
KD
E
a
n
d
c
o
rre
lati
o
n
m
e
th
o
d
t
o
d
e
tec
t
in
tru
si
o
n
s.
T
h
e
p
ro
p
o
se
d
w
o
rk
is
sp
li
tt
e
d
i
n
t
o
tw
o
p
h
a
se
s.
In
i
ti
a
l
p
h
a
se
is
se
tu
p
w
it
h
th
e
Ne
u
ra
l
KD
E
a
s
th
e
lea
rn
in
g
p
h
a
se
a
n
d
th
e
b
a
sic
n
e
tw
o
rk
p
a
ra
m
e
ters
a
re
p
ro
f
il
e
d
f
o
r
e
a
c
h
h
o
sts,
h
e
re
th
e
n
e
u
ra
l
KD
E
is
g
e
n
e
ra
ted
b
a
se
d
o
n
th
e
in
p
u
t
a
n
d
lea
rn
e
d
p
a
ra
m
e
ters
o
f
th
e
n
e
tw
o
rk
.
N
e
x
t
p
h
a
se
is
th
e
d
e
tec
ti
o
n
p
h
a
se
,
h
e
re
th
e
Ne
u
ra
l
KD
E
is
c
o
m
p
u
ted
f
o
r
th
e
id
e
n
ti
f
ied
p
a
ra
m
e
ter
s
a
n
d
th
e
lea
rn
e
d
KD
E
f
e
a
tu
re
v
a
lu
e
is
c
o
rre
late
d
w
it
h
th
e
p
re
se
n
t
KD
E
v
a
lu
e
s
a
n
d
c
o
rre
late
d
v
a
lu
e
s
a
re
c
a
lcu
late
d
u
sin
g
c
ro
ss
c
o
rre
latio
n
m
e
th
o
d
.
Ex
p
e
rim
e
n
tal
re
su
lt
s
sh
o
w
th
a
t
th
e
p
ro
p
o
se
d
m
o
d
e
l
is
ro
b
u
st
in
d
e
tec
ti
n
g
th
e
in
tru
si
o
n
s
o
v
e
r
th
e
n
e
tw
o
rk
.
K
ey
w
o
r
d
:
Fire
f
l
y
alg
o
r
it
h
m
Fu
zz
y
ap
p
r
o
ac
h
SVC
p
lace
m
en
t
Co
p
y
rig
h
t
©
2
0
1
7
In
stit
u
te o
f
A
d
v
a
n
c
e
d
E
n
g
i
n
e
e
rin
g
a
n
d
S
c
ien
c
e
.
Al
l
rig
h
ts
re
se
rv
e
d
.
C
o
r
r
e
s
p
o
nd
ing
A
uth
o
r
:
V.
B
r
in
d
h
a
Dev
i,
Sri
Sair
a
m
I
n
s
tit
u
te
o
f
T
ec
h
n
o
lo
g
y
,
T
am
il
Nad
u
,
I
n
d
ia
.
1.
I
NT
RO
D
UCT
I
O
N
T
o
d
ay
’
s
n
et
w
o
r
k
s
ar
e
co
m
p
r
o
m
is
ed
to
ad
v
a
n
ce
d
r
an
g
e
o
f
c
y
b
er
-
attac
k
s
a
n
d
co
n
te
x
t
w
it
h
all
s
o
r
t
o
f
in
tr
u
s
io
n
in
n
et
w
o
r
k
s
.
A
d
v
an
ce
d
o
p
er
atin
g
s
y
s
te
m
s
ar
e
ev
o
lv
in
g
f
o
r
th
e
p
u
r
p
o
s
e
o
f
V
A
/PT
.
Sin
ce
t
h
o
s
e
ar
e
w
id
el
y
u
s
ed
f
o
r
h
ac
k
i
n
g
p
u
r
p
o
s
es
u
n
et
h
ic
all
y
.
R
ec
e
n
t
att
ac
k
s
s
u
ch
as
s
tu
x
n
et
h
a
v
e
d
estru
cted
th
e
m
ain
r
eso
u
r
ce
s
o
f
th
e
co
u
n
tr
y
.
T
h
e
co
m
p
r
o
m
i
s
ed
h
o
s
t
w
it
h
i
n
th
e
o
r
g
an
iza
tio
n
s
h
all
b
e
a
v
icti
m
to
p
la
y
th
e
m
alicio
u
s
attac
k
s
as
i
n
s
id
er
th
r
ea
t.
T
o
d
ay
’
s
n
et
w
o
r
k
s
ec
u
r
it
y
cr
ed
en
tials
s
u
c
h
as
I
DS,
I
P
S
h
e
lp
s
in
id
en
ti
f
y
i
n
g
an
d
p
r
ev
en
ti
n
g
th
e
attac
k
s
.
M
o
s
t
o
f
th
e
tr
ad
itio
n
al
s
ec
u
r
it
y
s
o
lu
tio
n
s
ar
e
s
i
g
n
at
u
r
e
b
ased
s
y
s
te
m
s
,
s
i
n
ce
th
e
s
e
s
y
s
te
m
ar
e
to
b
e
u
p
d
ated
p
er
io
d
icall
y
/i
n
ter
v
all
y
to
e
n
d
u
r
e
f
o
r
th
e
r
ea
l
ti
m
e
attac
k
s
.
I
f
t
h
e
s
y
s
te
m
w
i
th
t
h
e
ex
is
t
in
g
s
ec
u
r
it
y
m
ea
s
u
r
es
is
co
m
p
r
o
m
i
s
ed
to
an
y
f
o
r
m
o
f
attac
k
s
o
th
er
th
a
n
in
t
h
e
s
e
t
o
f
lis
ts
,
th
e
n
t
h
e
s
y
s
te
m
is
n
o
t a
b
le
to
h
an
d
le
th
o
s
e
attac
k
s
.
T
h
is
w
a
s
s
tated
as
th
e
s
er
io
u
s
ch
alle
n
g
e,
h
e
n
ce
i
n
o
r
d
er
to
d
etec
t a
n
an
o
m
al
y
,
an
o
p
ti
m
al
I
DS is to
b
e
d
ev
elo
p
ed
to
id
en
ti
f
y
th
e
r
e
al
ti
m
e
i
n
tr
u
s
io
n
s
.
Sin
ce
t
h
er
e
ar
e
v
ar
io
u
s
t
y
p
es
o
f
I
DS
e
v
o
lv
ed
i
n
r
ec
en
t
y
ea
r
s
.
So
m
e
o
f
th
o
s
e
ar
e
o
p
ti
m
al
i
n
s
eq
u
e
n
ce
,
a
g
o
o
d
ex
a
m
p
le
o
f
s
i
g
n
atu
r
e
b
ased
I
DS
is
‘
SNO
R
T
’
.
I
n
th
i
s
p
ap
er
an
o
p
tim
al
I
DS
h
as
b
ee
n
d
esig
n
ed
w
it
h
th
e
b
eh
av
io
u
r
al
m
o
d
el
to
d
etec
t
an
o
m
alies
i
n
th
e
ac
ti
v
e
n
e
t
w
o
r
k
s
.
So
m
e
o
f
th
e
an
o
m
a
lies
ar
e
p
ass
w
o
r
d
escalatio
n
,
A
R
P
p
o
is
o
n
in
g
,
DNS
p
o
is
o
n
in
g
attac
k
s
etc.
,
th
ese
t
y
p
es
o
f
attac
k
s
ar
e
w
ell
es
tab
lis
h
ed
an
o
m
alie
s
w
h
ic
h
u
ti
lize
th
e
e
x
i
s
tin
g
le
g
al
co
m
m
u
n
icatio
n
p
r
o
to
co
ls
s
u
c
h
as T
C
P
/I
P
,
UD
P
,
H
T
T
P
,
H
T
T
P
S e
tc.
T
h
e
b
asic
o
r
g
an
is
atio
n
o
f
t
h
i
s
p
ap
er
is
s
p
litt
ed
in
to
v
ar
io
u
s
s
ec
t
io
n
s
s
u
c
h
th
a
t
s
ec
tio
n
(
1
)
d
etails
ab
o
u
t th
e
I
DS
–
s
tate
-
of
-
t
h
e
-
ar
t
.
Evaluation Warning : The document was created with Spire.PDF for Python.
IJ
-
AI
I
SS
N:
2252
-
8938
N
eu
r
a
l KDE
B
a
s
ed
B
eh
a
vio
u
r
Mo
d
el
fo
r
Dete
ctin
g
I
n
tr
u
s
io
n
s
in
…
(
V
.
B
r
in
d
h
a
Dev
i)
167
An
‘
I
DS
’
i
s
a
ter
m
d
ef
i
n
ed
f
o
r
d
etec
tin
g
i
n
tr
u
s
io
n
s
,
r
ep
o
r
tin
g
,
co
r
r
elatin
g
an
d
to
m
iti
g
at
e
th
e
r
i
s
k
s
w
h
ic
h
ar
e
atte
m
p
ted
as
p
r
iv
i
leg
e
e
s
ca
latio
n
ev
e
n
t.
T
h
er
e
ar
e
m
ai
n
l
y
t
w
o
ac
t
iv
e
t
y
p
es
o
f
I
DS
av
a
ilab
le,
n
a
m
e
l
y
Ho
s
t b
ased
an
d
Net
w
o
r
k
b
ased
.
A
cc
o
r
d
in
g
to
Su
s
a
n
et
al
th
e
I
DS
is
ter
m
ed
as
‘
I
n
tr
u
s
io
n
De
tectio
n
’
w
h
ic
h
d
en
o
tes
th
e
cle
ar
l
y
v
ie
w
of
d
ef
i
n
itio
n
ab
o
u
t
I
DS
an
d
R
af
ee
z
s
tated
t
h
e
c
h
ar
ac
ter
is
t
ics
o
f
I
D
S
i
n
to
f
iv
e
b
a
s
ic
m
o
d
els
n
a
m
el
y
Ho
s
t
b
ased
,
Net
w
o
r
k
b
ased
,
A
p
p
licatio
n
b
ased
,
Si
g
n
a
tu
r
e
b
ased
a
n
d
A
n
o
m
al
y
b
ased
.
P
r
esen
t d
a
y
I
DS a
r
e
b
as
icall
y
ter
m
ed
as
s
ig
n
at
u
r
e
b
ased
I
DS.
Si
n
ce
a
n
i
n
telli
g
e
n
t
I
DS
h
as
to
d
ev
elo
p
f
o
r
d
etec
ti
n
g
ad
v
an
ce
d
r
an
g
e
o
f
in
s
id
er
attac
k
s
,
t
h
r
ea
ts
etc.
N
etw
o
r
k
b
a
s
ed
I
DS
N
et
w
o
r
k
b
ased
I
DS a
r
e
i
m
p
le
m
en
ted
in
t
h
e
g
ate
w
a
y
i
n
ter
f
a
ce
to
m
o
n
ito
r
en
tire
n
e
t
w
o
r
k
tr
af
f
ic
Ho
s
t b
a
s
ed
I
DS
Ho
s
t
b
ased
I
DS
ar
e
u
s
ed
to
m
o
n
ito
r
a
n
d
an
a
l
y
s
e
ea
c
h
h
o
s
t
i
n
t
h
e
n
et
w
o
r
k
.
T
h
o
u
g
h
t
h
e
y
ca
n
b
e
i
m
p
le
m
en
ted
to
m
o
n
ito
r
s
i
n
g
l
e
h
o
s
t,
m
u
ltip
le
h
o
s
t,
co
n
n
ec
te
d
h
o
s
t.
T
h
ese
t
y
p
es o
f
I
DS a
r
e
u
s
ed
to
an
al
y
s
e
t
h
e
en
cr
y
p
ted
n
et
w
o
r
k
tr
a
f
f
ic.
A
p
p
lica
tio
n
b
a
s
ed
I
DS
A
p
p
licatio
n
b
a
s
ed
I
DS
ar
e
i
m
p
le
m
en
ted
i
n
t
h
e
i
n
d
iv
id
u
al
ap
p
licatio
n
p
r
o
g
r
a
m
.
I
T
m
o
n
ito
r
s
ea
ch
a
n
d
ev
er
y
e
v
en
t
s
o
cc
u
r
r
in
g
w
it
h
i
n
th
e
ap
p
licatio
n
.
S
ig
n
a
tu
r
e
b
a
s
ed
I
DS
Sig
n
at
u
r
e
b
ased
I
DS
ca
n
a
n
al
y
s
e
t
h
e
o
n
-
g
o
in
g
n
et
w
o
r
k
tr
af
f
ic
o
f
t
h
e
k
n
o
w
n
p
atter
n
;
t
h
e
s
e
k
in
d
s
o
f
I
DS n
ee
d
s
p
er
io
d
ical
u
p
d
atio
n
o
f
th
e
s
i
g
n
at
u
r
e.
A
n
o
ma
ly
b
a
s
ed
I
DS
I
n
telli
g
en
t
I
DS
s
y
s
te
m
s
ar
e
u
s
u
all
y
an
o
m
al
y
b
ased
o
n
e,
th
ese
k
i
n
d
s
o
f
I
DS
ar
e
u
s
ed
to
lear
n
th
e
attac
k
er
p
atter
n
an
d
f
r
a
m
e
s
its
o
w
n
r
u
le
b
ased
o
n
attac
k
er
b
e
h
av
io
u
r
an
d
th
e
n
p
r
ed
icts
th
e
s
u
s
p
icio
u
s
ev
e
n
t
s
.
So
m
e
o
f
t
h
e
k
e
y
co
n
ce
r
n
s
r
e
p
o
r
ted
in
th
is
p
ap
er
ar
e
1)
I
f
t
h
e
attac
k
er
i
s
s
u
b
j
ec
ted
to
u
n
o
b
s
er
v
ed
,
th
e
attac
k
m
a
y
b
e
s
u
s
tai
n
ed
o
n
lo
n
g
ter
m
b
as
is
an
d
it
is
h
ig
h
l
y
v
u
l
n
er
ab
le.
2)
E
n
tire
d
ata
w
i
th
s
tr
o
n
g
k
n
o
w
l
ed
g
e
ab
o
u
t o
r
g
an
izatio
n
is
s
u
b
j
ec
ted
to
an
y
leak
a
g
e
o
r
d
a
m
a
g
e.
3)
T
h
e
n
et
w
o
r
k
ca
n
b
e
u
s
ed
as p
r
o
m
is
i
n
g
h
o
s
t
f
o
r
co
m
p
r
o
m
is
ed
attac
k
s
.
4)
T
h
e
ass
o
ciate
d
h
o
s
t
o
f
th
e
n
et
w
o
r
k
s
w
it
h
in
t
h
e
o
r
g
a
n
izatio
n
ca
n
b
e
u
s
ed
as
th
e
la
u
n
c
h
p
ad
f
o
r
ac
tiv
atin
g
attac
k
s
.
2.
RE
L
AT
E
D
WO
RK
I
n
itial
le
v
el
o
f
I
n
tr
u
s
io
n
d
etec
tio
n
s
y
s
te
m
f
o
r
d
etec
tin
g
an
o
m
alie
s
w
a
s
led
b
y
t
h
e
au
t
h
o
r
Sale
m
et.
a
l
w
h
o
p
r
o
v
id
es
a
v
ast
r
an
g
e
o
f
r
esear
ch
in
d
esig
n
i
n
g
a
n
o
m
a
l
y
m
o
d
el.
Nex
t
atte
m
p
t
f
o
r
m
o
d
ell
in
g
an
o
m
al
y
b
ased
b
eh
av
io
u
r
m
o
d
el
w
a
s
ac
h
iev
ed
b
y
B
iv
e
n
s
et.
a
l
at
2
0
0
2
,
u
s
in
g
n
eu
r
al
n
e
t
w
o
r
k
.
T
h
is
I
DS
m
o
d
el
p
lay
s
an
i
m
p
o
r
tan
t
r
o
le
in
d
etec
t
in
g
n
et
w
o
r
k
an
o
m
al
ies.
I
n
2
0
0
5
,
Salv
ato
r
e
et.
A
l
d
esi
g
n
ed
a
h
ar
d
w
ar
e
b
ased
I
DS
w
h
ic
h
w
as
p
r
o
f
icien
t
i
n
n
atu
r
e
an
d
d
ep
lo
y
ed
in
FP
G
A
b
ase
d
e
m
b
ed
d
ed
cir
cu
its
.
T
h
e
m
a
i
n
a
n
o
m
al
y
d
etec
to
r
w
a
s
d
esi
g
n
ed
b
y
L
a
h
ee
b
at
2
0
0
7
,
th
is
w
a
s
t
h
e
f
ir
s
t a
tte
m
p
t
m
ad
e
to
d
etec
t
t
h
e
an
o
m
alies
w
h
ic
h
ar
e
r
u
n
n
i
n
g
as
an
i
n
ter
n
a
l
t
h
r
ea
t.
A
n
e
w
s
t
r
ateg
y
o
f
p
r
o
f
il
in
g
s
ch
e
m
e
w
a
s
p
r
o
p
o
s
ed
b
y
th
e
au
t
h
o
r
A
k
a
n
i
n
y
e
n
e
w
h
o
d
ev
elo
p
ed
an
I
DS to
d
etec
t th
e
n
et
w
o
r
k
ab
n
o
r
m
al
it
y
u
s
in
g
K
-
m
ea
n
s
u
n
s
u
p
er
v
i
s
ed
clu
s
ter
in
g
s
ch
e
m
e.
Var
io
u
s
a
u
t
h
o
r
s
d
e
m
o
n
s
tr
ate
d
th
e
ta
x
o
n
o
m
y
o
f
Var
io
u
s
I
DS
p
r
o
p
o
s
ed
f
o
r
W
ir
ed
an
d
W
ir
eless
en
v
ir
o
n
m
e
n
t;
o
u
t
o
f
th
e
m
s
o
m
e
ar
e
b
en
c
h
m
ar
k
ed
w
i
th
its
r
eliab
le
ef
f
icac
y
a
n
d
d
ep
lo
y
ed
i
n
r
ea
l
ti
m
e
d
esig
n
ated
s
ec
u
r
it
y
to
o
ls
.
He
r
e
w
e
p
r
o
p
o
s
ed
a
r
o
b
u
s
t
m
et
h
o
d
o
lo
g
y
u
s
i
n
g
n
eu
r
al
KDE
f
u
n
ctio
n
a
n
d
cr
o
s
s
co
r
r
elatio
n
f
u
n
ctio
n
w
h
ich
d
i
f
f
er
s
f
r
o
m
t
h
e
ab
o
v
e
m
en
t
io
n
e
d
m
o
d
els.
T
h
e
d
etailed
ap
p
r
o
a
ch
o
f
t
h
e
p
r
o
p
o
s
ed
I
DS
h
a
s
b
ee
n
clea
r
l
y
d
e
m
o
n
s
tr
ated
in
t
h
e
f
o
llo
w
i
n
g
s
ec
ti
o
n
s
.
R
e
s
u
lt
a
n
al
y
s
is
s
h
o
w
s
t
h
e
e
f
f
icac
y
o
f
t
h
e
p
r
o
p
o
s
ed
alg
o
r
ith
m
.
2
.
1
.
P
r
o
po
s
ed
m
o
del
–
A
T
h
eo
re
t
ica
l P
ro
t
o
t
y
pe
T
h
e
p
r
o
p
o
s
ed
s
o
lu
tio
n
f
o
r
th
e
ab
o
v
e
s
tated
p
r
o
b
le
m
is
i
m
p
le
m
en
tin
g
w
id
e
r
an
g
e
o
f
s
ec
u
r
it
y
p
o
licies
,
p
r
o
d
u
ct
b
ased
p
o
lic
y
,
b
u
s
in
e
s
s
p
o
lic
y
an
d
u
s
er
le
v
el
s
ec
u
r
i
t
y
p
o
licies
to
a
v
o
id
i
n
s
id
er
at
tack
s
an
d
e
x
ter
n
al
g
ate
w
a
y
p
o
lici
es
to
ev
al
u
ate
in
f
iltra
tio
n
p
ac
k
et
s
i
n
to
t
h
e
n
et
w
o
r
k
p
r
e
m
is
e
s
.
P
r
esen
t
d
ay
attac
k
d
etec
tio
n
m
o
d
el
a
n
d
s
ig
n
at
u
r
e
b
ased
m
o
d
els
ar
e
n
o
t
in
ac
tiv
e
u
p
to
th
e
lev
el
an
d
lack
in
d
etec
tio
n
o
f
v
u
l
n
er
ab
ilit
ie
s
/t
h
r
ea
ts
.
A
n
o
t
h
e
r
ap
p
r
o
ac
h
is
to
b
u
ild
an
ef
f
ec
tiv
e
in
tel
li
g
en
t
b
eh
a
v
io
u
r
m
o
d
el
b
ased
I
DS
to
d
etec
t
th
ese
k
i
n
d
s
o
f
attac
k
s
b
y
lear
n
i
n
g
th
e
b
eh
a
v
io
u
r
p
atter
n
o
f
t
h
e
attac
k
er
an
d
li
v
e
n
et
w
o
r
k
b
e
h
av
io
u
r
s
.
T
h
e
d
etailed
s
tu
d
y
o
f
b
eh
a
v
io
u
r
b
ased
ap
p
r
o
ac
h
is
ex
p
lain
e
d
clea
r
ly
in
[
4
]
,
s
in
ce
th
e
y
ar
e
li
m
ited
in
f
ea
tu
r
e
a
d
ap
tatio
n
an
d
n
o
t e
q
u
ip
p
ed
f
o
r
id
en
tify
in
g
an
o
m
alie
s
.
I
n
t
h
is
p
ap
er
,
a
n
e
w
b
e
h
av
io
u
r
m
o
d
el
f
o
r
I
DS
h
a
s
b
ee
n
d
ev
elo
p
ed
to
d
etec
t
n
et
w
o
r
k
an
o
m
alie
s
.
T
h
e
p
r
o
p
o
s
ed
m
o
d
el
is
r
o
b
u
s
t
in
n
at
u
r
e
d
u
e
to
its
lear
n
i
n
g
c
ap
ab
ilit
ies
o
f
r
ea
l
ti
m
e
li
v
e
f
e
ed
o
f
n
et
w
o
r
k
d
at
a
Evaluation Warning : The document was created with Spire.PDF for Python.
I
SS
N
:
2
2
5
2
-
8938
IJ
-
AI
Vo
l.
6
,
No
.
4
,
Dec
em
b
er
201
7
:
16
6
–
17
3
168
an
d
cr
o
s
s
co
r
r
elatin
g
it
w
it
h
th
e
ad
d
r
ess
ed
p
atter
n
in
o
r
d
e
r
to
d
etec
t
th
e
an
o
m
al
ies.
R
o
b
u
s
t
n
at
u
r
e
o
f
th
e
b
eh
av
io
u
r
m
o
d
el
p
r
o
p
o
s
ed
in
th
is
p
ap
er
is
i
n
itial
l
y
to
lear
n
th
e
n
et
w
o
r
k
tr
af
f
ic
p
atter
n
s
u
s
i
n
g
n
e
u
r
al
KDE
f
u
n
ctio
n
.
Neu
r
al
KDE
is
a
k
e
r
n
el
f
u
n
ctio
n
w
h
ic
h
w
o
r
k
s
o
n
b
asis
o
f
n
e
u
r
al
m
o
d
el.
E
ac
h
in
p
u
t
is
te
s
ted
w
it
h
th
e
p
o
s
s
ib
le
o
u
tp
u
t
a
n
d
th
e
l
ea
r
n
ed
d
ata
is
co
m
p
u
ted
w
i
t
h
KDE
v
al
u
es.
First
l
y
in
lea
r
n
in
g
p
h
ase
al
l
t
h
e
n
et
w
o
r
k
p
ar
a
m
eter
s
ar
e
lear
n
t
an
d
p
r
o
f
iled
s
p
ec
if
icall
y
w
it
h
n
eu
r
al
KDE
v
al
u
e
s
an
d
ap
p
r
o
x
i
m
ate
KDE
v
al
u
es
ar
e
co
m
p
u
ted
.
Seco
n
d
l
y
i
n
d
e
tectio
n
p
h
a
s
e
th
e
K
DE
v
al
u
es
o
f
th
e
li
v
e
f
ee
d
ar
e
co
m
p
ar
ed
w
it
h
lear
n
t
KDE
v
alu
e
s
an
d
co
r
r
elatio
n
is
ap
p
li
ed
in
o
r
d
er
to
d
etec
t th
e
in
tr
u
s
i
o
n
s
.
Fig
u
r
e
1
.
A
r
ch
itectu
r
e
o
f
P
r
o
p
o
s
ed
m
o
d
el
Her
e,
Neu
r
al
K
DE
v
alu
e
s
ar
e
co
m
p
u
ted
f
o
r
lear
n
t
p
h
a
s
e
u
s
i
n
g
s
p
ec
i
f
ic
n
et
w
o
r
k
p
atter
n
s
s
u
ch
as
C
P
U
u
tili
za
tio
n
,
Me
m
o
r
y
u
s
ag
e,
Me
m
o
r
y
u
tili
za
t
io
n
,
I
n
c
o
m
in
g
P
ac
k
et
b
u
f
f
er
,
O
u
t
g
o
in
g
P
ac
k
et
b
u
f
f
er
,
C
ac
h
ed
B
y
te
s
etc.
Net
w
o
r
k
p
ac
k
et
an
al
y
s
er
s
ar
e
u
s
ed
to
an
al
y
s
e
t
h
e
n
et
w
o
r
k
p
ac
k
et
s
.
P
ac
k
et
ca
p
tu
r
i
n
g
in
ter
f
ac
e
i
s
w
id
el
y
u
s
ed
to
ca
p
tu
r
e
all
th
e
p
ac
k
ets
a
n
d
n
et
w
o
r
k
d
ata
co
llecto
r
ac
ts
as
th
e
s
er
ializatio
n
in
ter
f
ac
e
f
o
r
all
th
e
n
e
t
w
o
r
k
i
n
p
u
ts
.
T
h
e
m
ai
n
co
n
tr
ib
u
tio
n
o
f
th
i
s
p
ap
er
1)
C
o
n
co
cti
n
g
a
b
eh
a
v
io
u
r
m
o
d
e
l to
d
etec
t
an
o
m
alies i
n
t
h
e
n
et
w
o
r
k
.
2)
I
m
p
le
m
e
n
ti
n
g
Neu
r
al
KDE
f
o
r
L
ea
r
n
i
n
g
p
h
ase
an
d
li
v
e
f
ee
d
.
3)
I
n
ten
d
i
n
g
t
h
e
r
o
b
u
s
t a
l
g
o
r
ith
m
f
o
r
d
etec
tin
g
a
n
o
m
al
ies.
4)
B
esto
w
i
n
g
th
e
r
es
u
lt
s
o
f
t
h
e
p
r
o
p
o
s
ed
b
eh
av
io
u
r
al
m
o
d
el.
5)
Net
w
o
r
k
p
ac
k
et
an
a
l
y
s
er
6)
Un
iq
u
e
n
es
s
is
co
m
p
ar
i
n
g
all
t
h
e
n
et
w
o
r
k
p
ar
a
m
eter
s
to
d
etec
t a
n
o
m
alie
s
7)
Utilizi
n
g
all
t
h
e
s
y
s
te
m
/h
o
s
t r
e
s
o
u
r
ce
f
o
r
ef
f
ec
ti
v
e
an
al
y
s
is
8)
C
r
o
s
s
co
r
r
elatio
n
o
f
L
ea
r
n
t K
DE
v
alu
e
s
w
it
h
th
e
l
iv
e
KDE
v
alu
e
s
2
.
2
.
Net
wo
rk
P
a
c
k
et
a
na
ly
s
er
N
et
w
o
r
k
p
ac
k
et
an
al
y
s
er
s
ar
e
u
s
ed
to
an
al
y
s
e
th
e
n
e
t
w
o
r
k
p
ac
k
et
s
b
ased
o
n
th
r
ee
m
a
in
cr
iter
ia
n
a
m
e
l
y
No
r
m
al
p
ac
k
ets,
w
ar
y
p
ac
k
et
s
(
S
u
s
p
icio
u
s
p
ac
k
ets
)
an
d
m
a
licio
u
s
p
ac
k
et
s
.
T
ab
le
1
clea
r
l
y
d
en
o
te
s
th
e
p
ac
k
et
d
ef
in
it
io
n
f
o
r
v
ar
io
u
s
p
r
o
to
co
l b
ased
d
ata
p
ac
k
ets
.
P
ac
k
et
an
al
y
s
er
s
tr
u
ct
u
r
e
is
c
lear
l
y
s
tated
:
P
r
o
t
o
c
o
l
IP
P
o
r
t
D
i
r
e
c
t
i
o
n
IP
P
o
r
t
A
c
t
i
o
n
Fig
u
r
e
2
.
A
d
d
itio
n
al
s
tr
u
ct
u
r
e
o
f
p
r
o
p
o
s
ed
p
ac
k
et
an
al
y
s
er
Evaluation Warning : The document was created with Spire.PDF for Python.
IJ
-
AI
I
SS
N:
2252
-
8938
N
eu
r
a
l KDE
B
a
s
ed
B
eh
a
vio
u
r
Mo
d
el
fo
r
Dete
ctin
g
I
n
tr
u
s
io
n
s
in
…
(
V
.
B
r
in
d
h
a
Dev
i)
169
N
o
r
ma
l p
a
ck
ets
Data
p
ac
k
ets
w
h
ich
b
elo
n
g
s
t
o
th
e
h
o
m
ela
n
d
p
r
e
m
is
e
s
.
So
m
e
o
f
t
h
e
h
o
m
e
lan
d
p
r
o
to
co
ls
u
tili
ze
d
b
y
an
y
o
r
g
a
n
izatio
n
ar
e
T
C
P
,
I
P
,
UDP
,
DNS,
P
OP3
,
I
P
s
ec
,
SS
L
,
FTP
etc.
W
a
r
y
p
a
ck
ets
T
h
e
p
ac
k
ets
m
a
y
b
e
u
n
ev
e
n
at
th
e
s
eq
u
e
n
ce
an
d
th
e
r
es
u
lt
s
al
w
a
y
s
i
n
o
d
d
m
o
d
e.
T
h
e
p
ac
k
ets
ar
e
s
u
s
p
icio
u
s
b
u
t n
o
t c
au
s
e
an
y
v
ital d
a
m
ag
e
to
t
h
e
p
r
e
m
is
e
s
.
Ma
licio
u
s
p
a
ck
ets
An
y
d
ata
p
ac
k
et
s
w
h
ic
h
co
u
ld
ca
u
s
e
th
e
d
a
m
a
g
e
to
t
h
e
o
r
g
a
n
izatio
n
an
d
i
ts
n
et
w
o
r
k
co
m
p
o
n
en
t
a
n
d
r
esu
lt
s
in
n
eg
a
tiv
e
i
m
p
ac
t
f
o
r
s
ec
u
r
it
y
cr
ed
en
tial
s
w
it
h
in
t
h
e
o
r
g
an
izatio
n
.
T
ab
le
1
: p
ac
k
et
d
ef
in
itio
n
f
o
r
d
ata
p
ac
k
ets;
HT
T
P
,
SS
L
,
Ker
b
er
o
s
,
SMB
,
SNMP
S
.
N
o
S
e
r
v
i
c
e
p
o
r
t
n
u
m
b
e
r
M
o
d
e
l
S
e
c
u
r
i
t
y
c
r
e
d
e
n
t
i
a
l
1
H
TT
P
80
W
EB
H
i
g
h
2
S
S
L
23
S
e
c
u
r
i
t
y
H
i
g
h
3
M
y
S
Q
L
3
3
0
6
DB
A
v
e
r
a
g
e
4
K
e
r
b
e
r
o
s
81
W
i
n
d
o
w
s Po
w
e
r
S
h
e
l
l
L
o
w
5
S
M
B
4
4
5
W
i
n
d
o
w
s Po
w
e
r
S
h
e
l
l
L
o
w
6
S
N
M
P
25
N
e
t
w
o
r
k
A
v
e
r
a
g
e
Lea
r
n
in
g
p
h
a
s
e
I
n
th
i
s
p
h
ase,
t
h
e
v
a
lu
e
s
h
a
v
e
b
ee
n
co
llected
f
r
o
m
th
e
n
et
wo
r
k
p
ar
am
eter
s
w
h
ic
h
ar
e
r
elate
d
to
th
e
n
et
w
o
r
k
f
o
r
ea
ch
co
n
n
ec
ted
h
o
s
t.
E
ac
h
h
o
s
t
ar
e
p
r
o
f
iled
in
t
o
s
y
s
te
m
an
d
n
et
w
o
r
k
p
ar
a
m
e
ter
s
an
d
ea
ch
v
a
lu
e
ar
e
u
tili
ze
d
to
co
m
p
u
te
N
e
u
r
a
l
KDE
.
A
d
etailed
p
r
o
ce
s
s
w
a
s
ill
u
s
tr
ated
in
t
h
e
al
g
o
r
ith
m
1
w
h
ic
h
r
u
n
s
i
n
al
l
h
o
s
ts
f
o
r
5
w
o
r
k
i
n
g
d
a
y
s
w
it
h
all
n
et
w
o
r
k
a
n
d
s
y
s
te
m
cr
ed
en
tials
.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Alg
o
rit
h
m
1
L
ea
rni
ng
ph
a
s
e
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
B
eg
in
I
n
itia
te
lea
r
n
in
g
a
n
d
p
r
o
fili
n
g
P
r
o
file e
a
ch
h
o
s
t
C
o
llect
n
etw
o
r
k
cred
en
tia
ls
Do
fea
tu
r
e
s
elec
tio
n
C
o
mp
u
te
N
eu
r
a
l KDE
C
o
mp
u
te
K
DE
p
a
r
a
mete
r
s
E
n
d
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Dete
ctio
n
p
h
a
s
e
I
n
th
i
s
p
h
ase
as
o
f
f
t
h
e
lear
n
in
g
p
h
a
s
e
is
clo
n
ed
to
co
m
p
u
te
n
e
u
r
al
KDE
v
al
u
es
f
o
r
th
e
h
o
s
ts
o
f
s
a
m
e
p
ar
am
eter
s
i
n
s
e
v
er
al
ti
m
e
p
e
r
io
d
s
.
T
h
en
th
e
C
o
m
p
ar
is
o
n
p
r
o
ce
s
s
is
ca
r
r
ied
o
u
t
f
o
r
t
h
e
p
r
esen
t
Ne
u
r
al
K
DE
v
alu
e
s
w
it
h
t
h
e
lear
n
t K
DE
v
a
lu
es.
Def
ined
H
yp
o
thes
is
A
cc
o
r
d
in
g
to
t
h
e
h
yp
o
th
esis
,
th
e
co
r
r
ela
tio
n
va
lu
es a
lw
a
ys a
p
r
o
b
a
b
ilit
y
a
n
d
lies
b
etw
ee
n
0
a
n
d
1
.
Genera
l
A
s
s
um
p
tio
n:
K
DE
va
lu
es
a
lw
a
ys
lies
b
etw
ee
n
0
t
o
1
.
I
f
th
e
va
lu
es
a
r
e
n
ea
r
est
circu
mst
a
n
ce
o
f
1
,
th
en
th
e
r
ela
tio
n
s
h
ip
p
o
s
s
ess
e
d
b
y
th
e
p
a
r
a
mete
r
s
is
in
s
tr
o
n
g
r
ela
tio
n
s
h
ip
T
heo
r
y:
B
a
s
ed
o
n
a
s
s
u
mp
tio
n
,
th
e
th
r
esh
o
ld
va
lu
e
o
f
ea
ch
p
a
r
a
mete
r
is
fixed
to
its
in
ten
s
e
leve
l
(
r
efer
K
DE
p
lo
ts
)
H
yp
o
thes
is
1
:
if th
e
th
r
esh
o
ld
va
lu
e
lies
b
etw
ee
n
0
.
5
–
1
,
t
h
e
n
it is
a
n
o
r
ma
l b
eh
a
vio
u
r
H
yp
o
thes
is
2
:
if th
e
th
r
esh
o
ld
va
lu
e
lies
b
etw
ee
n
0
-
0
.
5
,
th
e
n
it is
a
b
n
o
r
ma
l b
e
h
a
vio
u
r
o
r
a
n
o
ma
ly
C
o
r
r
ela
tio
n
p
h
a
s
e
B
ased
o
n
th
e
h
y
p
o
th
e
s
is
d
ef
i
n
ed
ab
o
v
e
th
e
cr
o
s
s
co
r
r
elati
o
n
v
alu
e
s
ar
e
co
m
p
u
ted
.
T
h
e
d
etec
tio
n
p
h
ase
i
s
ex
h
ib
ited
b
y
co
n
s
id
er
in
g
,
a
n
al
y
s
i
n
g
an
d
co
m
p
ar
in
g
al
l
th
e
d
ef
i
n
ed
n
e
t
w
o
r
k
a
n
d
s
y
s
te
m
p
ar
a
m
eter
s
.
A
cc
o
r
d
in
g
to
t
h
e
d
i
s
cu
s
s
io
n
d
ef
i
n
ed
i
n
p
r
ev
io
u
s
s
ec
tio
n
’
s
a
n
o
m
alie
s
ar
e
t
h
e
s
p
ec
i
f
ic
e
v
en
t
b
ased
,
s
o
t
h
at
t
h
e
p
r
o
p
o
s
ed
m
et
h
o
d
o
lo
g
y
co
m
p
u
ted
h
er
e
y
ield
s
t
h
e
p
r
o
m
is
i
n
g
r
esu
lts
b
y
u
ti
lizi
n
g
t
h
e
n
et
w
o
r
k
p
ar
a
m
e
ter
s
f
o
r
id
en
ti
f
icatio
n
.
Evaluation Warning : The document was created with Spire.PDF for Python.
I
SS
N
:
2
2
5
2
-
8938
IJ
-
AI
Vo
l.
6
,
No
.
4
,
Dec
em
b
er
201
7
:
16
6
–
17
3
170
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Alg
o
rit
h
m
2
Det
ec
t
io
n pha
s
e
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Use le
a
r
n
t d
a
ta
P
r
o
cu
r
e
th
e
live
feed
Do
fea
tu
r
e
s
elec
tio
n
C
o
mp
u
te
N
eu
r
a
l KDE
Use KDE
va
lu
es o
f Lea
r
n
t d
a
ta
a
n
d
live
feed
A
p
p
ly
cro
s
s
co
r
r
ela
tio
n
C
o
mp
a
r
e
cro
s
s
co
r
r
e
la
tio
n
va
lu
e
fo
r
ea
ch
n
etw
o
r
k
p
a
r
a
mete
r
I
f th
e
th
r
esh
o
ld
(
co
r
r
ela
tio
n
)
< 0
.
5
th
en
C
a
p
tio
n
:
I
n
tr
u
s
io
n
d
etec
tio
n
Tr
ig
g
er A
la
r
m
E
n
d
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
3.
RE
SU
L
T
ANAL
YSI
S O
F
O
UR
M
O
DE
L
An
al
y
s
i
s
o
f
th
e
p
r
o
p
o
s
ed
m
o
d
el
is
clea
r
l
y
test
ed
e
x
p
er
i
m
en
tall
y
w
it
h
5
ac
ti
v
e
r
u
n
n
i
n
g
h
o
s
t
w
i
t
h
L
i
n
u
x
p
lat
f
o
r
m
an
d
s
i
n
g
le
s
er
v
er
h
o
s
t
w
it
h
t
h
e
s
a
m
e.
T
h
is
s
ec
tio
n
is
s
p
litt
ed
in
to
t
w
o
w
i
th
2
p
h
ases
.
I
n
i
tial
p
h
ase
d
ea
ls
w
it
h
ex
p
er
i
m
en
tal
s
etu
p
an
d
s
ec
o
n
d
l
y
w
it
h
r
es
u
l
t a
n
al
y
s
is
o
f
th
e
p
r
o
p
o
s
ed
m
e
t
h
o
d
o
lo
g
y
E
xp
erimen
ta
l S
etu
p
T
h
e
p
r
o
p
o
s
ed
m
o
d
el
h
as
b
ee
n
d
ev
elo
p
ed
an
d
d
ata
h
as
b
e
en
co
llected
f
r
o
m
5
h
o
s
ts
wh
ich
w
er
e
r
u
n
n
i
n
g
o
n
Ub
u
n
t
u
,
B
ac
k
tr
ac
k
etc.
I
n
th
is
p
h
ase
u
s
i
n
g
th
e
d
ata
co
llecto
r
,
th
e
en
tire
h
o
s
t
b
e
h
av
io
u
r
is
lear
n
t
b
y
its
n
et
w
o
r
k
p
ar
a
m
eter
s
s
u
c
h
as
R
A
M
m
e
m
o
r
y
u
t
ilizatio
n
,
C
P
U
u
s
ag
e,
i
n
co
m
i
n
g
b
y
t
es,
o
u
tg
o
i
n
g
b
y
tes,
in
co
m
i
n
g
p
ac
k
et
s
,
o
u
t
g
o
i
n
g
p
ac
k
ets,
m
e
m
o
r
y
u
s
ag
e,
co
n
tr
o
l
b
lo
ck
an
d
d
ata
b
lo
ck
.
R
esu
lt a
n
a
lysi
s
Seco
n
d
l
y
,
in
d
etec
tio
n
p
h
ase
th
e
s
y
s
te
m
p
r
o
f
iles
all
th
e
n
et
w
o
r
k
p
ar
a
m
eter
s
o
f
ea
c
h
h
o
s
t
in
th
e
n
et
w
o
r
k
.
E
ac
h
h
o
s
ts
ar
e
p
r
o
f
il
ed
as
o
f
lear
n
i
n
g
p
h
a
s
e,
th
e
a
t
tack
p
atter
n
i
s
p
er
f
o
r
m
ed
b
y
i
n
itiati
n
g
B
ac
k
tr
ac
k
o
p
er
atin
g
s
y
s
te
m
.
Her
e
v
ar
io
u
s
attac
k
s
h
a
v
e
b
ee
n
p
er
f
o
r
m
ed
an
d
t
h
e
d
ata
h
a
s
b
ee
n
co
l
lecte
d
an
d
r
e
f
i
n
ed
.
No
w
t
h
e
lear
n
t
d
ata
an
d
li
v
e
f
ee
d
w
it
h
attac
k
s
eq
u
en
ce
i
s
g
iv
e
n
a
s
t
h
e
in
p
u
t
a
n
d
an
al
y
s
ed
in
th
e
M
A
T
L
A
B
R
2
0
1
3
b
v
er
s
io
n
.
Fig
u
r
e
3
.
Dete
ctio
n
p
h
ase
f
o
r
attac
k
s
eq
u
en
ce
Evaluation Warning : The document was created with Spire.PDF for Python.
IJ
-
AI
I
SS
N:
2252
-
8938
N
eu
r
a
l KDE
B
a
s
ed
B
eh
a
vio
u
r
Mo
d
el
fo
r
Dete
ctin
g
I
n
tr
u
s
io
n
s
in
…
(
V
.
B
r
in
d
h
a
Dev
i)
171
Fig
u
r
e
4
.
C
o
m
p
u
ted
Ne
u
r
al
K
DE
v
alu
e
f
o
r
R
A
M
u
s
a
g
e
Fig
u
r
e
5
.
C
o
m
p
u
ted
Ne
u
r
al
K
DE
v
alu
e
f
o
r
in
co
m
in
g
b
y
te
s
Fig
u
r
e
6
.
C
o
m
p
u
ted
Ne
u
r
al
K
DE
v
alu
e
f
o
r
o
u
tg
o
i
n
g
b
y
tes
Evaluation Warning : The document was created with Spire.PDF for Python.
I
SS
N
:
2
2
5
2
-
8938
IJ
-
AI
Vo
l.
6
,
No
.
4
,
Dec
em
b
er
201
7
:
16
6
–
17
3
172
Fig
u
r
e
7
.
C
o
m
p
u
ted
Ne
u
r
al
K
DE
v
alu
e
f
o
r
C
P
U
u
s
a
g
e
T
h
e
an
al
y
s
i
s
o
f
t
h
e
p
r
o
p
o
s
ed
m
o
d
el
is
f
u
l
l
y
b
ased
o
n
t
h
e
co
m
p
ar
i
s
o
n
o
f
cr
o
s
s
co
r
r
elatio
n
v
alu
e
s
w
it
h
th
e
n
et
w
o
r
k
p
ar
a
m
eter
s
s
u
c
h
as
C
P
U
u
s
a
g
e,
R
A
M
u
s
a
g
e,
i
n
co
m
i
n
g
b
y
tes,
o
u
t
g
o
i
n
g
b
y
te
s
,
in
co
m
in
g
tr
af
f
ic
an
d
o
u
tg
o
i
n
g
tr
a
f
f
ic.
T
h
is
co
r
r
elatio
n
v
al
u
e
s
h
o
w
s
th
e
d
ev
i
atio
n
r
an
g
e
a
n
d
th
e
p
r
o
p
o
s
ed
m
et
h
o
d
o
lo
g
y
y
ield
s
th
e
p
r
o
m
i
s
i
n
g
r
es
u
lt
s
b
y
d
etec
tin
g
in
tr
u
s
io
n
s
.
B
y
th
i
s
m
et
h
o
d
all
th
e
attac
k
s
p
er
f
o
r
m
ed
at
s
ev
er
al
ti
m
e
p
er
io
d
s
w
er
e
id
e
n
ti
f
ied
/d
etec
ted
an
d
au
s
p
icio
u
s
r
esu
lts
w
er
e
ac
h
iev
ed
.
T
h
e
cr
o
s
s
co
r
r
elatio
n
v
al
u
es
o
f
attac
k
s
eq
u
en
ce
ar
e
clea
r
l
y
d
e
f
i
n
ed
in
th
e
T
ab
le
2
.
T
ab
le
2
.
C
r
o
s
s
co
r
r
elatio
n
v
alu
es o
f
attac
k
i
n
g
s
eq
u
e
n
ce
S
.
N
o
T
i
me
C
P
U
R
A
M
O
u
t
g
o
i
n
g
p
a
c
k
e
t
s
I
n
c
o
mi
n
g
p
a
c
k
e
t
s
1
1
:
1
6
:
5
9
1
1
7
9
3
3
9
9
7
8
8
9
2
9
8
6
8
9
6
0
4
6
6
3
6
8
0
9
2
1
:
1
7
:
1
0
1
1
7
9
3
3
9
9
7
8
8
9
6
1
1
9
8
9
6
0
4
6
6
3
6
8
0
9
3
1
:
1
8
:
2
8
1
1
7
9
6
1
1
7
2
8
8
9
8
9
5
2
8
9
8
9
5
2
6
3
9
7
1
6
4
1
:
1
9
:
2
6
1
1
7
9
7
9
1
9
1
4
8
9
8
2
3
1
9
0
1
2
3
3
6
4
1
9
9
7
5
1
:
2
0
:
2
7
1
1
7
9
9
7
2
3
5
2
9
0
0
3
4
7
9
0
3
4
7
9
6
4
4
2
4
3
6
1
:
2
1
:
2
7
1
1
8
0
1
5
3
1
4
1
9
0
2
4
6
6
9
0
5
7
2
6
6
4
6
4
9
1
7
1
:
2
2
:
2
7
1
1
8
0
3
7
6
3
1
1
9
0
4
6
5
9
9
0
8
0
3
9
6
4
8
8
1
5
8
1
:
2
3
:
1
1
1
2
1
1
1
4
9
8
0
3
9
2
6
4
9
9
9
3
7
1
8
2
6
6
4
8
0
2
9
1
:
2
4
:
4
1
2
6
2
4
6
8
3
1
4
9
6
2
3
9
2
9
3
7
1
8
2
6
6
4
8
0
2
10
1
:
2
5
:
2
6
1
3
8
0
7
4
0
0
8
8
1
0
4
3
5
2
2
1
0
2
2
0
4
7
7
0
9
6
8
8
11
1
:
2
6
:
2
2
1
4
2
0
8
3
8
2
1
2
1
0
7
1
5
1
3
1
0
7
1
4
6
6
7
3
5
8
1
0
4.
CO
NCLU
SI
O
N
Hen
ce
th
e
p
ap
er
is
co
n
cl
u
d
ed
b
y
p
r
o
p
o
s
in
g
a
r
o
b
u
s
t
b
e
h
av
i
o
u
r
al
m
o
d
el
f
o
r
I
DS
to
d
etec
t
an
o
m
alie
s
in
t
h
e
n
et
w
o
r
k
d
o
m
ai
n
.
T
h
e
m
ai
n
r
esear
c
h
m
o
tiv
a
tio
n
in
o
u
r
p
r
o
p
o
s
ed
m
o
d
el
i
s
u
til
izin
g
Neu
r
al
KDE
b
ased
co
m
p
u
tatio
n
al
tech
n
iq
u
e
w
it
h
cr
o
s
s
co
r
r
elatio
n
v
alu
e
s
.
T
h
e
ex
p
er
i
m
e
n
tal
r
es
u
lts
d
e
m
o
n
s
t
r
ated
in
Fig
u
r
e
3
-
7
s
h
o
w
s
t
h
e
o
p
ti
m
alit
y
o
f
th
e
p
r
o
p
o
s
ed
alg
o
r
ith
m
.
I
n
th
e
p
r
esen
t
m
o
d
el
is
ad
ap
ted
f
o
r
a
n
y
I
DS
an
d
ca
n
b
e
i
m
p
le
m
en
ted
o
v
er
an
y
la
y
er
o
f
OSI
m
o
d
el.
I
n
f
u
tu
r
e,
t
h
e
p
r
o
p
o
s
ed
I
DS
is
ex
te
n
d
ed
to
d
etec
t
th
e
co
v
er
t
co
m
m
u
n
icatio
n
s
i
n
A
p
p
licatio
n
tier
p
r
o
to
co
ls
.
RE
F
E
R
E
NC
E
S
[1
]
Fr
e
d
e
rick
,
K.K.
(2
0
0
1
)
Ne
two
r
k
In
tru
sio
n
De
tec
ti
o
n
S
i
g
n
a
tu
r
e
s,
Pa
rt
On
e
Re
c
e
iv
e
o
n
1
4
Ja
n
u
a
r
y
f
ro
m
h
tt
p
:
//
o
n
li
n
e
.
se
c
u
rit
y
f
o
c
u
s.co
m
/i
n
f
o
c
u
s/1
5
2
4
.
h
tm
l
.
[2
]
Ro
e
sc
h
,
M
.
(
1
9
9
0
)
S
n
o
rt
-
L
ig
h
tweig
h
t
In
tru
sio
n
De
tec
ti
o
n
f
o
r
Ne
two
rk
s
Re
c
e
iv
e
f
ro
m
1
4
Ja
n
u
a
ry
f
ro
m
h
tt
p
/
/www
.
sn
o
rt.
o
rg
.
[3
]
S
u
sa
n
,
Y
.
,
Jo
h
n
,
D.T
.,
Da
v
e
,
A
.,
&
F
e
li
x
,
L
.
(2
0
0
1
)
T
h
e
Ha
c
k
e
r’s
Ha
n
d
b
o
o
k
,
CRC
P
re
ss
.
Re
c
e
iv
e
o
n
1
4
Ja
n
u
a
ry
f
ro
m
h
tt
p
:
//
b
o
o
k
s.g
o
o
g
le.co
m
.
m
y
/b
o
o
k
s?
id
=
A
O2
f
s
A
P
V
C3
4
C&
p
g
=
P
A
1
7
4
&
lp
g
=
P
A
1
7
4
&
d
q
=
sig
n
a
tu
re
+
b
a
se
d
+
n
e
tw
o
rk
&
so
u
rc
e
=
w
e
b
&
o
ts=
LeRC4
c
d
ZK7
&
sig
=
jZ
W
2
o
6
8
V
iZ
d
m
n
b
4
P
S
P
R0
z
A
g
T
t
x
I&
h
l=e
n
#
P
P
A
1
7
3
,
M
1
.
Evaluation Warning : The document was created with Spire.PDF for Python.
IJ
-
AI
I
SS
N:
2252
-
8938
N
eu
r
a
l KDE
B
a
s
ed
B
eh
a
vio
u
r
Mo
d
el
fo
r
Dete
ctin
g
I
n
tr
u
s
io
n
s
in
…
(
V
.
B
r
in
d
h
a
Dev
i)
173
[4
]
Yix
u
e
W
a
n
g
,
A
S
o
rt
o
f
M
u
lt
i
-
A
g
e
n
t
Co
o
p
e
ra
ti
o
n
Distri
b
u
ted
Ba
se
d
In
tr
u
sio
n
De
tec
ti
o
n
S
y
ste
m
,
M
o
d
e
m
c
o
m
p
u
ter,
2
0
0
8
.
[5
]
Jia
n
c
h
u
n
Jia
n
g
,
He
n
g
tai
M
a
,
Da
n
g
e
n
Re
n
,
Ne
tw
o
rk
S
e
c
u
rit
y
In
tru
s
io
n
De
tec
ti
o
n
,
J
o
u
rn
a
l
o
f
S
o
ft
w
a
r
e
,
2
0
0
0
.
[6
]
JMarin
,
D.Ra
g
sd
a
le,
a
n
d
JSu
rd
u
,
A
h
y
b
rid
a
p
p
ro
a
c
h
t
o
th
e
p
ro
f
il
e
c
re
a
ti
o
n
a
n
d
in
tr
u
sio
n
d
e
tec
ti
o
n
,
Pro
c
.
o
f
DARP
A
In
fo
rm
a
t
io
n
S
u
rv
iva
b
i
li
ty Co
n
fer
e
n
c
e
&
Exp
o
siti
o
n
11
,
2
0
0
1
.
[7
]
M
in
g
T
a
n
,
X
iao
l
o
n
g
Hu
,
L
ian
c
h
e
n
g
L
iu
,
Ba
se
d
o
n
m
u
lt
i
-
e
x
a
m
in
a
ti
o
n
tec
h
n
o
lo
g
y
in
v
a
sio
n
e
x
a
m
i
n
a
ti
o
n
sy
ste
m
m
o
d
e
l,
Co
mp
u
ter
p
ro
jec
t
a
n
d
d
e
s
ig
n
,
2
0
0
8
.
[8
]
M
in
g
X
iao
,
Distr
ib
u
ted
I
n
tru
si
o
n
De
tec
ti
o
n
S
y
ste
m
De
sig
n
,
El
e
c
tro
n
ic S
c
ien
c
e
a
n
d
T
e
c
h
n
o
lo
g
y
Un
iv
e
rs
it
y
,
2
0
0
2
.
[9
]
X
iren
X
ie,
"
Co
m
p
u
ter Ne
tw
o
rk
,
"
P
u
b
l
ish
i
n
g
Ho
u
se
o
f
El
e
c
tro
n
ics
I
n
d
u
stry
,
p
p
.
1
1
0
-
1
1
1
,
2
0
0
5
.
[1
0
]
U.S
.
Na
ti
o
n
a
l
S
e
c
u
rit
y
Ag
e
n
c
y
Re
lea
se
s,
"
T
h
e
T
e
c
h
n
ica
l
F
ra
m
e
w
o
rk
o
f
In
f
o
r
m
a
ti
o
n
As
su
ra
n
c
e
,
"
Be
ij
in
g
Ch
in
a
El
e
c
tro
n
ica
l
S
o
f
twa
re
p
u
b
li
s
h
in
g
h
o
u
se
,
p
p
.
4
6
-
57
,
2
0
0
4
.
[1
1
]
Ju
li
a
A
ll
e
n
,
A
lan
Ch
risti
e
,
e
t
a
1
.
S
tate
o
f
th
e
P
ra
c
ti
c
e
o
f
In
tru
sio
n
De
tec
ti
o
n
T
e
c
h
n
o
lo
g
ies
.
T
e
c
h
n
ica
l
Re
p
o
rt
,
Ne
two
rk
e
d
S
y
ste
ms
S
u
rv
iva
b
il
it
y
Pro
g
ra
m
,
p
p
.
4
7
-
85
,
2
0
0
0
.
[1
2
]
Co
n
g
w
e
i
Zh
e
n
g
,
T
ian
fa
Jia
n
g
.
"
Re
se
a
r
c
h
o
n
In
e
tan
e
t
n
e
tw
o
rk
se
c
u
rit
y
tec
h
n
o
lo
g
y
b
a
s
e
d
o
n
in
telli
g
e
n
t
f
ire
wa
ll
,
"
Co
mp
u
ter
En
g
in
e
e
rin
g
a
n
d
Ap
p
li
c
a
ti
o
n
s
,
p
p
.
1
5
6
-
1
5
8
,
2
0
0
5
.
[1
3
]
X
iao
p
in
g
Ya
n
g
,
Ji
n
g
S
u
.
"
Re
se
a
rc
h
o
n
In
tr
u
sio
n
De
tec
ti
o
n
tec
h
n
o
lo
g
y
b
a
se
d
o
n
P
r
o
t
o
c
o
l
A
n
a
ly
s
is,
"
Co
mp
u
ter
Ap
p
li
c
a
ti
o
n
Res
e
a
rc
h
,
p
p
.
1
0
8
-
1
1
0
,
2
0
0
4
.
[1
4
]
Ch
e
n
A
A
,
Co
m
m
o
n
In
tr
u
sio
n
De
tec
ti
o
n
F
ra
m
e
w
o
rk
.
h
tt
p
:/
/se
c
lab
s.
Cs.u
c
d
a
v
is.
e
d
u
/cid
f
,
2
0
0
2
-
01
-
1
7
.
[1
5
]
X
iao
q
u
n
Du
,
S
c
o
tt
A
.
S
m
o
lk
a
,
Ra
n
c
e
Clea
v
e
lan
d
,
"
L
o
c
a
l
M
o
d
e
l
Ch
e
e
k
in
g
a
n
d
P
ro
t
o
c
o
l
A
n
a
l
y
sis,"
S
o
ft
w
a
re
T
o
o
l
s
fo
r T
e
c
h
n
o
l
o
g
y
T
r
a
n
sfe
r
.
[1
6
]
D.
Ba
rb
a
ra
,
J.
Co
u
to
,
S.
Ja
jo
d
ia,
L
.
P
o
p
y
a
c
k
a
n
d
N.
W
u
"
A
D
A
M
:
De
tec
t
in
g
in
tru
sio
n
s b
y
d
a
ta
m
in
in
g
"
,
Pro
c
.
IEE
E
W
o
rk
sh
o
p
I
n
f.
Ass
u
ra
n
c
e
a
n
d
S
e
c
u
rity
,
p
p
.
1
1
-
1
6
2
0
0
1
.
[1
7
]
N.
Ye
,
S.
E
m
ra
n
,
X
.
L
i
a
n
d
Q.
C
h
e
n
"
S
tatisti
c
a
l
p
ro
c
e
ss
c
o
n
tro
l
fo
r
c
o
m
p
u
ter
in
tru
sio
n
d
e
tec
ti
o
n
"
,
Pro
c
.
DIS
CEX
II
,
v
o
l.
1
,
p
p
.
3
-
1
4
2
0
0
1
.
[1
8
]
N.
Ye
,
S
.
V
il
b
e
rt
a
n
d
Q.
C
h
e
n
"
Co
m
p
u
ter
in
tr
u
sio
n
d
e
tec
ti
o
n
th
r
o
u
g
h
EW
M
A
f
o
r
a
u
to
c
o
rre
late
d
a
n
d
u
n
c
o
rre
late
d
d
a
ta"
,
IEE
E
T
ra
n
s.
Rel.
,
v
o
l.
5
2
,
n
o
.
1
,
p
p
.
7
5
-
8
2
2
0
0
3
.
[1
9
]
N.
Ye
,
S
.
Em
ra
n
,
Q.
Ch
e
n
a
n
d
S
.
V
il
b
e
rt
"
M
u
lt
iv
a
riate
sta
ti
stica
l
a
n
a
ly
sis
o
f
a
u
d
it
trails
f
o
r
h
o
st
-
b
a
se
d
in
tr
u
sio
n
d
e
tec
ti
o
n
"
,
IEE
E
T
ra
n
s.
C
o
mp
u
t.
,
v
o
l.
5
1
,
n
o
.
7
,
p
p
.
8
1
0
-
8
2
0
2
0
0
2
.
[2
0
]
W
.
L
e
e
a
n
d
S
.
S
to
lf
o
"
A
f
ra
m
e
w
o
rk
f
o
r
c
o
n
stru
c
ti
n
g
f
e
a
tu
re
s
a
n
d
m
o
d
e
ls
f
o
r
in
tru
sio
n
d
e
tec
ti
o
n
s
y
ste
m
s
"
,
ACM
T
ra
n
s.
I
n
f.
S
y
st.
S
e
c
u
r.
,
v
o
l
.
3
,
n
o
.
4
,
p
p
.
2
2
7
-
2
6
1
2
0
0
0
.
[2
1
]
Zh
o
n
g
S
h
a
o
c
h
u
n
,
S
o
n
g
Qin
g
f
e
n
g
,
Ch
e
n
g
X
iao
c
h
u
n
,
Zh
a
n
g
Ya
n
(2
0
0
3
).
"
A
S
a
f
e
M
o
b
il
e
A
g
e
n
t
S
y
ste
m
f
o
r
Distrib
u
te
d
In
tru
si
o
n
De
tec
ti
o
n
.
"
Pro
c
e
e
d
in
g
s
o
f
t
h
e
S
e
c
o
n
d
I
n
te
rn
a
ti
o
n
a
l
Co
n
fer
e
n
c
e
o
n
M
a
c
h
in
e
L
e
a
rn
in
g
a
n
d
Cy
b
e
rn
e
ti
c
s IE
EE
.
[2
2
]
L
in
Zh
a
o
w
e
n
,
Re
n
X
in
g
ti
a
n
,
M
a
Ya
n
(2
0
0
6
).
"
Ag
e
n
t
-
b
a
se
d
Distrib
u
ted
C
o
o
p
e
ra
ti
v
e
In
tru
sio
n
De
tec
ti
o
n
S
y
ste
m
.
"
IEE
E
.
[2
3
]
S
a
rti
d
Vo
n
g
p
ra
d
h
i
p
,
W
ich
e
t
P
lai
m
a
rt
(2
0
0
7
)
.
"
S
u
rv
iv
a
l
A
rc
h
it
e
c
t
u
re
f
o
r
Distrib
u
ted
In
tr
u
sio
n
De
t
e
c
ti
o
n
S
y
ste
m
(
d
IDS)
u
si
n
g
M
o
b
il
e
A
g
e
n
t"
.
S
ixth
IEE
E
in
ter
n
a
ti
o
n
a
l
S
y
mp
o
si
u
m
o
n
Ne
tw
o
rk
Co
mp
u
ti
n
g
a
n
d
A
p
p
li
c
a
ti
o
n
(
NCA
2
0
0
7
)
.
[2
4
]
W
a
n
g
Ju
n
,
W
a
n
g
Ch
o
n
g
-
ju
n
,
X
i
e
Ju
n
-
y
u
a
n
,
Ch
e
n
S
h
i
-
f
u
(2
0
0
6
).
"
Re
se
a
rc
h
o
n
A
g
e
n
t
-
b
a
se
d
In
tru
sio
n
De
tec
ti
o
n
T
e
c
h
n
iq
u
e
"
.
COM
PUT
ER
S
CIEN
CE
,
Vo
l.
3
3
,
No
.
1
2
,
p
p
.
6
5
-
6
9
.
[2
5
]
Da
li
la
Bo
u
g
h
a
c
i,
Ha
b
i
b
a
d
r
ias
,
A
h
m
e
d
Be
n
d
ib
,
e
tc
(
2
0
0
6
).
"
A
Distrib
u
te
d
In
tru
si
o
n
De
tec
ti
o
n
F
ra
m
e
w
o
rk
b
a
se
d
o
n
A
u
to
n
o
m
o
u
s
a
n
d
M
o
b
i
le
Ag
e
n
ts"
.
Pro
c
e
e
d
in
g
s
o
f
t
h
e
In
ter
n
a
ti
o
n
a
l
C
o
n
fer
e
n
c
e
o
n
De
p
e
n
d
a
b
il
it
y
o
f
Co
mp
u
ter
S
y
ste
ms
IEE
E
.
[2
6
]
A
b
d
e
lh
a
m
id
B
e
l
m
e
k
k
i,
A
b
d
e
ll
a
ti
f
M
e
z
rio
u
i
(2
0
0
5
).
"
Us
in
g
A
c
ti
v
e
Ag
e
n
t
f
o
r
In
tru
si
o
n
De
tec
ti
o
n
a
n
d
M
a
n
a
g
e
m
e
n
t.
"
Pro
c
e
e
d
i
n
g
o
f
th
e
2
0
0
5
C
o
n
fer
e
n
c
e
IEE
E
.
B
I
O
G
RAP
H
I
E
S O
F
AUTH
O
RS
V.
Brin
d
h
a
De
v
i,
B.
E.
,
M
.
E.
,
is
a
Re
se
a
rc
h
s
c
h
o
lar
a
t
A
n
n
a
Un
iv
e
r
sity
,
Ch
e
n
n
a
i.
Cu
rre
n
tl
y
w
o
rk
in
g
in
S
ri
S
a
iram
In
stit
u
te
o
f
T
e
c
h
n
o
lo
g
y
.
S
h
e
h
a
s
m
o
re
th
a
n
1
3
y
e
a
rs
o
f
t
e
a
c
h
in
g
e
x
p
e
rien
c
e
a
n
d
h
e
r
a
re
a
s o
f
sp
e
c
ializ
a
ti
o
n
s are
W
irele
ss
Ne
t
w
o
rk
s,
F
u
z
z
y
c
o
m
p
u
tatio
n
,
A
rti
f
ici
a
l
In
telli
g
e
n
c
e
.
Dr.
K.L
.
S
h
u
n
m
u
g
a
n
a
th
a
n
,
B.
E,
M
.
E.
M
.
S
,
P
h
.
D
is
w
o
rk
in
g
a
s
t
h
e
P
r
o
f
e
ss
o
r
&
He
a
d
o
f
CS
E
De
p
a
rtme
n
t
o
f
R.
M
.
K.
En
g
in
e
e
rin
g
Co
ll
e
g
e
,
Ch
e
n
n
a
i,
T
a
m
il
N
a
d
u
,
In
d
ia.
He
h
a
s
m
o
re
th
a
n
2
3
y
e
a
rs o
f
te
a
c
h
in
g
e
x
p
e
rien
c
e
a
n
d
h
is
a
re
a
s o
f
sp
e
c
ializa
ti
o
n
s are
Ne
tw
o
rk
s,
A
rti
f
i
c
ial
In
telli
g
e
n
c
e
.
Evaluation Warning : The document was created with Spire.PDF for Python.