99.referencias.bib

@manual{NBR6028:2003,
  address = {Rio de Janeiro},
  date-added = {2012-12-15 21:02:12 +0000},
  date-modified = {2012-12-15 21:02:50 +0000},
  month = nov,
  org-short = {ABNT},
  organization = {Associa{\c c}\~ao Brasileira de Normas T\'ecnicas},
  pages = 2,
  subtitle = {Resumo - Apresenta{\c c}{\~a}o},
  title = {{NBR} 6028},
  year = 2003
}


@inproceedings{Andy2017,
  title={{Attack scenarios and security analysis of mqtt communication protocol in iot system}},
  author={Andy,Syaiful and Rahardjo,Budi and Hanindhito,Bagus},
  abstract={Various communication protocols are currently used in the Internet
    of Things (IoT) devices. One of the protocols that are already standardized by
    ISO is MQTT protocol (ISO / IEC 20922: 2016). Many IoT developers use this
    protocol because of its minimal bandwidth requirement and low memory
    consumption. Sometimes,IoT device sends confidential data that should only be
    accessed by authorized people or devices. Unfortunately,the MQTT protocol only
    provides authentication for the security mechanism which,by default,does not
    encrypt the data in transit thus data privacy,authentication,and data
    integrity become problems in MQTT implementation. This paper discusses several
    reasons on why there are many IoT system that does not implement adequate
    security mechanism. Next,it also demonstrates and analyzes how we can attack
    this protocol easily using several attack scenarios. Finally,after the
    vulnerabilities of this protocol have been examined,we can improve our
    security awareness especially in MQTT protocol and then implement security
    mechanism in our MQTT system to prevent such attack. {\textcopyright}
    2018,Institute of Advanced Engineering and Science. All rights reserved.},
  keywords={Attack,MQTT,Protocol,Scenario},
  journal={International Conference on Electrical Engineering,Computer Science and Informatics (EECSI)},
  doi={10.11591/eecsi.4.1064},
  isbn={9781538605486},
  issn={2407439X},
  number={September},
  pages={600--604},
  volume={4},
  year={2017}
}

@article{Choudhary2018,
  abstract={Internet of things (IoT) is the smart network which connects smart objects over the Internet. The Internet is un- trusted and unreliable network and thus IoT network is vulner- able to different kind of attacks. Conventional encryption and authentication techniques sometimes fail on IoT based network and intrusion may succeed to destroy the network. So,it is necessary to design intrusion detection system for such network. In our paper,we detect routing attacks such as sinkhole and selective forwarding. We have also tried to prevent our net- work from these attacks. We designed detection and prevention algorithm,i.e.,KMA(Key Match Algorithm) and CBA(Cluster- Based Algorithm) in MatLab simulation environment. We gave two intrusion detection mechanisms and compared their results as well. True positive intrusion detection rate for our work is between 50{\%} to 80{\%} with KMA and 76{\%} to 96{\%} with CBA algorithm.},
  author={Choudhary,Sarika and Kesswani,Nishtha},
  doi={10.1109/TrustCom/BigDataSE.2018.00219},
  isbn={978-1-5386-4388-4},
  journal={2018 17th IEEE International Conference On Trust,Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE)},
  keywords={(IDS),6LoWPAN,Internet of Things,Intrusion Detection System,RPL,Routing Attack,Security,Selective Forwarding,Sinkhole},
  mendeley-groups={UFSCar/trab-fichamento[/trab-final},
  pages={1537--1540},
  publisher={IEEE},
  title={{Detection and Prevention of Routing Attacks in Internet of Things}},
  url={https://ieeexplore.ieee.org/document/8456088/},
  year={2018}
}
@article{DO2018,
  title={Cyber-physical systems information gathering: A smart home case study},
  abstract={With the growth in the use of Cyber-Physical Systems,such as Internet of Things (IoT) devices,there is a corresponding increase in the potential attack footprint of personal and corporate users. In this paper,we explore the potential for exploiting information retrieved from two IoT devices which,seemingly,are unlikely to store substantial amounts of data. We specifically focus on prominent smart home devices for the purpose of obtaining compromising information. We undertake a collection and analysis process,constrained by the limitations placed upon three types of adversaries,namely: forensic passive,forensic active and real-time active. The former two adversaries aim to comply with the requirements of forensic soundness,whereas the real-time active adversary does not have these constraints and therefore more closely models a malicious real-world attacker. The findings show that a variety of device data is available to even the passive adversary,and this data can be used to determine the actions and/or presence of an individual at a given time based on their interactions with the IoT device. These interactions can be both user initiated (e.g. powering on or off a switch or light) and device initiated (e.g. background polling).},
  author={Do,Quang and Martini,Ben and Choo,Kim-Kwang Raymond},
  doi={https://doi.org/10.1016/j.comnet.2018.03.024},
  issn={1389-1286},
  journal={Computer Networks},
  keywords={Cyber-physical system forensics,Forensic adversary,Internet of Battlefield Things forensics,Internet of Things forensics,Smart home forensics},
  mendeley-groups={UFSCar/trab-fichamento[,UFSCar/trab-fichamento[/trab-final},
  pages={1--12},
  url={http://www.sciencedirect.com/science/article/pii/S1389128618301440},
  volume={138},
  year={2018}
}
@article{Acar2018,
  abstract={In this paper,we present two web-based attacks against local IoT de- vices that any malicious web page or third-party script can perform,even when the devices are behind NATs. In our attack scenario,a victim visits the attacker's website,which contains a malicious script that communicates with IoT devices on the local network that have open HTTP servers. We show how the malicious script can circumvent the same-origin policy by exploiting error messages on the HTML5 MediaError interface or by carrying out DNS rebinding attacks. We demonstrate that the attacker can gather sensitive infor- mation from the devices (e.g.,unique device identifiers and precise geolocation),track and profile the owners to serve ads,or control the devices by playing arbitrary videos and rebooting. We propose potential countermeasures to our attacks that users,browsers,DNS providers,and IoT vendors can implement.},
  author={Acar,Gunes and Huang,Danny Yuxing and Li,Frank and Narayanan,Arvind and Feamster,Nick},
  doi={10.1145/3229565.3229568},
  isbn={9781450359054},
  journal={Proceedings of the 2018 Workshop on IoT Security and Privacy - IoT S{\&}P '18},
  keywords={DNS rebinding,Internet of Things,JavaScript,privacy},
  mendeley-groups={UFSCar/trab-fichamento[/trab-final},
  pages={29--35},
  title={{Web-based Attacks to Discover and Control Local IoT Devices}},
  url={http://dl.acm.org/citation.cfm?doid=3229565.3229568},
  year={2018}
}

@article{dean2008mapreduce,
  title={MapReduce: simplified data processing on large clusters},
  author={Dean,Jeffrey and Ghemawat,Sanjay},
  journal={Communications of the ACM},
  volume={51},
  number={1},
  pages={107--113},
  year={2008},
  publisher={ACM}
}

@article{Dean2004,
  title={{MapReduce: Simplified data processing on large clusters}},
  author={Dean,Jeffrey and Ghemawat,Sanjay},
  journal={OSDI 2004 - 6th Symposium on Operating Systems Design and Implementation},
  doi={10.21276/ijre.2018.5.5.4},
  issn={23487852},
  pages={137--149},
  year={2004}
}

@inproceedings{Pandey2014,
  author={Pandey,Shweta and Tokekar,Vrinda},
  title={Prominence of MapReduce in Big Data Processing},
  year={2014},
  isbn={9781479930708},
  publisher={IEEE Computer Society},
  address={USA},
  url={https://doi.org/10.1109/CSNT.2014.117},
  doi={10.1109/CSNT.2014.117},
  booktitle={Proceedings of the 2014 Fourth International Conference on Communication Systems and Network Technologies},
  pages={555–560},
  numpages={6},
  keywords={MapReduce,Hadoop Distributed File System,Hadoop,Google file System,Big Data},
  series={CSNT ’14}
}

@misc{ApacheHadoop2020,
  title={{The Apache™ Hadoop® project develops open-source software for reliable,scalable,distributed computing.}},
  author= {{Apache Hadoop}},
  url={https://hadoop.apache.org/},
  urldate={2020-02-10},
  year={2020}
}
@misc{ApacheSpark2020,
  title={{Apache Spark™ - Unified Analytics Engine for Big Data}},
  author= {{Apache Spark}},
  url={https://spark.apache.org/},
  urldate={2020-02-10},
  year={2020}
}

@techreport{Zaharia,
  title={{Spark: Cluster Computing with Working Sets}},
  author={Zaharia,Matei and Chowdhury,Mosharaf and Franklin,Michael J and Shenker,Scott},
  year= {2010},
  journal={HotCloud},
  volume={10},
  number={10-10},
  pages={95},
  
  abstract={MapReduce and its variants have been highly successful in
  implementing large-scale data-intensive applications on commodity clusters.
  However,most of these systems are built around an acyclic data flow model
  that is not suitable for other popular applications. This paper fo-cuses on
  one such class of applications: those that reuse a working set of data across
  multiple parallel operations. This includes many iterative machine learning
  algorithms,as well as interactive data analysis tools. We propose a new
  framework called Spark that supports these applications while retaining the
  scalability and fault tolerance of MapReduce. To achieve these goals,Spark
  introduces an abstraction called resilient distributed datasets (RDDs). An RDD
  is a read-only collection of objects partitioned across a set of machines that
  can be rebuilt if a partition is lost. Spark can outperform Hadoop by 10x in
  iterative machine learning jobs,and can be used to interactively query a 39
  GB dataset with sub-second response time.}
}

@article{sparkStreaming2016,
  title   = {{Apache spark: A unified engine for big data processing}},
  author  = {Zaharia,Matei and Xin,Reynold S. and Wendell,Patrick and Das,Tathagata
  and Armbrust,Michael and Dave,Ankur and Meng,Xiangrui and Rosen,Josh and
  Venkataraman,Shivaram and Franklin,Michael J. and Ghodsi,Ali and
  Gonzalez,Joseph and Shenker,Scott and Stoica,Ion},
  doi     = {10.1145/2934664},
  issn    = {15577317},
  journal = {Communications of the ACM},
  number  = {11},
  pages   = {56--65},
  volume  = {59},
  year    = {2016}
}

% referencias da Quali Gui Cassales
% (PERNER,2007)
% PERNER2007,
%   author="Perner,Petra",
%   title="Concepts for Novelty Detection and Handling Based on a Case-Based Reasoning Process Scheme",
%   booktitle="Advances in Data Mining. Theoretical Aspects and Applications",
%   year="2007",
%   publisher="Springer",
%   pages="21--33",
%   isbn="978-3-540-73435-2"
% }
% Perner2009,
%   title="Concepts for novelty detection and handling based on a case-based reasoning process scheme",
%   author="Petra Perner",
% (GAMA,2010).
% (MUKKAMALA; SUNG; ABRAHAM,2005)
@article{McHugh2000,
  author={McHugh,John},
  title={Testing Intrusion Detection Systems: A Critique of the 1998 and 1999 DARPA Intrusion Detection System Evaluations As Performed by Lincoln Laboratory},
  journal={ACM Trans. Inf. Syst. Secur.},
  issue_date={Nov. 2000},
  volume={3},
  number={4},
  month=nov,
  year={2000},
  issn={1094-9224},
  pages={262--294},
  numpages={33},
  url={http://doi.acm.org/10.1145/382912.382923},
  doi={10.1145/382912.382923},
  acmid={382923},
  publisher={ACM},
  address={New York,NY,USA},
  keywords={computer security,intrusion detection,receiver operating curves (ROC),software evaluation},
}

@INPROCEEDINGS{Sommer2010,
  author={R. {Sommer} and V. {Paxson}},
  booktitle={2010 IEEE Symposium on Security and Privacy},
  title={Outside the Closed World: On Using Machine Learning for Network Intrusion Detection},
  year={2010},
  volume={},
  number={},
  pages={305-316},
  keywords={learning (artificial intelligence);security of data;machine learning;network intrusion detection;anomaly detection;Machine learning;Intrusion detection;Computer science;Telecommunication traffic;Guidelines;Computer security;National security;Privacy;Laboratories;Computerized monitoring;anomaly detection;machine learning;intrusion detection;network security},
  doi={10.1109/SP.2010.25},
  ISSN={2375-1207},
  month={May}
}

@inproceedings{Striki2009,
  author={Striki,Maria and Manousakis,Kyriakos and Kindred,Darrell and Sterne,Dan and Lawler,Geoff and Ivanic,Natalie and Tran,George},
  title={Quantifying Resiliency and Detection Latency of Intrusion Detection Structures},
  booktitle={Proceedings of the 28th IEEE Conference on Military Communications},
  series={MILCOM'09},
  year={2009},
  isbn={978-1-4244-5238-5},
  location={Boston,Massachusetts,USA},
  pages={2205--2212},
  numpages={8},
  url={http://dl.acm.org/citation.cfm?id=1856821.1857149},
  acmid={1857149},
  publisher={IEEE Press},
  address={Piscataway,NJ,USA},
}

@article{ModiIDSCloud,
 author={Modi,Chirag and Patel,Dhiren and Borisaniya,Bhavesh and Patel,Hiren and Patel,Avi and Rajarajan,Muttukrishnan},
  title={Review: A Survey of Intrusion Detection Techniques in Cloud},
  journal={J. Netw. Comput. Appl.},
  issue_date={January,2013},
  volume={36},
  number={1},
  month=jan,
  year={2013},
  issn={1084-8045},
  pages={42--57},
  numpages={16},
  url={http://dx.doi.org/10.1016/j.jnca.2012.05.003},
  doi={10.1016/j.jnca.2012.05.003},
  acmid={2406205},
  publisher={Academic Press Ltd.},
  address={London,UK,UK},
  keywords={Cloud computing,Firewalls,Intrusion detection system,Intrusion prevention system},
}

% ====== inseridos por hermes

@article{dastjerdi2016,
  title={Fog computing: Helping the Internet of Things realize its potential},
  author={Dastjerdi,Amir Vahid and Buyya,Rajkumar},
  
  abstract={The Internet of Things (IoT) could enable innovations that enhance
  the quality of life,but it generates unprecedented amounts of data that are
  difficult for traditional systems,the cloud,and even edge computing to
  handle. Fog computing is designed to overcome these limitations.},
  
  keywords={data handling;Internet of Things;fog computing;Internet of
  Things;IoT;data handling;Internet of things;Data analysis;Big data;Cloud
  computing;Internet of Things;IoT;cloud computing;Cloud Cover;fog computing},
    
  journal={Computer},
  volume={49},
  number={8},
  pages={112--116},
  year={2016},
  doi={10.1109/MC.2016.245},
  ISSN={1558-0814},
  month={Aug},
  publisher={IEEE}
}
@misc{gartner_it_glossary_2018,
  title={Gartner Says Worldwide IoT Security Spending Will Reach \$1.5 Billion in 2018},
  author={Gartner},
  url={https://www.gartner.com/newsroom/id/3869181},
  journal={Gartner IT Glossary},
  publisher={Gartner,Inc.},
  year={2018},
  month={Mar}}

@misc{gartner_forecast_2017,
  title={Gartner Says 8.4 Billion Connected ``Things'' Will Be in Use in 2017,Up 31 Percent From 2016},
  author={Gartner},
  url={https://www.gartner.com/en/newsroom/press-releases/2017-02-07-gartner-says-8-billion-connected-things-will-be-in-use-in-2017-up-31-percent-from-2016},
  journal={Gartner Press Release},
  publisher={Gartner,Inc.},
  year={2017}
}

@article{mitchell2014survey,
  title={A survey of intrusion detection techniques for cyber-physical systems},
  author={Mitchell,Robert and Chen,Ing-Ray},
  journal={ACM Computing Surveys (CSUR)},
  volume={46},
  number={4},
  pages={55},
  year={2014},
  publisher={ACM}
}

@inproceedings{roesch1999snort,
  title={Snort: Lightweight intrusion detection for networks.},
  author={Roesch,Martin and others},
  booktitle={Lisa},
  volume={99},
  number={1},
  pages={229--238},
  year={1999}
}


@article{buczak2016survey,
  title={A survey of data mining and machine learning methods for cyber security intrusion detection},
  author={Buczak,Anna L and Guven,Erhan},
  journal={IEEE Communications Surveys \& Tutorials},
  volume={18},
  number={2},
  pages={1153--1176},
  year={2016},
  publisher={IEEE}
}


@article{da2014internet,
  title={Internet of things in industries: A survey},
  author={Da Xu,Li and He,Wu and Li,Shancang},
  journal={IEEE Transactions on industrial informatics},
  volume={10},
  number={4},
  pages={2233--2243},
  year={2014},
  publisher={IEEE}
}

@article{gubbi2013internet,
  title={Internet of Things (IoT): A vision,architectural elements,and future directions},
  author={Gubbi,Jayavardhana and Buyya,Rajkumar and Marusic,Slaven and Palaniswami,Marimuthu},
  journal={Future generation computer systems},
  volume={29},
  number={7},
  pages={1645--1660},
  year={2013},
  publisher={Elsevier}
}



% ============
@inproceedings{dos-6lowpan-iot,
  author={P. Kasinathan and C. Pastrone and M. A. Spirito and M. Vinkovits},
  booktitle={IEEE 9th Intl. Conf. on Wireless and Mobile Computing,Networking and Communications (WiMob)},
  title={Denial-of-Service detection in 6LoWPAN based Internet of Things},
  year={2013},
  volume={},
  number={},
  pages={600-607},
  doi={10.1109/WiMOB.2013.6673419},
  ISSN={2160-4886},
  month={Oct}
}


@INPROCEEDINGS{Hybrid-ids-arch-iot,
  author={M. Sheikhan and H. Bostani},
  booktitle={8th Intl. Symp. on Telecommunications (IST)},
  title={A hybrid intrusion detection architecture for Internet of things},
  year={2016},
  volume={},
  number={},
  pages={601-606},
  doi={10.1109/ISTEL.2016.7881893},
  ISSN={},
  month={Sept}
}

@INPROCEEDINGS{Kalis,
author={D. Midi and A. Rullo and A. Mudgerikar and E. Bertino},
booktitle={IEEE Intl. Conf. on Distributed Computing Systems (ICDCS)},
title={Kalis - A System for Knowledge-Driven Adaptable Intrusion Detection for the Internet of Things},
year={2017},
volume={},
number={},
pages={656-666},
doi={10.1109/ICDCS.2017.104},
ISSN={1063-6927},
month={June}}

@article{SVELTE,
title="SVELTE: Real-time intrusion detection in the Internet of Things",
journal="Ad Hoc Networks",
volume="11",
number="8",
pages="2661 - 2674",
year="2013",
issn="1570-8705",
doi="https://doi.org/10.1016/j.adhoc.2013.04.014",
author="Shahid Raza and Linus Wallgren and Thiemo Voigt",
keywords="Intrusion detection,Internet of Things,6LoWPAN,RPL,IPv6,Security,Sensor networks"
}

@article{anomalies-adaptive-detection,
author={Zhang,Ji and Li,Hongzhou and Gao,Qigang and Wang,Hai and Luo,Yonglong},
title={Detecting Anomalies from Big Network Traffic Data Using an Adaptive Detection Approach},
journal={Inf. Sci.},
issue_date={October 2015},
volume={318},
number={C},
month=oct,
year={2015},
issn={0020-0255},
pages={91--110},
numpages={20},
doi={10.1016/j.ins.2014.07.044},
acmid={2794100},
publisher={Elsevier Science Inc.},
address={New York,NY,USA},
keywords={Anomaly detection,Big data,Outlier detection},
}

@article{IoT-arch-smartmeter,
author={J. Lloret and J. Tomas and A. Canovas and L. Parra},
journal={IEEE Communications Magazine},
title={An Integrated IoT Architecture for Smart Metering},
year={2016},
volume={54},
number={12},
pages={50-57},
doi={10.1109/MCOM.2016.1600647CM},
ISSN={0163-6804}}

@article{scalable-anomaly-detection-smart-city,
author={D. E. Difallah and P. Cudré-Mauroux and S. A. McKenna},
journal={IEEE Internet Computing},
title={Scalable Anomaly Detection for Smart City Infrastructure Networks},
year={2013},
volume={17},
number={6},
pages={39-47},
doi={10.1109/MIC.2013.84},
ISSN={1089-7801},
month={Nov}}

@article{DS-based-IDS-SmartGrid,
author={M. A. Faisal and Z. Aung and J. R. Williams and A. Sanchez},
journal={IEEE Systems Journal},
title={Data-Stream-Based Intrusion Detection System for Advanced Metering Infrastructure in Smart Grid: A Feasibility Study},
year={2015},
volume={9},
number={1},
pages={31-44},
doi={10.1109/JSYST.2013.2294120},
ISSN={1932-8184},
month={March}}


@article{Fault-tolerance-disaster,
AUTHOR={Furquim,Gustavo and Filho,Geraldo P. R. and Jalali,Roozbeh and Pessin,Gustavo and Pazzi,Richard W. and Ueyama,Jó},
TITLE={How to Improve Fault Tolerance in Disaster Predictions: A Case Study about Flash Floods Using IoT,ML and Real Data},
JOURNAL={Sensors},
VOLUME={18},
YEAR={2018},
NUMBER={3},
ARTICLENUMBER={907},
ISSN={1424-8220},
DOI={10.3390/s18030907}}

@article{Adat2017,
abstract={Internet technology is very pervasive today. The number of devices connected to the Internet,those with a digital identity,is increasing day by day. With the developments in the technology,Internet of Things (IoT) become important part of human life. However,it is not well defined and secure. Now,various security issues are considered as major problem for a full-fledged IoT environment. There exists a lot of security challenges with the proposed architectures and the technologies which make the backbone of the Internet of Things. Some efficient and promising security mechanisms have been developed to secure the IoT environment,however,there is a lot to do. The challenges are ever increasing and the solutions have to be ever improving. Therefore,aim of this paper is to discuss the history,background,statistics of IoT and security based analysis of IoT architecture. In addition,we will provide taxonomy of security challenges in IoT environment and taxonomy of various defense mechanisms. We conclude our paper discussing various research challenges that still exist in the literature,which provides better understanding of the problem,current solution space,and future research directions to defend IoT against different attacks.},
annote={ISSN=10184864},
author={Adat,Vipindev and Gupta,B. B.},
doi={10.1007/s11235-017-0345-9},
issn={15729451},
journal={Telecommunication Systems},
keywords={Computer architecture,Computer security,Denial of service attacks,Distributed denial of service,Internet of Things,Internet of things,Intrusion detection systems,Intrusion detection systems (Computer security),Security challenges},
number={3},
pages={423--441},
title={{Security in Internet of Things: issues,challenges,taxonomy,and architecture}},
volume={67},
year={2017}
}



@article{GT-BIS,
author="Campiolo,Rodrigo AND Batista,Daniel M.",
title="Uma Arquitetura para Detecção de Ameaças Cibernéticas Baseada na Análise de Grandes Volumes de Dados",
journal="WSCDC SBRC",
year="2018"
}

@book{Marz:lambda,
 author={Marz,Nathan and Warren,James},
 title={Big Data: Principles and Best Practices of Scalable Realtime Data Systems},
 year={2015},
 isbn={1617290343,9781617290343},
 edition={1st},
 publisher={Manning Publications Co.},
 address={Greenwich,CT,USA},
} 

@misc{Kappa,
 author={Kreps,Jay},
 title={Questioning the Lambda Architecture},
 year={2014},
 url={https://www.oreilly.com/ideas/questioning-the-lambda-architecture}
}

@inproceedings{Liquid,
  title={Liquid: Unifying Nearline and Offline Big Data Integration},
  author={Raul Castro Fernandez and Peter R. Pietzuch and Jay Kreps and Neha Narkhede and Jun Rao and Joel Koshy and Dong Lin and Chris Riccomini and Guozhang Wang},
  booktitle={CIDR},
  year={2015}
}

@article{Spinosa2009ollinda,
  author={Spinosa,Eduardo J. and de Leon F. de Carvalho,Andr\'{e} Ponce and Gama,Jo\~{a}o},
  title={Novelty Detection with Application to Data Streams},
  year={2009},
  issue_date={August 2009},
  publisher={IOS Press},
  address={NLD},
  volume={13},
  number={3},
  issn={1088-467X},
  journal={Intell. Data Anal.},
  month=aug,
  pages={405–422},
  numpages={18},
  keywords={unsupervised learning,k-means,clustering,Novelty detection}
}

@article{Masud2010ECSMiner,
  author={M. Masud and J. Gao and L. Khan and J. Han and B. M. Thuraisingham},
  journal={IEEE Trans. on Knowledge and Data Engineering},
  title={Classification and Novel Class Detection in Concept-Drifting Data Streams under Time Constraints},
  year={2011},
  volume={23},
  number={6},
  pages={859-874},
  doi={10.1109/TKDE.2010.61},
  ISSN={1041-4347},
  month={June},
  publisher={IEEE},
  abstract={Most existing data stream classification techniques ignore one
  important aspect of stream data: arrival of a novel class. We address this issue
  and propose a data stream classification technique that integrates a novel class
  detection mechanism into traditional classifiers,enabling automatic detection
  of novel classes before the true labels of the novel class instances arrive.
  Novel class detection problem becomes more challenging in the presence of
  concept-drift,when the underlying data distributions evolve in streams. In
  order to determine whether an instance belongs to a novel class,the
  classification model sometimes needs to wait for more test instances to discover
  similarities among those instances. A maximum allowable wait time Tc is imposed
  as a time constraint to classify a test instance. Furthermore,most existing
  stream classification approaches assume that the true label of a data point can
  be accessed immediately after the data point is classified. In reality,a time
  delay Tl is involved in obtaining the true label of a data point since manual
  labeling is time consuming. We show how to make fast and correct classification
  decisions under these constraints and apply them to real benchmark data.
  Comparison with state-of-the-art stream classification techniques prove the
  superiority of our approach. {\textcopyright} 2011 IEEE.}
}

@InCollection{Gama2007,
  author="Gama, Jo{\~a}o and Rodrigues, Pedro Pereira",
  editor="Gama, Jo{\~a}o and Gaber, Mohamed Medhat",
  title="Data Stream Processing",
  bookTitle="Learning from Data Streams: Processing Techniques in Sensor Networks",
  year="2007",
  publisher="Springer Berlin Heidelberg",
  address="Berlin, Heidelberg",
  pages="25--39",
  isbn="978-3-540-73679-0",
  doi="10.1007/3-540-73679-4_3",
  url="https://doi.org/10.1007/3-540-73679-4_3"
}

@book{Gama2010,
  author="Gama,Jo{\~a}o and Rodrigues,Pedro Pereira",
  title="Knowledge Discovery from Data Streams",
  year="2010",
  editor="Gama,Jo{\~a}o and Gaber,Mohamed Medhat",
  publisher={Chapman and Hall/CRC},
  ISBN="9781439826119"
}

@article{Mukkamala2005,
author={Mukkamala,Srinivas and Sung,Andrew and Abraham,Ajith},
title={Cyber Security Challenges: Designing Efficient Intrusion Detection Systems and Antivirus Tools},
year={2005},
month={01},
pages={}
}

@inproceedings{Faria2013Minas,
  author    = {Faria, Elaine R. and Gama, Jo\~{a}o and Carvalho, Andr\'{e} C. P. L. F.},
  title     = {Novelty Detection Algorithm for Data Streams Multi-Class Problems},
  year      = {2013},
  isbn      = {9781450316569},
  publisher = {Association for Computing Machinery},
  address   = {New York, NY, USA},
  url       = {https://doi.org/10.1145/2480362.2480515},
  doi       = {10.1145/2480362.2480515},
  abstract = {Novelty detection has been presented in the literature as
  one-class problem. In this case, new examples are classified as either
  belonging to the target class or not. The examples not explained by the model
  are detected as belonging to a class named novelty. However, novelty detection
  is much more general, especially in data streams scenarios, where the number
  of classes might be unknown before learning and new classes can appear any
  time. In this case, the novelty concept is composed by different classes. This
  work presents a new algorithm to address novelty detection in data streams
  multi-class problems, the MINAS algorithm. Moreover, we also present a new
  experimental methodology to evaluate novelty detection methods in multi-class
  problems. The data used in the experiments include artificial and real data
  sets. Experimental results show that MINAS is able to discover novelties in
  multi-class problems.},
  booktitle = {Proceedings of the 28th Annual ACM Symposium on Applied Computing},
  pages     = {795–800},
  numpages  = {6},
  keywords  = {data stream, multi-class, novelty detection, clustering},
  location  = {Coimbra, Portugal},
  series    = {SAC '13}
}

@manual{Faria2013source,
  author  = {Faria, Elaine R},
  title   = {{Source codes of MINAS: MultI-class learNing Algorithm for data Streams}},
  address = {Universidade Federal de Uberlândia, Faculdade de Computação, Uberlândia, Minas Gerais, Brasil},
  month   = {aug},
  url     = {http://www.facom.ufu.br/~elaine/DadosMINAS/MINAS-SourceCode.rar},
  year    = {2013}
}

@inproceedings{Faria2013evaluation,
  author = {Faria, Elaine R. and Gonçalves, Isabel J.C.R. and Gama, João and Carvalho, Andre C.P.L.F.},
  title = {Evaluation Methodology for Multiclass Novelty Detection Algorithms},
  booktitle = {2013 Brazilian Conference on Intelligent Systems},

  doi={10.1109/BRACIS.2013.12},
  isbn={9780769550923},
  journal={Proceedings - 2013 Brazilian Conference on Intelligent Systems,BRACIS 2013},
  pages={19--25},
  
  abstract={Novelty detection is a useful ability for learning systems,
  especially in data stream scenarios,where new concepts can appear,known
  concepts can disappear and concepts can evolve over time. There are several
  studies in the literature investigating the use of machine learning
  classification techniques for novelty detection in data streams. However,
  there is no consensus regarding how to evaluate the performance of these
  techniques,particular for multiclass problems. In this study,we propose a
  new evaluation approach for multiclass data streams novelty detection
  problems. This approach is able to deal with: i) multiclass problems,ii)
  confusion matrix with a column representing the unknown examples,iii)
  confusion matrix that increases over time,iv) unsupervised learning,that
  generates novelties without an association with the problem classes and v)
  representation of the evaluation measures over time. We evaluate the
  performance of the proposed approach by known novelty detection algorithms
  with artificial and real data sets. {\textcopyright} 2013 IEEE.},
  
  year={2013}
}

@Article{Faria2016minas,
  author={de Faria, Elaine Ribeiro
  and Ponce de Leon Ferreira Carvalho, Andr{\'e} Carlos
  and Gama, Jo{\~a}o},
  title={MINAS: multiclass learning algorithm for novelty detection in data streams},
  journal={Data Mining and Knowledge Discovery},
  year={2016},
  month={May},
  day={01},
  volume={30},
  number={3},
  pages={640-680},
  abstract={Data stream mining is an emergent research area that aims at
  extracting knowledge from large amounts of continuously generated data.
  Novelty detection (ND) is a classification task that assesses if one or a set
  of examples differ significantly from the previously seen examples. This is an
  important task for data stream, as new concepts may appear, disappear or
  evolve over time. Most of the works found in the ND literature presents it as
  a binary classification task. In several data stream real life problems, ND
  must be treated as a multiclass task, in which, the known concept is composed
  by one or more classes and different new classes may appear. This work
  proposes MINAS, an algorithm for ND in data streams. MINAS deals with ND as a
  multiclass task. In the initial training phase, MINAS builds a decision model
  based on a labeled data set. In the online phase, new examples are classified
  using this model, or marked as unknown. Groups of unknown examples can be used
  later to create valid novelty patterns (NP), which are added to the current
  model. The decision model is updated as new data come over the stream in order
  to reflect changes in the known classes and allow the addition of NP. This
  work also presents a set of experiments carried out comparing MINAS and the
  main novelty detection algorithms found in the literature, using artificial
  and real data sets. The experimental results show the potential of the
  proposed algorithm.},
  issn={1573-756X},
  doi={10.1007/s10618-015-0433-y},
  url={https://doi.org/10.1007/s10618-015-0433-y}
}

@Article{Faria2016ndds,
  author={Faria, Elaine R.
  and Gon{\c{c}}alves, Isabel J. C. R.
  and de Carvalho, Andr{\'e} C. P. L. F.
  and Gama, Jo{\~a}o},
  title={Novelty detection in data streams},
  journal={Artificial Intelligence Review},
  year={2016},
  month={Feb},
  day={01},
  volume={45},
  number={2},
  pages={235-269},
  issn={1573-7462},
  doi={10.1007/s10462-015-9444-8},
  url={https://doi.org/10.1007/s10462-015-9444-8}
}

@article{DeFaria2015evaluation,
  title    = {Evaluation of Multiclass Novelty Detection Algorithms for Data Streams},
  author   = {de Faria, Elaine Ribeiro and Gonçalves, Isabel Ribeiro and Gama, Joao
  and Carvalho, Andre Carlos Ponce de Leon Ferreira},
  abstract = {{\textcopyright} 2015 IEEE. Data stream mining is an emergent
  research area that investigates knowledge extraction from large amounts of
  continuously generated data, produced by non-stationary distribution. Novelty
  detection, the ability to identify new or previously unknown situations, is a
  useful ability for learning systems, especially when dealing with data
  streams, where concepts may appear, disappear, or evolve over time. There are
  several studies currently investigating the application of novelty detection
  techniques in data streams. However, there is no consensus regarding how to
  evaluate the performance of these techniques. In this study, we propose a new
  evaluation methodology for multiclass novelty detection in data streams able
  to deal with: i) unsupervised learning, which generates novelty patterns
  without an association with the true classes, where one class may be composed
  of a novelty set, ii) confusion matrix that increases over time, iii)
  confusion matrix with a column representing unknown examples, i.e., those not
  explained by the model, and iv) representation of the evaluation measures over
  time. We propose a new methodology to associate the novelty patterns detected
  by the algorithm, in an unsupervised fashion, with the true classes. Finally,
  we evaluate the performance of the proposed methodology through the use of
  known novelty detection algorithms with artificial and real data sets.},
  journal  = {IEEE Transactions on Knowledge and Data Engineering},
  year     = {2015},
  volume   = {27},
  number   = {11},
  pages    = {2961-2973},
  doi      = {10.1109/TKDE.2015.2441713},
  issn     = {1041-4347},
  month    = {nov},
  url      = {http://ieeexplore.ieee.org/document/7118190/}
}

@article{Silva2013,
author={Silva,Jonathan A. and Faria,Elaine R. and Barros,Rodrigo C. and Hruschka,Eduardo R. and Carvalho,Andr\'{e} C. P. L. F. de and Gama,Jo\~{a}o},
title={Data Stream Clustering: A Survey},
year={2013},
issue_date={October 2013},
publisher={Association for Computing Machinery},
address={New York,NY,USA},
volume={46},
number={1},
issn={0360-0300},
url={https://doi.org/10.1145/2522968.2522981},
doi={10.1145/2522968.2522981},
journal={ACM Comput. Surv.},
month=jul,
articleno={Article 13},
numpages={31},
keywords={online clustering,Data stream clustering}
}

@incollection{NIST2011,
  author={Mell,Peter and Grance,Timothy},
  booktitle={Public Cloud Computing: Security and Privacy Guidelines},
  publisher={National Institute of Standards and Technology},
  isbn={9781620819821},
  mendeley-groups={Conceitos},
  organization={National Institute of Standards and Technology},
  pages={97--101},
  title={{The NIST definition of cloud computing: Recommendations of the National Institute of Standards and Technology}},
  url={http://faculty.winthrop.edu/domanm/csci411/Handouts/NIST.pdf},
  year={2012}
}

@article{Shi2016,
  title={Edge Computing: Vision and Challenges},
  author={Shi,Weisong and Cao,Jie and Zhang,Quan and Li,Youhuizi and Xu,Lanyu},
  doi={10.1109/JIOT.2016.2579198},
  issn={23274662},
  journal={IEEE Internet of Things Journal},
  keywords={Edge computing,Internet of Things (IoT),smart home and city},
  mendeley-groups={Conceitos/sbrc-refs},
  month={oct},
  number={5},
  pages={637--646},
  publisher={Institute of Electrical and Electronics Engineers Inc.},
  url={https://ieeexplore.ieee.org/abstract/document/7488250},
  volume={3},

  abstract={The proliferation of Internet of Things (IoT) and the success of
  rich cloud services have pushed the horizon of a new computing paradigm,edge
  computing,which calls for processing the data at the edge of the network. Edge
  computing has the potential to address the concerns of response time
  requirement,battery life constraint,bandwidth cost saving,as well as data
  safety and privacy. In this paper,we introduce the definition of edge
  computing,followed by several case studies,ranging from cloud offloading to
  smart home and city,as well as collaborative edge to materialize the concept of
  edge computing. Finally,we present several challenges and opportunities in the
  field of edge computing,and hope this paper will gain attention from the
  community and inspire more research in this direction.},

  year={2016}
}

@book{IEEECommunicationsSociety2018,
  title={IEEE Std 1934-2018: IEEE Standard for Adoption of OpenFog Reference Architecture for Fog Computing.},
  author={{IEEE Communications Society}},
  abstract={OpenFog Consortium--OpenFog Reference Architecture for Fog Computing
  is adopted by this standard. OpenFog Reference Architecture [OPFRA001.020817] is
  a structural and functional prescription of an open,interoperable,horizontal
  system architecture for distributing computing,storage,control and networking
  functions closer to the users along a cloud-to-thing continuum of communicating,
  computing,sensing and actuating entities. It encompasses various approaches to
  disperse Information Technology (IT),Communication Technology (CT) and
  Operational Technology (OT) Services through information messaging
  infrastructure as well as legacy and emerging multi-access networking
  technologies},
  keywords={Communication technology,Computer architecture,Edge computing,IEEE
  Standards,Information technology,OpenFog,adoption,communication technology
  IEEE 1934™,information technology,operational technology},
  booktitle={IEEE P1934/D2.0,April 2018},
  isbn={9781504450171},
  pages={176},
  publisher={IEEE},
  url={https://ieeexplore.ieee.org/document/8423800},
  year={2018}
}
@inproceedings{Bonomi2012,
  title={Fog computing and its role in the internet of things},
  author={Bonomi,Flavio and Milito,Rodolfo and Zhu,Jiang and Addepalli,Sateesh},
  booktitle={Proceedings of the first edition of the MCC workshop on Mobile cloud computing},
  abstract={Fog Computing extends the Cloud Computing paradigm to the edge of
  the network,thus enabling a new breed of applications and services. Defining
  characteristics of the Fog are: a) Low latency and location awareness; b)
  Widespread geographical distribution; c) Mobility; d) Very large number of
  nodes,e) Predominant role of wireless access,f) Strong presence of streaming
  and real time applications,g) Het-erogeneity. In this paper we argue that the
  above characteristics make the Fog the appropriate platform for a number of
  critical Internet of Things (IoT) services and applications ,namely,Connected
  Vehicle,Smart Grid ,Smart Cities,and,in general,Wireless Sensors and Actuators
  Networks (WSANs).},
  isbn={9781450315197},
  pages={13--16},
  keywords={Analytics,C2 [Computer-Communication Networks]: C24 Com-pute,Cloud
  Computing,IoT,Real Time Systems,Software Defined Networks,WSAN},
  mendeley-groups={Conceitos/sbrc-refs},
  url={http://www.lispmob.org},
  year={2012}
}

@inproceedings{Babcock2002,
author={Babcock,Brian and Babu,Shivnath and Datar,Mayur and Motwani,Rajeev and Widom,Jennifer},
title={Models and Issues in Data Stream Systems},
year={2002},
isbn={1581135076},
publisher={Association for Computing Machinery},
address={New York,NY,USA},
url={https://doi.org/10.1145/543613.543615},
doi={10.1145/543613.543615},
booktitle={Proceedings of the Twenty-First ACM SIGMOD-SIGACT-SIGART Symposium on Principles of Database Systems},
pages={1–16},
numpages={16},
location={Madison,Wisconsin},
series={PODS ’02}
}

@article{Stonebraker2005,
  title={The 8 requirements of real-time stream processing},
  author={Stonebraker,Michael and çetintemel,Uǧur and Zdonik,Stan},
  abstract={Applications that require real-time processing of high-volume data steams are pushing the limits of traditional data processing infrastructures. These stream-based applications include market feed processing and electronic trading on Wall Street,network and infrastructure monitoring,fraud detection,and command and control in military environments. Furthermore,as the "sea change" caused by cheap micro-sensor technology takes hold,we expect to see everything of material significance on the planet get "sensor- tagged" and report its state or location in real time. This sensorization of the real world will lead to a "green field" of novel monitoring and control applications with high-volume and low-latency processing requirements. Recently,several technologies have emerged - including off-the-shelf stream processing engines - specifically to address the challenges of processing high-volume,real-time data without requiring the use of custom code. At the same time,some existing software technologies,such as main memory DBMSs and rule engines,are also being "repurposed" by marketing departments to address these applications. In this paper,we outline eight requirements that a system software should meet to excel at a variety of real-time stream processing applications. Our goal is to provide high-level guidance to information technologists so that they will know what to look for when evaluation alternative stream processing solutions. As such,this paper serves a purpose comparable to the requirements papers in relational DBMSs and on-line analytical processing. We also briefly review alternative system software technologies in the context of our requirements. The paper attempts to be vendor neutral,so no specific commercial products are mentioned.},
  journal={SIGMOD Record},
  volume={34},
  number={4},
  pages={42--47},
  doi={10.1145/1107499.1107504},
  url={https://doi.org/10.1145/1107499.1107504},
  issn={01635808},
  mendeley-groups={minas/sbrc-2019-refs},
  month={dec},
  year={2005}
}

@book{marz2015big,
  title={Big Data: Principles and best practices of scalable real-time data systems},
  author={Marz,Nathan and Warren,James},
  year={2015},
  publisher={New York; Manning Publications Co.}
}

@article{Gaber2005,
title={Mining Data Streams: A Review},
author={Gaber,Mohamed Medhat and Zaslavsky,Arkady and Krishnaswamy,Shonali},
year={2005},
issue_date={June 2005},
publisher={Association for Computing Machinery},
address={New York,NY,USA},
volume={34},
number={2},
issn={0163-5808},
url={https://doi.org/10.1145/1083784.1083789},
doi={10.1145/1083784.1083789},
journal={SIGMOD Rec.},
month={jun},
pages={18–26},
numpages={9}
}

@Inbook{Almusallam2017,
title="Dimensionality Reduction for Intrusion Detection Systems in Multi-data Streams---A Review and Proposal of Unsupervised Feature Selection Scheme",
bookTitle="Emergent Computation : A Festschrift for Selim G. Akl",
author="Almusallam,Naif Y. and Tari,Zahir and Bertok,Peter and Zomaya,Albert Y.",
editor="Adamatzky,Andrew",
year="2017",
publisher="Springer International Publishing",
address="Cham",
pages="467--487",
abstract="An Intrusion Detection System (IDS)Intrusion Detection Systemis a security mechanism that is intended to dynamically inspect traffic in order to detect any suspicious behaviour or launched attacks. However,it is a challenging task to apply IDS for large and high dimensional data streams. Data streams have characteristics that are quite distinct from those of statistical databases,which greatly impact on the performance of the anomaly-based ID algorithms used in the detection process. These characteristics include,but are not limited to,the processing of large data as they arrive (real-time),the dynamic nature of data streams,the curse of dimensionality,limited memory capacity and high complexity. Therefore,the main challenge in this area of research is to design efficient data-driven ID systems that are capable of efficiently dealing with data streams by considering these specific traffic characteristics. This chapter provides an overview of some of the relevant work carried out in three major fields related to the topic,namely feature selections (FS),intrusion detection systems (IDS) and anomaly detectionAnomaly detection in multi data streams. This overview is intended to provide the reader with a better understanding of the major recent works in the area. By critically investigating and combining those three fields,researchers and practitioners will be better able to develop efficient and robust IDS for data streams. At the end of this chapter,we provide two basic models: an Unsupervised Feature Selection to Improve Detection Accuracy for Anomaly Detection (UFSAD) and its extension (UFSAD-MS) for multi streams,that could reduce the volume and the dimensionality of the big data resulting from the streams. The reduction is based on the selection of only the relevant features and removing irrelevant and redundant ones. The last section of the chapter provides an example of the developed UFSAD model,followed by some experimental results. UFSAD-MS is provided as a conceptual model as it is in the implementation phase.",
isbn="978-3-319-46376-6",
doi="10.1007/978-3-319-46376-6_22",
url="https://doi.org/10.1007/978-3-319-46376-6_22"
}

@misc{Kreps2014,
title={{Questioning the Lambda Architecture – O'Reilly}},
author={Kreps,Jay},
keywords={AI {\&} ML,Data},
mendeley-groups={minas/cassales},
pages={10},
url={https://www.oreilly.com/radar/questioning-the-lambda-architecture/},
urldate={2020-02-10},
year={2014}
}

@article{lin2017lambda,
  title={The lambda and the kappa},
  author={Lin,Jimmy},
  journal={IEEE Internet Computing},
  number={5},
  pages={60--66},
  year={2017},
  publisher={IEEE}
}

@inproceedings{Kambourakis2017,
  title={{The Mirai botnet and the IoT Zombie Armies}},
  author={Kambourakis,Georgios and Kolias,Constantinos and Stavrou,Angelos},
  url={http://ieeexplore.ieee.org/document/8170867/},
  booktitle={MILCOM 2017 - 2017 IEEE Military Communications Conference (MILCOM)},
  abstract={{\textcopyright} 2017 IEEE. The rapidly growing presence of Internet of Things (IoT) devices is becoming a continuously alluring playground for malicious actors who try to harness their vast numbers and diverse locations. One of their primary goals is to assemble botnets that can serve their nefarious purposes,ranging from Denial of Service (DoS) to spam and advertisement fraud. The most recent example that highlights the severity of the problem is the Mirai family of malware,which is accountable for a plethora of massive DDoS attacks of unprecedented volume and diversity. The aim of this paper is to offer a comprehensive state-of-the-art review of the IoT botnet landscape and the underlying reasons of its success with a particular focus on Mirai and major similar worms. To this end,we provide extensive details on the internal workings of IoT malware,examine their interrelationships,and elaborate on the possible strategies for defending against them.},
  doi={10.1109/MILCOM.2017.8170867},
  isbn={978-1-5386-0595-0},
  keywords={Botnet,DDoS,Hajime,IoT,Mirai,Network Security},
  mendeley-groups={minas/generic},
  month={oct},
  pages={267--272},
  publisher={IEEE},
  volume={2017-Octob},
  year={2017}
}

@misc{mawiSamplepointF,
  title={{Index of /mawi/samplepoint-F}},
  author={{MAWI Working Group Traffic Archive}},
  year={2020},
  url={http://mawi.wide.ad.jp/mawi/samplepoint-F/},
  urldate={2020-02-11}
}
@inproceedings{Fontugne2010,
  author={Fontugne,Romain and Borgnat,Pierre and Abry,Patrice and Fukuda,Kensuke},
  title={MAWILab: Combining Diverse Anomaly Detectors for Automated Anomaly Labeling and Performance Benchmarking},
  booktitle={ACM CoNEXT '10},
  month={December},
  year={2010},
  address={Philadelphia,PA},
  numpages={12},
  pages={1--12},

  abstract={Evaluating anomaly detectors is a crucial task in traffic
  monitoring made particularly difficult due to the lack of ground truth. The
  goal of the present article is to assist researchers in the evaluation of
  detectors by providing them with labeled anomaly traffic traces. We aim at
  automatically finding anomalies in the MAWI archive using a new methodology
  that combines different and independent detectors. A key challenge is to
  compare the alarms raised by these detectors ,though they operate at
  different traffic granularities. The main contribution is to propose a
  reliable graph-based methodology that combines any anomaly detector outputs.
  We evaluated four unsupervised combination strategies; the best is the one
  that is based on dimensionality reduction. The synergy between anomaly
  detectors permits to detect twice as many anomalies as the most accurate
  detector,and to reject numerous false positive alarms reported by the
  detectors. Significant anomalous traffic features are extracted from reported
  alarms,hence the labels assigned to the MAWI archive are concise. The results
  on the MAWI traffic are publicly available and updated daily. Also,this
  approach permits to include the results of upcoming anomaly detectors so as to
  improve over time the quality and variety of labels.}
}

@article{MOA,
  author   ={Albert Bifet and
               Geoff Holmes and
               Richard Kirkby and
               Bernhard Pfahringer},
  title    ={{MOA:} Massive Online Analysis},
  journal  ={J. Mach. Learn. Res.},
  volume   ={11},
  pages    ={1601--1604},
  year     ={2010},
  url      ={http://portal.acm.org/citation.cfm?id=1859903},
  timestamp={Wed,10 Jul 2019 15:28:40 +0200},
  biburl   ={https://dblp.org/rec/journals/jmlr/BifetHKP10.bib},
  notes="DBLP:journals/jmlr/BifetHKP10",
  bibsource={dblp computer science bibliography,https://dblp.org}
}

@phdthesis{DaSilva2018thesis,
  title={{Abordagem Fuzzy para Detecção de Novidade em Fluxo Contínuo de Dados}},
  author={da Silva, Tiago Pinho},
  
  abstract={In recent years,we have witnessed the advent of computational
  systems capable of generating an immense amount of data in a short time
  period. These applications can be found in areas such as sensor networks,
  financial markets and computer networks. Systems that produce data
  incessantly,creating a continuous Data Stream (DS),can be infinite in size
  and can mutate in its statistical distribution over time. These DS can be used
  as sources for the automatic acquisition of useful knowledge by machine
  learning methods. However,the infinite and mutable nature of these data sets
  can essentially cause new concepts to emerge,which are examples that differ
  significantly from the examples learned by the model. Occurrences of this
  behavior in real-world applications may be credit card fraud or computer
  network intrusions. In this way,the task of detecting these examples,known
  as novelty de- tection,stands out as an important research topic. In general,
  classical methods for detecting novelty are not able to deal with the
  particularities of DS. Thus,differ- ent approaches have been proposed in
  order to create adaptable models that can accomplish this task. However,the
  unpredictable characteristics of DS's create dif- ficulties in the learning
  process,encouraging the search for a more flexible learning. The integration
  of fuzzy set theory concepts is a timely way of making DS learning more
  adaptable to imprecisions. Recently,there have been proposals for machine
  learning models in DS based on fuzzy sets theory with the objective of
  collaborating for the flexibility and adaptability of the knowledge learned in
  DS's. Nonetheless,in the context of novelty detection the proposed approaches
  are few and limited to the domains of study. This paper presents a proposal
  for a fuzzy approach to detecting novelty in DS investigating techniques for
  detection of novelty in DS and machine learning models in DS based on fuzzy
  set theory. The analysis of the results,showed that the proposals favor the
  novelty detection task,facilitating the identification of discrepant data
  through the representation and treatment of imprecise data.},
  
  keywords={data streams,fuzzy sets theory,novelty detection,soft computing},
  pages={89},
  school={Universidade Federal de São Carlos},
  type={Master},
  url={https://repositorio.ufscar.br/handle/ufscar/10544},
  mendeley-groups={minas/faria},
  year={2018}
}
@article{DaSilva2018,
  title={{A fuzzy multiclass novelty detector for data streams}},
  author={da Silva,Tiago Pinho and Schick,Leonardo and {De Abreu Lopes},Priscilla and {De Arruda Camargo},Heloisa},
  
  abstract={In many real-world applications data arrive continuously,in the
  form of streams. Such data can be used for the acquisition of knowledge by
  machine learning methods. In data streams learning,novelty detection is a
  relevant topic,which aims to identify the emergence of a new concept or a
  drift in the known concept in real time. Most approaches in the literature
  that focus on the novelty detection problem,make assumptions that limit the
  method usefulness. For instance,some methods are designed lying on the
  supposition that labeled data will be available at some time in the stream,
  while others restrict the proposed algorithm to one-class problems. Some
  recent approaches aim to overcome the limitations mentioned,considering
  multiclass problems and unlabeled data sets. In addition,there are also
  proposals that explore concepts of fuzzy set theory to add more flexibility to
  the learning process,although restricted to labeled data sets. In this paper,
  we propose a fuzzy multiclass novelty detector for data streams called FuzzND,
  as a fuzzy extension of the MINAS algorithm. Our algorithm generates a model
  based on fuzzy micro-clusters that provides flexible class boundaries.
  Allowing the identification of different types of novel information,i.e,
  novel classes,extension of classes or outliers more efficiently. Experiments
  show that our approach is promising in dealing with the changes in data
  streams and presents improvements in comparison to the non-fuzzy version.},
  
  journal={IEEE International Conference on Fuzzy Systems},
  pages={1--8},
  volume={2018-July},
  doi={10.1109/Fuzz-Ieee.2018.8491545},
  isbn={9781509060207},
  issn={10987584},
  publisher={IEEE},
  mendeley-groups={minas/faria},
  year={2018}
}

@inproceedings{Costa2019,
  title = {Novelty Detection for Multi-Label Stream Classification},
  author = {J{\'u}nior, Joel D Costa and Faria, Elaine R and Silva, Jonathan A and Gama, Joao and Cerri, Ricardo},
  abstract={In Multi-Label Stream Classification (MLSC) examples arriving in a
    stream can be simultaneously classified into multiple classes. This is a very
    challenging task,especially considering that new classes can emerge during
    the stream (Concept Evolution),and known classes can change over time
    (Concept Drift). In real situations,these characteristics come together with
    a scenario with Infinitely Delayed Labels,where we can never access the true
    class labels of the examples to update classifiers. In order to overcome these
    issues,this paper proposes a new method called MultI-label learNing Algorithm
    for Data Streams with Binary Relevance transformation (MINAS-BR). Our proposal
    uses a new Novelty Detection (ND) procedure to detect concept evolution and
    concept drift,being updated in an unsupervised fashion. We also propose a new
    methodology to evaluate MLSC methods in scenarios with Infinitely Delayed
    Labels. Experiments over synthetic datasets attested the potential of
    MINAS-BR,which was able to adapt to different concept drift and concept
    evolution scenarios,obtaining superior or competitive performances in
    comparison to literature baselines.},
  keywords={Concept Evolution,Infinitely Delayed Labels,Multi-label Stream Classification,Novelty Detection},
  booktitle = {2019 8th Brazilian Conference on Intelligent Systems (BRACIS)},
  doi={10.1109/BRACIS.2019.00034},
  isbn={9781728142531},
  pages={144--149},
  year = {2019},
  organization = {IEEE}
}

@article{Sokolova2009,
author={Sokolova,Marina and Lapalme,Guy},
title={A Systematic Analysis of Performance Measures for Classification Tasks},
year={2009},
issue_date={July 2009},
publisher={Pergamon Press,Inc.},
address={USA},
volume={45},
number={4},
issn={0306-4573},
url={https://doi.org/10.1016/j.ipm.2009.03.002},
doi={10.1016/j.ipm.2009.03.002},
journal={Inf. Process. Manage.},
month=jul,
pages={427–437},
numpages={11},
keywords={Performance evaluation,Machine Learning,Text classification}
}


@article{Vijaya2004505,
  title="Leaders–Subleaders: An efficient hierarchical clustering algorithm for large data sets",
  author="P.A Vijaya and M Narasimha Murty and D.K Subramanian",
  journal="Pattern Recognition Letters",
  year="2004",
  month={mar},
  volume="25",
  number="4",
  pages="505 - 513",
  issn="0167-8655",
  doi="https://doi.org/10.1016/j.patrec.2003.12.013",
  url="http://www.sciencedirect.com/science/article/pii/S0167865503002824",
  keywords="Incremental clustering,Leaders and subleaders,Hierarchical structure,Subgroups/subclusters,Prototypes/representatives",
  publisher={Elsevier},

  abstract="In this paper,an efficient hierarchical clustering algorithm,
  suitable for large data sets is proposed for effective clustering and prototype
  selection for pattern classification. It is another simple and efficient
  technique which uses incremental clustering principles to generate a
  hierarchical structure for finding the subgroups/subclusters within each
  cluster. As an example,a two level clustering algorithm––‘Leaders–Subleaders’,
  an extension of the leader algorithm is presented. Classification accuracy (CA)
  obtained using the representatives generated by the Leaders–Subleaders method is
  found to be better than that of using leaders as representatives. Even if more
  number of prototypes are generated,classification time is less as only a part
  of the hierarchical structure is searched."
}



@phdthesis{Costa2019thesis,
  title={Detecção De Novidade Em Fluxos Contínuos De Dados Multirrótulo},
  author={Costa,Joel David},
  keywords={Data stream,infinitely delayed labels,multilabel classification,novelty detection},
  pages={127},
  school={UFSCar - Universidade Federal de São Carlos},
  type={Master},
  url={https://repositorio.ufscar.br/handle/ufscar/12197},
  year={2019},
  
  abstract={Multi-label Stream Classification (MLSC) aims at classifying
  streaming examples into multiple classes simultaneously. It is a very
  challenging task,since new classes may emerge (concept evolution),and known
  classes may change over the stream (concept drift. Most of classifier methods
  deal with the aforementioned characteristics updating their models when
  actuals labels of examples become available,it is a very optimistic scenario
  though,since for many data streams application these labels are never
  available,hence is unfeasible to update models in a supervised fashion. This
  is known as infinitely delayed labels problems and a task that has been stood
  out for dealing with it,is the Novelty Detection (ND). ND aims at detecting
  new patterns in arriving streaming examples that,in some aspect,might differ
  from the previously observed patterns and then used for updating the decision
  models. Despite different ND procedures have been proposed in the literature,
  it is still an open problem for MLSC. In this work we proposed two new
  methods: the MultI-label learNing Algorithm for data Streams with Label
  Combination-based methods (MINAS-LC) which applies ND to deal exclusively with
  concept drifts and the MultIlabel learNing Algorithm for data Streams with
  Binary Relevance transformation (MINAS-BR) which applies ND to deal with both
  concept drifts and concept evolution either. The methods address problem
  transformation techniques to deal with multi-labelled data at the offline
  phase and build micro-clusters based decision models. At the online phase the
  arrival examples are classified or rejected (labelled as unknown) by the
  current decision models. Rejected examples are used in ND phase to shape new
  micro-clusters,maintaining the decision models updated. The ND phase is run
  from time to time to work around concept drifts and concept evolution.
  Experiments over synthetic and real-world data sets with different degrees of
  concept drift and concept evolution attested the potential of MINAS-BR and
  MINAS-LC,in which have obtained significant results when compared to baseline
  methods.}
}

@inproceedings{souza2015,
  title={Data stream classification guided by clustering on nonstationary environments and extreme verification latency},
  author={Souza,Vin{\'\i}cius MA and Silva,Diego F and Gama,Jo{\~a}o and Batista,Gustavo E.A.P.A.},
  booktitle={Proceedings of the 2015 SIAM International Conference on Data Mining},
  pages={873--881},
  year={2015},
  organization={SIAM},
  url={https://doi.org/10.1137/1.9781611974010.98},
  doi={10.1137/1.9781611974010.98},
  isbn={9781510811522},
  keywords={Concept drift,Data stream classification,Extreme verification latency},
  publisher={Society for Industrial and Applied Mathematics Publications},
  
  abstract={Data stream classification algorithms for nonstationary
  environments frequently assume the availability of class labels,instantly or
  with some lag after the classification. However,certain applications,mainly
  those related to sensors and robotics,involve high costs to obtain new labels
  during the classification phase. Such a scenario in which the actual labels of
  processed data are never available is called extreme verification latency.
  Extreme verification latency requires new classification methods capable of
  adapting to possible changes over time without external supervision. This
  paper presents a fast,simple,intuitive and accurate algorithm to classify
  nonstationary data streams in an extreme verification latency scenario,namely
  Stream Classification Algorithm Guided by Clustering - SCARGC. Our method
  consists of a clustering followed by a classification step applied repeatedly
  in a closed loop fashion. We show in several classification tasks evaluated in
  synthetic and real data that our method is faster and more accurate than the
  state-of-the-art.},
}



@phdthesis{Costa2019thesis__,
  title={DETECÇÃO DE NOVIDADE EM FLUXOS CONTÍNUOS DE DADOS MULTIRRÓTULO},
  author={Costa,Joel David},
  keywords={Data stream,infinitely delayed labels,multilabel classification,novelty detection},
  pages={127},
  school={UNIVERSIDADE FEDERAL DE SãO CARLOS},
  type={Master},
  url={https://repositorio.ufscar.br/handle/ufscar/12197},
  year={2019},
  
  abstract={Multi-label Stream Classification (MLSC) aims at classifying
  streaming examples into multiple classes simultaneously. It is a very
  challenging task,since new classes may emerge (concept evolution),and known
  classes may change over the stream (concept drift. Most of classifier methods
  deal with the aforementioned characteristics updating their models when
  actuals labels of examples become available,it is a very optimistic scenario
  though,since for many data streams application these labels are never
  available,hence is unfeasible to update models in a supervised fashion. This
  is known as infinitely delayed labels problems and a task that has been stood
  out for dealing with it,is the Novelty Detection (ND). ND aims at detecting
  new patterns in arriving streaming examples that,in some aspect,might differ
  from the previously observed patterns and then used for updating the decision
  models. Despite different ND procedures have been proposed in the literature,
  it is still an open problem for MLSC. In this work we proposed two new
  methods: the MultI-label learNing Algorithm for data Streams with Label
  Combination-based methods (MINAS-LC) which applies ND to deal exclusively with
  concept drifts and the MultIlabel learNing Algorithm for data Streams with
  Binary Relevance transformation (MINAS-BR) which applies ND to deal with both
  concept drifts and concept evolution either. The methods address problem
  transformation techniques to deal with multi-labelled data at the offline
  phase and build micro-clusters based decision models. At the online phase the
  arrival examples are classified or rejected (labelled as unknown) by the
  current decision models. Rejected examples are used in ND phase to shape new
  micro-clusters,maintaining the decision models updated. The ND phase is run
  from time to time to work around concept drifts and concept evolution.
  Experiments over synthetic and real-world data sets with different degrees of
  concept drift and concept evolution attested the potential of MINAS-BR and
  MINAS-LC,in which have obtained significant results when compared to baseline
  methods.}
}

@article{Vijaya2004505__,
  title="Leaders–Subleaders: An efficient hierarchical clustering algorithm for large data sets",
  author="P.A Vijaya and M Narasimha Murty and D.K Subramanian",
  journal="Pattern Recognition Letters",
  year="2004",
  month={mar},
  volume="25",
  number="4",
  pages="505 - 513",
  issn="0167-8655",
  doi="https://doi.org/10.1016/j.patrec.2003.12.013",
  url="http://www.sciencedirect.com/science/article/pii/S0167865503002824",
  keywords="Incremental clustering,Leaders and subleaders,Hierarchical structure,Subgroups/subclusters,Prototypes/representatives",
  publisher={Elsevier},

  abstract="In this paper,an efficient hierarchical clustering algorithm,
  suitable for large data sets is proposed for effective clustering and prototype
  selection for pattern classification. It is another simple and efficient
  technique which uses incremental clustering principles to generate a
  hierarchical structure for finding the subgroups/subclusters within each
  cluster. As an example,a two level clustering algorithm––‘Leaders–Subleaders’,
  an extension of the leader algorithm is presented. Classification accuracy (CA)
  obtained using the representatives generated by the Leaders–Subleaders method is
  found to be better than that of using leaders as representatives. Even if more
  number of prototypes are generated,classification time is less as only a part
  of the hierarchical structure is searched."
}


@inproceedings{souza2015__,
  title={Data stream classification guided by clustering on nonstationary environments and extreme verification latency},
  author={Souza,Vin{\'\i}cius MA and Silva,Diego F and Gama,Jo{\~a}o and Batista,Gustavo E.A.P.A.},
  booktitle={Proceedings of the 2015 SIAM International Conference on Data Mining},
  pages={873--881},
  year={2015},
  organization={SIAM},
  url={https://doi.org/10.1137/1.9781611974010.98},
  doi={10.1137/1.9781611974010.98},
  isbn={9781510811522},
  keywords={Concept drift,Data stream classification,Extreme verification latency},
  publisher={Society for Industrial and Applied Mathematics Publications},
  
  abstract={Data stream classification algorithms for nonstationary
  environments frequently assume the availability of class labels,instantly or
  with some lag after the classification. However,certain applications,mainly
  those related to sensors and robotics,involve high costs to obtain new labels
  during the classification phase. Such a scenario in which the actual labels of
  processed data are never available is called extreme verification latency.
  Extreme verification latency requires new classification methods capable of
  adapting to possible changes over time without external supervision. This
  paper presents a fast,simple,intuitive and accurate algorithm to classify
  nonstationary data streams in an extreme verification latency scenario,namely
  Stream Classification Algorithm Guided by Clustering - SCARGC. Our method
  consists of a clustering followed by a classification step applied repeatedly
  in a closed loop fashion. We show in several classification tasks evaluated in
  synthetic and real data that our method is faster and more accurate than the
  state-of-the-art.},
}

@misc{ApacheStorm2020,
  author={{Apache Software Foundation}},
  title={Apache Storm},
  url={https://storm.apache.org/},
  year={2020}
}
  
@inproceedings{toshniwal2014storm,
  title     = {Storm @twitter},
  author    = {Toshniwal, Ankit and Taneja, Siddarth and Shukla, Amit and Ramasamy, Karthik and Patel, Jignesh M and Kulkarni, Sanjeev and Jackson, Jason and Gade, Krishna and Fu, Maosong and Donham, Jake and others},
  booktitle = {Proceedings of the 2014 ACM SIGMOD international conference on Management of data},
  pages     = {147--156},
  year      = {2014}
}

@techreport{Carbone2015,
  title={{Apache Flink™: Stream and Batch Processing in a Single Engine}},
  author={Carbone,Paris and Katsifodimos,Asterios and Ewen,Stephan and Markl,Volker and Haridi,Seif and Tzoumas,Kostas},
  abstract={Citation for the original published paper (version of record):
  Carbone,P.,Katsifodimos,A.,Ewen,S.,Markl,V.,Haridi,S. et al. (2015)
  Apache flink: Stream and batch processing in a single engine. Abstract Apache
  Flink 1 is an open-source system for processing streaming and batch data. Flink
  is built on the philosophy that many classes of data processing applications,
  including real-time analytics,continuous data pipelines,historic data
  processing (batch),and iterative algorithms (machine learning,graph analysis)
  can be expressed and executed as pipelined fault-tolerant dataflows. In this
  paper,we present Flink's architecture and expand on how a (seemingly diverse)
  set of use cases can be unified under a single execution model.},
  institution={KTH,Software and Computer systems,SCS; SICS Sweden},
  booktitle={Bulletin of the IEEE Computer Society Technical Committee on Data Engineering. Bulletin of the IEEE Computer Society Technical Committee on Data Engineering},
  url={http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-198940},
  number={4},
  volume={36},
  year={2015}
}

@misc{ApacheFlink2020,
  author={{Apache Flink}},
  title={{Apache Flink}},
  url={https://flink.apache.org/},
  urldate={2020-02-15},
  year={2020}
}

@inproceedings{Spinosa2008,
  author={Spinosa,Eduardo J. and de Leon F. de Carvalho,Andr\'{e} Ponce and Gama,Jo\~{a}o},
  title={Cluster-Based Novel Concept Detection in Data Streams Applied to Intrusion Detection in Computer Networks},
  year={2008},
  isbn={9781595937537},
  publisher={Association for Computing Machinery},
  address={New York,NY,USA},
  url={https://doi.org/10.1145/1363686.1363912},
  doi={10.1145/1363686.1363912},
  booktitle={Proceedings of the 2008 ACM Symposium on Applied Computing},
  pages={976–980},
  numpages={5},
  keywords={clustering,data streams,novelty detection},
  location={Fortaleza,Ceara,Brazil},
  series={SAC ’08}
}

@article{Monroy2006timely,
  title={On the Timely Detection of Mimicry Attacks},
  author={Monroy,Ra{\'u}l and Trejo,LA and Mex,C and Nolazco,JA},
  journal={Departamento deficiencias computacionales,Campus Estado de M{\'e}xico del Tecnol{\'o}gico de Monterrey,Programa FRIDA},
  year={2006}
}
@inproceedings{Coull2003,
  title={Intrusion detection: A bioinformatics approach},
  author={Coull,Scott and Branch,Joel and Szymanski,Boleslaw and Breimer,Eric},
  booktitle={19th Annual Computer Security Applications Conference,2003. Proceedings.},
  pages={24--33},
  year={2003},
  organization={IEEE}
}
@InCollection{Zhang2006,
  author="Zhang,Jiafan
  and Yan,Qinghua
  and Zhang,Yonglin
  and Huang,Zhichu",
  editor="Huang,De-Shuang
  and Li,Kang
  and Irwin,George William",
  title="Novel Fault Class Detection Based on Novelty Detection Methods",
  bookTitle="Intelligent Computing in Signal Processing and Pattern Recognition: International Conference on Intelligent Computing,ICIC 2006 Kunming,China,August 16--19,2006",
  year="2006",
  publisher="Springer Berlin Heidelberg",
  address="Berlin,Heidelberg",
  pages="982--987",
  isbn="978-3-540-37258-5",
  doi="10.1007/978-3-540-37258-5_124",
  url="https://doi.org/10.1007/978-3-540-37258-5_124"
}

@article{singh2004approach,
  title={An approach to novelty detection applied to the classification of image regions},
  author={Singh,Sameer and Markou,Markos},
  journal={IEEE Transactions on Knowledge and Data Engineering},
  volume={16},
  number={4},
  pages={396--407},
  year={2004},
  publisher={IEEE}
}
@inproceedings{wang2003mining,
  author={Wang,Haixun and Fan,Wei and Yu,Philip S. and Han,Jiawei},
  title={Mining Concept-Drifting Data Streams Using Ensemble Classifiers},
  year={2003},
  isbn={1581137370},
  publisher={Association for Computing Machinery},
  address={New York,NY,USA},
  url={https://doi.org/10.1145/956750.956778},
  doi={10.1145/956750.956778},
  booktitle={Proceedings of the Ninth ACM SIGKDD International Conference on Knowledge Discovery and Data Mining},
  pages={226–235},
  numpages={10},
  keywords={classifier,classifier ensemble,concept drift,data streams},
  location={Washington,D.C.},
  series={KDD ’03}
}
@article{Abdallah201690,
  title="Fraud detection system: A survey",
  journal="Journal of Network and Computer Applications",
  volume="68",
  pages="90 - 113",
  year="2016",
  issn="1084-8045",
  doi="https://doi.org/10.1016/j.jnca.2016.04.007",
  url="http://www.sciencedirect.com/science/article/pii/S1084804516300571",
  author="Aisha Abdallah and Mohd Aizaini Maarof and Anazida Zainal",
  keywords="Fraud,Fraud detection systems (FDSs),Areas of fraud,E-commerce systems,Credit card system,Telecommunication system,Issues and challenges,Concept drift,Skewed distribution,Large amount of data,Support real time detection",
  abstract="The increment of computer technology use and the continued growth of companies have enabled most financial transactions to be performed through the electronic commerce systems,such as using the credit card system,telecommunication system,healthcare insurance system,etc. Unfortunately,these systems are used by both legitimate users and fraudsters. In addition,fraudsters utilized different approaches to breach the electronic commerce systems. Fraud prevention systems (FPSs) are insufficient to provide adequate security to the electronic commerce systems. However,the collaboration of FDSs with FPSs might be effective to secure electronic commerce systems. Nevertheless,there are issues and challenges that hinder the performance of FDSs,such as concept drift,supports real time detection,skewed distribution,large amount of data etc. This survey paper aims to provide a systematic and comprehensive overview of these issues and challenges that obstruct the performance of FDSs. We have selected five electronic commerce systems; which are credit card,telecommunication,healthcare insurance,automobile insurance and online auction. The prevalent fraud types in those E-commerce systems are introduced closely. Further,state-of-the-art FDSs approaches in selected E-commerce systems are systematically introduced. Then a brief discussion on potential research trends in the near future and conclusion are presented."
}

@inproceedings{Hayat2010dct,
  title={A DCT based approach for detecting novelty and concept drift in data streams},
  author={Hayat,Morteza Zi and Hashemi,Mahmoud Reza},
  booktitle={2010 International Conference of Soft Computing and Pattern Recognition,SoCPaR 2010},
  keywords={Classification,Clustering,Component,Concept drift,Data stream,Novelty detection},
  pages={373--378},
  doi={10.1109/SOCPAR.2010.5686734},
  isbn={9781424478958},
  year={2010},
  organization={IEEE},
  
  abstract={Data streams are one of the most challenging environments for
  machine learning. In many applications,the high volume data streams have an
  inherent concept drift over time. Identifying novel classes and detecting the
  occurrence of concept drift in such an environment is a major challenge. In
  this paper,a new method has been proposed to detect novelty and handle
  concept drift with limited required memory and storage space. The method is
  based on clustering algorithm. It uses Discrete Cosine Transform to build
  compact generative models which are then used to detect novel classes and
  concept drift effectively. The proposed method has been evaluated with seven
  common data sets from various domains. The results indicate its superior
  performance when compared with existing methods in terms of novelty and drift
  detection,computational complexity and memory requirements. {\textcopyright}
  2010 IEEE.}
}

@article{Vallim20136258,
  title="Online behavior change detection in computer games",
  journal="Expert Systems with Applications",
  volume="40",
  number="16",
  pages="6258 - 6265",
  year="2013",
  issn="0957-4174",
  doi="https://doi.org/10.1016/j.eswa.2013.05.059",
  url="http://www.sciencedirect.com/science/article/pii/S0957417413003576",
  author="Rosane M.M. Vallim and José A. Andrade Filho and Rodrigo F. de Mello and André C.P.L.F. de Carvalho",
  keywords="Online player modeling,Behavior change detection,Data Stream Mining",
  abstract="Player Modelling has been receiving much attention from the game community in the recent years. The ability to build accurate models of player behavior can be useful in many aspects of a game. One important aspect is the tracking of a player’s behavior along time,informing every time a change is perceived. This way,the game Artificial Intelligence can adapt itself to better respond to this new behavior. In order to build models of player behavior,researchers frequently resort to Machine Learning techniques. Such methods work on previously recorded game metrics representing player’s interactions with the game environment. However,if the player changes styles over time,the constructed models get out of date. In order to address this drawback,this work proposes the use of and incremental learning technique to track a player’s behavior during his/her interaction with the game environment. Our approach attempts to automatically detect the moments in time when the player changes behavior. We apply a change detection technique from the area of Data Stream Mining that is based on incremental clustering and novelty detection. We also propose three modifications to the original technique,in order to formalize change detection,improve detection rate and reduce detection delay. Simulations were performed considering data produced by the Unreal Tournament game,showing the applicability of the method to online tracking of a player’s behavior and informing whenever behavior changes occur."
}
@article{Lavin2015,
  title={Evaluating Real-time Anomaly Detection Algorithms - the Numenta Anomaly Benchmark},
  author={Lavin,Alexander and Ahmad,Subutai},
  year={2015},
  archivePrefix={arXiv},
  arxivId={1510.03336},
  doi={10.1109/ICMLA.2015.141},
  eprint={1510.03336},
  journal={Proceedings - 2015 IEEE 14th International Conference on Machine Learning and Applications,ICMLA 2015},
  keywords={Anomaly detection,Benchmarks,Streaming data,Time-series data},
  mendeley-groups={minas/faria},
  month={oct},
  pages={38--44},
  publisher={Institute of Electrical and Electronics Engineers Inc.},
  url={http://arxiv.org/abs/1510.03336 http://dx.doi.org/10.1109/ICMLA.2015.141},
  
  abstract={Much of the world's data is streaming,time-series data,where
  anomalies give significant information in critical situations; examples abound
  in domains such as finance,IT,security,medical,and energy. Yet detecting
  anomalies in streaming data is a difficult task,requiring detectors to
  process data in real-time,not batches,and learn while simultaneously making
  predictions. There are no benchmarks to adequately test and score the efficacy
  of real-time anomaly detectors. Here we propose the Numenta Anomaly Benchmark
  (NAB),which attempts to provide a controlled and repeatable environment of
  open-source tools to test and measure anomaly detection algorithms on
  streaming data. The perfect detector would detect all anomalies as soon as
  possible,trigger no false alarms,work with real-world time-series data
  across a variety of domains,and automatically adapt to changing statistics.
  Rewarding these characteristics is formalized in NAB,using a scoring
  algorithm designed for streaming data. NAB evaluates detectors on a benchmark
  dataset with labeled,real-world time-series data. We present these
  components,and give results and analyses for several open source,
  commercially-used algorithms. The goal for NAB is to provide a standard,open
  source framework with which the research community can compare and evaluate
  different algorithms for detecting anomalies in streaming data.}

}

@article{Abdallah2016anynovel,
  title={AnyNovel: detection of novel concepts in evolving data streams: An application for activity recognition},
  author={Abdallah,Zahraa S. and Gaber,Mohamed Medhat and Srinivasan,Bala and Krishnaswamy,Shonali},
  year={2016},
  doi={10.1007/s12530-016-9147-7},
  issn={18686486},
  journal={Evolving Systems},
  keywords={Active learning,Activity recognition,Concept evolution,Continuous learning,Novelty detection,Stream mining},
  mendeley-groups={minas/faria},
  number={2},
  pages={73--93},
  volume={7},

  abstract={A data stream is a flow of unbounded data that arrives continuously
  at high speed. In a dynamic streaming environment,the data changes over the
  time while stream evolves. The evolving nature of data causes essentially the
  appearance of new concepts. This novel concept could be abnormal such as fraud,
  network intrusion,or a sudden fall. It could also be a new normal concept that
  the system has not seen/trained on before. In this paper we propose,develop,
  and evaluate a technique for concept evolution in evolving data streams. The
  novel approach continuously monitors the movement of the streaming data to
  detect any emerging changes. The technique is capable of detecting the emergence
  of any novel concepts whether they are normal or abnormal. It also applies a
  continuous and active learning for assimilating the detected concepts in real
  time. We evaluate our approach on activity recognition domain as an application
  of evolving data streams. The study of the novel technique on benchmarked
  datasets showed its efficiency in detecting new concepts and continuous
  adaptation with low computational cost. {{\textcopyright}} 2016,Springer-Verlag
  Berlin Heidelberg.}

}

@article{Park2002distributed,
  title={Distributed data mining: Algorithms,systems,and applications},
  author={Park,Byung-Hoon and Kargupta,Hillol},
  year={2002},
  publisher={Citeseer}
}
@book{TanenbaumSteen2018,
  title={Distributed systems: principles and paradigms},
  author={Tanenbaum,Andrew S and Van Steen,Maarten},
  ISBN={978-90-815406-2-9},
  year={2018},
  publisher={Maarten van Steen}
}

@inproceedings{Domingos2000,
author={Domingos,Pedro and Hulten,Geoff},
title={Mining High-Speed Data Streams},
year={2000},
isbn={1581132336},
publisher={Association for Computing Machinery},
address={New York,NY,USA},
url={https://doi.org/10.1145/347090.347107},
doi={10.1145/347090.347107},
booktitle={Proceedings of the Sixth ACM SIGKDD International Conference on Knowledge Discovery and Data Mining},
pages={71–80},
numpages={10},
keywords={incremental learning,Hoeffding bounds,decision trees,subsampling,disk-based algorithms},
location={Boston,Massachusetts,USA},
series={KDD ’00}
}

@inproceedings{AGGARWAL2003,
  title     = {A Framework for Clustering Evolving Data Streams},
  editor    = {Johann-Christoph Freytag and Peter Lockemann and Serge Abiteboul and Michael Carey and Patricia Selinger and Andreas Heuer},
  booktitle = {Proceedings 2003 VLDB Conference},
  publisher = {Morgan Kaufmann},
  address   = {San Francisco},
  pages     = {81-92},
  year      = {2003},
  isbn      = {978-0-12-722442-8},
  url       = {http://www.vldb.org/conf/2003/papers/S04P02.pdf},
  doi       = {https://doi.org/10.1016/B978-012722442-8/50016-1},
  author    = {Charu C. Aggarwal and Philip S. Yu and Jiawei Han and Jianyong Wang},
  abstract  = {Publisher Summary
  This chapter discusses a framework for clustering evolving data streams. The
  clustering problem is a difficult problem for the data stream domain. This is
  because the large volumes of data arriving in a stream render most traditional
  algorithms too inefficient. In recent years, a few one-pass clustering
  algorithms have been developed for the data stream problem. Although such
  methods address the scalability issues of the clustering problem, they are
  generally blind to the evolution of the data and do not address the following
  issues: (1) the quality of the clusters is poor when the data evolves
  considerably over time. (2) A data stream clustering algorithm requires much
  greater functionality in discovering and exploring clusters over different
  portions of the stream. The widely used practice of viewing data stream
  clustering algorithms as a class of one-pass clustering algorithms is not very
  useful from an application point of view. The chapter discusses a
  fundamentally different philosophy for data stream clustering which is guided
  by application-centered requirements. It divides the clustering process into
  an online component, which periodically stores detailed summary statistics and
  an offline component, which uses only this summary statistics. The problems of
  efficient choice, storage, and use of this statistical data for a fast data
  stream turns out to be quite tricky. The concepts of a pyramidal time frame in
  conjunction with a micro-clustering approach are used.}
}

@phdthesis{Faria2014,
  title = {{Detecção de novidade em fluxos contínuos de dados multiclasse}},
  author = {Paiva, Elaine Ribeiro de Faria},
  abstract={Mineração de fluxos contínuos de dados é uma
    área de pesquisa emergente que visa extrair conhecimento a partir de
    grandes quantidades de dados,gerados continuamente. Detecção de
    novidade é uma tarefa de classificação que consiste em
    reconhecer que um exemplo ou conjunto de exemplos em um fluxo de dados diferem
    significativamente dos exemplos vistos anteriormente. Essa é uma
    importante tarefa para fluxos contínuos de dados,principalmente porque
    novos conceitos podem aparecer,desaparecer ou evoluir ao longo do tempo. A
    maioria dos trabalhos da literatura apresentam a detecção de
    novidade como uma tarefa de classificação binária. Poucos
    trabalhos tratam essa tarefa como multiclasse,mas usam medidas de
    avaliação binária. Em vários problemas,o correto seria
    tratar a detecção de novidade em fluxos contínuos de dados
    como uma tarefa multiclasse,no qual o conceito conhecido do problema é
    formado por uma ou mais classes, e diferentes novas classes podem aparecer ao
    longo do tempo. Esta tese propõe um novo algoritmo – MINAS – para
    detecção de novidade em fluxos contínuos de dados. MINAS
    considera que a detecção de novidade é uma tarefa multiclasse.
    Na fase de treinamento,MINAS constrói um modelo de decisão com
    base em um conjunto de exemplos rotulados. Na fase de
    aplicação,novos exemplos são classificados usando o modelo de
    decisão atual,ou marcados como desconhecidos. Grupos de exemplos
    desconhecidos podem formar padrões-novidade válidos,que são
    então adicionados ao modelo de decisão. O modelo de decisão
    é atualizado ao longo do fluxo a fim de refletir mudanças nas
    classes conhecidas e permitir inserção de padrões-novidade.
    Esta tese também propõe uma nova metodologia para
    avaliação de algoritmos para detecção de novidade em
    fluxos contínuos de dados. Essa metodologia associa os
    padrões-novidade não rotulados às classes reais do
    problema,permitindo assim avaliar a matriz de confusão que é
    incremental e retangular. Além disso,a metodologia de
    avaliação propõe avaliar os exemplos desconhecidos
    separadamente e utilizar medidas de avaliação multiclasse. Por
    último,esta tese apresenta uma série de experimentos executados
    usando o MINAS e os principais algoritmos da literatura em bases de dados
    artificiais e reais. Além disso,o MINAS foi aplicado a um problema
    real,que consiste no reconhecimento de atividades humanas usando dados de
    acelerômetro. Os resultados experimentais mostram o potencial},

  keywords = {Detecção de novidade,classificação
  multiclasse,evolução de conceitos,fluxos contínuos de
  dados,metodologia de avaliação},
  
  pages = {161},
  school = {Universidade de São Paulo - USP},
  type = {Tese Doutorado},
  url = {http://www.teses.usp.br/teses/disponiveis/55/55134/tde-14072014-142248/ http://repositorio.icmc.usp.br//handle/RIICMC/5197},
  year = {2014}
}

@article{Lashkari2017,
  title={Characterization of tor traffic using time based features},
  author={Lashkari,Arash Habibi and Gil,Gerard Draper and Mamun,Mohammad Saiful Islam and Ghorbani,Ali A.},
  
  abstract={Traffic classification has been the topic of many research
  efforts,but the quick evolution of Internet services and the pervasive use of
  encryption makes it an open challenge. Encryption is essential in protecting
  the privacy of Internet users,a key technology used in the different privacy
  enhancing tools that have appeared in the recent years. Tor is one of the most
  popular of them,it decouples the sender from the receiver by encrypting the
  traffic between them,and routing it through a distributed network of servers.
  In this paper,we present a time analysis on Tor traffic flows,captured
  between the client and the entry node. We define two scenarios,one to detect
  Tor traffic flows and the other to detect the application type: Browsing,
  Chat,Streaming,Mail,Voip,P2P or File Transfer. In addition,with this
  paper we publish the Tor labelled dataset we generated and used to test our
  classifiers.},
  
  doi={10.5220/0006105602530262},
  isbn={9789897582097},
  journal={ICISSP 2017 - Proceedings of the 3rd International Conference on Information Systems Security and Privacy},
  keywords={Machine Learning,Network Traffic Analysis,Network Traffic Characterization,Time-based Features,Tor},
  number={Cic},
  pages={253--262},
  volume={2017-January},
  year={2017}
}
@article{Draper-Gil2016,
  title={Characterization of encrypted and VPN traffic using time-related features},
  author={Draper-Gil,Gerard and Lashkari,Arash Habibi and Mamun,Mohammad Saiful Islam and Ghorbani,Ali A.},
  
  abstract={Traffic characterization is one of the major challenges in today's
  security industry. The continuous evolution and generation of new applications
  and services,together with the expansion of encrypted communications makes it a
  difficult task. Virtual Private Networks (VPNs) are an example of encrypted
  communication service that is becoming popular,as method for bypabing
  censorship as well as accebing services that are geographically locked. In this
  paper,we study the effectiveneb of flow-based time-related features to detect
  VPN traffic and to characterize encrypted traffic into different categories,
  according to the type of traffic e.g.,browsing,streaming,etc. We use two
  different well-known machine learning techniques (C4.5 and KNN) to test the
  accuracy of our features. Our results show high accuracy and performance,
  confirming that time-related features are good clabifiers for encrypted traffic
  characterization.},
  
  doi={10.5220/0005740704070414},
  isbn={9789897581670},
  journal={ICISSP 2016 - Proceedings of the 2nd International Conference on Information Systems Security and Privacy},
  keywords={Encrypted Traffic Characterization,Flow Time-based Features,Flow Timeout Value,Traffic Clabification,VPN Traffic Characterization},
  number={February},
  pages={407--414},
  year={2016}
}

@misc{ApacheFLinkDataFlow,
  title={{Apache Flink 1.10 Documentation: Dataflow Programming Model}},
  author={{Apache Flink}},
  url={https://ci.apache.org/projects/flink/flink-docs-release-1.10/concepts/programming-model.html},
  urldate={2020-03-22},
  year={2020}
}

@inproceedings{Tavallaee2009,
  title = {A detailed analysis of the KDD CUP 99 data set},
  author = {Tavallaee, Mahbod and Bagheri, Ebrahim and Lu, Wei and Ghorbani, Ali A},
  booktitle = {2009 IEEE symposium on computational intelligence for security and defense applications},
  pages = {1--6},
  doi = {10.1109/CISDA.2009.5356528},
  isbn={9781424437641},
  journal={IEEE Symposium on Computational Intelligence for Security and Defense Applications,CISDA 2009},
  year = {2009},
  organization = {IEEE},
  url = {https://doi.org/10.1109/CISDA.2009.5356528}
}

@inproceedings{Song2011kyoto,
  title={Statistical Analysis of Honeypot Data and Building of Kyoto 2006+ Dataset for NIDS Evaluation},
  author={Song,Jungsuk and Takakura,Hiroki and Okabe,Yasuo and Eto,Masashi and Inoue,Daisuke and Nakao,Koji},
  year={2011},
  isbn={9781450307680},
  publisher={Association for Computing Machinery},
  address={New York,NY,USA},
  url={https://doi.org/10.1145/1978672.1978676},
  doi={10.1145/1978672.1978676},
  booktitle={Proceedings of the First Workshop on Building Analysis Datasets and Gathering Experience Returns for Security},
  pages={29–36},
  numpages={8},
  keywords={NIDS,honeypot data,Kyoto 2006+ dataset},
  location={Salzburg,Austria},
  series={BADGERS ’11}
}

@misc{KyotoDataset,
  author={J SONG AND H Takakura AND Y Okabe},
  title={Kyoto 2006+ New version data},
  year={2020},
  url={http://www.takakura.com/Kyoto_data/new_data201704/}
}

@article{Protic2018KddKyoto,
  title={{Review of KDD Cup '99,NSL-KDD and Kyoto 2006+ datasets}},
  author={Proti{\'{c}}, Danijela D},
  
  abstract={This paper presents a review of three datasets,namely KDD Cup
  ‘99,NSL-KDD and Kyoto 2006+ datasets,which are widely used in researching
  intrusion detection in computer networks. The KDD Cup ‘99 dataset consists of
  five million records,each containing 41 features which can classify malicious
  attacks into four classes: Probe,DoS,U2R and R2L. The KDD Cup ‘99 dataset
  cannot reflect real traffic data since it was generated by simulation over a
  virtual computer network. In the NSL-KDD dataset,redundant and duplicate
  records form the KDD Cup ‘99 dataset are removed from training and test sets,
  respectively. The Kyoto 2006+ dataset is built on real three year-network
  traffic data which are labeled as normal (no attack),attack (known attack)
  and unknown attack. The Kyoto 2006+ dataset contains 14 statistical features
  derived from the KDD Cup ‘99 dataset and 10 additional features.},
  
  keywords={99,KDD Cup '99,Kyoto 2006+,NSL-KDD,computer network,intrusion detection,kdd cup,kyoto 2006,nsl-kdd},
  doi={10.5937/vojtehg66-16670},
  issn={0042-8469},
  journal={Vojnotehnicki glasnik},
  number={3},
  pages={580--596},
  url={http://orcid.org/0000-0003-0827-2863},
  volume={66},
  year={2018}
}

@conference{Sharafaldin2018cicids2017,
  title = {Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization},
  author={Sharafaldin, Iman and Lashkari, Arash Habibi and Ghorbani, Ali A},
  doi={10.5220/0006639801080116},
  isbn = {978-989-758-282-0},
  booktitle = {Proceedings of the 4th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
  journal={ICISSP 2018 - Proceedings of the 4th International Conference on Information Systems Security and Privacy},
  publisher = {SciTePress},
  organization = {INSTICC},
  keywords={Brute Force,DoS,IDS Dataset,Infiltration,Intrusion Detection,Web Attack},
  pages={108--116},
  url={https://www.doi.org/10.5220/0006639801080116},
  year={2018}
}

% ====== inseridos por hermes
@article{Zhou2017,
  author={J. Zhou and Z. Cao and X. Dong and A. V. Vasilakos},
  journal={IEEE Communications Magazine},
  title={Security and Privacy for Cloud-Based IoT: Challenges},
  year={2017},
  volume={55},
  number={1},
  pages={26-33},
  doi={10.1109/MCOM.2017.1600363CM}
}

@article{sengupta2020comprehensive,
  title={A comprehensive survey on attacks, security issues and blockchain solutions for IoT and IIoT},
  author={Sengupta, Jayasree and Ruj, Sushmita and Bit, Sipra Das},
  journal={Journal of Network and Computer Applications},
  volume={149},
  pages={102481},
  year={2020},
  publisher={Elsevier}
}

@article{haddadpajouh2019survey,
  title={A survey on internet of things security: Requirements, challenges, and solutions},
  author={HaddadPajouh, Hamed and Dehghantanha, Ali and Parizi, Reza M and Aledhari, Mohammed and Karimipour, Hadis},
  journal={Internet of Things},
  volume={14},
  pages={100129},
  year={2019},
  publisher={Elsevier}
}
@article{Tahsien2020,
  archiveprefix={arXiv},
  arxivid={2004.05289},
  author={Tahsien, Syeda Manjia and Karimipour, Hadis and Spachos, Petros},
  doi={10.1016/j.jnca.2020.102630},
  eprint={2004.05289},
  issn={10958592},
  journal={Journal of Network and Computer Applications},
  keywords={Architecture,Attack surfaces,Challenges,Internet of Things,IoT attacks,Machine learning,Security solution},
  mendeley-groups={Deteccao-de-Intrusao},
  number={November 2019},
  title={Machine learning based solutions for security of Internet of Things (IoT): A survey},
  volume={161},
  year={2020}
}

@article{dastjerdi2016fog,
  title={Fog computing: Helping the Internet of Things realize its potential},
  author={Dastjerdi, Amir Vahid and Buyya, Rajkumar},
  journal={Computer},
  volume={49},
  number={8},
  pages={112--116},
  year={2016},
  publisher={IEEE}
}

@misc{gartner_it_glossary_2018,
  author={Gartner, Inc.},
  title={Gartner Says Worldwide IoT Security Spending Will Reach \$1.5 Billion in 2018},
  url={https://www.gartner.com/newsroom/id/3869181},
  journal={Gartner IT Glossary},
  publisher={Gartner, Inc.},
  year={2018},
  month={Mar}
}

@misc{gartner_forecast_2017,
  author={Gartner, Inc.},
  title={Gartner Says 8.4 Billion Connected ``Things'' Will Be in Use in 2017, Up 31 Percent From 2016},
  url={https://www.gartner.com/en/newsroom/press-releases/2017-02-07-gartner-says-8-billion-connected-things-will-be-in-use-in-2017-up-31-percent-from-2016},
  journal={Gartner Press Release},
  publisher={Gartner, Inc.},
  year={2017}
}

@inproceedings{roesch1999snort,
  title={Snort: Lightweight intrusion detection for networks.},
  author={Roesch, Martin and others},
  booktitle={Lisa},
  volume={99},
  number={1},
  pages={229--238},
  year={1999}
}

@article{da2014internet,
  title={Internet of things in industries: A survey},
  author={Da Xu, Li and He, Wu and Li, Shancang},
  journal={IEEE Transactions on industrial informatics},
  volume={10},
  number={4},
  pages={2233--2243},
  year={2014},
  publisher={IEEE}
}

@article{gubbi2013internet,
  title={Internet of Things (IoT): A vision, architectural elements, and future directions},
  author={Gubbi, Jayavardhana and Buyya, Rajkumar and Marusic, Slaven and Palaniswami, Marimuthu},
  journal={Future generation computer systems},
  volume={29},
  number={7},
  pages={1645--1660},
  year={2013},
  publisher={Elsevier}
}

% ============
@inproceedings{dos-6lowpan-iot,
  author={P. Kasinathan and C. Pastrone and M. A. Spirito and M. Vinkovits},
  booktitle={IEEE 9th Intl. Conf. on Wireless and Mobile Computing, Networking and Communications (WiMob)},
  title={Denial-of-Service detection in 6LoWPAN based Internet of Things},
  year={2013},
  volume={},
  number={},
  pages={600-607},
  doi={10.1109/WiMOB.2013.6673419},
  issn={2160-4886},
  month={Oct}
}

@inproceedings{Hybrid-ids-arch-iot,
  author={M. Sheikhan and H. Bostani},
  booktitle={8th Intl. Symp. on Telecommunications (IST)},
  title={A hybrid intrusion detection architecture for Internet of things},
  year={2016},
  volume={},
  number={},
  pages={601-606},
  doi={10.1109/ISTEL.2016.7881893},
  issn={},
  month={Sept}
}

@inproceedings{Kalis,
  author={D. Midi and A. Rullo and A. Mudgerikar and E. Bertino},
  booktitle={IEEE Intl. Conf. on Distributed Computing Systems (ICDCS)},
  title={Kalis - A System for Knowledge-Driven Adaptable Intrusion Detection for the Internet of Things},
  year={2017},
  volume={},
  number={},
  pages={656-666},
  doi={10.1109/ICDCS.2017.104},
  issn={1063-6927},
  month={June}
}

@article{SVELTE,
  title={SVELTE: Real-time intrusion detection in the Internet of Things},
  journal={Ad Hoc Networks},
  volume={11},
  number={8},
  pages={2661 - 2674},
  year={2013},
  issn={1570-8705},
  doi={https://doi.org/10.1016/j.adhoc.2013.04.014},
  author={Shahid Raza and Linus Wallgren and Thiemo Voigt},
  keywords={Intrusion detection, Internet of Things, 6LoWPAN, RPL, IPv6, Security, Sensor networks}
}

@article{anomalies-adaptive-detection,
  author={Zhang, Ji and Li, Hongzhou and Gao, Qigang and Wang, Hai and Luo, Yonglong},
  title={Detecting Anomalies from Big Network Traffic Data Using an Adaptive Detection Approach},
  journal={Inf. Sci.},
  issue_date={October 2015},
  volume={318},
  number={C},
  month=oct,
  year={2015},
  issn={0020-0255},
  pages={91--110},
  numpages={20},
  doi={10.1016/j.ins.2014.07.044},
  acmid={2794100},
  publisher={Elsevier Science Inc.},
  address={New York, NY, USA},
  keywords={Anomaly detection, Big data, Outlier detection}
}

@article{IoT-arch-smartmeter,
  author={J. Lloret and J. Tomas and A. Canovas and L. Parra},
  journal={IEEE Communications Magazine},
  title={An Integrated IoT Architecture for Smart Metering},
  year={2016},
  volume={54},
  number={12},
  pages={50-57},
  doi={10.1109/MCOM.2016.1600647CM},
  issn={0163-6804}
}

@article{scalable-anomaly-detection-smart-city,
  author={D. E. Difallah and P. Cudré-Mauroux and S. A. McKenna},
  journal={IEEE Internet Computing},
  title={Scalable Anomaly Detection for Smart City Infrastructure Networks},
  year={2013},
  volume={17},
  number={6},
  pages={39-47},
  doi={10.1109/MIC.2013.84},
  issn={1089-7801},
  month={Nov}
}

@article{DS-based-IDS-SmartGrid,
  author={M. A. Faisal and Z. Aung and J. R. Williams and A. Sanchez},
  journal={IEEE Systems Journal},
  title={Data-Stream-Based Intrusion Detection System for Advanced Metering Infrastructure in Smart Grid: A Feasibility Study},
  year={2015},
  volume={9},
  number={1},
  pages={31-44},
  doi={10.1109/JSYST.2013.2294120},
  issn={1932-8184},
  month={March}
}


@article{Fault-tolerance-disaster,
  author={Furquim, Gustavo and Filho, Geraldo P. R. and Jalali, Roozbeh and Pessin, Gustavo and Pazzi, Richard W. and Ueyama, Jó},
  title={How to Improve Fault Tolerance in Disaster Predictions: A Case Study about Flash Floods Using IoT, ML and Real Data},
  journal={Sensors},
  volume={18},
  year={2018},
  number={3},
  articlenumber={907},
  issn={1424-8220},
  doi={10.3390/s18030907}
}

@article{Adat2018,
  author={Adat, Vipindev and Gupta, B. B.},
  title={Security in Internet of Things: issues, challenges, taxonomy, and architecture},
  journal={Telecommunication Systems},
  year={2018},
  month={Mar},
  day={01},
  volume={67},
  number={3},
  pages={423--441},
  doi={10.1007/s11235-017-0345-9}
}

@article{GT-BIS,
  author={Campiolo, Rodrigo AND Batista, Daniel M.},
  title={Uma Arquitetura para Detecção de Ameaças Cibernéticas Baseada na Análise de Grandes Volumes de Dados},
  journal={WSCDC SBRC},
  year={2018}
}

@book{Marz:lambda,
  author={Marz, Nathan and Warren, James},
  title={Big Data: Principles and Best Practices of Scalable Realtime Data Systems},
  year={2015},
  isbn={1617290343, 9781617290343},
  edition={1st},
  publisher={Manning Publications Co.},
  address={Greenwich, CT, USA}
} 

@misc{Kappa,
  author={Kreps, Jay},
  title={Questioning the Lambda Architecture},
  year={2014},
  url={https://www.oreilly.com/ideas/questioning-the-lambda-architecture}
}

@inproceedings{Liquid,
  title={Liquid: Unifying Nearline and Offline Big Data Integration},
  author={Raul Castro Fernandez and Peter R. Pietzuch and Jay Kreps and Neha Narkhede and Jun Rao and Joel Koshy and Dong Lin and Chris Riccomini and Guozhang Wang},
  booktitle={CIDR},
  year={2015}
}

@article{MASUD2011,
  author={M. Masud and J. Gao and L. Khan and J. Han and B. M. Thuraisingham},
  journal={IEEE Trans. on Knowledge and Data Engineering},
  title={Classification and Novel Class Detection in Concept-Drifting Data Streams under Time Constraints},
  year={2011},
  volume={23},
  number={6},
  pages={859-874},
  doi={10.1109/TKDE.2010.61},
  issn={1041-4347},
  month={June}
}

@article{Perner2009,
  author={Petra Perner},
  title={Concepts for novelty detection and handling based on a case-based reasoning process scheme},
  journal={Engineering Applications of Artificial Intelligence},
  volume={22},
  number={1},
  pages={86-91},
  year={2009},
  issn={0952-1976},
  doi={https://doi.org/10.1016/j.engappai.2008.05.003},
  url={https://www.sciencedirect.com/science/article/pii/S095219760800105X},
  keywords={Novelty detection, Handling of novel events, Case-based reasoning,
  Similarity-based reasoning, Statistical reasoning},
  abstract={Novelty detection, the ability to identify new or unknown
  situations that were never experienced before, is useful for intelligent
  systems aspiring to operate in environments where data are acquired
  incrementally. This characteristic is common to numerous problems in medical
  diagnosis and visual perception. We propose to see novelty detection as a
  case-based reasoning process. Our novelty-detection method is able to detect
  the novel situation, as well as to use the novel events for immediate
  reasoning. To ensure this capacity, we combine statistical and similarity
  inference and learning. This view of CBR takes into account the properties of
  data, such as the uncertainty, and the underlying concepts, such as storage,
  learning, retrieval, and indexing can be formalized and performed
  efficiently.}
}

@misc{Kyoto,
  author={J SONG AND H Takakura AND Y Okabe},
  title={Kyoto 2006+ New version data},
  year={2017},
  url={http://www.takakura.com/Kyoto_data/new_data201704/}
}

@inproceedings{Song:2011:SAH:1978672.1978676,
  author={Song, Jungsuk and Takakura, Hiroki and Okabe, Yasuo and Eto, Masashi and Inoue, Daisuke and Nakao, Koji},
  title={Statistical Analysis of Honeypot Data and Building of {K}yoto 2006+ Dataset for NIDS Evaluation},
  booktitle={Proc.of Workshop on Building Analysis Datasets and Gathering Experience Returns for Security},
  year={2011},
  isbn={978-1-4503-0768-0},
  location={Salzburg, Austria},
  pages={29--36},
  numpages={8},
  publisher={ACM},
  address={New York, NY, USA}
} 

@article{Shanbhag2015,
  title={Architecture for Internet of Things to minimize human intervention},
  author={Shanbhag, Rupali and Shankarmani, Radha},
  abstract={Today, smart objects in Internet of Things (IOT) are able to detect
  their state and share it with other objects across the Internet, thus
  collaboratively making intelligent decisions on their own. Large number of
  objects is quietly introduced into the web every day. It is impossible for a
  user to keep a track of all objects available around him. Therefore a search
  engine that could find smart objects is used. If an exact object yielding the
  required service is not present then system requires explicit user inputs to
  find alternatives such as name of an alternate object that may provide the
  same service. Humans always find alternatives around them to carry out their
  work smoothly. Service provisioning in IOT should also be made capable of
  providing similar or alternate objects that are aligned with user
  requirements, current context and previous knowledge without any human
  intervention. We propose an architecture that uses Naive Bayesian prediction
  on user history and Ant Colony Optimization for accurately predicting objects
  of user interest so as to reduce the dependency of IOT application on human
  inputs for finding an object match.},
  doi={10.1109/ICACCI.2015.7275969},
  isbn={9781479987917},
  journal={2015 International Conference on Advances in Computing, Communications and Informatics, ICACCI 2015},
  keywords={Ant colony optimization,Bayesian prediction,Internet of things,approximate service,context awareness,human intervention},
  pages={2348--2353},
  publisher={IEEE},
  year={2015}
}

@misc{statista-iot, 
  author={{Statista}},
  title={IoT connected devices worldwide 2030},
  year={2021},
  url={https://www.statista.com/statistics/802690/worldwide-connected-devices-by-access-technology/}
}

@article{SINGH2019111,
  author={Abhishek Singh and Ashish Payal and Sourabh Bharti},
  title={A walkthrough of the emerging IoT paradigm: Visualizing inside functionalities, key features, and open issues},
  journal={Journal of Network and Computer Applications},
  volume={143},
  pages={111-151},
  year={2019},
  issn={1084-8045},
  doi={https://doi.org/10.1016/j.jnca.2019.06.013},
  url={https://www.sciencedirect.com/science/article/pii/S1084804519302188},
  keywords={Cyber physical system (CPS), Cloud computing, Internet connected
  systems (ICT), Internet of things (IoT), Fog computing, Situation/context
  awareness, Cross-layer architectures, Wireless sensor networks (WSN), Wireless
  sensor & actuation networks (WSAN), Multi-agent systems (MAS), Trust
  management, Industry 4.0}
}

@inproceedings{abane2019,
  author={A. Abane and P. Muhlethaler and S. Bouzefrane and A. Battou},
  booktitle={2019 8th International Conference on Performance Evaluation and Modeling in Wired and Wireless Networks (PEMWN)},
  title={Modeling and Improving Named Data Networking over IEEE 802.15.4},
  year={2019},
  volume={},
  number={},
  pages={1-6},
  doi={10.23919/PEMWN47208.2019.8986906}
}

@inproceedings{Cassales2019,
  author={Cassales,Guilherme Weigert and Senger,Hermes and {DE FARIA},Elaine Ribeiro and Bifet,Albert},
  title={IDSA-IoT: An Intrusion Detection System Architecture for IoT Networks},
  booktitle={2019 IEEE Symposium on Computers and Communications (ISCC)},
  pages={1--7},
  year={2019},
  volume={},
  number={},
  abstract={The Internet of Things (IoT) allows large amounts and variety of
  devices to connect,interact and exchange data. The IoT network creates
  numerous opportunities for novel attacks that can compromise information and
  systems integrity. Intrusion detection systems have been studied over two
  decades,mostly employing traditional data mining and machine learning
  techniques that require an offline phase for model training on large amounts
  of data. This paper presents three data stream novelty detection techniques
  applied to the intrusion detection problem and proposes IDSA-IoT,a novel
  implementation architecture,which combines the use of resources at the edge
  of the network and a public cloud. After an extensive empirical evaluation,
  results show that it is possible to identify new attack patterns soon after
  their emergence and to adapt the models in an efficient way.},
  keywords={},
  doi={10.1109/ISCC47284.2019.8969609},
  issn={1530-1346},
  isbn={978-1-7281-2999-0},
  url={https://ieeexplore.ieee.org/document/8969609/},
  month={June}
}

@article{Viegas2019,
  title={BigFlow: Real-time and reliable anomaly-based intrusion detection for high-speed networks},
  author={Eduardo Viegas and Altair Santin and Alysson Bessani and Nuno Neves},
  journal={Future Generation Computer Systems},
  volume={93},
  pages={473 - 485},
  year={2019},
  issn={0167-739X},
  publisher={Elsevier},
  doi={https://doi.org/10.1016/j.future.2018.09.051},
  url={http://www.sciencedirect.com/science/article/pii/S0167739X18307635},
  keywords={Data stream,Stream learning,Classification reliability,Anomaly-based intrusion detection},
  abstract={Existing machine learning solutions for network-based intrusion detection cannot maintain their reliability over time when facing high-speed networks and evolving attacks. In this paper,we propose BigFlow,an approach capable of processing evolving network traffic while being scalable to large packet rates. BigFlow employs a verification method that checks if the classifier outcome is valid in order to provide reliability. If a suspicious packet is found,an expert may help BigFlow to incrementally change the classification model. Experiments with BigFlow,over a network traffic dataset spanning a full year,demonstrate that it can maintain high accuracy over time. It requires as little as 4% of storage and between 0.05% and 4% of training time,compared with other approaches. BigFlow is scalable,coping with a 10-Gbps network bandwidth in a 40-core cluster commodity hardware.}
}

@phdthesis{Lopez2018,
  title       = {A monitoring and threat detection system using stream processing as a virtual function for Big Data},
  author      = {Andreoni Lopez,Martin Estaban},
  url         = {https://tel.archives-ouvertes.fr/tel-02111017},
  number      = {2018SORUS035},
  school      = {{Sorbonne Universit{\'e} ; Universidade federal do Rio de Janeiro}},
  year        = {2018},
  month       = {Jun},
  keywords    = {Network security ; Machine learning ; Virtual network function ;
  Cybers{\'e}curit{\'e} ; Gros volumes de donn{\'e}es ; Apprentissage
  automatique ; Donn{\'e}es de s{\'e}curit{\'e} ; S{\'e}curit{\'e} de r{\'e}seau
  ; Fonction de r{\'e}seau virtuel},
  type        = {Theses},
  pdf         = {https://tel.archives-ouvertes.fr/tel-02111017/file/2018SORUS035.pdf},
  hal_id      = {tel-02111017},
  hal_version = {v1}
}
@inproceedings{Lopez2019,
 author = {Martin Andreoni Lopez and Otto Carlos  Muniz Bandeira Duarte and Guy Pujolle},
 title = {A Monitoring and Threat Detection System Using Stream Processing as a Virtual Function for Big Data},
 booktitle = {{Anais Estendidos do XXXVII Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos}},
 location = {Gramado},
 year = {2019},
 issn = {2177-9384},
 pages = {209--216},
 publisher = {SBC},
 address = {Porto Alegre, RS, Brasil},
 url = {https://sol.sbc.org.br/index.php/sbrc_estendido/article/view/7789}
}

@inproceedings{Lopez2017,
  title           = {Collecting and characterizing a real broadband access network traffic dataset},
  author          = {Andreoni Lopez,Martin Estaban and Silva,Renato Souza and
  Alvarenga,Igor D. and Rebello,Gabriel A.F. and Sanz,Igor J. and Lobato,
  Antonio G.P. and Mattos,Diogo M.F. and Duarte,Otto C.M.B. and Pujolle,Guy},
  doi             = {10.1109/CSNET.2017.8241999},
  isbn            = {9781538613320},
  journal         = {2017 1st Cyber Security in Networking Conference,CSNet 2017},
  mendeley-groups = {minas/sbrc-2019-refs},
  pages           = {1--8},
  volume          = {2017-January},
  abstract        = {Broadband Internet access security relies in the implementation of
  perimeter policies and in the adoption of access control lists. These measures
  are precarious because they are based on common and not frequently updated
  profiles that lack residential users threat information. In this paper,we
  analyze and profile residential users traffic from fixed broadband Internet
  access networks of a large telecommunication operator for a period of one
  week,and we obtain the profile of security alarms generated by an intrusion
  detection system. The results show that the proposed characterization allows
  the classification of alerts with a sensitivity of 93{\%} in the
  differentiation of legitimate and anomalous flows and allows a 73{\%}
  reduction of the traffic directed to the traffic analyzer,thus validating the
  collected dataset and enabling more dynamic and efficient access network
  security.},
  year            = {2017}
}

@inproceedings{Sanz2018,
  author    = {Igor Jochem Sanz and Martin Andreoni Lopez},
  title     = {Um Sistema de Detecção de Ameaças Distribuídas de Rede baseado em Aprendizagem por Grafos},
  booktitle = {Anais do XXXVI Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos},
  location  = {Campos do Jordão},
  year      = {2018},
  keywords  = {},
  issn      = {2177-9384},
  publisher = {SBC},
  address   = {Porto Alegre, RS, Brasil},
  url       = {https://sol.sbc.org.br/index.php/sbrc/article/view/2487}
}

@article{Song2011,
  title={Statistical analysis of honeypot data and building of Kyoto 2006+ dataset for NIDS evaluation},
  author={Song, Jungsuk and Takakura, Hiroki and Okabe, Yasuo and Eto, Masashi and Inoue, Daisuke and Nakao, Koji},
  year={2011},
  isbn={9781450307680},
  abstract={With the rapid evolution and proliferation of botnets, large-scale cyber attacks such as DDoS, spam emails are also becoming more and more dangerous and serious cyber threats. Because of this, network based security technologies such as Network based Intrusion Detection Systems (NIDSs), Intrusion Prevention Systems (IPSs), firewalls have received remarkable attention to defend our crucial computer systems, networks and sensitive information from attackers on the Internet. In particular, there has been much effort towards high-performance NIDSs based on data mining and machine learning techniques. However, there is a fatal problem in that the existing evaluation dataset, called KDD Cup 99' dataset, cannot reflect current network situations and the latest attack trends. This is because it was generated by simulation over a virtual network more than 10 years ago. To the best of our knowledge, there is no alternative evaluation dataset. In this paper, we present a new evaluation dataset, called Kyoto 2006+, built on the 3 years of real traffic data (Nov. 2006 ∼ Aug. 2009) which are obtained from diverse types of honeypots. Kyoto 2006+ dataset will greatly contribute to IDS researchers in obtaining more practical, useful and accurate evaluation results. Furthermore, we provide detailed analysis results of honeypot data and share our experiences so that security researchers are able to get insights into the trends of latest cyber attacks and the Internet situations. Copyright {\textcopyright} 2011 ACM.},
  doi={10.1145/1978672.1978676},
  journal={Proceedings of the 1st Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, BADGERS 2011},
  keywords={Access control,Analysis,Metrics,RBAC,Real-world data},
  mendeley-groups={UFSCar/Cassales},
  pages={29--36}
}

@article{DaCosta2019a,
  abstract={In the world scenario, concerns with security and privacy regarding computer networks are always increasing. Computer security has become a necessity due to the proliferation of information technologies in everyday life. The increase in the number of Internet accesses and the emergence of new technologies, such as the Internet of Things (IoT paradigm, are accompanied by new and modern attempts to invade computer systems and networks. Companies are increasingly investing in studies to optimize the detection of these attacks. Institutions are selecting intelligent techniques to test and verify by comparing the best rates of accuracy. This research, therefore, focuses on rigorous state-of-the-art literature on Machine Learning Techniques applied in Internet-of-Things and Intrusion Detection for computer network security. The work aims, therefore, recent and in-depth research of relevant works that deal with several intelligent techniques and their applied intrusion detection architectures in computer networks with emphasis on the Internet of Things and machine learning. More than 95 works on the subject were surveyed, spanning across different themes related to security issues in IoT environments.},
  author={da Costa, Kelton A.P. and Papa, João P. and Lisboa, Celso O. and Munoz, Roberto and de Albuquerque, Victor Hugo C.},
  doi={10.1016/j.comnet.2019.01.023},
  issn={13891286},
  journal={Computer Networks},
  keywords={Intelligent techniques,Internet-of-Things,Machine learning,Security networks,Survey},
  mendeley-groups={Deteccao-de-Intrusao/surveys},
  pages={147--157},
  title={Internet of Things: A survey on machine learning-based intrusion detection approaches},
  volume={151},
  year={2019}
}

% author  = {C. {Kolias} and G. {Kambourakis} and A. {Stavrou} and J. {Voas}},
@article{Kolias2017mirai,
  title   = {{DDoS in the IoT: Mirai and Other Botnets}},
  author = {Kolias, Constantinos and Kambourakis, Georgios and Stavrou, Angelos and Voas, Jeffrey},
  journal = {Computer},
  year    = {2017},
  volume  = {50},
  number  = {7},
  pages   = {80-84},
  doi     = {10.1109/MC.2017.201},
  isbn = {978-1-5090-4862-5},
  issn = {00189162},
  publisher = {IEEE},
  url = {http://ieeexplore.ieee.org/document/7971869/},
  keywords = {BrickerBot,Cybertrust,DDoS,Hajime,Internet of Things,IoT,Mirai,Persirai,botnet,cybersecurity,distributed denial of service,malware,security}
}

@inproceedings{Crovella1992ccr,
  author={M. {Crovella} and R. {Bianchini} and T. {LeBlanc} and E. {Markatos} and R. {Wisniewski}},
  booktitle={[1992] Proceedings of the Fourth IEEE Symposium on Parallel and Distributed Processing},
  title={Using communication-to-computation ratio in parallel program design and performance prediction},
  year={1992},
  volume={},
  number={},
  pages={238-245},
  doi={10.1109/SPDP.1992.242738},
  url={https://ieeexplore.ieee.org/document/242738}
}

@article{Markou2003,
  abstract = {Novelty detection is the identification of new or unknown data or
  signal that a machine learning system is not aware of during training. Novelty
  detection is one of the fundamental requirements of a good classification or
  identification system since sometimes the test data contains information about
  objects that were not known at the time of training the model. In this paper we
  provide state-of-the-art review in the area of novelty detection based on
  statistical approaches. The second part paper details novelty detection using
  neural networks. As discussed, there are a multitude of applications where
  novelty detection is extremely important including signal processing, computer
  vision, pattern recognition, data mining, and robotics. {\textcopyright} 2003
  Elsevier B.V. All rights reserved.},
  author = {Markou, Markos and Singh, Sameer},
  doi = {10.1016/j.sigpro.2003.07.018},
  file = {:home/puhl/mendeley/Markou, Singh_2003_Novelty detection A review - Part 1 Statistical approaches.pdf:pdf},
  issn = {01651684},
  journal = {Signal Processing},
  keywords = {Clustering,Gaussian mixture models,Hidden Markov models,KNN,Novelty detection review,Parzen density estimation,Statistical approaches,String matching},
  mendeley-groups = {Deteccao-de-Intrusao/minas},
  month = {dec},
  number = {12},
  pages = {2481--2497},
  publisher = {Elsevier},
  title = {{Novelty detection: A review - Part 1: Statistical approaches}},
  volume = {83},
  year = {2003}
}

@inproceedings{Schwengber2020,
  author    = {Schwengber, Bruno Henrique and Vergütz, Andressa and Prates, Nelson G. and Nogueira, Michele},
  booktitle = {GLOBECOM 2020 - 2020 IEEE Global Communications Conference},
  title     = {A Method Aware of Concept Drift for Online Botnet Detection},
  year      = {2020},
  volume    = {},
  number    = {},
  pages     = {1-6},
  doi       = {10.1109/GLOBECOM42002.2020.9347990}
}

@book{MpiMitBookGroupp2014,
  title           = {{Using MPI : portable parallel programming with the Message-Passing Interface}},
  author          = {Gropp, William and Lusk, Ewing and Skjellum, Anthony},
  address         = {Cambridge, Massachusetts},
  booktitle       = {Scientific Programming},
  edition         = {3},
  isbn            = {978-0-262-52739-2},
  issn            = {10589244},
  pages           = {330},
  publisher       = {MIT Press},
  url             = {https://ieeexplore.ieee.org/book/6981847},
  year            = {2014}
}
(Scientific and Engineering Computation) William Gropp, Ewing Lusk, Anthony Skjellum-Using MPI_ Portable Parallel Programming with the Message-Passing Interface-The MIT Press (2014).pdf

@misc{MPICH2021,
  author          = {{MPICH}},
  title           = {{MPICH | High-Performance Portable MPI}},
  abstract = {MPICH is a high performance and widely portable implementation of
  the Message Passing Interface (MPI) standard. MPICH and its derivatives form the
  most widely used implementations of MPI in the world. They are used exclusively
  on nine of the top 10 supercomputers (June 2016 ranking), including the world's
  fastest supercomputer: Taihu Light.},
  url             = {https://www.mpich.org/},
  urldate         = {2021-09-02},
  year            = {2021}
}
@misc{OpenMPI2021,
  author          = {{OpenMPI}},
  title           = {{Open MPI: Open Source High Performance Computing}},
  abstract = {The Open MPI Project is an open source Message Passing Interface
  implementation that is developed and maintained by a consortium of academic,
  research, and industry partners. Open MPI is therefore able to combine the
  expertise, technologies, and resources from all across the High Performance
  Computing community in order to build the best MPI library available. Open MPI
  offers advantages for system and software vendors, application developers and
  computer science researchers.},
  url             = {https://www.open-mpi.org/},
  urldate         = {2021-09-02},
  year            = {2021}
}


@inproceedings{lee2017data,
  title        = {A data streaming performance evaluation using resource constrained edge device},
  author       = {Lee, Hwejoo and Oh, Junghyun and Kim, Kyungrae and Yeon, Hunje},
  booktitle    = {2017 International Conference on Information and Communication Technology Convergence (ICTC)},
  pages        = {628--633},
  year         = {2017},
  doi          = {10.1109/ICTC.2017.8191055},
  isbn         = {9781509040315},
  organization = {IEEE}
}

@inproceedings{battulga2020fogguru,
  title       = {FogGuru: a Fog Computing Platform Based on Apache Flink},
  author      = {Battulga, Davaadorj and Miorandi, Daniele and Tedeschi, C{\'e}dric},
  url         = {https://hal.inria.fr/hal-02463206},
  booktitle   = {{23rd Conference on Innovation in Clouds, Internet and Networks (ICIN 2020)}},
  address     = {Paris, France},
  year        = {2020},
  month       = Feb,
  keywords    = {Apache Flink ; Fog Computing ; Edge Computing},
  pdf         = {https://hal.inria.fr/hal-02463206/file/ICIN_report.pdf},
  hal_id      = {hal-02463206},
  hal_version = {v1}
}

@article{Greco2019wearableStream,
  title    = {An edge-stream computing infrastructure for real-time analysis of wearable sensors data},
  journal  = {Future Generation Computer Systems},
  volume   = {93},
  pages    = {515-528},
  year     = {2019},
  issn     = {0167-739X},
  doi      = {https://doi.org/10.1016/j.future.2018.10.058},
  url      = {https://www.sciencedirect.com/science/article/pii/S0167739X18314031},
  author   = {Luca Greco and Pierluigi Ritrovato and Fatos Xhafa},
  keywords = {Internet of things, Edge computing, Big data},

  abstract = {The fast development of IoT in general and wearable smart sensors
  in particular in the context of wellness and healthcare are demanding for
  definition of specific infrastructure supporting real time data analysis for
  anomaly detection, event identification, situation awareness just to mention
  few. The explosion in the development and adoption of these smart wearable
  sensors has contributed to the definition of the Internet of Medical Things
  (IoMT), which is revolutionizing the way healthcare is tackled worldwide. Data
  produced by wearable sensors continuously grow and could be spread among
  clinical centers, hospitals, research labs, yielding to a Big Data management
  problem. In this paper we propose a technological and architectural solution,
  based on Open Source big data technologies to perform real-time analysis of
  wearable sensor data streams. The proposed architecture is composed of four
  distinct layers: a sensing layer, a pre-processing layer (Raspberry Pi), a
  cluster processing layer (Kafka’s broker and Flink’s mini-cluster) and a
  persistence layer (Cassandra database). A performance evaluation of each layer
  has been carried out by considering CPU and memory usage for accomplishing a
  simple anomaly detection task using the REALDISP dataset.}

}

@inproceedings{Puhl2021,
  author      = {Puhl, Lu{\'{i}}s and Weigert, Guilherme and Guardia, Helio Crestana and Senger, Hermes},
  title       = {Distributed Novelty Detection at the Edge for IoT Network Security},
  booktitle   = {The 21st International Conference on Computational Science and its Applications -- ICCSA 2021},
  shortbooktitle = {ICCSA},
  publisher   = {Springer International Publishing},
  eventdate   = {2021-09-13/2021-09-16},
  venue       = {University of Cagliari},
  location    = {Cagliari, Sardinia, Italy},
  year        = {Em via de publicação}
}

@inproceedings{vural2017systematic,
  title        = {A systematic literature review on microservices},
  author       = {Vural, Hulya and Koyuncu, Murat and Guney, Sinem},
  booktitle    = {International Conference on Computational Science and Its Applications},
  pages        = {203--217},
  year         = {2017},
  organization = {Springer}
}

@article{AriyaluranHabeeb2019,
  author   = {Riyaz Ahamed {Ariyaluran Habeeb} and Fariza Nasaruddin and Abdullah Gani and Ibrahim Abaker {Targio Hashem} and Ejaz Ahmed and Muhammad Imran},
  title    = {Real-time big data processing for anomaly detection: A Survey},
  journal  = {International Journal of Information Management},
  volume   = {45},
  pages    = {289-307},
  year     = {2019},
  issn     = {0268-4012},
  doi      = {https://doi.org/10.1016/j.ijinfomgt.2018.08.006},
  url      = {https://www.sciencedirect.com/science/article/pii/S0268401218301658},
  keywords = {Real-time, Big data processing, Anomaly detection and machine learning algorithms},
  abstract = {The advent of connected devices and omnipresence of Internet have paved way for intruders to attack networks, which leads to cyber-attack, financial loss, information theft in healthcare, and cyber war. Hence, network security analytics has become an important area of concern and has gained intensive attention among researchers, off late, specifically in the domain of anomaly detection in network, which is considered crucial for network security. However, preliminary investigations have revealed that the existing approaches to detect anomalies in network are not effective enough, particularly to detect them in real time. The reason for the inefficacy of current approaches is mainly due the amassment of massive volumes of data though the connected devices. Therefore, it is crucial to propose a framework that effectively handles real time big data processing and detect anomalies in networks. In this regard, this paper attempts to address the issue of detecting anomalies in real time. Respectively, this paper has surveyed the state-of-the-art real-time big data processing technologies related to anomaly detection and the vital characteristics of associated machine learning algorithms. This paper begins with the explanation of essential contexts and taxonomy of real-time big data processing, anomalous detection, and machine learning algorithms, followed by the review of big data processing technologies. Finally, the identified research challenges of real-time big data processing in anomaly detection are discussed.}
}

@article{Akbar2017,
  author  = {Akbar, Adnan and Khan, Abdullah and Carrez, Francois and Moessner, Klaus},
  journal = {IEEE Internet of Things Journal},
  title   = {Predictive Analytics for Complex IoT Data Streams},
  year    = {2017},
  volume  = {4},
  number  = {5},
  pages   = {1571-1582},
  doi     = {10.1109/JIOT.2017.2712672},
  url     = {https://doi.org/10.1109/JIOT.2017.2712672}
}