Page 148                                                  Corizzo et al. J Surveill Secur Saf 2020;1:140-50  I  http://dx.doi.org/10.20517/jsss.2020.15

               continuously, but periodically, and it can be performed offline, while previously learned models are still
               active to perform intrusion detection. For these reasons, a higher accuracy in the predictive task is still
               important to pursue, since it can lead to the identification of complex attacks that would not be detected
               by simpler feature extraction techniques. Such attacks could have a significant negative impact on the
               organizations targeted by attackers. Considering the adoption of techniques with a higher computational
               cost can also be mitigated by designing parallel or high-performance computing implementations [23,24] .

               In conclusion, even if the results presented in this study are not vast enough to demonstrate the superiority
               of the proposed method on a broad scale, they are meant to show the potential of word embeddings to
               extract a new representation for network traces that can be used to carry out intrusion detection tasks
               accurately. Feature extraction based on word embedding models requires a higher computational time than
               simpler techniques, but leads to a higher accuracy, which is important for the identification of complex
               attacks. In future work, we aim to perform an extensive evaluation with different learning scenarios
               and machine learning algorithms. We also aim to study in detail word embedding representations and
               understand how to enforce them with more sophisticated data processing steps.


               DECLARATIONS
               Authors’ contributions
               Methodology, data acquisition, implementation, redaction of manuscript and analysis of experimental
               results: Corizzo R
               Methodology, implementation and experiments: Zdravevski E
               Implementation of feature extraction prototypes: Russell M, Vagliano A
               Hypothesis formulation, methodology, data acquisition and analysis of experimental results: Japkowicz N


               Availability of data and materials
               Datasets are publicly available at the references reported in the Results section.


               Financial support and sponsorship
               We acknowledge the support of the Defense Advanced Research Projects Agency (DARPA) through the
               project ”Lifelong Streaming Anomaly Detection” (Grant No. A19-0131-003).


               Conflicts of interest
               All authors declared that there are no conflicts of interest.

               Ethical approval and consent to participate
               Not applicable.


               Consent for publication
               Not applicable.


               Copyright
               © The Author(s) 2020.


               REFERENCES
               1.   Axelsson S. Intrusion detection systems: a survey and taxonomy. Tech Rep 2000:99.
               2.   Bivens A, Palagiri C, Smith R, Szymanski B, Embrechts M. Network-based intrusion detection using neural networks. Intell Eng Syst
                   Artif Neural Netw 2002;12:579-84.
               3.   Zhang J, Zulkernine M, Haque A. Random-forests-based network intrusion detection systems. IEEE Trans Syst Man Cybern C
                   2008;38:649-59.
               4.   Kruegel C, Toth T. Using decision trees to improve signature based intrusion detection. International Workshop on Recent Advances in