A Survey of Distance and Similarity Measures Used Within Network Intrusion Anomaly Detection

Anomaly detection (AD) use within the network intrusion detection field of research, or network intrusion AD (NIAD), is dependent on the proper use of similarity and distance measures, but the measures used are often not documented in published research. As a result, while the body of NIAD research has grown extensively, knowledge of the utility of similarity and distance measures within the field has not grown correspondingly. NIAD research covers a myriad of domains and employs a diverse array of techniques from simple k-means clustering through advanced multiagent distributed AD systems. This review presents an overview of the use of similarity and distance measures within NIAD research. The analysis provides a theoretical background in distance measures and a discussion of various types of distance measures and their uses. Exemplary uses of distance measures in published research are presented, as is the overall state of the distance measure rigor in the field. Finally, areas that require further focus on improving the distance measure rigor in the NIAD field are presented.

[1]  Bhogeswar Borah,et al.  Network Anomaly Detection Using Unsupervised Model , 2017 .

[2]  Shailendra Singh,et al.  Generalized Discriminant Analysis algorithm for feature reduction in Cyber Attack Detection System , 2009, ArXiv.

[3]  Jérôme Darmont,et al.  Adaptive Network Intrusion Detection Learning: Attribute Selection and Classification , 2009 .

[4]  Rasha G. Mohamme,et al.  Design and Implementation of a Data Mining-Based Network Intrusion Detection Scheme , 2011 .

[5]  Hesham Altwaijry,et al.  Multi-Layer Bayesian Based Intrusion Detection System , 2011 .

[6]  Dhruba Kumar Bhattacharyya,et al.  Anomaly Detection Analysis of Intrusion Data Using Supervised & Unsupervised Approach , 2010, J. Convergence Inf. Technol..

[7]  Sanyam Shukla,et al.  Intrusion Detection using unsupervised learning , 2010 .

[8]  Xiangjian He,et al.  Network Intrusion Detection based on LDA for payload feature selection , 2010, 2010 IEEE Globecom Workshops.

[9]  Konrad Rieck,et al.  Language models for detection of unknown attacks in network traffic , 2006, Journal in Computer Virology.

[10]  VARUN CHANDOLA,et al.  Anomaly detection: A survey , 2009, CSUR.

[11]  Jun Wang,et al.  A real time IDSs based on artificial Bee Colony-support vector machine algorithm , 2010, Third International Workshop on Advanced Computational Intelligence.

[12]  Mansour Sheikhan,et al.  EFFECTS OF FEATURE REDUCTION ON THE PERFORMANCE OF ATTACK RECOGNITION BY STATIC AND DYNAMIC NEURAL NETWORKS , 2010 .

[13]  Somnuk Phon-Amnuaisuk,et al.  A cascaded classifier approach for improving detection rates on rare attack categories in network intrusion detection , 2010, Applied Intelligence.

[14]  Junshan Li,et al.  An Anomaly Detection System Based on Hide Markov Model for MANET , 2010, 2010 6th International Conference on Wireless Communications Networking and Mobile Computing (WiCOM).

[15]  Rajagopalan Vijayasarathy,et al.  A system approach to network modeling for DDoS detection using a Naìve Bayesian classifier , 2011, 2011 Third International Conference on Communication Systems and Networks (COMSNETS 2011).

[16]  Shingo Mabu,et al.  An Intrusion-Detection Model Based on Fuzzy Class-Association-Rule Mining Using Genetic Network Programming , 2011, IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews).

[17]  Mei-Ling Shyu,et al.  A Multiagent-based Intrusion Detection System with the Support of Multi-Class Supervised Classification , 2009, Data Mining and Multi-agent Integration.

[18]  Taeshik Shon,et al.  A Network Data Abstraction Method for Data Set Verification , 2011, STA.

[19]  Mark Crovella,et al.  Mining anomalies using traffic feature distributions , 2005, SIGCOMM '05.

[20]  Sadok Ben Yahia,et al.  MAD-IDS: Novel Intrusion Detection System Using Mobile Agents and Data Mining Approaches , 2010, PAISI.

[21]  S. Wierzchon,et al.  On the distance norms for detecting anomalies in multidimensional datasets , 2007 .

[22]  I. Ramesh Babu,et al.  Network Intrusion Detection Using FP Tree Rules , 2010, ArXiv.

[23]  Lu Yao,et al.  A network intrusion detection system with the snooping agents , 2010, 2010 International Conference on Computer Application and System Modeling (ICCASM 2010).

[24]  Omar Zakaria,et al.  Identify Features and Parameters to Devise an Accurate Intrusion Detection System Using Artificial Neural Network , 2010 .

[25]  Yinhui Li,et al.  An efficient intrusion detection system based on support vector machines and gradually feature removal method , 2012, Expert Syst. Appl..

[26]  Xiaorong Cheng,et al.  A real-time hybrid intrusion detection system based on Principle Component Analysis and Self Organizing Maps , 2010, 2010 Sixth International Conference on Natural Computation.

[27]  Gary B. Lamont,et al.  Multi agent system for network attack classification using flow-based intrusion detection , 2011, 2011 IEEE Congress of Evolutionary Computation (CEC).

[28]  Biying Zhang A Heuristic Genetic Neural Network for Intrusion Detection , 2011, 2011 International Conference on Internet Computing and Information Services.

[29]  Zulaiha Ali Othman,et al.  2011 3 Rd Conference on Data Mining and Optimization (dmo) Anomaly Detection for Ptm's Network Traffic Using Association Rule , 2022 .

[30]  Hadi Sarvari,et al.  Improving the accuracy of intrusion detection systems by using the combination of machine learning approaches , 2010, 2010 International Conference of Soft Computing and Pattern Recognition.

[31]  Jingwen Tian,et al.  Network Intrusion Detection Method Based on High Speed and Precise Genetic Algorithm Neural Network , 2009, 2009 International Conference on Networks Security, Wireless Communications and Trusted Computing.

[32]  Manuel Eduardo Correia,et al.  Tunable Immune Detectors for Behaviour-Based Network Intrusion Detection , 2011, ICARIS.

[33]  Rung Ching Chen,et al.  Using Rough Set and Support Vector Machine for Network Intrusion Detection System , 2009, 2009 First Asian Conference on Intelligent Information and Database Systems.

[34]  Keith Phalp,et al.  Exploring discrepancies in findings obtained with the KDD Cup '99 data set , 2011, Intell. Data Anal..

[35]  Nabil El Kadhi,et al.  Mobile Agents for Intrusion Detection System Based on A New Anomaly Approach , 2011 .

[36]  Francisco Marcos de Assis,et al.  A comparative study of use of Shannon, Rényi and Tsallis entropy for attribute selecting in network intrusion detection , 2011, 2011 IEEE International Workshop on Measurements and Networking Proceedings (M&N).

[37]  Wei Xu,et al.  Incremental SVM based on reserved set for network intrusion detection , 2011, Expert Syst. Appl..

[38]  Dewan Md. Farid,et al.  Attribute Weighting with Adaptive NBTree for Reducing False Positives in Intrusion Detection , 2010, ArXiv.

[39]  Wei Hu,et al.  AdaBoost-Based Algorithm for Network Intrusion Detection , 2008, IEEE Transactions on Systems, Man, and Cybernetics, Part B (Cybernetics).

[40]  David J. Day,et al.  A performance analysis of Snort and Suricata Network Intrusion Detection and Prevention Engines , 2011, ICDS 2011.

[41]  Alejandro Pérez-Villegas,et al.  An Anomaly-Based Approach for Intrusion Detection in Web Traffic , 2010 .

[42]  S. Parameswaran,et al.  MCAD: Multiple connection based anomaly detection , 2008, 2008 11th IEEE Singapore International Conference on Communication Systems.

[43]  Franz Aurenhammer,et al.  Voronoi diagrams—a survey of a fundamental geometric data structure , 1991, CSUR.

[44]  Yu Wang,et al.  An Efficient Hybrid Clustering-PSO Algorithm for Anomaly Intrusion Detection , 2011, J. Softw..

[45]  Francesco Palmieri,et al.  Network anomaly detection through nonlinear analysis , 2010, Comput. Secur..

[46]  Di He Improving the computer network intrusion detection performance using the relevance vector machine with Chebyshev chaotic map , 2011, 2011 IEEE International Symposium of Circuits and Systems (ISCAS).

[47]  Padraig Cunningham,et al.  A Taxonomy of Similarity Mechanisms for Case-Based Reasoning , 2009, IEEE Transactions on Knowledge and Data Engineering.

[48]  Zhengxin Chen,et al.  Multiple criteria mathematical programming for multi-class classification and application in network intrusion detection , 2009, Inf. Sci..

[49]  Robert L. Fanelli A Hybrid Model for Immune Inspired Network Intrusion Detection , 2008, ICARIS.

[50]  Manas Ranjan Patra,et al.  Ensemble of classifiers for detecting network intrusion , 2009, ICAC3 '09.

[51]  Zhu Xiaorong,et al.  Improvement of Association Rules Mining Algorithm in Wireless Network Intrusion Detection , 2009, 2009 International Conference on Computational Intelligence and Natural Computing.

[52]  Ying Li,et al.  PAIDS: A Proximity-Assisted Intrusion Detection System for Unidentified Worms , 2009, 2009 33rd Annual IEEE International Computer Software and Applications Conference.

[53]  Giandomenico Spezzano,et al.  An ensemble-based evolutionary framework for coping with distributed intrusion detection , 2010, Genetic Programming and Evolvable Machines.

[54]  Cheng Zhang,et al.  Network Intrusion Active Defense Model Based on Artificial Immune System , 2008, 2008 Fourth International Conference on Natural Computation.

[55]  Abdullah Sharaf Alghamdi,et al.  Application of artificial neural network in detection of DOS attacks , 2009, SIN '09.

[56]  Ioan Lucian Muntean,et al.  Distributed investigations of intrusion detection data on the grid , 2011, 2011 RoEduNet International Conference 10th Edition: Networking in Education and Research.

[57]  Arturo Ribagorda,et al.  A Functional Framework to Evade Network IDS , 2011, 2011 44th Hawaii International Conference on System Sciences.

[58]  Xiangjian He,et al.  Multivariate Correlation Analysis Technique Based on Euclidean Distance Map for Network Traffic Characterization , 2011, ICICS.

[59]  Hongle Du,et al.  A cooperative network intrusion detection based on heterogeneous distance function clustering , 2010, The 2010 14th International Conference on Computer Supported Cooperative Work in Design.

[60]  Arputharaj Kannan,et al.  Decision tree based light weight intrusion detection using a wrapper approach , 2012, Expert Syst. Appl..

[61]  Juan Wang,et al.  An Intrusion Detection Algorithm Based on Decision Tree Technology , 2009, 2009 Asia-Pacific Conference on Information Processing.

[62]  Siti Mariyam Shamsuddin,et al.  Ensemble classifiers for network intrusion detection system , 2009 .

[63]  T. Krueger,et al.  An Architecture for Inline Anomaly Detection , 2008, 2008 European Conference on Computer Network Defense.

[64]  Samarjeet Borah,et al.  Hashed-K-Means: A Proposed Intrusion Detection Algorithm , 2011 .

[65]  Vipin Das,et al.  Network Intrusion Detection System Based On Machine Learning Algorithms , 2010 .

[66]  Sung-Hyuk Cha Comprehensive Survey on Distance/Similarity Measures between Probability Density Functions , 2007 .

[67]  Dewan Md. Farid,et al.  Adaptive Intrusion Detection based on Boosting and Naïve Bayesian Classifier , 2011 .

[68]  Nagaraju Devarakonda,et al.  Outliers Detection as Network Intrusion Detection System Using Multi Layered Framework , 2011 .

[69]  Taghi M. Khoshgoftaar,et al.  Active learning with neural networks for intrusion detection , 2010, 2010 IEEE International Conference on Information Reuse & Integration.

[70]  Salvatore J. Stolfo,et al.  Anomalous Payload-Based Network Intrusion Detection , 2004, RAID.

[71]  T. S. Chou,et al.  Network Intrusion Detection Design Using Feature Selection of Soft Computing Paradigms , 2008 .

[72]  Ming-Yang Su,et al.  A real-time network intrusion detection system for large-scale attacks based on an incremental mining approach , 2009, Comput. Secur..

[73]  Mehmet A. Orgun,et al.  An Improved Wavelet Analysis Method for Detecting DDoS Attacks , 2010, 2010 Fourth International Conference on Network and System Security.

[74]  Wang Hou-xiang,et al.  A new Immunity Intrusion Detection Model Based on Genetic Algorithm and Vaccine Mechanism , 2010 .

[75]  Maoguo Gong,et al.  An efficient negative selection algorithm with further training for anomaly detection , 2012, Knowl. Based Syst..

[76]  Shailendra Singh,et al.  An ensemble approach for feature selection of Cyber Attack Dataset , 2009, ArXiv.

[77]  P. Mahalanobis On the generalized distance in statistics , 1936 .

[78]  Mohammad Reza Norouzian,et al.  Classifying attacks in a network intrusion detection system based on artificial neural networks , 2011, 13th International Conference on Advanced Communication Technology (ICACT2011).

[79]  Aman Jantan,et al.  A New Approach Based on Honeybee to Improve Intrusion Detection System Using Neural Network and Bees Algorithm , 2011, ICSECS.

[80]  Taner Tuncer,et al.  Detection DoS Attack on FPGA Using Fuzzy Association Rules , 2011, 2011IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications.

[81]  Elena Deza,et al.  Encyclopedia of Distances , 2014 .

[82]  Yun Yang,et al.  Design and implementation of distributed intrusion detection system based on honeypot , 2010, 2010 2nd International Conference on Computer Engineering and Technology.

[83]  K. Ghedira,et al.  MA_IDS : Mobile Agents for Intrusion Detection System , 2009, 2009 IEEE International Advance Computing Conference.

[84]  Shahrin Sahib,et al.  Time Based Intrusion Detection on Fast Attack for Network Intrusion Detection System , 2010, 2010 Second International Conference on Network Applications, Protocols and Services.

[85]  Rubana Tarannum,et al.  Hybrid Approach: Detection of Intrusion in Manet , 2011 .

[86]  Khaled Ghédira,et al.  Agent IDS based on Misuse Approach , 2009, J. Softw..

[87]  Charlie Obimbo,et al.  Multiple SOFMs Working Cooperatively In a Vote-based Ranking System For Network Intrusion Detection , 2011, Complex Adaptive Systems.

[88]  M. Sadiq Ali Khan,et al.  Efficient FSM Techniques for IDS to Reduce the System Attacks , 2011 .

[89]  Zhiping Cai,et al.  A Misleading Attack against Semi-supervised Learning for Intrusion Detection , 2010, MDAI.

[90]  Aboul Ella Hassanien,et al.  Bi-Layer Behavioral-Based Feature Selection Approach for Network Intrusion Classification , 2011, FGIT-SecTech.

[91]  Steffen Staab Ontologies and Similarity , 2011, ICCBR.

[92]  Hu Zhengbing,et al.  A Novel Network Intrusion Detection System (NIDS) Based on Signatures Search of Data Mining , 2008, First International Workshop on Knowledge Discovery and Data Mining (WKDD 2008).

[93]  Hossein Pedram,et al.  A DDoS-Aware IDS Model Based on Danger Theory and Mobile Agents , 2009, 2009 International Conference on Computational Intelligence and Security.

[94]  Huy Kang Kim,et al.  Self-similarity Based Lightweight Intrusion Detection Method for Cloud Computing , 2011, ACIIDS.

[95]  Wang Yu,et al.  Anomaly Network Detection Model Based on Mobile Agent , 2011, 2011 Third International Conference on Measuring Technology and Mechatronics Automation.

[96]  Amir-Hossein Jahangir,et al.  Entropy based SYN flooding detection , 2011, 2011 IEEE 36th Conference on Local Computer Networks.

[97]  Slawomir T. Wierzchon,et al.  An immune approach to classifying the high-dimensional datasets , 2008, 2008 International Multiconference on Computer Science and Information Technology.

[98]  Hiroki Takakura,et al.  Toward a more practical unsupervised anomaly detection system , 2013, Inf. Sci..

[99]  Mahmoud Reza Hashemi,et al.  An Adaptive DCT Based Intrusion Detection System , 2010 .

[100]  Luxi Yang,et al.  An Improved Perceptron Tree Learning Model Based Intrusion Detection Approach , 2009, 2009 International Conference on Artificial Intelligence and Computational Intelligence.

[101]  Fakhri Karray,et al.  Fuzzy ESVDF Approach for Intrusion Detection Systems , 2009, 2009 International Conference on Advanced Information Networking and Applications.

[102]  Shubair A. Abdulla,et al.  Setting a Worm Attack Warning by using Machine Learning to Classify NetFlow Data , 2011 .

[103]  Dijiang Huang,et al.  NICE: Network Intrusion Detection and Countermeasure Selection in Virtual Network Systems , 2013, IEEE Transactions on Dependable and Secure Computing.

[104]  Xiaoqin Zhang,et al.  Adaptive Distributed Intrusion Detection Using Parametric Model , 2009, 2009 IEEE/WIC/ACM International Joint Conference on Web Intelligence and Intelligent Agent Technology.

[105]  K. L. Shunmuganathan,et al.  A computational intelligence for evaluation of intrusion detection system , 2011 .

[106]  Guoqing Zhao,et al.  Correlating TCP/IP Interactive Sessions with Correlation Coefficient to Detect Stepping-Stone Intrusion , 2009, 2009 International Conference on Advanced Information Networking and Applications.

[107]  Muhammad Hussain,et al.  Optimized intrusion detection mechanism using soft computing techniques , 2013, Telecommun. Syst..

[108]  Heba F. Eid,et al.  Hybrid Intelligent Intrusion Detection Scheme , 2011 .

[109]  Li Guo,et al.  Using Entropy to Classify Traffic More Deeply , 2011, 2011 IEEE Sixth International Conference on Networking, Architecture, and Storage.

[110]  Guofei Gu,et al.  BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic , 2008, NDSS.

[111]  R. de Oliveira,et al.  Intrusion Detection System with Wavelet and Neural Artifical Network Approach for Networks Computers , 2011, IEEE Latin America Transactions.

[112]  Hussein A. Abbass,et al.  Evaluation of an adaptive genetic-based signature extraction system for network intrusion detection , 2011, Pattern Analysis and Applications.

[113]  Reyadh Naoum,et al.  Significant of features selection for detecting network intrusions , 2009, 2009 International Conference for Internet Technology and Secured Transactions, (ICITST).

[114]  Juan E. Tapiador,et al.  Evolving High-Speed, Easy-to-Understand Network Intrusion Detection Rules with Genetic Programming , 2009, EvoWorkshops.

[115]  Peyman Kabiri,et al.  Identification of effective network features to detect Smurf attacks , 2009, 2009 IEEE Student Conference on Research and Development (SCOReD).

[116]  Norbik Bashah Idris,et al.  Improved Intrusion Detection System Using Fuzzy Logic for Detecting Anamoly and Misuse Type of Attacks , 2009, 2009 International Conference of Soft Computing and Pattern Recognition.

[117]  Zheng Lu,et al.  The VoIP intrusion detection through a LVQ-based neural network , 2009, 2009 International Conference for Internet Technology and Secured Transactions, (ICITST).

[118]  Robert L. Fanelli Further Experimentation with Hybrid Immune Inspired Network Intrusion Detection , 2010, ICARIS.

[119]  Michal Pechoucek,et al.  CAMNEP: agent-based network intrusion detection system , 2008, AAMAS.

[120]  Mansour Sheikhan,et al.  Fast Neural Intrusion Detection System Based on Hidden Weight Optimization Algorithm and Feature Selection , 2009 .

[121]  John A. Clark,et al.  Evolutionary computation techniques for intrusion detection in mobile ad hoc networks , 2011, Comput. Networks.

[122]  Abdullah Azween,et al.  Intrusion detection using feature subset selection based on MLP , 2011 .

[123]  Ma Zhenying Reason for Hierarchical Self Organized Map-Based Intrusion Detection System Incapable of Increasing Detection Rate , 2009, 2009 International Symposium on Information Engineering and Electronic Commerce.

[124]  Sushil Jajodia,et al.  Online detection of network traffic anomalies using behavioral distance , 2009, 2009 17th International Workshop on Quality of Service.