Analysis of Machine Learning Techniques for Intrusion Detection System: A Review

Security is a key issue to both computer and computer networks. Intrusion detection System (IDS) is one of the major research problems in network security. IDSs are developed to detect both known and unknown attacks. There are many techniques used in IDS for protecting computers and networks from network based and host based attacks. Various Machine learning techniques are used in IDS. This study analyzes machine learning techniques in IDS. It also reviews many related studies done in the period from 2000 to 2012 and it focuses on machine learning techniques. Related studies include single, hybrid, ensemble classifiers, baseline and datasets used.

[1]  Gurpreet Singh,et al.  A Review of Machine Learning based Anomaly Detection Techniques , 2013, ArXiv.

[2]  Wei Cong,et al.  Anomaly intrusion detection based on PLS feature extraction and core vector machine , 2013, Knowl. Based Syst..

[3]  Shahram Sarkani,et al.  A network intrusion detection system based on a Hidden Naïve Bayes multiclass classifier , 2012, Expert Syst. Appl..

[4]  H. Gharaee,et al.  A novel hybrid anomaly based intrusion detection method , 2012, 6th International Symposium on Telecommunications (IST).

[5]  Chou-Yuan Lee,et al.  An intelligent algorithm with feature selection and decision rules applied to anomaly intrusion detection , 2012, Appl. Soft Comput..

[6]  Clayton R. Pereira,et al.  An Optimum-Path Forest framework for intrusion detection in computer networks , 2012, Eng. Appl. Artif. Intell..

[7]  Arputharaj Kannan,et al.  Network intrusion detection system using genetic network programming with support vector machine , 2012, ICACCI '12.

[8]  Asif Ekbal,et al.  Genetic algorithm combined with support vector machine for building an intrusion detection system , 2012, ICACCI '12.

[9]  Brahim Belhaouari Samir,et al.  An approach towards intrusion detection using PCA feature subsets and SVM , 2012, 2012 International Conference on Computer & Information Science (ICCIS).

[10]  Chi Cheng,et al.  Extreme learning machines for intrusion detection , 2012, The 2012 International Joint Conference on Neural Networks (IJCNN).

[11]  N. Hundewale,et al.  An intelligent approach for Intrusion Detection based on data mining techniques , 2012, 2012 International Conference on Multimedia Computing and Systems.

[12]  S. Karthikeyan,et al.  An ensemble design of intrusion detection system for handling uncertainty using Neutrosophic Logic Classifier , 2012, Knowl. Based Syst..

[13]  Shan Suthaharan,et al.  Relevance feature selection with data cleaning for intrusion detection system , 2012, 2012 Proceedings of IEEE Southeastcon.

[14]  Hari Om,et al.  A hybrid system for reducing the false alarm rate of anomaly intrusion detection system , 2012, 2012 1st International Conference on Recent Advances in Information Technology (RAIT).

[15]  Carlos García Garino,et al.  An autonomous labeling approach to support vector machines algorithms for network traffic anomaly detection , 2012, Expert Syst. Appl..

[16]  Arputharaj Kannan,et al.  A Novel Weighted Fuzzy C –Means Clustering Based on Immune Genetic Algorithm for Intrusion Detection , 2012 .

[17]  Amutha Prabakar Muniyandi,et al.  Network Anomaly Detection by Cascading K-Means Clustering and C4.5 Decision Tree algorithm , 2012 .

[18]  Ke Liu,et al.  A Novel Approach of KPCA and SVM for Intrusion Detection , 2012 .

[19]  K. L. Shunmuganathan,et al.  An Effective IDS for MANET Using Forward Feature Selection and Classification Algorithms , 2012 .

[20]  Norrozila Sulaiman,et al.  Intrusion Detection System Based on SVM for WLAN , 2012 .

[21]  Neelam Sharma,et al.  INTRUSION DETECTION USING NAIVE BAYES CLASSIFIER WITH FEATURE REDUCTION , 2012 .

[22]  P. S. Avadhani,et al.  Genetic Algorithm based Weight Extraction Algorithm for Artificial Neural Network Classifier in Intrusion Detection , 2012 .

[23]  Saurabh Mukherjee,et al.  A Novel Multi-Classifier Layered Approach to Improve Minority Attack Detection in IDS☆ , 2012 .

[24]  Hesham Altwaijry,et al.  Bayesian based intrusion detection system , 2012, J. King Saud Univ. Comput. Inf. Sci..

[25]  Nagaraju Devarakonda,et al.  Intrusion Detection System using Bayesian Network and Hidden Markov Model , 2012 .

[26]  Arputharaj Kannan,et al.  Decision tree based light weight intrusion detection using a wrapper approach , 2012, Expert Syst. Appl..

[27]  Dong Seong Kim,et al.  Detection of DDoS attacks using optimized traffic matrix , 2012, Comput. Math. Appl..

[28]  Yinhui Li,et al.  An efficient intrusion detection system based on support vector machines and gradually feature removal method , 2012, Expert Syst. Appl..

[29]  Namita Mittal,et al.  Hybrid Approach for Detection of Anomaly Network Traffic using Data Mining Techniques , 2012 .

[30]  Xie Yong,et al.  An intelligent anomaly analysis for intrusion detection based on SVM , 2012, 2012 International Conference on Computer Science and Information Processing (CSIP).

[31]  Manas Ranjan Patra,et al.  A Hybrid Intelligent Approach for Network Intrusion Detection , 2012 .

[32]  Woraphon Lilakiatsakun,et al.  Computer network security based on Support Vector Machine approach , 2011, 2011 11th International Conference on Control, Automation and Systems.

[33]  Phurivit Sangkatsanee,et al.  Practical real-time intrusion detection using machine learning approaches , 2011, Comput. Commun..

[34]  A Jaya Lakshmi,et al.  Optimized feature selection with k-means clustered triangle SVM for Intrusion Detection , 2011, 2011 Third International Conference on Advanced Computing.

[35]  Gisung Kim,et al.  Self-adaptive and dynamic clustering for online anomaly detection , 2011, Expert Syst. Appl..

[36]  Norrozila Sulaiman,et al.  A Novel Local Network Intrusion Detection System Based on Support Vector Machine , 2011 .

[37]  S. Selvakumar,et al.  Distributed denial of service attack detection using an ensemble of neural classifier , 2011, Comput. Commun..

[38]  Nasser Yazdani,et al.  Mutual information-based feature selection for intrusion detection systems , 2011, J. Netw. Comput. Appl..

[39]  R. M. Chandrasekaran,et al.  Intrusion detection using neural based hybrid classification methods , 2011, Comput. Networks.

[40]  Hamid Mohamadi,et al.  Design and analysis of genetic fuzzy systems for intrusion detection in computer networks , 2011, Expert Syst. Appl..

[41]  Wei Xu,et al.  Incremental SVM based on reserved set for network intrusion detection , 2011, Expert Syst. Appl..

[42]  Lei Li,et al.  A New Intrusion Detection System Based on Rough Set Theory and Fuzzy Support Vector Machine , 2011, 2011 3rd International Workshop on Intelligent Systems and Applications.

[43]  Jiankang Guo,et al.  An Intrusion Detection Method Based on Multiple Kernel Support Vector Machine , 2011, 2011 International Conference on Network Computing and Information Security.

[44]  Verónica Bolón-Canedo,et al.  Feature selection and classification in multiple class datasets: An application to KDD Cup 99 dataset , 2011, Expert Syst. Appl..

[45]  Ru Li,et al.  A New Intrusion Detection System Using Class and Sample Weighted C-support Vector Machine , 2011, 2011 Third International Conference on Communications and Mobile Computing.

[46]  Parag Kulkarni,et al.  Pattern based network security using decision trees and support vector machine , 2011, 2011 3rd International Conference on Electronics Computer Technology.

[47]  Ming-Yang Su,et al.  Real-time anomaly detection systems for Denial-of-Service attacks by weighted k-nearest-neighbor classifiers , 2011, Expert Syst. Appl..

[48]  Philipp Winter,et al.  Inductive Intrusion Detection in Flow-Based Network Data Using One-Class Support Vector Machines , 2011, 2011 4th IFIP International Conference on New Technologies, Mobility and Security.

[49]  Zhenyu Liu,et al.  A method of SVM with Normalization in Intrusion Detection , 2011 .

[50]  Shi-Jinn Horng,et al.  A novel intrusion detection system based on hierarchical clustering and support vector machines , 2011, Expert Syst. Appl..

[51]  Honoriu Valean,et al.  A novel intrusion detection method based on support vector machines , 2010, 2010 11th International Symposium on Computational Intelligence and Informatics (CINTI).

[52]  Xiaozhao Fang,et al.  A Research on Intrusion Detection Based on Support Vector Machines , 2010, 2010 International Conference on Communications and Intelligence Information Security.

[53]  Ashraf Darwish,et al.  Principle components analysis and Support Vector Machine based Intrusion Detection System , 2010, 2010 10th International Conference on Intelligent Systems Design and Applications.

[54]  So Young Sohn,et al.  Random effects logistic regression model for anomaly detection , 2007, Expert Syst. Appl..

[55]  Maria Papadaki,et al.  A preliminary two-stage alarm correlation and filtering system using SOM neural network and K-means algorithm , 2010, Comput. Secur..

[56]  Jian Ma,et al.  A new approach to intrusion detection using Artificial Neural Networks and fuzzy clustering , 2010, Expert Syst. Appl..

[57]  Zhang Ya Ming,et al.  Network intrusion detection method by least squares support vector machine classifier , 2010, 2010 3rd International Conference on Computer Science and Information Technology.

[58]  Hongle Du,et al.  Fuzzy Multi-Class Support Vector Machines for cooperative network intrusion detection , 2010, 9th IEEE International Conference on Cognitive Informatics (ICCI'10).

[59]  Li Yuan,et al.  A hybrid method of rough set and support vector machine in network intrusion detection , 2010, 2010 2nd International Conference on Signal Processing Systems.

[60]  Lei Li,et al.  Fuzzy Multi-class Support Vector Machine Based on Binary Tree in Network Intrusion Detection , 2010, 2010 International Conference on Electrical and Control Engineering.

[61]  P. R. Devale,et al.  Decision tree based Support Vector Machine for Intrusion Detection , 2010, 2010 International Conference on Networking and Information Technology.

[62]  Weixin Liu,et al.  An Improvement of Payload-Based Intrusion Detection Using Fuzzy Support Vector Machine , 2010, 2010 2nd International Workshop on Intelligent Systems and Applications.

[63]  Yanwei Zhu,et al.  Application of Improved Support Vector Machines in Intrusion Detection , 2010, 2010 2nd International Conference on E-business and Information System Security.

[64]  Bharat K. Bhargava,et al.  Identifying important characteristics in the KDD99 intrusion detection dataset by feature selection using a hybrid approach , 2010, 2010 17th International Conference on Telecommunications.

[65]  Jingbo Yuan,et al.  Intrusion Detection Model Based on Improved Support Vector Machine , 2010, 2010 Third International Symposium on Intelligent Information Technology and Security Informatics.

[66]  Mingwei Zhao,et al.  Feature Selection and Design of Intrusion Detection System Based on k-Means and Triangle Area Support Vector Machine , 2010, 2010 Second International Conference on Future Networks.

[67]  Chih-Fong Tsai,et al.  A triangle area based nearest neighbors approach to intrusion detection , 2010, Pattern Recognit..

[68]  Dewan Md. Farid,et al.  Anomaly Network Intrusion Detection Based on Improved Self Adaptive Bayesian Algorithm , 2010, J. Comput..

[69]  Zhenguo Chen,et al.  Support Vector Machines Improved by Artificial Immunisation Algorithm for Intrusion Detection , 2009, 2009 International Conference on Information Engineering and Computer Science.

[70]  Wei-Yang Lin,et al.  Intrusion detection by machine learning: A review , 2009, Expert Syst. Appl..

[71]  Yu Yongquan,et al.  An Intrusion Detection Algorithm Model Based on Extension Clustering Support Vector Machine , 2009, 2009 International Conference on Artificial Intelligence and Computational Intelligence.

[72]  Xu Qian,et al.  Intrusion Detection Using Isomap and Support Vector Machine , 2009, 2009 International Conference on Artificial Intelligence and Computational Intelligence.

[73]  Jiankun Hu,et al.  A program-based anomaly intrusion detection scheme using multiple detection engines and fuzzy inference , 2009, J. Netw. Comput. Appl..

[74]  Chunhua Gu,et al.  A Rough Set and SVM Based Intrusion Detection Classifier , 2009, 2009 Second International Workshop on Computer Science and Engineering.

[75]  Jingwen Tian,et al.  Intrusion Detection Method Based on Classify Support Vector Machine , 2009, 2009 Second International Conference on Intelligent Computation Technology and Automation.

[76]  Zhu Wang,et al.  A research using hybrid RBF/Elman neural networks for intrusion detection system secure model , 2009, Comput. Phys. Commun..

[77]  Yang Li,et al.  Building lightweight intrusion detection system using wrapper-based feature selection mechanisms , 2009, Comput. Secur..

[78]  Daquan Gu,et al.  A Novel Intrusion Detection Scheme Using Support Vector Machine Fuzzy Network for Mobile Ad Hoc Networks , 2009, 2009 Second Pacific-Asia Conference on Web Mining and Web-based Application.

[79]  Wenjun Zeng,et al.  A New Data-Mining Based Approach for Network Intrusion Detection , 2009, 2009 Seventh Annual Communication Networks and Services Research Conference.

[80]  Yi Zhang,et al.  Predicting intrusion goal using dynamic Bayesian network with transfer probability estimation , 2009, J. Netw. Comput. Appl..

[81]  Rung Ching Chen,et al.  Using Rough Set and Support Vector Machine for Network Intrusion Detection System , 2009, 2009 First Asian Conference on Intelligent Information and Database Systems.

[82]  Fakhri Karray,et al.  Features Selection for Intrusion Detection Systems Based on Support Vector Machines , 2009, 2009 6th IEEE Consumer Communications and Networking Conference.

[83]  Hossein Shirazi Anomaly Intrusion Detection System Using Information Theory, K-NN and KMC Algorithms , 2009 .

[84]  Zhichao Li,et al.  High Efficient Intrusion Detection Methodology with Twin Support Vector Machines , 2008, 2008 International Symposium on Information Science and Engineering.

[85]  Gengming Zhu,et al.  Research of Intrusion Detection Based on Support Vector Machine , 2008, 2008 International Conference on Advanced Computer Theory and Engineering.

[86]  Myung-Sup Kim,et al.  Traffic Flooding Attack Detection on SNMP MIB Using SVM , 2008 .

[87]  H. Mirzaei,et al.  A diversity creation method for ensemble based classification: Application in intrusion detection , 2008, 2008 7th IEEE International Conference on Cybernetic Intelligent Systems.

[88]  Abraham Kandel,et al.  Info-fuzzy algorithms for mining dynamic data streams , 2008, Appl. Soft Comput..

[89]  Jun He,et al.  A hybrid artificial immune system and Self Organising Map for network intrusion detection , 2008, Inf. Sci..

[90]  Pingzhi Fan,et al.  A feasible intrusion detector for recognizing IIS attacks based on neural networks , 2008, Comput. Secur..

[91]  Mu-qing Wu,et al.  KFDA and clustering based multiclass SVM for intrusion detection , 2008 .

[92]  Tong Shun-hai Application of improved support vector machines in intrusion detection , 2008 .

[93]  Fabio Roli,et al.  Intrusion detection in computer networks by a modular ensemble of one-class classifiers , 2008, Inf. Fusion.

[94]  Mohammad Saniee Abadeh,et al.  A parallel genetic local search algorithm for intrusion detection in computer networks , 2007, Eng. Appl. Artif. Intell..

[95]  Li Guo,et al.  An active learning based TCM-KNN algorithm for supervised network intrusion detection , 2007, Comput. Secur..

[96]  Sam Kwong,et al.  Genetic-fuzzy rule mining approach and evaluation of feature selection techniques for anomaly intrusion detection , 2007, Pattern Recognition.

[97]  Taeshik Shon,et al.  A hybrid machine learning approach to network anomaly detection , 2007, Inf. Sci..

[98]  Adel Nadjaran Toosi,et al.  A new approach to intrusion detection based on an evolutionary soft computing model using neuro-fuzzy classifiers , 2007, Comput. Commun..

[99]  Malcolm I. Heywood,et al.  A Hierarchical SOM based Intrusion Detection System , 2008 .

[100]  Zhang Yi,et al.  A hierarchical intrusion detection model based on the PCA neural networks , 2007, Neurocomputing.

[101]  Bo Yang,et al.  Hybrid flexible neural‐tree‐based intrusion detection systems , 2007, Int. J. Intell. Syst..

[102]  Ajith Abraham,et al.  Modeling intrusion detection system using hybrid intelligent systems , 2007, J. Netw. Comput. Appl..

[103]  Tansel Özyer,et al.  Intrusion detection by integrating boosting genetic fuzzy classifier and data mining criteria for rule pre-screening , 2007, J. Netw. Comput. Appl..

[104]  Bhavani M. Thuraisingham,et al.  A new intrusion detection system using support vector machines and hierarchical clustering , 2007, The VLDB Journal.

[105]  Inyoung Kim,et al.  A latent class modeling approach to detect network intrusion , 2006, Comput. Commun..

[106]  Taeshik Shon,et al.  Applying genetic algorithm for classifying anomalous TCP/IP packets , 2006, Neurocomputing.

[107]  Zhang Yi,et al.  Intrusion Detection Using PCASOM Neural Networks , 2006, ISNN.

[108]  Hui Wang,et al.  A clustering-based method for unsupervised intrusion detections , 2006, Pattern Recognit. Lett..

[109]  Roberto Battiti,et al.  Identifying intrusions in computer networks with principal component analysis , 2006, First International Conference on Availability, Reliability and Security (ARES'06).

[110]  Cheng Xiang,et al.  Design of Multiple-Level Hybrid Classifier for Intrusion Detection System , 2005, 2005 IEEE Workshop on Machine Learning for Signal Processing.

[111]  Emin Anarim,et al.  An intelligent intrusion detection system (IDS) for anomaly and misuse detection in computer networks , 2005, Expert Syst. Appl..

[112]  Sheng-Hsun Hsu,et al.  Application of SVM and ANN for intrusion detection , 2005, Comput. Oper. Res..

[113]  Hong Shen,et al.  Application of online-training SVMs for real-time intrusion detection with different considerations , 2005, Comput. Commun..

[114]  Dae-Ki Kang,et al.  Learning classifiers for misuse and anomaly detection using a bag of system calls representation , 2005, Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop.

[115]  Chunlin Zhang,et al.  Intrusion detection using hierarchical neural networks , 2005, Pattern Recognit. Lett..

[116]  Andrew H. Sung,et al.  Intrusion detection using an ensemble of intelligent paradigms , 2005, J. Netw. Comput. Appl..

[117]  Kien A. Hua,et al.  Decision tree classifier for network intrusion detection with GA-based feature selection , 2005, ACM Southeast Regional Conference.

[118]  Ajith Abraham,et al.  ANTIDS: Self Orga nized Ant-Based C lustering Model for Intrusion Det ection System , 2004, WSTST.

[119]  Salvatore J. Stolfo,et al.  Anomalous Payload-Based Network Intrusion Detection , 2004, RAID.

[120]  Lang Yu,et al.  Intrusion detection using rough set classification , 2004, Journal of Zhejiang University. Science.

[121]  Jia Liu,et al.  Using statistical analysis and support vector machine classification to detect complicated attacks , 2004, Proceedings of 2004 International Conference on Machine Learning and Cybernetics (IEEE Cat. No.04EX826).

[122]  Xiangliang Zhang,et al.  A Novel Intrusion Detection Method Based on Principle Component Analysis in Computer Security , 2004, ISNN.

[123]  Andrew H. Sung,et al.  Modeling Intrusion Detection Systems Using Linear Genetic Programming Approach , 2004, IEA/AIE.

[124]  Wei Zhang,et al.  A genetic clustering method for intrusion detection , 2004, Pattern Recognit..

[125]  Sugata Sanyal,et al.  Adaptive neuro-fuzzy intrusion detection systems , 2004, International Conference on Information Technology: Coding and Computing, 2004. Proceedings. ITCC 2004..

[126]  Steven L. Scott,et al.  A Bayesian paradigm for designing intrusion detection systems , 2004, Computational Statistics & Data Analysis.

[127]  Teuvo Kohonen,et al.  Self-organized formation of topologically correct feature maps , 2004, Biological Cybernetics.

[128]  Mehdi MORADI,et al.  A Neural Network Based System for Intrusion Detection and Classification of Attacks , 2004 .

[129]  Sung-Bae Cho,et al.  Detecting intrusion with rule-based integration of multiple models , 2003, Comput. Secur..

[130]  Philip K. Chan,et al.  An Analysis of the 1999 DARPA/Lincoln Laboratory Evaluation Data for Network Anomaly Detection , 2003, RAID.

[131]  Ingoo Han,et al.  The neural network models for IDS based on the asymmetric costs of false negative errors and false positive errors , 2003, Expert Syst. Appl..

[132]  Salvatore J. Stolfo,et al.  Using artificial anomalies to detect unknown and known network intrusions , 2003, Knowledge and Information Systems.

[133]  M. Shyu,et al.  A Novel Anomaly Detection Scheme Based on Principal Component Classifier , 2003 .

[134]  Salvatore J. Stolfo,et al.  One Class Support Vector Machines for Detecting Anomalous Windows Registry Accesses , 2003 .

[135]  F. Cuppens,et al.  Efficient Intrusion Detection Using Principal Component Analysis , 2003 .

[136]  Fabio Roli,et al.  Intrusion detection in computer networks by multiple classifier systems , 2002, Object recognition supported by user interaction for service robots.

[137]  V. Rao Vemuri,et al.  Use of K-Nearest Neighbor classifier for intrusion detection , 2002, Comput. Secur..

[138]  Rayford B. Vaughn,et al.  An improved algorithm for fuzzy data mining for intrusion detection , 2002, 2002 Annual Meeting of the North American Fuzzy Information Processing Society Proceedings. NAFIPS-FLINT 2002 (Cat. No. 02TH8622).

[139]  Eleazar Eskin,et al.  A GEOMETRIC FRAMEWORK FOR UNSUPERVISED ANOMALY DETECTION: DETECTING INTRUSIONS IN UNLABELED DATA , 2002 .

[140]  S. V. Raghavan,et al.  Intrusion detection through learning behavior model , 2001, Comput. Commun..

[141]  Salvatore J. Stolfo,et al.  Data mining methods for detection of new malicious executables , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[142]  Salvatore J. Stolfo,et al.  A framework for constructing features and models for intrusion detection systems , 2000, TSEC.

[143]  J. Nazuno Haykin, Simon. Neural networks: A comprehensive foundation, Prentice Hall, Inc. Segunda Edición, 1999 , 2000 .

[144]  S. Bridges INTRUSION DETECTION VIA FUZZY DATA MINING , 2000 .

[145]  Susan M. Bridges,et al.  Mining fuzzy association rules and fuzzy frequency episodes for intrusion detection , 2000, Int. J. Intell. Syst..

[146]  Simon Haykin,et al.  Neural Networks: A Comprehensive Foundation , 1998 .

[147]  Salvatore J. Stolfo,et al.  Data Mining Approaches for Intrusion Detection , 1998, USENIX Security Symposium.

[148]  Vladimir Vapnik,et al.  Statistical learning theory , 1998 .

[149]  E. Mizutani,et al.  Neuro-Fuzzy and Soft Computing-A Computational Approach to Learning and Machine Intelligence [Book Review] , 1997, IEEE Transactions on Automatic Control.

[150]  Josef Kittler,et al.  Combining classifiers , 1996, Proceedings of 13th International Conference on Pattern Recognition.

[151]  Christopher M. Bishop,et al.  Neural networks for pattern recognition , 1995 .

[152]  H. Zimmermann,et al.  Fuzzy Set Theory and Its Applications , 1993 .

[153]  John R. Koza,et al.  Genetic programming - on the programming of computers by means of natural selection , 1993, Complex adaptive systems.