A Systematic Review of Defensive and Offensive Cybersecurity with Machine Learning

This is a systematic review of over one hundred research papers about machine learning methods applied to defensive and offensive cybersecurity. In contrast to previous reviews, which focused on several fragments of research topics in this area, this paper systematically and comprehensively combines domain knowledge into a single review. Ultimately, this paper seeks to provide a base for researchers that wish to delve into the field of machine learning for cybersecurity. Our findings identify the frequently used machine learning methods within supervised, unsupervised, and semi-supervised machine learning, the most useful data sets for evaluating intrusion detection methods within supervised learning, and methods from machine learning that have shown promise in tackling various threats in defensive and offensive cybersecurity.

[1]  J. Ioannidis,et al.  The PRISMA Statement for Reporting Systematic Reviews and Meta-Analyses of Studies That Evaluate Health Care Interventions: Explanation and Elaboration , 2009, Annals of Internal Medicine [serial online].

[2]  George Karabatis,et al.  Contextual information fusion for intrusion detection: a survey and taxonomy , 2017, Knowledge and Information Systems.

[3]  Kevin Jones,et al.  Early Stage Malware Prediction Using Recurrent Neural Networks , 2017, Comput. Secur..

[4]  Ferhat Özgür Çatak,et al.  Secure Multi-party Computation Based Privacy Preserving Extreme Learning Machine Algorithm Over Vertically Distributed Data , 2015, ICONIP.

[5]  Kamel Adi,et al.  An auto-learning approach for network intrusion detection , 2018, Telecommun. Syst..

[6]  S. M. Kovalev,et al.  Advanced Temporal-Difference Learning for Intrusion Detection , 2015 .

[7]  Takashi Onoda Probabilistic models-based intrusion detection using sequence characteristics in control system communication , 2015, Neural Computing and Applications.

[8]  Ruhul A. Sarker,et al.  Survey of Uses of Evolutionary Computation Algorithms and Swarm Intelligence for Network Intrusion Detection , 2015, Int. J. Comput. Intell. Appl..

[9]  Nasser R. Sabar,et al.  A Bi-objective Hyper-Heuristic Support Vector Machines for Big Data Cyber-Security , 2018, IEEE Access.

[10]  Boucif Amar Bensaber,et al.  On Copulas-Based Classification Method for Intrusion Detection , 2015, CIIA.

[11]  Yilun Shang,et al.  False Positive and False Negative Effects on Network Attacks , 2018 .

[12]  M. A. Novotny,et al.  An evaluation of the performance of Restricted Boltzmann Machines as a model for anomaly network intrusion detection , 2018, Comput. Networks.

[13]  Shahram Sarkani,et al.  A network intrusion detection system based on a Hidden Naïve Bayes multiclass classifier , 2012, Expert Syst. Appl..

[14]  Giandomenico Spezzano,et al.  GP Ensemble for Distributed Intrusion Detection Systems , 2005, ICAPR.

[15]  Sadok Ben Yahia,et al.  Towards a Multiagent-Based Distributed Intrusion Detection System Using Data Mining Approaches , 2011, ADMI.

[16]  Shahram Babaie,et al.  A hybrid intrusion detection system based on ABC-AFS algorithm for misuse and anomaly detection , 2018, Comput. Networks.

[17]  Hiroki Takakura,et al.  Toward a more practical unsupervised anomaly detection system , 2013, Inf. Sci..

[18]  Andrew J. Clark,et al.  Data preprocessing for anomaly based network intrusion detection: A review , 2011, Comput. Secur..

[19]  L. Javier García-Villalba,et al.  Adaptive artificial immune networks for mitigating DoS flooding attacks , 2018, Swarm Evol. Comput..

[20]  Zheng Wang,et al.  Deep Learning-Based Intrusion Detection With Adversaries , 2018, IEEE Access.

[21]  Sung Bum Pan,et al.  Host-based intrusion detection system for secure human-centric computing , 2015, The Journal of Supercomputing.

[22]  Salah El Hadaj,et al.  Performance evaluation of intrusion detection based on machine learning using Apache Spark , 2018 .

[23]  Zoran Obradovic,et al.  Predicting Adversarial Cyber-Intrusion Stages Using Autoregressive Neural Networks , 2018, IEEE Intelligent Systems.

[24]  Farrukh Aslam Khan,et al.  A hybrid technique using binary particle swarm optimization and decision tree pruning for network intrusion detection , 2018, Cluster Computing.

[25]  Li Sun,et al.  A new privacy-preserving proximal support vector machine for classification of vertically partitioned data , 2014, International Journal of Machine Learning and Cybernetics.

[26]  Xiaobo Zhou,et al.  A-GHSOM: An adaptive growing hierarchical self organizing map for network anomaly detection , 2012, J. Parallel Distributed Comput..

[27]  R. M. Chandrasekaran,et al.  Intrusion detection using neural based hybrid classification methods , 2011, Comput. Networks.

[28]  Tirtharaj Dash,et al.  A study on intrusion detection using neural networks trained with evolutionary algorithms , 2017, Soft Comput..

[29]  Xinghuo Yu,et al.  Detecting Anomalous Behavior in Cloud Servers by Nested-Arc Hidden SEMI-Markov Model with State Summarization , 2019, IEEE Transactions on Big Data.

[30]  Amaury Lendasse,et al.  Adaptive and online network intrusion detection system using clustering and Extreme Learning Machines , 2017, J. Frankl. Inst..

[31]  Wang Jian,et al.  Hybrid Intrusion Detection Method to Increase Anomaly Detection by Using Data Mining Techniques , 2016 .

[32]  Naren Ramakrishnan,et al.  Causality reasoning about network events for detecting stealthy malware activities , 2016, Comput. Secur..

[33]  Xiapu Luo,et al.  MVPSys: Toward practical multi-view based false alarm reduction system in network intrusion detection , 2016, Comput. Secur..

[34]  Yilun Shang,et al.  Hybrid consensus for averager-copier-voter networks with non-rational agents , 2018 .

[35]  Xin Xu,et al.  Sequential anomaly detection based on temporal-difference learning: Principles, models and case studies , 2010, Appl. Soft Comput..

[36]  Shahram Sarkani,et al.  MARK-ELM: Application of a novel Multiple Kernel Learning framework for improving the robustness of Network Intrusion Detection , 2015, Expert Syst. Appl..

[37]  Francisco Herrera,et al.  A multi-objective evolutionary fuzzy system to obtain a broad and accurate set of solutions in intrusion detection systems , 2019, Soft Comput..

[38]  Ravi Jain,et al.  D-SCIDS: Distributed soft computing intrusion detection system , 2007, J. Netw. Comput. Appl..

[39]  Ali A. Ghorbani,et al.  Botnet detection based on traffic behavior analysis and flow intervals , 2013, Comput. Secur..

[40]  Tim Watson,et al.  A LogitBoost-Based Algorithm for Detecting Known and Unknown Web Attacks , 2017, IEEE Access.

[41]  Siome Goldenstein,et al.  An approach to the correlation of security events based on machine learning techniques , 2013, Journal of Internet Services and Applications.

[42]  Ming-Syan Chen,et al.  On the Design and Analysis of the Privacy-Preserving SVM Classifier , 2011, IEEE Transactions on Knowledge and Data Engineering.

[43]  Jemal H. Abawajy,et al.  Multilayer hybrid strategy for phishing email zero‐day filtering , 2017, Concurr. Comput. Pract. Exp..

[44]  Alampallam Ramaswamy Vasudevan,et al.  Local outlier factor and stronger one class classifier based hierarchical model for detection of attacks in network intrusion detection dataset , 2015, Frontiers of Computer Science.

[45]  Gholamhossein Dastghaibyfard,et al.  Two-tier network anomaly detection model: a machine learning approach , 2017, Journal of Intelligent Information Systems.

[46]  Sami Bourouis,et al.  Web Service Intrusion Detection Using a Probabilistic Framework , 2014, ICSEng.

[47]  Kwangjo Kim,et al.  Data Randomization and Cluster-Based Partitioning for Botnet Intrusion Detection , 2016, IEEE Transactions on Cybernetics.

[48]  Jasmin Kevric,et al.  An effective combining classifier approach using tree algorithms for network intrusion detection , 2017, Neural Computing and Applications.

[49]  Shie-Jue Lee,et al.  Network intrusion detection using equality constrained-optimization-based extreme learning machines , 2018, Knowl. Based Syst..

[50]  Seyed Mojtaba Hosseini Bamakan,et al.  An effective intrusion detection framework based on MCLP/SVM optimized by time-varying chaos particle swarm optimization , 2016, Neurocomputing.

[51]  Luciana B Sollaci,et al.  The introduction, methods, results, and discussion (IMRAD) structure: a fifty-year survey. , 2004, Journal of the Medical Library Association : JMLA.

[52]  Aman Jantan,et al.  A New Approach Based on Honeybee to Improve Intrusion Detection System Using Neural Network and Bees Algorithm , 2011, ICSECS.

[53]  Simin Nadjm-Tehrani,et al.  Adaptive real-time anomaly detection with incremental clustering , 2007, Inf. Secur. Tech. Rep..

[54]  Yu-Lin He,et al.  Fuzziness based semi-supervised learning approach for intrusion detection system , 2017, Inf. Sci..

[55]  Yuguang Fang,et al.  Efficient Privacy-Preserving Machine Learning in Hierarchical Distributed System , 2019, IEEE Transactions on Network Science and Engineering.

[56]  Xiangji Huang,et al.  Mining network data for intrusion detection through combining SVMs with ant colony networks , 2014, Future Gener. Comput. Syst..

[57]  Jakub Breier,et al.  Anomaly Detection from Log Files Using Data Mining Techniques , 2015 .

[58]  Harish Kumar,et al.  An intrusion detection system using network traffic profiling and online sequential extreme learning machine , 2015, Expert Syst. Appl..

[59]  Yilun Shang,et al.  Subgraph Robustness of Complex Networks Under Attacks , 2019, IEEE Transactions on Systems, Man, and Cybernetics: Systems.

[60]  Jian-hua Li,et al.  Cyber security meets artificial intelligence: a survey , 2018, Frontiers of Information Technology & Electronic Engineering.