Anomaly‐based intrusion detection systems: The requirements, methods, measurements, and datasets

With the Internet's unprecedented growth and nations' reliance on computer networks, new cyber‐attacks are created every day as means for achieving financial gain, imposing political agendas, and developing cyberwarfare arsenals. Network security is thus acquiring increasing attention among researchers, practitioners, network architects, policy makers, and others. To defend organizations' networks from existing, foreseen, and future threats, intrusion detection systems (IDSs) are becoming a must. Existing surveys on anomaly‐based IDS (AIDS) focus on specific components such as detection mechanisms and lack many others. In contrast to existing surveys, this article covers the full scope needed by researchers and practitioners alike when studying AIDS. The scope ranges from the intrusion detection techniques to attacks forms and passing through the relevant attack features, most‐used datasets, challenges, and potential solutions. This article provides an exhaustive review of IDSs and discusses their requirements and performance metrics in deep. It presents a taxonomy of IDSs based on four criteria: information source, detection strategy, detection mode, and architecture. Then, in‐depth analysis and a comparison of network intrusion detection approaches based on anomaly detection techniques are given. The article also introduces a classification of computer network attacks, along with their different forms and the relevant network traffic features to detect them, as well as a summary of the popular datasets used by the researchers to evaluate the IDSs. Finally, the article highlights several research challenges and the possible solutions to deal with them.

[1]  Kumar Abhishek,et al.  An integrated intrusion detection system using correlation‐based attribute selection and artificial neural network , 2020, Trans. Emerg. Telecommun. Technol..

[2]  Wei Ma,et al.  Analysis of anomaly detection method for Internet of things based on deep learning , 2020, Trans. Emerg. Telecommun. Technol..

[3]  Jacques Demerjian,et al.  Toward fast and accurate emergency cases detection in BSNs , 2020, IET Wirel. Sens. Syst..

[4]  V. Govindasamy,et al.  Enhanced intrusion detection system via agent clustering and classification based on outlier detection , 2020, Peer-to-Peer Networking and Applications.

[5]  A. M. Riyad,et al.  An adaptive distributed Intrusion detection system architecture using multi agents , 2019, International Journal of Electrical and Computer Engineering (IJECE).

[6]  Chakchai So-In,et al.  Enhanced DDoS Detection using Hybrid Genetic Algorithm and Decision Tree for SDN , 2019, 2019 16th International Joint Conference on Computer Science and Software Engineering (JCSSE).

[7]  Iqbal Gondal,et al.  Survey of intrusion detection systems: techniques, datasets and challenges , 2019, Cybersecurity.

[8]  Liuwei Huo,et al.  Semi-supervised tri-Adaboost algorithm for network intrusion detection , 2019, Int. J. Distributed Sens. Networks.

[9]  Nicholas Kolokotronis,et al.  A Novel Online Incremental Learning Intrusion Prevention System , 2019, 2019 10th IFIP International Conference on New Technologies, Mobility and Security (NTMS).

[10]  Sami Bourouis,et al.  Network Anomaly Intrusion Detection Using a Nonparametric Bayesian Approach and Feature Selection , 2019, IEEE Access.

[11]  Shabib Aftab,et al.  A Feed-Forward and Pattern Recognition ANN Model for Network Intrusion Detection , 2019, International Journal of Computer Network and Information Security.

[12]  A. Chaudhary,et al.  Intrusion Detection System Based on Genetic Algorithm for Detection of Distribution Denial of Service Attacks in MANETs , 2019, SSRN Electronic Journal.

[13]  Tao Qin,et al.  IMLADS: Intelligent Maintenance and Lightweight Anomaly Detection System for Internet of Things , 2019, Sensors.

[14]  Jiadong Ren,et al.  Network Intrusion Detection Method Based on PCA and Bayes Algorithm , 2018, Secur. Commun. Networks.

[15]  Abderrahim Benslimane,et al.  Improving the Intrusion Detection System for NSL-KDD Dataset based on PCA-Fuzzy Clustering-KNN , 2018, 2018 6th International Conference on Wireless Networks and Mobile Communications (WINCOM).

[16]  Gürsel Serpen,et al.  Host-based misuse intrusion detection using PCA feature extraction and kNN classification algorithms , 2018, Intell. Data Anal..

[17]  Yu Lasheng,et al.  Deep Learning Approach Combining Sparse Autoencoder With SVM for Network Intrusion Detection , 2018, IEEE Access.

[18]  Fan Zhang,et al.  An Intrusion Detection System Using a Deep Neural Network With Gated Recurrent Units , 2018, IEEE Access.

[19]  Philippe Owezarski,et al.  Evaluating the Impact of Traffic Sampling on AATAC's DDoS Detection , 2018, WTMC@SIGCOMM.

[20]  Joel J. P. C. Rodrigues,et al.  A comprehensive survey on network anomaly detection , 2018, Telecommunication Systems.

[21]  Weizhi Meng,et al.  Intrusion Detection in the Era of IoT: Building Trust via Traffic Filtering and Sampling , 2018, Computer.

[22]  Yi Yi Aung,et al.  Hybrid Intrusion Detection System using K-means and K-Nearest Neighbors Algorithms , 2018, 2018 IEEE/ACIS 17th International Conference on Computer and Information Science (ICIS).

[23]  Jacques Demerjian,et al.  An In-depth Analysis of CUSUM Algorithm for the Detection of Mean and Variability Deviation in Time Series , 2018, W2GIS.

[24]  Biplab Sikdar,et al.  An Intrusion Detection System for Detecting Compromised Gateways in Clustered IoT Networks , 2018, 2018 IEEE International Workshop Technical Committee on Communications Quality and Reliability (CQR).

[25]  Zhixin Sun,et al.  An Improved Intrusion Detection Algorithm Based on GA and SVM , 2018, IEEE Access.

[26]  Victor C. M. Leung,et al.  Clustering Approach Based on Mini Batch Kmeans for Intrusion Detection System Over Big Data , 2018, IEEE Access.

[27]  Yuval Elovici,et al.  Kitsune: An Ensemble of Autoencoders for Online Network Intrusion Detection , 2018, NDSS.

[28]  Muhammad Sher,et al.  A two-stage flow-based intrusion detection model for next-generation networks , 2018, PloS one.

[29]  Emin Anarim,et al.  Statistical measures: Promising features for time series based DDoS attack detection , 2018, 2018 26th Signal Processing and Communications Applications Conference (SIU).

[30]  Jasmin Kevric,et al.  An effective combining classifier approach using tree algorithms for network intrusion detection , 2017, Neural Computing and Applications.

[31]  Santosh Biswas,et al.  Host based intrusion detection system using frequency analysis of n-gram terms , 2017, TENCON 2017 - 2017 IEEE Region 10 Conference.

[32]  Aloysius Edoh,et al.  A Statistical Approach Based on EWMA and CUSUM Control Charts for R2L Intrusion Detection , 2017, 2017 Cybersecurity and Cyberforensics Conference (CCC).

[33]  Omar Y. Al-Jarrah,et al.  Semi-supervised multi-layered clustering model for intrusion detection , 2017, Digit. Commun. Networks.

[34]  Muhammad Sher,et al.  Flow-based intrusion detection: Techniques and challenges , 2017, Comput. Secur..

[35]  Fatemeh Farnia,et al.  Low-Rate False Alarm Anomaly-Based Intrusion Detection System with One-Class SVM , 2017 .

[36]  Zhijian Wang,et al.  A centralized HIDS framework for private cloud , 2017, 2017 18th IEEE/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD).

[37]  Jaber Karimpour,et al.  Intrusion detection in network flows based on an optimized clustering criterion , 2017, Turkish J. Electr. Eng. Comput. Sci..

[38]  Fulufhelo Vincent Nelwamondo,et al.  A Fuzzy Logic Based Network Intrusion Detection System for Predicting the TCP SYN Flooding Attack , 2017, ACIIDS.

[39]  Robert C. Atkinson,et al.  Shallow and Deep Networks Intrusion Detection System: A Taxonomy and Survey , 2017, ArXiv.

[40]  Tarek N. Saadawi,et al.  Distributed Network Intrusion Detection Systems: An Artificial Immune System Approach , 2016, 2016 IEEE First International Conference on Connected Health: Applications, Systems and Engineering Technologies (CHASE).

[41]  Francesco Sergio Pisani,et al.  A Distributed Intrusion Detection Framework Based on Evolved Specialized Ensembles of Classifiers , 2016, EvoApplications.

[42]  Erhan Guven,et al.  A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection , 2016, IEEE Communications Surveys & Tutorials.

[43]  Ebrahim A. Gharavol,et al.  A Novel DoS and DDoS Attacks Detection Algorithm Using ARIMA Time Series Model and Chaotic System in Computer Networks , 2016, IEEE Communications Letters.

[44]  Gunupudi Rajesh Kumar,et al.  An improved k-Means Clustering algorithm for Intrusion Detection using Gaussian function , 2015 .

[45]  Abas Md Said,et al.  Hybrid machine learning technique for intrusion detection system , 2015 .

[46]  Miroslav Voznák,et al.  Centralized IDS Based on Misuse Detection for Cluster-Based Wireless Sensors Networks , 2015, Wireless Personal Communications.

[47]  Aiko Pras,et al.  Booters — An analysis of DDoS-as-a-service attacks , 2015, 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM).

[48]  Sunil Nilkanth Pawar,et al.  Genetic algorithm with variable length chromosomes for network intrusion detection , 2015, International Journal of Automation and Computing.

[49]  Yogita Danane,et al.  Intrusion detection system using fuzzy genetic algorithm , 2015, 2015 International Conference on Pervasive Computing (ICPC).

[50]  Chih-Fong Tsai,et al.  CANN: An intrusion detection system based on combining cluster centers and nearest neighbors , 2015, Knowl. Based Syst..

[51]  Neminath Hubballi,et al.  False alarm minimization techniques in signature-based intrusion detection systems: A survey , 2014, Comput. Commun..

[52]  T. Dunning,et al.  Practical Machine Learning: A New Look at Anomaly Detection , 2014 .

[53]  M. Bhuyan,et al.  Network attacks: Taxonomy, tools and systems , 2014, J. Netw. Comput. Appl..

[54]  Yousra Chabchoub,et al.  How can sliding HyperLogLog and EWMA detect port scan attacks in IP traffic? , 2014, EURASIP J. Inf. Secur..

[55]  A. Malathi,et al.  A Detailed Analysis on NSL-KDD Dataset Using Various Machine Learning Techniques for Intrusion Detection , 2013 .

[56]  Vallipuram Muthukkumarasamy,et al.  Metaheuristic algorithms based Flow Anomaly Detector , 2013, 2013 19th Asia-Pacific Conference on Communications (APCC).

[57]  Kensuke Fukuda,et al.  ADMIRE: Anomaly detection method using entropy-based PCA with three-step sketches , 2013, Comput. Commun..

[58]  Azizah Abdul Rahman,et al.  Signature-based Multi-Layer Distributed Intrusion Detection System using Mobile Agents , 2013, Int. J. Netw. Secur..

[59]  Zihui Ge,et al.  ALERT-ID: Analyze Logs of the Network Element in Real Time for Intrusion Detection , 2012, RAID.

[60]  Jugal K. Kalita,et al.  Packet and Flow Based Network Intrusion Dataset , 2012, IC3.

[61]  Ali A. Ghorbani,et al.  Toward developing a systematic approach to generate benchmark datasets for intrusion detection , 2012, Comput. Secur..

[62]  Md. Abu Naser Bikas,et al.  An Implementation of Intrusion Detection System Using Genetic Algorithm , 2012, ArXiv.

[63]  Jorge Amílcar Lopes Teixeira,et al.  Network traffic sampling for improved signature and anomaly based intrusion detection , 2012 .

[64]  Petar Cisar,et al.  EWMA Based Threshold Algorithm for Intrusion Detection , 2012 .

[65]  Jugal K. Kalita,et al.  Surveying Port Scans and Their Detection Methodologies , 2011, Comput. J..

[66]  Mahyar A. Amouzegar,et al.  Intelligent Automation and Systems Engineering , 2011 .

[67]  Nasser Yazdani,et al.  Mutual information-based feature selection for intrusion detection systems , 2011, J. Netw. Comput. Appl..

[68]  Ming-Yang Su,et al.  Real-time anomaly detection systems for Denial-of-Service attacks by weighted k-nearest-neighbor classifiers , 2011, Expert Syst. Appl..

[69]  Norbik Bashah Idris,et al.  Hybrid Intrusion Detection Systems (HIDS) using Fuzzy Logic , 2011 .

[70]  Philipp Winter,et al.  Inductive Intrusion Detection in Flow-Based Network Data Using One-Class Support Vector Machines , 2011, 2011 4th IFIP International Conference on New Technologies, Mobility and Security.

[71]  Ying Li,et al.  Enhancing Intrusion Detection System with proximity information , 2010, Int. J. Secur. Networks.

[72]  C Manusankar,et al.  Intrusion Detection System with packet filtering for IP Spoofing , 2010, 2010 International Conference on Communication and Computational Intelligence (INCOCCI).

[73]  N. Muraleedharan,et al.  ADRISYA: A FLOW BASED ANOMALY DETECTION SYSTEM FOR SLOW AND FAST SCAN , 2010 .

[74]  Jing Xu,et al.  A New Distributed Intrusion Detection Method Based on Immune Mobile Agent , 2010, 2018 Sixth International Conference on Advanced Cloud and Big Data (CBD).

[75]  Sadok Ben Yahia,et al.  MAD-IDS: Novel Intrusion Detection System Using Mobile Agents and Data Mining Approaches , 2010, PAISI.

[76]  Elidon Beqiri,et al.  Neural Networks for Intrusion Detection Systems , 2009 .

[77]  Ali A. Ghorbani,et al.  A detailed analysis of the KDD CUP 99 data set , 2009, 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications.

[78]  G. Maciá-Fernández,et al.  Anomaly-based network intrusion detection: Techniques, systems and challenges , 2009, Comput. Secur..

[79]  Mohammad Zulkernine,et al.  An anomaly intrusion detection method using the CSI-KNN algorithm , 2008, SAC '08.

[80]  Wei-Shinn Ku,et al.  Collaborative Detection of DDoS Attacks over Multiple Network Domains , 2007, IEEE Transactions on Parallel and Distributed Systems.

[81]  Liwei Kuang,et al.  DNIDS: A dependable network intrusion detection system using the CSI-KNN algorithm , 2007 .

[82]  Stamatis Vassiliadis,et al.  Packet pre-filtering for network intrusion detection , 2006, 2006 Symposium on Architecture For Networking And Communications Systems.

[83]  Sui Song,et al.  Flow-based Statistical Aggregation Schemes for Network Anomaly Detection , 2006, 2006 IEEE International Conference on Networking, Sensing and Control.

[84]  Vyas Sekar,et al.  LADS: Large-scale Automated DDoS Detection System , 2006, USENIX Annual Technical Conference, General Track.

[85]  Mohammad Zulkernine,et al.  A hybrid network intrusion detection technique using random forests , 2006, First International Conference on Availability, Reliability and Security (ARES'06).

[86]  Rajiv Ranjan,et al.  Development of a Comprehensive Intrusion Detection System - Challenges and Approaches , 2005, ICISS.

[87]  Jian-Jun Li,et al.  Intrusion detection based on clustering genetic algorithm , 2005, 2005 International Conference on Machine Learning and Cybernetics.

[88]  Zhong-Yang Xiong,et al.  Distributed intrusion detection based on clustering , 2005, 2005 International Conference on Machine Learning and Cybernetics.

[89]  Kavé Salamatian,et al.  Combining filtering and statistical methods for anomaly detection , 2005, IMC '05.

[90]  Shiuh-Pyng Shieh,et al.  Defending against spoofed DDoS attacks with path fingerprint , 2005, Comput. Secur..

[91]  Jelena Mirkovic,et al.  D-WARD: a source-end defense against flooding denial-of-service attacks , 2005, IEEE Transactions on Dependable and Secure Computing.

[92]  Ren Hui Gong,et al.  A software implementation of a genetic algorithm based approach to network intrusion detection , 2005, Sixth International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing and First ACIS International Workshop on Self-Assembling Wireless Network.

[93]  Mohammad Zulkernine,et al.  DIDMA: a distributed intrusion detection system using mobile agents , 2005, Sixth International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing and First ACIS International Workshop on Self-Assembling Wireless Network.

[94]  Hervé Debar,et al.  A serial combination of anomaly and misuse IDSes applied to HTTP traffic , 2004, 20th Annual Computer Security Applications Conference.

[95]  Salvatore J. Stolfo,et al.  Anomalous Payload-Based Network Intrusion Detection , 2004, RAID.

[96]  V.V. Phoha,et al.  Dimension reduction using feature extraction methods for real-time misuse detection systems , 2004, Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004..

[97]  George Varghese,et al.  Deterministic memory-efficient string matching algorithms for intrusion detection , 2004, IEEE INFOCOM 2004.

[98]  Ali Moeini,et al.  NFIDS: a neuro-fuzzy intrusion detection system , 2003, 10th IEEE International Conference on Electronics, Circuits and Systems, 2003. ICECS 2003. Proceedings of the 2003.

[99]  Grant Dick,et al.  Weighted feature extraction using a genetic algorithm for intrusion detection , 2003, The 2003 Congress on Evolutionary Computation, 2003. CEC '03..

[100]  Mohammed J. Zaki,et al.  ADMIT: anomaly-based data mining for intrusions , 2002, KDD.

[101]  Sushil Jajodia,et al.  ADAM: a testbed for exploring the use of data mining in intrusion detection , 2001, SGMD.

[102]  John McHugh,et al.  Testing Intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory , 2000, TSEC.

[103]  Julie A. Dickerson,et al.  Fuzzy network profiling for intrusion detection , 2000, PeachFuzz 2000. 19th International Conference of the North American Fuzzy Information Processing Society - NAFIPS (Cat. No.00TH8500).

[104]  S. W. Roberts,et al.  Control Chart Tests Based on Geometric Moving Averages , 2000, Technometrics.

[105]  Calton Pu,et al.  Buffer overflows: attacks and defenses for the vulnerability of the decade , 2000, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[106]  Sara Matzner,et al.  An application of machine learning to network intrusion detection , 1999, Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99).

[107]  Greg Shipley,et al.  Intrusion Detection, take two , 1999 .

[108]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[109]  Vern Paxson,et al.  Bro: a system for detecting network intruders in real-time , 1998, Comput. Networks.

[110]  Eugene H. Spafford,et al.  The design and implementation of tripwire: a file system integrity checker , 1994, CCS '94.

[111]  J. F. McClary,et al.  NADIR: An automated system for detecting network intrusion and misuse , 1993, Comput. Secur..

[112]  E. S. Page CONTINUOUS INSPECTION SCHEMES , 1954 .

[113]  Sylvio Barbon Junior,et al.  Artificial Immune Systems and Fuzzy Logic to Detect Flooding Attacks in Software-Defined Networks , 2020, IEEE Access.

[114]  S. Krishnaveni,et al.  Anomaly-Based Intrusion Detection System Using Support Vector Machine , 2020, Advances in Intelligent Systems and Computing.

[115]  Artificial Intelligence and Evolutionary Computations in Engineering Systems , 2020, Advances in Intelligent Systems and Computing.

[116]  Dimitris Sklavounos,et al.  Statistical Process Control Method for Cyber Intrusion Detection (DDoS, U2R, R2L, Probe) , 2019, International Journal of Cyber-Security and Digital Forensics.

[117]  V. Jyothsna,et al.  A Flow-Based Network Intrusion Detection System for High-Speed Networks Using Meta-heuristic Scale , 2019, Lecture Notes in Networks and Systems.

[118]  Ilemona S Atawodi A Machine Learning Approach to Network Intrusion Detection System Using K Nearest Neighbor and Random Forest , 2019 .

[119]  T. H. Divyasree,et al.  A Network Intrusion Detection System Based On Ensemble CVM Using Efficient Feature Selection Approach , 2018 .

[120]  Karim Afdel,et al.  Distributed Intrusion Detection System for Cloud Environments based on Data Mining techniques , 2018 .

[121]  Ghizlane Orhanou,et al.  A centralized secure plan for detecting and mitigation incidents in hybrid SDN , 2018 .

[122]  A. Shabtai,et al.  Kitsune: An Ensemble of Autoencoders for Online Network Intrusion Detection. , 2018 .

[123]  Vikram Bali,et al.  Genetic programming and K-nearest neighbour classifier based intrusion detection model , 2017, 2017 7th International Conference on Cloud Computing, Data Science & Engineering - Confluence.

[124]  Fang-jun Kuang,et al.  A Novel Network Intrusion Detection Based on Support Vector Machine and Tent Chaos Artificial Bee Colony Algorithm , 2017, J. Netw. Intell..

[125]  ANOMALY DETECTION FOR PACKET-BASED NETWORKS TECHNICAL FIELD OF THE INVENTION , 2017 .

[126]  Andreas Hotho,et al.  Flow-based benchmark data sets for intrusion detection , 2017 .

[127]  Mohiuddin Ahmed,et al.  A survey of network anomaly detection techniques , 2016, J. Netw. Comput. Appl..

[128]  Shikha Agrawal,et al.  Survey on Anomaly Detection using Data Mining Techniques , 2015, KES.

[129]  Abhijeet Desai,et al.  Centralized Control Signature-Based Firewall and Statistical-Based Network Intrusion Detection System (NIDS) in Software Defined Networks (SDN) , 2015 .

[130]  Leandros A. Maglaras,et al.  A Novel Distributed Intrusion Detection System for Vehicular Ad Hoc Networks , 2015 .

[131]  Alaa F. Sheta,et al.  A Professional Comparison of C4.5, MLP, SVM for Network Intrusion Detection based Feature Analysis , 2015 .

[132]  C. Gaikwad An Implementation Of Intrusion Detection System Using Genetic Algorithm Pdf , 2015 .

[133]  Jun Gao,et al.  Online Adaboost-Based Parameterized Methods for Dynamic Distributed Network Intrusion Detection , 2014, IEEE Transactions on Cybernetics.

[134]  Muttukrishnan Rajarajan,et al.  A survey of intrusion detection techniques in Cloud , 2013, J. Netw. Comput. Appl..

[135]  Vicente Julián,et al.  RT-MOVICAB-IDS: Addressing real-time intrusion detection , 2013, Future Gener. Comput. Syst..

[136]  Chun-Hung Richard Lin,et al.  Intrusion detection system: A comprehensive review , 2013, J. Netw. Comput. Appl..

[137]  Neelam Sharma,et al.  INTRUSION DETECTION USING NAIVE BAYES CLASSIFIER WITH FEATURE REDUCTION , 2012 .

[138]  Manas Ranjan Patra,et al.  A Hybrid Intelligent Approach for Network Intrusion Detection , 2012 .

[139]  R. Shanmugavadivu NETWORK INTRUSION DETECTION SYSTEM USING FUZZY LOGIC , 2011 .

[140]  Adetunmbi A. Olusola,et al.  Analysis of KDD '99 Intrusion Detection Dataset for Selection of Relevance Features , 2010 .

[141]  S. O. Falaki,et al.  NETWORK INTRUSION DETECTION BASED ON ROUGH SET AND K-NEAREST NEIGHBOUR , 2008 .

[142]  Georg Carle,et al.  Traffic Anomaly Detection Using K-Means Clustering , 2007 .

[143]  Vera Marinova-Boncheva,et al.  A Short Survey of Intrusion Detection Systems , 2007 .

[144]  Ravi Jain,et al.  D-SCIDS: Distributed soft computing intrusion detection system , 2007, J. Netw. Comput. Appl..

[145]  Imane Aly Saroit,et al.  IDSUDA: An Intrusion Detection System Using Distributed Agents , 2006 .

[146]  H. G. Kayacik,et al.  SELECTING FEATURES FOR INTRUSION DETECTION: A FEATURE RELEVANCE ANALYSIS ON KDD 99 INTRUSION DETECTION DATASETS , 2005 .

[147]  Carl E. Landwehr,et al.  Basic concepts and taxonomy of dependable and secure computing , 2004, IEEE Transactions on Dependable and Secure Computing.

[148]  Harley Kozushko,et al.  Intrusion Detection : Host-Based and Network-Based Intrusion Detection Systems , 2003 .

[149]  V. Rao Vemuri,et al.  NSOM: A Tool To Detect Denial Of Service Attacks Using Self-Organizing Maps , 2002 .

[150]  Susan M. Bridges,et al.  FUZZY DATA MINING AND GENETIC ALGORITHMS APPLIED TO INTRUSION DETECTION , 2002 .

[151]  E. Bloedorn,et al.  Data mining for network intrusion detection : How to get started , 2001 .

[152]  Li Jun,et al.  HIDE: a Hierarchical Network Intrusion Detection System Using Statistical Preprocessing and Neural Network Classification , 2001 .

[153]  Anita K. Jones,et al.  Computer System Intrusion Detection: A Survey , 2000 .

[154]  Giovanni Vigna,et al.  NetSTAT: A Network-based Intrusion Detection System , 1999, J. Comput. Secur..

[155]  James Cannady,et al.  Artificial Neural Networks for Misuse Detection , 1998 .

[156]  Eugene H. Spafford,et al.  Active Defense of a Computer System using Autonomous Agents , 1995 .

[157]  Eugene H. Spafford,et al.  A PATTERN MATCHING MODEL FOR MISUSE INTRUSION DETECTION , 1994 .

[158]  T. Lunt A Real-Time Intrusion Detection Expert System (IDES)-Final Report , 1992 .