A Comprehensive Review and Meta-Analysis on Applications of Machine Learning Techniques in Intrusion Detection

Securing a machine from various cyber-attacks has been of serious concern for researchers, statutory bodies such as governments, business organizations and users in both wired and wireless media. However, during the last decade, the amount of data handling by any device, particularly servers, has increased exponentially and hence the security of these devices has become a matter of utmost concern. This paper attempts to examine the challenges in the application of machine learning techniques to intrusion detection. We review different inherent issues in defining and applying the machine learning techniques to intrusion detection. We also attempt to identify the best technological solution for the changing usage pattern by comparing the different machine learning techniques on different datasets and summarizing their performance using various performance metrics. This paper highlights the research challenges and future trends of intrusion detection in dynamic scenarios of intrusion detection problems in diverse network technologies.

[1]  Gulshan Kumar,et al.  The use of artificial intelligence based techniques for intrusion detection: a review , 2010, Artificial Intelligence Review.

[2]  Sam Kwong,et al.  Genetic-fuzzy rule mining approach and evaluation of feature selection techniques for anomaly intrusion detection , 2007, Pattern Recognition.

[3]  HorngShi-Jinn,et al.  A novel intrusion detection system based on hierarchical clustering and support vector machines , 2011 .

[4]  Chunlin Zhang,et al.  Intrusion detection using hierarchical neural networks , 2005, Pattern Recognit. Lett..

[5]  Ali A. Ghorbani,et al.  Research on Intrusion Detection and Response: A Survey , 2005, Int. J. Netw. Secur..

[6]  Marc Dacier,et al.  Mining intrusion detection alarms for actionable knowledge , 2002, KDD.

[7]  Man-Ki Yoon,et al.  A Reconnaissance Attack Mechanism for Fixed-Priority Real-Time Systems , 2017, ArXiv.

[8]  Jian Ma,et al.  A new approach to intrusion detection using Artificial Neural Networks and fuzzy clustering , 2010, Expert Syst. Appl..

[9]  Stefano Zanero,et al.  Analyzing TCP Traffic Patterns Using Self Organizing Maps , 2005, ICIAP.

[10]  Hua Jiang,et al.  The Application of Genetic Neural Network in Network Intrusion Detection , 2009, J. Comput..

[11]  Humphrey Waita Njogu,et al.  Network specific vulnerability based alert reduction approach , 2013, Secur. Commun. Networks.

[12]  Octavio Nieto-Taladriz,et al.  Improving network security using genetic algorithm approach , 2007, Comput. Electr. Eng..

[13]  Siyang Zhang,et al.  A novel hybrid KPCA and SVM with GA model for intrusion detection , 2014, Appl. Soft Comput..

[14]  Shingo Mabu,et al.  An Intrusion-Detection Model Based on Fuzzy Class-Association-Rule Mining Using Genetic Network Programming , 2011, IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews).

[15]  Andrew H. Sung,et al.  Intrusion detection using an ensemble of intelligent paradigms , 2005, J. Netw. Comput. Appl..

[16]  Sharath Chandra Guntuku,et al.  Big Data Analytics framework for Peer-to-Peer Botnet detection using Random Forests , 2014, Inf. Sci..

[17]  Aman Jantan,et al.  An Approach for Anomaly Intrusion Detection Based on Causal Knowledge-Driven Diagnosis and Direction , 2008, Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing.

[18]  Arputharaj Kannan,et al.  A genetic-algorithm based neural network short-term forecasting framework for database intrusion prediction system , 2006, Soft Comput..

[19]  Mamun Bin Ibne Reaz,et al.  A novel SVM-kNN-PSO ensemble method for intrusion detection system , 2016, Appl. Soft Comput..

[20]  Francisco Herrera,et al.  On the combination of genetic fuzzy systems and pairwise learning for improving detection rates on Intrusion Detection Systems , 2015, Expert Syst. Appl..

[21]  Yuval Shahar,et al.  Using artificial neural networks to detect unknown computer worms , 2009, Neural Computing and Applications.

[22]  Noorhaniza Wahid,et al.  A hybrid network intrusion detection system using simplified swarm optimization (SSO) , 2012, Appl. Soft Comput..

[23]  Alfonso Valdes,et al.  Next-generation Intrusion Detection Expert System (NIDES)A Summary , 1997 .

[24]  Houkuan Huang,et al.  Applying Genetic Programming to Evolve Learned Rules for Network Anomaly Detection , 2005, ICNC.

[25]  Ajith Abraham Evolutionary Computation in Intelligent Network Management , 2005 .

[26]  Ajith Abraham,et al.  Modeling intrusion detection system using hybrid intelligent systems , 2007, J. Netw. Comput. Appl..

[27]  Jiankun Hu,et al.  A program-based anomaly intrusion detection scheme using multiple detection engines and fuzzy inference , 2009, J. Netw. Comput. Appl..

[28]  Mansour Sheikhan,et al.  Flow-based anomaly detection in high-speed links using modified GSA-optimized neural network , 2012, Neural Computing and Applications.

[29]  A. Malathi,et al.  Multi-Tier Framework Using Sugeno Fuzzy Inference System with Swarm Intelligence Techniques for Intrusion Detection , 2014 .

[30]  Muttukrishnan Rajarajan,et al.  A survey of intrusion detection techniques in Cloud , 2013, J. Netw. Comput. Appl..

[31]  Mohammad Javad Golkar,et al.  A hybrid method consisting of GA and SVM for intrusion detection system , 2016, Neural Computing and Applications.

[32]  Arputharaj Kannan,et al.  A Novel Weighted Fuzzy C –Means Clustering Based on Immune Genetic Algorithm for Intrusion Detection , 2012 .

[33]  Shahram Sarkani,et al.  MARK-ELM: Application of a novel Multiple Kernel Learning framework for improving the robustness of Network Intrusion Detection , 2015, Expert Syst. Appl..

[34]  Phurivit Sangkatsanee,et al.  Practical real-time intrusion detection using machine learning approaches , 2011, Comput. Commun..

[35]  Shahaboddin Shamshirband,et al.  Cooperative game theoretic approach using fuzzy Q-learning for detecting and preventing intrusions in wireless sensor networks , 2014, Eng. Appl. Artif. Intell..

[36]  Gürsel Serpen,et al.  Application of Machine Learning Algorithms to KDD Intrusion Detection Dataset within Misuse Detection Context , 2003, MLMTA.

[37]  Sheng-Hsun Hsu,et al.  Application of SVM and ANN for intrusion detection , 2005, Comput. Oper. Res..

[38]  Sung-Bae Cho,et al.  Evolutionary neural networks for anomaly detection based on the behavior of a program , 2005, IEEE Trans. Syst. Man Cybern. Part B.

[39]  Michael R. Lyu,et al.  A hybrid particle swarm optimization-back-propagation algorithm for feedforward neural network training , 2007, Appl. Math. Comput..

[40]  Wolfgang Banzhaf,et al.  The use of computational intelligence in intrusion detection systems: A review , 2010, Appl. Soft Comput..

[41]  Adel Nadjaran Toosi,et al.  A new approach to intrusion detection based on an evolutionary soft computing model using neuro-fuzzy classifiers , 2007, Comput. Commun..

[42]  Javier Bajo,et al.  idMAS-SQL: Intrusion Detection Based on MAS to Detect and Block SQL injection through data mining , 2013, Inf. Sci..

[43]  Lokesh Singh,et al.  Clustering Techniques: A Brief Survey of Different Clustering Algorithms , 2012 .

[44]  Taeshik Shon,et al.  A hybrid machine learning approach to network anomaly detection , 2007, Inf. Sci..

[45]  Xiangji Huang,et al.  Mining network data for intrusion detection through combining SVMs with ant colony networks , 2014, Future Gener. Comput. Syst..

[46]  Abdorasoul Ghasemi,et al.  Learning a new distance metric to improve an SVM-clustering based intrusion detection system , 2015, 2015 The International Symposium on Artificial Intelligence and Signal Processing (AISP).

[47]  Juan E. Tapiador,et al.  Evolving High-Speed, Easy-to-Understand Network Intrusion Detection Rules with Genetic Programming , 2009, EvoWorkshops.

[48]  Ali A. Ghorbani,et al.  Improved competitive learning neural networks for network intrusion and fraud detection , 2012, Neurocomputing.

[49]  Tansel Özyer,et al.  Intrusion detection by integrating boosting genetic fuzzy classifier and data mining criteria for rule pre-screening , 2007, J. Netw. Comput. Appl..

[50]  Wei Hu,et al.  AdaBoost-Based Algorithm for Network Intrusion Detection , 2008, IEEE Transactions on Systems, Man, and Cybernetics, Part B (Cybernetics).

[51]  Jun He,et al.  A hybrid artificial immune system and Self Organising Map for network intrusion detection , 2008, Inf. Sci..

[52]  K Reghunath Real Time Intrusion Detection System for Big Data , 2017 .

[53]  Yu-Lin He,et al.  Fuzziness based semi-supervised learning approach for intrusion detection system , 2017, Inf. Sci..

[54]  Abdolreza Mirzaei,et al.  Intrusion detection using fuzzy association rules , 2009, Appl. Soft Comput..

[55]  S. Selvakumar,et al.  Detection of distributed denial of service attacks using an ensemble of adaptive and hybrid neuro-fuzzy systems , 2013, Comput. Commun..

[56]  Shi-Jinn Horng,et al.  A novel intrusion detection system based on hierarchical clustering and support vector machines , 2011, Expert Syst. Appl..

[57]  Gisung Kim,et al.  A novel hybrid intrusion detection method integrating anomaly detection with misuse detection , 2014, Expert Syst. Appl..

[58]  Arputharaj Kannan,et al.  Decision tree based light weight intrusion detection using a wrapper approach , 2012, Expert Syst. Appl..

[59]  Francisco Ibarra,et al.  Application of Neural Networks in Network Control and Information Security , 2006, ISNN.

[60]  Elsayed A. Sallam,et al.  A hybrid network intrusion detection framework based on random forests and weighted k-means , 2013 .

[61]  Alexander Hofmann,et al.  On the versatility of radial basis function neural networks: A case study in the field of intrusion detection , 2010, Inf. Sci..

[62]  Hui Wang,et al.  A clustering-based method for unsupervised intrusion detections , 2006, Pattern Recognit. Lett..

[63]  Bin Luo,et al.  A novel intrusion detection system based on feature generation with visualization strategy , 2014, Expert Syst. Appl..

[64]  Julio Ortega Lopera,et al.  PCA filtering and probabilistic SOM for network intrusion detection , 2015, Neurocomputing.

[65]  Tinghua Wang,et al.  Network forensics based on fuzzy logic and expert system , 2009, Comput. Commun..

[66]  Steven X. Ding,et al.  A Survey of Fault Diagnosis and Fault-Tolerant Techniques—Part II: Fault Diagnosis With Knowledge-Based and Hybrid/Active Approaches , 2015, IEEE Transactions on Industrial Electronics.

[67]  Bhavani M. Thuraisingham,et al.  A new intrusion detection system using support vector machines and hierarchical clustering , 2007, The VLDB Journal.

[68]  Yang Li,et al.  Building lightweight intrusion detection system using wrapper-based feature selection mechanisms , 2009, Comput. Secur..

[69]  Zhu Wang,et al.  A research using hybrid RBF/Elman neural networks for intrusion detection system secure model , 2009, Comput. Phys. Commun..

[70]  Jun Gao,et al.  Online Adaboost-Based Parameterized Methods for Dynamic Distributed Network Intrusion Detection , 2014, IEEE Transactions on Cybernetics.

[71]  Gulshan Kumar,et al.  A Multi-objective Genetic Algorithm Based Approach for Effective Intrusion Detection Using Neural Networks , 2015, Intelligent Methods for Cyber Warfare.

[72]  S. Mercy Shalinie,et al.  Detection and Classification of DDoS Attacks Using Fuzzy Inference System , 2010, CNSA.

[73]  Jiankun Hu,et al.  A Semantic Approach to Host-Based Intrusion Detection Systems Using Contiguousand Discontiguous System Call Patterns , 2014, IEEE Transactions on Computers.

[74]  Salvatore J. Stolfo,et al.  Adaptive Intrusion Detection: A Data Mining Approach , 2000, Artificial Intelligence Review.

[75]  C. Douligeris,et al.  Detecting denial of service attacks using emergent self-organizing maps , 2005, Proceedings of the Fifth IEEE International Symposium on Signal Processing and Information Technology, 2005..

[76]  Maria Papadaki,et al.  Evaluation of anomaly-based IDS for mobile devices using machine learning classifiers , 2012, Secur. Commun. Networks.