Data Fusion for Network Intrusion Detection: A Review

Rapid progress of networking technologies leads to an exponential growth in the number of unauthorized or malicious network actions. As a component of defense-in-depth, Network Intrusion Detection System (NIDS) has been expected to detect malicious behaviors. Currently, NIDSs are implemented by various classification techniques, but these techniques are not advanced enough to accurately detect complex or synthetic attacks, especially in the situation of facing massive high-dimensional data. Besides, the inherent defects of NIDSs, namely, high false alarm rate and low detection rate, have not been effectively solved. In order to solve these problems, data fusion (DF) has been applied into network intrusion detection and has achieved good results. However, the literature still lacks thorough analysis and evaluation on data fusion techniques in the field of intrusion detection. Therefore, it is necessary to conduct a comprehensive review on them. In this article, we focus on DF techniques for network intrusion detection and propose a specific definition to describe it. We review the recent advances of DF techniques and propose a series of criteria to compare their performance. Finally, based on the results of the literature review, a number of open issues and future research directions are proposed at the end of this work.

[1]  K. Kowalski,et al.  Packet information collection and transformation for network intrusion detection and prevention , 2008, 2008 International Symposium on Telecommunications.

[2]  K. Saleem Malik Raja,et al.  Diversified intrusion detection using Various Detection methodologies with sensor fusion , 2014, 2014 International Conference on Computation of Power, Energy, Information and Communication (ICCPEIC).

[3]  Witold Pedrycz,et al.  Fusing and mining opinions for reputation generation , 2017, Inf. Fusion.

[4]  I. Sumaiya Thaseen,et al.  Intrusion detection model using fusion of PCA and optimized SVM , 2014, 2014 International Conference on Contemporary Computing and Informatics (IC3I).

[5]  Hiroki Takakura,et al.  Statistical analysis of honeypot data and building of Kyoto 2006+ dataset for NIDS evaluation , 2011, BADGERS '11.

[6]  Ajith Abraham,et al.  Feature deduction and ensemble design of intrusion detection systems , 2005, Comput. Secur..

[7]  Ying Liang,et al.  Network security situation awareness based on heterogeneous multi-sensor data fusion and neural network , 2007, Second International Multi-Symposiums on Computer and Computational Sciences (IMSCCS 2007).

[8]  A.H. Sung,et al.  Identifying important features for intrusion detection using support vector machines and neural networks , 2003, 2003 Symposium on Applications and the Internet, 2003. Proceedings..

[9]  Valentin Sgarciu,et al.  Intelligent feature selection method rooted in Binary Bat Algorithm for intrusion detection , 2015, 2015 IEEE 10th Jubilee International Symposium on Applied Computational Intelligence and Informatics.

[10]  Jingwen Tian,et al.  Information Fusion Technology and Its Application to Fire Automatic Control System of Intelligent Building , 2007, 2007 International Conference on Information Acquisition.

[11]  Jun Zhang,et al.  Visualization of big data security: a case study on the KDD99 cup data set , 2017 .

[12]  Hiroki Takakura,et al.  A Generalized Feature Extraction Scheme to Detect 0-Day Attacks via IDS Alerts , 2008, 2008 International Symposium on Applications and the Internet.

[13]  Ron Kohavi,et al.  Irrelevant Features and the Subset Selection Problem , 1994, ICML.

[14]  Wei-Yang Lin,et al.  Intrusion detection by machine learning: A review , 2009, Expert Syst. Appl..

[15]  Wei Hu,et al.  AdaBoost-Based Algorithm for Network Intrusion Detection , 2008, IEEE Transactions on Systems, Man, and Cybernetics, Part B (Cybernetics).

[16]  Wang Xue,et al.  Application of fuzzy data fusion in multi-sensor fire monitoring , 2012, 2012 International Symposium on Instrumentation & Measurement, Sensor Network and Automation (IMSNA).

[17]  Ali A. Ghorbani,et al.  A detailed analysis of the KDD CUP 99 data set , 2009, 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications.

[18]  Mohammad Zulkernine,et al.  Random-Forests-Based Network Intrusion Detection Systems , 2008, IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews).

[19]  Narayanaswamy Balakrishnan,et al.  Advanced sensor fusion technique for enhanced Intrusion Detection , 2008, 2008 IEEE International Conference on Intelligence and Security Informatics.

[20]  Zhe Zhang,et al.  A New Data Fusion Model of Intrusion Detection-IDSFP , 2005, ISPA.

[21]  A. Halim Zaim,et al.  A hybrid intrusion detection system design for computer network security , 2009, Comput. Electr. Eng..

[22]  Roshani Ade,et al.  Genetic algorithm based feature selection approach for effective intrusion detection system , 2015, 2015 International Conference on Computer Communication and Informatics (ICCCI).

[23]  Emin Anarim,et al.  An intelligent intrusion detection system (IDS) for anomaly and misuse detection in computer networks , 2005, Expert Syst. Appl..

[24]  Noor Ahmed Biswas,et al.  FP-ANK: An improvised intrusion detection system with hybridization of neural network and K-means clustering over feature selection by PCA , 2015, 2015 18th International Conference on Computer and Information Technology (ICCIT).

[25]  Jill Slay,et al.  The Significant Features of the UNSW-NB15 and the KDD99 Data Sets for Network Intrusion Detection Systems , 2015, 2015 4th International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS).

[26]  Jill Slay,et al.  The evaluation of Network Anomaly Detection Systems: Statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set , 2016, Inf. Secur. J. A Glob. Perspect..

[27]  Laurence T. Yang,et al.  Fusion - An aide to data mining in Internet of Things , 2015, Inf. Fusion.

[28]  C. A. Kumar,et al.  An analysis of supervised tree based classifiers for intrusion detection system , 2013, 2013 International Conference on Pattern Recognition, Informatics and Mobile Engineering.

[29]  Dapeng Wu,et al.  Scalable privacy-preserving big data aggregation mechanism , 2016 .

[30]  Jian Zhou,et al.  The Research on Fisher-RBF Data Fusion Model of Network Security Detection , 2012, ISNN.

[31]  Chou-Yuan Lee,et al.  An intelligent algorithm with feature selection and decision rules applied to anomaly intrusion detection , 2012, Appl. Soft Comput..

[32]  Xiangjian He,et al.  Building an Intrusion Detection System Using a Filter-Based Feature Selection Algorithm , 2016, IEEE Transactions on Computers.

[33]  Ling Wang,et al.  An Integrated Decision System for Intrusion Detection , 2009, 2009 International Conference on Multimedia Information Networking and Security.

[34]  Neelam Sharma,et al.  INTRUSION DETECTION USING NAIVE BAYES CLASSIFIER WITH FEATURE REDUCTION , 2012 .

[35]  Henry Leung,et al.  Information fusion based smart home control system and its application , 2008, IEEE Transactions on Consumer Electronics.

[36]  James Llinas,et al.  Handbook of Multisensor Data Fusion , 2001 .

[37]  Feng Xie,et al.  Data fusion detection model based on SVM and evidence theory , 2012, 2012 IEEE 14th International Conference on Communication Technology.

[38]  Bane Raman Raghunath,et al.  Network Intrusion Detection System (NIDS) , 2008, 2008 First International Conference on Emerging Trends in Engineering and Technology.

[39]  Chaouki Khammassi,et al.  A GA-LR wrapper approach for feature selection in network intrusion detection , 2017, Comput. Secur..

[40]  Xiangjian He,et al.  Unsupervised Feature Selection Method for Intrusion Detection System , 2015, 2015 IEEE Trustcom/BigDataSE/ISPA.

[41]  Xiangjian He,et al.  A Novel Feature Selection Approach for Intrusion Detection Data Classification , 2014, 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications.

[43]  Franklin E White,et al.  Data Fusion Lexicon , 1991 .

[44]  Zelin Shi,et al.  Application of multi-sensor data fusion technology in target recognition , 2011, 2011 3rd International Conference on Advanced Computer Control.

[45]  Xiuping Jia,et al.  Deep Fusion of Remote Sensing Data for Accurate Classification , 2017, IEEE Geoscience and Remote Sensing Letters.

[46]  Ye Xu,et al.  A Novel IDS Model Based on a Bayesian Fusion Approach , 2009, 2009 International Conference on Multimedia Information Networking and Security.

[47]  Adel Ammar,et al.  Comparison of Feature Reduction Techniques for the Binominal Classification of Network Traffic , 2015 .

[48]  Slobodan Petrovic,et al.  A Comparison of Feature-Selection Methods for Intrusion Detection , 2010, MMM-ACNS.

[49]  Cherukuri Aswani Kumar,et al.  Intrusion detection model using fusion of chi-square feature selection and multi class SVM , 2017, J. King Saud Univ. Comput. Inf. Sci..

[50]  Antonio Martínez-Álvarez,et al.  Feature selection by multi-objective optimisation: Application to network anomaly detection by hierarchical self-organising maps , 2014, Knowl. Based Syst..

[51]  Noureddine Boudriga,et al.  A Clustering Data Fusion Method for Intrusion Detection System , 2011, 2011 IEEE 11th International Conference on Computer and Information Technology.

[52]  Bong-Jin Lee,et al.  Identification of H-Ras-specific motif for the activation of invasive signaling program in human breast epithelial cells. , 2011, Neoplasia.

[53]  Jin Cao,et al.  An Automata Based Intrusion Detection Method for Internet of Things , 2017, Mob. Inf. Syst..

[54]  Tom Ziemke,et al.  On the Definition of Information Fusion as a Field of Research , 2007 .

[55]  Nour Moustafa,et al.  UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set) , 2015, 2015 Military Communications and Information Systems Conference (MilCIS).

[56]  Hua Jiang,et al.  A Data Fusion Based Intrusion Detection Model , 2009, 2009 First International Workshop on Education Technology and Computer Science.

[57]  Zheng Yan,et al.  Survey on Big Data Analysis Algorithms for Network Security Measurement , 2017, NSS.

[58]  L. Brinson,et al.  DEFENSE TECHNICAL INFORMATION CENTER , 2001 .

[59]  Yinhui Li,et al.  An efficient intrusion detection system based on support vector machines and gradually feature removal method , 2012, Expert Syst. Appl..

[60]  Fabio Roli,et al.  Fusion of multiple classifiers for intrusion detection in computer networks , 2003, Pattern Recognit. Lett..