A Survey and Taxonomy of Classifiers of Intrusion Detection Systems

In this chapter, a new review and taxonomy of the classifiers that have been used with intrusion detection systems in the last two decades is presented. The main objective of this chapter is to provide the reader with the knowledge required to build an effective classifier for IDSs problems by reviewing this phase in component-by-component structure rather than paper-by-paper organization. We start by presenting the extracted features that resulted from the pre-processing phase. These features are supposed to be supplied to the pattern analyzer, and therefore different types of analyzers are presented. We discuss also the knowledge representation that is produced from these pattern analyzers. In addition, the decision making component (of IDS) which we called here detection phase is also presented in details with the most common algorithms used with IDS. The chapter explores the classifier decision types and the possible threats with their subclasses. The chapter also discusses the current open issues that face pattern analyzers that work in adversarial environments like intrusion detection systems and some contributions in this field. The components discussed in this chapter represent the core of the framework of any IDS.

[1]  Konrad Rieck,et al.  Botzilla: detecting the "phoning home" of malicious software , 2010, SAC '10.

[2]  Liang Xu,et al.  Design and implementation of intrusion detection based on mobile agents , 2008, 2008 IEEE International Symposium on IT in Medicine and Education.

[3]  Guan Xiaoqing,et al.  Network intrusion detection method based on Agent and SVM , 2010, 2010 2nd IEEE International Conference on Information Management and Engineering.

[4]  Ajay Gupta,et al.  Anomaly intrusion detection in wireless sensor networks , 2006, J. High Speed Networks.

[5]  Fabio Roli,et al.  Design of robust classifiers for adversarial environments , 2011, 2011 IEEE International Conference on Systems, Man, and Cybernetics.

[6]  Wu Yang,et al.  An Efficient Intrusion Detection Model Based on Fast Inductive Learning , 2007, 2007 International Conference on Machine Learning and Cybernetics.

[7]  S J Ghule,et al.  Network Intrusion Detection System using Fuzzy Logic , 2014 .

[8]  Terran Lane,et al.  A Decision-Theoritic, Semi-Supervised Model for Intrusion Detection , 2006 .

[9]  Yan Zhang,et al.  The Design and Implementation of Host-Based Intrusion Detection System , 2010, 2010 Third International Symposium on Intelligent Information Technology and Security Informatics.

[10]  R. Sekar,et al.  Specification-based anomaly detection: a new approach for detecting network intrusions , 2002, CCS '02.

[11]  Ing-Ray Chen,et al.  Behavior Rule Specification-Based Intrusion Detection for Safety Critical Medical Cyber Physical Systems , 2015, IEEE Transactions on Dependable and Secure Computing.

[12]  G. MeeraGandhi,et al.  Effective Network Intrusion Detection using Classifiers Decision Trees and Decision rules , 2010 .

[13]  Terran Lane,et al.  An Application of Machine Learning to Anomaly Detection , 1999 .

[14]  Xiangliang Zhang,et al.  Autonomic intrusion detection: Adaptively detecting anomalies over unlabeled audit data streams in computer networks , 2014, Knowl. Based Syst..

[15]  Andrew H. Sung,et al.  Intrusion detection using neural networks and support vector machines , 2002, Proceedings of the 2002 International Joint Conference on Neural Networks. IJCNN'02 (Cat. No.02CH37290).

[16]  Kamalrulnizam Abu Bakar,et al.  A Novel Hybrid Mobile Agent Based Distributed Intrusion Detection System , 2008 .

[17]  Abhijeet Desai,et al.  Centralized Control Signature-Based Firewall and Statistical-Based Network Intrusion Detection System (NIDS) in Software Defined Networks (SDN) , 2015 .

[18]  Yuguang Fang,et al.  A queueing analysis for the denial of service (DoS) attacks in computer networks , 2007, Comput. Networks.

[19]  Gaby Abou Haidar,et al.  High Perception Intrusion Detection System Using Neural Networks , 2015, 2015 Ninth International Conference on Complex, Intelligent, and Software Intensive Systems.

[20]  A. N. Zincir-Heywood,et al.  Intrusion Detection Systems , 2008 .

[21]  Zhang Xue-qin,et al.  Intrusion Detection System Based on Feature Selection and Support Vector Machine , 2006, 2006 First International Conference on Communications and Networking in China.

[22]  Zahra Sadeghi,et al.  Improving the speed of the network intrusion detection , 2013, The 5th Conference on Information and Knowledge Technology.

[23]  S. Selvakumar,et al.  SSENet-2011: A Network Intrusion Detection System dataset and its comparison with KDD CUP 99 dataset , 2011, 2011 Second Asian Himalayas International Conference on Internet (AH-ICI).

[24]  Reiner Dojen,et al.  Establishing and preventing a new replay attack on a non-repudiation protocol , 2009, 2009 IEEE 5th International Conference on Intelligent Computer Communication and Processing.

[25]  Helen Ashman,et al.  Anomaly Detection over User Profiles for Intrusion Detection , 2010 .

[26]  Claudia Picardi,et al.  Identity verification through dynamic keystroke analysis , 2003, Intell. Data Anal..

[27]  Carsten Willems,et al.  A Malware Instruction Set for Behavior-Based Analysis , 2010, Sicherheit.

[28]  Sung-Bae Cho,et al.  Efficient anomaly detection by modeling privilege flows using hidden Markov model , 2003, Comput. Secur..

[29]  Fabio Roli,et al.  Multiple classifier systems for robust classifier design in adversarial environments , 2010, Int. J. Mach. Learn. Cybern..

[30]  Hadi Sarvari,et al.  Improving the accuracy of intrusion detection systems by using the combination of machine learning approaches , 2010, 2010 International Conference of Soft Computing and Pattern Recognition.

[31]  A. Karr,et al.  Computer Intrusion: Detecting Masquerades , 2001 .

[32]  Sanjay Silakari,et al.  A Survey of Cyber Attack Detection Systems , 2009 .

[33]  Wei Cong,et al.  Anomaly intrusion detection based on PLS feature extraction and core vector machine , 2013, Knowl. Based Syst..

[34]  M. N. Masrek,et al.  Comparison of Machine Learning algorithms performance in detecting network intrusion , 2010, 2010 International Conference on Networking and Information Technology.

[35]  M. Hanumanthappa,et al.  Intrusion Detection System using decision tree algorithm , 2012, 2012 IEEE 14th International Conference on Communication Technology.

[36]  R. Shanmugavadivu NETWORK INTRUSION DETECTION SYSTEM USING FUZZY LOGIC , 2011 .

[37]  Guadalupe I. Janoski,et al.  Intrusion Detection : Support Vector Machines and Neural Networks , 2002 .

[38]  Fabio Roli,et al.  Security Evaluation of Pattern Classifiers under Attack , 2014, IEEE Transactions on Knowledge and Data Engineering.

[39]  Chih-Fong Tsai,et al.  CANN: An intrusion detection system based on combining cluster centers and nearest neighbors , 2015, Knowl. Based Syst..

[40]  Kotaro Hirasawa,et al.  Intrusion detection system combining misuse detection and anomaly detection using Genetic Network Programming , 2009, 2009 ICCAS-SICE.

[41]  Taeshik Shon,et al.  A hybrid machine learning approach to network anomaly detection , 2007, Inf. Sci..

[42]  James Newsome,et al.  Polygraph: automatically generating signatures for polymorphic worms , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[43]  J. Chow An Assessment of the DARPA IDS Evaluation Dataset Using Snort S Terry Brugger , 2005 .

[44]  Jing Xu,et al.  Intrusion detection model of mobile agent based on Aglets , 2010, 2010 International Conference on Computer Application and System Modeling (ICCASM 2010).

[45]  Wang Chunlei,et al.  A framework for network security situation awareness based on knowledge discovery , 2010, 2010 2nd International Conference on Computer Engineering and Technology.

[46]  Eric Maiwald,et al.  Network Security: A Beginner's Guide , 2001 .