A Review of Anomaly based Intrusion Detection Systems

With the advent of anomaly-based intrusion detection systems, many approaches and techniques have been developed to track novel attacks on the systems. High detection rate of 98% at a low alarm rate of 1% can be achieved by using these techniques. Though anomaly-based approaches are efficient, signature-based detection is preferred for mainstream implementation of intrusion detection systems. As a variety of anomaly detection techniques were suggested, it is difficult to compare the strengths, weaknesses of these methods. The reason why industries don‟t favor the anomaly-based intrusion detection methods can be well understood by validating the efficiencies of the all the methods. To investigate this issue, the current state of the experiment practice in the field of anomalybased intrusion detection is reviewed and survey recent studies in this. This paper contains summarization study and identification of the drawbacks of formerly surveyed works.

[1]  Bernhard Pfahringer,et al.  Winning the KDD99 classification cup: bagged boosting , 2000, SKDD.

[2]  Saleh Zein-Sabatto,et al.  Learning to grasp in unknown environment by reinforcement learning and shaping , 2006, 2006 IEEE International Conference on Systems, Man and Cybernetics.

[3]  William L. Fithen,et al.  State of the Practice of Intrusion Detection Technologies , 2000 .

[4]  Min Yang,et al.  Anomaly detection based on contiguous expert voting algorithm , 2009, 2009 International Conference on Apperceiving Computing and Intelligence Analysis.

[5]  Kotaro Hirasawa,et al.  Intrusion detection system combining misuse detection and anomaly detection using Genetic Network Programming , 2009, 2009 ICCAS-SICE.

[6]  Marc Dacier,et al.  A revised taxonomy for intrusion-detection systems , 2000, Ann. des Télécommunications.

[7]  Michel Barbeau,et al.  Anomaly-based intrusion detection using mobility profiles of public transportation users , 2005, WiMob'2005), IEEE International Conference on Wireless And Mobile Computing, Networking And Communications, 2005..

[8]  Junshui Ma,et al.  Online novelty detection on temporal sequences , 2003, KDD '03.

[9]  Marco Wiering,et al.  Proceedings of the International Joint Conference on Neural Networks, IJCNN 2007, Celebrating 20 years of neural networks, Orlando, Florida, USA, August 12-17, 2007 , 2007, IJCNN.

[10]  Xiangliang Zhang,et al.  Profiling program and user behaviors for anomaly intrusion detection based on non-negative matrix factorization , 2004, 2004 43rd IEEE Conference on Decision and Control (CDC) (IEEE Cat. No.04CH37601).

[11]  Daniel Barbará,et al.  Detecting outliers using transduction and statistical testing , 2006, KDD '06.

[12]  Bhavani M. Thuraisingham,et al.  A new intrusion detection system using support vector machines and hierarchical clustering , 2007, The VLDB Journal.

[13]  Zhenghong Xiao,et al.  An Anomaly Detection Scheme Based on Machine Learning for WSN , 2009, 2009 First International Conference on Information Science and Engineering.

[14]  Yuan Liu,et al.  MQPSO Based on Wavelet Neural Network for Network Anomaly Detection , 2009, 2009 5th International Conference on Wireless Communications, Networking and Mobile Computing.

[15]  Marco Furini,et al.  International Journal of Computer and Applications , 2010 .

[16]  Hossein Shirazi Anomaly Intrusion Detection System Using Information Theory, K-NN and KMC Algorithms , 2009 .

[17]  Brian Litt,et al.  One-Class Novelty Detection for Seizure Analysis from Intracranial EEG , 2006, J. Mach. Learn. Res..

[18]  Anthony Zaknich,et al.  Introduction to the modified probabilistic neural network for general signal processing applications , 1998, IEEE Trans. Signal Process..

[19]  M. Thangavel,et al.  Defend against Anomaly Intrusion Detection using SWT Mechanism , 2010 .

[20]  ER Orhan,et al.  PROBABILISTIC NEURAL NETWORK , 2013 .

[21]  Federico Girosi,et al.  An improved training algorithm for support vector machines , 1997, Neural Networks for Signal Processing VII. Proceedings of the 1997 IEEE Signal Processing Society Workshop.

[22]  Peter W. Tse,et al.  Anomaly Detection Through a Bayesian Support Vector Machine , 2010, IEEE Transactions on Reliability.

[23]  Dayu Yang,et al.  Anomaly-Based Intrusion Detection for SCADA Systems , 2006 .

[24]  Padhraic Smyth,et al.  Adaptive event detection with time-varying poisson processes , 2006, KDD '06.

[25]  Qing Yang,et al.  Support Vector Machine for Intrusion Detection Based on LSI Feature Selection , 2006, 2006 6th World Congress on Intelligent Control and Automation.

[26]  Ivan Shabalin,et al.  The MP13 approach to the KDD'99 classifier learning contest , 2000, SKDD.

[27]  D. Dasgupta Artificial Immune Systems and Their Applications , 1998, Springer Berlin Heidelberg.

[28]  Symeon Papavassiliou,et al.  Network intrusion and fault detection: a statistical anomaly approach , 2002, IEEE Commun. Mag..

[29]  Fengyu Liu,et al.  A fuzzy rules based approach for performance anomaly detection , 2005, Proceedings. 2005 IEEE Networking, Sensing and Control, 2005..

[30]  Javier M. Moguerza,et al.  Estimation of high-density regions using one-class neighbor machines , 2006, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[31]  Donald F. Specht,et al.  Probabilistic neural networks , 1990, Neural Networks.

[32]  Yang Wei,et al.  Anomaly Intrusion Detection Approach Using Hybrid MLP/CNN Neural Network , 2006, Sixth International Conference on Intelligent Systems Design and Applications.

[33]  Miheev Vladimir,et al.  The MP13 approach to the KDD'99 classifier learning contest , 2000 .

[34]  Tony Jan,et al.  A Multi-expert Classification Framework with Transferable Voting for Intrusion Detection , 2008, 2008 Seventh International Conference on Machine Learning and Applications.

[35]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[36]  Michel Barbeau,et al.  Using Mobility Profiles for Anomaly-based Intrusion Detection in Mobile Networks , 2005 .

[37]  Mohammad Zulkernine,et al.  Anomaly Based Network Intrusion Detection with Unsupervised Outlier Detection , 2006, 2006 IEEE International Conference on Communications.

[38]  Xinghuo Yu,et al.  A simple and efficient hidden Markov model scheme for host-based anomaly intrusion detection , 2009, IEEE Network.

[39]  Salvatore J. Stolfo,et al.  Anomalous Payload-Based Network Intrusion Detection , 2004, RAID.

[40]  Fernando José Von Zuben,et al.  Learning and optimization using the clonal selection principle , 2002, IEEE Trans. Evol. Comput..

[41]  Cheng Zhang,et al.  Native API based Windows anomaly intrusion detection method using SVM , 2006, IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing (SUTC'06).

[42]  R. Nakkeeran,et al.  Agent Based Efficient Anomaly Intrusion Detection System in Adhoc networks , 2010 .

[43]  Pieter H. Hartel,et al.  POSEIDON: a 2-tier anomaly-based network intrusion detection system , 2006, Fourth IEEE International Workshop on Information Assurance (IWIA'06).

[44]  Shambhu J. Upadhyaya,et al.  RACOON: rapidly generating user command data for anomaly detection from customizable template , 2004, 20th Annual Computer Security Applications Conference.

[45]  J. Platt Sequential Minimal Optimization : A Fast Algorithm for Training Support Vector Machines , 1998 .

[46]  M. Bahrololum,et al.  Anomaly Intrusion Detection System Using Hierarchical Gaussian Mixture Model , 2008 .

[47]  Peter Ross,et al.  Producing robust schedules via an artificial immune system , 1998, 1998 IEEE International Conference on Evolutionary Computation Proceedings. IEEE World Congress on Computational Intelligence (Cat. No.98TH8360).

[48]  Ajay Gupta,et al.  Anomaly intrusion detection in wireless sensor networks , 2006, J. High Speed Networks.

[49]  I. Traore,et al.  Anomaly intrusion detection based on biometrics , 2005, Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop.

[50]  Dipankar Dasgupta An artificial immune system as a multi-agent decision support system , 1998, SMC'98 Conference Proceedings. 1998 IEEE International Conference on Systems, Man, and Cybernetics (Cat. No.98CH36218).

[51]  Stephanie Forrest,et al.  Architecture for an Artificial Immune System , 2000, Evolutionary Computation.

[52]  Yoav Freund,et al.  Experiments with a New Boosting Algorithm , 1996, ICML.

[53]  Hazem M. El-Bakry,et al.  A real-time intrusion detection algorithm for network security , 2008 .

[54]  Itzhak Levin,et al.  KDD-99 classifier learning contest LLSoft's results overview , 2000, SKDD.