Abstract :

The rapid growth of using the Internet raises the possibility of network attacks. In order to secure internal networks, intrusion detection systems are widely employed to address a major research challenge in network security, which aims to efficiently detect unusual access or attacks. To do so, various intrusion detection systems approaches based on the concepts of machine learning algorithms have been developed in the literature to tackle computer security threats. These IDs approaches can be broadly classified into Signature-based Intrusion Detection Systems and Anomaly-based Intrusion Detection Systems. This review paper presents a taxonomy of current intrusion detection systems (IDs), a comprehensive review of significant recent works, and a variety of recent attacks that can be detected in the network environment.

---

Keywords :

Intrusion Detection, Network traffic anomaly detection, Semi-Supervised learning, Supervised learning, Unsupervised learning.

---

References :

1. Clarence Chio and David Freeman. Machine Learning and Security: Protecting Systems with Data and Algorithms.  ” O’Reilly Media, Inc.”, 2018.
2. Adil Al-Harthi. Designing an accurate and efficient classification approach for network traffic monitoring. PhD thesis, RMIT University, 2015.
3. Ayman Taha and Ali S Hadi. Anomaly detection methods for categorical data: A review. ACM Computing Surveys (CSUR), 52(2):38, 2019.
4. Dhruba Kumar Bhattacharyya and Jugal Kumar Kalita.  Network anomaly detection: A machine learning perspective. Chapman and Hall/CRC, 2013.
5. Bradley C Love. Comparing supervised and unsupervised category learning. Psychonomic bulletin & review, 9(4):829–835, 2002.
6. Douglas M Hawkins. Identification of outliers, volume 11. Springer, 1980.
7. Stefan Axelsson. Intrusion detection systems: A survey and taxonomy. Technical report, Technical report, 2000.
8. Jakapan Suaboot, Adil Fahad, Zahir Tari, John Grundy, Abdun Naser Mahmood, Abdulmohsen Almalawi, Albert Y Zomaya, and Khalil Drira. A taxonomy of supervised learning for idss in scada environments. ACM Computing Surveys (CSUR), 53(2):1–37, 2020.
9. S Patro and Kishore Kumar Sahu. Normalization: A preprocessing stage. arXiv preprint arXiv:1503.06462, 2015.
10. Wojciech Tylman. Scada intrusion detection based on modelling of allowed communication patterns. In New Results in Dependability and Computer Systems, pages 489–500. Springer, 2013.
11. Nir Friedman, Dan Geiger, and Moises Goldszmidt. Bayesian network classifiers. Machine learning, 29(23):131–163, 1997.
12. Kyriakos Stefanidis and Artemios G Voyiatzis. An hmmbased anomaly detection approach for scada systems. In IFIP International Conference on Information Security Theory and Practice, pages 85–99. Springer, 2016.
13. Roman Klinger and Katrin Tomanek. Classical probabilistic models and conditional random fields. Citeseer, 2007.
14. Daesung Moon, Hyungjin Im, Ikkyun Kim, and Jong Hyuk Park. Dtb-ids: an intrusion detection system based on decision tree using behavior analysis for preventing apt attacks. The Journal  of  supercomputing, 73(7):2881–2895, 2017.
15. Shengyi Pan, Thomas Morris, and Uttam Adhikari. Developing a hybrid intrusion detection system using data mining for power systems. IEEE Transactions on Smart Grid, 6(6):3104–3113, 2015.
16. Rishabh Samdarshi, Nidul Sinha, and Paritosh Tripathi. A triple layer intrusion detection system for scada security  of electric utility. In 2015  Annual  IEEE  India Conference (INDICON), pages 1–5. IEEE, 2015.
17. Jiawei Han, Jian Pei, and Micheline Kamber. Data mining: concepts and techniques. Elsevier, 2011.
18. Manish Mehta, Rakesh Agrawal, and Jorma Rissanen. Sliq: A fast scalable classifier for data mining. In International conference on extending database technology, pages 18–32. Springer, 1996.
19. John Shafer, Rakesh Agrawal, and Manish Mehta. Sprint: A scalable parallel classifier for data mining. In Vldb, volume 96, pages 544–555. Citeseer, 1996.
20. Bing Liu, Wynne Hsu, Yiming Ma, et al. Integrating classification and association rule mining. In KDD, volume 98, pages 80–86, 1998.
21. William W Cohen and Yoram Singer. A simple, fast, and effective rule learner. AAAI/IAAI, 99(335-342):3, 1999.
22. Wenmin Li, Jiawei Han, and Jian Pei. Cmar: Accurate and efficient classification based on multiple class-association rules. In Proceedings 2001 IEEE international conference on data mining, pages 369–376. IEEE, 2001.
23. Peter Clark and Tim Niblett. The cn2 induction algorithm. Machine learning, 3(4):261–283, 1989.
24. Zhiwen Pan, Salim Hariri, and Youssif Al-Nashif. Anomaly based intrusion detection for building automation and control networks. In 2014 IEEE/ACS 11th International Conference on Computer Systems and Applications (AICCSA), pages 72 –77. IEEE, 2014.
25. Pedro Silva and Michael Schukat. On the use of k-nn in intrusion detection for industrial control systems. In Proceedings of The IT&T 13th International Conference on Information Technology and Telecommunication, Dublin, Ireland, pages 103 –106, 2014.
26. Bo Tang and Haibo He. A local density-based approach for outlier detection. Neurocomputing, 241:171 –180, 2017.
27. Zubair Shah, Abdun Naser Mahmood, Mehmet A Orgun, and M Hadi Mashinchi. Subset selection classifier (ssc): a training set reduction method. In 2013 IEEE 16th International Conference on Computational Science and Engineering, pages 862–869. IEEE, 2013.
28. MF Schilling. Mutual and shared neighbor probabilities: Finite-and infinite-dimensional results. Advances in Applied Probability, pages 388–405, 1986.
29. Corinna Cortes and Vladimir Vapnik. Support-vector networks. Machine learning, 20(3):273–297, 1995.
30. Bisyron Wahyudi Masduki, Kalamullah Ramli, Ferry Astika Saputra, and Dedy  Sugiarto.  Study  on  implementation of machine learning methods combination for improving attacks detection accuracy on intrusion detection system (ids). In 2015 International Conference on Quality in Research (QiR), pages 56–64. IEEE, 2015.
31. Ahmed Patel, Hitham Alhussian, Jens Myrup Pedersen, Bouchaib Bounabat, Joaquim Celestino J´unior, and Sokratis Katsikas. A nifty collaborative intrusion detection and prevention architecture for smart grid ecosystems. Computers & Security, 64:92–109, 2017.
32. Alecsandru Patrascu and Victor-Valeriu Patriciu. Cyber protection of critical infrastructures using supervised learning. In 2015 20th International Conference on Control Systems and Computer Science, pages 461–468. IEEE, 2015.
33. R Vijayanand, D Devaraj, and B Kannapiran. Support vector machine based intrusion detection system with reduced input features for advanced metering infrastructure of smart grid. In 2017 4th International Conference on Advanced Computing and Communication Systems (ICACCS), pages 1–7. IEEE, 2017.
34. Moti Markovitz and Avishai Wool. Field classification, modeling and anomaly detection in unknown can bus networks. Vehicular Communications, 9:43–52, 2017.
35. Wei Li. Using genetic algorithm for network intrusion detection. Proceedings of the United States department of energy cyber security group, 1:1–8, 2004.
36. Fernando PA Lima, Anna DP Lotufo, and Carlos R Minussi. Disturbance detection for optimal database storage in electrical distribution systems using artificial immune systems with negative selection. Electric power systems research, 109:54–62, 2014.
37. Xien Liu, Mengjun Li, Yuanlun Sun, Xiaoyan Deng, et al. Support vector data description for weed/corn image recognition. Journal of Food, Agriculture and Environment, 8(1):214–219, 2010.
38. David G Kleinbaum, Lawrence L Kupper, Azhar Nizam, and Eli S Rosenberg. Applied regression analysis and other multivariable methods. Nelson Education, 2013.
39. Arthur P Dempster, Nan M Laird, and Donald B Rubin. Maximum likelihood from incomplete data via the em algorithm. Journal of the Royal Statistical Society: Series B (Methodological), 39(1):1–22, 1977.
40. Hyunguk Yoo and Taeshik Shon. Novel approach for detecting network anomalies for substation automation based on iec 61850. Multimedia Tools and Applications, 74(1):303–318, 2015.
41. Sebastian Mika, Gunnar Ratsch, Jason Weston, Bernhard Scholkopf, and Klaus-Robert Mullers. Fisher discriminant analysis with kernels. In Neural networks for signal processing IX: Proceedings of the 1999 IEEE signal processing society workshop (cat. no. 98th8468), pages 41– 48. Ieee, 1999.
42. Joseph Sill, G´abor Taka´cs, Lester Mackey, and David Lin. Feature-weighted linear stacking. arXiv preprint arXiv:0911.0460, 2009.
43. Bradley Efron and Robert J Tibshirani. An introduction to the bootstrap. CRC press, 1994.
44. Zhi-Hua Zhou. Ensemble methods: foundations and algorithms. CRC press, 2012.
45. Adil Fahad, Najlaa Alshatri, Zahir Tari, Abdullah Alamri, Ibrahim Khalil, Albert Y Zomaya, Sebti Foufou, and Abdelaziz Bouras. A survey of clustering algorithms for big data: Taxonomy and empirical analysis. IEEE transactions on emerging topics in computing, 2(3):267–279, 2014.
46. Jie Gu, Lihong Wang, Huiwen Wang, and Shanshan Wang. A novel approach to intrusion detection using svm ensemble with feature augmentation. Computers & Security, 2019.
47. Lixiang Li, Hao Zhang, Haipeng Peng, and Yixian Yang. Nearest neighbors based density peaks approach to intrusion detection. Chaos, Solitons & Fractals, 110:33–40, 2018.
48. Yu Xue, Weiwei Jia, Xuejian Zhao, and Wei Pang. An evolutionary computation based feature selection method for intrusion detection. Security and Communication Networks, 2018, 2018.
49. Lijun Gao, Yanting Li, Lu Zhang, Feng Lin, and Maode  Ma. Research on detection and defense mechanisms of dos attacks based on bp neural network and game theory. IEEE Access, 7:43018–43030, 2019.
50. Enamul Kabir, Jiankun Hu, Hua Wang, and Guangping Zhuo. A novel statistical technique for intrusion detection systems. Future Generation Computer Systems, 79:303–318, 2018.
51. Fadi Salo, Ali Bou Nassif, and Aleksander Essex. Dimensionality reduction with ig-pca and ensemble classifier for network intrusion detection. Computer Networks, 148:164–175, 2019.
52. Haowen Tan, Ziyuan Gui, and Ilyong Chung. A secure and efficient certificateless authentication scheme with unsupervised anomaly detection in vanets. IEEE Access, 6:74260–74276, 2018.
53. Yao Pan, Fangzhou Sun, Zhongwei Teng, Jules White, Douglas C Schmidt, Jacob Staples, and Lee Krause. Detecting web attacks with end-to-end deep learning. Journal of Internet Services and Applications, 10(1):1– 22, 2019.
54. Haipeng Yao, Danyang Fu, Peiying Zhang, Maozhen Li, and Yunjie Liu. Msml: A novel multilevel semi-supervised machine learning framework for intrusion detection system. IEEE Internet of Things Journal, 6(2):1949– 1959, 2018.
55. Sara Mohammadi, Hamid Mirvaziri, Mostafa Ghazizadeh-Ahsaee, and Hadis Karimipour. Cyber intrusion detection by combined feature selection algorithm. Journal of information security and applications, 44:80–88, 2019.
56. Hongchao Song, Zhuqing Jiang, Aidong Men, and Bo Yang. A hybrid semi-supervised anomaly detection model for high-dimensional data. Computational intelligence and neuroscience, 2017, 2017.
57. Jos´e Camacho, Gabriel Maci´a-Fern´andez, Noem´ı Marta Fuentes-Garc´ıa, and Edoardo Saccenti. Semi-supervised multivariate statistical network monitoring for learning security threats. IEEE Transactions on Information Forensics and Security, 14(8):2179–2189, 2019.
58. Vincent Vercruyssen, Meert Wannes, Verbruggen Gust, Maes Koen, B¨aumer Ruben, and Davis Jesse. Semi-supervised anomaly detection with an application to water analytics. In Proceedings/IEEE International Conference on Data Mining. IEEE, 2018.
59. Mohamed  Idhammad,  Karim  Afdel,  and  Mustapha Belouch. Semi-supervised machine learning approach for ddos detection. Applied Intelligence, 48(10):3193–3208, 2018.
60. Stephen Marsland. Machine learning: an algorithmic perspective. Chapman and Hall/CRC, 2014