CFP last date
20 January 2025
Reseach Article

Analysis of Machine Learning Techniques for Intrusion Detection System: A Review

by Asghar Ali Shah, Malik Sikander Hayat Khiyal, Muhammad Daud Awan
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 119 - Number 3
Year of Publication: 2015
Authors: Asghar Ali Shah, Malik Sikander Hayat Khiyal, Muhammad Daud Awan
10.5120/21047-3678

Asghar Ali Shah, Malik Sikander Hayat Khiyal, Muhammad Daud Awan . Analysis of Machine Learning Techniques for Intrusion Detection System: A Review. International Journal of Computer Applications. 119, 3 ( June 2015), 19-29. DOI=10.5120/21047-3678

@article{ 10.5120/21047-3678,
author = { Asghar Ali Shah, Malik Sikander Hayat Khiyal, Muhammad Daud Awan },
title = { Analysis of Machine Learning Techniques for Intrusion Detection System: A Review },
journal = { International Journal of Computer Applications },
issue_date = { June 2015 },
volume = { 119 },
number = { 3 },
month = { June },
year = { 2015 },
issn = { 0975-8887 },
pages = { 19-29 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume119/number3/21047-3678/ },
doi = { 10.5120/21047-3678 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T23:03:03.164149+05:30
%A Asghar Ali Shah
%A Malik Sikander Hayat Khiyal
%A Muhammad Daud Awan
%T Analysis of Machine Learning Techniques for Intrusion Detection System: A Review
%J International Journal of Computer Applications
%@ 0975-8887
%V 119
%N 3
%P 19-29
%D 2015
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Security is a key issue to both computer and computer networks. Intrusion detection System (IDS) is one of the major research problems in network security. IDSs are developed to detect both known and unknown attacks. There are many techniques used in IDS for protecting computers and networks from network based and host based attacks. Various Machine learning techniques are used in IDS. This study analyzes machine learning techniques in IDS. It also reviews many related studies done in the period from 2000 to 2012 and it focuses on machine learning techniques. Related studies include single, hybrid, ensemble classifiers, baseline and datasets used.

References
  1. J. P. Anderson, "Computer security threat monitoring and surveillance," technical Report 98-17, James P. Anderson Co. , Fort Washing ton, Pennsylvania, USA, April 1980.
  2. Mohd. J. Haque, K. W. Magld and N. Hundewale, "An Intelligent Approach for Intrusion Detection Based on Data Mining Techniques," 2012 International Conference on Multimedia and Systems (ICMCS).
  3. C. -F. Tsai, Y. -F. Hsu, C. -Y. Lin and W. -Y. Lin, "Intrusion Detection by Machine Learning: A Review," Expert Systems with Application 36, 2009.
  4. H. Zimmermann, Fuzzy set theory and its applications. Kluwer Academic Publishers. 2001.
  5. A. A. Aburomman and M. B -I. Reaz, "Evolution of Intrusion Detection System Based on Machine Learning Methods", Australian Journal of Basic and Applied Sciences, 7(7): 799-8 13, 2013.
  6. H. Kaur, G. Singh and J. Minhas, "A Review of Machine Learning Based Anomaly Detection Techniques" International Journal of Computer Applications Technology an d Research volume 2-issue 2, 185-187, 2013.
  7. J. R. Koza, Genetic p rogramming: On the programming of computers by means of natural selection. Massachusetts: MIT , 1992.
  8. K. Shafi and H. A. Abbass , "An adaptive genetic-based signature learning system for intrusion detection. " Expert Systems w ith Applications, 36(10): 12036-12043, 2009.
  9. R. Borgohain, "FuGeIDS : Fu zzy Genetic paradigms in Intrusion Detection Systems," International Journal of Advanced Networking and Ap plications, vol. 3, no. 6, pp. 1409-1415, 2012.
  10. T. Kohonen, "Self-orga nized formation of topologically correct feature maps," Biological Cybernetics, 43, 59-69, 1982.
  11. C. M. Bishop, Neural networks for pattern recognition, England, 1995, O xford University.
  12. S. Manocha, and M. A. G irolami, "An empirical analysis of the probabilist c K-nearest neighbor classifier," Pattern Recognition Letters, 28, 1818-1824. 2007.
  13. T. M. Mitchell, Machine learning. McGraw Hill, New York, USA, 1997.
  14. V. Vapnik, Statistical learning theory, John Wiley, New York, USA, 1998.
  15. S. J. Horng, M. Y. Su, Y. H. Chen, T. W. Kao, R. J. Chen, J. L. Lai and C. D. Kara, "A novel intrusion detection system based on hierarchical clustering and support vector machines," Expert Systems with Applications, 38(1): 306-313. 2011.
  16. S. Haykin, Neural networks: A comprehensive foundation (2nd ed. ), Prentice Hall, New Jersey, U. S. A, 1999.
  17. H. C. Wu and S. H. S. Huang "Neural networks-based detection of stepping-stone in trusion. " Expert Systems with Applications, 37(2): 1431 -1437, 2010.
  18. S. Peddabachigari, A. Abraham, C. Gransen and J. Thomas, "Modeling intrusion detection system using hybrid intelligent systems. " Journal of Network and Computer Applications, 30(1) : 114-132, 2007.
  19. J. -S. Jang, C. -T. Sun, and E. Mizutani, Neuro-fuzzy and soft computing: A computational approach to learning and machine intelligence. Prentice Hall, New Jersey, USA, 1996.
  20. M. Govindarajan and R. M. Chandrasekaran, "Intrusion detection using neural bas ed hybrid classification methods," Computer Networks, 55(8): 1662-1671, 2011.
  21. J. Kittler, M. Hatef, R. P. W. Duin and J. Matas, "On combining classifiers," IEEE Transactions on Pattern Analysis and Machine Intelligence, 20(3), 226-239, 1998.
  22. F. Majidi, H. Mirzaei, T. Irnapour and F. Faroughi, "A diversity creation method for ensemble based classification: Application in intrusion detection," 2008 7th IEEE International Conference on Cybernetic Intelligent Systems, CIS' 2008.
  23. P. Somwang, and W. Lilakiatsakun, "Computer network security based on Support Vector Machine approach," 2011 11th International Conference on Control, Automation and Systems, (ICCAS 2011).
  24. 2000. "Testing Intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory. " ACM Trans. Inf. Syst. Secur. , 3(4): 262-294.
  25. M. Mahoney and P. Chan, 2003. "An Analysis of the 1999 DARPA/Lincoln Laboratory Evaluation Data for Network Anomaly Detection. " Recent Advances in Intrusion Detection. Editor G. Vigna, C. Kruegel and E. Jonsson, Springer Berlin Heidelberg, 2820: 220-237.
  26. B. Balajinath and S. V. Raghavan, "Intrusion detection through behavior model. " Computer Communication, 24, 1202-1212. 2000.
  27. Y. Bouzida, F. Cuppens, N. Cuppens-Boulahia and S. Gombault, "Efficient intrusion detection using principal component analysis," In Paper presented at the proceedings of the 3eme conference surla securite et architectures reseaux (SAR). Orlando, FL, USA, 2004.
  28. W. -H. Chen, S. -H. Hsu, and H. -P. Shen, "Application of SVM and ANN for intrusion detection," Computer and Operations Research, 32, 2617-2634, 2005.
  29. W. Chimphlee, A. H. Addullah, M. N. M. Sap, S. Srinoy and S. Chimphlee, "Anomaly-based intrusiondetection using fuzzy rough clustering. " In Paper presented at the international conference on hybrid information technology (ICHIT'06), 2006.
  30. O. Depren, M. Topallar, E. Anarim and M. K. Ciliz, "An intelligent intrusion detection system (IDS) for anomaly and misuse detection in computer networks," Expert Systems with Applications, 29, 713-722. 2005.
  31. E. Eskin, A. Arnold, M. Prerau, L. Portnoy and S. Stolfo, A geometric frame work for unsupervised anomaly detection: Detecting intrusions in unlabeled data. Kluwer, 2002.
  32. W. Fan, W. Lee, M. Miller, S. J. Stolfo and P. K. Chan, "Using artificial anomalies to detect unknown and known network intrusions," Knowledge and Information Systems, 507-527. 2004.
  33. K. A. Heller, K. M. Svore, A. D. Keromytis and S. J. Stolfo, "One class support vector machines for detecting anomalous window registry accesses," In Paper presented at the 3rd IEEE conference data mining workshop on data mining for computer security. Florida, 2003.
  34. Y. Liao and V. R. Vemuri, "Use of K-nearest neighbor classifier for intrusion detection," Computer and Security, 21(5), 439-448, 2002.
  35. Y. Li and L. Guo, "An active learning based TCM-KNN algorithm for supervised network intrusion detection," Computer and Security, 26, 459-467, 2007.
  36. S. Mukkamala, A. H. Sung and A. Abraham, "Modeling intrusion detection systems using linear genetic programming approach," In Paper presented at the proceedings of innovations in applied artificial intelligence, 17th international conference on industrial and engineering applications of artificial intelligence and expert systems (IEA/AIE), Lecture notes in computer science (Vol. 3029), Springer, 2004.
  37. Peddabachigari, S. , Abraham, A. , & Thomas, J. (2004), Intrussion detection System using decision trees and support vector machines. International Journal of Applied Science and Computations.
  38. V. Ramos and A. Abraham, "ANTIDS: Self organized ant based clustering model for intrusion detection system," In Paper presented at the proceedings of the fourth IEEE international workshop on soft computing as transdisciplinary science and technology (WSTST'05), Berlin, Springer-Verlag, 2005.
  39. M. G. Schultz, E. Eskin, E. , Zadok and S. J. Stolfo, "Data mining methods for detection of new malicious executables," In Paper presented at the proceedings of the 2001 IEEE symposium on security and privacy (SP'01), 2001.
  40. S. L. Scott, "A Bayesian paradigm for designing intrusion detection systems," Computational Statistics and Data Analysis, 45, 69-83, 2004.
  41. M. Shyu, S. Chen, K. Sarinnapakorn and L. Chang, "A novel anomaly detection scheme based on principal component classifier," In Paper presented at the proceedings of ICDM'03, 2003.
  42. M. Tian, S. -C. Chen, Y. Zhuang and J. Liu, "Using statistical analysis and support vector machine classification to detect complicated attacks," In Paper presented at the proceedings of the third international conference on machine learning and cybernetics. Shanghai, 2004.
  43. K. Wang and S. J. Stolfo, "Anomalous Payload-based network intrusion detection," In Paper presented at the proceedings of recent advance in intrusion detection (RAID), Sophia Antipolis, France, 2004.
  44. W. Wang and R. Battiti, "Identifying intrusions in computer networks with principal component analysis," In Paper presented at the proceedings of the first international conference on availability, reliability and security (ARES'06), 2006.
  45. W. Wang, X. Guan and X. Zhang, "A novel intrusion detection method based on principle component analysis in computer security," In Paper presented at the proceedings of the international symposium on neural networks, Dalian, China, 2004.
  46. Y. Wang, I. Kim, G. Mbateng and S. -Y. Ho, "A latent class modeling approach to detect network intrusion. Computer Communications, 30, 93-100, 2006.
  47. Z. Zhang and H. Shen, "Application of online-training SVMs for real-time intrusion detection with different considerations," Computer Communications, 28, 1428-1442, 2005.
  48. M. S. Abadeh, H. Mohamadi and J. Habibi, "Design and analysis of genetic fuzzy systems for intrusion detection in computer networks," Expert Systems with Applications, 38(6): 7067-7075, 2011.
  49. H. Altwaijry and S. Algarny, "Bayesian based intrusion detection system. " Journal of King Saud University - Computer and Information Sciences, 24(1): 1-6, 2012.
  50. F. Amiri, M. R. Yousefi, C. Lucas, A. Shakery, N. Yazdani, "Mutual information-based feature selection for intrusion detection systems," Journal of Network and Computer Applications, 34(4): 1184-1199. 2011.
  51. X. Arau, R. de-Oliveira, E. -W. Ferreira, A. A. Shinode and B. Bhargara, "Identifying important characteristics in the KDD99 intrusion detection dataset by feature selection using a hybrid approach," 2010 IEEE 17th International Conference on Telecommunications (ICT), 2010.
  52. R. Ashok, A. J. Lakshmi, G. D. V. Rani, M. N. Kumar, "Optimized feature selection with k-means clustered triangle SVM for Intrusion Detection," 2011 Third International Conference on. Advanced Computing (ICoAC), 2011.
  53. V. Bolón-Canedo, N. Sánchez-Maroño, A. Alonso- Belanzos, "Feature selection and classification in multiple class datasets: An application to KDD Cup 99 dataset," Expert Systems with Applications 38(5): 5947-5957. 2011.
  54. C. A. Catania, F. Bromberg and C. G. Garino, "An autonomous labeling approach to support vector machines algorithms for network traffic anomaly detection. " Expert Systems with Applications, 39(2): 1822-1829, 2012.
  55. R. C. Chen, K. F. Cheng C. F. Hsieh, "Using Rough Set and Support Vector Machine for Network Intrusion Detection System," Proceedings of the 2009 First Asian Conference on Intelligent Information and Database Systems, IEEE Computer Society, 465-470, 2009.
  56. C. Chi, T. Wee-Peng H. Guang-Bin, "Extreme learning machines for intrusion detection," The 2012 International Joint Conference on Neural Networks (IJCNN), 2012.
  57. G. Chunhua, and Z. Xueqin, "A Rough Set and SVM Based Intrusion Detection Classifier," Second International Workshop on Computer Science and Engineering (WCSE '09), 2009.
  58. L. Cohen, G. Avrahami M. Last, A. Kandel, "Info- fuzzy algorithms for mining dynamic data streams. " Applied Soft Computing, 8(4): 1283-1294, 2008.
  59. H. F. Eid, A. Darwish A. H. Ella and A. Abraham, "Principle components analysis and Support Vector Machine based Intrusion Detection System," 2010, 10th International Conference on Intelligent Systems Design and Applications (ISDA), 2010.
  60. D. M. Farid, and M. Z. Rahman, "Anomaly Network Intrusion Detection Based on Improved Self Adaptive Bayesian Algorithm," 2010.
  61. L. Feng, W. Wang, L. Zhu and Y. Zhang, "Predicting intrusion goal using dynamic Bayesian network with transfer probability estimation. " Journal of Network and Computer Applications, 32(3): 721-732, 2009.
  62. Z. Gengming and L. Junguo, "Research of Intrusion Detection Based on Support Vector Machine," International Conference on Advanced Computer Theory and Engineering 2008 (ICACTE '08), 2008.
  63. S. J. Horng, P. Fan, Y. P. Chou, Y. C. Chang Y. Pan, "A feasible intrusion detector for recognizing IIS attacks based on neural networks. " Computers & Security, 27(3-4): 84-100, 2008.
  64. J. Jiaqi, L. Ru, Z. Tianhang and S. Feigin, "A New Intrusion Detection System Using Class and Sample Weighted C-support Vector Machine," 2011 Third International Conference on Communications and Mobile Computing (CMC), 2011.
  65. Y. Jingbo, L. Haixiao D. Shunli and C. Limin, Intrusion Detection Model Based on Improved Support Vector Machine. 2010 Third International Symposium on Intelligent Information Technology and Security Informatics (IITSI), 2010.
  66. Z. Kai-mei, Q. Xu Z. Vu and J. Li-juan, "Intrusion Detection Using Isomap and Support Vector Machine," AICI '09, 2009 International Conference on Artificial Intelligence and Computational Intelligence, 2009.
  67. N. Kausar, B. B. Samir S. B. Sulaiman, I. Ahmad and M. Hussain, "An approach towards intrusion detection using PCA feature subsets and SVM," 2012 International Conference on Computer & Information Science (ICCIS), 2012.
  68. L. Koc, T. A. Mazzuchi and S. Sarkani, "A network intrusion detection system based on a Hidden Naïve Bayes multiclass classifier. " Expert Systems with Applications, 39(18): 13492-13500, 2012.
  69. W. Li, and Z. Liu, "A method of SVM with Normalization in Intrusion Detection. " Procedia Environmental Sciences 11, Part A(0): 256-262, 2011.
  70. Y. Li, J. Xia, S. Zhang, J. Yan, X. Xi and K. Dai, "An efficient intrusion detection system based on support vector machines and gradually feature removal method. " Expert Systems with Applications, 39(1): 424-430, 2012.
  71. Z. L. Li, M. Z. Ya, B. Z. Yu, "Network intrusion detection method by least squares support vector machine classifier," 2010 3rd IEEE International Conference on Computer Science and Information Technology (ICCSIT), 2010.
  72. M. N. Mohammad, N. Sulaiman and E. T. Khalaf, "A novel local network intrusion detection system based on support vector machine. " Journal of Computer Science, 7(10): 1560-1564, 2011.
  73. M. N. Mohammed and N. Sulaiman, "Intrusion Detection System Based on SVM for WLAN," Procedia Technology, 1(0): 313-317, 2012.
  74. M. S. Mok, S. Y. Sohn and Y. H. Ju, "Random effects logistic regression model for anomaly detection," Expert Systems with Applications, 37(10): 7162-7166, 2010.
  75. S. Mukherjee and N. Sharma, "Intrusion Detection using Naive Bayes Classifier with Feature Reduction," Procedia Technology, 4(0): 119-128, 2012.
  76. A. P. Muniyandi, R. Rajeswari and R. Rajaram, "Network Anomaly Detection by Cascading K-Means Clustering and C4. 5 Decision Tree algorithm," Procedia Engineering, 30(0): 174-182, 2012.
  77. M. Muntean, H. Valean, L. Miclea and A. Incze, "A novel intrusion detection method based on support vector machines," 2010 11th International Symposium on Computational Intelligence and Informatics (CINTI), 2010.
  78. C. R. Pereira, R. Y. M. Nakamura, K. A. P Costa, J. P. Papa, "An Optimum-Path Forest framework for intrusion detection in computer networks. " Engineering Applications of Artificial Intelligence, 25(6): 1226-1234, 2012.
  79. S. Saha, A. S. Sairam, A. Yadav and A. Ekbal, "Genetic algorithm combined with support vector machine for building an intrusion detection system," Proceedings of the International Conference on Advances in Computing, Communications and Informatics. Chennai, India, ACM: 566-572, 2012.
  80. P. Sangkatsanee, N. Wattanapongsakorn and C. Charnsripinyo, "Practical real-time intrusion detection using machine learning approaches," Computer Communications, 34(18): 2227-2235. 2011.
  81. N. Sharma and S. Mukherjee, "A Novel Multi-Classifier Layered Approach to Improve Minority Attack Detection in IDS. " Procedia Technology, 6(0): 913-921. 2012.
  82. H. M. Shirazi, "Anomaly Intrusion Detection System Using Information Theory, K-NN and KMC algorithms. " Australian Journal of Basic & Applied Sciences, 3(3): 251-2597, 2009.
  83. S. Suthaharan and T. Panchagnula, "Relevance feature selection with data cleaning for intrusion detection system," 2012 Proceedings of IEEE Southeastcon, 2012.
  84. P. Winter, E. Hermann and M. Zeilinger, "Inductive Intrusion Detection in Flow-Based Network Data Using One-Class Support Vector Machines," 2011 4th IFIP International Conference on New Technologies, Mobility and Security (NTMS), 2011.
  85. Y. Xie and Y. Zhang, "An intelligent anomaly analysis for intrusion detection based on SVM," 2012 International Conference on Computer Science and Information Processing (CSIP), 2012.
Index Terms

Computer Science
Information Sciences

Keywords

Security Intrusion detection Machine learning techniques Classification.