Abstract
In the data security context, anomaly detection is a branch of intrusion detection that can detect emerging intrusions and security attacks. A number of anomaly detection systems (ADSs) have been proposed in the literature that using various algorithms and techniques try to detect the intrusions and anomalies. This paper focuses on the ADS schemes which have applied fuzzy logic in combination with other machine learning and data mining techniques to deal with the inherent uncertainty in the intrusion detection process. For this purpose, it first presents the key knowledge about intrusion detection systems and then classifies the fuzzy ADS approaches regarding their utilized fuzzy algorithm. Afterward, it summarizes their major contributions and illuminates their advantages and limitations. Finally, concluding issues and directions for future researches in the fuzzy ADS context are highlighted.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Abadeh, M. S., Mohamadi, H., & Habibi, J. (2011). Design and analysis of genetic fuzzy systems for intrusion detection in computer networks. Expert Systems with Applications: An International Journal, 38, 7067–7075.
Ahmed, M., Naser Mahmood, A., & Hu, J. (2016). A survey of network anomaly detection techniques. Journal of Network and Computer Applications, 60, 19–31.
Aljawarneh, S. A., Radhakrishna, V., & Kumar, G. R. (2017). A fuzzy measure for intrusion and anomaly detection. In 2017 International conference on engineering and MIS (ICEMIS) (pp. 1–6).
Aminanto, M. E., Kim, H., Kim, K.-M., & Kim, K. (2017). Another fuzzy anomaly detection system based on ant clustering algorithm. IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, 100, 176–183.
Aparicio-Navarro, F. J., Kyriakopoulos, K. G., Parish, D. J., & Chambers, J. A. (2016). Adding contextual information to intrusion detection systems using fuzzy cognitive maps. In 2016 IEEE International multi-disciplinary conference on cognitive methods in situation awareness and decision support (CogSIMA) (pp. 180–186).
Ashfaq, R. A. R., He, Y.-L., & Chen, D.-G. (2017). Toward an efficient fuzziness based instance selection methodology for intrusion detection system. International Journal of Machine Learning and Cybernetics, 8, 1767–1776.
Asmuss, J., & Lauks, G. (2015). Network traffic classification for anomaly detection fuzzy clustering based approach. In 2015 12th International conference on fuzzy systems and knowledge discovery (FSKD) (pp. 313–318).
Assis, M. V. O. D., Hamamoto, A. H., Abrão, T., & Proença, M. L. (2017). A game theoretical based system using holt-winters and genetic algorithm with fuzzy logic for DoS/DDoS mitigation on SDN networks. IEEE Access, 5, 9485–9496.
Bhuyan, M. H., Bhattacharyya, D. K., & Kalita, J. K. (2013). Network anomaly detection: Methods, systems and tools. IEEE Communications Surveys & Tutorials, 16, 303–336.
Bhuyan, M. H., Bhattacharyya, D. K., & Kalita, J. K. (2014). Network anomaly detection: Methods, systems and tools. IEEE Communications Surveys & Tutorials, 16, 303–336.
Botta, A., De Donato, W., Persico, V., & Pescapé, A. (2016). Integration of cloud computing and internet of things: A survey. Future Generation Computer Systems, 56, 684–700.
Chandrasekhar, A., & Raghuveer, K. (2013). An effective technique for intrusion detection using neuro-fuzzy and radial SVM classifier. In Computer networks and communications (NetCom): Proceedings of the fourth international conference on networks and communications (p. 499).
Chen, M., Wang, N., Zhou, H., & Chen, Y. (2017). FCM technique for efficient intrusion detection system for wireless networks in cloud environment. Computers & Electrical Engineering, 71, 978–987.
Chiba, Z., Abghour, N., Moussaid, K., El Omri, A., & Rida, M. (2018). A novel architecture combined with optimal parameters for back propagation neural networks applied to anomaly network intrusion detection. Computers & Security, 75, 36–58.
Devi, R., Jha, R. K., Gupta, A., Jain, S., & Kumar, P. (2017). Implementation of intrusion detection system using adaptive neuro-fuzzy inference system for 5G wireless communication network. AEUE-International Journal of Electronics and Communications, 74, 94–106.
Elejla, O. E., Belaton, B., Anbar, M., & Alnajjar, A. (2018). Intrusion detection systems of ICMPv6-based DDoS attacks. Neural Computing and Applications, 30, 45–56.
Elshoush, H. T., & Osman, I. M. (2011). Alert correlation in collaborative intelligent intrusion detection systems—A survey. Applied Soft Computing, 11, 4349–4365.
Feizollah, A., Shamshirband, S., Anuar, N. B., Salleh, R., & Mat Kiah, M. L. (2013). Anomaly detection using cooperative fuzzy logic controller. In FIRA RoboWorld Congress (pp. 220–231). Berlin.
Fernandes, G., Rodrigues, J. J. P. C., Carvalho, L. F., Al-Muhtadi, J. F., & Proença, M. L. (2019). A comprehensive survey on network anomaly detection. Telecommunication Systems, 70, 447–489.
Ganapathy, S., Kulothungan, K., Yogesh, P., & Kannan, A. (2012). A novel weighted fuzzy C-means clustering based on immune genetic algorithm for intrusion detection. Procedia Engineering, 38, 1750–1757.
Ganeshkumar, P., & Pandeeswari, N. (2016). Adaptive neuro-fuzzy-based anomaly detection system in cloud. International Journal of Fuzzy Systems, 3, 367–378.
Gao, D., Liu, Z., Liu, Y., Foh, C. H., Zhi, T., & Chao, H.-C. (2018). Defending against packet-in messages flooding attack under SDN context. Soft Computing, 22, 6797–6809.
Garcia, J. M. G. (2011). Discrete fuzzy transform applied to computer anomaly detection. In 2011 Annual meeting of the North American fuzzy information processing society (NAFIPS) (pp. 1–4).
Garg, S., & Batra, S. (2017). Fuzzified cuckoo based clustering technique for network anomaly detection. Computers & Electrical Engineering, 71, 798–817.
Geramiraz, F., Memaripour, A. S., & Abbaspour, M. (2012). Adaptive anomaly-based intrusion detection system using fuzzy controller. International Journal of Network Security, 14, 352–361.
Gladkykh, T., Hnot, T., & Solskyy, V. (2016). Fuzzy logic inference for unsupervised anomaly detection. In IEEE First international conference on data stream mining and processing (DSMP) (pp. 42–47).
Guo, C., Ping, Y., Liu, N., & Luo, S.-S. (2016). A two-level hybrid approach for intrusion detection. Neurocomputing, 214, 391–400.
Hadri, A., Chougdali, K., & Touahni, R. (2016). Intrusion detection system using PCA and fuzzy PCA techniques. In International conference on advanced communication systems and information security (ACOSIS) (pp. 1–7).
Hadri, A., Chougdali, K., & Touahni, R. (2017). Identifying intrusions in computer networks using robust fuzzy PCA. In 2017 IEEE/ACS 14th International conference on computer systems and applications (AICCSA) (pp. 1261–1268).
Hajisalem, V., & Babaie, S. (2018). A hybrid intrusion detection system based on ABC-AFS algorithm for misuse and anomaly detection. Computer Networks, 136, 37–50.
Hamamoto, A. H., Carvalho, L. F., Sampaio, L. D. H., Abrão, T., & Proença, M. L., Jr. (2018). Network anomaly detection system using genetic algorithm and fuzzy logic. Expert Systems with Applications, 92, 390–402.
Hameed, S. M., & Sulaiman, S. S. (2012). Intrusion detection using a mixed features fuzzy clustering algorithm. Iraq Journal of Science (IJS), 53, 427–434.
Haripriya, A. P., & Kulothungan, K. (2019). Secure-MQTT: An efficient fuzzy logic-based approach to detect DoS attack in MQTT protocol for internet of things. EURASIP Journal on Wireless Communications and Networking, 2019, 90.
Hosseinpour, M., Seno, S. A. H., Moghaddam, M. H. Y., & Roshkhari, H. K. (2016). An anomaly based VoIP DoS attack detection and prevention method using fuzzy logic. In 2016 8th International symposium on telecommunications (IST) (pp. 713–718).
Hu, L., Li, T., Xie, N., & Hu, J. (2015). False positive elimination in intrusion detection based on clustering. In 2015 12th International conference on fuzzy systems and knowledge discovery (FSKD) (pp. 519–523).
Iranmanesh, S. M., Mohammadi, M., Akbari, A., & Nassersharif, B. (2011). Improving detection rate in intrusion detection systems using FCM clustering to select meaningful landmarks in incremental landmark isomap algorithm. In Theoretical and mathematical foundations of computer science (pp. 46–53). Berlin: Springer.
Kannan, A., Maguire, G. Q., Sharma, A., & Schoo, P. (2012). Genetic algorithm based feature selection algorithm for effective intrusion detection in cloud networks. In 2012 IEEE 12th International conference on data mining workshops (ICDMW) (pp. 416–423).
Karaboga, D., & Kaya, E. (2016). An adaptive and hybrid artificial bee colony algorithm (aABC) for ANFIS training. Applied Soft Computing, 49, 423–436.
Karaboga, D., & Kaya, E. (2018). Adaptive network based fuzzy inference system (ANFIS) training approaches: A comprehensive survey. Artificial Intelligence Review, 52, 1–31.
Karami, A., & Guerrero-Zapata, M. (2015). A fuzzy anomaly detection system based on hybrid PSO-Kmeans algorithm in content-centric networks. Neurocomputing, 149, 1253–1269.
Khan, S., Gani, A., Wahid, A., & Singh, P. (2017). Feature selection of denial-of-service attacks using entropy and granular computing. Arabian Journal for Science and Engineering, 43, 499–508.
Khazaee, S., & Rad, M. S. (2013). Using fuzzy C-means algorithm for improving intrusion detection performance. In 2013 13th Iranian conference on fuzzy systems (IFSC) (pp. 1–4).
Kumar, G. R., Mangathayaru, N., & Narsimha, G. (2016). An approach for intrusion detection using fuzzy feature clustering. In International conference on engineering and MIS (ICEMIS) (pp. 1–8).
Kumar, G. R., Mangathayaru, N., Narsimha, G., & Cheruvu, A. (2018). Feature clustering for anomaly detection using improved fuzzy membership function. Presented at the proceedings of the fourth international conference on engineering and MIS 2018, Istanbul, Turkey.
Kumar, K. A., & Mohan, V. N. (2014). Adaptive fuzzy neural network model for intrusion detection. In 2014 International conference on contemporary computing and informatics (IC3I) (pp. 987–991).
Kumar, P. A. R., & Selvakumar, S. (2013). Detection of distributed denial of service attacks using an ensemble of adaptive and hybrid neuro-fuzzy systems. Computer Communications, 36, 303–319.
Lei, Y., Liu, J., & Yin, H. (2016). Intrusion detection techniques based on improved intuitionistic fuzzy neural networks. In 2016 International conference on intelligent networking and collaborative systems (INCoS) (pp. 518–521).
Li, L., & Zhao, K.-N. (2011). A new intrusion detection system based on rough set theory and fuzzy support vector machine. In 2011 3rd International workshop on intelligent systems and applications (ISA) (pp. 1–5).
Linda, O., Manic, M., Vollmer, T., & Wright, J. (2011). Fuzzy logic based anomaly detection for embedded network security cyber sensor. In 2011 IEEE Symposium on computational intelligence in cyber security (CICS) (pp. 202–209).
Liu, D., Lung, C.-H., Seddigh, N., & Nandy, B. (2014). Network traffic anomaly detection using adaptive density-based fuzzy clustering. In Proceedings of the 2014 IEEE 13th international conference on trust, security and privacy in computing and communications (pp. 823–830).
Mabu, S., Chen, C., Lu, N., Shimada, K., & Hirasawa, K. (2011). An intrusion-detection model based on fuzzy class-association-rule mining using genetic network programming. IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews), 41, 130–139.
Masarat, S., Taheri, H., & Sharifian, S. (2014). A novel framework, based on fuzzy ensemble of classifiers for intrusion detection systems. In 2014 4th International eConference on computer and knowledge engineering (ICCKE) (pp. 165–170).
Masdari, M., & Ahmadzadeh, S. (2017). A survey and taxonomy of the authentication schemes in Telecare Medicine Information Systems. Journal of Network and Computer Applications, 87, 1–19.
Masdari, M., Ahmadzadeh, S., & Bidaki, M. (2017). Key management in wireless body area network: Challenges and issues. Journal of Network and Computer Applications, 91, 36–51.
Masdari, M., & Jalali, M. (2016). A survey and taxonomy of DoS attacks in cloud computing. Security and Communication Networks, 9, 3724–3751.
Masdari, M., & Khezri, H. (2020). A survey and taxonomy of the fuzzy signature-based Intrusion Detection Systems. Applied Soft Computing, 92, 106301.
Masdari, M., Nabavi, S. S., & Ahmadi, V. (2016a). An overview of virtual machine placement schemes in cloud computing. Journal of Network and Computer Applications, 66, 106–127.
Masdari, M., ValiKardan, S., Shahi, Z., & Azar, S. I. (2016b). Towards workflow scheduling in cloud computing: A comprehensive analysis. Journal of Network and Computer Applications, 66, 64–82.
Masdari, M., & Zangakani, M. (2019). Green cloud computing using proactive virtual machine placement: Challenges and issues. Journal of Grid Computing, 1–33.
Mazarbhuiya, F. A., AlZahrani, M. Y., & Georgieva, L. (2019). Anomaly detection using agglomerative hierarchical clustering algorithm. In International conference on information science and applications, Singapore (pp. 475–484).
Modi, C., Patel, D., Borisaniya, B., Patel, H., Patel, A., & Rajarajan, M. (2013). A survey of intrusion detection techniques in cloud. Journal of Network and Computer Applications, 36, 42–57.
Moshtaghi, M., Bezdek, J. C., Leckie, C., Karunasekera, S., & Palaniswami, M. (2015). Evolving fuzzy rules for anomaly detection in data streams. IEEE Transactions on Fuzzy Systems, 23, 688–700.
Moustafa, N., Slay, J., & Creech, G. (2018). Novel geometric area analysis technique for anomaly detection using trapezoidal area estimation on large-scale networks. IEEE Transactions on Big Data, 5, 1.
Mukosera, M., & Reddy, G. V. R. (2014). A clustering and fuzzy logic based intrusion detection system. International Journal of Scientific and Engineering Research, 5, 118–124.
Nagaraja, A., Aljawarneh, S., & Prabhakara, H. S. (2018). PAREEKSHA: A machine learning approach for intrusion and anomaly detection. Presented at the proceedings of the first international conference on data science, E-learning and information systems, Madrid, Spain.
Naik, N. (2015). Fuzzy inference based intrusion detection system: FI-Snort. In 2015 IEEE International conference on computer and information technology; ubiquitous computing and communications; dependable, autonomic and secure computing; pervasive intelligence and computing (CIT/IUCC/DASC/PICOM) (pp. 2062–2067).
Naik, N., Diao, R., & Shen, Q. (2017). Dynamic fuzzy rule interpolation and its application to intrusion detection. IEEE Transactions on Fuzzy Systems, 26, 1878–1892.
Nápoles, G., Grau, I., Falcon, R., Bello, R., & Vanhoof, K. (2016). A granular intrusion detection system using rough cognitive networks. In R. Abielmona, R. Falcon, N. Zincir-Heywood, & H. A. Abbass (Eds.), Recent advances in computational intelligence in defense and security (pp. 169–191). Cham: Springer International Publishing.
Ngamwitthayanon, N., & Wattanapongsakorn, N. (2011). Fuzzy-ART in network anomaly detection with feature-reduction dataset. In 2011 The 7th international conference on networked computing (INC) (pp. 116–121).
Pandeeswari, N., & Kumar, G. (2016). Anomaly detection system in cloud environment using fuzzy clustering based ANN. Mobile Networks and Applications, 21, 494–505.
Prabha, K. R., & Jeyanthi, N. (2018). Intelligent intrusion detection system using temporal analysis and type-2 fuzzy neural classification. International Journal of Internet Technology and Secured Transactions, 8, 167–184.
Rabatel, J., Bringay, S., & Poncelet, P. (2010). Fuzzy anomaly detection in monitoring sensor data. In 2010 IEEE International conference on fuzzy systems (FUZZ) (pp. 1–8).
Raja, S., & Ramaiah, S. (2016). An efficient fuzzy-based hybrid system to cloud intrusion detection. International Journal of Fuzzy Systems, 1, 62–77.
Shalini, S., Shafreen Nihara, A., Sathiya Priya, L., & Vetriselvi, V. (2018). Intrusion detection system for software-defined networks using fuzzy system. In Proceedings of the international conference on computing and communication systems, Singapore (pp. 603–620).
Shamshirband, S., Amini, A., Anuar, N. B., Mat Kiah, M. L., Teh, Y. W., & Furnell, S. (2014). D-FICCA: A density-based fuzzy imperialist competitive clustering algorithm for intrusion detection in wireless sensor networks. Measurement, 55, 212–226.
Sharma, R., & Chaurasia, S. (2018). An enhanced approach to fuzzy C-means clustering for anomaly detection. In Proceedings of first international conference on smart system, innovations and computing (pp. 623–636).
Sharma, V., Kumar, R., Cheng, W., Atiquzzaman, M., Srinivasan, K., & Zomaya, A. Y. (2018). NHAD: Neuro-fuzzy based horizontal anomaly detection in online social networks. IEEE Transactions on Knowledge and Data Engineering, 30, 2171–2184.
Shekokar, N., & Devane, S. (2011). Anomaly detection in VoIP system using neural network and fuzzy logic. In Computational intelligence and information technology (pp. 537–542). Springer.
Singh, K. J., Thongam, K., & De, T. (2018). Detection and differentiation of application layer DDoS attack from flash events using fuzzy-GA computation. IET Information Security, 12(6), 502–512. https://doi.org/10.1049/iet-ifs.2017.0500.
Song, J., Zhu, Z., Scully, P., & Price, C. (2013). Selecting features for anomaly intrusion detection: A novel method using fuzzy C means and decision tree classification. In Cyberspace safety and security: 5th international symposium, CSS 2013, Zhangjiajie, China, November 13–15, proceedings (p. 299).
Su, M.-Y., Lin, C.-Y., Chien, S.-W., & Hsu, H.-C. (2011). Genetic-fuzzy association rules for network intrusion detection systems. In 2011 IEEE International conference on fuzzy systems (FUZZ) (pp. 2046–2052).
Sujata, B., & Varma, P. R. K. (2017). Combining fuzzy C-means and KNN algorithms in performance improvement of intrusion detection system. In Proceedings of international conference on computational intelligence and data engineering: ICCIDE 2017 (p. 359).
Sujendran, R., & Arunachalam, M. (2015). Hybrid fuzzy adaptive Wiener filtering with optimization for intrusion detection. ETRI Journal, 37, 502–511.
Tajbakhsh, A., Rahmati, M., & Mirzaei, A. (2009). Intrusion detection using fuzzy association rules. Applied Soft Computing, 9, 462–469.
Wang, J., Zhao, H., Xu, J., Li, H., Zhu, H., Chao, S., et al. (2018). Using intuitionistic fuzzy set for anomaly detection of network traffic from flow interaction. IEEE Access, 6, 64801–64816.
Wu, S. X., & Banzhaf, W. (2010). The use of computational intelligence in intrusion detection systems: A review. Applied Soft Computing, 10, 1–35.
Xiao, R., Su, J., Du, X., Jiang, J., Lin, X., & Lin, L. (2019). SFAD: Toward effective anomaly detection based on session feature similarity. Knowledge-Based Systems, 165, 149–156.
Xie, L., Wang, Y., Chen, L., & Yue, G. (2010). An anomaly detection method based on fuzzy C-means clustering algorithm. In The second international symposium on networking and network security (ISNNS 2010) (p. 89).
Yu, Y., & Wu, H. (2012). Anomaly intrusion detection based upon data mining techniques and fuzzy logic. In 2012 IEEE International conference on systems, man, and cybernetics (SMC) (pp. 514–517).
Zhang, H., & Zhang, X. (2012). Intrusion detection based on improvement of genetic fuzzy C-means algorithm. In Advances in information technology and industry applications (pp. 339–346). Berlin: Springer.
Zhang, L., Bai, Z., Luo, S., Cui, G., & Li, X. (2013). A dynamic artificial immune-based intrusion detection method using rough and fuzzy set. In 2013 International conference on information and network security (ICINS 2013) (pp. 1–7).
Zhang, Z., & Gu, B. (2016). Intrusion detection network based on fuzzy C-means and particle swarm optimization. In Proceedings of the 6th international Asia conference on industrial engineering and management innovation (pp. 111–119).
Zhong, J., Wu, H., & Lai, Y. (2011). Intrusion detection using evolving fuzzy classifiers. In 2011 6th IEEE Joint international information technology and artificial intelligence conference (ITAIC) (pp. 119–122).
Zolotukhin, M., Kokkonen, T., Hämäläinen, T., & Siltanen, J. (2016). Weighted fuzzy clustering for online detection of application DDoS attacks in encrypted network traffic. In Internet of things, smart spaces, and next generation networks and systems (pp. 326–338). Cham.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Masdari, M., Khezri, H. Towards fuzzy anomaly detection-based security: a comprehensive review. Fuzzy Optim Decis Making 20, 1–49 (2021). https://doi.org/10.1007/s10700-020-09332-x
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10700-020-09332-x