Abstract
The immeasurable amount of data in network traffic has increased its vulnerability. Therefore, monitoring and analyzing traffic for threat hunting is inevitable. Analyzing and capturing real-time network traffic is challenging due to privacy and space concerns. However, many simulated datasets are available. Machine-learning based intrusion detection systems are trained on these datasets for attack detection. Selection of correct features has significant importance in determining the efficiency of various Ml-based algorithms. Hence, this paper provides a literature survey of the various machine learning based IDS. Features, attacks, machine learning algorithms and their corresponding datasets are identified in the survey. The survey may help researchers in identifying benchmark features correlated to network attacks. At the time of writing this paper there is no such IDS that associates network features to attacks.
Keywords
- IDS-Intrusion Detection System
- DoS- Denial of Service
- Cyber space
- NetFlow
This is a preview of subscription content, access via your institution.
Buying options
References
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-12r1.pdf/
Pawar, M.V., Anuradha, J.: Network security and types of attacks in network. Procedia Comput. Sci. 48, 503–506 (2015)
. Mahjabin, T., Xiao, Y., Sun, G., Jiang, W.: A survey of distributed denial-of-service attack, prevention, and mitigation techniques. Int. J. Distrib. Sensor Netw. 13(12), 1550147717741463 (2017) https://doi.org/10.1177/1550147717741463
Malak, A.: Intelligent techniques for detecting network attacks: review and research directions. Sensors 21(21), 7070 (2021)
Deshmukh, R.V., Devadkar, K.K.: Understanding DDoS attack & its effect in cloud environment. Procedia Comput. Sci. 49, 202–210 (2015)
Mallik, A.: Man-in-the-middle-attack: Understanding in simple words. Cyberspace: Jurnal Pendidikan Teknologi Informasi 2(2), 109–134 (2019)
Rahim, R.: Man-in-the-middle-attack prevention using interlock protocol method. ARPN J. Eng. Appl. Sci 12(22), 6483–6487 (2017)
Eian, I.C., Lim, K.Y., Yeap, M.X.L., Yeo, H.Q., Fatima, Z.: Wireless networks: active and passive attack vulnerabilities and privacy challenges (2020). Preprints
https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2021GTR.pdf
Krombholz, K., Hobel, H., Huber, M., Weippl, E.: Advanced social engineering attacks. J. Inf. Secur. Appl. 22, 113–122 (2015)
Banerjee, J., Maiti, S., Chakraborty, S., Dutta, S., Chakraborty, A., Banerjee, J.S.: Impact of machine learning in various network security applications. In: 2019 3rd International Conference on Computing Methodologies and Communication (ICCMC), pp. 276–281. IEEE (2019)
https://www.cisco.com/c/en/us/support/security/stealthwatch-flow-sensor-series/series.html
Gustavsson, V.: Machine Learning for a Network-based Intrusion Detection System: An application using Zeek and the CICIDS2017 dataset (2019)
Sarhan, M., Layeghy, S., Moustafa, N., Portmann, M.: Netflow datasets for machine learning-based network intrusion detection systems. arXiv preprint arXiv:2011.09144 (2020)
Sarhan, M., Layeghy, S., Moustafa, N., Portmann, M.: Towards a standard feature set of nids datasets. arXiv preprint arXiv:2101.11315 (2021)
Zhang, J., Liang, Q., Jiang, R., Li, X.: A feature analysis based identifying scheme using GBDT for DDoS with multiple attack vectors. Appl. Sci. 9(21), 4633 (2019)
Sarhan, M., Layeghy, S., Portmann, M.: An explainable machine learning-based network intrusion detection system for enabling generalisability in securing IoT networks. arXiv preprint arXiv:2104.07183 (2021)
Alaidaros, H., Mahmuddin, M.: Flow-based approach on bro intrusion detection. J. Telecommun. Electron. Comput. Eng. 9(2–2), 139–145 (2017)
Sharafaldin, I., Lashkari, A.H., Ghorbani, A.: A toward generating a new intrusion detection dataset and intrusion traffic characterization. In: ICISS, vol. 1, pp. 108–116 (2018)
Elsayed, M.S., Le-Khac, N.A., Dev, S., Jurcut, A.D.: Machine-learning techniques for detecting attacks in SDN. arXiv preprint arXiv:1910.00817 (2019)
Prakash, A., Priyadarshini, R.: An intelligent software defined network controller for preventing distributed denial of service attack. In: 2018 Second International Conference on Inventive Communication and Computational Technologies (ICICCT), pp. 585–589. IEEE (2018)
Li, D., Yu, C., Zhou, Q., Yu, J.: Using SVM to detect DDoS attack in SDN network. In: IOP Conference Series: Materials Science and Engineering, vol. 466, no. 1, p. 012003. IOP Publishing (2018)
Al-Sarem, M., et al.: An aggregated mutual information based feature selection with machine learning methods for enhancing IoT botnet attack detection. Sensors (Basel, Switzerland) 22, 1–185 (2021). https://doi.org/10.3390/s22010185
Maldonado, J., Riff, M.C., Neveu, B.: A review of recent approaches on wrapper feature selection for intrusion detection. Expert Syst. Appl. 198, 116822 (2022). ISSN 0957–4174, https://doi.org/10.1016/j.eswa.2022.116822. (https://www.sciencedirect.com/science/article/pii/S0957417422002780)
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Rubab, J., Afzal, H., Shahid, W.B. (2022). A Survey of Network Features for Machine Learning Algorithms to Detect Network Attacks. In: Nguyen, N.T., Tran, T.K., Tukayev, U., Hong, TP., Trawiński, B., Szczerbicki, E. (eds) Intelligent Information and Database Systems. ACIIDS 2022. Lecture Notes in Computer Science(), vol 13758. Springer, Cham. https://doi.org/10.1007/978-3-031-21967-2_7
Download citation
DOI: https://doi.org/10.1007/978-3-031-21967-2_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-21966-5
Online ISBN: 978-3-031-21967-2
eBook Packages: Computer ScienceComputer Science (R0)