Abstract
In this paper, we survey the published work on machine learning-based network intrusion detection systems covering recent state-of-the-art techniques. We address the problems of conventional datasets and present a detailed comparison of modern network intrusion datasets (UNSW-NB15, TUIDS, and NSLKDD). Recent feature-level processing techniques are elaborated followed by a discussion on supervised multi-class machine learning classifiers. Finally, open challenges are pointed out and research directions are provided to promote further research in this area.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Mohiuddin, A., Mahmood, A., Hu, J.: A survey of network anomaly detection techniques. J. Netw. Comput. Appl. 60, 19–31 (2016)
Bhuyan, M., Bhattacharyya, D., Kalita, J.: Network anomaly detection: methods, systems and tools. IEEE Commun. Surv. Tutor. 16, 303–336 (2014)
Weller-Fahy, D., Borghetti, B., Sodemann, A.: A survey of distance and similarity measures used within network intrusion anomaly detection. IEEE Commun. Surv. Tutor. 17, 70–91 (2015)
Garcia-Teodoro, P., Diaz-Verdejo, J., Fernandez, G.: Anomaly-based network intrusion detection: techniques, systems and challenges. Comput. Secur. 28, 18–28 (2009)
Hoque, N., Bhuyan, M., Baishya, R., Bhattacharyya, D., Kalita, J.: Network attacks: Taxonomy, tools and systems. J. Netw. Comput. Appl. 40, 307–324 (2014)
Scarfone, K., Mell, P.: Guide to intrusion detection and prevention systems (IDPS). NIST Spec. Publ. 800, 94 (2007)
Viegas, E., Santin, A., Oliveira, L.: Toward a reliable anomaly-based intrusion detection in real-world environments. Comput. Netw. 127, 200–216 (2017)
Shirvai, A., Shirvai, H., Tavallaee, M., Ghorbani, A.: Toward developing a systematic approach to generate benchmark datasets for intrusion detection. Comput. Secur. 31(3), 357–374 (2012)
Tavallaee, M., Bagheri, E., Lu, W.: A detailed analysis of the KDD CUP 99 dataset. In: Compuational Intelligence for Security and Defense Applications (2009)
Moustafa, N., Slay, J.: UNSW-NB15: a comprehensive data set for network intrusion detection systems. In: Military Communications and Information Systems Conference (MilCIS) (2015)
Moustafa, N., Slay, J.: The evaluation of network anomaly detection systems: statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set. Inf. Secur. J.: Global Perspect. 25(1–3), 18–31 (2016)
Bhuyan, M., Bhattacharyya, D., Kalita, J.: Towards generating real-life datasets for network intrusion detection. Int. J. Netw. Secur. 17, 683–701 (2015)
De la Hoz, E., De La Hoz, E., Ortiz, A., Ortego, J., Prieto, B.: PCA filtering and probabilistic SOM for network intrusion detection. Neurocomputing 164, 71–81 (2015)
Kuang, F., Xu, W., Zhang, S.: A novel hybrid KPCA and SVM with GA model for intrusion detection. Appl. Soft Comput. 18, 178–184 (2014)
Singh, R., Kumar, H., Singla, R.: An intrusion detection system using network traffic profiling and online sequential extreme learning machine. Expert Syst. Appl. 42(22), 8609–8624 (2015)
Wahba, Y., ElSalamouny, E., EITaweel, G.: Improving the performance of multi-class intrusion detection systems using feature reduction. IJCSI Int. J. Comput. Sci. Issues 12 (2015)
Eid, H., Hassanien, A., Kim, T., Banerjee, S.: Linear correlation-based feature selection for network intrusion detection model. Adv. Secur. Inf. Commun. Netw., 240–248 (2013)
Lin, W., Ke, S., Sai, T.: CANN: An intrusion detection system based on combining cluster centers and nearest neighbors. Knowl.-Based Syst. 78, 13–21 (2015)
Iglesias, F., Zseby, T.: Analysis of network traffic features for anomaly detection. Mach. Learn. 101, 59–84 (2015)
Fiore, U., Palmieri, F., Castiglione, A., Santis, A.: Network anomaly detection with the restricted Boltzmann machine. Neurocomputing 122, 13–23 (2013)
Xiao, L., Chen, Y., Chang, C.: Bayesian model averaging of Bayesian network classifiers for intrusion detection. In: Computer Software and Applications Conference Workshops (COMPSACW) (2014)
Fossaceca, J., Mazzuchi, T., Sakrani, S.: MARK-ELM: application of a novel multiple kernel learning framework for improving the robustness of network intrusion detection. Expert Syst. Appl. 42, 4062–4080 (2015)
Ji, S., Jeong, B., Choi, S., Jeong, D.: A multi-level intrusion detection method for abnormal network behaviors. J. Netw. Comput. Appl. 62, 9–17 (2016)
Bamakan, S., Wang, H., Shi, Y.: Ramp loss K-support vector classification-regression; a robust and sparse multi-class approach to the intrusion detection problem. Knowl.-Based Syst. 126, 113–126 (2017)
Al-Yaseen, W., Othman, Z., Nazri, M.: Multi-level hybrid support vector machine and extreme learning machine based on modified K-means for intrusion detection system. Expert Syst. Appl. 67, 396–303 (2017)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Chapaneri, R., Shah, S. (2019). A Comprehensive Survey of Machine Learning-Based Network Intrusion Detection. In: Satapathy, S., Bhateja, V., Das, S. (eds) Smart Intelligent Computing and Applications . Smart Innovation, Systems and Technologies, vol 104. Springer, Singapore. https://doi.org/10.1007/978-981-13-1921-1_35
Download citation
DOI: https://doi.org/10.1007/978-981-13-1921-1_35
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-13-1920-4
Online ISBN: 978-981-13-1921-1
eBook Packages: EngineeringEngineering (R0)