Part of the book series:Lecture Notes in Networks and Systems ((LNNS,volume 652))
Included in the following conference series:
994Accesses
Abstract
Cybersecurity has become a priority concern of the digital society. Many attacks are becoming more sophisticated, requiring strengthening the strategies of identification, analysis, and management of vulnerability to stop threats. Intrusion Detection/Prevention Systems are first security devices to protect systems. This paper presents a survey of several aspects to consider in machine learning-based intrusion detection systems. This survey presents the Intrusion Detection Systems taxonomy, the types of attacks they face, as well as the organizational infrastructure to respond to security incidents. The survey also describes several investigations to detect intrusions using Machine Learning, describing in detail the databases used. Moreover, the most accepted metrics to measure the performance of algorithms are presented. Finally, the challenges are discussed motivating future research.
This is a preview of subscription content,log in via an institution to check access.
Access this chapter
Subscribe and save
- Get 10 units per month
- Download Article/Chapter or eBook
- 1 Unit = 1 Article or 1 Chapter
- Cancel anytime
Buy Now
- Chapter
- JPY 3498
- Price includes VAT (Japan)
- eBook
- JPY 25167
- Price includes VAT (Japan)
- Softcover Book
- JPY 31459
- Price includes VAT (Japan)
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Bettina, J., Baudilio, M., Daniel, M., Alajandro, B., Michiel, S.: Challenges to effective EU cybersecurity policy. European Court of Auditors, pp. 1–74 (2019)
Gerling, R.: Cyber Attacks on Free Elections. MaxPlanckResearch, pp. 10–15 (2017)
World Economic Forum. The Global Risks Report 2020. Insight Report, pp. 1–114 (2020). 978-1-944835-15-6.http://wef.ch/risks2019
Ponemon Institute. 2015 Cost of Data Breach Study: Impact of Business Continuity Management (2018).https://www.ibm.com/downloads/cas/AEJYBPWA
Katsumi, N.: Global Threat Intelligence Report Note from our CEO. NTT Security (2019)
Chi, C., Freeman, D.: Machine Learning and Security. O’Reilly, Sebastopol (2018)
Kapersky. Project TajMahal a new sophisticated APT framework. Kapersky (2019).https://securelist.com/project-tajmahal/90240/
CyberEdge Group. Cyberthreat Defense Report. CyberEdge Group (2019).https://cyber-edge.com/
Hanan, H., et al.: A Taxonomy and Survey of Intrusion Detection System Design Techniques, Network Threats and Datasets. ACM (2018).http://arxiv.org/abs/1806.03517
Mazel, J., Casas, P., Fontugne, R., Fukuda, K., Owezarski, P.: Hunting attacks in the dark: clustering and correlation analysis for unsupervised anomaly detection. Int. J. Netw. Manag. 283–305 (2015).https://doi.org/10.1002/nem.1903
Khraisat, A., Gondal, I., Vamplew, P., Kamruzzaman, J.: Survey of intrusion detection systems: techniques, datasets and challenges. Cybersecurity2(1), 1–22 (2019).https://doi.org/10.1186/s42400-019-0038-7
Yao, D., Shu, X., Cheng, L., Stolfo, S.: Anomaly Detection as a Service: Challenges, Advances, and Opportunities. Morgan & Claypool Publishers, San Rafael (2018)
KDD. KDD-CUP-99 Task Description (1999).https://kdd.ics.uci.edu/databases/kddcup99/ task.html
Sharafaldin, I., Habibi, A., Ghorbani, A.: Toward generating a new intrusion detection dataset and intrusion traffic characterization. In: ICISSP 2018 - Proceedings of the 4th International Conference on Information Systems Security and Privacy, pp. 108–116 (2018).https://doi.org/10.5220/0006639801080116
Ring, M., Wunderlich, S., Scheuring, D., Landes, D., Hotho, A.: A survey of network-based intrusion detection data sets. Comput. Secur. 147–167 (2019).https://arxiv.org/abs/1902.00053.https://doi.org/10.1016/j.cose.2019.06.005
Ullah, R., Zhang, X., Kumar, R., Amiri, N., Alazab, M.: An adaptive multi-layer botnet detection technique using machine learning classifiers. Appl. Sci.9(11), 2375 (2019)
Magán-Carrión, R., Urda, D., Díaz-Cano, I., Dorronsoro, B.: Towards a reliable comparison and evaluation of network intrusion detection systems based on machine learning. Appl. Sci. (2020).https://doi.org/10.3390/app10051775
Qiu, S., Liu, Q., Zhou, S., Wu, C.: Review of artificial intelligence adversarial attack and defense technologies. Appl. Sci. (2019).https://doi.org/10.3390/app9050909
Carlini, N., et al.: On Evaluating Adversarial Robustness (2019).https://arxiv.org/abs/1902.06705
Ullaha, F., Babara, M.: Architectural tactics for big data cybersecurity analytics systems: a review. J. Syst. Softw.151, 81–118 (2019).https://doi.org/10.1016/j.jss.2019.01.051
Chadwick, D., et al.: A cloud-edge based data security architecture for sharing and analysing cyber threat information. Future Gener. Comput. Syst.102, 710–722 (2020).https://doi.org/10.1016/j.future.2019.06.026
Menen, A., Gowtham, R.: An efficient ransomware detection system. Int. J. Recent Technol. Eng. 28–31 (2019)
Narayanan, S., Ganesan, S., Joshi, K., Oates, T., Joshi, A., Finin, T.: Cognitive Techniques for Early Detection of Cybersecurity Events (2018).http://arxiv.org/abs/1808.00116
Ravi, S., Jassi, J., Avdhesh, S., Sharma, R.: Data-mining a mechanism against cyber threats: a review. In: 2016 1st International Conference on Innovation and Challenges in Cyber Security, ICICCS 2016, pp. 45–48 (2016).https://doi.org/10.1109/ICICCS.2016.7542343
Daya, A., Salahuddin, M., Limam, N., Boutaba, R.: A graph-based machine learning approach for bot detection. In: 2019 IFIP/IEEE Symposium on Integrated Network and Service Management, IM 2019, pp. 144–152 (2019)
Ullah, R., Zhang, X., Kumar, R., Amiri, N., Alazab, M.: An adaptive multi-layer botnet detection technique using machine learning classifiers. Appl. Sci.9(11), 2375 (2019).https://doi.org/10.3390/app9112375
Le, T., Kim, Y., Kim, H.: Network intrusion detection based on novel feature selection model and various recurrent neural networks. Appl. Sci.9(7), 1392 (2019).https://doi.org/10.3390/app9071392
Zhou, Q.: Dimitrios Pezaros School. Evaluation of Machine Learning Classifiers for Zero-Day Intrusion Detection - An Analysis on CIC-AWS-2018 dataset (2019).https://arxiv.org/abs/1905.03685
Khraisat, A., Gondal, I., Vamplew, P., Kamruzzaman, J., Alazab, A.: Hybrid intrusion detection system based on the stacking ensemble of C5 decision tree classifier and one class support vector machine. Electronics9(1), 173 (2020).https://doi.org/10.3390/electronics9010173
Liu, W., Ci, L., Liu, L.: A new method of fuzzy support vector machine algorithm for intrusion detection. Appl. Sci.10(3), 1065 (2020).https://doi.org/10.3390/app10031065
Gao, M., Ma, L., Liu, H., Zhang, Z., Ning, Z., Xu, J.: Malicious network traffic detection based on deep neural networks and association analysis. Sensors20, 1–14 (2020).https://doi.org/10.3390/s20051452
Gonzalez-Cuautle, D., et al.: Synthetic minority oversampling technique for optimizing classification tasks in botnet and intrusion-detection-system datasets. Appl. Sci.10(3), 794 (2020).https://doi.org/10.3390/app10030794
Sarnovsky, M., Paralic, J.: Hierarchical intrusion detection using machine learning and knowledge model. Symmetry12, 1–14 (2020)
Wang, M., Lu, Y., Qin, J.: A dynamic MLP-based DDoS attack detection method using feature selection and feedback. Comput. Secur.88, 1–14 (2020).https://doi.org/10.1016/j.cose.2019.101645
Kumar, S., Rahman, M.: Effects of machine learning approach in flow-based anomaly detection on software-defined networking. Symmetry12(1), 7 (2019)
Hwang, R., Peng, M., Nguyen, V., Chang, Y.: An LSTM-based deep learning approach for classifying malicious traffic at the packet level. Appl. Sci.9(16), 3414 (2019).https://doi.org/10.3390/app9163414
Kwon, H., Kim, Y., Yoon, H., Choi, D.: Random untargeted adversarial example on Deep neural network. Symmetry10(12), 738 (2018).https://doi.org/10.3390/sym10120738
Anirban, C., Manaar, A., Vishal, D., Anupam, C., Debdeep, M.: Adversarial attacks and defences: a survey. IEEE Access 35365–35381 (2018).https://doi.org/10.1109/ACCESS.2018.2836950
Ibitoye, O., Abou-Khamis, R., Matrawy, A., Shafi, M.: The Threat of Adversarial Attacks on Machine Learning in Network Security - A Survey (2019).https://arxiv.org/abs/1911.02621
Niyaz, Q., Sun, W., Javaid, A., Alam, M.: A deep learning approach for network intrusion detection system. In: 9th EAI International Conference on Bio-Inspired Information and Communications Technologies, pp. 1–11, May 2016
Guo, W., Mu, D., Xu, J., Su, P., Wang, G., Xing, X.: Lemna: explaining deep learning based security applications. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, Toronto, ON, Canada, 15 October 2018, pp. 364–379 (2018)
Nathan, S., Tran, N., Vu, P., Qi, S.: A deep learning approach to network intrusion detection. IEEE Trans. Emerg. Top. Comput. Intell.2, 41–50 (2018).https://doi.org/10.1109/TETCI.2017.2772792
Abbas, S.A., Almhanna, M.S.: Distributed denial of service attacks detection system by machine learning based on dimensionality reduction. J. Phys. Conf. Ser.1804(1), 012136 (2021).https://doi.org/10.1088/1742-6596/1804/1/012136
Gupta, N., Jindal, V., Bedi, P.: LIO-IDS: handling class imbalance using LSTM and improved one-vs-one technique in intrusion detection system. Comput. Netw.192, 108076 (2021).https://doi.org/10.1016/j.comnet.2021.108076
Liu, X., Li, T., Zhang, R., Wu, D., Liu, Y., Yang, Z.: A GAN and Feature Selection-Based Oversampling Technique for Intrusion Detection (2021)
Maseer, Z.K., Yusof, R., Bahaman, N., Mostafa, S.A., Foozy, C.F.M.: Benchmarking of machine learning for anomaly based intrusion detection systems in the CICIDS2017 dataset. IEEE Access9, 22351–22370 (2021).https://doi.org/10.1109/access.2021.3056614
Author information
Authors and Affiliations
National Technological of Mexico, Campus Misantla and Campus Teziutlan, Misantla, Mexico
Jose Luis Gutierrez-Garcia
National Technological of Mexico, Campus Misantla, Misantla, Mexico
Eddy Sanchez-DelaCruz
Autonomous University of Baja California, Mexicali, Mexico
Maria del Pilar Pozos-Parra
- Jose Luis Gutierrez-Garcia
You can also search for this author inPubMed Google Scholar
- Eddy Sanchez-DelaCruz
You can also search for this author inPubMed Google Scholar
- Maria del Pilar Pozos-Parra
You can also search for this author inPubMed Google Scholar
Corresponding author
Correspondence toEddy Sanchez-DelaCruz.
Editor information
Editors and Affiliations
Faculty of Science and Engineering, Saga University, Saga, Japan
Kohei Arai
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Gutierrez-Garcia, J.L., Sanchez-DelaCruz, E., Pozos-Parra, M.d.P. (2023). A Review of Intrusion Detection Systems Using Machine Learning: Attacks, Algorithms and Challenges. In: Arai, K. (eds) Advances in Information and Communication. FICC 2023. Lecture Notes in Networks and Systems, vol 652. Springer, Cham. https://doi.org/10.1007/978-3-031-28073-3_5
Download citation
Published:
Publisher Name:Springer, Cham
Print ISBN:978-3-031-28072-6
Online ISBN:978-3-031-28073-3
eBook Packages:Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)
Share this paper
Anyone you share the following link with will be able to read this content:
Sorry, a shareable link is not currently available for this article.
Provided by the Springer Nature SharedIt content-sharing initiative