Skip to main content

2020 | OriginalPaper | Buchkapitel

Taxonomy of Supervised Machine Learning for Intrusion Detection Systems

verfasst von : Ahmed Ahmim, Mohamed Amine Ferrag, Leandros Maglaras, Makhlouf Derdour, Helge Janicke, George Drivas

Erschienen in: Strategic Innovative Marketing and Tourism

Verlag: Springer International Publishing

Aktivieren Sie unsere intelligente Suche um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

This paper presents a taxonomy of supervised machine learning techniques for intrusion detection systems (IDSs). Firstly, detailed information about related studies is provided. Secondly, a brief review of public data sets is provided, which are used in experiments and frequently cited in publications, including, IDEVAL, KDD CUP 1999, UNM Send-Mail Data, NSL-KDD, and CICIDS2017. Thirdly, IDSs based on supervised machine learning are presented. Finally, analysis and comparison of each IDS along with their pros and cons are provided.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Literatur
1.
Zurück zum Zitat Death D (2017) Information security handbook: develop a threat model and incident response strategy to build a strong information security framework. Packt Publishing Ltd., Birmingham Death D (2017) Information security handbook: develop a threat model and incident response strategy to build a strong information security framework. Packt Publishing Ltd., Birmingham
2.
Zurück zum Zitat Maglaras LA, Jiang J (2014) Intrusion detection in SCADA systems using machine learning techniques. In: 2014 science and information conference. IEEE, Piscataway, pp 626–631CrossRef Maglaras LA, Jiang J (2014) Intrusion detection in SCADA systems using machine learning techniques. In: 2014 science and information conference. IEEE, Piscataway, pp 626–631CrossRef
3.
Zurück zum Zitat European Union Agency for Network and Information Security (2018) ENISA threat landscape report 2018 European Union Agency for Network and Information Security (2018) ENISA threat landscape report 2018
4.
Zurück zum Zitat Garcia-Teodoro P, Diaz-Verdejo J, Maciá-Fernández G, Vázquez E (2009) Anomaly-based network intrusion detection: techniques, systems and challenges. Comput Secur 28:18–28CrossRef Garcia-Teodoro P, Diaz-Verdejo J, Maciá-Fernández G, Vázquez E (2009) Anomaly-based network intrusion detection: techniques, systems and challenges. Comput Secur 28:18–28CrossRef
5.
Zurück zum Zitat Zhou CV, Leckie C, Karunasekera S (2010) A survey of coordinated attacks and collaborative intrusion detection. Comput Secur 29:124–140CrossRef Zhou CV, Leckie C, Karunasekera S (2010) A survey of coordinated attacks and collaborative intrusion detection. Comput Secur 29:124–140CrossRef
6.
Zurück zum Zitat Elshoush HT, Osman IM (2011) Alert correlation in collaborative intelligent intrusion detection systems - a survey. Appl Soft Comput 11:4349–4365CrossRef Elshoush HT, Osman IM (2011) Alert correlation in collaborative intelligent intrusion detection systems - a survey. Appl Soft Comput 11:4349–4365CrossRef
7.
Zurück zum Zitat Sperotto A, Schaffrath G, Sadre R, Morariu C, Pras A, Stiller B (2010) An overview of IP flow-based intrusion detection. IEEE Commun Surv Tutorials 12:343–356CrossRef Sperotto A, Schaffrath G, Sadre R, Morariu C, Pras A, Stiller B (2010) An overview of IP flow-based intrusion detection. IEEE Commun Surv Tutorials 12:343–356CrossRef
8.
Zurück zum Zitat Modi C, Patel D, Borisaniya B, Patel H, Patel A, Rajarajan M (2013) A survey of intrusion detection techniques in cloud. J Netw Comput Appl 36:42–57CrossRef Modi C, Patel D, Borisaniya B, Patel H, Patel A, Rajarajan M (2013) A survey of intrusion detection techniques in cloud. J Netw Comput Appl 36:42–57CrossRef
9.
Zurück zum Zitat Ferrag MA, Maglaras LA, Janicke H, Jiang J, Shu L (2017) Authentication protocols for internet of things: a comprehensive survey. Secur Commun Netw 2017:41 ppCrossRef Ferrag MA, Maglaras LA, Janicke H, Jiang J, Shu L (2017) Authentication protocols for internet of things: a comprehensive survey. Secur Commun Netw 2017:41 ppCrossRef
10.
Zurück zum Zitat Ferrag MA, Maglaras LA, Janicke H, Jiang J, Shu L (2018) A systematic review of data protection and privacy preservation schemes for smart grid communications. Sustain Cities Soc 38:806–835CrossRef Ferrag MA, Maglaras LA, Janicke H, Jiang J, Shu L (2018) A systematic review of data protection and privacy preservation schemes for smart grid communications. Sustain Cities Soc 38:806–835CrossRef
11.
Zurück zum Zitat Ferrag MA, Maglaras L, Ahmim A (2017) Privacy-preserving schemes for ad hoc social networks: a survey. IEEE Commun Surv Tutorials 19:3015–3045CrossRef Ferrag MA, Maglaras L, Ahmim A (2017) Privacy-preserving schemes for ad hoc social networks: a survey. IEEE Commun Surv Tutorials 19:3015–3045CrossRef
12.
Zurück zum Zitat Butun I, Morgera SD, Sankar R (2014) A survey of intrusion detection systems in wireless sensor networks. IEEE Commun Surv Tutorials 16:266–282CrossRef Butun I, Morgera SD, Sankar R (2014) A survey of intrusion detection systems in wireless sensor networks. IEEE Commun Surv Tutorials 16:266–282CrossRef
13.
Zurück zum Zitat Vasilomanolakis E, Karuppayah S, Mühlhäuser M, Fischer M (2015) Taxonomy and survey of collaborative intrusion detection. ACM Comput Surv 47:55CrossRef Vasilomanolakis E, Karuppayah S, Mühlhäuser M, Fischer M (2015) Taxonomy and survey of collaborative intrusion detection. ACM Comput Surv 47:55CrossRef
14.
Zurück zum Zitat Milenkoski A, Vieira M, Kounev S, Avritzer A, Payne BD (2015) Evaluating computer intrusion detection systems: a survey of common practices. ACM Comput Surv 48:12CrossRef Milenkoski A, Vieira M, Kounev S, Avritzer A, Payne BD (2015) Evaluating computer intrusion detection systems: a survey of common practices. ACM Comput Surv 48:12CrossRef
15.
Zurück zum Zitat Buczak AL, Guven E (2016) A survey of data mining and machine learning methods for cyber security intrusion detection. IEEE Commun Surv Tutorials 18:1153–1176CrossRef Buczak AL, Guven E (2016) A survey of data mining and machine learning methods for cyber security intrusion detection. IEEE Commun Surv Tutorials 18:1153–1176CrossRef
16.
Zurück zum Zitat Ahmed M, Mahmood AN, Hu J (2016) A survey of network anomaly detection techniques. J Netw Comput Appl 60:19–31CrossRef Ahmed M, Mahmood AN, Hu J (2016) A survey of network anomaly detection techniques. J Netw Comput Appl 60:19–31CrossRef
17.
Zurück zum Zitat Sharafaldin I, Lashkari AH, Ghorbani AA (2018) Toward generating a new intrusion detection dataset and intrusion traffic characterization. In: ICISSP, pp 108–116 Sharafaldin I, Lashkari AH, Ghorbani AA (2018) Toward generating a new intrusion detection dataset and intrusion traffic characterization. In: ICISSP, pp 108–116
18.
Zurück zum Zitat Cannady J (1998) Artificial neural networks for misuse detection. In: National information systems security conference, Baltimore, vol. 26 Cannady J (1998) Artificial neural networks for misuse detection. In: National information systems security conference, Baltimore, vol. 26
19.
Zurück zum Zitat Lippmann RP, Cunningham RK (2000) Improving intrusion detection performance using keyword selection and neural networks. Comput Netw 34:597–603CrossRef Lippmann RP, Cunningham RK (2000) Improving intrusion detection performance using keyword selection and neural networks. Comput Netw 34:597–603CrossRef
20.
Zurück zum Zitat Bivens A, Palagiri C, Smith R, Szymanski B, Embrechts M, et al (2002) Network-based intrusion detection using neural networks. In: Intelligent engineering systems through artificial neural networks, vol 12, pp 579–584 Bivens A, Palagiri C, Smith R, Szymanski B, Embrechts M, et al (2002) Network-based intrusion detection using neural networks. In: Intelligent engineering systems through artificial neural networks, vol 12, pp 579–584
21.
Zurück zum Zitat Kruegel C, Mutz D, Robertson W, Valeur F (2003) Bayesian event classification for intrusion detection. In: 19th annual computer security applications conference, 2003. Proceedings. IEEE, Piscataway, pp 14–23CrossRef Kruegel C, Mutz D, Robertson W, Valeur F (2003) Bayesian event classification for intrusion detection. In: 19th annual computer security applications conference, 2003. Proceedings. IEEE, Piscataway, pp 14–23CrossRef
22.
Zurück zum Zitat Kruegel C, Toth T (2003) Using decision trees to improve signature-based intrusion detection. In: International workshop on recent advances in intrusion detection. Springer, Berlin, pp 173–191CrossRef Kruegel C, Toth T (2003) Using decision trees to improve signature-based intrusion detection. In: International workshop on recent advances in intrusion detection. Springer, Berlin, pp 173–191CrossRef
23.
Zurück zum Zitat Benferhat S, Kenaza T, Mokhtari A (2008) A naive Bayes approach for detecting coordinated attacks. In: 2008 32nd annual IEEE international computer software and applications conference. IEEE, Piscataway, pp 704–709CrossRef Benferhat S, Kenaza T, Mokhtari A (2008) A naive Bayes approach for detecting coordinated attacks. In: 2008 32nd annual IEEE international computer software and applications conference. IEEE, Piscataway, pp 704–709CrossRef
24.
Zurück zum Zitat Apiletti D, Baralis E, Cerquitelli T, DElia V (2009) Characterizing network traffic by means of the NetMine framework. Comput Netw 53:774–789CrossRef Apiletti D, Baralis E, Cerquitelli T, DElia V (2009) Characterizing network traffic by means of the NetMine framework. Comput Netw 53:774–789CrossRef
25.
Zurück zum Zitat Amiri F, Yousefi MR, Lucas C, Shakery A, Yazdani N (2011) Mutual information-based feature selection for intrusion detection systems. J Netw Comput Appl 34:1184–1199CrossRef Amiri F, Yousefi MR, Lucas C, Shakery A, Yazdani N (2011) Mutual information-based feature selection for intrusion detection systems. J Netw Comput Appl 34:1184–1199CrossRef
26.
Zurück zum Zitat Brahmi H, Brahmi I, Yahia SB (2012) OMC-IDS: at the cross-roads of OLAP mining and intrusion detection. In: Pacific-Asia conference on knowledge discovery and data mining. Springer, Berlin, pp 13–24CrossRef Brahmi H, Brahmi I, Yahia SB (2012) OMC-IDS: at the cross-roads of OLAP mining and intrusion detection. In: Pacific-Asia conference on knowledge discovery and data mining. Springer, Berlin, pp 13–24CrossRef
27.
Zurück zum Zitat Li Y, Xia J, Zhang S, Yan J, Ai X, Dai K (2012) An efficient intrusion detection system based on support vector machines and gradually feature removal method. Expert Syst Appl 39:424–430CrossRef Li Y, Xia J, Zhang S, Yan J, Ai X, Dai K (2012) An efficient intrusion detection system based on support vector machines and gradually feature removal method. Expert Syst Appl 39:424–430CrossRef
28.
Zurück zum Zitat Bilge L, Sen S, Balzarotti D, Kirda E, Kruegel C (2014) Exposure: a passive DNS analysis service to detect and report malicious domains. ACM Trans Inf Syst Secur 16:14CrossRef Bilge L, Sen S, Balzarotti D, Kirda E, Kruegel C (2014) Exposure: a passive DNS analysis service to detect and report malicious domains. ACM Trans Inf Syst Secur 16:14CrossRef
29.
Zurück zum Zitat Aljawarneh S, Aldwairi M, Yassein MB (2018) Anomaly-based intrusion detection system through feature selection analysis and building hybrid efficient model. J Comput Sci 25:152–160CrossRef Aljawarneh S, Aldwairi M, Yassein MB (2018) Anomaly-based intrusion detection system through feature selection analysis and building hybrid efficient model. J Comput Sci 25:152–160CrossRef
30.
Zurück zum Zitat Ahmim A, Maglaras L, Ferrag MA, Derdour M, Janicke H (2018) A novel hierarchical intrusion detection system based on decision tree and rules-based models. Preprint arXiv:1812.09059 Ahmim A, Maglaras L, Ferrag MA, Derdour M, Janicke H (2018) A novel hierarchical intrusion detection system based on decision tree and rules-based models. Preprint arXiv:1812.09059
Metadaten
Titel
Taxonomy of Supervised Machine Learning for Intrusion Detection Systems
verfasst von
Ahmed Ahmim
Mohamed Amine Ferrag
Leandros Maglaras
Makhlouf Derdour
Helge Janicke
George Drivas
Copyright-Jahr
2020
DOI
https://doi.org/10.1007/978-3-030-36126-6_69