Skip to main content
SpringerLink
Log in

Taxonomy of Supervised Machine Learning for Intrusion Detection Systems

  • Conference paper
  • First Online:
Strategic Innovative Marketing and Tourism

Part of the book series: Springer Proceedings in Business and Economics ((SPBE))

Abstract

This paper presents a taxonomy of supervised machine learning techniques for intrusion detection systems (IDSs). Firstly, detailed information about related studies is provided. Secondly, a brief review of public data sets is provided, which are used in experiments and frequently cited in publications, including, IDEVAL, KDD CUP 1999, UNM Send-Mail Data, NSL-KDD, and CICIDS2017. Thirdly, IDSs based on supervised machine learning are presented. Finally, analysis and comparison of each IDS along with their pros and cons are provided.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 299.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 379.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 379.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Death D (2017) Information security handbook: develop a threat model and incident response strategy to build a strong information security framework. Packt Publishing Ltd., Birmingham

    Google Scholar 

  2. Maglaras LA, Jiang J (2014) Intrusion detection in SCADA systems using machine learning techniques. In: 2014 science and information conference. IEEE, Piscataway, pp 626–631

    Chapter  Google Scholar 

  3. European Union Agency for Network and Information Security (2018) ENISA threat landscape report 2018

    Google Scholar 

  4. Garcia-Teodoro P, Diaz-Verdejo J, Maciá-Fernández G, Vázquez E (2009) Anomaly-based network intrusion detection: techniques, systems and challenges. Comput Secur 28:18–28

    Article  Google Scholar 

  5. Zhou CV, Leckie C, Karunasekera S (2010) A survey of coordinated attacks and collaborative intrusion detection. Comput Secur 29:124–140

    Article  Google Scholar 

  6. Elshoush HT, Osman IM (2011) Alert correlation in collaborative intelligent intrusion detection systems - a survey. Appl Soft Comput 11:4349–4365

    Article  Google Scholar 

  7. Sperotto A, Schaffrath G, Sadre R, Morariu C, Pras A, Stiller B (2010) An overview of IP flow-based intrusion detection. IEEE Commun Surv Tutorials 12:343–356

    Article  Google Scholar 

  8. Modi C, Patel D, Borisaniya B, Patel H, Patel A, Rajarajan M (2013) A survey of intrusion detection techniques in cloud. J Netw Comput Appl 36:42–57

    Article  Google Scholar 

  9. Ferrag MA, Maglaras LA, Janicke H, Jiang J, Shu L (2017) Authentication protocols for internet of things: a comprehensive survey. Secur Commun Netw 2017:41 pp

    Article  Google Scholar 

  10. Ferrag MA, Maglaras LA, Janicke H, Jiang J, Shu L (2018) A systematic review of data protection and privacy preservation schemes for smart grid communications. Sustain Cities Soc 38:806–835

    Article  Google Scholar 

  11. Ferrag MA, Maglaras L, Ahmim A (2017) Privacy-preserving schemes for ad hoc social networks: a survey. IEEE Commun Surv Tutorials 19:3015–3045

    Article  Google Scholar 

  12. Butun I, Morgera SD, Sankar R (2014) A survey of intrusion detection systems in wireless sensor networks. IEEE Commun Surv Tutorials 16:266–282

    Article  Google Scholar 

  13. Vasilomanolakis E, Karuppayah S, Mühlhäuser M, Fischer M (2015) Taxonomy and survey of collaborative intrusion detection. ACM Comput Surv 47:55

    Article  Google Scholar 

  14. Milenkoski A, Vieira M, Kounev S, Avritzer A, Payne BD (2015) Evaluating computer intrusion detection systems: a survey of common practices. ACM Comput Surv 48:12

    Article  Google Scholar 

  15. Buczak AL, Guven E (2016) A survey of data mining and machine learning methods for cyber security intrusion detection. IEEE Commun Surv Tutorials 18:1153–1176

    Article  Google Scholar 

  16. Ahmed M, Mahmood AN, Hu J (2016) A survey of network anomaly detection techniques. J Netw Comput Appl 60:19–31

    Article  Google Scholar 

  17. Sharafaldin I, Lashkari AH, Ghorbani AA (2018) Toward generating a new intrusion detection dataset and intrusion traffic characterization. In: ICISSP, pp 108–116

    Google Scholar 

  18. Cannady J (1998) Artificial neural networks for misuse detection. In: National information systems security conference, Baltimore, vol. 26

    Google Scholar 

  19. Lippmann RP, Cunningham RK (2000) Improving intrusion detection performance using keyword selection and neural networks. Comput Netw 34:597–603

    Article  Google Scholar 

  20. Bivens A, Palagiri C, Smith R, Szymanski B, Embrechts M, et al (2002) Network-based intrusion detection using neural networks. In: Intelligent engineering systems through artificial neural networks, vol 12, pp 579–584

    Google Scholar 

  21. Kruegel C, Mutz D, Robertson W, Valeur F (2003) Bayesian event classification for intrusion detection. In: 19th annual computer security applications conference, 2003. Proceedings. IEEE, Piscataway, pp 14–23

    Chapter  Google Scholar 

  22. Kruegel C, Toth T (2003) Using decision trees to improve signature-based intrusion detection. In: International workshop on recent advances in intrusion detection. Springer, Berlin, pp 173–191

    Chapter  Google Scholar 

  23. Benferhat S, Kenaza T, Mokhtari A (2008) A naive Bayes approach for detecting coordinated attacks. In: 2008 32nd annual IEEE international computer software and applications conference. IEEE, Piscataway, pp 704–709

    Chapter  Google Scholar 

  24. Apiletti D, Baralis E, Cerquitelli T, DElia V (2009) Characterizing network traffic by means of the NetMine framework. Comput Netw 53:774–789

    Article  Google Scholar 

  25. Amiri F, Yousefi MR, Lucas C, Shakery A, Yazdani N (2011) Mutual information-based feature selection for intrusion detection systems. J Netw Comput Appl 34:1184–1199

    Article  Google Scholar 

  26. Brahmi H, Brahmi I, Yahia SB (2012) OMC-IDS: at the cross-roads of OLAP mining and intrusion detection. In: Pacific-Asia conference on knowledge discovery and data mining. Springer, Berlin, pp 13–24

    Chapter  Google Scholar 

  27. Li Y, Xia J, Zhang S, Yan J, Ai X, Dai K (2012) An efficient intrusion detection system based on support vector machines and gradually feature removal method. Expert Syst Appl 39:424–430

    Article  Google Scholar 

  28. Bilge L, Sen S, Balzarotti D, Kirda E, Kruegel C (2014) Exposure: a passive DNS analysis service to detect and report malicious domains. ACM Trans Inf Syst Secur 16:14

    Article  Google Scholar 

  29. Aljawarneh S, Aldwairi M, Yassein MB (2018) Anomaly-based intrusion detection system through feature selection analysis and building hybrid efficient model. J Comput Sci 25:152–160

    Article  Google Scholar 

  30. Ahmim A, Maglaras L, Ferrag MA, Derdour M, Janicke H (2018) A novel hierarchical intrusion detection system based on decision tree and rules-based models. Preprint arXiv:1812.09059

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Larbi Tebessi, Tebessa, Algeria

    Ahmed Ahmim & Makhlouf Derdour

  2. Guelma University, Guelma, Algeria

    Mohamed Amine Ferrag

  3. De Montfort University, Leicester, UK

    Leandros Maglaras & Helge Janicke

  4. National Cyber Security Authority, General Secretariat of Digital Policy, Ministry of Digital Policy, Telecommunications and Media, Athens, Greece

    Leandros Maglaras & George Drivas

  5. Department of Digital Systems, University of Piraeus, Piraeus, Greece

    George Drivas

Authors
  1. Ahmed Ahmim
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mohamed Amine Ferrag
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Leandros Maglaras
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Makhlouf Derdour
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Helge Janicke
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. George Drivas
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Leandros Maglaras .

Editor information

Editors and Affiliations

  1. Department of Business Administration, University of West Attica, Aigaleo, Greece

    Androniki Kavoura

  2. Department of Business Administration, State University of New York at Oswego, Oswego, NY, USA

    Efstathios Kefallonitis

  3. Department of Business Administration of Food and Agricultural Enterprises, University of Patras, Agrinio, Greece

    Prokopios Theodoridis

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Ahmim, A., Ferrag, M.A., Maglaras, L., Derdour, M., Janicke, H., Drivas, G. (2020). Taxonomy of Supervised Machine Learning for Intrusion Detection Systems. In: Kavoura, A., Kefallonitis, E., Theodoridis, P. (eds) Strategic Innovative Marketing and Tourism. Springer Proceedings in Business and Economics. Springer, Cham. https://doi.org/10.1007/978-3-030-36126-6_69

Download citation

Publish with us

Policies and ethics

Search

Navigation