Abstract
Computer networks play an important role in modern industrial environments, as many of their areas heavily depend on continued operation and availability of provided network services. However, the network itself faces many security challenges in the form of various massive attacks that prevent its usage and yearly cause huge financial losses. The most widespread examples of such devastating attacks are the Denial of Service (DoS) and Distributed DoS attacks (DDoS). This paper is focusing on the analysis of detection methods that eliminate attacks impact. The paper introduces challenges of the current network based intrusion detection systems (NIDS) from distinct perspectives. Its primary focus is on the general functionality of selected detection methods, their categorization and following proposal of some potential improvements. Considering the requirements on present and future NIDS, we emphasize the application of machine learning (ML). The paper analyzes the state of research of four particular ML techniques regarding their success in implementation as NIDS – Bayesian Networks (BN), Support Vector Machines (SVM), Artificial Neural Networks (ANN) and Self-organizing Maps (SOM). The analysis reveals various drawbacks and benefits of the individual methods. Its purpose lies in the discovery of current trends showing a direction of the future research, which may possibly lead to the overall design improvement of new methods. The output of our research summarizes trends in the form of trends list and their influence on our future research.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Douligeris, C., Mitrokotsa, A.: DDoS attacks and defense mechanisms: classification and state-of-the-art. Comput. Netw. 44(5), 643–666 (2004). https://doi.org/10.1016/j.comnet.2003.10.003
Handley, M.J., Rescorla, E.: RFC 4732 - Internet Denial-of-Service Considerations, pp. 1–38 (2006)
Zlomisli, V., Fertalj, K., Vlado, S.: Denial of service attacks : an overview. In: 2014 9th Iberian Conference on Information Systems and Technologies (CISTI) (2014). https://doi.org/10.1109/cisti.2014.6876979
Neustar: Worldwide DDoS Attacks & Protection Report (2016)
Neustar: The threatscape widens: DDoS aggression and the evolution of IoT risks (2016)
Holmes, D.: 2016 DDoS Attack Trends (2016)
Geva, M., Herzberg, A., Gev, Y.: Bandwidth distributed denial of service: attacks and defenses. IEEE Secur. Priv. 12(1), 54–61 (2014). https://doi.org/10.1109/MSP.2013.55
Dua, S., Du, X.: Data Mining and Machine Learning in Cybersecurity, 1st edn, p. 256. Auerbach Publications, Boca Raton (2011). ISBN: 9781439839423
Bhattacharyya, D.K., Kalita, J.K.: Network Anomaly Detection: A Machine Learning Perspective, p. 366. Chapman and Hall/CRC, Boca Raton (2013). ISBN: 9781466582088
Singh, M.D.: Analysis of host-based and network-based intrusion detection system. Int. J. Comput. Netw. Inf. Secur. 8(8), 41–47 (2014). https://doi.org/10.5815/ijcnis.2014.08.06
Letou, K., Devi, D., Singh, Y.J.: Host-based intrusion detection and prevention system (HIDPS). Int. J. Comput. Appl. 69(26), 28–33 (2013). https://doi.org/10.5120/12136-8419
Gerhards, R.: RFC 5424 - The Syslog Protocol (2009)
Creech, G., Hu, J.: A semantic approach to host-based intrusion detection systems using contiguousand discontiguous system call patterns. IEEE Trans. Comput. (2014). https://doi.org/10.1109/tc.2013.13
Pearl, J.: Fusion, propagation, and structuring in belief networks. Artif. Intell. 29(3), 241–288 (1986). https://doi.org/10.1016/0004-3702(86)90072-X
Vijaykumar, B., Vikramkumar, Trilochan: Bayes and Naive Bayes Classifier. arXiv (2014)
Cortes, C., Vapnik, V.: Support-vector networks. Mach. Learn. 20(3), 273–297 (1995). https://doi.org/10.1023/a:1022627411411. ISSN: 1573-0565
Kohonen, T.: The self-organizing map. Proc. IEEE 78(9), 1464–1480 (1990). https://doi.org/10.1109/5.58325
Patel, K.K., Buddhadev, B.V.: Machine learning based research for network intrusion detection: a state-of-the-art. Int. J. Inf. Netw. Secur. 3(3), 31–50 (2014). https://doi.org/10.11591/ijins.v3i3.6222
Vijayasarathy, R.: A systems approach to network modelling for DDoS detection using Naive Bayes classifier. In: Communication Systems and Networks (COMSNETS). IEEE, January 2011
Kumar, G., Kumar, K.: Design of an evolutionary approach for intrusion detection. Sci. World J. 2013, 14 (2013). https://doi.org/10.1155/2013/962185
Thottan, M.: Anomaly detection in IP networks. IEEE Trans. Signal Process. 51(8), 2191–2204 (2003). https://doi.org/10.1109/TSP.2003.814797
Alkasassbeh, M., Al-Naymat, G., Hassanat, A.B.A., Almseidin, M.: Detecting distributed denial of service attacks using data mining techniques. Int. J. Adv. Comput. Sci. Appl. 7(1), 436–445 (2016). https://doi.org/10.14569/ijacsa.2016.070159
Chandola, V., Banerjee, A., Kumar, V.: Anomaly detection. ACM Comput. Surv. 41(3), 1–58 (2009). https://doi.org/10.1145/1541880.1541882
Osareh, A., Shadgar, B.: Intrusion detection in computer networks based on machine learning algorithms. Ijcsns 8(11), 15 (2008)
Kim, G., Lee, S., Kim, S.: A novel hybrid intrusion detection method integrating anomaly detection with misuse detection. Expert Syst. Appl. 41(4), 1690–1700 (2014). https://doi.org/10.1016/j.eswa.2013.08.066. PART 2
Erfani, S.M., Rajasegarar, S., Karunasekera, S., Leckie, C.: High-dimensional and large-scale anomaly detection using a linear one-class SVM with deep learning. Pattern Recognit. 58, 121–134 (2016). https://doi.org/10.1016/j.patcog.2016.03.028
She, C., Wen, W., Lin, Z., Zheng, K.: Application-Layer DDOS Detection Based on a One-Class Support Vector Machine. Int. J. Netw. Secur. Appl. 9(1), 13–24 (2017). https://doi.org/10.5121/ijnsa.2017.9102
Alfantookh, A.A.: DoS attacks intelligent detection using neural networks. J. King Saud Univ. Comput. Inf. Sci. 18, 31–51 (2006). https://doi.org/10.1016/S1319-1578(06)80002-9
Javidi, M.M., Nattaj, M.H.: A new and quick method to detect DoS attacks by neural networks. J. Math. Comput. Sci. 6, 85–96 (2013)
Tang, T.A., Mhamdi, L., McLernon, D., Zaidi, S.A.R., Ghogho, M.: Deep learning approach for network intrusion detection in software defined networking. In: 2016 International Conference on Wireless Networks and Mobile Communications (WINCOM), pp. 258–263 (2016). https://doi.org/10.1109/wincom.2016.7777224
Garcia, M.A., Trinh, T.: Detecting simulated attacks in computer networks using resilient propagation artificial neural networks. Polibits 51, 5–10 (2015). https://doi.org/10.17562/PB-51-1
Wei, M., Su, J., Jin, J., Wang, L.: Research on intrusion detection system based on BP neural network, vol. 270. LNEE, vol. 1, pp. 657–663 (2014). https://doi.org/10.1007/978-3-642-40618-8_85
Li, J., Liu, Y., Gu, L.: DDoS attack detection based on neural network. In: 2010 2nd International Symposium on Aware Computing (ISAC), pp. 196–199 (2010). https://doi.org/10.1109/isac.2010.5670479
Mitrokotsa, A., Douligeris, C.: Detecting denial of service attacks using emergent self-organizing maps. In: Proceedings of the Fifth IEEE International Symposium on Signal Processing and Information Technology, vol. 2005, pp. 375–380 (2005). https://doi.org/10.1109/isspit.2005.1577126
Pan, W., Li, W.: A hybrid neural network approach to the classification of novel attacks for intrusion detection. In: Pan, Y., Chen, D., Guo, M., Cao, J., Dongarra, J. (eds.) ISPA 2005. LNCS, vol. 3758, pp. 564–575. Springer, Heidelberg (2005). https://doi.org/10.1007/11576235_58. ISBN: 978-3-540-32100-2
Wang, C., Yu, H., Wang, H., Liu, K.: SOM-based anomaly intrusion detection system. In: Kuo, T.-W., Sha, E., Guo, M., Yang, Laurence T., Shao, Z. (eds.) EUC 2007. LNCS, vol. 4808, pp. 356–366. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-77092-3_31. ISBN: 978-3-540-77092-3
Jiang, D., Yang, Y., Xia, M.: Research on intrusion detection based on an improved SOM neural network. In: 2009 Fifth International Conference on Information Assurance and Security, pp. 400–403 (2009). https://doi.org/10.1109/ias.2009.247
Choksi, K., Shah, B., Ompriya Kale, A.: Intrusion detection system using self organizing map: a survey. J. Eng. Res. Appl. 4(4), 11 (2014). www.ijera.com. ISSN: 2248-9622
Kim, M., Jung, S., Park, M.: A distributed self-organizing map for DoS attack detection. In: 2015 Seventh International Conference on Ubiquitous and Future Networks, pp. 19–22. IEEE (2015). https://doi.org/10.1109/icufn.2015.7182487
Behal, S., Kumar, K.: Trends in validation of DDoS research. Procedia Comput. Sci. 85, 7–15 (2016). https://doi.org/10.1016/j.procs.2016.05.170
Tavallaee, M., Bagheri, E., Lu, W., Ghorbani, A.A.: A detailed analysis of the KDD CUP 99 data set. In: IEEE Symposium on Computational Intelligence for Security and Defense Applications CISDA 2009, no. Cisda, pp. 1–6 (2009). https://doi.org/10.1109/cisda.2009.5356528
The CAIDA UCSD ‘DDoS Attack 2007’ Dataset. http://www.caida.org/data/passive/ddos-20070804_dataset.xml
DARPA Scalable Network Monitoring (SNM) Program Traffic. https://impactcybertrust.org/dataset_view?idDataset=303
Gogoi, P. Bhuyan, M.H., Bhattacharyya, D.K., Kalita, J.K.: Packet and flow based network intrusion dataset. Contemp. Comput., 322–334 (2012). https://doi.org/10.1007/978-3-642-32129-0_34. ISBN 978-3-642-32129-0
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG, part of Springer Nature
About this paper
Cite this paper
Hrabovsky, J., Segec, P., Moravcik, M., Papan, J. (2018). Trends in Application of Machine Learning to Network-Based Intrusion Detection Systems. In: Hodoň, M., Eichler, G., Erfurth, C., Fahrnberger, G. (eds) Innovations for Community Services. I4CS 2018. Communications in Computer and Information Science, vol 863. Springer, Cham. https://doi.org/10.1007/978-3-319-93408-2_16
Download citation
DOI: https://doi.org/10.1007/978-3-319-93408-2_16
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-93407-5
Online ISBN: 978-3-319-93408-2
eBook Packages: Computer ScienceComputer Science (R0)