Skip to main content
SpringerLink
Log in

Trends in Application of Machine Learning to Network-Based Intrusion Detection Systems

  • Conference paper
  • First Online:
Innovations for Community Services (I4CS 2018)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 863))

Included in the following conference series:

Abstract

Computer networks play an important role in modern industrial environments, as many of their areas heavily depend on continued operation and availability of provided network services. However, the network itself faces many security challenges in the form of various massive attacks that prevent its usage and yearly cause huge financial losses. The most widespread examples of such devastating attacks are the Denial of Service (DoS) and Distributed DoS attacks (DDoS). This paper is focusing on the analysis of detection methods that eliminate attacks impact. The paper introduces challenges of the current network based intrusion detection systems (NIDS) from distinct perspectives. Its primary focus is on the general functionality of selected detection methods, their categorization and following proposal of some potential improvements. Considering the requirements on present and future NIDS, we emphasize the application of machine learning (ML). The paper analyzes the state of research of four particular ML techniques regarding their success in implementation as NIDS – Bayesian Networks (BN), Support Vector Machines (SVM), Artificial Neural Networks (ANN) and Self-organizing Maps (SOM). The analysis reveals various drawbacks and benefits of the individual methods. Its purpose lies in the discovery of current trends showing a direction of the future research, which may possibly lead to the overall design improvement of new methods. The output of our research summarizes trends in the form of trends list and their influence on our future research.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Douligeris, C., Mitrokotsa, A.: DDoS attacks and defense mechanisms: classification and state-of-the-art. Comput. Netw. 44(5), 643–666 (2004). https://doi.org/10.1016/j.comnet.2003.10.003

    Article  Google Scholar 

  2. Handley, M.J., Rescorla, E.: RFC 4732 - Internet Denial-of-Service Considerations, pp. 1–38 (2006)

    Google Scholar 

  3. Zlomisli, V., Fertalj, K., Vlado, S.: Denial of service attacks : an overview. In: 2014 9th Iberian Conference on Information Systems and Technologies (CISTI) (2014). https://doi.org/10.1109/cisti.2014.6876979

  4. Neustar: Worldwide DDoS Attacks & Protection Report (2016)

    Google Scholar 

  5. Neustar: The threatscape widens: DDoS aggression and the evolution of IoT risks (2016)

    Google Scholar 

  6. Holmes, D.: 2016 DDoS Attack Trends (2016)

    Google Scholar 

  7. Geva, M., Herzberg, A., Gev, Y.: Bandwidth distributed denial of service: attacks and defenses. IEEE Secur. Priv. 12(1), 54–61 (2014). https://doi.org/10.1109/MSP.2013.55

    Article  Google Scholar 

  8. Dua, S., Du, X.: Data Mining and Machine Learning in Cybersecurity, 1st edn, p. 256. Auerbach Publications, Boca Raton (2011). ISBN: 9781439839423

    Book  Google Scholar 

  9. Bhattacharyya, D.K., Kalita, J.K.: Network Anomaly Detection: A Machine Learning Perspective, p. 366. Chapman and Hall/CRC, ‎Boca Raton (2013). ISBN: 9781466582088

    Google Scholar 

  10. Singh, M.D.: Analysis of host-based and network-based intrusion detection system. Int. J. Comput. Netw. Inf. Secur. 8(8), 41–47 (2014). https://doi.org/10.5815/ijcnis.2014.08.06

    Article  Google Scholar 

  11. Letou, K., Devi, D., Singh, Y.J.: Host-based intrusion detection and prevention system (HIDPS). Int. J. Comput. Appl. 69(26), 28–33 (2013). https://doi.org/10.5120/12136-8419

    Article  Google Scholar 

  12. Gerhards, R.: RFC 5424 - The Syslog Protocol (2009)

    Google Scholar 

  13. Creech, G., Hu, J.: A semantic approach to host-based intrusion detection systems using contiguousand discontiguous system call patterns. IEEE Trans. Comput. (2014). https://doi.org/10.1109/tc.2013.13

  14. Pearl, J.: Fusion, propagation, and structuring in belief networks. Artif. Intell. 29(3), 241–288 (1986). https://doi.org/10.1016/0004-3702(86)90072-X

    Article  MathSciNet  MATH  Google Scholar 

  15. Vijaykumar, B., Vikramkumar, Trilochan: Bayes and Naive Bayes Classifier. arXiv (2014)

    Google Scholar 

  16. Cortes, C., Vapnik, V.: Support-vector networks. Mach. Learn. 20(3), 273–297 (1995). https://doi.org/10.1023/a:1022627411411. ISSN: 1573-0565

    Article  MATH  Google Scholar 

  17. Kohonen, T.: The self-organizing map. Proc. IEEE 78(9), 1464–1480 (1990). https://doi.org/10.1109/5.58325

    Article  Google Scholar 

  18. Patel, K.K., Buddhadev, B.V.: Machine learning based research for network intrusion detection: a state-of-the-art. Int. J. Inf. Netw. Secur. 3(3), 31–50 (2014). https://doi.org/10.11591/ijins.v3i3.6222

    Article  Google Scholar 

  19. Vijayasarathy, R.: A systems approach to network modelling for DDoS detection using Naive Bayes classifier. In: Communication Systems and Networks (COMSNETS). IEEE, January 2011

    Google Scholar 

  20. Kumar, G., Kumar, K.: Design of an evolutionary approach for intrusion detection. Sci. World J. 2013, 14 (2013). https://doi.org/10.1155/2013/962185

    Article  Google Scholar 

  21. Thottan, M.: Anomaly detection in IP networks. IEEE Trans. Signal Process. 51(8), 2191–2204 (2003). https://doi.org/10.1109/TSP.2003.814797

    Article  Google Scholar 

  22. Alkasassbeh, M., Al-Naymat, G., Hassanat, A.B.A., Almseidin, M.: Detecting distributed denial of service attacks using data mining techniques. Int. J. Adv. Comput. Sci. Appl. 7(1), 436–445 (2016). https://doi.org/10.14569/ijacsa.2016.070159

    Article  Google Scholar 

  23. Chandola, V., Banerjee, A., Kumar, V.: Anomaly detection. ACM Comput. Surv. 41(3), 1–58 (2009). https://doi.org/10.1145/1541880.1541882

    Article  Google Scholar 

  24. Osareh, A., Shadgar, B.: Intrusion detection in computer networks based on machine learning algorithms. Ijcsns 8(11), 15 (2008)

    Google Scholar 

  25. Kim, G., Lee, S., Kim, S.: A novel hybrid intrusion detection method integrating anomaly detection with misuse detection. Expert Syst. Appl. 41(4), 1690–1700 (2014). https://doi.org/10.1016/j.eswa.2013.08.066. PART 2

    Article  Google Scholar 

  26. Erfani, S.M., Rajasegarar, S., Karunasekera, S., Leckie, C.: High-dimensional and large-scale anomaly detection using a linear one-class SVM with deep learning. Pattern Recognit. 58, 121–134 (2016). https://doi.org/10.1016/j.patcog.2016.03.028

    Article  Google Scholar 

  27. She, C., Wen, W., Lin, Z., Zheng, K.: Application-Layer DDOS Detection Based on a One-Class Support Vector Machine. Int. J. Netw. Secur. Appl. 9(1), 13–24 (2017). https://doi.org/10.5121/ijnsa.2017.9102

    Article  Google Scholar 

  28. Alfantookh, A.A.: DoS attacks intelligent detection using neural networks. J. King Saud Univ. Comput. Inf. Sci. 18, 31–51 (2006). https://doi.org/10.1016/S1319-1578(06)80002-9

    Article  Google Scholar 

  29. Javidi, M.M., Nattaj, M.H.: A new and quick method to detect DoS attacks by neural networks. J. Math. Comput. Sci. 6, 85–96 (2013)

    Google Scholar 

  30. Tang, T.A., Mhamdi, L., McLernon, D., Zaidi, S.A.R., Ghogho, M.: Deep learning approach for network intrusion detection in software defined networking. In: 2016 International Conference on Wireless Networks and Mobile Communications (WINCOM), pp. 258–263 (2016). https://doi.org/10.1109/wincom.2016.7777224

  31. Garcia, M.A., Trinh, T.: Detecting simulated attacks in computer networks using resilient propagation artificial neural networks. Polibits 51, 5–10 (2015). https://doi.org/10.17562/PB-51-1

    Article  Google Scholar 

  32. Wei, M., Su, J., Jin, J., Wang, L.: Research on intrusion detection system based on BP neural network, vol. 270. LNEE, vol. 1, pp. 657–663 (2014). https://doi.org/10.1007/978-3-642-40618-8_85

    Google Scholar 

  33. Li, J., Liu, Y., Gu, L.: DDoS attack detection based on neural network. In: 2010 2nd International Symposium on Aware Computing (ISAC), pp. 196–199 (2010). https://doi.org/10.1109/isac.2010.5670479

  34. Mitrokotsa, A., Douligeris, C.: Detecting denial of service attacks using emergent self-organizing maps. In: Proceedings of the Fifth IEEE International Symposium on Signal Processing and Information Technology, vol. 2005, pp. 375–380 (2005). https://doi.org/10.1109/isspit.2005.1577126

  35. Pan, W., Li, W.: A hybrid neural network approach to the classification of novel attacks for intrusion detection. In: Pan, Y., Chen, D., Guo, M., Cao, J., Dongarra, J. (eds.) ISPA 2005. LNCS, vol. 3758, pp. 564–575. Springer, Heidelberg (2005). https://doi.org/10.1007/11576235_58. ISBN: 978-3-540-32100-2

    Chapter  Google Scholar 

  36. Wang, C., Yu, H., Wang, H., Liu, K.: SOM-based anomaly intrusion detection system. In: Kuo, T.-W., Sha, E., Guo, M., Yang, Laurence T., Shao, Z. (eds.) EUC 2007. LNCS, vol. 4808, pp. 356–366. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-77092-3_31. ISBN: 978-3-540-77092-3

    Chapter  Google Scholar 

  37. Jiang, D., Yang, Y., Xia, M.: Research on intrusion detection based on an improved SOM neural network. In: 2009 Fifth International Conference on Information Assurance and Security, pp. 400–403 (2009). https://doi.org/10.1109/ias.2009.247

  38. Choksi, K., Shah, B., Ompriya Kale, A.: Intrusion detection system using self organizing map: a survey. J. Eng. Res. Appl. 4(4), 11 (2014). www.ijera.com. ISSN: 2248-9622

    Google Scholar 

  39. Kim, M., Jung, S., Park, M.: A distributed self-organizing map for DoS attack detection. In: 2015 Seventh International Conference on Ubiquitous and Future Networks, pp. 19–22. IEEE (2015). https://doi.org/10.1109/icufn.2015.7182487

  40. Behal, S., Kumar, K.: Trends in validation of DDoS research. Procedia Comput. Sci. 85, 7–15 (2016). https://doi.org/10.1016/j.procs.2016.05.170

    Article  Google Scholar 

  41. Tavallaee, M., Bagheri, E., Lu, W., Ghorbani, A.A.: A detailed analysis of the KDD CUP 99 data set. In: IEEE Symposium on Computational Intelligence for Security and Defense Applications CISDA 2009, no. Cisda, pp. 1–6 (2009). https://doi.org/10.1109/cisda.2009.5356528

  42. The CAIDA UCSD ‘DDoS Attack 2007’ Dataset. http://www.caida.org/data/passive/ddos-20070804_dataset.xml

  43. DARPA Scalable Network Monitoring (SNM) Program Traffic. https://impactcybertrust.org/dataset_view?idDataset=303

  44. Gogoi, P. Bhuyan, M.H., Bhattacharyya, D.K., Kalita, J.K.: Packet and flow based network intrusion dataset. Contemp. Comput., 322–334 (2012). https://doi.org/10.1007/978-3-642-32129-0_34. ISBN 978-3-642-32129-0

Download references

Author information

Authors and Affiliations

  1. University of Zilina, 010 26, Zilina, Slovakia

    Jakub Hrabovsky, Pavel Segec, Marek Moravcik & Jozef Papan

Authors
  1. Jakub Hrabovsky
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Pavel Segec
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Marek Moravcik
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jozef Papan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jakub Hrabovsky .

Editor information

Editors and Affiliations

  1. University of Žilina, Žilina, Slovakia

    Michal Hodoň

  2. Telekom Innovation Laboratories, Deutsche Telekom AG, Darmstadt, Hessen, Germany

    Gerald Eichler

  3. EAH Jena, Jena, Germany

    Christian Erfurth

  4. University of Hagen, Hagen, Germany

    Günter Fahrnberger

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer International Publishing AG, part of Springer Nature

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Hrabovsky, J., Segec, P., Moravcik, M., Papan, J. (2018). Trends in Application of Machine Learning to Network-Based Intrusion Detection Systems. In: Hodoň, M., Eichler, G., Erfurth, C., Fahrnberger, G. (eds) Innovations for Community Services. I4CS 2018. Communications in Computer and Information Science, vol 863. Springer, Cham. https://doi.org/10.1007/978-3-319-93408-2_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-93408-2_16

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-93407-5

  • Online ISBN: 978-3-319-93408-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation