Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content

Advertisement

Springer Nature Link
Log in

Intrusion Detection Systems: A State-of-the-Art Taxonomy and Survey

  • Research Article-Computer Engineering and Computer Science
  • Published:
Arabian Journal for Science and Engineering Aims and scope Submit manuscript

Abstract

Intrusion Detection Systems (IDSs) have become essential to the sound operations of networks. These systems have the potential to identify and report deviations from normal behaviors, which is crucial for the sustainability and resilience of networks. A large amount of IDSs have been proposed in the literature, but only few of them found success in real-world environments. This study illustrates a taxonomy and a survey on state-of-the-art intrusion detection systems. It also depicts the characteristics of successful IDSs and sheds light on the gaps that need to be resolved for future IDSs to become fit for deployment in realistic environments.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7

Similar content being viewed by others

Explore related subjects

Discover the latest articles, news and stories from top researchers in related subjects.

Data Availability Statement

This manuscript has no associated data.

Notes

  1. https://cybersecurity.att.com/products/ossim.

  2. https://www.solarwinds.com/security-event-manager/use-cases/intrusion-detection-software.

  3. https://www.crowdstrike.com/products/.

  4. https://www.zscaler.com/products/zscaler-internet-access.

  5. https://www.juniper.net/us/en/products/security/srx-series.html.

  6. https://www.cisco.com/c/en/us/products/security/ngips/index.html.

  7. https://www.snort.org/.

  8. https://www.fireeye.com/.

  9. https://securityonionsolutions.com/.

  10. https://www.snort.org/.

  11. https://zeek.org/.

  12. https://www.paloaltonetworks.com/network-security/next-generation-firewall.

  13. https://www.cisco.com/c/en/us/products/security/ngips/index.html.

  14. https://mgubaidullin.github.io/deeplearning4j-docs/restrictedboltzmannmachine.

  15. https://www.unb.ca/cic/datasets/ids.html.

  16. https://www.caida.org/catalog/datasets/ddos-20070804_dataset/.

  17. https://catalog.caida.org/details/dataset/passive_2016_pcap.

  18. https://www.unb.ca/cic/datasets/nsl.html.

  19. https://github.com/lorenmt/mtan.

  20. https://www.stratosphereips.org/datasets-ctu13.

  21. http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html.

  22. https://www.impactcybertrust.org/dataset_view?idDataset=918.

  23. https://research.unsw.edu.au/projects/bot-iot-dataset.

  24. https://icsdweb.aegean.gr/awid/.

  25. https://sites.google.com/a/hksecurity.net/ocslab/Dataset/CAN-intrusion-dataset.

  26. http://www.fukuda-lab.org/mawilab/data.html.

  27. https://www.netresec.com/?page=pcapfiles.

References

  1. Hajiheidari, S.; Wakil, K.; Badri, M.; Navimipour, N.J.: Intrusion detection systems in the internet of things: a comprehensive investigation. Comput. Netw. 160, 165–191 (2019). https://doi.org/10.1016/j.comnet.2019.05.014

    Article  Google Scholar 

  2. Haseeb, K.; Islam, N.; Almogren, A.; Ud Din, I.: Intrusion prevention framework for secure routing in WSN-based mobile internet of things. IEEE Access 7, 185496–185505 (2019). https://doi.org/10.1109/ACCESS.2019.2960633

    Article  Google Scholar 

  3. Werth, A.; Morris, T.H.: A specification-based intrusion prevention system for malicious payloads. In: Choo, K.-K.R., Morris, T.H., Peterson, G.L. (eds.) National Cyber Summit (NCS) Research Track, pp. 153–168. Springer International Publishing, Cham (2020)

    Google Scholar 

  4. Mishra, P.; Pilli, E.S.; Varadharajan, V.; Tupakula, U.: Intrusion detection techniques in cloud environment: a survey. J. Netw. Comput. Appl. 77, 18–47 (2017). https://doi.org/10.1016/j.jnca.2016.10.015

    Article  Google Scholar 

  5. Young, C.; Zambreno, J.; Olufowobi, H.; Bloom, G.: Survey of automotive controller area network intrusion detection systems. IEEE Design Test 36, 48–55 (2019). https://doi.org/10.1109/MDAT.2019.2899062

    Article  Google Scholar 

  6. Alkadi, O.; Moustafa, N.; Turnbull, B.: A review of intrusion detection and blockchain applications in the cloud: approaches, challenges and solutions. IEEE Access 8, 104893–104917 (2020). https://doi.org/10.1109/ACCESS.2020.2999715

    Article  Google Scholar 

  7. Zhou, J.; Gandomi, A.H.; Chen, F.; Holzinger, A.: Evaluating the quality of machine learning explanations: a survey on methods and metrics. Electronics 10, 593 (2021). https://doi.org/10.3390/electronics10050593

    Article  Google Scholar 

  8. Hossin, M.; Sulaiman, M.N.: A review on evaluation metrics for data classification evaluations. Int. J. Data Min. Knowl. Manag. Process 5, 1 (2015)

    Google Scholar 

  9. He, W.; He, Y.; Li, B.; Zhang, C.: A naive-Bayes-based fault diagnosis approach for analog circuit by using image-oriented feature extraction and selection technique. IEEE Access 8, 5065–5079 (2020). https://doi.org/10.1109/ACCESS.2018.2888950

    Article  Google Scholar 

  10. Halbersberg, D.; Wienreb, M.; Lerner, B.: Joint maximization of accuracy and information for learning the structure of a Bayesian network classifier. Mach. Learn. 109, 1039–1099 (2020). https://doi.org/10.1007/s10994-020-05869-5

    Article  MathSciNet  MATH  Google Scholar 

  11. Tubishat, M.; Alswaitti, M.; Mirjalili, S.; Al-Garadi, M.A.; Alrashdan, M.T.; Rana, T.A.: Dynamic butterfly optimization algorithm for feature selection. IEEE Access 8, 194303–194314 (2020). https://doi.org/10.1109/ACCESS.2020.3033757

    Article  Google Scholar 

  12. Jia, H.; Xing, Z.; Song, W.: A new hybrid seagull optimization algorithm for feature selection. IEEE Access 7, 49614–49631 (2019)

    Google Scholar 

  13. Abualigah, L.M.; Khader, A.T.; Hanandeh, E.S.: A new feature selection method to improve the document clustering using particle swarm optimization algorithm. J. Comput. Sci. 25, 456–466 (2018)

    Google Scholar 

  14. Sun, Y.; Xue, B.; Zhang, M.; Yen, G.G.; Lv, J.: Automatically designing CNN architectures using the genetic algorithm for image classification. IEEE Trans. Cybern. 50, 3840–3854 (2020)

    Google Scholar 

  15. Hasan, N.W.; Saudi, A.S.; Khalil, M.I.; Abbas, H.M.: A genetic algorithm approach to automate architecture design for acoustic scene classification. IEEE Trans. Evolut. Comput. (2022). https://doi.org/10.1109/TEVC.2022.3185543

    Article  Google Scholar 

  16. Xue, Y.; Xue, B.; Zhang, M.: Self-adaptive particle swarm optimization for large-scale feature selection in classification. ACM Trans. Knowl. Discov. Data (TKDD) 13, 1–27 (2019)

    Google Scholar 

  17. Xue, Y.; Zhu, H.; Liang, J.; Słowik, A.: Adaptive crossover operator based multi-objective binary genetic algorithm for feature selection in classification. Knowl.-Based Syst. 227, 107218 (2021)

    Google Scholar 

  18. Jadhav, S.; He, H.; Jenkins, K.: Information gain directed genetic algorithm wrapper feature selection for credit rating. Appl. Soft Comput. 69, 541–553 (2018)

    Google Scholar 

  19. Mirjalili, S.; Song Dong, J.; Sadiq, A.S.; Faris, H.: Genetic algorithm: theory, literature review, and application in image reconstruction. In: Mirjalili, S., Song Dong, J., Lewis, A. (eds.) Nature-Inspired Optimizers, pp. 69–85. Springer, Cham (2020)

    Google Scholar 

  20. Nasiri, J.; Khiyabani, F.M.: A whale optimization algorithm (WOA) approach for clustering. Cogent Math. Stat. 5, 1483565 (2018)

    MathSciNet  MATH  Google Scholar 

  21. Valayapalayam Kittusamy, S.R.; Elhoseny, M.; Kathiresan, S.: An enhanced whale optimization algorithm for vehicular communication networks. Int. J. Commun. Syst. 35, e3953 (2022)

    Google Scholar 

  22. Hajimirzaei, B.; Navimipour, N.J.: Intrusion detection for cloud computing using neural networks and artificial bee colony optimization algorithm. ICT Express 5, 56–59 (2019)

    Google Scholar 

  23. Cervantes, J.; Garcia-Lamont, F.; Rodríguez-Mazahua, L.; Lopez, A.: A comprehensive survey on support vector machine classification: applications, challenges and trends. Neurocomputing 408, 189–215 (2020). https://doi.org/10.1016/j.neucom.2019.10.118

    Article  Google Scholar 

  24. Ferrag, M.A.; Maglaras, L.; Ahmim, A.; Derdour, M.; Janicke, H.: RDTIDS: rules and decision tree-based intrusion detection system for internet-of-things networks. Future Internet 12, 44 (2020)

    Google Scholar 

  25. Khraisat, A.; Gondal, I.; Vamplew, P.: An anomaly intrusion detection system using C5 decision tree classifier. In: Pacific–Asia Conference on Knowledge Discovery and Data Mining, pp. 149–155. Springer (2018)

  26. Kasongo, S.M.; Sun, Y.: Performance analysis of intrusion detection systems using a feature selection method on the UNSW-NB15 dataset. J. Big Data 7, 1–20 (2020)

    Google Scholar 

  27. Resende, P.A.A.; Drummond, A.C.: A survey of random forest based methods for intrusion detection systems. ACM Comput. Surv. (CSUR) 51, 1–36 (2018)

    Google Scholar 

  28. Speiser, J.L.; Miller, M.E.; Tooze, J.; Ip, E.: A comparison of random forest variable selection methods for classification prediction modeling. Expert Syst. Appl. 134, 93–101 (2019)

    Google Scholar 

  29. Liu, G.; Zhao, H.; Fan, F.; Liu, G.; Xu, Q.; Nazir, S.: An enhanced intrusion detection model based on improved KNN in WSNs. Sensors 22, 1407 (2022)

    Google Scholar 

  30. Ding, H.; Chen, L.; Dong, L.; Fu, Z.; Cui, X.: Imbalanced data classification: a KNN and generative adversarial networks-based hybrid approach for intrusion detection. Future Gener. Comput. Syst. 131, 240–254 (2022)

    Google Scholar 

  31. Sha’Abani, M.; Fuad, N.; Jamal, N.; Ismail, M.: KNN and SVM classification for EEG: a review. In: ECCE 2019, pp. 555–565 (2020)

  32. Adithiyaa, T.; Chandramohan, D.; Sathish, T.: Optimal prediction of process parameters by GWO-KNN in stirring-squeeze casting of AA2219 reinforced metal matrix composites. Mater. Today: Proc. 21, 1000–1007 (2020)

    Google Scholar 

  33. Abu Alfeilat, H.A.; Hassanat, A.B.; Lasassmeh, O.; Tarawneh, A.S.; Alhasanat, M.B.; Eyal Salman, H.S.; Prasath, V.S.: Effects of distance measure choice on k-nearest neighbor classifier performance: a review. Big Data 7, 221–248 (2019)

    Google Scholar 

  34. Song, H.M.; Woo, J.; Kim, H.K.: In-vehicle network intrusion detection using deep convolutional neural network. Veh. Commun. 21, 100198 (2020)

    Google Scholar 

  35. Lohiya, R.; Thakkar, A.: Intrusion detection using deep neural network with antirectifier layer. In: Applied Soft Computing and Communication Networks, pp. 89–105. Springer (2021)

  36. Choraś, M.; Pawlicki, M.: Intrusion detection approach based on optimised artificial neural network. Neurocomputing 452, 705–715 (2021)

    Google Scholar 

  37. Abiodun, O.I.; Jantan, A.; Omolara, A.E.; Dada, K.V.; Umar, A.M.; Linus, O.U.; Arshad, H.; Kazaure, A.A.; Gana, U.; Kiru, M.U.: Comprehensive review of artificial neural network applications to pattern recognition. IEEE Access 7, 158820–158846 (2019)

    Google Scholar 

  38. Marugán, A.P.; Márquez, F.P.G.; Perez, J.M.P.; Ruiz-Hernández, D.: A survey of artificial neural network in wind energy systems. Appl. Energy 228, 1822–1836 (2018)

    Google Scholar 

  39. Li, B.; Delpha, C.; Diallo, D.; Migan-Dubois, A.: Application of artificial neural networks to photovoltaic fault detection and diagnosis: a review. Renew. Sustain. Energy Rev. 138, 110512 (2021)

    Google Scholar 

  40. Abiodun, O.I.; Jantan, A.; Omolara, A.E.; Dada, K.V.; Mohamed, N.A.; Arshad, H.: State-of-the-art in artificial neural network applications: a survey. Heliyon 4, e00938 (2018). https://doi.org/10.1016/j.heliyon.2018.e00938

    Article  Google Scholar 

  41. Baldi, P.; Vershynin, R.: The capacity of feedforward neural networks. Neural Netw. 116, 288–311 (2019)

    MATH  Google Scholar 

  42. Ding, B.; Qian, H.; Zhou, J.: Activation functions and their characteristics in deep neural networks. In: Chinese Control And Decision Conference (CCDC) 2018, pp. 1836–1841 (2018). https://doi.org/10.1109/CCDC.2018.8407425

  43. Zhang, H.; Weng, T.-W.; Chen, P.-Y.; Hsieh, C.-J.; Daniel, L.: Efficient neural network robustness certification with general activation functions. Adv. Neural Inf. Process. Syst. 31, 1–10 (2018)

    Google Scholar 

  44. Pouyanfar, S.; Sadiq, S.; Yan, Y.; Tian, H.; Tao, Y.; Reyes, M.P.; Shyu, M.-L.; Chen, S.-C.; Iyengar, S.S.: A survey on deep learning: algorithms, techniques, and applications. ACM Compu. Surv. (CSUR) 51, 1–36 (2018)

    Google Scholar 

  45. Taud, H.; Mas, J.: Multilayer perceptron (MLP). In: Camacho Olmedo, M., Paegelow, M., Mas, J.F., Escobar, F. (eds.) Geomatic Approaches for Modeling Land Change Scenarios, pp. 451–455. Springer, Cham (2018)

    Google Scholar 

  46. Khishe, M.; Mosavi, M.; Moridi, A.: Chaotic fractal walk trainer for sonar data set classification using multi-layer perceptron neural network and its hardware implementation. Appl. Acoust. 137, 121–139 (2018)

    Google Scholar 

  47. Pano-Azucena, A.D.; Tlelo-Cuautle, E.; Tan, S.X.-D.; Ovilla-Martinez, B.; de la Fraga, L.G.: FPGA-based implementation of a multilayer perceptron suitable for chaotic time series prediction. Technologies 6, 90 (2018)

    Google Scholar 

  48. Gu, J.; Wang, Z.; Kuen, J.; Ma, L.; Shahroudy, A.; Shuai, B.; Liu, T.; Wang, X.; Wang, G.; Cai, J.; et al.: Recent advances in convolutional neural networks. Pattern Recognit. 77, 354–377 (2018)

    Google Scholar 

  49. Li, Z.; Liu, F.; Yang, W.; Peng, S.; Zhou, J.: A survey of convolutional neural networks: analysis, applications, and prospects. IEEE Trans. Neural Netw. Learn. Syst. (2021). https://doi.org/10.1109/TNNLS.2021.3084827

    Article  Google Scholar 

  50. Yu, Y.; Si, X.; Hu, C.; Zhang, J.: A review of recurrent neural networks: LSTM cells and network architectures. Neural Comput. 31, 1235–1270 (2019). https://doi.org/10.1162/neco_a_01199

    Article  MathSciNet  MATH  Google Scholar 

  51. Hewamalage, H.; Bergmeir, C.; Bandara, K.: Recurrent neural networks for time series forecasting: current status and future directions. Int. J. Forecast. 37, 388–427 (2021). https://doi.org/10.1016/j.ijforecast.2020.06.008

    Article  Google Scholar 

  52. Wu, Z.; Christofides, P.D.: Economic machine-learning-based predictive control of nonlinear systems. Mathematics 7, 494 (2019)

    Google Scholar 

  53. Sherstinsky, A.: Fundamentals of recurrent neural network (RNN) and long short-term memory (LSTM) network. Physica D: Nonlinear Phenomena 404, 132306 (2020). https://doi.org/10.1016/j.physd.2019.132306

    Article  MathSciNet  MATH  Google Scholar 

  54. Dong, G.; Liao, G.; Liu, H.; Kuang, G.: A review of the autoencoder and its variants: a comparative perspective from target recognition in synthetic-aperture radar images. IEEE Geosci. Remote Sens. Mag. 6, 44–68 (2018). https://doi.org/10.1109/MGRS.2018.2853555

    Article  Google Scholar 

  55. Baur, C.; Denner, S.; Wiestler, B.; Navab, N.; Albarqouni, S.: Autoencoders for unsupervised anomaly segmentation in brain MR images: a comparative study. Med. Image Anal. 69, 101952 (2021). https://doi.org/10.1016/j.media.2020.101952

    Article  Google Scholar 

  56. Zhang, N.; Ding, S.; Zhang, J.; Xue, Y.: An overview on restricted Boltzmann machines. Neurocomputing 275, 1186–1199 (2018). https://doi.org/10.1016/j.neucom.2017.09.065

    Article  Google Scholar 

  57. Alom, M.Z.; Taha, T.M.; Yakopcic, C.; Westberg, S.; Sidike, P.; Nasrin, M.S.; Hasan, M.; Van Essen, B.C.; Awwal, A.A.; Asari, V.K.: A state-of-the-art survey on deep learning theory and architectures. Electronics 8, 292 (2019)

    Google Scholar 

  58. He, X.; Zhao, K.; Chu, X.: AutoML: a survey of the state-of-the-art. Knowl.-Based Syst. 212, 106622 (2021)

    Google Scholar 

  59. Dargan, S.; Kumar, M.; Ayyagari, M.R.; Kumar, G.: A survey of deep learning and its applications: a new paradigm to machine learning. Arch. Comput. Methods. Eng. 27, 1071–1092 (2020)

    MathSciNet  Google Scholar 

  60. Axelsson, S.: Intrusion detection systems: a survey and taxonomy. Technical Report, Citeseer (2000)

  61. Lazarevic, A.; Kumar, V.; Srivastava, J.: Intrusion detection: a survey. In: Kumar, V., Srivastava, J., Lazarevic, A. (eds.) Managing Cyber Threats, pp. 19–78. Springer, Boston, MA (2005)

    Google Scholar 

  62. Gyanchandani, M.; Rana, J.; Yadav, R.: Taxonomy of anomaly based intrusion detection system: a review. Int. J. Sci. Res. Publ. 2, 1–13 (2012)

    Google Scholar 

  63. Vasilomanolakis, E.; Karuppayah, S.; Mühlhäuser, M.; Fischer, M.: Taxonomy and survey of collaborative intrusion detection. ACM Comput. Surv. (CSUR) 47, 1–33 (2015)

    Google Scholar 

  64. Hodo, E.; Bellekens, X.; Hamilton, A.; Tachtatzis, C.; Atkinson, R.: Shallow and deep networks intrusion detection system: a taxonomy and survey. arXiv preprint arXiv:1701.02145 (2017)

  65. Hindy, H.; Brosset, D.; Bayne, E.; Seeam, A.; Tachtatzis, C.; Atkinson, R.; Bellekens, X.: A taxonomy and survey of intrusion detection system design techniques, network threats and datasets. arXiv preprint arXiv:1806.03517 (2018)

  66. Aldweesh, A.; Derhab, A.; Emam, A.Z.: Deep learning approaches for anomaly-based intrusion detection systems: a survey, taxonomy, and open issues. Knowl.-Based Syst. 189, 105124 (2020)

    Google Scholar 

  67. Masdari, M.; Khezri, H.: A survey and taxonomy of the fuzzy signature-based intrusion detection systems. Appl. Soft Comput. 92, 106301 (2020)

    Google Scholar 

  68. Baddar, S.W.A.-H.; Merlo, A.; Migliardi, M.: Anomaly detection in computer networks: a state-of-the-art review. J. Wirel. Mob. Netw. Ubiquitous Comput. Dependable Appl. 5, 29–64 (2014)

    Google Scholar 

  69. Al-Othman, Z.; Alkasassbeh, M.; Baddar, S.A.-H.: A state-of-the-art review on IoT botnet attack detection. arXiv preprint arXiv:2010.13852 (2020)

  70. Rajasegarar, S.; Leckie, C.; Palaniswami, M.: Anomaly detection in wireless sensor networks. IEEE Wirel. Commun. 15, 34–40 (2008)

    Google Scholar 

  71. Khraisat, A.; Gondal, I.; Vamplew, P.; Kamruzzaman, J.: Survey of intrusion detection systems: techniques, datasets and challenges. Cybersecurity 2, 1–22 (2019)

    Google Scholar 

  72. Liu, H.; Lang, B.: Machine learning and deep learning methods for intrusion detection systems: a survey. Appl. Sci. 9, 4396 (2019)

    Google Scholar 

  73. Chaabouni, N.; Mosbah, M.; Zemmari, A.; Sauvignac, C.; Faruki, P.: Network intrusion detection for IoT security based on learning techniques. IEEE Commun. Surv. Tutor. 21, 2671–2701 (2019)

    Google Scholar 

  74. Baheti, R.; Gill, H.: Cyber-physical systems. The impact of control technology. Open J. Soc. Sci. Sci. Res. Publ. 12, 161–166 (2011)

    Google Scholar 

  75. Luo, Y.; Xiao, Y.; Cheng, L.; Peng, G.; Yao, D.D.: Deep learning-based anomaly detection in cyber-physical systems: progress and opportunities. ACM Comput. Surv. (2021). https://doi.org/10.1145/3453155

    Article  Google Scholar 

  76. Lippmann, R.; Haines, J.W.; Fried, D.J.; Korba, J.; Das, K.: The DARPA off-line intrusion detection evaluation. Comput. Netw. 34(2000), 579–595 (1999)

    Google Scholar 

  77. Cup, K.: Data/the UCI KDD Archive, Information and Computer Science. University of California, Irvine (1999)

    Google Scholar 

  78. Tavallaee, M.; Bagheri, E.; Lu, W.; Ghorbani, A.A.: A detailed analysis of the KDD cup 99 data set. In: IEEE Symposium on Computational Intelligence for Security and Defense Applications, pp. 1–6. IEEE 2009 (2009)

  79. Shannon, C.; Moore, D.: The CAIDA dataset on the Witty Worm-March 19–24, 2004,(collection), Online, March 2004. http://www.caida.org/data/passive/witty_worm_dataset.xml (2004)

  80. Sangster, B.; O’Connor, T.; Cook, T.; Fanelli, R.; Dean, E.; Morrell, C.; Conti, G.J.: Toward instrumenting network warfare competitions to generate labeled datasets. In: CSET (2009)

  81. Song, J.; Takakura, H.; Okabe, Y.; Eto, M.; Inoue, D.; Nakao, K.: Statistical analysis of honeypot data and building of Kyoto 2006+ dataset for NIDS evaluation. In: Proceedings of the First Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, pp. 29–36 (2011)

  82. Shiravi, A.; Shiravi, H.; Tavallaee, M.; Ghorbani, A.A.: Toward developing a systematic approach to generate benchmark datasets for intrusion detection. Comput. Secur. 31, 357–374 (2012)

    Google Scholar 

  83. Al-Kasassbeh, M.; Al-Naymat, G.; Al-Hawari, E.: Towards generating realistic SNMP-MIB dataset for network anomaly detection. Int. J. Comput. Sci. Inf. Secur. 14, 1162 (2016)

    Google Scholar 

  84. Alkasassbeh, M.; Al-Naymat, G.; Hassanat, A.B.; Almseidin, M.: Detecting distributed denial of service attacks using data mining techniques. Int. J. Adv. Comput. Sci. Appl. 7, 436–445 (2016)

    Google Scholar 

  85. Sharafaldin, I.; Lashkari, A.H.; Ghorbani, A.A.: Toward generating a new intrusion detection dataset and intrusion traffic characterization. ICISSp 1, 108–116 (2018)

    Google Scholar 

  86. Kostas, K.: Anomaly detection in networks using machine learning. Res. Proposal 23, 343 (2018)

    Google Scholar 

  87. Kenkre, P.S.; Pai, A.; Colaco, L.: Real time intrusion detection and prevention system. In: Proceedings of the 3rd International Conference on Frontiers of Intelligent Computing: Theory and Applications (FICTA) 2014, pp. 405–411. Springer (2015)

  88. Sou, S.-I.; Lin, C.-S.: Random packet inspection scheme for network intrusion prevention in LTE core networks. IEEE Trans. Veh. Technol. 66, 8385–8397 (2017)

    Google Scholar 

  89. Jiang, N.; Cao, J.; Jin, Y.; Li, L.E.; Zhang, Z.-L.: Identifying suspicious activities through DNS failure graph analysis. In: The 18th IEEE International Conference on Network Protocols, pp. 144–153. IEEE (2010)

  90. Karapistoli, E.; Economides, A.A.: ADLU: a novel anomaly detection and location-attribution algorithm for UWB wireless sensor networks. EURASIP J. Inf. Secur. 2014, 1–12 (2014)

    Google Scholar 

  91. Wang, Y.; Meng, W.; Li, W.; Li, J.; Liu, W.-X.; Xiang, Y.: A fog-based privacy-preserving approach for distributed signature-based intrusion detection. J. Parallel Distrib. Comput. 122, 26–35 (2018)

    Google Scholar 

  92. Park, H.-A.; Lee, D.H.; Lim, J.; Cho, S.H.: PPIDS: privacy preserving intrusion detection system. In: Pacific–Asia Workshop on Intelligence and Security Informatics, pp. 269–274. Springer (2007)

  93. Kumar, S.; Sehgal, R. K.; Chamotra, S.: A framework for botnet infection determination through multiple mechanisms applied on honeynet data. In: 2016 Second International Conference on Computational Intelligence & Communication Technology (CICT), pp. 6–13. IEEE (2016)

  94. Kondra, J.R.; Bharti, S.K.; Mishra, S.K.; Babu, K.S.: Honeypot-based intrusion detection system: a performance analysis. In: 2016 3rd International Conference on Computing for Sustainable Global Development (INDIACom), pp. 2347–2351. IEEE (2016)

  95. Sharma, S.: Detection and analysis of network & application layer attacks using Maya honeypot. In: 6th International Conference-Cloud System and Big Data Engineering (Confluence), pp. 259–262. IEEE 2016 (2016)

  96. Vasilomanolakis, E.; Srinivasa, S.; Cordero, C.G.; Mühlhäuser, M.: Multi-stage attack detection and signature generation with ICS honeypots. In: NOMS 2016—2016 IEEE/IFIP Network Operations and Management Symposium, pp. 1227–1232. IEEE (2016)

  97. Tyagi, R.; Paul, T.; Manoj, B.; Thanudas, B.: A novel HTTP botnet traffic detection method. In: Annual IEEE India Conference (INDICON), pp. 1–6. IEEE 2015 (2015)

  98. Jadidi, Z.; Muthukkumarasamy, V.; Sithirasenan, E.; Singh, K.: A probabilistic sampling method for efficient flow-based analysis. J. Commun. Netw. 18, 818–825 (2016)

    Google Scholar 

  99. Kakavand, M.; Mustapha, A.; Tan, Z.; Yazdani, S.F.; Arulsamy, L.: O-ADPI: online adaptive deep-packet inspector using Mahalanobis distance map for web service attacks classification. IEEE Access 7, 167141–167156 (2019)

    Google Scholar 

  100. Ahmed, M.E.; Ullah, S.; Kim, H.: Statistical application fingerprinting for DDOS attack mitigation. IEEE Trans. Inf. Forensics Secur. 14, 1471–1484 (2018)

    Google Scholar 

  101. Dutt, I.; Borah, S.; Maitra, I.K.: Immune system based intrusion detection system (IS-IDS): a proposed model. IEEE Access 8, 34929–34941 (2020)

    Google Scholar 

  102. Resende, P.A.A.; Drummond, A.C.: Adaptive anomaly-based intrusion detection system using genetic algorithm and profiling. Secur. Priv. 1, e36 (2018)

    Google Scholar 

  103. Chawla, A.; Lee, B.; Fallon, S.; Jacob, P.: Host based intrusion detection system with combined CNN/RNN model. In: Joint European Conference on Machine Learning and Knowledge Discovery in Databases, pp. 149–158. Springer (2018)

  104. Atefi, K.; Yahya, S.; Rezaei, A.; Hashim, S.H.B.M.: Anomaly detection based on profile signature in network using machine learning technique. In: IEEE Region 10 Symposium (TENSYMP), pp. 71–76. IEEE 2016 (2016)

  105. Yan, J.; Jin, D.; Lee, C.W.; Liu, P.: A comparative study of off-line deep learning based network intrusion detection. In: 2018 Tenth International Conference on Ubiquitous and Future Networks (ICUFN), pp. 299–304. IEEE (2018)

  106. Mylavarapu, G.; Thomas, J.; Kumar TK, A.: Real-time hybrid intrusion detection system using apache storm. In: 2015 IEEE 17th International Conference on High Performance Computing and Communications, 2015 IEEE 7th International Symposium on Cyberspace Safety and Security, and 2015 IEEE 12th International Conference on Embedded Software and Systems, pp. 1436–1441. IEEE (2015)

  107. Van, N.T.T.; Thinh, T.N.: Accelerating anomaly-based ids using neural network on GPU. In: International Conference on Advanced Computing and Applications (ACOMP), pp. 67–74. IEEE 2015 (2015)

  108. Kumar, G.S.: Real time and offline network intrusion detection using improved decision tree algorithm. Int. J. Comput. Appl. 975, 8887 (2012)

    Google Scholar 

  109. Jongsuebsuk, P.; Wattanapongsakorn, N.; Charnsripinyo, C.: Real-time intrusion detection with fuzzy genetic algorithm. In: 2013 10th International Conference on Electrical Engineering/Electronics, Computer, Telecommunications and Information Technology, pp. 1–6. IEEE (2013)

  110. Kadam, P.U.; Deshmukh, M.: Real-time intrusion detection with genetic, fuzzy, pattern matching algorithm, In: 2016 3rd International Conference on Computing for Sustainable Global Development (INDIACom), pp. 753–758. IEEE (2016)

  111. Goeschel, K.: Reducing false positives in intrusion detection systems using data-mining techniques utilizing support vector machines, decision trees, and naive Bayes for off-line analysis. In: SoutheastCon 2016, pp. 1–6. IEEE (2016)

  112. Seo, S.; Park, S.; Kim, J.: Improvement of network intrusion detection accuracy by using restricted Boltzmann machine. In: 2016 8th International Conference on Computational Intelligence and Communication Networks (CICN), pp. 413–417. IEEE (2016)

  113. Nie, L.; Ning, Z.; Wang, X.; Hu, X.; Cheng, J.; Li, Y.: Data-driven intrusion detection for intelligent internet of vehicles: a deep convolutional neural network-based method. IEEE Trans. Netw. Sci. Eng. 7, 2219–2230 (2020)

    MathSciNet  Google Scholar 

  114. Moustafa, N.; Turnbull, B.; Choo, K.-K.R.: An ensemble intrusion detection technique based on proposed statistical flow features for protecting network traffic of internet of things. IEEE Internet Things J. 6, 4815–4830 (2018)

    Google Scholar 

  115. Shafiq, M.; Tian, Z.; Bashir, A.K.; Du, X.; Guizani, M.: CorrAUC: a malicious bot-IoT traffic detection method in IoT network using machine-learning techniques. IEEE Internet Things J. 8, 3242–3254 (2020)

    Google Scholar 

  116. Yang, J.; Lim, H.: Deep learning approach for detecting malicious activities over encrypted secure channels. IEEE Access 9, 39229–39244 (2021)

    Google Scholar 

  117. Messabi, K.A.; Aldwairi, M.; Yousif, A.A.; Thoban, A.; Belqasmi, F.: Malware detection using DNS records and domain name features. In: Proceedings of the 2nd International Conference on Future Networks and Distributed Systems, p. 29. ACM (2018)

  118. Singh, M.; Singh, M.; Kaur, S.: Detecting bot-infected machines using DNS fingerprinting. Digit. Investig. 28, 14–33 (2019)

    Google Scholar 

  119. Jiang, J.; Chen, J.; Choo, K.-K.R.; Liu, C.; Liu, K.; Yu, M.; Wang, Y.: A deep learning based online malicious URL and DNS detection scheme. In: International Conference on Security and Privacy in Communication Systems, pp. 438–448. Springer (2017)

  120. Satam, P.; Alipour, H.; Al-Nashif, Y.; Hariri, S.: DNS-IDS: securing DNS in the cloud era. In: 2015 International Conference on Cloud and Autonomic Computing, pp. 296–301. IEEE (2015)

  121. Hoang, X.; Nguyen, Q.: Botnet detection based on machine learning techniques using DNS query data. Future Internet 10, 43 (2018)

    Google Scholar 

  122. Khan, M.A.: HCRNNIDS: Hybrid convolutional recurrent neural network-based network intrusion detection system. Processes 9, 834 (2021)

    Google Scholar 

  123. Aslahi-Shahri, B.; Rahmani, R.; Chizari, M.; Maralani, A.; Eslami, M.; Golkar, M.J.; Ebrahimi, A.: A hybrid method consisting of GA and SVM for intrusion detection system. Neural Comput. Appl. 27, 1669–1676 (2016)

    Google Scholar 

  124. Almashhadani, A.O.; Kaiiali, M.; Sezer, S.; O’Kane, P.: A multi-classifier network-based crypto ransomware detection system: a case study of locky ransomware. IEEE Access 7, 47053–47067 (2019)

    Google Scholar 

  125. Ma, C.; Du, X.; Cao, L.: Analysis of multi-types of flow features based on hybrid neural network for improving network anomaly detection. IEEE Access 7, 148363–148380 (2019)

    Google Scholar 

  126. Kasongo, S.M.; Sun, Y.: A deep learning method with filter based feature engineering for wireless intrusion detection system. IEEE Access 7, 38597–38607 (2019)

    Google Scholar 

  127. Mendonça, R.V.; Teodoro, A.A.; Rosa, R.L.; Saadi, M.; Melgarejo, D.C.; Nardelli, P.H.; Rodríguez, D.Z.: Intrusion detection system based on fast hierarchical deep convolutional neural network. IEEE Access 9, 61024–61034 (2021)

    Google Scholar 

  128. Mazini, M.; Shirazi, B.; Mahdavi, I.: Anomaly network-based intrusion detection system using a reliable hybrid artificial bee colony and AdaBoost algorithms. J. King Saud Univ.-Comput. Inf. Sci. 31, 541–553 (2019)

    Google Scholar 

  129. Gnanaprasanambikai, L.; Munusamy, N.: Data pre-processing and classification for traffic anomaly intrusion detection using NSLKDD dataset. Cybern. Inf. Technol. 18, 111–119 (2018)

    MathSciNet  Google Scholar 

  130. Viegas, E.; Santin, A.; Bessani, A.; Neves, N.: BigFlow: real-time and reliable anomaly-based intrusion detection for high-speed networks. Future Gener. Comput. Syst. 93, 473–485 (2019)

    Google Scholar 

  131. Haripriya, L.; Jabbar, M.A.: Role of machine learning in intrusion detection system, In: 2018 Second International Conference on Electronics, Communication and Aerospace Technology (ICECA), pp. 925–929. IEEE (2018)

  132. Kim, K.; Aminanto, M.E.: Deep learning in intrusion detection perspective: overview and further challenges. In: International Workshop on Big Data and Information Security (IWBIS), pp. 5–10. IEEE 2017 (2017)

  133. Masduki, B.W.; Ramli, K.: Improving intrusion detection system detection accuracy and reducing learning time by combining selected features selection and parameters optimization. In: 2016 6th IEEE International Conference on Control System, Computing and Engineering (ICCSCE), pp. 397–402. IEEE (2016)

  134. Masduki, B.W.; Ramli, K.; Saputra, F.A.; Sugiarto, D.: Study on implementation of machine learning methods combination for improving attacks detection accuracy on intrusion detection system (IDS). In: 2015 International Conference on Quality in Research (QiR), pp. 56–64. IEEE (2015)

  135. Poongothai, T.; Duraiswamy, K.: Intrusion detection in mobile AdHoc networks using machine learning approach. In: International Conference on Information Communication and Embedded Systems (ICICES2014), pp. 1–5. IEEE (2014)

  136. Alothman, Z.; Alkasassbeh, M.; Al-Haj Baddar, S.: An efficient approach to detect IoT botnet attacks using machine learning. J. High Speed Netw. 26(3), 241–254 (2020)

    Google Scholar 

  137. Al-Kasassbeh, M.; Abbadi, M.A.; Al-Bustanji, A.M.: LightGBM algorithm for malware detection. In: Science and Information Conference, pp. 391–403. Springer (2020)

  138. Al-Kasassbeh, M.; Almseidin, M.; Alrfou, K.; Kovacs, S.: Detection of IoT-botnet attacks using fuzzy rule interpolation. J. Intell. Fuzzy Syst. 39, 421–431 (2020)

    Google Scholar 

  139. Wei, L.; Zhong-Ming, Y.; Ya-Ping, C.; Bin, Z.: A clustering algorithm oriented to intrusion detection. In: 2017 IEEE International Conference on Computational Science and Engineering (CSE) and IEEE International Conference on Embedded and Ubiquitous Computing (EUC), vol. 1, pp. 862–865. IEEE (2017)

  140. Karami, A.: An anomaly-based intrusion detection system in presence of benign outliers with visualization capabilities. Expert Syst. Appl. 108, 36–60 (2018)

    Google Scholar 

  141. Jirachan, T.; Piromsopa, K.: Applying KSE-test and K-means clustering towards scalable unsupervised intrusion detection. In: 2015 12th International Joint Conference on Computer Science and Software Engineering (JCSSE), pp. 82–87. IEEE (2015)

  142. Kotani, G.; Sekiya, Y.: Unsupervised scanning behavior detection based on distribution of network traffic features using robust autoencoders. In: 2018 IEEE International Conference on Data Mining Workshops (ICDMW), pp. 35–38. IEEE (2018)

  143. Zhang, J.; Jones, K.; Song, T.; Kang, H.; Brown, D.E.: Comparing unsupervised learning approaches to detect network intrusion using NetFlow data. In: Systems and Information Engineering Design Symposium (SIEDS), pp. 122–127. IEEE 2017 (2017)

  144. Alom, M.Z.; Taha, T.M.: Network intrusion detection for cyber security using unsupervised deep learning approaches. In: IEEE National Aerospace and Electronics Conference (NAECON), pp. 63–69. IEEE 2017 (2017)

  145. Hassan, M.M.; Gumaei, A.; Alsanad, A.; Alrubaian, M.; Fortino, G.: A hybrid deep learning model for efficient intrusion detection in big data environment. Inf. Sci. 513, 386–396 (2020)

    Google Scholar 

  146. Vikram, A., et al.: Anomaly detection in network traffic using unsupervised machine learning approach. In: 2020 5th International Conference on Communication and Electronics Systems (ICCES), pp. 476–479. IEEE (2020)

  147. Verkerken, M.; D’hooge, L.; Wauters, T.; Volckaert, B.; De Turck, F.: Unsupervised machine learning techniques for network intrusion detection on modern data. In: 4th Cyber Security in Networking Conference (CSNet), pp. 1–8. IEEE 2020 (2020)

  148. Zavrak, S.; Iskefiyeli, M.: Anomaly-based intrusion detection from network flow features using variational autoencoder. IEEE Access 8, 108346–108358 (2020)

    Google Scholar 

  149. Sutton, R.S.; Barto, A.G.: Reinforcement Learning: An Introduction. MIT Press, Cambridge (2018)

    MATH  Google Scholar 

  150. Vieira, K.M.; Schubert, F.; Geronimo, G.A.; de Souza Mendes, R.; Westphall, C.B.: Autonomic intrusion detection system in cloud computing with big data. In: Proceedings of the International Conference on Security and Management (SAM), The Steering Committee of The World Congress in Computer Science, Computer ..., p. 1 (2014)

  151. Chatterjee, M.; Namin, A.S.: Deep reinforcement learning for detecting malicious websites. arXiv preprint arXiv:1905.09207 (2019)

  152. Xiao, L.; Li, Y.; Liu, G.; Li, Q.; Zhuang, W.: Spoofing detection with reinforcement learning in wireless networks. In: IEEE Global Communications Conference (GLOBECOM), pp. 1–5. IEEE 2015 (2015)

  153. Otoum, S.; Kantarci, B.; Mouftah, H.: Empowering reinforcement learning on big sensed data for intrusion detection. In: ICC 2019—2019 IEEE International Conference on Communications (ICC), pp. 1–7. IEEE (2019)

  154. Tang, C.; Xiang, Y.; Wang, Y.; Qian, J.; Qiang, B.: Detection and classification of anomaly intrusion using hierarchy clustering and SVM. Secur. Commun. Netw. 9, 3401–3411 (2016)

    Google Scholar 

  155. Zaman, M.; Lung, C.-H.: Evaluation of machine learning techniques for network intrusion detection. In: NOMS 2018—2018 IEEE/IFIP Network Operations and Management Symposium, pp. 1–5. IEEE (2018)

  156. Ravi, N.; Shalinie, S.M.: Semisupervised-learning-based security to detect and mitigate intrusions in IoT network. IEEE Internet Things J. 7, 11041–11052 (2020)

    Google Scholar 

  157. Vandana, M.; Manmadhan, S.: Self learning network traffic classification. In: 2015 International Conference on Innovations in Information, Embedded and Communication Systems (ICIIECS), pp. 1–5. IEEE (2015)

  158. Rezvy, S.; Luo, Y.; Petridis, M.; Lasebae, A.; Zebin, T.: An efficient deep learning model for intrusion classification and prediction in 5G and IoT networks. In: 2019 53rd Annual Conference on Information Sciences and Systems (CISS), pp. 1–6. IEEE (2019)

  159. Wang, H.; Han, B.; Su, J.; Wang, X.: A high-performance intrusion detection method based on combining supervised and unsupervised learning. In: IEEE SmartWorld, Ubiquitous Intelligence & Computing, Advanced & Trusted Computing, Scalable Computing & Communications, Cloud & Big Data Computing, Internet of People and Smart City Innovation (SmartWorld/SCALCOM/UIC/ATC/CBDCom/IOP/SCI), pp. 1803–1810. IEEE 2018 (2018)

  160. Patel, B.; Somani, Z.; Ajila, S.A.; Lung, C.-H.: Hybrid relabeled model for network intrusion detection. In: 2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData), pp. 872–877. IEEE (2018)

  161. Dawoud, A.; Shahristani, S.; Raun, C.: Deep learning for network anomalies detection. In: 2018 International Conference on Machine Learning and Data Engineering (iCMLDE), pp. 149–153. IEEE (2018)

  162. Veeramachaneni, K.; Arnaldo, I.; Korrapati, V.; Bassias, C.; Li, K.: \(\text{Ai}^{2}\): training a big data machine to defend. In: 2016 IEEE 2nd International Conference on Big Data Security on Cloud (BigDataSecurity), IEEE International Conference on High Performance and Smart Computing (HPSC), and IEEE International Conference on Intelligent Data and Security (IDS), pp. 49–54. IEEE (2016)

  163. Callegari, C.; Bucchianeri, E.; Giordano, S.; Pagano, M.: Real time attack detection with deep learning. In: 2019 16th Annual IEEE International Conference on Sensing, Communication, and Networking (SECON), pp. 1–5. IEEE (2019)

  164. Wang, J.; Zhao, H.; Xu, J.; Li, H.; Zhu, H.; Chao, S.; Zheng, C.: Using intuitionistic fuzzy set for anomaly detection of network traffic from flow interaction. IEEE Access 6, 64801–64816 (2018)

    Google Scholar 

  165. Islam, R.; Refat, R.U.D.; Yerram, S.M.; Malik, H.: Graph-based intrusion detection system for controller area networks. IEEE Trans. Intell. Transp. Syst. (2020). https://doi.org/10.1109/TITS.2020.3025685

    Article  Google Scholar 

  166. Wang, W.; Shang, Y.; He, Y.; Li, Y.; Liu, J.: BotMark: automated botnet detection with hybrid analysis of flow-based and graph-based traffic behaviors. Inf. Sci. 511, 284–296 (2020)

    Google Scholar 

  167. Paudel, R.; Muncy, T.; Eberle, W.: Detecting dos attack in smart home IoT devices using a graph-based approach. In: 2019 IEEE International Conference on Big Data (Big Data), pp. 5249–5258. IEEE (2019)

  168. Hamza, A.; Gharakheili, H.H.; Benson, T. A.; Sivaraman, V.: Detecting volumetric attacks on lot devices via SDN-based monitoring of mud activity. In: Proceedings of the 2019 ACM Symposium on SDN Research, pp. 36–48 (2019)

  169. Sivanathan, A.; Gharakheili, H.H.; Loi, F.; Radford, A.; Wijenayake, C.; Vishwanath, A.; Sivaraman, V.: Classifying IoT devices in smart environments using network traffic characteristics. IEEE Trans. Mob. Comput. 18, 1745–1759 (2018)

    Google Scholar 

  170. Yu, B.; Smith, L.; Threefoot, M.; Olumofin, F.G.: Behavior analysis based DNS tunneling detection and classification with big data technologies. In: IoTBD, pp. 284–290 (2016)

  171. Sadikin, F.; van Deursen, T.; Kumar, S.: A ZigBee intrusion detection system for IoT using secure and efficient data collection. Internet Things 12, 100306 (2020)

    Google Scholar 

  172. Ndibwile, J.D.; Govardhan, A.; Okada, K.; Kadobayashi, Y.: Web server protection against application layer DDOS attacks using machine learning and traffic authentication. In: IEEE 39th Annual Computer Software and Applications Conference, vol. 3, pp. 261–267. IEEE 2015 (2015)

  173. Al-Jarrah, O.Y.; Alhussein, O.; Yoo, P.D.; Muhaidat, S.; Taha, K.; Kim, K.: Data randomization and cluster-based partitioning for botnet intrusion detection. IEEE Trans. Cybern. 46, 1796–1806 (2015)

    Google Scholar 

  174. Shi, Z.; Li, J.; Wu, C.; Li, J.: DeepWindow: an efficient method for online network traffic anomaly detection. In: 2019 IEEE 21st International Conference on High Performance Computing and Communications; IEEE 17th International Conference on Smart City; IEEE 5th International Conference on Data Science and Systems (HPCC/SmartCity/DSS), pp. 2403–2408. IEEE (2019)

  175. Park, K.; Song, Y.; Cheong, Y.-G.: Classification of attack types for intrusion detection systems using a machine learning algorithm. In: IEEE fourth international conference on big data computing service and applications (BigDataService), pp. 282–286. IEEE 2018 (2018)

  176. Lysenko, S.; Pomorova, O.; Savenko, O.; Kryshchuk, A.; Bobrovnikova, K.: DNS-based anti-evasion technique for botnets detection. In: 2015 IEEE 8th International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS), vol. 1, pp. 453–458. IEEE (2015)

  177. Li, Y.; Liu, J.; Li, Q.; Xiao, L.: Mobile cloud offloading for malware detections with learning. In: 2015 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), pp. 197–201. IEEE (2015)

  178. Choi, S.-G.; Cho, S.-B.: Adaptive database intrusion detection using evolutionary reinforcement learning. In: International Joint Conference SOCO’17-CISIS’17-ICEUTE’17 León, Spain, 6–8 Sept 2017, Proceeding, pp. 547–556. Springer (2017)

  179. Alshammari, R.; Zincir-Heywood, A.N.: Can encrypted traffic be identified without port numbers, IP addresses and payload inspection? Comput. Netw. 55, 1326–1350 (2011)

    Google Scholar 

  180. Cheh, C.; Chen, B.; Temple, W.G.; Sanders, W.H.: Modeling adversarial physical movement in a railway station: classification and metrics. ACM Trans. Cyber-Phys. Syst. (2019). https://doi.org/10.1145/3349584

    Article  Google Scholar 

  181. Ghafir, I.; Kyriakopoulos, K.G.; Lambotharan, S.; Aparicio-Navarro, F.J.; AsSadhan, B.; Binsalleeh, H.; Diab, D.M.: Hidden Markov models and alert correlations for the prediction of advanced persistent threats. IEEE Access 7, 99508–99520 (2019)

    Google Scholar 

  182. Moustafa, N.; Slay, J.: UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). In: Military Communications and Information Systems Conference (MilCIS), pp. 1–6. IEEE 2015 (2015)

  183. Stewart, E.; Liao, A.; Roberts, C.: Open \(\mu \)pmu: a real world reference distribution micro-phasor measurement unit data set for research and application development (2016)

  184. Ramakrishna, S.; Rahiminasab, Z.; Karsai, G.; Easwaran, A.; Dubey, A.: Efficient out-of-distribution detection using latent space of \(\beta \)-vae for cyber-physical systems. ACM Trans. Cyber-Phys. Syst. (2022). https://doi.org/10.1145/3491243

    Article  Google Scholar 

  185. Chowdhury, M.; Ray, B.; Chowdhury, S.; Rajasegarar, S.: A novel insider attack and machine learning based detection for the internet of things. ACM Trans. Internet Things (2021). https://doi.org/10.1145/3466721

    Article  Google Scholar 

  186. Zhao, R.; Gui, G.; Xue, Z.; Yin, J.; Ohtsuki, T.; Adebisi, B.; Gacanin, H.: A novel intrusion detection method based on lightweight neural network for internet of things. IEEE Internet Things J. 9, 9960–9972 (2022). https://doi.org/10.1109/JIOT.2021.3119055

    Article  Google Scholar 

  187. Moustafa, N.; Turnbull, B.; Choo, K.-K.R.: An ensemble intrusion detection technique based on proposed statistical flow features for protecting network traffic of internet of things. IEEE Internet Things J. 6, 4815–4830 (2019). https://doi.org/10.1109/JIOT.2018.2871719

    Article  Google Scholar 

  188. Bodström, T.; Hämäläinen, T.: A novel deep learning stack for apt detection. Appl. Sci. 9, 1055 (2019)

    Google Scholar 

  189. Shi, Y.; Chen, G.; Li, J.: Malicious domain name detection based on extreme machine learning. Neural Process. Lett. 48, 1347–1357 (2018)

  190. de Araujo-Filho, P.F.; Kaddoum, G.; Campelo, D.R.; Gondim Santos, A.; Macêdo, D.; Zanchettin, C.: Intrusion detection for cyber-physical systems using generative adversarial networks in fog environment. IEEE Internet Things J. 8, 6247–6256 (2021). https://doi.org/10.1109/JIOT.2020.3024800

    Article  Google Scholar 

  191. Şahingöz, Ö. K.; Buber, E.; Demir, Ö.; Diri, B.: Machine learning based phishing detection from URLs (2017)

  192. Xiao, L.; Li, Y.; Han, G.; Liu, G.; Zhuang, W.: PHY-layer spoofing detection with reinforcement learning in wireless networks. IEEE Trans. Veh. Technol. 65, 10037–10047 (2016)

    Google Scholar 

  193. Murali, S.; Jamalipour, A.: A lightweight intrusion detection for sybil attack under mobile RPL in the internet of things. IEEE Internet Things J. 7, 379–388 (2020). https://doi.org/10.1109/JIOT.2019.2948149

    Article  Google Scholar 

  194. Debatty, T.; Mees, W.; Gilon, T.: Graph-based apt detection. In: 2018 International Conference on Military Communications and Information Systems (ICMCIS), pp. 1–8. IEEE (2018)

  195. Ghafir, I.; Hammoudeh, M.; Prenosil, V.; Han, L.; Hegarty, R.; Rabie, K.; Aparicio-Navarro, F.J.: Detection of advanced persistent threat using machine-learning correlation analysis. Future Gener. Comput. Syst. 89, 349–359 (2018)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. King Hussein School of Computing Sciences, Princess Sumaya University for Technology (PSUT), Amman, 11941, Jordan

    Mouhammd Alkasassbeh

  2. King Abdullah II School of Information Technology, The University of Jordan, Amman, 11942, Jordan

    Sherenaz Al-Haj Baddar

Authors
  1. Mouhammd Alkasassbeh
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sherenaz Al-Haj Baddar
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sherenaz Al-Haj Baddar.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Alkasassbeh, M., Al-Haj Baddar, S. Intrusion Detection Systems: A State-of-the-Art Taxonomy and Survey. Arab J Sci Eng 48, 10021–10064 (2023). https://doi.org/10.1007/s13369-022-07412-1

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s13369-022-07412-1

Keywords

Search

Navigation