The intrusion detection systems (IDSs) have
attracted more researchers from last two decades. The much
more work has been done in IDS. But still, there are some
problems remain unsolved like false positive rate and
detection accuracy. The various approaches are used in
developing IDS; some of these are data mining, machine
learning, statistic-based, and rule-based approaches. In this
paper, we compare the data mining and machine learning
approach for detection of anomaly. We have also discussed
the challenges in the intrusion detection system. In studied
approaches, some papers used both data mining and machine
learning approach for developing system, called as hybrid
approach.
Sunil M. Sangve : Computer Department, Savitribai Phule Pune University , ZCOER
Pune, Maharashtra , India
Ravindra C. Thool : Computer Science and Engineering Department, SRTMU,SGGSIE &T,
Nanded, Maharashtra, India
Intrusion Detection Systems (IDSs)
Data Mining
Machine Learning
Challenges
Considering the studied literature, it is clear that in order
to have the capacity to secure a system against the novel
attacks, the anomaly based intrusion detection is the best
way. We have discussed the data mining and machine
learning approach for anomaly detection. The data mining
approaches are used for clustering and classification to
divide the large dataset so that processing and
computational complexity will reduce. The machine
learning approach trains the system and gives the
prediction in testing stage. The machine learning has many
advantages in anomaly detection without human
interference. Depending on labels used in input dataset, the
anomaly detection is classified as supervised, semisupervised,
and un-supervised. We are also focusing on
combining the best features from data mining and machine
learning approach and will propose the hybrid approach
which gives better result than discussing methodology.
[1] Jungsuk Song, Hiroki Takakura, Yasuo Okabe, Koji
Nakao, “Toward a more practical unsupervised
anomaly detection system”, Information Sciences 231
(2013) 4–14
[2] Ji Zhang, Hongzhou Li, Qigang Gao, Hai Wang,
Yonglong Luo, “Detecting anomalies from big network
traffic data using an adaptive detection approach ”,
Information Sciences 318 (2015) 91–110
[3] Panos Louvieris, Natalie Clewley, Xiaohui Liu,
“Effects-based Feature Identification for Network
Intrusion Detection”, Neurocomputing121(2013)265–
273.
[4] Amin Karami, Manel Guerrero-Zapata, “A Fuzzy
Anomaly Detection System based on Hybrid PSOKmeans
Algorithm in Content-Centric Networks”,
Neurocomputing149 (2015)1253–1269.
[5] Sampada Chavan, Khusbu Shah, Neha Dave,
Sanghamitra Mukherjee, Ajith Abraham and Sugata
Sanyal, “Anomaly Detection: A Survey”, ACM
Comput. Surv. 41, 3, Article 15 (July 2009), 58 pages.
DOI = 10.1145/1541880.1541882.
[6] Varun Chandola, Arindam Banerjee, and Vipin Kumar,
“Adaptive Neuro-Fuzzy Intrusion Detection Systems”,
IEEE(ITCC 2004), Proceedings of ITCC 2004, Vol. 1,
April, 2004, Las Vegas, Nevada, USA pp. 70-74.
[7] M. Lotfi Shahreza, D. Moazzami, B. Moshiri, M.R.
Delav,” Anomaly detection Using a Self-Organizing
Map and Particle Swarm Optimization”, Scientia
Iranica D (2011) 18 (6), 1460–1468.
[8] Xiaojin, Zhu ‘‘Semi-supervised learning literature
survey’’, Computer Sciences TR 1530, University of
Wisconsin–Madison, Last modified on July 19 (2008).
[9] Ujwala Ravale, Nilesh Marathe, Puja Padiya, “Feature
Selection Based Hybrid Anomaly Intrusion Detection
System Using K Means and RBF Kernel Function”,
Procedia Computer Science 45 ( 2015 ) 428 – 435
[10] Basant Agarwal, Namita Mittal, “Hybrid Approach for
Detection of Anomaly Network Traffic using Data
Mining Techniques” ,Procedia Technology 6 ( 2012 )
996 – 1003.
[11] Zhe Yao, Philip Mark, and Michael Rabbat, “Anomaly
Detection Using Proximity Graph and PageRank
Algorithm” ,IEEE transactions on information
forensics and security, vol. 7, no. 4, august 2012.
[12] S. C. Lee and D. V. Heinbuch, “Training a Neuralnetwork
based Intrusion Detector to Recognize
Novel Attacks”, IEEE Trans. Syst. Man Cybern. A, vol.
31, no. 4, pp. 294–299, 2001.
[13] J. Q. Xian, F. H. Lang, and X. L. Tang, “A Novel
Intrusion Detection Method based on Clonal Selection
Clustering Algorithm”, in Proc.(ICMLC) .USA: IEEE
Press, 2005, vol.6.
[14] M. Amini, R. Jalili, and H. R. Shahriari, “RT-UNNID:
A Practical Solution to Real-Time Network-based
Intrusion Detection using Unsupervised Neural
Networks”, Computers & Security, vol. 25, no. 6, pp.
459–468,2006.
[15] W. Chimphlee, A. H. Abdullah, M. S. M. Noor, S.
Srinoy, and S. Chimphlee, “Anomaly-Based Intrusion
Detection using Fuzzy Rough Clustering”, in Proc
(ICHIT), vol. 01. Washington, DC, USA: IEEE
Computer Society, 2006, pp. 329–334.
[16] G. Liu, Z. Yi, and S. Yang, “A Hierarchical Intrusion
Detection Model based on the PCA Neural Networks”,
Neurocomputing, vol. 70, no. 7-9, pp. 1561–1568,
2007.
[17] R. C. Chen, K. F. Cheng, Y. H. Chen, and C. F. Hsieh,
“Using Rough Set and Support Vector Machine for
Network Intrusion Detection System”, in Proc.
(FACIIDS). Washington, DC, USA: IEEE Computer
Society, 2009, pp. 465–470.
[18] S. Mabu, C. Chen, N. Lu, K. Shimada, and K.
Hirasawa, “An Intrusion-Detection Model Based on
Fuzzy Class-Association-Rule Mining Using Genetic
Network Programming”, IEEE Trans. Syst. Man
Cybern. Part C Appl. Rev., vol. 41, no. 1, pp. 130–139,
2011.
[19] A. Visconti and H. Tahayori, “Artificial Immune
System Based on Interval Type-2 Fuzzy Set Paradigm”,
Applied Soft Computing, vol. 11, no. 6, pp. 4055–4063,
September 2011.
[20] F. Geramiraz, A. S. Memaripour, and M. Abbaspour,
“Adaptive Anomaly-Based Intrusion Detection System
Using Fuzzy Controller”, International Journal of
Network Security, vol. 14, no. 6, pp. 352–361, 2012.