Journal of Network Security

Networks play a significant part in today’s world; fast internet and communication industries result in vast network size and data expansion. Furthermore, attackers aiming to launch various cyberattacks inside the system cannot be neglected. An IDS keeps track of the network’s software and hardware security to preserve its privacy, integrity, and accessibility. Despite the significant efforts of the researchers, current IDS continue to confront challenges in terms of accuracy rate, reducing false alerts, and detecting new attacks. To overcome the challenges listed above, IDS-based on ML and DL systems have recently been developed as practical approaches to identifying intrusions across the network effectively. As machine learning approaches generally apply, they can also discover unknown risks. DL is a high-performance ML subfield that becomes a significant study subject. This study first clarifies the IDS idea and taxonomy. Then there are regularly used machine and deep learning algorithms and assessment criteria and datasets utilized in network-based IDS design. In this comprehensive study of existing IDS-based studies, the approach employed in suggested solutions is explored. Finally, we emphasized a variety of research problems and suggested future research topics to improve ML and DL based NIDS by using current approaches limitations.

Tarter A. Importance of cybersecurity. Community Policing-A European Perspective: Strategies, Best Practices, and Guidelines. New York, NY: Springer; 2017; 213–230.

Lunt TF. A survey of intrusion detection techniques. Comput Sec. 1993; 12(4): 405–418. https://Doi.org/10.1016/0167-4048(93)90029–5.

Anderson JP. Computer Security Threat Monitoring and Surveillance. Technical Report. Philadelphia, PA, USA: James P. Anderson Company; 1980.

Prasad R, Rohokale V. Artificial intelligence and machine learning in cybersecurity. Cyber Security: The Lifeline of Information and Communication Technology. New York, NY: Springer; 2020; 231–247.

Lew J, Shah DA, Pati S, et al. Analyzing machine learning workloads using a detailed GPU simulator. Paper presented at Proceedings of the IEEE International Symposium on Performance Analysis of Systems and Software (ISPASS). Madison, WI, USA: IEEE; 2019; 151–152.

Buczak AL, Guven E. A survey of data mining and machine learning methods for cybersecurity intrusion detection. IEEE Commun Surv Tutor. 2015; 18(2): 1153–1176.

Xin Y, Kong L, Liu Z, Chen Y, Li Y, Zhu H, Gao M, Hou H, Wang C. Machine learning and deep learning methods for cybersecurity. IEEE Access. 2018; 6: 35365–35381.

Agrawal S, Agrawal J. Survey on anomaly detection using data mining techniques. Procedia Comput Sci. 2015; 60: 708–713.

Buczak AL, Guven E. A survey of data mining and machine learning methods for cybersecurity intrusion detection. IEEE Commun Surv Tutor. 2015; 18(2): 1153–1176. https://Doi.org/10.1109/COMST.2015.2494502.

Zeeshan Ahmad, Adnan Shahid Khan, Cheah Wai Shiang, Johari Abdullah, Farhan Ahmad. Network intrusion detection system: A systematic study of machine learning and deep learning approaches. Transactions on Emerging Telecommunications Technologies (ETT). 2020 Oct 16; 32(1): e4150. https://Doi.org/10.1002/ett.4150.

Nayyar A, Rameshwar R, Solanki A. Internet of Things (IoT) and Digital Business Environment – A Standpoint Inclusive Cyber Space, Cyber Crimes and Cyber Security. In Edited book “The Evolution of Business in the Cyber Age: Digital Transformation, Threats and Security” accepted for publication CRC Press, Taylor & Francis Group; 2018.

Simar Preet Singh, Arun Solanki, Tarana Singh, Akash Tayal. Internet of Intelligent Things: Injection of Intelligence into IoT Devices. Artificial Intelligence to Solve Pervasive Internet of Things Issues. Academic Press, Elsevier; 2021; 85–102.

Intrusion Detection System (IDS). Web link: https://www.geeksforgeeks.org/intrusion-detection-system- ids.

Types of ML Algorithms. Web Link: https://www.analyticsvidhya.com/blog/2017/09/common- machine- learning-algorithms/. Accessed on 4 July 2021

Hongyu Liu, Bo Lang. Machine Learning and Deep Learning Methods for Intrusion Detection Systems: A Survey. Appl Sci. 2019; 9(20): 43962019. Link: https://www.mdpi.com/2076-3417/9/20/4396/htm#sec3dot1dot2-applsci-09-04396.

Malik N, Solanki A. Simulation of Human Brain: Artificial Intelligence-Based Learning. Impact of AI Technologies on Teaching, Learning, and Research in Higher Education. 2020; 150–160.

Buczak Anna L, et al. A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection. IEEE Commun Surv Tutor. 2016; 18(2): 1153–1176. Paper link: https://ieeexplore.ieee.org/document/7307098.

Agarwal A, Solanki A. An Improved Data Clustering Algorithm for Outlier Detection. Selforganizology. 2016; 3(4): 121–139.

Ahuja R, Solanki A. Movie Recommender System Using K-Means Clustering AND K-Nearest Neighbor. Confluence 2019: 9th International Conference on Cloud Computing, Data Science & Engineering, Amity University, Noida. 2019; 263–268. DOI: 10.1109/CONFLUENCE.2019.8776969 (IEEE Explore).

Rani S, Solanki A. Data Imputation in Wireless Sensor Network Using Deep Learning Techniques. In: Khanna A, Gupta D, Pólkowski Z, Bhattacharyya S, Castillo O, editors. Data Analytics and Management. Lecture Notes on Data Engineering and Communications Technologies. Vol. 54. Singapore: Springer; 2021. https://Doi.org/10.1007/978-981-15-8335-3_44.

Vincent P, Larochelle H, Bengio Y, Manzagol PA. Extracting and composing robust features with denoising autoencoders. In Proceedings of the 25th International Conference on Machine Learning, Helsinki, Finland. 2008 Jul 5–9; 1096–1103.

Vincent P, Larochelle H, Lajoie I, Bengio Y, Manzagol PA. Stacked denoising autoencoders: Learning useful representations in a deep network with a local denoising criterion. J Mach Learn Res. 2010; 11: 3371–3408.

Deng J, Zhang Z, Marchi E, Schuller B. Sparse autoencoder-based feature transfer learning for speech emotion recognition. In Proceedings of the 2013 Humaine Association Conference on Affective Computing and Intelligent Interaction, Geneva, Switzerland. 2013 Sep 2–5; 511–516.

Hinton GE. A practical guide to training restricted Boltzmann machines. In Neural Networks: Tricks of the Trade; Berlin, Germany: Springer; 2012; 599–619.

Hinton GE, Osindero S, Teh YW. A fast-learning algorithm for deep belief nets. Neural Comput. 2006; 18: 1527–1554.

Bureau YL, Cun YL, Ranzato MA. Sparse feature learning for deep belief networks. In Proceedings of the 21st Annual Conference on Neural Information Processing Systems, Vancouver, BC, Canada. 2008 Dec 8–10; 1185–1192.

Zhao G, Zhang C, Zheng L. Intrusion detection using deep belief network and probabilistic neural network. In Proceedings of the 2017 IEEE International Conference on Computational Science and Engineering (CSE) and IEEE International Conference on Embedded and Ubiquitous Computing (EUC), Guangzhou, China. 2017 Jul 21–24; 1: 639–642.

Alrawashdeh K, Purdy C. Toward an online anomaly intrusion detection system based on deep learning. In Proceedings of the 2016 15th IEEE International Conference on Machine Learning and Applications (ICMLA), Anaheim, CA, USA. 2016 Dec 18–20; 195–200.

Yang Y, Zheng K, Wu C, Niu X, Yang Y. Building an effective intrusion detection system using the modified density peak clustering algorithm and deep belief networks. Appl Sci. 2019; 9(2): 238.

Sharif Razavian A, Azizpour H, Sullivan J, Carlsson S. CNN features off-the-shelf: An astounding baseline for recognition. In Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition Workshops, Columbus, OH, USA. 2014 Jun 23–28; 806–813.

Krizhevsky A, Sutskever I, Hinton GE. Imagenet classification with deep convolutional neural networks. In Proceedings of the 26th Annual Conference on Neural Information Processing Systems, Lake Tahoe, NV, USA. 2012 Dec 3–6; 1097–1105.

Lawrence S, Giles CL, Tsoi AC, Back AD. Face recognition: A convolutional neural-network approach. IEEE Trans Neural Netw. 1997; 8(1): 98–113.

Graves A, Mohamed AR, Hinton G. Speech recognition with deep recurrent neural networks. In Proceedings of the 2013 IEEE International Conference on Acoustics, Speech and Signal Processing, Vancouver, BC, Canada. 2013 May 26–31; 6645–6649.

Graves A, Jaitly N. Towards end-to-end speech recognition with recurrent neural networks. In Proceedings of the International Conference on Machine Learning, Beijing, China. 2014 Jun 21–26; 1764–1772.

Sutskever I, Vinyals O, Le QV. Sequence to sequence learning with neural networks. In Proceedings of the Annual Conference on Neural Information Processing Systems 2014, Montreal, QC, Canada. 2014 Dec 8–13; 3104–3112.

Hochreiter S, Schmidhuber J. Long short-term memory. Neural Comput. 1997; 9(8): 1735–1780.

Chung J, Gulcehre C, Cho K, Bengio Y. Empirical evaluation of gated recurrent neural networks on sequence modeling. arXiv 2014; arXiv:1412.3555.

Schuster M, Paliwal KK. Bidirectional recurrent neural networks. IEEE Trans Signal Process. 1997; 45(11): 2673–2681.

DARPA1998 Dataset. 1998. Link: http://www.ll.mit.edu/r-d/datasets/1998-darpa-intrusion-detection- evaluation-dataset. Accessed on 5 July 2021.

GANs in action. Web Link: https://livebook.manning.com/book/gans-in-action/chapter-1/28. Accessed on 6 July 2021.

Bay S. The UCI KDD Archive [http://kdd.ics.uci.edu]. Irvine, CA: University of California, Department of Computer Science; 1999.

Song J, Takakura H, Okabe Y, Eto M, Inoue D, Nakao K. Statistical analysis of honeypot data and building of Kyoto 2006+ dataset for NIDS evaluation. Paper presented at: Proceedings of the 1st Workshop on Building Analysis Datasets and Gathering Experience Returns for Security. Salzburg Austria: 2011; 29–36.

Tavallaee M, Bagheri E, Lu W, Ghorbani AA. A detailed analysis of the KDD CUP 99 data set. Paper presented at: Proceedings of the IEEE Symposium on Computational Intelligence for Security and Defense Applications. Ottawa, ON, Canada: IEEE; 2009; 1–6.

Moustafa N, Slay J. UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). Paper presented at: Proceedings of the Military Communications and Information Systems Conference (MilCIS). Canberra, ACT, Australia: IEEE; 2015; 1–6.

Sharafaldin I, Lashkari AH, Ghorbani AA. Toward generating a new intrusion detection dataset and intrusion traffic characterization. Paper presented at: Proceedings of the 4th International Conference on Information Systems Security and Privacy (ICISSP). Madeira, Portugal. 2018; 108–116.

UNSW Sydney. The BoT-IoT Dataset. [Online]. Available from https://research.unsw.edu.au/projects/bot-iot-dataset.

Caida. The CAIDA "DDoS Attack 2007" Dataset. [Online]. Available from https://www.caida.org/catalog/datasets/ddos-20070804_dataset/.

Muhammad Hilmi Kamarudin, Carsten Maple, Tim Watson, Nader Sohrabi Safa. A New Unified Intrusion Anomaly Detection in Identifying Unseen Web Attacks. Security and Communication Networks. 2017; 2017: Article ID 2539034 (18 pages). https://Doi.org/10.1155/2017/253903.

KDD99Dataset. Link: http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html. Accessed on 5 July 2021.

NSL-KDD99 Dataset. 2009. Available online: https://www.unb.ca/cic/datasets/nsl.html. Accessed on 5 July 2021.

Moustafa N, Slay J. UNSW-NB15: A comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). In Proceedings of the 2015 Military Communications and Information Systems Conference (MilCIS), Canberra, Australia. 2015 Nov 10–12; 1–6.

Moustafa N, Slay J. The evaluation of network anomaly detection systems: statistical analysis of the UNSW- NB15 data set and the comparison with the KDD99 data set. Inf Sec J A Global Perspect. 2016; 25(1–3): 18–31. https://Doi.org/10.1080/19393555.2015.11259.

Song J, Takakura H, Okabe Y, Eto M, Inoue D, Nakao K. Statistical analysis of honeypot data and building of Kyoto 2006+ dataset for NIDS evaluation. Paper presented at Proceedings of the 1st Workshop on Building Analysis Datasets and Gathering Experience Returns for Security; Salzburg Austria. 2011; 29–36.

Sharafaldin I, Lashkari AH, Ghorbani AA. Toward generating a new intrusion detection dataset and intrusion traffic characterization. Paper presented at Proceedings of the 4th International Conference on Information Systems Security and Privacy (ICISSP). Madeira, Portugal. 2018; 108–116.

Lashkari AH, Draper-Gil G, Mamun MSI, Ghorbani AA. Characterization of tor traffic using time-based features. Paper presented at Proceedings of the 3rd International Conference on Information Systems Security and Privacy (ICISSP). Porto, Portugal. 2017; 253–262.

Abdulhammed R, Musafer H, Alessa A, Faezipour M, Abuzneid A. Features dimensionality reduction approaches for machine learning-based network intrusion detection. Electronics. 2019; 8(3): 322. https://Doi.org/10.3390/electronics8030322.

Karatas G, Demir O, Sahingoz OK. Increasing the performance of machine learning-based IDSs on an imbalanced and up-to-date dataset. IEEE Access. 2020; 8: 32150–32162. https://Doi.org/10.1109/ACCESS.2020.2973219.

Sharafaldin I, Lashkari AH, Ghorbani AA. Toward generating a new intrusion detection dataset and intrusion traffic characterization. Paper presented at Proceedings of the 4th International Conference on Information Systems Security and Privacy (ICISSP). Madeira, Portugal. 2018; 108–116.

Hick P, Aben E, Claffy K, Polterock J. The CAIDA DDoS attack 2007 dataset. 2007.

Shiravi A, Shiravi H, Tavallaee M, Ghorbani AA. Toward developing a systematic approach to generate benchmark datasets for intrusion detection. Comput Secur. 2012; 31(3): 357–374.

Kaushik Sapna S, Deshmukh PR. Detection of Attacks in an Intrusion Detection. Int J Comput Sci Inf Technol. 2011; 2(3): 982–986.

Nour Moustafa. (2019 Oct 16). The Bot-IoT dataset. IEEE Dataport. DOI: https://dx.Doi.org/10.21227/r7v2-x988.

Deng X, Liu Q, Deng Y, Mahadevan S. An improved method to construct basic probability assignment based on the confusion matrix for classification problem. Inf Sci. 2016; 340–341: 250–261. https://Doi.org/10.1016/j.ins.2016.01.033.

Zeeshan Ahmad, Adnan Shahid Khan, Cheah Wai Shiang, Johari Abdullah, Farhan Ahmad. Network intrusion detection system: A systematic study of machine learning and deep learning approaches. Transactions on Emerging Telecommunications Technologies (ETT). 2020; 32(1): e4150. https://onlinelibrary.wiley.com/Doi/full/10.1002/ett.4150.

Yin C, Zhu Y, Fei J, He X. A Deep Learning Approach for Intrusion Detection Using Recurrent Neural Networks. IEEE Access. 2017; 5: 21954–21961. DOI: 10.1109/ACCESS.2017.2762418.

Yanping Shen, Kangfeng Zheng, Chunhua Wu, Mingwu Zhang, Xinxin Niu, Yixian Yang. An Ensemble Method based on Selection Using Bat Algorithm for Intrusion Detection. Comput J. 2018 Apr; 61(4): 526–538. https://Doi.org/10.1093/comjnl/bxx101.

Shone N, Ngoc TN, Phai VD, Shi Q. A Deep Learning Approach to Network Intrusion Detection. IEEE Trans Emerg Top Comput Intell. 2018 Feb; 2(1): 41–50. DOI: 10.1109/TETCI.2017.2772792.

Ali MH, Al Mohammed BAD, Ismail A, Zolkipli MF. A New Intrusion Detection System Based on Fast Learning Network and Particle Swarm Optimization. IEEE Access. 2018; 6: 20255–20261. DOI: 10.1109/ACCESS.2018.2820092.

Jia Y, Wang M, Wang Y. Network intrusion Detection Algorithm based on Deep Neural Network. IET Inf Secur. 2018; 13(1): 48–53. https://Doi.org/10.1049/iet-ifs.2018.5258.

Wang Z. Deep Learning-Based Intrusion Detection with Adversaries. IEEE Access. 2018; 6: 38367–38384. Doi: 10.1109/ACCESS.2018.2854599.

Yan B, Han G. Effective Feature Extraction via Stacked Sparse Autoencoder to Improve Intrusion Detection System. IEEE Access. 2018; 6: 41238–41248. Doi: 10.1109/ACCESS.2018.2858277.

Naseer S, et al. Enhanced Network Anomaly Detection Based on Deep Neural Networks. IEEE Access. 2018; 6: 48231–48246. Doi: 10.1109/ACCESS.2018.2863036.

Xu C, Shen J, Du X, Zhang F. An Intrusion Detection System Using a Deep Neural Network with Gated Recurrent Units. IEEE Access. 2018; 6: 48697–48707. Doi: 10.1109/ACCESS.2018.2867564.

Al-Qatf M, Lasheng Y, Al-Habib M, Al-Sabahi K. Deep Learning Approach Combining Sparse Autoencoder with SVM for Network Intrusion Detection. IEEE Access. 2018; 6: 52843–52856. Doi: 10.1109/ACCESS.2018.2869577.

Marir N, Wang H, Feng G, Li B, Jia M. Distributed Abnormal Behavior Detection Approach Based on Deep Belief Network and Ensemble SVM Using Spark. IEEE Access. 2018; 6: 59657–59671. Doi: 10.1109/ACCESS.2018.2875045.

Papamartzivanos D, Gómez Mármol F, Kambourakis G. Introducing Deep Learning Self-Adaptive Misuse Network Intrusion Detection Systems. IEEE Access. 2019; 7: 13546–13560. Doi: 10.1109/ACCESS.2019.2893871.

Khan FA, Gumaei A, Derhab A, Hussain A. A Novel Two-Stage Deep Learning Model for Efficient Network Intrusion Detection. IEEE Access. 2019; 7: 30373–30385. Doi: 10.1109/ACCESS.2019.2899721.

Xiao Y, Xing C, Zhang T, Zhao Z. An Intrusion Detection Model Based on Feature Reduction and Convolutional Neural Networks. IEEE Access. 2019; 7: 42210–42219. Doi: 10.1109/ACCESS.2019.2904620.

Yao H, Fu D, Zhang P, Li M, Liu Y. MSML: A Novel Multilevel Semi-Supervised Machine Learning Framework for Intrusion Detection System. IEEE Internet Things J. 2019 Apr; 6(2): 1949–1959. Doi: 10.1109/JIOT.2018.2873125.

Vinayakumar R, Alazab M, Soman KP, Poornachandran P, Al-Nemrat A, Venkatraman S. Deep Learning Approach for Intelligent Intrusion Detection System. IEEE Access. 2019; 7: 41525–41550. Doi: 10.1109/ACCESS.2019.2895334.

Gao X, Shan C, Hu C, Niu Z, Liu Z. An Adaptive Ensemble Machine Learning Model for Intrusion Detection. IEEE Access. 2019; 7: 82512–82521. Doi: 10.1109/ACCESS.2019.2923640.

Wei P, Li Y, Zhang Z, Hu T, Li Z, Liu D. An Optimization Method for Intrusion Detection Classification Model Based on Deep Belief Network. IEEE Access. 2019; 7: 87593–87605. Doi: 10.1109/ACCESS.2019.2925828.

Zhang X, Chen J, Zhou Y, Han L, Lin J. A Multiple-Layer Representation Learning Model for Network-Based Attack Detection. IEEE Access. 2019; 7: 91992–92008. Doi: 10.1109/ACCESS.2019.2927465.

Malaiya RK, Kwon D, Kim J, Suh SC, Kim H, Kim I. An Empirical Evaluation of Deep Learning for Network Anomaly Detection. 2018 International Conference on Computing, Networking and Communications (ICNC). 2018; 893–898. Doi: 10.1109/ICCNC.2018.8390278.

Karatas G, Demir O, Sahingoz OK. Increasing the Performance of Machine Learning-Based IDSs on an Imbalanced and Up-to-Date Dataset. IEEE Access. 2020; 8: 32150–32162. Doi: 10.1109/ACCESS.2020.2973219.

Jiang K, Wang W, Wang A, Wu H. Network Intrusion Detection Combined Hybrid Sampling With Deep Hierarchical Network. IEEE Access. 2020; 8: 32464–32476. Doi: 10.1109/ACCESS.2020.2973730.

Yang Y, Zheng K, Wu B, Yang Y, Wang X. Network Intrusion Detection Based on Supervised Adversarial Variational Auto-Encoder with Regularization. IEEE Access. 2020; 8: 42169–42184. Doi: 10.1109/ACCESS.2020.2977007.

Yu Y, Bian N. An Intrusion Detection Method Using Few-Shot Learning. IEEE Access. 2020; 8: 49730–49740. Doi: 10.1109/ACCESS.2020.2980136.

Andresini G, Appice A, Mauro ND, Loglisci C, Malerba D. Multi-Channel Deep Feature Learning for Intrusion Detection. IEEE Access. 2020; 8: 53346–53359. Doi: 10.1109/ACCESS.2020.2980937.

Yang Y, Xu HQ, Gao L, Yuan YB, McLaughlin K, Sezer S. Multidimensional intrusion detection system for IEC 61850-based SCADA networks. IEEE Trans Power Deliv. 2016; 32(2): 1068–1078. https://Doi.org/10.1109/TPWRD.2016.2603339.

Barka E, Kerrache CA, Benkraouda H, Shuaib K, Ahmad F, Kurugollu F. Towards a trusted unmanned aerial system using blockchain to protect critical infrastructure. Trans Emerg Telecommun Technol. 2019; e3706. https://Doi.org/10.1002/ett.3706.

Otoum Y, Liu D, Nayak A. DL-IDS: a deep learning-based intrusion detection framework for securing IoT. Trans Emerg Telecomm Technol. 2019; 33(3): e3803. https://Doi.org/10.1002/ett.3803.