Volume 1 Issue 4 | 2024 | View PDF
Paper Id:IJMSM-V1I4P109
doi: 10.71141/30485037/V1I4P109

Machine Learning Applications in Intrusion Detection: A Comprehensive Review

Anitha Mareedu

Citation:
Anitha Mareedu, "Machine Learning Applications in Intrusion Detection: A Comprehensive Review" International Journal of Multidisciplinary on Science and Management, Vol. 1, No. 4, pp. 66-78, 2024.

Abstract:
The rapid growth of digital technologies and interconnected systems has significantly expanded the attack surface for cybercriminals, leading to a surge in sophisticated cyber threats such as advanced persistent threats (APTs), ransomware, and zero-day exploits. The existing scheme of IDS is the so-called Traditional Intrusion Detection Systems, based mainly on signature-based detection, but with the limitations concerning the capability to detect new attacks and the necessity to update them on a regular basis. In regard to these difficulties, Machine Learning (ML)-based IDS was observed as a potential paradigm and provided greater levels of both adaptability and scalability, as well as the capacity to identify threats even in instances when they have never been observed before. This survey investigates the use of ML in the detection of intrusions in a detailed manner that considers three fundamental aspects, namely, feature engineering, supervised-learning models, and benchmarking practices of IDS/IPS. It is discussed in the way of exploring the classic and new IDS datasets, methods of selecting and extracting features, and the effectiveness of the supervised algorithms directives, e.g., use of decision trees, use of support vector machines, and use of deep neural networks. It also singles out benchmarking tools such as Snort, Suricata, and Zeek, as well as principal evaluation metrics such as accuracy, precision, recall, and latency. Nevertheless, ML-based IDS still have serious problems, such as data imbalance, adversarial attacks, and implementation in real-time IoT and clouds. New research topics like federated learning to train privacy-preserving models, explainable AI to make models understandable and blockchain/quantum-resistant IDS designs are also brought up. Through the solutions of these issues and through the application of the latest advancements in technologies, ML-based IDS may become powerful and intelligent tools able to protect a network against the dynamic threat that continuously spreads on modern networks.

Keywords: Intrusion Detection System (IDS), Machine Learning, Feature Engineering, Benchmarking, Supervised Learning

References:
[1] D. Dimitrov and W. Willian, “The impact of the advanced technologies over the cyber attacks surface,” in Computer Science On-line Conference, Cham: Springer International Publishing, 2020.
[2] I. Stellios, P. Kotzanikolaou, and M. Psarakis, “Advanced persistent threats and zero-day exploits in industrial Internet of Things,” in Security and Privacy Trends in the Industrial Internet of Things, Cham: Springer International Publishing, 2019, pp. 47–68.
[3] K. Coulibaly, “An overview of intrusion detection and prevention systems,” arXiv preprint, arXiv:2004.08967, 2020.
[4] K. I. Iyer, “From signatures to behavior: Evolving strategies for next-generation intrusion detection,” Eur. J. Adv. Eng. Technol., vol. 8, no. 6, pp. 165–171, 2021.
[5] M. Weqar, S. Mehfuz, and D. Gupta, “Autonomous device discovery for IoT: Challenges and future research directions,” in Internet of Things, Chapman and Hall/CRC, 2023, pp. 257–276.
[6] M. Verkerken et al., “A novel multi-stage approach for hierarchical intrusion detection,” IEEE Trans. Netw. Serv. Manag., vol. 20, no. 3, pp. 3915–3929, 2023.
[7] F. Van Wyk et al., “Real-time sensor anomaly detection and identification in automated vehicles,” IEEE Trans. Intell. Transp. Syst., vol. 21, no. 3, pp. 1264–1276, 2019.
[8] J. Jangid and S. Dixit, The AI Renaissance: Innovations, Ethics, and the Future of Intelligent Systems, vol. 1. Technoscience Academy, 2023.
[9] M. G. Yaseen and A. S. Albahri, “Mapping the evolution of intrusion detection in big data: A bibliometric analysis,” Mesopotamian J. Big Data, 2023, pp. 138–148.
[10] A. A. Aburomman and M. B. I. Reaz, “A novel weighted support vector machines multiclass classifier based on differential evolution for intrusion detection systems,” Inf. Sci., vol. 414, pp. 225–246, 201.
[11] Y. Otoum and A. Nayak, “As-ids: Anomaly and signature based ids for the internet of things,” J. Netw. Syst. Manag., vol. 29, no. 3, p. 23, 2021.
[12] A. Khraisat and A. Alazab, “A critical review of intrusion detection systems in the internet of things: Techniques, deployment strategy, validation strategy, attacks, public datasets and challenges,” Cybersecurity, vol. 4, no. 1, p. 18, 2021.
[13] Z. K. Maseer et al., “Benchmarking of machine learning for anomaly based intrusion detection systems in the CICIDS2017 dataset,” IEEE Access, vol. 9, pp. 22351–22370, 2021.
[14] M. Dua, “Machine learning approach to ids: A comprehensive review,” in Proc. 3rd Int. Conf. Electron., Commun. Aerosp. Technol. (ICECA), 2019.
[15] Asharf, J., Moustafa, N., Khurshid, H., Debie, E., Haider, W., & Wahab, A. (2020). A Review of Intrusion Detection Systems Using Machine and Deep Learning in Internet of Things: Challenges, Solutions and Future Directions. Electronics, 9(7), 1177. https://doi.org/10.3390/electronics9071177
[16] D. D. Protić, “Review of KDD Cup ‘99, NSL-KDD and Kyoto 2006+ datasets,” Vojnotehnički Glasnik/Mil. Tech. Courier, vol. 66, no. 3, pp. 580–596, 2018.
[17] N. Moustafa and J. Slay, “UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set),” in 2015 Mil. Commun. Inf. Syst. Conf. (MilCIS), IEEE, 2015.
[18] D. Ramyachitra and P. Manikandan, “Imbalanced dataset classification and solutions: A review,” Int. J. Comput. Bus. Res. (IJCBR), vol. 5, no. 4, pp. 1–29, 2014.
[19] A. Wang et al., “A data-driven study of DDoS attacks and their dynamics,” IEEE Trans. Dependable Secure Comput., vol. 17, no. 3, pp. 648–661, 2018.
[20] S. Rezaei and X. Liu, “Deep learning for encrypted traffic classification: An overview,” arXiv preprint, arXiv:1810.07906, 2018.
[21] F. Nargesian et al., “Learning feature engineering for classification,” in Proc. Int. Joint Conf. Artif. Intell. (IJCAI), vol. 17, 2017.
[22] S. Visalakshi and V. Radha, “A literature review of feature selection techniques and applications: Review of feature selection in data mining,” in 2014 IEEE Int. Conf. Comput. Intell. Comput. Res., 2014.
[23] A. Tharwat and W. Schenck, “A survey on active learning: State-of-the-art, practical challenges and research directions,” Mathematics, vol. 11, no. 4, p. 820, 2023.
[24] V. Jakkula, “Tutorial on support vector machine (SVM),” School of EECS, Washington State Univ., vol. 37, no. 2.5, pp. 3, 2006.
[25] J. Jangid, “Efficient training data caching for deep learning in edge computing networks,” Int. J. Sci. Res. Comput. Sci. Eng. Inf. Technol., vol. 7, no. 5, pp. 337–362, 2020, doi: 10.32628/CSEIT20631113.
[26] C. C. Aggarwal, Neural Networks and Deep Learning, vol. 10, no. 978. Cham: Springer, 2018.
[27] S. Dixit, “AI-powered risk modeling in quantum finance: Redefining enterprise decision systems,” Int. J. Sci. Res. Sci. Eng. Technol., vol. 9, no. 4, pp. 547–572, 2022, doi: 10.32628/IJSRSET221656.
[28] W. Park and S. Ahn, “Performance comparison and detection analysis in snort and suricata environment,” Wireless Pers. Commun., vol. 94, no. 2, pp. 241–252, 2017.
[29] A. Waleed, A. F. Jamali, and A. Masood, “Which open-source IDS? Snort, Suricata or Zeek,” Comput. Netw., vol. 213, p. 109116, 2022.
[30] Tait, K.-A., Sher Khan, J., Alqahtani, F., Shah, A. A., Khan, F. A., Ur Rehman, M., Boulila, W., & Ahmad, J. (2021). Intrusion Detection using Machine Learning Techniques: An Experimental Comparison. arXiv. https://doi.org/10.48550/arXiv.2105.13435