The use of artificial intelligence based techniques for intrusion detection: A review

Artificial Intelligence Review

Volumn 34, Issue 4, 2010, Pages 369-387

  Kumar, Gulshan ^b   Kumar, Krishan ^a   Sachdeva, Monika ^a  

^a Shaheed Bhagat Singh College of Engineering & Technology   (India)

^b NONE

Author keywords

Artificial intelligence; Ensemble system; Hybrid system; Intrusion; Intrusion detection system; Network security

Indexed keywords

ADAPTIVE SECURITY; AUDIT DATA; CLASSIFIER DESIGN; COMMERCIAL SERVICES; CURRENT STATUS; DATA SETS; ENSEMBLE SYSTEMS; EXPERIMENTAL ENVIRONMENT; FUTURE DIRECTIONS; HARDWARE AND SOFTWARE; INTERNET ATTACKS; INTRUSION; INTRUSION DETECTION SYSTEM; INTRUSION DETECTION SYSTEMS;

ARTIFICIAL INTELLIGENCE; COMPUTER CRIME; DATA HANDLING; ELECTRIC GROUNDING; HYBRID COMPUTERS; HYBRID SYSTEMS; INTERNET; NETWORK SECURITY;

INTRUSION DETECTION;

EID: 78650169163     PISSN: 02692821     EISSN: None     Source Type: Journal    
DOI: 10.1007/s10462-010-9179-5     Document Type: Article

References (96)

1. Agarwal R, Joshi M (2000) PNrule: a new framework for learning classifier models in data mining. Technical Report TR 00-015
2. Anderson D, Lunt T, Javitz H, Ann T, Valdes A (1995) Next generation intrusion detection expert system (NIDES). Technical report, SRI International USA
3. Axelsson S (1999) Research in intrusion detection system-a survey. CMU/SEI Technical Report
4. B Balajinath SV Raghavan 2001 Intrusion detection through learning behavior model Comput Commun 24 12 1202 1212 10.1016/S0140-3664(00)00364-9 (Pubitemid 32610612)
5. Beale J, Caswell B, Poor M (2004) Snort 2.1 intrusion detection, 2nd edn. Syngress Publishing, ISBN: 1931836043
6. Bivens A, Chandrika P, Smith R, Szymanski B (2002) Network-based intrusion detection using neural networks. In: Proceeding of ANNIE 2002 conference, ASME Press, pp 10-13
7. GA Carpenter S Grossberg N Markuzon JH Reynolds DB Rosen 1992 Fuzzy ARTMAP: a neural network architecture for incremental supervised learning of analog multidimensional maps IEEE Trans Neural Netw 3 698 713 10.1109/72.159059 (Pubitemid 23555782)
8. S Chebrolu A Abraham JP Thomas 2005 Feature deduction and ensemble design of intrusion detection systems Int J Comput Secur 24 4 295 307 10.1016/j.cose.2004.09.008 (Pubitemid 40752313)
9. Chen S Staniford, Cheung S, Crawford R, Dilger M, Frank J, Hoagland J, Levitt K, Wee C, Yip R, Zerkle D (1996) GrIDS-a graph-based intrusion detection system for large networks. In: Proceedings of 19th national information systems security conference
10. W-H Chen S-H Hsu H-P Shen 2005 Application of SVM and ANN for intrusion detection Comput Oper Res 32 2617 2634 1076.68547 10.1016/j.cor.2004.03.019 (Pubitemid 40219764)
11. Chittur A (2001) Model generation for an intrusion detection system using genetic algorithms. High School Honors Thesis, Ossining High School. In cooperation with Columbia University
12. CiscoSecure (2010) Cisco Secure IDS http://www.cisco.com/warp/public/cc/ pd/sqsw/sqidsz/index.shtml. Accessed 4 August 2010
13. Cohen WW (1995) Fast effective rule induction. In: Proceedings of the 12th international conference on machine learning. Tahoe City, Morgan Kaufmann, CA, pp 115-123
14. Crosbie M, Dole B, Ellis T, Krsul I, Spafford E (1996) IDIOT-users guide. Technical report TR-96-050. Purdue University, COAST Laboratory
15. Crosbie M, Spafford EH (1995) Active defense of a computer system using autonomous agents. Technical report CSD-TR- 95-008. Purdue University, West Lafayette
16. Cunningham R, Lippmann R (2000a) Detecting computer attackers: recognizing patterns of malicious stealthy behavior. MIT Lincoln Laboratory-presentation to CERIAS
17. R Cunningham R Lippmann 2000 Improving intrusion detection performance using keyword selection and neural networks Comput Netw 34 4 597 603 10.1016/S1389-1286(00)00140-7
18. Dasgupta D, Gonzalez FA (2001) An intelligent decision support system for intrusion detection and response. In: Proceedings of international workshop on mathematical methods, models and architectures for computer networks security (MMM-ACNS), St. Petersburg. Springer
19. Dickerson JE, Dickerson JA (2000) Fuzzy network profiling for intrusion detection. In: Proceedings of NAFIPS 19th international conference of the North American fuzzy information processing society, Atlanta
20. Dowell C, Ramstedt P (1990) The computerwatch data reduction tool. In: Proceedings of the 13th national computer security conference, Washington, DC
21. Duda RO, Hart PE (1973) Pattern classification and scene analysis. Wiley, New York
22. Ertoz L, Eilertson E, Lazarevic A, Tan P, Srivastava J, Kumar V, Dokas P (2004) The MINDS-Minnesota intrusion detection system. Next generation data mining. MIT Press, Cambridge
23. Fortuna C, Fortuna B, Mohorcic M (2007) Anomaly detection in computer networks using linear SVMs. SiKDD 2007, Ljubljana, Slovenia
24. P Garcia-Teodoro J Diaz-Verdejo G Macia-Fernandez E Vazquez 2009 Anomaly-based network intrusion detection: techniques, systems and challenges Comput Secur 28 18 28 10.1016/j.cose.2008.08.003
25. Gharibian F, Ghorbani AA (2007) Comparative study of supervised machine learning techniques for intrusion detection. In: Proceedings of fifth annual conference on communication networks and services research (CNSR'07), pp 350-358
26. Ghosh AK, Wanken J, Charron F (1998) Detecting anomalous and unknown intrusions against programs. In: Proceedings of the 14th annual computer security applications conference, IEEE, pp 259-267
27. Goldberg L, Wagner D, Thomans R (1996) A secure environment for untrusted helper applications: confining the Wily Hacker. In: Sixth USENIX security symposium
28. Gomez J, Dasgupta D (2001) Evolving fuzzy classifiers for intrusion detection. IEEE workshop on information assurance, United States Military Academy, NY
29. Guvenir GD (1997) Classification by voting feature intervals. In: Proceedings of the European conference on machine learning, pp 85-92
30. Habra J, Charlier le B, Mounji A, Mathieu I (1992) ASAX: software architecture and rule based language for universal audit trail analysis. In: Computer security, proceedings of ESORICS 92, 648 of LNCS, pp 435-440
31. Halme LR, Bauer RK (1995) AINT misbehaving: a taxonomy of anti-intrusion techniques. In: Proceedings of the 18th national information systems security conference. Baltimore, MD
32. Han S-J, Cho S-B (2006) Evolutionary neural networks for anomaly detection based on the behaviour of a program. IEEE Trans Syst Man Cybern
33. Hartigan JA (1975) Clustering algorithms. Wiley, New York
34. Hay A, Cid D, Bray R (2008) OSSEC host-based intrusion detection guide. Syngress Publishing, ISBN:159749240X
35. Heberlein LT, Dias GV, Levitt KN, Mukherjee B, Wood J, Wolber D (1990) A network security monitor. In: Symposium on research in security and privacy. Oakland, CA, pp 296-304
36. Heckerman D (1995) A tutorial on learning with Bayesian networks. Microsoft research, technical report MSRTR-95-06
37. J Hochberg K Jackson C Stallings J McClary D DuBois J Ford 1993 NADIR: an automated system for detecting network intrusions and misuse Comput Secur 12 3 248 253 10.1016/0167-4048(93)90110-Q
38. R Holte 1993 Very simple classification rules perform well on most commonly used datasets Mach Learn 11 63 91 0850.68278 10.1023/A:1022631118932
39. Hwang TS, Lee T-J, Lee Y-J (2007) A three-tier IDS via data mining approach. Workshop on mining network data (MineNet)
40. Idris NB, Shanmugam B (2005) Artificial intelligence techniques applied to intrusion detection. In: IEEE Indicon 2005 conference, Chennai, India, pp 52-55
41. K Ilgun AK Richard AP Phillip 1995 State transition analysis: a rule-based intrusion detection IEEE Trans Softw Eng 21 3 181 199 10.1109/32.372146
42. Internet Security Systems (ISS) (2010) Real Secure http://www.iss.net. Accessed 4 August 2010
43. Johansen K, Lee S (2003) CS424 network security: Bayesian Network Intrusion Detection (BINDS). http://citeseerx.ist.psu.edu/viewdoc/summary?doi= 10.1.1.83.8479
44. John GH, Langley P (1995) Estimating continuous distributions in Bayesian classifiers. In: Proceedings of the conference on uncertainty in artificial intelligence, pp 338-345
45. Kayacik G, Zincir-Heywood N, Heywood M (2003) On the capability of an SOM based intrusion detection system. In: Proceedings of the 2003 IEEE IJCNN, Portland, USA
46. Khan L, Awad M, Thuraisingham B (2007) A new intrusion detection system using support vector machines and hierarchical clustering. VLDB J 16
47. Kibler DA (1991) Instance-based learning algorithms. Mach Learn 37-66
48. Kim GH, Spafford EH (1997) Tripwire: a case study in integrity monitoring in internet beseiged: countering cyberspace scofflaws. Addison-Wesley, pp 175-210. ISBN 0-201-30820-7
49. Kruegel C, Mutz D, Robertson W, Valeur F (2003) Bayesian event classification for intrusion detection. In: Proceedings of 19th annual computer security applications conference, IEEE, pp 14-23
50. CM Kuok AW-C Fu MH Wong 1998 Mining fuzzy association rules in databases SIGMOD Rec 27 1 41 46 10.1145/273244.273257
51. Lee Y (1989) Classifiers: adaptive modules in pattern recognition systems. MIT, Department of Electrical Engineering and Computer Science, Cambridge
52. Leung K, Leckie C (2005) Unsupervised anomaly detection in network intrusion detection using clusters. In: Proceedings of twenty-eighth Australasian computer science conference (ACSC2005). Newcastle, Australia, pp 333-342
53. I Levin 2000 KDD-99 classifier learning contest LLSoft's results overview SIGKDD Explor 1 2 67 75 10.1145/846183.846201
54. Li W (2004) Using genetic algorithm for network intrusion detection. C. S. G. Department of Energy, Ed, pp 1-8
55. Y Liao VR Vemuri 2002 Use of K-nearest neighbor classifier for intrusion detection Comput Secur 21 439 448 10.1016/S0167-4048(02)00514-X (Pubitemid 34835644)
56. Lunt T, Tamaru A, Gilham F, Jagannathan R, Jalali C, Neumann PG, Javitz HS, Valdes A, Garvey TD (1992) A real time intrusion detection expert system (IDES)-final report, SRI International, Menlo Park, CA
57. Luo J (1999) Integrating fuzzy logic with data mining methods for intrusion detection. Masters thesis, Mississippi State University
58. Mahoney MV, Chan PK (2001) PHAD: packet header anomaly detection for identifying hostile network traffic. Department of Computer Sciences, Florida Institute of Technology, Melbourne, FL, USA, Technical Report CS-2001-4
59. Mahoney MV, Chan PK (2002a) Learning models of network traffic for detecting novel attacks. Computer Science Department, Florida Institute of Technology CS-2002-8
60. Mahoney MV, Chan PK (2002b) Learning non stationary models of normal network traffic for detecting novel attacks. In: Proceedings of eighth ACM SIGKDD international conference on knowledge discovery and data mining. Edmonton, Canada, pp 376-385
61. Mannila H, Toivone H (1996) Discovering generalized episodes using minimal occurrences. In: Proceedings of the second international conference on knowledge discovery and data mining
62. E Menahem A Shabtai L Rokach Y Elovici 2009 Improving malware detection by applying multi-inducer ensemble Comput Stat Data Anal 53 4 1483 1494 05687862 10.1016/j.csda.2008.10.015
63. MIT Lincoln Laboratory (2001) 1999 DARPA intrusion detection evaluation design and procedure. DARPA technical report
64. Mukkamala S, Sung AH (2003a) Artificial intelligent techniques for intrusion detection. IEEE Int Conf Syst Man Cybern
65. Mukkamala S, Sung AH (2003b) A comparative study of techniques for intrusion detection. In: Proceedings of the 15th IEEE international conference on tools with artificial intelligence (ICTAI'03)
66. S Mukkamala AH Sung A Abraham 2005 Intrusion detection using an ensemble of intelligent paradigms J Netw Comput Appl 28 167 182 10.1016/j.jnca.2004.01. 003 (Pubitemid 40003209)
67. D Novikov RV Yampolskiy L Reznik 2006 Artificial intelligence approaches for intrusion detection. Systems, applications and technology conference, LISAT 2006 IEEE Long Island 5 5 1 8
68. Panda M, Patra MR (2008) A comparative study of data mining algorithms for network intrusion detection. In: Proceedings of first international conference on emerging trends in engineering and technology, IEEE computer society
69. Patcha A, Park JM (2007) An overview of anomaly detection techniques: existing solutions and latest technological trends. Comput Netw. doi: 10.1016/j.comnet.2007.02.001 (Pubitemid 46921030)
70. Z Pawlak 1982 Rough sets Int J Comput Inf Sci 11 341 356 0501.68053 10.1007/BF01001956 703291
71. Paxson V (1998) Bro: a system for detecting network intruders in real-time. In: Proceedings of the 7th USENIX security symposium. San Antonio, TX
72. S Peddabachigari A Abraham C Grosan J Thomas 2007 Modeling intrusion detection system using hybrid intelligent systems J Netw Comput Appl 30 114 132 10.1016/j.jnca.2005.06.003 (Pubitemid 44666486)
73. Ponce (2004) Intrusion detection system with artificial intelligence. In: FIST conference-edition-1/28 Universidad Pontificia Comillas de Madrid
74. Porras PA, Neumann PG (1997) EMERLAD. In: Proceedings of 20th national information systems security conference, USA, pp 353-365
75. Portnoy L, Eskin E, Stolfo SJ (2001) Intrusion detection with unlabeled data using clustering. In: Proceedings of the ACM workshop on data mining applied to security
76. Quinlan JR (1993) C4.5 Programs for machine learning. Morgan Kaufmann San Mateo Ca
77. Rawat Sanjay (2005) Efficient data mining algorithms for intrusion detection. Ph.D. thesis, University of Hyderabad, Hyderabad
78. Lior Rokach 2010 Ensemble-based classifiers Artif Intell Rev 33 1-2 1 39 10.1007/s10462-009-9124-7
79. Ryan J, Lin M-J, Risto M (1997) Intrusion detection with neural networks. Adv Neural Inf Process Syst MIT 943-949
80. Sabhnani M, Serpen G (2003) Application of machine learning algorithms to KDD intrusion detection dataset within misuse detection context. EECS, University of Toledo
81. Samhain labs (2010) The SAMHAIN file integrity/intrusion detection system. http://la-samhna.de/samhain/. Accessed 27 Aug 2010
82. Sebring MM, Sellhouse E, Hanna ME, Whitehurst RA (1988) Expert system in intrusion detection: a case study. In: Proceedings of the 11th national computer security conference, Baltimore, MD, pp 74-81
83. Smaha SE (1988) Haystack: an intrusion detection system. In: The fourth aerospace computer security applications conference, Orlando, FL
84. EH Spafford D Zamboni 2000 Intrusion detection using autonomous agents Comput Netw 34 4 547 570 10.1016/S1389-1286(00)00136-5
85. Staniford-Chen S, Tung B, Schnackenberg D (1998) The common intrusion detection framework (CIDF). Information survivability workshop, Orlando, FL
86. Stein G, Chen B, Wu AS, Hua KA (2005) Decision tree classifier for network intrusion detection with GA-based feature selection. In: Proceedings of the 43rd annual southeast regional conference ACM vol 2, pp 136-141
87. Stolfo S, Prodromidis AL, Chan PK (1997) JAM: Java agents for meta-learning over distributed databases. In: Proceedings of the third international conference on knowledge discovery and data mining
88. Stoneburner G (2001) Underlying models for information technology security. NIST Special Publication 800-33
89. Sung H, Mukkamala S (2003) Feature selection for intrusion detection using neural networks and support vector machines. In: 82nd annual meeting of the transportation research board of the national academies, Washington DC, USA
90. C-F Tsai Y-F Hsu C-Y Lin W-Y Lin 2009 Intrusion detection by machine learning: a review Expert Syst Appl 36 10 11994 12000 10.1016/j.eswa.2009.05.029
91. Vaccaro HS, Liepins GE (1989) Detection of anomalous computer session activity. In: Proceedings of IEEE symposium on security and privacy, pp 280-289
92. Vapnik V (1998) Statistical learning theory. Wiley, New York
93. Wang F, Qian Y, Dai Y, Wang Z (2010) A model based on hybrid support vector machine and self-organizing map for anomaly detection. In: International conference on communications and mobile computing, cmc 2010, vol 1. Shenzhen, China, pp 97-101
94. Witten IH, Frank E (2005) Data mining-practical machine learning tools and techniques, 2nd ed. Morgan Kaufmann ISBN 0-12-088407-0
95. Ypma A, Duin R (1998) Novelty detection using self-organizing maps. Progress in connectionist-based information systems, 2
96. A Zainal MA Maarof SM Shamsuddin 2009 Ensemble classifiers for network intrusion detection system J Inf Assur Secur 4 217 225