Approach | Working idea | Dataset | Detection rate | False alarm |
---|---|---|---|---|
Unsupervised anomaly detection system [6] | Tune and optimize automatically the values of parameters without pre-defining them | From Kyoto University honeypot | – | – |
Multiclass SVM [7] | Attributes are optimized using k-fold cross validation. This technique can be used to decrease the rate of False-Negatives in the IDS | Self | – | – |
OC-SVM One-Class SVM [8] | Multistage OC-SVM and feature extraction represents a method to detect unknown attacks. Method is poor in second stage classifier to detection rate of unknown attacks | From Kyoto | 80.00 | 20.94 |
IG-ABC-SVM Information Gain-Artificial Bee Colony [9] | A combining IG feature selection and SVM classifier in IDS model is proposed. Experiments using just two swarm intelligence algorithms | NSL-KDD | 98.53 | 0.03 |
SbSVM [10] | Autonomous labeling algorithm of normal traffic (when the class distribution is not imbalanced). Not evaluated for real-time case | DARPA | 99 | 5.5 |
RS-ISVM-reserved set-incremental SVM [11] | An incremental SVM training algorithms is used, hybrid with modifying kernel function U-RBF Foreseeing attacks, specifically for attacks of U2R and R2L may not tolerate but oscillation problem solved | KDD Cup 1999 | 89.17 | 4.9 |
SVM-GA [12] | Hybrid model by combining (GA and SVM) | KDD CUP 1999 | 98.33 | 0.50 |
Genetic principal component [13] | Subset selection using GA and PCA | KDD cup 1999 | 99.96 | 0.49 |
SVM and NN [14] | Hybrid process. Most significant performance as far as training time but time consuming and hard task to trigger | DARPA | 99.87 | – |
N-KPCA-GA-SVM kernel PCA genetic algorithm-SVM [15] | Hybrid of KPCA, SVM and GA algorithms. Faster convergence speed. Performs higher predictive accuracy and better generalization. But have complex structure and have latency for real-time application | KDD CUP99 | 96.37 | 0.95 |
CSV-ISVM Candidate Support Vector-Incremental SVM [16] | Improved learning algorithm to better recognize rate and false alarm rate than usual classification | KDD Cup 1999 | 90.14 | 2.31 |