Table 1 Survey of various Intrusion Detection System approaches
From: A novel time efficient learning-based approach for smart intrusion detection system
S. no | Title | Objective | Method | Year & Ref. | Dataset used | Advantages | Drawbacks |
|---|---|---|---|---|---|---|---|
1 | A hybrid method consisting of GA and SVM for Intrusion Detection System. Neural Computing and Applications | To build an Intrusion Detection System using GA and SVM techniques aiming to enhance the effectiveness of the measures in detecting intrusions | A hybrid method comprising of support vector machine and genetic algorithm (GA) | 2016 [12] | KDD cup99 | The hybrid algorithm is successfully able to reduce the number of features from 45 to just 10 features with a decent true-positive value of 0.973 and 0.017 false-positive value | The proposed model is evaluated on the KDD cup99 dataset which fails to reflect the modern-day traffic trends |
2 | A novel SVM-kNN-PSO ensemble method for Intrusion Detection System. Applied Soft Computing | To build an optimal ensemble configuration for detecting intrusions in an Intrusion Detection System | (SVM-KNN-PSO) ensemble based on Support Vector Machine (SVM), K Nearest Neighbor (KNN), and Particle swarm optimization for detecting intrusions | 2016 [21] | KDD99 | The author proposes a novel PSO based ensemble ensuring better results in comparison to the weighted majority algorithm (WMA) | The proposed model is evaluated on the KDD99 dataset which fails to reflect the modern-day traffic trends |
3 | A hybrid Intrusion Detection System (HIDS) based on prioritized k-nearest neighbors and optimized SVM classifiers | To design a Hybrid IDS (HIDS) that can be successfully deployed in the real world and resolve multi-class classification problem | Hybrid intrusion detection system based on prioritized k-Nearest Neighbors and optimized SVM classifiers | 2017 [10] | KDD Cup99, NSL-KDD, and koyotto 2006+  | The proposed model aims at minimizing training and testing and maximizing the intrusion detection rate | Old datasets are used for evaluating the performance of the model. These datasets do not reflect modern traffic trends. There are better time-efficient machine learning algorithms than those presented by the author |
4 | Adaptive and online network Intrusion Detection System using Clustering and Extreme Learning Machines | To build a system capable of detecting known and novel attacks and being updated as per the new data trends in a cost-effective way | An adaptive framework for intrusion detection systems based on Extreme Learning Machines | 2018 [19] | NSL-KDD | The method provides fast learning and real-time detection capabilities | The proposed framework is evaluated on the outdated NSL-KDD dataset |
5 | A New Intrusion Detection System Based on Fast Learning Network and Particle Swarm Optimization | To build a learning mechanism based on two factors: the data set's nature and the type of evaluation measures that will be used to assess the learning mechanism or algorithm | Proposed PSO-FLN, a fast-learning model (FLN) based on particle swarm optimization (PSO). The performance of the proposed model is evaluated using the KDD99 dataset | 2018 [20] | KDD99 | The proposed method PSO-FLN outperformed many other learning models | The proposed model could not effectively detect all attack types. The time efficiency of the proposed model was not evaluated |
6 | Deep Learning Approach for Intelligent Intrusion Detection System | To develop a flexible and effective Intrusion Detection System (IDS) capable of detecting and classifying unanticipated and unpredictable cyber-attacks | Distributed deep learning model with Deep Neural Network is proposed for detecting intrusions | 2019 [18] | KDDCup99, NSL-KDD, UNSW-NB15, Kyoto, WSN-DS, and CICIDS 2017 | The proposed deep learning model is trained on both Network-Based Intrusion Detection System (NIDS) datasets and Host-Based Intrusion Detection system HIDS datasets. The natural language processing (NLP) technique is used on host-level events for detecting intrusions | Detailed information on the structure and characteristics of the malware is missing in the proposed model. The proposed model was not trained on the benchmark datasets and prediction time was not evaluated |
7 | Dynamic Network Anomaly Detection System by Using Deep Learning Techniques. Cloud Computing | To build a deep neural network for enhanced attack detection in an Intrusion Detection System | Deep neural network based on Long Short-Term Memory (LSTM) and Attention Mechanism (AM) | 2019 [13] | CSE-CIC-IDS2018 | LSTM with Attention Mechanism is used to build the neural network model that addresses the time-correlated network traffic classification issues | The time efficiency metric for the proposed model is missing |
8 | Artificial Intelligence-based Network Intrusion Detection with hyper-parameter optimization tuning on the realistic cyber dataset CSE-CIC-IDS2018 using cloud computing | To build a model that can effectively detect a botnet attack | Neural network-based model for Classification of a botnet attack | 2019 [14] | CSE-CIC-IDS2018 | The proposed system based on Artificial Neural Network can be applied to conventional network traffic analysis, cyber-physical system traffic analysis, and real-time network traffic data analysis | The proposed model is only for Botnet detection. Time efficiency evaluation of the proposed model is missing |
9 | Building an efficient Intrusion Detection System based on feature selection and ensemble classifier | To build efficient and accurate intrusion detection that combines the benefits of feature selection and ensemble classifier | Correlation is used for feature selection, then the ensemble classifier based on c4.5, Random Forest (RF), and Forest by Penalizing Attributes (Forest PA) with Average of Probabilities (AOP) rule | 2020 [9] | NSL KDD and CIC-IDS 2017 | The proposed method combines the benefits of feature selection and ensemble classifier for building an efficient and accurate IDS | The model is not evaluated in terms of time efficiency |
10 | Increasing the Performance of Machine Learning-Based IDSs on an Imbalanced and Up-to-Date Dataset | To build a realistic IDS, using an up-to-date security dataset | SMOTE oversampling technique is used to balance the skewed dataset. Six machine learning-based IDSs are proposed using K Nearest Neighbor, Random Forest, Gradient Boosting, Adaboost, Decision Tree, and Linear Discriminant Analysis | 2020 [11] | CSE-CIC-IDS2018 | The author aims at balancing the skewed CIC-IDS 2018 dataset by using a synthetic data generation technique: Synthetic Minority Oversampling Technique (SMOTE) for a better attack detection rate | The proposed model is not evaluated for time-based metrics |
11 | A Hybrid Spectral Clustering and Deep Neural Network Ensemble Algorithm for Intrusion Detection in Sensor Networks | To build an Intrusion Detection System for Sensor Networks | SCDNN model based on spectral clustering (SC) and deep neural network (DNN) algorithms | 2020 [15] | KDD-Cup99 and NSL-KDD datasets and a sensor network | The proposed approach can efficiently categorize sparse attack scenarios and increase detection accuracy in real-world security systems | The SCDNN's drawback is that its weight parameters and DNN layer thresholds must be optimized, and the clusters' k and σ parameters must be calculated empirically rather than through mathematical theory. Further, the model is evaluated on old datasets and the time efficiency metric for the proposed model is also missing |
12 | Deep learning for cybersecurity intrusion detection: Approaches, datasets, and comparative study | To analyze deep learning approaches for intrusion detection | Several deep learning techniques: Recurrent Neural Network, Restricted Boltzmann Machine, Deep Belief Networks, Convolutional Neural Networks, Deep Boltzmann Machine, and Deep Autoencoders were evaluated for detecting intrusions | 2020 [16] | CSE-CIC-IDS2018 dataset and the Bot-IoT dataset | 35 well-known cyber datasets are described in the study. Further performance of seven deep learning approaches is analyzed on two latest datasets | The experiment was performed only on 5% of the entire dataset. No technique was used to address the imbalance issues in the skewed dataset. Moreover, the deep learning models were evaluated just for attack detection rate and accuracy. Whereas other evaluation metrics such as Precision rate, F-Measure were missing |
13 | SwiftIDS: Real-time Intrusion Detection System based on LightGBM and parallel intrusion detection mechanism | To develop an IDS that is capable of processing large amounts of traffic data on high-speed networks promptly while maintaining a high level of detection performance | Swift intrusion detection model is proposed based on light gradient boosting machine (LightGBM) and parallel intrusion detection techniques | 2020 [22] | KDD99, NSL-KDD, and CICIDS2017 | A parallel intrusion detection mechanism is proposed to speed up the execution of intrusion detection cycles | Swift IDS is based on parallel intrusion detection techniques which are subjected to communication and coordination overheads. Moreover, the proposed model is stable with a network speed up to 1.26Gbps |
14 | Network intrusion detection using Multi-Architectural Modular Deep Neural Network | To build an Intrusion Detection System with a low false-positive rate | Deep Neural Network comprising a feed-forward module, a restricted Boltzmann machine, and two Recurrent Neural Networks | 2021 [17] | CIC-IDS 2018 | The model is built using the latest CIC-IDS 2018 dataset | No technique was used to balance the highly skewed CIC-IDS 2018 dataset. The results of the proposed approach on some of the attack categories in the CIC-IDS dataset were also missing |