A survey of intrusion detection systems based on ensemble and hybrid classifiers

Abdulla Amin Aburomman, Md. Mamun Ibne Reaz

Research output: Contribution to journalReview article

33 Citations (Scopus)

Abstract

Due to the frequency of malicious network activities and network policy violations, intrusion detection systems (IDSs) have emerged as a group of methods that combats the unauthorized use of a network's resources. Recent advances in information technology have produced a wide variety of machine learning methods, which can be integrated into an IDS. This study presents an overview of intrusion classification algorithms, based on popular methods in the field of machine learning. Specifically, various ensemble and hybrid techniques were examined, considering both homogeneous and heterogeneous types of ensemble methods. In addition, special attention was paid to those ensemble methods that are based on voting techniques, as those methods are the simplest to implement and generally produce favorable results. A survey of recent literature shows that hybrid methods, where feature selection or a feature reduction component is combined with a single-stage classifier, have become commonplace. Therefore, the scope of this study has been expanded to encompass hybrid classifiers.

Original languageEnglish
Pages (from-to)135-152
Number of pages18
JournalComputers and Security
Volume65
DOIs
Publication statusPublished - 1 Mar 2017

Fingerprint

Intrusion detection
Learning systems
Classifiers
Information technology
Feature extraction
learning method
voting
information technology
resources
learning
Group

Keywords

  • Ensemble classifiers
  • Hybrid classifiers
  • Intrusion detection
  • KDD 99
  • Multiclass classifiers
  • NSL-KDD

ASJC Scopus subject areas

  • Computer Science(all)
  • Law

Cite this

A survey of intrusion detection systems based on ensemble and hybrid classifiers. / Aburomman, Abdulla Amin; Ibne Reaz, Md. Mamun.

In: Computers and Security, Vol. 65, 01.03.2017, p. 135-152.

Research output: Contribution to journalReview article

@article{cbebe5d628b3404bb8f442d7e024a364,
title = "A survey of intrusion detection systems based on ensemble and hybrid classifiers",
abstract = "Due to the frequency of malicious network activities and network policy violations, intrusion detection systems (IDSs) have emerged as a group of methods that combats the unauthorized use of a network's resources. Recent advances in information technology have produced a wide variety of machine learning methods, which can be integrated into an IDS. This study presents an overview of intrusion classification algorithms, based on popular methods in the field of machine learning. Specifically, various ensemble and hybrid techniques were examined, considering both homogeneous and heterogeneous types of ensemble methods. In addition, special attention was paid to those ensemble methods that are based on voting techniques, as those methods are the simplest to implement and generally produce favorable results. A survey of recent literature shows that hybrid methods, where feature selection or a feature reduction component is combined with a single-stage classifier, have become commonplace. Therefore, the scope of this study has been expanded to encompass hybrid classifiers.",
keywords = "Ensemble classifiers, Hybrid classifiers, Intrusion detection, KDD 99, Multiclass classifiers, NSL-KDD",
author = "Aburomman, {Abdulla Amin} and {Ibne Reaz}, {Md. Mamun}",
year = "2017",
month = "3",
day = "1",
doi = "10.1016/j.cose.2016.11.004",
language = "English",
volume = "65",
pages = "135--152",
journal = "Computers and Security",
issn = "0167-4048",
publisher = "Elsevier Limited",

}

TY - JOUR

T1 - A survey of intrusion detection systems based on ensemble and hybrid classifiers

AU - Aburomman, Abdulla Amin

AU - Ibne Reaz, Md. Mamun

PY - 2017/3/1

Y1 - 2017/3/1

N2 - Due to the frequency of malicious network activities and network policy violations, intrusion detection systems (IDSs) have emerged as a group of methods that combats the unauthorized use of a network's resources. Recent advances in information technology have produced a wide variety of machine learning methods, which can be integrated into an IDS. This study presents an overview of intrusion classification algorithms, based on popular methods in the field of machine learning. Specifically, various ensemble and hybrid techniques were examined, considering both homogeneous and heterogeneous types of ensemble methods. In addition, special attention was paid to those ensemble methods that are based on voting techniques, as those methods are the simplest to implement and generally produce favorable results. A survey of recent literature shows that hybrid methods, where feature selection or a feature reduction component is combined with a single-stage classifier, have become commonplace. Therefore, the scope of this study has been expanded to encompass hybrid classifiers.

AB - Due to the frequency of malicious network activities and network policy violations, intrusion detection systems (IDSs) have emerged as a group of methods that combats the unauthorized use of a network's resources. Recent advances in information technology have produced a wide variety of machine learning methods, which can be integrated into an IDS. This study presents an overview of intrusion classification algorithms, based on popular methods in the field of machine learning. Specifically, various ensemble and hybrid techniques were examined, considering both homogeneous and heterogeneous types of ensemble methods. In addition, special attention was paid to those ensemble methods that are based on voting techniques, as those methods are the simplest to implement and generally produce favorable results. A survey of recent literature shows that hybrid methods, where feature selection or a feature reduction component is combined with a single-stage classifier, have become commonplace. Therefore, the scope of this study has been expanded to encompass hybrid classifiers.

KW - Ensemble classifiers

KW - Hybrid classifiers

KW - Intrusion detection

KW - KDD 99

KW - Multiclass classifiers

KW - NSL-KDD

UR - http://www.scopus.com/inward/record.url?scp=84997719885&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84997719885&partnerID=8YFLogxK

U2 - 10.1016/j.cose.2016.11.004

DO - 10.1016/j.cose.2016.11.004

M3 - Review article

VL - 65

SP - 135

EP - 152

JO - Computers and Security

JF - Computers and Security

SN - 0167-4048

ER -