Stanley College of Engineering and Technology for Women

Chapel Road, Abids, Hyderabad-500 001

(Autonomous)
(Affiliated to Osmania University & Approved by AICTE) (All
eligible UG Courses are accredited by NBA & Accredited by NAAC
with 'A' Grade)

Department of Information Technology

Batch No: B9
Name of the Guide: Dr. Moumita pal
Team Members:
Maniha Amatul Raheem(160621737098)
Mubeena (160621737102)

Shireen Unnisa (160621737123)

Project Title:
“Your Recommendo”
(Research papers recommendation system)
As the digital landscape expands, so does the complexity of securing networks from increasingly
sophisticated cyber threats. Intrusion detection systems (IDS) are essential for identifying and
mitigating these threats in real-time, but traditional approaches often struggle with high false
positive rates, low accuracy, and inefficiency in handling large volumes of data. This project
proposes a solution by integrating supervised machine learning models, advanced feature
selection techniques, and data expansion methods to enhance the performance of network
intrusion detection systems.

We utilize machine learning models such as Random Forests, Support Vector Machines (SVM),
and Neural Networks, which are well-suited for classification tasks and have been shown to
effectively identify intrusions. However, the performance of these models can be hindered by
irrelevant or redundant features in the dataset. To address this, we employ Symmetric
Uncertainty as a feature selection technique. Unlike traditional methods such as Correlation-
based Feature Selection (CFS), Symmetric Uncertainty provides a more accurate measure of the
relationship between input features and the classification result. This ensures that only the most
relevant features are selected, leading to improved detection accuracy and reduced false
positives.

The system will be tested on benchmark datasets like KDD Cup 99 or NSL-KDD, commonly
used in the evaluation of intrusion detection systems. These datasets contain a mix of normal and
malicious network traffic, allowing us to rigorously evaluate the accuracy, false positive rate, and
overall effectiveness of the system.

By combining advanced feature selection and data expansion with robust machine learning
models, this project aims to create a scalable and accurate solution for detecting network
intrusions. The proposed approach not only improves accuracy but also enhances the system's
ability to detect novel attacks while minimizing the rate of false alarms.

Why We Are Conducting These Survey’s:

The purpose of this survey is to gather insights on key advancements, challenges, and best
practices related to network intrusion detection systems (IDS). By understanding the approaches,
methodologies, and results presented in various research papers, we aim to enhance the design
and effectiveness of our project. The survey helps identify gaps in existing solutions, explores
feature selection techniques, and evaluates the efficiency of supervised learning models in
handling realtime network data. This analysis ensures that our project aligns with state-of-the-art
solutions while addressing current limitations.

Importance of the Paper's Influence on Our Project:

Each paper provides valuable contributions, such as novel algorithms, optimized feature selection
methods, or improved machine learning models, directly impacting our project. These surveys
help refine our approach to data expansion, feature selection using Symmetric Uncertainty, and
model performance evaluation. The insights guide the choice of techniques, like Random Forests
or Neural Networks, ensuring our system is scalable, accurate, and capable of detecting
sophisticated network intrusions efficiently.

Literature Survey

1. A Comprehensive Survey of Supervised Machine Learning for Network

Intrusion Detection

Authors: M. Tavallaee, E. Bagheri, W. Lu, A. A. Ghorbani

With the increasing complexity of cyber threats, securing networks has become a critical
concern.
The paper "A Comprehensive Survey of Supervised Machine Learning for Network Intrusion
Detection" by Tavallaee et al. explores how supervised machine learning can improve intrusion
detection systems. The survey consolidates existing research and highlights gaps for future
exploration in this field.

As cyber-attacks evolve, traditional methods of network security struggle to keep up. Machine
learning offers an automated solution for detecting malicious activities. This survey reviews
various supervised learning algorithms to identify the most effective ones for network intrusion
detection, providing valuable insights for both researchers and practitioners.
The paper examines algorithms such as decision trees, SVMs, and neural networks. While
decision trees are fast and easy to interpret, SVMs often deliver better accuracy, especially in
highdimensional data. The KDD'99 dataset, commonly used for evaluation, is criticized for being
outdated and inadequate in representing modern network traffic, highlighting the need for
updated datasets.

The survey offers a thorough comparison of machine learning algorithms used in network
intrusion detection, highlighting the strengths and limitations of each approach. This detailed
analysis helps practitioners select the most appropriate models for their specific needs and offers
valuable guidance for improving detection accuracy.

The authors propose future research directions, including the development of more realistic
datasets that reflect current network conditions. They also suggest exploring hybrid models that
combine the strengths of different algorithms, as well as implementing continual learning
systems that allow intrusion detection systems to adapt to evolving network traffic patterns.

2. Machine Learning Algorithms in Intrusion Detection: A Survey

Authors: K. Laskov, P. Dussel, C. Schafer

The paper "Machine Learning Algorithms in Intrusion Detection: A Survey" by K. Laskov, P.
Dussel, and C. Schafer explores the application of supervised machine learning algorithms for
intrusion detection systems (IDS). It examines a range of algorithms, assessing their performance
and effectiveness in detecting network intrusions.

The authors discuss algorithms such as k-nearest neighbors (k-NN), random forests, and neural
networks. K-NN is known for its simplicity and ease of implementation, but it struggles with
highdimensional data and noise. Random forests, while highly accurate and robust, lack
interpretability, making it difficult to understand how decisions are made. Neural networks,
particularly deep learning models, perform well in complex scenarios but require significant
computational resources, limiting their use in real-time environments.

The survey offers a comprehensive comparison of different machine learning models for IDS,
providing insights into their strengths and weaknesses. This evaluation helps both researchers
and practitioners make informed decisions when selecting the most suitable algorithm for their
intrusion detection needs.
The authors also suggest areas for future research, emphasizing the importance of adaptive
learning systems that can adjust to real-time changes in network traffic. Additionally, they
propose exploring hybrid models that combine multiple algorithms to enhance detection
accuracy and performance.

In conclusion, the paper provides valuable insights into the use of machine learning for IDS,
highlighting both the opportunities and challenges of various algorithms. The findings point to
the need for further research in areas like adaptive learning and hybrid models, which could
significantly improve the effectiveness of intrusion detection systems.

3. Supervised Learning Approaches for Network Intrusion Detection Systems

Authors: J. Zhang, M. Zulkernine, A. Haque

The paper "Supervised Learning Approaches for Network Intrusion Detection Systems" by
Zhang, Zulkernine, and Haque explores the use of supervised learning techniques to improve
intrusion detection systems (IDS). As cyber threats evolve, efficient IDS are essential for network
security. The authors review several algorithms, including decision trees, naive Bayes, and
support vector machines (SVM), analyzing their effectiveness and the importance of data
preprocessing and feature selection in improving model performance with real-world data.

The survey highlights that decision trees are interpretable but prone to overfitting, while naive
Bayes is fast and efficient but assumes feature independence. SVMs are strong in high-
dimensional spaces but need careful tuning. The authors stress that data preprocessing, such as
normalization and anonymization, is crucial for enhancing model accuracy. Additionally, feature
selection reduces dimensionality and improves model efficiency.

The paper offers valuable insights for practitioners, underscoring the importance of preprocessing
and feature selection in improving IDS performance. Future research should focus on developing
adaptive feature selection methods and exploring ensemble approaches that combine multiple
algorithms to boost detection accuracy and reduce false positives. Incorporating semi-supervised
and unsupervised methods could also enhance IDS in the face of evolving threats.

In conclusion, this paper provides a thorough review of supervised learning techniques for IDS,
offering both theoretical insights and practical guidance for enhancing network security. It
emphasizes the ongoing need for innovation to address the dynamic nature of cyber threats.
4. Efficient Network Intrusion Detection Through Supervised Learning
Algorithms

Authors: T. Shon, J. Moon

The paper " Efficient Network Intrusion Detection Through Supervised Learning Algorithms "
by, Shon and Moon explore various supervised learning algorithms like random forest, gradient
boosting, and support vector machines (SVM) to improve network intrusion detection systems
(IDS). With network traffic growing increasingly complex, the need for efficient real-time
anomaly detection is critical. The paper compares the strengths and weaknesses of these
algorithms, focusing on key performance metrics such as computational efficiency, false positive
rates, and scalability. Random forest is effective for high-dimensional data but less
computationally efficient, while gradient boosting offers higher classification accuracy at the
expense of computational demands. SVM excels with non-linearly separable data but faces
challenges in scalability for larger datasets. The paper highlights the importance of choosing the
right algorithm based on the system's requirements and environment. Additionally, it discusses
the challenge of high false positive rates, which can overwhelm security analysts. Shon and
Moon suggest future research should focus on more efficient algorithms, hybrid models
combining multiple techniques, and improving real-time performance in complex network
environments.

5. Deep Supervised Learning for Intrusion Detection in Network Systems

Authors: M. Moustafa, J. Slay

The paper " Deep Supervised Learning for Intrusion Detection in Network Systems ", Moustafa
and Slay explore the potential of deep learning techniques, particularly deep neural networks
(DNNs) and convolutional neural networks (CNNs), in enhancing network intrusion detection
systems. With the increasing complexity and volume of network traffic, traditional methods often
fail to effectively generalize across varied data types. The authors delve into how DNNs and
CNNs excel at identifying patterns in high-dimensional data, achieving high accuracy in anomaly
detection. However, they note significant challenges, such as the need for large labeled datasets
and the substantial computational resources required for model training. Balancing detection
performance with computational efficiency remains a critical concern, especially in
resourceconstrained environments. The paper emphasizes the importance of effective training
strategies to optimize model performance while managing computational demands. Additionally,
Moustafa and Slay suggest future research directions, including the development of more
efficient training methods, hybrid models combining deep learning with traditional techniques,
and addressing the limitations of current datasets. These efforts could improve the applicability
and robustness of deep learning models in real-world network intrusion detection systems.

6. A Survey of Decision Trees and Random Forest for Intrusion Detection

Authors: A. Patcha, J. Park

The paper "A Survey of Decision Trees and Random Forest for Intrusion Detection" by Patcha
and Park study critically examines two of the most widely used supervised learning techniques—
decision trees and random forests—to enhance network IDS performance. Decision trees are
favored for their interpretability, allowing security analysts to trace how decisions are made.
However, the simplicity of decision trees makes them prone to overfitting, especially when
working with large, complex datasets. Random forests address this issue by combining multiple
decision trees, enhancing both accuracy and robustness, while also significantly reducing false
positives. The paper compares the strengths and limitations of these models, emphasizing that
ensemble methods (like random forests) tend to improve detection rates, but they may require
more computational resources. The authors also discuss challenges related to scaling decision
tree-based models for large networks, suggesting that future research could explore hybrid
models that combine decision trees with other techniques to balance performance and efficiency.
Additionally, there is an opportunity to focus on interpretability in ensemble methods, as
transparency in decision-making is crucial for security personnel to trust the system’s alerts.

7. Application of Supervised Machine Learning in Distributed Intrusion

Detection Systems

Authors: P. Garcia-Teodoro, J. Diaz-Verdejo, G. Macia-Fernandez

Garcia-Teodoro et al.'s paper, "Application of Supervised Machine Learning in Distributed

Intrusion Detection Systems," examines the use of supervised machine learning techniques like
SVM and neural networks to improve Distributed Intrusion Detection Systems (DIDS). The
authors emphasize SVM's ability to handle high-dimensional data and neural networks' flexibility
in identifying complex patterns. They also highlight the role of data fusion strategies in
combining information from multiple sources to enhance detection accuracy and address
challenges such as network latency.

The survey focuses on the application of machine learning in distributed systems, an area often
overlooked compared to centralized systems. The authors suggest that future research should
explore improved data fusion techniques and evaluate these models in real-time, large-scale
environments to ensure their effectiveness in detecting evolving cyber threats.
8. Comparative Study of Machine Learning Techniques for Network
Intrusion Detection

Authors: S. Mukkamala, G. Janoski, A. Sung

The paper "Comparative Study of Machine Learning Techniques for Network Intrusion
Detection" by Mukkamala et al. evaluates several supervised machine learning algorithms,
including artificial neural networks, support vector machines (SVM), and decision trees. Using
publicly available datasets such as KDD Cup and NSL-KDD, the authors compare the
performance of these algorithms across various metrics like accuracy, computational efficiency,
and interpretability. Their findings indicate that neural networks generally deliver high accuracy
but require extensive training and are computationally demanding, while SVMs perform well
with high-dimensional data. Decision trees, though less computationally intensive, are highly
interpretable but may not perform as well with complex datasets. The paper emphasizes the need
for improved feature engineering to enhance the performance of these models.

The study's merit lies in its detailed comparative framework, which provides valuable insights
into how each technique performs in different contexts. The authors suggest future research
could focus on enhancing feature selection techniques, developing hybrid models that combine
multiple algorithms' strengths, and expanding training datasets to improve the robustness and
generalization of intrusion detection systems. These directions could lead to more effective and
efficient machine learning-based intrusion detection systems in diverse network environments.

9. Hybrid Supervised Learning Techniques for Network Intrusion Detection

Authors: M. Sabhnani, G. Serpen

The paper "Hybrid Supervised Learning Techniques for Network Intrusion Detection" by
Sabhnani and Serpen examines the potential of hybrid models that combine various supervised
learning techniques, such as decision trees and k-nearest neighbors (k-NN), to improve intrusion
detection systems. The study is important because it investigates the synergistic advantages of
hybrid models in tackling both known and unknown network intrusion threats, enhancing
detection capabilities. The authors found that hybrid models generally outperform single-method
approaches in terms of accuracy, robustness, and speed, particularly in reducing false alarm rates
in large-scale networks. Integrating decision trees with k-NN, for example, provides a more
resilient system by combining the strengths of both algorithms.
The survey's merit lies in its comprehensive assessment of hybrid models, offering insights into
how different techniques can complement each other in network intrusion detection. The authors
recommend further exploration of additional combinations of supervised algorithms to strengthen
detection capabilities and suggest that adaptive learning techniques, capable of responding to
emerging threats, should be investigated. Such future research could further improve the
performance and resilience of intrusion detection systems in dynamic network environments.

10.Intrusion Detection Systems: A Supervised Machine Learning Approach

Authors: T. S. Chou, C. H. Lin

In the paper "Intrusion Detection Systems: A Supervised Machine Learning Approach" by Chou
and Lin, the authors provide a detailed overview of how supervised machine learning techniques
can be applied to enhance the performance of intrusion detection systems (IDS) in the face of
increasingly complex network traffic. They focus on key algorithms such as logistic regression,
support vector machines (SVM), and ensemble methods, highlighting their strengths and
limitations. Logistic regression is simple and efficient but may struggle with more sophisticated
attacks. SVMs excel in high-dimensional data but often face scalability issues in real-time
detection scenarios. Ensemble methods, while robust, may require considerable computational
resources, which could hinder their deployment in high-speed networks.

The survey emphasizes that despite the ability of these techniques to handle modern network
complexities, challenges remain, especially in terms of achieving low false positive rates and
maintaining accuracy in high-speed environments. The authors also discuss the importance of
realtime detection, where IDS must process large volumes of traffic quickly and accurately to
identify potential threats. They argue that current algorithms, although effective, still need to be
fine-tuned for faster processing without compromising detection rates.

One of the key contributions of this paper is its suggestion for future research directions. Chou
and Lin propose that further exploration of hybrid models, combining multiple machine learning
techniques, could offer the most promising solution for improving IDS performance.
Additionally, advanced feature engineering to select the most relevant data for training the
algorithms would be crucial in addressing the challenges of dynamic and evolving cyber threats.
The authors also recommend enhancing real-time detection capabilities and adapting supervised
learning models specifically for high-speed environments to improve scalability and accuracy in
large-scale network settings.
 11.Intrusion Detection through Advanced Machine Learning Techniques

Authors: A. Lazarevic, V. Kumar, J. Srivastava

In their study, "Intrusion Detection through Advanced Machine Learning Techniques," Lazarevic,
Kumar, and Srivastava focus on enhancing network intrusion detection systems (NIDS) using
supervised machine learning models. They explore several algorithms, including Support Vector
Machines (SVM), neural networks, and decision trees, applied to benchmark datasets like
DARPA and KDD'99. The research identifies the scalability of these algorithms as a significant
challenge when applied to large, complex datasets containing both known and unknown attack
patterns. The authors differentiate between signature-based detection, which relies on predefined
attack patterns, and anomaly-based detection, which flags deviations from normal network
behavior. While supervised learning excels in detecting known attacks, it struggles with novel
threats. To address this limitation, the authors propose integrating anomaly-based approaches
with signature-based methods to create a hybrid system, which enhances the overall detection
performance.

A key finding of the study is the importance of data preprocessing, as network data is often noisy
and high-dimensional, potentially impairing the effectiveness of supervised classifiers. The
authors recommend using feature selection techniques such as principal component analysis
(PCA) and mutual information to improve model efficiency. Finally, Lazarevic et al. stress the
need for real- time analysis capabilities in NIDS. They suggest that future research should focus
on optimizing these machine learning models to enable faster decision-making, enabling them to
handle high- speed network traffic more effectively.

12.Adaptive Supervised Learning for Intrusion Detection in Dynamic

Networks

Authors: H. Singh, N. Kaur

In their study, "Adaptive Supervised Learning for Intrusion Detection in Dynamic Networks,"
Singh and Kaur address the challenges of maintaining high accuracy in intrusion detection
systems (IDS) as network environments continuously evolve. Traditional supervised learning
models, while effective for static datasets, struggle to adapt to the dynamic nature of modern
networks, where new attack patterns frequently emerge. The authors emphasize the need for
 adaptive learning techniques that can update the IDS models continuously without requiring
complete retraining from scratch.

One key technique explored is incremental learning using decision trees, such as the Hoeffding
Tree and Online Random Forests, which allow IDS models to be updated as new data streams in,
without significantly compromising computational efficiency. This approach enables the
detection system to maintain high accuracy over time by gradually adapting to new network
behaviors and attack types. Another focus of the paper is the application of online Support Vector
Machines (SVMs), which facilitate real-time learning from incoming data. However, the study
highlights the challenge of maintaining a low false positive rate (FPR) in such scenarios. To
address this, Singh and Kaur propose integrating feature selection techniques like Recursive
Feature Elimination (RFE) during model updates, ensuring the retention of the most relevant
features and improving classification performance.

The authors also discuss the importance of continuous model evaluation, proposing the use of
sliding-window techniques to assess the IDS’s performance over time. This ensures that the
system remains effective, even as traffic patterns shift. The study concludes by recommending
the deployment of adaptive models in edge-based IDS architectures, where real-time detection
and response are crucial for maintaining network security.

13.A Comparative Study of Supervised Machine Learning Algorithms for

Intrusion Detection Systems

Authors: M. Tavallaee, E. Bagheri, W. Lu, A. Ghorbani

Tavallaee et al. conduct a comprehensive study comparing various supervised machine learning
algorithms used in intrusion detection systems (IDS), such as decision trees, SVM, random
forests, and k-nearest neighbors (KNN). The study evaluates these algorithms across several
benchmark datasets like KDD'99 and NSL-KDD, providing a detailed comparison of their
performance in real-world network environments.

The research reveals the varying performance of different algorithms, influenced by factors such
as dataset characteristics and attack types. Decision trees and random forests perform effectively
on known attack types but struggle with detecting novel or zero-day attacks. SVM, on the other
hand, excels at identifying previously unseen threats but comes with the drawback of higher
computational complexity. The authors also highlight the crucial role of feature selection and
dimensionality reduction in improving algorithm efficiency and detection capabilities.
Techniques like principal component analysis (PCA) and information gain are recommended to
identify and retain the most relevant features for the detection tasks.

The study’s merit lies in its comprehensive evaluation of multiple machine learning algorithms,
which helps practitioners choose the most suitable approach based on their specific needs and
constraints. Additionally, the research emphasizes the importance of feature selection and
dimensionality reduction, which are critical for optimizing IDS performance without
overwhelming computational resources.

The study concludes by discussing the trade-offs between detection accuracy and computational
cost, suggesting that ensemble methods—combining multiple classifiers—may provide an
optimal solution. These methods balance detection performance with computational efficiency,
making them a promising approach for practical IDS deployments.

14. Real-Time Intrusion Detection Using Deep Learning Techniques

Authors: R. Vinayakumar, K.P. Soman, P. Poornachandran

Vinayakumar et al. focus on applying deep learning models like Deep Neural Networks (DNN)
and Long Short-Term Memory (LSTM) networks for real-time network intrusion detection. The
paper emphasizes the ability of deep learning to handle high-dimensional network traffic data.

The study reveals that deep learning models, especially CNNs for feature extraction and LSTMs
for capturing temporal dependencies, are effective at identifying complex, previously unknown
attack patterns. However, training deep models requires large datasets and substantial
computational resources.

The paper’s merit lies in its exploration of model optimization techniques like pruning and
quantization to reduce model size while maintaining accuracy. This makes real-time deployment
of these models more feasible.

The study suggests further research into federated learning approaches for distributed
environments, allowing models to collaborate without sharing raw data. This would improve
privacy and scalability in IDS systems.
15.Tale Network Intrusion Detection using Supervised Machine Learning
Technique with Feature Selection

Author: Kazi Abu Taher

Kazi Abu Taher explores the application of supervised machine learning techniques for
classifying network traffic as either malicious or benign. The study integrates feature selection
methods with machine learning algorithms to identify the most effective model for intrusion
detection.

The study finds that combining feature selection with supervised learning improves the
classification accuracy. Specifically, Artificial Neural Network (ANN) with a wrapper feature
selection method outperforms Support Vector Machine (SVM) when it comes to detecting
malicious network traffic. The research emphasizes that feature selection significantly enhances
the model's detection success rate by focusing on the most relevant features.

This study’s merit lies in its comparison of machine learning techniques and feature selection
methods, helping to optimize intrusion detection models. The use of ANN with feature selection
stands out as an effective approach for improving classification accuracy in real-world network
environments.

Taher's study concludes that supervised machine learning models, particularly with feature
selection techniques, are crucial for improving IDS performance. The ANN-based model
demonstrates higher detection success rates, highlighting the importance of selecting the right
features to improve the accuracy of intrusion detection systems.

16. Toward Credible Evaluation of Anomaly-Based Intrusion-Detection Methods

Author: M. Tavallace
M. Tavallace’s research focuses on the development and evaluation of anomaly-based intrusion
detection methods, which were first introduced in 1987. The study investigates the advancements
in these techniques and their capability to detect novel and unknown cyber-attacks.

The paper observes that anomaly-based methods have significantly evolved, with many systems
now achieving high detection rates. These methods are capable of detecting attacks that have
never been seen before, making them particularly useful for identifying zero-day vulnerabilities.
 Despite their effectiveness, the paper notes that maintaining a low false alarm rate is a common
challenge.

The merit of Tavallace’s work lies in its comprehensive review of anomaly-based intrusion
detection, highlighting the progress made in the field. By demonstrating the high detection rate
(98%) at a low false alarm rate (1%), the research shows the potential of these methods in
detecting new types of attacks.

Tavallace concludes that anomaly-based methods are crucial for enhancing the credibility of
intrusion detection systems, especially in detecting novel attacks. The study emphasizes that
these methods continue to evolve, offering an increasing level of effectiveness in cybersecurity.

17. Importance of Intrusion Detection Systems (IDS)

Author: Asmaa Shaker Ashoor

Asmaa Shaker Ashoor’s study explores the growing threat posed by intruders across the Internet
and the importance of robust intrusion detection systems (IDS) in mitigating these threats. The
paper highlights the need for new techniques to protect computer infrastructures from malicious
attacks.

Ashoor’s work highlights the vulnerability of computer systems to intrusion despite the presence
of preventive measures like firewalls and encryption. Intruders continue to find ways to bypass
these defenses, emphasizing the necessity for IDS to detect and prevent unauthorized access.

The merit of Ashoor’s research lies in its emphasis on the critical role of IDS in modern
cybersecurity. The study draws attention to the need for more advanced methods to complement
traditional defenses and ensure the security of sensitive systems.

Ashoor concludes that while traditional security measures are important, IDS plays a vital role in
detecting and responding to intrusions that bypass conventional methods. The study advocates
for continuous advancements in IDS to address the evolving nature of cyber threats.

18.Modeling & Implementation Approach to Evaluate the Intrusion Detection

System

Author: M. Saher
 M. Saher’s study focuses on modeling and implementing an approach to evaluate intrusion
detection systems (IDS), particularly in the context of increasing network complexity and
cyberattacks. The research addresses the challenges in effectively identifying malicious activities
within vast volumes of network data.

Saher observes that traditional IDS methods are becoming less effective due to the complexity of
modern cyber-attacks and the increasing volume of network traffic. The paper suggests that a
more dynamic and adaptive approach is needed to address these challenges.

Saher’s work provides valuable insights into the evolving landscape of network security, offering
suggestions for improving IDS evaluation. The paper stresses the importance of implementing
advanced techniques to manage the growing complexity of network data.

The study concludes that to effectively evaluate IDS, it is necessary to adapt to the increasing
complexity of cyber threats. The research recommends refining IDS models to improve their
ability to identify and mitigate modern attacks.

19.Incremental Anomaly-Based Intrusion Detection System Using Limited

Labeled Data

Author: P. Alaei

P. Alaei’s research explores the use of incremental learning for anomaly-based intrusion detection
systems (IDS), particularly in scenarios where labeled data is limited. The study investigates
methods to reduce the energy costs and carbon emissions in manufacturing, while also applying
anomaly detection to improve cybersecurity.

Alaei emphasizes the challenges of using limited labeled data for training IDS models. The paper
highlights the need for methods that can adapt incrementally as new data becomes available,
allowing IDS to continuously learn and improve detection capabilities.

The merit of Alaei’s study lies in its innovative approach to dealing with the scarcity of labeled
data in anomaly detection. By leveraging incremental learning, the study presents a solution to
enhance IDS performance even with limited data.
 Alaei concludes that incremental learning can significantly improve IDS efficiency, particularly
in resource-constrained environments. The research demonstrates how anomaly-based methods
can be applied in dynamic settings where labeled data is limited, improving detection capabilities
over time.

20.A Comprehensive Review of Hybrid Intrusion Detection Systems Using

Machine Learning Techniques

Authors: A. Sharma, P. Kumar, S. P. Singh

The study by Sharma, Kumar, and Singh focuses on the growing need for hybrid intrusion
detection systems (IDS) that combine both machine learning (ML) and traditional methods to
improve the detection of cyber-attacks. The paper provides an in-depth review of various hybrid
models that leverage the strengths of multiple machine learning algorithms, such as decision
trees, SVM, and neural networks, alongside traditional techniques like signature-based detection.

The authors observe that while machine learning techniques, especially supervised learning, have
made significant strides in detecting known and unknown attacks, the complexity and evolving
nature of cyber threats necessitate the use of hybrid models. These systems combine the
efficiency of traditional signature-based detection with the adaptability of machine learning,
making them more effective in dealing with new and previously unseen threats. The study further
emphasizes the need for feature selection and dimensionality reduction techniques to enhance the
performance of hybrid models.

The merit of this study lies in its comprehensive comparison of hybrid IDS models, offering
valuable insights into the benefits and challenges of combining machine learning techniques with
traditional intrusion detection methods. The paper highlights how hybrid models can improve
detection rates, reduce false positives, and enhance the overall robustness of intrusion detection
systems.

The research concludes that hybrid IDS models are an effective solution for the ever-evolving
nature of cyber-attacks. By combining the strengths of multiple detection methods, these systems
can achieve higher accuracy and better generalization across various types of attacks. The study
also suggests that future research should focus on developing more sophisticated feature
selection methods and exploring real-time implementation of these hybrid models in large-scale
networks.
 Comparisions of Survey’s

Paper Title Authors Datas Algorithms Remarks

et Used
Used
A Comprehensive M. KDD'9 Decision Reviews algorithms for
Survey of Supervised Tavallaee, 9 Trees, SVMs, IDS, emphasizes need
for updated datasets
Machine Learning for E. Bagheri, Neural and hybrid models.
Network W.Lu, Networks
Intrusion Detection A.A.
Ghorbani
Machine Learning K. Laskov, KDD k-NN, Provides
Algorithms in Intrusion P. Dussel, Cup, Random comprehensive
comparison of
Detection: A Survey C. Schafer NSLKDD Forests, Neural algorithms, highlighting
Networks adaptive learning
systems.
adaptive learning
systems.
Supervised Learning J. Zhang, M. KDD'9 9 Decision Stresses importance
Approaches for Network Zulkernine Trees, Naive of preprocessing and
Intrusion Detection A.Haque Bayes, SVM feature selection to
Systems enhance performance.

Efficient Network Intrusion T. Shon, KDD'9 9 Random Focuses on

Detection Through J. Moon Forest, computational
Supervised Learning A.Haque efficiency and
Gradient challenges of
Systems
Boosting, false positive
rates.
Efficient Network T. Shon, KDD'9 Random Focuses on
Intrusion J. Moon 9 Forest, computational
Detection Through efficiency and
Gradient challenges of
Supervised Learning Boosting, false positive
rates.
Algorithms SVM
Deep Supervised M. UNS Deep Neural Explores deep
Learning for Intrusion Moustafa, WNB15 Networks, learning capabilities
and the need for large
Detection in J. Slay CNNs datasets; suggest
Network Systems hybrid
A Survey of Decision A. Patcha, KDD'9 Decision Compares strengths
Trees and Random J. Park 9, Trees, and weaknesses,
Forest for Intrusion highlights
Detection NSLKDD Random interpretability
Forests and
computational
challenges.
Application of P. KDD'9 SVM, Neural Discusses data fusion
Supervised GarciaTeodoro, J. strategies and real-
9, Networks
DiazVerdejo, G. time application in
Machine Learning in MaciaFernandez UNS distributed systems.
Distributed Intrusion WNB15
Detection Systems
Comparative Study of S. KDD'9 ANN, SVM, Evaluates
Mukkamal performance across
Machine Learning 9, Decision
-a, metrics, emphasizing
Techniques for Network G. Janoski, NSLKDD Trees feature engineering.
A. Sung
Intrusion Detection

Hybrid Supervised M. KDD'9 Decision Examines benefits

Learning Techniques for Sabhnani, 9, Trees, k-NN of hybrid models in
G. Serpen improving accuracy
Network Intrusion NSLK and reducing false
Detection DD alarms.

Intrusion Detection T. S. KDD'9 Logistic Highlights the trade-

Systems: A Supervised Chou, 9 Regression, off between detection
C. H. Lin accuracy and
Machine Learning SVM, computational cost.
Approach Ensemble
 Methods

Intrusion Detection A. DARP SVM, Neural Proposes hybrid

through Lazarevic, V. A, Networks, systems for
Advanced Machine better detection
Kumar, KDD'9 Decision Trees and emphasizes
Learning Techniques J. 9 data
Srivastava preprocessing.

Adaptive Supervised H. Singh, KDD'9 Incremental Focuses on adaptive

Learning for Intrusion N. Kaur 9 Learning, techniques for
evolving networks and
Detection in Dynamic Online SVM real-time learning.
Networks
A Comparative Study of M. KDD'9 Decision Comprehensive
Supervised Machine Tavallaee, 9, Trees, SVM, evaluation helps
practitioners
Learning Algorithms for E. Bagheri, NSLKD Random choose suitable
Intrusion Detection W. Lu, A. D Forests, k-NN algorithms.
Systems Ghorbani
Real-Time Intrusion R. UNS DNN, LSTM Discusses
Detection Using Deep Vinayaku mar, WNB15 optimization
K.P. Soman, P. techniques for deep
Learning Techniques learning models in
Poornachandran
realtime applications.

Tale Network Intrusion Kazi Abu KDD'9 ANN, SVM Emphasizes the role of
Detection using Taher 9 feature selection in
Supervised
Machine Learning improving detection
Technique with Feature accuracy.

Selection
Toward Credible M. KDD'9 Anomaly Reviews progress in
Evaluation of Tavallace 9 Detection anomaly-based
methods and
AnomalyBased Techniques emphasizes low false
Intrusion- alarm rates.
 Detection
Methods

Importance of Intrusion Asmaa Shaker KDD'9 Not specified Highlights critical role
Detection Systems (IDS) Ashoor 9 of IDS in modern
cybersecurity and
need for advanced
methods.
Modeling & M. Saher KDD'9 Not specified Advocates for
Implementation 9 adaptive approaches to
meet modern
Approach to Evaluate the cybersecurity
Intrusion challenges.
Detection System
Incremental Anomaly- P. Alaei KDD'9 Incremental Innovative approach
Based Intrusion 9 Learning to handling limited
Detection labeled data in
anomaly detection.
System Using Limited
Labeled Data
A Comprehensive A. Sharma, KDD'9 Decision Reviews hybrid
Review of Hybrid P.Kumar, 9, Trees, SVM, models,
emphasizing feature
Intrusion S.P. Singh NSLKDD Neural selection and
Detection Systems Using Networks performance
Machine Learning improvement.

Techniques
CONCLUSION
The comprehensive analysis of the surveys underscores the vital importance of advanced
intrusion detection systems (IDS) in today's cybersecurity landscape. A significant emphasis is
placed on the integration of machine learning techniques, which have demonstrated superior
capabilities in identifying both known and novel attack patterns. Hybrid models that combine
traditional signature-based methods with anomaly detection are particularly effective, offering
enhanced flexibility and robustness against diverse threats.

Data preprocessing, including feature selection and dimensionality reduction, emerges as a key
factor in improving algorithm performance. Techniques such as principal component analysis
(PCA) and mutual information are frequently recommended to optimize detection efficiency and
reduce false positives. The research consistently points out that while supervised learning excels
in detecting known attacks, its effectiveness diminishes in the face of zero-day vulnerabilities,
necessitating the adoption of adaptive and incremental learning strategies.

Deep learning models, particularly Convolutional Neural Networks (CNNs) and Long Short-
Term Memory (LSTM) networks, are recognized for their capacity to handle high-dimensional
data and capture temporal dependencies in network traffic. However, the challenges of
computational resource requirements and model optimization are acknowledged, with
suggestions for techniques like pruning and quantization to facilitate real-time applications.

In conclusion, as cyber threats evolve, the need for robust, adaptive, and intelligent intrusion
detection systems becomes paramount. Future research should focus on enhancing real-time
capabilities, exploring federated learning to preserve data privacy, and developing sophisticated
feature selection methods to improve detection rates. By embracing these advancements, the
cybersecurity field can better safeguard against the ever-growing landscape of cyber threats.

REFERENCES

https://www.sciencedirect.com/science/article/pii/S1877050922004422

https://www.semanticscholar.org/paper/Application-of-Machine-Learning-

Approaches-in-A-Haq-
Onik/bbdf15442913c6145ce8e9650088b8c0f8ab3c66?p2df

https://www.sciencedirect.com/science/article/pii/S2468227620302350

https://ieeexplore.ieee.org/abstract/document/9677375

https://ieeexplore.ieee.org/abstract/document/8847179

https://www.mdpi.com/1424-8220/22/12/4459

https://dl.acm.org/doi/abs/10.1145/3178582

https://www.tandfonline.com/doi/abs/10.1080/23742917.2019.1623475

https://ieeexplore.ieee.org/abstract/document/7225395

https://link.springer.com/article/10.1186/s40537-021-00531-w

https://ieeexplore.ieee.org/abstract/document/8386762
https://ieeexplore.ieee.org/abstract/document/6855872

https://www.sciencedirect.com/science/article/abs/pii/S1389128621000141

https://www.sciencedirect.com/science/article/abs/pii/S014036641100209X

https://link.springer.com/article/10.1007/s12083-017-0630-0

https://ieeexplore.ieee.org/abstract/document/5464348

https://portal.arid.my/Publications/f3da7cd3-5bab-4294-94d1-

6a22c1d4235d.pdf https://link.springer.com/chapter/10.1007/978-3-319-26850-
7_41 https://ieeexplore.ieee.org/abstract/document/7959324
https://d1wqtxts1xzle7.cloudfront.net/57819574/133-137- Dharmendralibre.pdf?
1542793090=&response-
contentdisposition=inline%3B+filename%3DA_Comprehensive_Review_on_I
ntrusio n_Dete.pdf&Expires=1729109712&Signature=eqQCX3XYz5AguHM-
OXG9OXMvhiQubNXamb4AUBmEg3pUnIQ7ZSxjOs6bK2WDYnpebHHPa
ftWk2edxoU1Brx0rU17uO75MF4dl46l9TsEiOzDRqttXQC3pcAV8ApdQ46L7
c0oh1nyfGo1cEaqKIhwVrOLpMeS2db56Bvf1F65-
KVfARKBdoInAK2vCURZJK3B5rMCPcUkdn~cvuhTNRkBY0k3lO2mSFvi
YIyUDN-abRGXxW952n6mhCs1wxspUGdPWxpepnGjBgz~fL9Tyi-
YaJc4BqJwrDvr4kK5m3LF5Ka7n4T5Ub2LC42AONnwxu4rFG1H0EGo6rMi
Fku Sq-A &Key-Pair-Id=APKAJLOHF5GGSLRBV4ZA

https://onlinelibrary.wiley.com/doi/full/10.1155/2022/9663052

https://www.sciencedirect.com/science/article/abs/pii/S1084804521001314

https://books.google.com.au/books?hl=en&lr=&id=5DE8DwAAQBAJ&oi=fn
d&pg=PA22&dq=A+Comprehensive+Review+of+Hybrid+Intrusion+Detectio

n+Systems+Using+Machine+Learning+Techniques&ots=b-

VIzUJA4S&sig=S1gTLNJlAd7v2lPeYxh1hGmb-
VQ#v=onepage&q=A%20Comprehensive%20Review%20of%20Hybrid%20I
ntrusion%20Detection%20Systems%20Using%20Machine%20Learning%20
Techniques&f=false