Classical Machine Learning and Its Applications to IDS

  • Kwangjo Kim
  • Muhamad Erza Aminanto
  • Harry Chandra Tanuwidjaja
Part of the SpringerBriefs on Cyber Security Systems and Networks book series (BRIEFSCSSN)


This chapter provides a brief preliminary study regarding classical machine learning which consists of six different models: supervised, unsupervised, semi-supervised, weakly supervised, reinforcement, and adversarial machine learning. Then, the 22 papers are surveyed, which use machine-learning techniques for their IDSs.


Adversarial Machine Learning Botnet Ultimate Prize Semi-supervised Learning Sparse Regularization 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    I. Guyon, J. Weston, S. Barnhill, and V. Vapnik, “Gene selection for cancer classification using support vector machines,” Machine Learning, vol. 46, no. 1–3, pp. 389–422, 2002.CrossRefGoogle Scholar
  2. 2.
    X. Zeng, Y.-W. Chen, C. Tao, and D. van Alphen, “Feature selection using recursive feature elimination for handwritten digit recognition,” in Proc. Intelligent Information Hiding and Multimedia Signal Processing (IIH-MSP), Kyoto, Japan. IEEE, 2009, pp. 1205–1208.Google Scholar
  3. 3.
    C. A. Ratanamahatana and D. Gunopulos, “Scaling up the naive Bayesian classifier: Using decision trees for feature selection,” in Workshop on Data Cleaning and Preprocessing (DCAP) at IEEE Int. Conf. Data Mining (ICDM), Maebashi, Japan. IEEE, Dec 2002.Google Scholar
  4. 4.
    C. Jiang, H. Zhang, Y. Ren, Z. Han, K.-C. Chen, and L. Hanzo, “Machine learning paradigms for next-generation wireless networks,” IEEE Wireless Communications, vol. 24, no. 2, pp. 98–105, 2017.CrossRefGoogle Scholar
  5. 5.
    A. L. Vizine, L. N. de Castro, and E. Hrusch, “Towards improving clustering ants: an adaptive ant clustering algorithm,” Journal of Informatica, vol. 29, no. 2, pp. 143–154, 2005.zbMATHGoogle Scholar
  6. 6.
    C.-H. Tsang and S. Kwong, “Ant colony clustering and feature extraction for anomaly intrusion detection,” Swarm Intelligence in Data Mining, pp. 101–123, 2006.Google Scholar
  7. 7.
    R. Rojas, “The backpropagation algorithm,” Neural Networks. Berlin, Springer, 1996, pp. 149–182.CrossRefGoogle Scholar
  8. 8.
    B. A. Olshausen and D. J. Field, “Sparse coding with an overcomplete basis set: A strategy employed by v1?” Vision Research, vol. 37, no. 23, pp. 3311–3325, 1997.CrossRefGoogle Scholar
  9. 9.
    E. Eskin, A. Arnold, M. Prerau, L. Portnoy, and S. Stolfo, “A geometric framework for unsupervised anomaly detection,” Applications of Data Mining in Computer Security, vol. 6, pp. 77–101, 2002.CrossRefGoogle Scholar
  10. 10.
    N. Y. Almusallam, Z. Tari, P. Bertok, and A. Y. Zomaya, “Dimensionality reduction for intrusion detection systems in multi-data streams a review and proposal of unsupervised feature selection scheme,” Emergent Computation, vol. 24, pp. 467–487, 2017. [Online]. Available: Google Scholar
  11. 11.
    X. Zhu and A. B. Goldberg, “Introduction to semi-supervised learning,” Synthesis lectures on artificial intelligence and machine learning, vol. 3, no. 1, pp. 1–130, 2009.CrossRefGoogle Scholar
  12. 12.
    Z.-H. Zhou, “A brief introduction to weakly supervised learning,” National Science Review, 2017.Google Scholar
  13. 13.
    C. Olah, “Machine learning for humans,”, 2017, [Online; accessed 21-March-2018].
  14. 14.
    P. Laskov and R. Lippmann, “Machine learning in adversarial environments,” Machine Learning, vol. 81, no. 2, pp. 115–119, Nov 2010. [Online]. Available: CrossRefGoogle Scholar
  15. 15.
    S. J. Lewis, “Introduction to adversarial machine learning,”, 2016, [Online; accessed 27-March-2018].
  16. 16.
    L. Huang, A. D. Joseph, B. Nelson, B. I. Rubinstein, and J. Tygar, “Adversarial machine learning,” in Proceedings of the 4th ACM workshop on Security and artificial intelligence. ACM, 2011, pp. 43–58.Google Scholar
  17. 17.
    I. J. Goodfellow, J. Shlens, and C. Szegedy, “Explaining and harnessing adversarial examples,” arXiv preprint arXiv:1412.6572, 2014.Google Scholar
  18. 18.
    H. Motoda and H. Liu, “Feature selection, extraction and construction,” Communication of IICM (Institute of Information and Computing Machinery), Taiwan, vol. 5, pp. 67–72, 2002.Google Scholar
  19. 19.
    H. Bostani and M. Sheikhan, “Modification of supervised OPF-based intrusion detection systems using unsupervised learning and social network concept,” Pattern Recognition, vol. 62, pp. 56–72, 2017.CrossRefGoogle Scholar
  20. 20.
    M. Sabhnani and G. Serpen, “Application of machine learning algorithms to KDD intrusion detection dataset within misuse detection context.” in Proc. Int. Conf. Machine Learning; Models, Technologies and Applications (MLMTA), Lax Vegas, USA, 2003, pp. 209–215.Google Scholar
  21. 21.
    A. G. Fragkiadakis, V. A. Siris, N. E. Petroulakis, and A. P. Traganitis, “Anomaly-based intrusion detection of jamming attacks, local versus collaborative detection,” Wireless Communications and Mobile Computing, vol. 15, no. 2, pp. 276–294, 2015.Google Scholar
  22. 22.
    V. Shah and A. Aggarwal, “Enhancing performance of intrusion detection system against kdd99 dataset using evidence theory,” Int. Journal of Cyber-Security and Digital Forensics, vol. 5(2), pp. 106–114, 2016.CrossRefGoogle Scholar
  23. 23.
    C. Kolias, V. Kolias, and G. Kambourakis, “Termid: a distributed swarm intelligence-based approach for wireless intrusion detection,” International Journal of Information Security, vol. 16, no. 4, pp. 401–416, 2017.CrossRefGoogle Scholar
  24. 24.
    H. G. Kayacik, A. N. Zincir-Heywood, and M. I. Heywood, “Selecting features for intrusion detection: A feature relevance analysis on KDD 99 intrusion detection datasets,” in Proc. Privacy, Security and Trust, New Brunswick, Canada. Citeseer, 2005.Google Scholar
  25. 25.
    S. Puthran and K. Shah, “Intrusion detection using improved decision tree algorithm with binary and quad split,” in Proc. Security in Computing and Communication. Springer, 2016, pp. 427–438.Google Scholar
  26. 26.
    S. Zaman and F. Karray, “Lightweight IDS based on features selection and IDS classification scheme,” in Proc. Computational Science and Engineering (CSE). IEEE, 2009, pp. 365–370.Google Scholar
  27. 27.
    P. Louvieris, N. Clewley, and X. Liu, “Effects-based feature identification for network intrusion detection,” Neurocomputing, vol. 121, pp. 265–273, 2013.CrossRefGoogle Scholar
  28. 28.
    Y. Zhu, J. Liang, J. Chen, and Z. Ming, “An improved NSGA-iii algorithm for feature selection used in intrusion detection,” Knowledge-Based Systems, vol. 116, pp. 74–85, 2017.CrossRefGoogle Scholar
  29. 29.
    V. Manekar and K. Waghmare, “Intrusion detection system using support vector machine (SVM) and particle swarm optimization (PSO),” Int. Journal of Advanced Computer Research, vol. 4, no. 3, pp. 808–812, 2014.Google Scholar
  30. 30.
    H. Saxena and V. Richariya, “Intrusion detection in KDD99 dataset using SVM-PSO and feature reduction with information gain,” Int. Journal of Computer Applications, vol. 98, no. 6, 2014.CrossRefGoogle Scholar
  31. 31.
    E. Schaffernicht and H.-M. Gross, “Weighted mutual information for feature selection,” in Proc. Artificial Neural Networks, Espoo, Finland. Springer, 2011, pp. 181–188.Google Scholar
  32. 32.
    Z. Wang, “The applications of deep learning on traffic identification,” in Conf. BlackHat, Las Vegas, USA. UBM, 2015.Google Scholar
  33. 33.
    S. Aljawarneh, M. Aldwairi, and M. B. Yassein, “Anomaly-based intrusion detection system through feature selection analysis and building hybrid efficient model,” Journal of Computational Science, Mar 2017. [Online]. Available:
  34. 34.
    S. Venkatesan, M. Albanese, A. Shah, R. Ganesan, and S. Jajodia, “Detecting stealthy botnets in a resource-constrained environment using reinforcement learning,” in Proceedings of the 2017 Workshop on Moving Target Defense. ACM, 2017, pp. 75–85.Google Scholar
  35. 35.
    K. Huseynov, K. Kim, and P. Yoo, “Semi-supervised botnet detection using ant colony clustering,” in Symp. Cryptography and Information Security (SCIS), Kagoshima, Japan, 2014.Google Scholar
  36. 36.
    K. M. Kim, H. Kim, and K. Kim, “Design of an intrusion detection system for unknown-attacks based on bio-inspired algorithms,” in Computer Security Symposium (CSS), Nagasaki, Japan, 2015.Google Scholar
  37. 37.
    M. E. Aminanto, H. Kim, K. M. Kim, and K. Kim, “Another fuzzy anomaly detection system based on ant clustering algorithm,” IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, vol. 100, no. 1, pp. 176–183, 2017.CrossRefGoogle Scholar
  38. 38.
    K. M. Kim, J. Hong, K. Kim, and P. Yoo, “Evaluation of ACA-based intrusion detection systems for unknown-attacks,” in Symp. on Cryptography and Information Security (SCIS), Kumamoto, Japan, 2016.Google Scholar
  39. 39.
    C. Kolias, G. Kambourakis, and M. Maragoudakis, “Swarm intelligence in intrusion detection: A survey,” Computers & Security, vol. 30, no. 8, pp. 625–642, 2011.CrossRefGoogle Scholar
  40. 40.
    A. Karami and M. Guerrero-Zapata, “A fuzzy anomaly detection system based on hybrid PSO-Kmeans algorithm in content-centric networks,” Neurocomputing, vol. 149, pp. 1253–1269, 2015.CrossRefGoogle Scholar
  41. 41.
    K. Huseynov, P. D. Yoo, and K. Kim, “Scalable P2P botnet detection with threshold setting in Hadoop framework,” Journal of the Korea Institute of Information Security and Cryptology, vol. 25, no. 4, pp. 807–816, 2015.CrossRefGoogle Scholar
  42. 42.
    D. S. Lee, “Improving detection capability of flow-based IDS in SDN,” KAIST, MS. Thesis, 2015.Google Scholar

Copyright information

© The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd., part of Springer Nature 2018

Authors and Affiliations

  • Kwangjo Kim
    • 1
  • Muhamad Erza Aminanto
    • 1
  • Harry Chandra Tanuwidjaja
    • 1
  1. 1.School of Computing (SoC)Korea Advanced Institute of Science and TechnologyDaejeonKorea (Republic of)

Personalised recommendations