Abstract
Security is one of the main requirements of the current computer systems, and recently it gains much importance as the number and severity of malicious attacks increase dramatically. Anomaly detection is one of the main branches of the intrusion detection systems which enables to recognize the newer variants of the security attacks. This paper focuses on the anomaly detection schemes (ADS), which have applied support vector machine (SVM) for detecting intrusions and security attacks. For this purpose, it first presents the required concepts about the SVM classifier and intrusion detection systems. It then classifies the ADS approaches and discusses the various machine learning and artificial intelligence techniques that have been applied in combination with the SVM classifier to detect anomalies. Besides, it specifies the primary capabilities, possible limitations, or advantages of the ADS approaches. Furthermore, a comparison of the studied ADS schemes is provided to illuminate their various technical details.
Similar content being viewed by others
References
Abraham A, Jain R, Thomas J, Han SY (2007) D-SCIDS: Distributed soft computing intrusion detection system. J Netw Comput Appl 30:81–98
Aburomman AA, Reaz MBI (2017) A novel weighted support vector machines multiclass classifier based on differential evolution for intrusion detection systems. Inf Sci 414:225–246
Agarwal B, Mittal N (2012) Hybrid approach for detection of anomaly network traffic using data mining techniques. Procedia Technol 6:996–1003
Ahmed M, Mahmood AN, Hu J (2016) A survey of network anomaly detection techniques. J Netw Comput Appl 60:19–31
Al Shorman A, Faris H, Aljarah I (2019) Unsupervised intelligent system based on one class support vector machine and Grey Wolf optimization for IoT botnet detection. J Ambient Intell Hum Comput 1–17
Alaba FA, Othman M, Hashem IAT, Alotaibi F (2017) Internet of things security: a survey. J Netw Comput Appl 88:10–28
Al-Qatf M, Lasheng Y, Al-Habib M, Al-Sabahi KJIA (2018) Deep learning approach combining sparse autoencoder with SVM for network intrusion detection. IEEE Access 6:52843–52856
Ambusaidi MA, He X, Nanda P, Tan Z (2016) Building an intrusion detection system using a filter-based feature selection algorithm. IEEE Trans Comput 65:2986–2998
Amraee S, Vafaei A, Jamshidi K, Adibi P (2018) Abnormal event detection in crowded scenes using one-class SVM. SIViP 12:1115–1123
Anil S, Remya R (2013) A hybrid method based on genetic algorithm, self-organised feature map, and support vector machine for better network anomaly detection. In: 2013 Fourth international conference on computing, communications and networking technologies (ICCCNT). pp 1–5
Anton SD, Kanoor S, Fraunholz D, Schotten HD (2018) Evaluation of machine learning-based anomaly detection algorithms on an industrial Modbus/TCP data set. In: Proceedings of the 13th international conference on availability, reliability and security. pp 1–9
Anton SDD, Sinha S, Schotten HD (2019) Anomaly-based intrusion detection in industrial data with SVM and random forests. In: 2019 International conference on software, telecommunications and computer networks (SoftCOM). pp 1–6
Ashok R, Lakshmi AJ, Rani GDV, Kumar MN (2011) Optimized feature selection with k-means clustered triangle SVM for Intrusion Detection. In: 2011 Third international conference on advanced computing (ICoAC). pp 23–27
Aslahi-Shahri B, Rahmani R, Chizari M, Maralani A, Eslami M, Golkar M, Ebrahimi A (2016) A hybrid method consisting of GA and SVM for intrusion detection system. Neural Comput Appl 27:1669–1676
Bamakan SMH, Wang H, Yingjie T, Shi Y (2016) An effective intrusion detection framework based on MCLP/SVM optimized by time-varying chaos particle swarm optimization. Neurocomputing 199:90–102
Bostani H, Sheikhan M (2017) Hybrid of binary gravitational search algorithm and mutual information for feature selection in intrusion detection systems. Soft Comput 21:2307–2324
Chandola V, Banerjee A, Kumar V (2009) Anomaly detection: a survey. ACM Comput Surv CSUR 41:1–58
Chen W-H, Hsu S-H, Shen H-P (2005) Application of SVM and ANN for intrusion detection. Comput Oper Res 32:2617–2634
Cheng C, Tay WP, Huang G-B (2012) Extreme learning machines for intrusion detection. In: The 2012 international joint conference on neural networks (IJCNN). pp 1–8
Chitrakar R, Chuanhe H (2012) Anomaly detection using Support Vector Machine classification with k-Medoids clustering. In: 2012 Third Asian Himalayas international conference on internet (AH-ICI). pp 1–5
Chu W-L, Lin C-J, Chang K-N (2019) Detection and classification of advanced persistent threats and attacks using the support vector machine. Appl Sci 9:4579
Cid-Fuentes JA, Szabo C, Falkner K (2018) Adaptive performance anomaly detection in distributed systems using online SVMs. IEEE Trans Dependable Secure Comput
De la Hoz E, De La Hoz E, Ortiz A, Ortega J, Prieto B (2015) PCA filtering and probabilistic SOM for network intrusion detection. Neurocomputing 164:71–81
Dixit M, Moholkar A, Limaye S, Limaye D (2018) Naive Bayes and SVM based NIDS. In: 2018 3rd International conference on inventive computation technologies (ICICT). pp 527–532
Dong H, Peng D (2018) Research on abnormal detection of ModbusTCP/IP protocol based on one-class SVM. In: 2018 33rd Youth academic annual conference of chinese association of automation (YAC). pp 398–403
Elshoush HT, Osman IM (2011) Alert correlation in collaborative intelligent intrusion detection systems—a survey. Appl Soft Comput 11:4349–4365
Emadi HS, Mazinani SM (2018) A novel anomaly detection algorithm using DBSCAN and SVM in wireless sensor networks. Wirel Pers Commun 98:2025–2035
Enache A-C, Patriciu VV (2014) Intrusions detection based on support vector machine optimized with swarm intelligence. In: 2014 IEEE 9th international symposium on applied computational intelligence and informatics (SACI). pp 153–158
Enache A-C, Sgarciu V (2014) Enhanced intrusion detection system based on bat algorithm-support vector machine. In: 2014 11th International conference on security and cryptography (SECRYPT). pp 1–6
Enache A-C, Sgârciu V (2015a) Anomaly intrusions detection based on support vector machines with an improved bat algorithm. In: 2015 20th international conference on control systems and computer science (CSCS). pp 317–321
Enache A-C, Sgârciu V (2015b) An improved bat algorithm driven by support vector machines for intrusion detection. In: International joint conference. pp 41–51
Enache A-C, Sgârciu V (2015c) A feature selection approach implemented with the Binary Bat Algorithm applied for intrusion detection. In: 2015 38th International conference on telecommunications and signal processing (TSP). pp 11–15
Enache A-C, Sgarciu V, Petrescu-Niţă A (2015) Intelligent feature selection method rooted in Binary Bat Algorithm for intrusion detection. In: 2015 IEEE 10th Jubilee international symposium on applied computational intelligence and informatics (SACI). pp 517–521
Erfani SM, Rajasegarar S, Karunasekera S, Leckie C (2016) High-dimensional and large-scale anomaly detection using a linear one-class SVM with deep learning. Pattern Recogn 58:121–134
Ergen T, Kozat SS (2019) Unsupervised anomaly detection with LSTM neural networks. IEEE Trans Neural Netw Learn Syst
Feng W, Zhang Q, Hu G, Huang JX (2014) Mining network data for intrusion detection through combining SVMs with ant colony networks. Future Gener Comput Syst 37:127–140
Feng F, Liu X, Yong B, Zhou R, Zhou Q (2019) Anomaly detection in ad-hoc networks based on deep learning model: a plug and play device. Ad Hoc Netw 84:82–89
Ganapathy S, Yogesh P, Kannan A (2012) Intelligent agent-based intrusion detection system using enhanced multiclass SVM. Comput Intell Neurosci 2012:9
Gautam SK, Om H (2016) Computational neural network regression model for Host based Intrusion Detection System. Perspect Sci 8:93–95
Ghomi EJ, Rahmani AM, Qader NN (2017) Load-balancing algorithms in cloud computing: a survey. J Netw Comput Appl 88:50–71
Gong S, Gong X, Bi X (2011) Feature selection method for network intrusion based on GQPSO attribute reduction. In: 2011 International conference on multimedia technology (ICMT). pp 6365–6368
Guo Y, Wang B, Zhao X, Xie X, Lin L, Zhou Q (2010) Feature selection based on Rough set and modified genetic algorithm for intrusion detection. In: 2010 5th international conference on computer science and education (ICCSE). pp 1441–1446
Hasan M, Islam MM, Zarif MII, Hashem M (2019) Attack and anomaly detection in IoT sensors in IoT sites using machine learning approaches. Internet of Things 7:100059
Heba FE, Darwish A, Hassanien AE, Abraham A (2010) Principle components analysis and support vector machine based intrusion detection system. In: 2010 10th International conference on intelligent systems design and applications (ISDA). pp 363–367
Hodge V, Austin J (2004) A survey of outlier detection methodologies. Artif Intell Rev 22:85–126
Hu W, Gao J, Wang Y, Wu O, Maybank S (2014) Online adaboost-based parameterized methods for dynamic distributed network intrusion detection. IEEE Trans Cybern 44:66–82
Injadat M, Salo F, Nassif AB, Essex A, Shami A (2018) Bayesian optimization with machine learning algorithms towards anomaly detection. In: 2018 IEEE global communications conference (GLOBECOM). pp 1–6
Ioannou C, Vassiliou V (2019) Classifying security attacks in IoT networks using supervised learning. In: 2019 15th International conference on distributed computing in sensor systems (DCOSS). pp 652–658
Jiang J, Yasakethu L (2013) Anomaly detection via one class svm for protection of scada systems. In: 2013 International conference on cyber-enabled distributed computing and knowledge discovery (CyberC). pp 82–88
Kabir E, Hu J, Wang H, Zhuo G (2018) A novel statistical technique for intrusion detection systems. Future Gener Comput Syst 79:303–318
Khamis SA, Foozy CFM, Ab Aziz MF, Rahim N (2020) Header based email spam detection framework using support vector machine (SVM) technique. In: International conference on soft computing and data mining. pp 57–65
Khan SA, Daachi B, Djouani K (2012) Application of fuzzy inference systems to detection of faults in wireless sensor networks. Neurocomputing 94:111–120
Khreich W, Khosravifar B, Hamou-Lhadj A, Talhi C (2017) An anomaly detection system based on variable N-gram features and one-class SVM. Inf Softw Technol 91:186–197
Kim G, Lee S, Kim S (2014) A novel hybrid intrusion detection method integrating anomaly detection with misuse detection. Expert Syst Appl 41:1690–1700
Kuang F, Xu W, Zhang S, Wang Y, Liu K (2012) A novel approach of KPCA and SVM for intrusion detection. J Comput Inf Syst 8:3237–3244
Laamari MA, Kamel N (2014) A hybrid bat based feature selection approach for intrusion detection. In: Bio-inspired computing-theories and applications. Springer, pp 230–238. https://doi.org/10.1007/978-3-662-45049-9_38
Li L, Zhao K-n (2011) A new intrusion detection system based on rough set theory and fuzzy support vector machine. In: 2011 3rd International workshop on intelligent systems and applications (ISA). pp 1–5
Liao H-J, Lin C-HR, Lin Y-C, Tung K-Y (2013) Intrusion detection system: a comprehensive review. J Netw Comput Appl 36:16–24
Lin S-W, Ying K-C, Lee C-Y, Lee Z-J (2012) An intelligent algorithm with feature selection and decision rules applied to anomaly intrusion detection. Appl Soft Comput 12:3285–3290
Liu Y, An A, Huang X (2006) Boosting prediction accuracy on imbalanced datasets with SVM ensembles. In: Pacific-Asia conference on knowledge discovery and data mining. pp 107–118
Liu Y, Huang X, An A, Yu X (2008) Modeling and predicting the helpfulness of online reviews. In: 2008 Eighth IEEE international conference on data mining. pp 443–452
Liu H, Jian Y, Liu S (2010) A new intelligent intrusion detection method based on attribute reduction and parameters optimization of SVM. In: 2010 Second international workshop on education technology and computer science (ETCS). pp 202–205
Liu W, Ren P, Liu K, Duan H-x (2011) Intrusion detection using SVM. In: 2011 7th International conference on wireless communications, networking and mobile computing (WiCOM). pp 1–4
Masdari M, Ahmadzadeh S (2017) A survey and taxonomy of the authentication schemes in Telecare Medicine Information Systems. J Netw Comput Appl 87:1–19
Masdari M, Jalali M (2016) A survey and taxonomy of DoS attacks in cloud computing. Secur Commun Netw 9:3724–3751
Masdari M, Zangakani M (2019) Green cloud computing using proactive virtual machine placement: challenges and issues. J Grid Comput 1–33
Masdari M, Ahmadzadeh S, Bidaki M (2017) Key management in wireless body area network: challenges and issues. J Netw Comput Appl 91:36–51
Mazini M, Shirazi B, Mahdavi I (2018) Anomaly network-based intrusion detection system using a reliable hybrid artificial bee colony and AdaBoost algorithms. J King Saud Univ Comput Inf Sci
Mehmod T, Rais HBM (2016) Ant colony optimization and feature selection for intrusion detection. In: Advances in machine learning and signal processing. Springer, pp 305–312. https://doi.org/10.1007/978-3-319-32213-1_27
Mewada A, Gedam P, Khan S, Reddy MU (2010) Network intrusion detection using multiclass support vector machine. Spec Issue IJCCT 1:172–175
Miao X, Liu Y, Zhao H, Li C (2018) Distributed online one-class support vector machine for anomaly detection over networks. IEEE Trans Cybern 49:1475–1488
Modi C, Patel D, Borisaniya B, Patel H, Patel A, Rajarajan M (2013) A survey of intrusion detection techniques in cloud. J Netw Comput Appl 36:42–57
Mulay SA, Devale P, Garje G (2010) Decision tree based support vector machine for intrusion detection. In: 2010 International conference on networking and information technology (ICNIT). pp 59–63
Muna A-H, Moustafa N, Sitnikova E (2018) Identification of malicious activities in industrial internet of things based on deep learning models. J Inf Secur Appl 41:1–11
Nguyen HT, Petrović S, Franke K (2010) A comparison of feature-selection methods for intrusion detection. In: International conference on mathematical methods, models, and architectures for computer network security. pp 242–255
Ning L, Jianhua Z (2012) Intrusion detection research based on improved PSO and SVM
Nskh P, Varma MN, Naik RR (2016) Principle component analysis based intrusion detection system using support vector machine. In: IEEE international conference on recent trends in electronics, information & communication technology (RTEICT). pp 1344–1350
Patel A, Taghavi M, Bakhtiyari K, JúNior JC (2013) An intrusion detection and prevention system in cloud computing: a systematic review. J Netw Comput Appl 36:25–41
Peddabachigari S, Abraham A, Grosan C, Thomas J (2007) Modeling intrusion detection system using hybrid intelligent systems. J Netw Comput Appl 30:114–132
Peng H, Sun Z, Zhao X, Tan S, Sun Z (2018) A detection method for anomaly flow in software defined network. IEEE Access 6:27809–27817
Qazanfari K, Mirpouryan MS, Gharaee H (2012) A novel hybrid anomaly based intrusion detection method. In: 2012 Sixth international symposium on telecommunications (IST). pp 942–947
Qi J, Yang P, Min G, Amft O, Dong F, Xu L (2017) Advanced internet of things for personalised healthcare systems: a survey. Pervasive Mob Comput 41:132–149
Ramamoorthi A, Subbulakshmi T, Shalinie SM (2011) Real time detection and classification of DDoS attacks using enhanced SVM with string kernels. In: 2011 International conference on recent trends in information technology (ICRTIT). pp 91–96
Rasheed W, Tang TB (2019) Anomaly detection of moderate traumatic brain injury using auto-regularized multi-instance one-class SVM. IEEE Trans Neural Syst Rehabil Eng
Reddy RR, Ramadevi Y, Sunitha KN (2016) Effective discriminant function for intrusion detection using SVM. In: 2016 International conference on advances in computing, communications and informatics (ICACCI). pp 1148–1153
Renjit JA, Shunmuganathan K (2011) Multi-agent-based anomaly intrusion detection. Inf Secur J A Glob Perspect 20:185–193
Saied A, Overill RE, Radzik T (2016) Detection of known and unknown DDoS attacks using Artificial Neural Networks. Neurocomputing 172:385–393
Sallay H, Ammar A, Saad MB, Bourouis S (2013) A real time adaptive intrusion detection alert classifier for high speed networks. In: 2013 12th IEEE international symposium on network computing and applications (NCA). pp 73–80
Sani RA, Ghasemi A (2015) Learning a new distance metric to improve an SVM-clustering based intrusion detection system. In: 2015 International symposium on artificial intelligence and signal processing (AISP). pp 284–289
Senthilnayaki B, Venkatalakshmi K, Kannan A (2015) Intrusion detection using optimal genetic feature selection and SVM based classifier. In: 2015 3rd international conference on signal processing, communication and networking (ICSCN). pp 1–4
Serkani E, Gharaee-Garakani H, Mohammadzadeh N (2019) Anomaly detection using SVM as classifier and decision tree for optimizing feature vectors. ISeCure-The ISC Int J Inf Secur 11:159–171
Shang W, Li L, Wan M, Zeng P (2015) Industrial communication intrusion detection algorithm based on improved one-class SVM. In: 2015 World congress on industrial control systems security (WCICSS). pp 21–25
Shang W, Cui J, Song C, Zhao J, Zeng P (2018) Research on industrial control anomaly detection based on FCM and SVM. In: 2018 17th IEEE international conference on trust, security and privacy in computing and communications/12th IEEE international conference on big data science and engineering (TrustCom/BigDataSE). pp 218–222
Sindhu SSS, Geetha S, Kannan A (2012) Decision tree based light weight intrusion detection using a wrapper approach. Expert Syst Appl 39:129–141
Singh K, Singh P, Kumar K (2016) A systematic review of IP traceback schemes for denial of service attacks. Comput Secur 56:111–139
Song G, Guo J, Nie Y (2011) An intrusion detection method based on multiple kernel support vector machine. In: 2011 International conference on network computing and information security (NCIS). pp 119–123
Subbulakshmi T, BalaKrishnan K, Shalinie SM, AnandKumar D, GanapathiSubramanian V, Kannathal K (2011). Detection of DDoS attacks using Enhanced Support Vector Machines with real time generated dataset. In: 2011 Third international conference on advanced computing (ICoAC). pp 17–22
Tang P, Jiang R-a, Zhao M (2010) Feature selection and design of intrusion detection system based on k-means and triangle area support vector machine. In: Second international conference on future networks, 2010. ICFN’10. pp 144–148
Tang X, Tan SX-D, Chen H-B (2018) SVM based intrusion detection using nonlinear scaling scheme. In: 2018 14th IEEE international conference on solid-state and integrated circuit technology (ICSICT). pp 1–4
Tang X, Cao R, Cheng J, Fan D, Tu W (2019) DDoS attack detection method based on V-support vector machine. In: International symposium on cyberspace safety and security. pp 42–56
Teng S, Wu N, Zhu H, Teng L, Zhang W (2018) SVM-DT-based adaptive and collaborative intrusion detection. IEEE/CAA J Autom Sin 5:108–118
Thaseen IS, Kumar CA (2014) Intrusion detection model using fusion of PCA and optimized SVM. In: 2014 International conference on contemporary computing and informatics (IC3I). pp 879–884
Tian J, Gu H (2010) Anomaly detection combining one-class SVMs and particle swarm optimization algorithms. Nonlinear Dyn 61:303–310
Tian Y, Mirzabagheri M, Bamakan SMH, Wang H, Qu Q (2018) Ramp loss one-class support vector machine; a robust and effective approach to anomaly detection problems. Neurocomputing 310:223–235
Wang X-Y, Zhang H-M, Gao H-H (2008) Quantum particle swarm optimization based network intrusion feature selection and detection. IFAC Proc Vol 41:12312–12317
Wang F, Qian Y, Dai Y, Wang Z (2010) A model based on hybrid support vector machine and self-organizing map for anomaly detection. In: 2010 International conference on communications and mobile computing (CMC). pp 97–101
Wang W, Liu J, Pitsilis G, Zhang X (2016) Abstracting massive data for lightweight intrusion detection in computer networks. Inf Sci
Wang H, Gu J, Wang S (2017) An effective intrusion detection framework based on SVM with feature augmentation. Knowl Based Syst 136:130–139
Wani AR, Rana Q, Saxena U, Pandey N (2019) Analysis and detection of DDoS attacks on cloud computing environment using machine learning techniques. In: 2019 Amity international conference on artificial intelligence (AICAI). pp 870–875
Wressnegger C, Schwenk G, Arp D, Rieck K (2013) A close look on n-grams in intrusion detection: anomaly detection vs. classification. In: Proceedings of the 2013 ACM workshop on artificial intelligence and security. pp 67–76
Xie Y, Zhang Y (2012) An intelligent anomaly analysis for intrusion detection based on SVM. In: 2012 International conference on computer science and information processing (CSIP). pp 739–742
Yan Q, Yu FR, Gong Q, Li J (2015) Software-defined networking (SDN) and distributed denial of service (DDoS) attacks in cloud computing environments: a survey, some research issues, and challenges. IEEE Commun Surv Tutor 18:602–622
Yang M, Rajasegarar S, Erfani SM, Leckie C (2019) Deep learning and one-class SVM based anomalous crowd detection. In: 2019 International joint conference on neural networks (IJCNN). pp 1–8
Yaseen M, Saleem K, Orgun MA, Derhab A, Abbas H, Al-Muhtadi J, Iqbal W, Rashid I (2018) Secure sensors data acquisition and communication protection in eHealthcare: review on the state of the art. Telemat Inform 35:702–726
Yessad N, Omar M, Tari A, Bouabdallah A (2018) QoS-based routing in wireless body area networks: a survey and taxonomy. Computing 100:245–275
Yi Y, Wu J, Xu W (2011) Incremental SVM based on reserved set for network intrusion detection. Expert Syst Appl 38:7698–7707
Yuan J, Li H, Ding S, Cao L (2010) Intrusion detection model based on improved support vector machine. In: 2010 Third international symposium on intelligent information technology and security informatics (IITSI). pp 465–469
Zaman M, Lung C-H (2018) Evaluation of machine learning techniques for network intrusion detection. In: NOMS 2018-2018 IEEE/IFIP network operations and management symposium. pp 1–5
Zarpelão BB, Miani RS, Kawakani CT, de Alvarenga SC (2017) A survey of intrusion detection in Internet of Things. J Netw Comput Appl 84:25–37
Zhang Z, Shen H (2005) Application of online-training SVMs for real-time intrusion detection with different considerations. Comput Commun 28:1428–1442
Zhang X, Jia L, Shi H, Tang Z, Wang X (2012) The application of machine learning methods to intrusion detection. In: 2012 Spring congress on engineering and technology (S-CET). pp 1–4
Zhang M, Xu B, Gong J (2015) An anomaly detection model based on one-class svm to detect network intrusions. In: 2015 11th International conference on mobile ad-hoc and sensor networks (MSN). pp 102–107
Zhang Y, Yang Q, Lambotharan S, Kyriakopoulos K, Ghafir I, AsSadhan B (2019) Anomaly-based network intrusion detection using SVM. In: 2019 11th International conference on wireless communications and signal processing (WCSP). pp 1–6
Zhou CV, Leckie C, Karunasekera S (2010) A survey of coordinated attacks and collaborative intrusion detection. Comput Secur 29:124–140
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
The authors declare that they have no conflict of interest.
Additional information
Communicated by V. Loia.
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Hosseinzadeh, M., Rahmani, A.M., Vo, B. et al. Improving security using SVM-based anomaly detection: issues and challenges. Soft Comput 25, 3195–3223 (2021). https://doi.org/10.1007/s00500-020-05373-x
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00500-020-05373-x