Abstract
The state of the art is explored in using soft computing (SC) methods for network intrusion detection, including the examination of efforts in ten specific areas of SC as well as consecutive, ensemble, and hybrid combinations. Numerous comparisons of these methods are listed followed by a recommendation for future research. This paper can be used as a reference of strategies, and as a resource for planning future research.
Similar content being viewed by others
References
Abraham A, Jain R (2004) Soft computing models for network intrusion detection systems. http://arxiv.org/ftp/cs/papers/0405/0405046.pdf. Accessed 15 May 2008
Abraham A, Jain R, Sanyal S, Han SY (2004) Scids: a soft computing intrusion detection system. In: 6th international workshop on distributed computing (IWDC 2004). Springer, Berlin, pp 252–257
Abraham A, Jain R, Thomas J, Han SY (2007a) D-scids: distributed soft computing intrusion detection system. J Network Comput Appl 30:81–98
Abraham A, Grosan C, Martin-Vide C (2007b) Evolutionary design of intrusion detection programs. Int J Network Security 4(3):328–339
Acohido B (2009) Hackers breach heartland payment credit card system. http://www.usatoday.com/money/perfi/credit/2009-01-20-heartland-credit-card-security-breach_N.htm. Accessed 11 March 2009
Amoroso EG (1999) Intrusion detection: an introduction to internet surveillance, correlation, trace back, traps, and response. Intrusion.Net Books, NJ
Bayes T (1763) An essay towards solving a problem in the doctrine of chances. Philos Trans Roy Soc Lond 53:370–418
Biermann E, Cloete E, Venter LM (2001) A comparison of intrusion detection systems. Comput Security 20:676–683
Bonifacio JM, Cansian AM, de Carvalho ACPLF, Moreira ES (1998) Neural networks applied in intrusion detection system. In: The IEEE international joint conference, pp 205–210
Bonissone PP (2000) Hybrid soft computing systems: Where are we going?, http://www.cs.berkeley.edu/nikraves/bisc/Present/Fall0/Pieroecai2000v4.pdf (5/7/08)
Bridges SM, Vaughn RB (2000) Fuzzy data mining and genetic algorithms applied to intrusion detection. In: National information systems security conference, vol. 1. 16–19 October, pp 13–26
Chavan S, Shah K, Dave N, Mukherjee S (2004) Adaptive neuro-fuzzy intrusion detection systems. In: IEEE international conference on information technology: coding and computing (ITCC’04). IEEE Computer Society Press, Los Alamitos, CA, pp 70–74
Chen W-H, Hsu S-H, Shen H-P (2005a) Application of svm and ann for intrusion detection. Comput Oper Res 32(10):2617–2634
Chen Y, Abraham A, Yang J (2005b) Feature deduction and intrusion detection using flexible neural trees. In: Second IEEE International Symposium on Neural Networks (ISNN 2005)
Chen Y, Zhang Y, Abraham A (2006) Estimation of distribution algorithm for optimization of neural networks for intrusion detection system. In: Rutkowski L, Tadeusiewicz R, Zadeh LA, Zurada J (eds) Artificial intelligence and soft computing—ICAISC 2006. Springer, New York
Cho S-B (2002) Incorporating soft computing techniques into a probabilistic intrusion detection system. IEEE Trans Syst Man Cybernet 32(2):154
Chou T-S, Yen KK (2007) Fuzzy belief k-nearest neighbors anomaly detection of user to root and remote to local attacks. In: The 2007 IEEE workshop on information assurance, United States Military Academy, West Point, NY, pp 207–213
Cohen F (1987) Computer viruses: theory and experiments. Comput Security 6(1):22–35
Colorni A, Dorigo M, Maniezzo V (1991) Distributed optimization by ant colonies. In: European conference on artificial life, Elsevier Publishing, Paris, France, pp 134–142
Copeland JA, Garcia RC (2001) Real-time anomaly detection using soft computing techniques. In: IEEE Southeast Conference 2001
Dasgupta D, Nino LF (2009) Immunological computation. CRC Press, Boca Raton
Dempster A (1967) Upper and lower probabilities induced by a multivalued mapping. Ann Math Stat 38(2):325–339
Denning DE (1986) An intrusion-detection model. IEEE Trans Software Eng 13(2):118–131
Depren O, Topallar M, Anarim E, Ciliz MK (2005) An intelligent intrusion detection system (ids) for anomaly and misuse detection in computer networks. Exp Syst Appl 29(4):713–722
Dhanalakshmi Y, Ramesh Babu I (2008) Intrusion detection using data mining along fuzzy logic and genetic algorithms. Int J Comput Sci Security 8(2):27–32
Eberhart R, Kennedy J (1995) A new optimizer using particle swarm theory. In: Sixth international symposium on micro machine and human science. IEEE Service Center, Piscataway
Ensafi R, Dehghanzadeh S, Mohammad R, Akbarzadeh T (2008) Optimizing fuzzy k-means for network anomaly detection using pso. In: ACS/IEEE international conference on computer systems and applications, Doha, Qatar
Feng Y, Wu Z-f, Zhong J, Ye C-x, Wu K-g (2008) An enhanced swarm intelligence clustering-based rbf neural network detection classifier. In: Fourth international conference on intelligent computing, Springer, Shanghai, China, pp 526–533
Foukia N, Hassas S, Fenet S, Albuquerque P (2003) Combining immune systems and social insect metaphors: a paradigm for distributed intrusion detection and response system. In: Mobile agents for telecommunications applications, 5th international workshop, MATA, Marrakech, Morocco
Garcia RC, Copeland JA (2000) Soft computing tools to detect and characterize anomalous network behavior. In: IEEE Southeast conference 2000
Ghosh AK, Schwartzbard A, Schatz M (1999) Learning program behavior profiles for intrusion detection. In: Workshop on intrusion detection and network monitoring, Santa Clara, CA, USENIX
Ghosh AK, Schwartzbard A (1999) A study in using neural networks for anomaly and misuse detection. In: Usenix security symposium, Washington, DC
Gunes Kayacik H, Nur Zincir-Heywood A (2006) Using self-organizing maps to build an attack map for forensic analysis. In: ACM international conference on privacy, security, and trust (PST 2006), pp 285–293
Helman P, Liepins G, Richards W (1992) Foundations of intrusion detection. In: The IEEE computer security foundations workshop V. IEEE Press, New York
Herrero A, Corchado E, Pellicer MA, Abraham A (2009) Movih-ids: a mobile-visualization hybrid intrusion detection system. Neurocomputing 72:2775–2784
Ilgun K, Kemmerer RA, Porras PA (1995) State transition analysis: a rule-based intrusion detection approach. IEEE Trans Software Eng 21(3):181–199
Katar C (2006) Combining multiple techniques for intrusion detection. Int J Comput Sci Network Security 6(2B):208–218
Kaynak O, Zadeh LA, Turksen B, Rudas IJ (1998) Computational Intelligence: soft computing and fuzzy-neuro integration with applications, volume 162 of series F: computers and systems sciences. Springer, New York
Kohlenberg T, Alder R Jr, Carter EF, (Skip), Foster JC, Jonkman M, Marty R, Poor M (2007) Snort IDS and IPS Toolkit. Open Source Security. Syngress
Kumar S, Spafford EH (1994) An application of pattern matching in intrusion detection. Technical report, Purdue University
Langin C, Zhou H, Gupta B, Rahimi S, Sayeh MR (2009) A self-organizing map and its modeling for discovering malignant network traffic. In: 2009 IEEE symposium on computational intelligence in Cyber Security, Nashville, TN, USA
Langin C, Zhou H, Rahimi S (2008) A model to use denied internet traffic to indirectly discover internal network security problems. In: The first IEEE international workshop on information and data assurance, Austin, Texas, USA
Lazarevic A, Kumar V, Srivastava J (2005) Intrusion detection: as urvey. In Kumar V, Srivastava, J, Lazarevic A (eds) Managing cyber threats, Springer, New York, pp 19–78
Lee SC, Heinbuch DV (2001) Training a neural-network based intrusion detector to recognize novel attacks. IEEE Trans Syst Man Cybernet A 31:294–299
Li Y, Ge Y, Jing X, Bo Z (2008) A new intrusion detection method based on fuzzy hmm. In: 3rd IEEE conference on industrial electronics and applications, Singapore
Lin C-C, Wang M-S (2008) Genetic-clustering algorithm for intrusion detection system. Int J Inform Comput Security 2(2):218–234
Lippmann R, Haines JW, Fried DJ, Korba J, Das K (2000a) Analysis and results of the 1999 darpa off-line intrusion detection evaluation. In: Debar H, Me L, Wu SF (eds) Recent advances in intrusion detection, third International Workshop (RAID). Springer, Toulouse, France, pp 162–182
Lippmann RP, Fried DJ, Graf i, Haines JW, Kendall KR, McClung D, Weber D, Webster SE, Wyschogrod D, Cunningham RK, Zissman MA (2000b) Evaluating intrusion detection systems: the 1998 darpa off-line intrusion detection evaluation. In: The 2000 DARPA information survivability conference and exposition (DISCEX), vol 2. IEEE Computer Society Press, Los Alamitos, CA, pp 12–26
Livadas C, Walsh B, Lapsley D, Strayer T (2006) Using machine learning techniques to identify botnet traffic. In: Second IEEE LCN workshop on network security (WNS), Tampa, FL, USA
Lunt TF (1990) Ides: an intelligent system for detecting intruders. In: Computer security, threat and countermeasures, Italy
Lunt TF (1993) A survey of intrusion detection techniques. Comput Security 12:405–418
Ma R, Liu Y, Lin X, Wang Z (2008) Network anomaly detection using rbf neural network with hybrid qpso. In: IEEE international conference on networking, sensing and control (ICNSC 2008), Sanya
Mahoney MV, Chan PK (2002) Learning nonstationary models of normal network traffic for detecting novel attacks. In: 8th ACM SIGKDD international conference on knowledge discovery and data mining. ACM Press, pp 376–385
Maloof MA, Stephens GD (2007) Elicit: a system for detecting insiders who violate need-to-know. In: Kruegel C, Lippmann R, Clark A (eds) Recent advances in intrusion detection. In: 10th international symposium, RAID 2007, volume 4637 of Lecture Notes in Computer Science, Springer, Gold Coast, Australia, pp 146–166
Marin-Blazquez J, Martinez Perez G (2008) Intrusion detection using a linguistic hedged fuzzy-xcs. Soft Comput Fusion Found Methodolog Appl 13(3):273–290
McCulloch WS, Pitts W (1943) A logical calculus of the ideas immanent in nervous activity. Bull Math Biophys 5:115–133
Me L (1998) A genetic algorithm as an alternative tool for security audit trails analysis. In: Recent advances in intrusion detection (RAID’98)
Michailidis E, Katsikas SK, Georgopoulos E (2008) Intrusion detection using evolutionary neural networks. In: Panhellenic conference on informatics (PCI 2008), pp 8–12
Mukkamala S, Janoski G, Sung A (2001) Monitoring systsem security using neural networks and support vector machines. In: International workshop on hybrid intelligent systems, pp 121–138
Mukkamala S, Sung A, Abraham A (2004a) Designing intrusion detection systems: architectures and perspectives. In: The international engineering consortium (IEC) annual review of communications, vol 57, pp 1229–1241
Mukkamala S, Sung A, Abraham A (2007) Hybrid multi-agent framework for detection of stealthy probes. Appl Soft Comput J 7(3):631–641
Mukkamala S, Sung AH, Abraham A (2003) Intrusion detection using ensemble of soft computing paradigms. In: Third international conference on intelligent systems design and applications, advances in soft computing. Springer, New York, pp 239–248
Mukkamala S, Sung AH, Abraham A (2004b) Modeling intrusion detection systems using linear genetic programming approach. In: 17th international conference on industrial and engineering applications of artificial intelligence and expert systems, volume 3029 of Lecture Notes in Computer Science. Springer, New York, pp 633–642
Newsome J, Karp B, Song D (2006) Paragraph: thwarting signature learning by training maliciously. In: Zamboni D, Kruegel C (eds) Recent advances in intrusion detection, 9th international symposium, RAID 2006, volume 4219 of Lecture Notes in Computer Science. Springer, Hamburg, Germany, pp 81–105
Noel S, Wijesekera D, Youman C (2002) Modern intrusion detection, data mining, and degrees of attack guilt. In: Barbara D, Jajodia S (eds) Applications of data mining in computer security, advances in information security. Kluwer, Dordrecht
Ourston D, Matzner S, Stump W, Hopkins B (2004) Coordinated internet attacks: responding to attack complexity. J Comput Security 12:165–190
Pang R, Yegneswaran V, Barford P, Paxson V, Peterson L (2004) Characteristics of internet background radiation. In: Proceedings of ACM IMC, NY
Peddabachigari S, Abraham A, Grosan C, Thomas J (2007) Modeling intrusion detection system using hybrid intelligent systems. J Network Comput Appl 30(1):114–132
Powers ST, He J (2008) A hybrid artificial immune system and self organizing map for network intrusion detection. Inform Sci 178(15):3024–3042
Ramos V, Abraham A (2005) Antids: self organized ant-based clustering model for intrusion detection system. In: The Fourth IEEE international workshop on soft computing as transdisciplinary science and technology (WSTST’05), Springer, New York, pp 977–986
Scott SL (2004) A bayesian paradigm for designing intrusion detection systems. Comput Stat Data Anal 45(1):69–83
Shafer G (1976) A mathematical theory of evidence. Princeton University Press, Princeton
Shah K, Dave N, Chavan S, Mukherjee S, Abraham A, Sanyal S (2004) Adaptive neuro-fuzzy intrusion detection system. In: IEEE international conference on ITCC’04, vol 1. pp 70–74
Somayaji A, Hofmeyr S, Forrest S (1997) Principles of a computer immune system. New security paradigms workshop, Langdale, Cumbria, UK
Su M-Y, Yu G-J, Lin C-Y (2009) A real-time network intrusion detection system for large-scale attacks based on an incremental mining approach. Comput Security 75:301–309
Sultan Z (2009) Multiple simultaneous threat detection in unix environment. Int J Comput Sci Network Security 9(2):65–75
Svensson H, Josang A (2001) Correlation of intrusion alarms with subjective logic. In: The sixth nordic workshop on secure IT systems (NordSec 2001), Copenhagen, Denmark
Tao L, Yuan-bin H, Ai-ling Q, Xin-Tan C (2009) Feature optimization based on artificial fish-swarm algorithm in intrusion detection. In: 2009 international conference on networks, security, wireless communications and trusted computing, Hube, Wuhan, pp 542–545
Tillapart P, Thumthawatworn T, Santiprabhob P (2002) Fuzzy intrusion detection system. Assump Univ J Technol (AU J.T.) 6(2):109–114
Wang W, Gombault S, Guyet T (2008) Towards fast detecting intrusions: using key attributes of network traffic. In: The third international conference on internet monitoring and protection, IEEE Press, New York, pp 86–91
Wang Y, Yang H, Wang X, Zhang R (2004) Distributed intrusion detection system based on data fusion method. In: The 5th world congress on intelligent control and automation, IEEE, Hangzhou, PR China, pp 4331–4334
Yang Z, Karahoca A, Yang N, Aydin N (2008) Network intrusion detection by using cellular neural network with tabu search. In: Bio-inspired learning and intelligent systems for security, 2008. BLISS’08
Zadeh LA (1965) Fuzzy sets. Inform Control 9:338–353
Zadeh LA (1994a) Fuzzy logic, neural networks, and soft computing. Commun ACM 37(3):77–84
Zadeh LA (1994b) History; bisc during 90’s, http://www-bisc.cs.berkeley.edu/BISCProgram/History.htm. Accessed 7July 2008
Zadeh LA (1998a) Roles of soft computing and fuzzy logic in the conception, design and deployment of information/intelligent systems. In: Kaynak O, Zadeh LA, Turksen B, Rudas IJ (eds) Computational intelligence: soft computing and fuzzy-neuro integration with applications, vol 162. Springer, New York
Zadeh LA (1998b) Some reflections on soft computing, granular computing and their roles in the conception, design and utilitzation of information/intelligent systems. Soft Comput Fusion Found Method Appl 2(1):23–25
Zanero S (2008) Unsupervised learning algorithms for intrusion detection. PhD thesis, Politecnico di Milano
Zhengdao Z, Zhumiao P, Zhiping Z (2008) The study of intrusion prediction based on hsmm. In: IEEE Asia-Pacific services computing conference (APSCC 2008). Yilan, Taiwan
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Langin, C., Rahimi, S. Soft computing in intrusion detection: the state of the art. J Ambient Intell Human Comput 1, 133–145 (2010). https://doi.org/10.1007/s12652-010-0012-4
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12652-010-0012-4
Keywords
- Artificial immune systems (AIS)
- Artificial neural networks (ANN)
- Bayes reasoning
- Decision trees (DT)
- Dempster–Shafer (D–S)
- Ensemble combinations
- Evolutionary computing (EC)
- Feature selection
- Fuzzy reasoning
- Hidden Markov model (HMM)
- Hybrid combinations
- Intrusion detection systems (IDS)
- Self-organizing maps (SOM)
- Soft computing
- State of the art
- Swarm intelligence