Skip to main content
SpringerLink
Log in

Soft computing in intrusion detection: the state of the art

  • Original Research
  • Published:
Journal of Ambient Intelligence and Humanized Computing Aims and scope Submit manuscript

Abstract

The state of the art is explored in using soft computing (SC) methods for network intrusion detection, including the examination of efforts in ten specific areas of SC as well as consecutive, ensemble, and hybrid combinations. Numerous comparisons of these methods are listed followed by a recommendation for future research. This paper can be used as a reference of strategies, and as a resource for planning future research.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6

Similar content being viewed by others

References

  • Abraham A, Jain R (2004) Soft computing models for network intrusion detection systems. http://arxiv.org/ftp/cs/papers/0405/0405046.pdf. Accessed 15 May 2008

  • Abraham A, Jain R, Sanyal S, Han SY (2004) Scids: a soft computing intrusion detection system. In: 6th international workshop on distributed computing (IWDC 2004). Springer, Berlin, pp 252–257

  • Abraham A, Jain R, Thomas J, Han SY (2007a) D-scids: distributed soft computing intrusion detection system. J Network Comput Appl 30:81–98

    Article  Google Scholar 

  • Abraham A, Grosan C, Martin-Vide C (2007b) Evolutionary design of intrusion detection programs. Int J Network Security 4(3):328–339

    Google Scholar 

  • Acohido B (2009) Hackers breach heartland payment credit card system. http://www.usatoday.com/money/perfi/credit/2009-01-20-heartland-credit-card-security-breach_N.htm. Accessed 11 March 2009

  • Amoroso EG (1999) Intrusion detection: an introduction to internet surveillance, correlation, trace back, traps, and response. Intrusion.Net Books, NJ

  • Bayes T (1763) An essay towards solving a problem in the doctrine of chances. Philos Trans Roy Soc Lond 53:370–418

    Article  Google Scholar 

  • Biermann E, Cloete E, Venter LM (2001) A comparison of intrusion detection systems. Comput Security 20:676–683

    Article  Google Scholar 

  • Bonifacio JM, Cansian AM, de Carvalho ACPLF, Moreira ES (1998) Neural networks applied in intrusion detection system. In: The IEEE international joint conference, pp 205–210

  • Bonissone PP (2000) Hybrid soft computing systems: Where are we going?, http://www.cs.berkeley.edu/nikraves/bisc/Present/Fall0/Pieroecai2000v4.pdf (5/7/08)

  • Bridges SM, Vaughn RB (2000) Fuzzy data mining and genetic algorithms applied to intrusion detection. In: National information systems security conference, vol. 1. 16–19 October, pp 13–26

  • Chavan S, Shah K, Dave N, Mukherjee S (2004) Adaptive neuro-fuzzy intrusion detection systems. In: IEEE international conference on information technology: coding and computing (ITCC’04). IEEE Computer Society Press, Los Alamitos, CA, pp 70–74

  • Chen W-H, Hsu S-H, Shen H-P (2005a) Application of svm and ann for intrusion detection. Comput Oper Res 32(10):2617–2634

    Article  MATH  Google Scholar 

  • Chen Y, Abraham A, Yang J (2005b) Feature deduction and intrusion detection using flexible neural trees. In: Second IEEE International Symposium on Neural Networks (ISNN 2005)

  • Chen Y, Zhang Y, Abraham A (2006) Estimation of distribution algorithm for optimization of neural networks for intrusion detection system. In: Rutkowski L, Tadeusiewicz R, Zadeh LA, Zurada J (eds) Artificial intelligence and soft computing—ICAISC 2006. Springer, New York

  • Cho S-B (2002) Incorporating soft computing techniques into a probabilistic intrusion detection system. IEEE Trans Syst Man Cybernet 32(2):154

    Article  Google Scholar 

  • Chou T-S, Yen KK (2007) Fuzzy belief k-nearest neighbors anomaly detection of user to root and remote to local attacks. In: The 2007 IEEE workshop on information assurance, United States Military Academy, West Point, NY, pp 207–213

  • Cohen F (1987) Computer viruses: theory and experiments. Comput Security 6(1):22–35

    Article  Google Scholar 

  • Colorni A, Dorigo M, Maniezzo V (1991) Distributed optimization by ant colonies. In: European conference on artificial life, Elsevier Publishing, Paris, France, pp 134–142

  • Copeland JA, Garcia RC (2001) Real-time anomaly detection using soft computing techniques. In: IEEE Southeast Conference 2001

  • Dasgupta D, Nino LF (2009) Immunological computation. CRC Press, Boca Raton

  • Dempster A (1967) Upper and lower probabilities induced by a multivalued mapping. Ann Math Stat 38(2):325–339

    Article  MATH  MathSciNet  Google Scholar 

  • Denning DE (1986) An intrusion-detection model. IEEE Trans Software Eng 13(2):118–131

    Google Scholar 

  • Depren O, Topallar M, Anarim E, Ciliz MK (2005) An intelligent intrusion detection system (ids) for anomaly and misuse detection in computer networks. Exp Syst Appl 29(4):713–722

    Article  Google Scholar 

  • Dhanalakshmi Y, Ramesh Babu I (2008) Intrusion detection using data mining along fuzzy logic and genetic algorithms. Int J Comput Sci Security 8(2):27–32

    Google Scholar 

  • Eberhart R, Kennedy J (1995) A new optimizer using particle swarm theory. In: Sixth international symposium on micro machine and human science. IEEE Service Center, Piscataway

  • Ensafi R, Dehghanzadeh S, Mohammad R, Akbarzadeh T (2008) Optimizing fuzzy k-means for network anomaly detection using pso. In: ACS/IEEE international conference on computer systems and applications, Doha, Qatar

  • Feng Y, Wu Z-f, Zhong J, Ye C-x, Wu K-g (2008) An enhanced swarm intelligence clustering-based rbf neural network detection classifier. In: Fourth international conference on intelligent computing, Springer, Shanghai, China, pp 526–533

  • Foukia N, Hassas S, Fenet S, Albuquerque P (2003) Combining immune systems and social insect metaphors: a paradigm for distributed intrusion detection and response system. In: Mobile agents for telecommunications applications, 5th international workshop, MATA, Marrakech, Morocco

  • Garcia RC, Copeland JA (2000) Soft computing tools to detect and characterize anomalous network behavior. In: IEEE Southeast conference 2000

  • Ghosh AK, Schwartzbard A, Schatz M (1999) Learning program behavior profiles for intrusion detection. In: Workshop on intrusion detection and network monitoring, Santa Clara, CA, USENIX

  • Ghosh AK, Schwartzbard A (1999) A study in using neural networks for anomaly and misuse detection. In: Usenix security symposium, Washington, DC

  • Gunes Kayacik H, Nur Zincir-Heywood A (2006) Using self-organizing maps to build an attack map for forensic analysis. In: ACM international conference on privacy, security, and trust (PST 2006), pp 285–293

  • Helman P, Liepins G, Richards W (1992) Foundations of intrusion detection. In: The IEEE computer security foundations workshop V. IEEE Press, New York

  • Herrero A, Corchado E, Pellicer MA, Abraham A (2009) Movih-ids: a mobile-visualization hybrid intrusion detection system. Neurocomputing 72:2775–2784

    Article  Google Scholar 

  • Ilgun K, Kemmerer RA, Porras PA (1995) State transition analysis: a rule-based intrusion detection approach. IEEE Trans Software Eng 21(3):181–199

    Google Scholar 

  • Katar C (2006) Combining multiple techniques for intrusion detection. Int J Comput Sci Network Security 6(2B):208–218

    Google Scholar 

  • Kaynak O, Zadeh LA, Turksen B, Rudas IJ (1998) Computational Intelligence: soft computing and fuzzy-neuro integration with applications, volume 162 of series F: computers and systems sciences. Springer, New York

  • Kohlenberg T, Alder R Jr, Carter EF, (Skip), Foster JC, Jonkman M, Marty R, Poor M (2007) Snort IDS and IPS Toolkit. Open Source Security. Syngress

  • Kumar S, Spafford EH (1994) An application of pattern matching in intrusion detection. Technical report, Purdue University

  • Langin C, Zhou H, Gupta B, Rahimi S, Sayeh MR (2009) A self-organizing map and its modeling for discovering malignant network traffic. In: 2009 IEEE symposium on computational intelligence in Cyber Security, Nashville, TN, USA

  • Langin C, Zhou H, Rahimi S (2008) A model to use denied internet traffic to indirectly discover internal network security problems. In: The first IEEE international workshop on information and data assurance, Austin, Texas, USA

  • Lazarevic A, Kumar V, Srivastava J (2005) Intrusion detection: as urvey. In Kumar V, Srivastava, J, Lazarevic A (eds) Managing cyber threats, Springer, New York, pp 19–78

  • Lee SC, Heinbuch DV (2001) Training a neural-network based intrusion detector to recognize novel attacks. IEEE Trans Syst Man Cybernet A 31:294–299

    Article  Google Scholar 

  • Li Y, Ge Y, Jing X, Bo Z (2008) A new intrusion detection method based on fuzzy hmm. In: 3rd IEEE conference on industrial electronics and applications, Singapore

  • Lin C-C, Wang M-S (2008) Genetic-clustering algorithm for intrusion detection system. Int J Inform Comput Security 2(2):218–234

    Article  Google Scholar 

  • Lippmann R, Haines JW, Fried DJ, Korba J, Das K (2000a) Analysis and results of the 1999 darpa off-line intrusion detection evaluation. In: Debar H, Me L, Wu SF (eds) Recent advances in intrusion detection, third International Workshop (RAID). Springer, Toulouse, France, pp 162–182

  • Lippmann RP, Fried DJ, Graf i, Haines JW, Kendall KR, McClung D, Weber D, Webster SE, Wyschogrod D, Cunningham RK, Zissman MA (2000b) Evaluating intrusion detection systems: the 1998 darpa off-line intrusion detection evaluation. In: The 2000 DARPA information survivability conference and exposition (DISCEX), vol 2. IEEE Computer Society Press, Los Alamitos, CA, pp 12–26

  • Livadas C, Walsh B, Lapsley D, Strayer T (2006) Using machine learning techniques to identify botnet traffic. In: Second IEEE LCN workshop on network security (WNS), Tampa, FL, USA

  • Lunt TF (1990) Ides: an intelligent system for detecting intruders. In: Computer security, threat and countermeasures, Italy

  • Lunt TF (1993) A survey of intrusion detection techniques. Comput Security 12:405–418

    Article  Google Scholar 

  • Ma R, Liu Y, Lin X, Wang Z (2008) Network anomaly detection using rbf neural network with hybrid qpso. In: IEEE international conference on networking, sensing and control (ICNSC 2008), Sanya

  • Mahoney MV, Chan PK (2002) Learning nonstationary models of normal network traffic for detecting novel attacks. In: 8th ACM SIGKDD international conference on knowledge discovery and data mining. ACM Press, pp 376–385

  • Maloof MA, Stephens GD (2007) Elicit: a system for detecting insiders who violate need-to-know. In: Kruegel C, Lippmann R, Clark A (eds) Recent advances in intrusion detection. In: 10th international symposium, RAID 2007, volume 4637 of Lecture Notes in Computer Science, Springer, Gold Coast, Australia, pp 146–166

  • Marin-Blazquez J, Martinez Perez G (2008) Intrusion detection using a linguistic hedged fuzzy-xcs. Soft Comput Fusion Found Methodolog Appl 13(3):273–290

    Google Scholar 

  • McCulloch WS, Pitts W (1943) A logical calculus of the ideas immanent in nervous activity. Bull Math Biophys 5:115–133

    Article  MATH  MathSciNet  Google Scholar 

  • Me L (1998) A genetic algorithm as an alternative tool for security audit trails analysis. In: Recent advances in intrusion detection (RAID’98)

  • Michailidis E, Katsikas SK, Georgopoulos E (2008) Intrusion detection using evolutionary neural networks. In: Panhellenic conference on informatics (PCI 2008), pp 8–12

  • Mukkamala S, Janoski G, Sung A (2001) Monitoring systsem security using neural networks and support vector machines. In: International workshop on hybrid intelligent systems, pp 121–138

  • Mukkamala S, Sung A, Abraham A (2004a) Designing intrusion detection systems: architectures and perspectives. In: The international engineering consortium (IEC) annual review of communications, vol 57, pp 1229–1241

  • Mukkamala S, Sung A, Abraham A (2007) Hybrid multi-agent framework for detection of stealthy probes. Appl Soft Comput J 7(3):631–641

    Article  Google Scholar 

  • Mukkamala S, Sung AH, Abraham A (2003) Intrusion detection using ensemble of soft computing paradigms. In: Third international conference on intelligent systems design and applications, advances in soft computing. Springer, New York, pp 239–248

  • Mukkamala S, Sung AH, Abraham A (2004b) Modeling intrusion detection systems using linear genetic programming approach. In: 17th international conference on industrial and engineering applications of artificial intelligence and expert systems, volume 3029 of Lecture Notes in Computer Science. Springer, New York, pp 633–642

  • Newsome J, Karp B, Song D (2006) Paragraph: thwarting signature learning by training maliciously. In: Zamboni D, Kruegel C (eds) Recent advances in intrusion detection, 9th international symposium, RAID 2006, volume 4219 of Lecture Notes in Computer Science. Springer, Hamburg, Germany, pp 81–105

  • Noel S, Wijesekera D, Youman C (2002) Modern intrusion detection, data mining, and degrees of attack guilt. In: Barbara D, Jajodia S (eds) Applications of data mining in computer security, advances in information security. Kluwer, Dordrecht

  • Ourston D, Matzner S, Stump W, Hopkins B (2004) Coordinated internet attacks: responding to attack complexity. J Comput Security 12:165–190

    Google Scholar 

  • Pang R, Yegneswaran V, Barford P, Paxson V, Peterson L (2004) Characteristics of internet background radiation. In: Proceedings of ACM IMC, NY

  • Peddabachigari S, Abraham A, Grosan C, Thomas J (2007) Modeling intrusion detection system using hybrid intelligent systems. J Network Comput Appl 30(1):114–132

    Article  Google Scholar 

  • Powers ST, He J (2008) A hybrid artificial immune system and self organizing map for network intrusion detection. Inform Sci 178(15):3024–3042

    Article  Google Scholar 

  • Ramos V, Abraham A (2005) Antids: self organized ant-based clustering model for intrusion detection system. In: The Fourth IEEE international workshop on soft computing as transdisciplinary science and technology (WSTST’05), Springer, New York, pp 977–986

  • Scott SL (2004) A bayesian paradigm for designing intrusion detection systems. Comput Stat Data Anal 45(1):69–83

    Article  MATH  Google Scholar 

  • Shafer G (1976) A mathematical theory of evidence. Princeton University Press, Princeton

  • Shah K, Dave N, Chavan S, Mukherjee S, Abraham A, Sanyal S (2004) Adaptive neuro-fuzzy intrusion detection system. In: IEEE international conference on ITCC’04, vol 1. pp 70–74

  • Somayaji A, Hofmeyr S, Forrest S (1997) Principles of a computer immune system. New security paradigms workshop, Langdale, Cumbria, UK

  • Su M-Y, Yu G-J, Lin C-Y (2009) A real-time network intrusion detection system for large-scale attacks based on an incremental mining approach. Comput Security 75:301–309

    Google Scholar 

  • Sultan Z (2009) Multiple simultaneous threat detection in unix environment. Int J Comput Sci Network Security 9(2):65–75

    Google Scholar 

  • Svensson H, Josang A (2001) Correlation of intrusion alarms with subjective logic. In: The sixth nordic workshop on secure IT systems (NordSec 2001), Copenhagen, Denmark

  • Tao L, Yuan-bin H, Ai-ling Q, Xin-Tan C (2009) Feature optimization based on artificial fish-swarm algorithm in intrusion detection. In: 2009 international conference on networks, security, wireless communications and trusted computing, Hube, Wuhan, pp 542–545

  • Tillapart P, Thumthawatworn T, Santiprabhob P (2002) Fuzzy intrusion detection system. Assump Univ J Technol (AU J.T.) 6(2):109–114

    Google Scholar 

  • Wang W, Gombault S, Guyet T (2008) Towards fast detecting intrusions: using key attributes of network traffic. In: The third international conference on internet monitoring and protection, IEEE Press, New York, pp 86–91

  • Wang Y, Yang H, Wang X, Zhang R (2004) Distributed intrusion detection system based on data fusion method. In: The 5th world congress on intelligent control and automation, IEEE, Hangzhou, PR China, pp 4331–4334

  • Yang Z, Karahoca A, Yang N, Aydin N (2008) Network intrusion detection by using cellular neural network with tabu search. In: Bio-inspired learning and intelligent systems for security, 2008. BLISS’08

  • Zadeh LA (1965) Fuzzy sets. Inform Control 9:338–353

    Article  MathSciNet  Google Scholar 

  • Zadeh LA (1994a) Fuzzy logic, neural networks, and soft computing. Commun ACM 37(3):77–84

    Article  MathSciNet  Google Scholar 

  • Zadeh LA (1994b) History; bisc during 90’s, http://www-bisc.cs.berkeley.edu/BISCProgram/History.htm. Accessed 7July 2008

  • Zadeh LA (1998a) Roles of soft computing and fuzzy logic in the conception, design and deployment of information/intelligent systems. In: Kaynak O, Zadeh LA, Turksen B, Rudas IJ (eds) Computational intelligence: soft computing and fuzzy-neuro integration with applications, vol 162. Springer, New York

  • Zadeh LA (1998b) Some reflections on soft computing, granular computing and their roles in the conception, design and utilitzation of information/intelligent systems. Soft Comput Fusion Found Method Appl 2(1):23–25

    Article  Google Scholar 

  • Zanero S (2008) Unsupervised learning algorithms for intrusion detection. PhD thesis, Politecnico di Milano

  • Zhengdao Z, Zhumiao P, Zhiping Z (2008) The study of intrusion prediction based on hsmm. In: IEEE Asia-Pacific services computing conference (APSCC 2008). Yilan, Taiwan

Download references

Author information

Authors and Affiliations

  1. Information Technology, Southern Illinois University Carbondale, Carbondale, USA

    Chet Langin

  2. Department of Computer Science, Southern Illinois University Carbondale, Carbondale, USA

    Shahram Rahimi

Authors
  1. Chet Langin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shahram Rahimi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Chet Langin.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Langin, C., Rahimi, S. Soft computing in intrusion detection: the state of the art. J Ambient Intell Human Comput 1, 133–145 (2010). https://doi.org/10.1007/s12652-010-0012-4

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12652-010-0012-4

Keywords

Search

Navigation