ISSN 2347 - 3983

Volume 9.
Rajesh Dhakad et al., International Journal of Emerging No.12,
Trends December 2021
in Engineering Research, 9(12), December 2021, 1477 – 1483
International Journal of Emerging Trends in Engineering Research
Available Online at http://www.warse.org/IJETER/static/pdf/file/ijeter059122021.pdf
https://doi.org/10.30534/ijeter/2021/059122021

Machine Learning Techniques for Network Intrusion

Detection System (NIDS): A Survey
Rajesh Dhakad1, Shivani Katare2
1
Shri G. S. Institute of Tech. and Science, Indore, India, rajesh_ [email protected]
1
Shri G. S. Institute of Tech. and Science, Indore, India, [email protected]

Received Date : November 06, 2021 Accepted Date : November 28, 2021 Published Date : December 07, 2021

Intrusion detection is a monitoring process to monitor the

ABSTRACT
In computer network, security of the network is a major issue
and intrusion is the most common threats to security. Cyber
attacks detection is becoming more enlightened challenge in
detecting these threats accurately. In network security,
intrusion detection system (IDS) has played a vital role to
detect intrusion. In recent years, numerous methods have
been proposed for intrusion detection to detect these security
threats. This survey paper study examines recent work in the
topic of network security, machine learning based techniques
as well as a discussion of the many datasets that are
commonly used to evaluate IDS. It also explains how
researchers employ Machine Learning Based Techniques to
detect intrusions.
Key words: Network Security, Machine Learning, Data
Mining, Intrusion Detection System, Classifiers, Dataset.
1. INTRODUCTION
The rapid usage of networking has made the world a tiny
place and things get easily accessible. Due to the spite growth
of tricks and attacking tools, efficient and effective method
for intrusion detection has become the priority to protect the
network [1]. In recent years, researchers were doing lots of
experiment to analyzing, processing and arranging the data
in to a systematic and orderly manner by employing a
number of different data mining techniques. The problem
of attack detection can be reduced by applying various data
mining algorithms for classifying data [2]. The major goal
of this study is to design a Network Intrusion Detection
System (NIDS). NIDS, in comparison to other forms of IDSs,
can identify the broadest range of harmful activity. The
traffic is inspected by a NIDS to spot incoming and ongoing
attacks on a network.
Intrusions are unauthorized and unusual operations that
attempt to harm the system or data. Intrusion is defined as
a series of interconnected acts taken by an attacker that leads
to the compromise of a victim system [3].
activity or action occurring in a network or in a system and
monitoring them for signs of intrusions [3].
Intrusion Detection Systems are inspection devices that
have been installed to a system’s security wall to identify
anomalous activity. Intrusion detection systems are typically
designed to protect a particular network or device [3].
1.1 TERMINOLOGY OF INTRUSION DETECTION
The goal of IDS is to detect intruders and keep the system
safe. As a result, an examination and classification of
intrusion detection techniques is required.
A. Intrusion Detection System Classification:
1) Based on various data sources IDS are classified as
follows:
Host-based detection: The architecture of the network
for Host-based IDS is agent-based. It works for a single
network device or host. It keeps track of the device’s
activities and sends an alert to the administrator if any
changes or modifications to the system file are discovered
[4].
Network-based detection: Network-based intrusion
detection is a type of IDS that monitors data transfer between
machines via a network. It keeps track of the network’s
incoming and outgoing traffic from a strategic point or
locations. It analyses and monitors all incoming and
outgoing traffic on the entire subnet and compares it to a
database of known attacks to see if there are any similarities
[4].
2) Based on distinct analysis methods IDS are classified
as follows:
Misuse or Signature-Based Detection: In signature based
detection approach, previously known intrusions are
acknowledged and stored in the database. Security analyst
takes decision to identify the pattern of intrusion based on
their past experience. For incoming and out-going traffic on
the network, IDS search for the patterns and signature. If any
pattern match with the previously stored pattern is
considered as the intrusion. Misuse based detection have a

1477
Rajesh Dhakad et al., International Journal of Emerging Trends in Engineering Research, 9(12), December 2021, 1477 – 1483
main disadvantage that is, it can only detect the attack whose
attack patterns are already known or store in the database.
Unknown attack pattern cannot be detected by this method
[4].
Anomaly-Based Detection: In the Anomaly Based
Detection Approach, the user’s regular behavior is first saved
in the database, and then the user’s present behavior is
compared to the data stored in the database. When a big
divergence is discovered, it is assumed that an intrusion has
taken place [5]. Unknown threats and anomalous activity of a
network or host are detected via anomaly-based detection.
Anomalies can be discovered in a variety of methods.
Researchers have created a variety of Machine
Learning-based approaches to detect these anomalies.
Although anomaly-based IDS detects new attacks, it has the
disadvantage of producing a large numbers of false negative
and false positives.
B. Limitation of IDS: IDS have some limitations which
describe as follows:
• Traditional IDS can only detect known attacks. So the
new unknown and original attacks cannot be
identifiedby these traditional IDS.
• Unstructured Data: There are lots of incoming and
on- going traffic on the network. This traffic data have
no valid format. So there is a big problem to bring this
traffic data into a valid format or in systematic
manner.
• False Negative: Most of the IDS produced false
negativestate. In this state an IDS mistakenly detect
an activity as normal when the activity actually an
attack.
• False Positive: Various IDS suffered with false
positive state. In this state IDS identify normal activity
as an attack.
By addressing all these mentioned problems, computational
power can be reduced and detection rate of IDS can be
improved with the help of machine learning Techniques. By
using Machine learning based techniques network traffic
data can be analyzed properly and organized into a systematic
manner. The learning process follows a data-centric
approach. It is assumed that in the audit data every authorized
and unauthorized activity have their footprint [3]. In
Machine learning field classification is one of the methods.
In thismethod a model is constructed from the pre-classified
dataset. Many academics and researchers have worked on
develop- ing IDS over the years. This paper summarizes
recent research in IDS. This paper listed the various Machine
Learning based classification techniques and algorithms.
2. RELATED WORK
This section gives an overview of recent work that has been
proposed to ensure a higher detection accuracy rate of IDS.
1478
There are three types of IDS methods: knowledge-based,
statistics-based, and machine learning-based. The
knowledge- based approach uses existing system data such as
network traffic instances and protocol specifications to
determine the requested actions [7]. In contrast, a
statistics-based technique builds a statistical model of user
behavior by collecting and analyzing every data record in a
group of objects [8], whereas machine-learning algorithms
identify deep hidden pattern-matching from training data [9].
This survey focuses mostly on machine learning-based
approaches.
2.1 Machine Learning Approach
There are three main types of machine learning
methodologies i. e. supervised learning, unsupervised
learning and reinforcement learning.
A. Supervised Learning: It is named as supervised, because
it used labeled data instances in training phase to train
algorithm that classify the data instances and predicts the
outcomes. The algorithm is trained until it can detect the
hidden pattern and co-relation between the input data and
output labels. Classification is one of the methods of
supervised learning [4] [6] [10].
Various algorithms for supervised learning exist. Nearest
Neighbor Algorithm, Artificial Neural Network, Support
Vector Machine, Decision Trees (ID3, CART, C4.5,
Random Forrest), Bayesian Statistics, K-nearest neighbour,
Hidden Markov Model Boosting, Ensembles classifiers,
Naive Bayes classifier, Bayesian Networks Logistic
regression, Fisher Linear Discriminant, Perceptron).
Quadratic classifiers are all examples of linear classifiers.
B. Unsupervised Learning: As the name indicates,
unsupervised learning is a machine learning approach in
which models are not trained with labeled data instances
in training phase. Instead, model discover hidden pattern
from the given data by itself. Clustering is one of the method
of unsupervised learning. Fuzzy clustering, K-means
clustering, Apriori algorithm, Eclat algorithm, Hierarchical
clustering and Outliers detection (Local outlier factor), Self-
organizing map are some of the unsupervised learners [5]
[10].
C. Reinforcement Learning: Reinforcement learning
refers to a computer system that interacts with a dynamic
environment in order to achieve a specific goal [10].
2.2 Supervised Learning Based Classifiers to Design Ids.
A Machine learning technique or algorithm can be
employed as a standalone classifier in the development of an
IDS. In this section some machine learning-based
techniques are discussed that have been utilized to construct
IDS.
Rajesh Dhakad et al., International Journal of Emerging Trends in Engineering Research, 9(12), December 2021, 1477 – 1483

1) Naive Bayes: The Naive Bayes classifier considers that scientists easy and faster to collect, analyze, and understand
the training dataset’s attributes are conditionally massive amounts of data. Deep learning algorithm achieves
independent and so attempts to estimate the this by employing a multi-layered structure of algorithms
class-conditional probability using the given class label [11]. known as neural networks [18].
When only simpler relationships exist, the Naive Bayes
classifier delivers the best results. The Naive Bayes classifier 7) Artificial neural network (ANN): One of the most unique
just needs to scan the training dataset once, which saves time fields of artificial intelligence is ANN. The underlying
and effort. concept of an ANN is inspired by the biological neural
networks that make up the operation of the human brain
2) Decision tree: A decision tree is a tree-based [19]. ANN is collection of large number of units that are
classification technique that predicts the target class value interconnected in some pattern to provide communication
for unknown test data instances based on a set of conditions between nodes or neurons. An ANN typically organized in
and previously known data examples. On the basis of some layer manner in which each layer have some interconnected
decision rules, a decision tree classifier classifies unseen nodes which contain the activation function. The input layer,
incoming test data examples [12]. Because of the easier hidden layer, and output layer are the three layers that make
implementation and simplicity, decision tree is one of the up an Artificial Neural Network. The input layer accepts
most popular as a single classifier [13]. There are two forms data in a variety of formats that the programmer provides.
of decision trees: classification trees and regression trees Between the input and output layers, the hidden layer acts
[12]. as an intermediary. To uncover hidden patterns and features,
it executes all of the transformations and calculations. After
3) K-nearest neighbor: In k-nearest neighbor (K-NN), a that, the hidden layers are linked to an output layer, which
variety of distance measurement methods are used. TheK-NN provides the detection result.
technique finds K examples in the training dataset that are Table 1 : Research Papers Based On Supervised Learning
closest to the test examples, and then assigns the most Algorithms
common class among the training examples to the test
Classifier Paper Name Author
example. The k-NN approach can be used for both K-NN • Anomaly detection techniques for a (G. Davanzo,
classification and regression, but it is most commonly utilized web defacement monitoring service. 2011) [22]
for classification problems. K-NN algorithm is one of themost
Naive Bayes • A NIDS by using a hidden naive (Levent Koc,
simple and non-parametric algorithm [14] that does not make bayes multiclass classifier. 2012) [20]
any assumption on underlying data. • Malicious web content detection by (YungTsung,
using naive bayes classifier. ,2010) [21]

4) Support Vector Machine: Support Vector Machine SVM • Design Network traffic anomaly dete (Carlos A.
ction system by using an autonomous Catania) [15]
(SVM) was first introduced in the mid-to-late 1990s [15]. labeling approach to SVM.
The basic concept of using the SVM algorithm to develop an • Machine learning based malicious (Yung-Tsung,
web content detection system. 2010) [21]
IDS is that it uses the training dataset to describe only the • A web defacement monitoring service (G. Davanzo,
normal class objects or those that are not anomalous in the for anomaly detection. 2011) [22]
IDS, while the rest of the class objects are assumed to be Decision Tree • Malicious web content detection by (Yung-Tsung,
anomalous [16]. SVM algorithm is extremely popular Using Decision Tree Algorithm. 2010) [23]
• IDS based on Data Mining Approach. (Su-Yun Wua,
because it has the ability to handle multiple categorical and • A Machine learning approach for IDS. 2009) [24]
continuous variables.
ANN • A stepping-stone IDS by using NN. (HanChing
Wu) [25]
5) Random Forest Classifier: It names as Random forest • An IDS using NN classifier. (S.Devaraju,
(RF) because it consists a large number of independent 2013) [26]
Fuzzy Logic • IDS using Data Mining based (Su-Yun Wua,
decision tree that operate as an ensemble. It generates Approach. 2009) [24]
decision trees from randomly picked data points, receives ID3 • An Efficient algorithm for NIDS. (V. Jaiganesh,
predictions from each independent tree, and votes on the one (2014) [27]
that produces the best outcome. The authors [17], used a
random forest classifier to create a NIDS. RF algorithm is
used to perform effective classification of attacks for IDS. 2.3 Unsupervised Learning Based Algorithm to Design Ids.
1) K-mean cluster: The K-mean algorithm is a popular
6) Deep Learning: Deep learning is a machine learning and clustering technique that aims to divide ‘N’ data points into
artificial intelligence (AI) technique that mimics how people ‘K’ clusters, with each data point selected by the clusters
acquire certain types of knowledge. Data science, which nearest mean. The approach of K-mean clustering is based on
covers statistics and predictive modeling, includes deep distance. The distance between the data points is calculated
learning as a key component. It makes the task of data using the Euclidean metric approach. The number of clusters

1479
Rajesh Dhakad et al., International Journal of Emerging Trends in Engineering Research, 9(12), December 2021, 1477 – 1483

defined by user at the execution time of algorithm. A
numbersof solutions will be tested until the most suitable one
is chosen [28].
2) Hierarchical Clustering: It is a technique of clustering
whose aims to create a hierarchy of clusters. Agglomerative
and Divisive are the two basic approaches for hierarchical
clustering [28].
 Agglomerative cluster: It’s a clustering method that
uses a bottom-up approach. Clusters have sub-clusters,
Table 2: Comparative Analysis of Machine Learning Techniques for Ids
which have pairs of clusters, and sub-clusters are joined
as one travelsup the hierarchy in this clustering process.
 Divisive Cluster: It’s also a clustering method that uses
an iterative clustering strategy. The cluster with the
biggest diameter in feature space is chosen and divided
into binary sub-clusters with a lower range using this
method.

Classifier Method Advantages Disadvantages

Support Vector A SVM algorithm is a regression and
Machine classification based machine learning
technique, it constructs set of hyper
planes or a hyper plane in a high or
infinite dimensional space [16].
K-NN In K-NN, a variety of distance measurement
Neighbor methods are used. The K-NN neighbor
technique finds K examples in the training
dataset that are closest to the test examples,
and then assigns the most common class amongthe
training examples to the test example [14].
Artificial ANN is a computational processing unit
Neural Network Whose base theme is inspired by the
(ANN) biological neural networks that constitute
functionality of human brain [19].
Decision Tree • Decision tree is a tree based classification
(DT) technique that predicts the target class value for
unknown test data instances based on a set
of conditions and multiple previously known data
examples. On the basis of some decision rules,
a decision tree classifier classifies unseen
incoming test data examples [12].
• It gives high accuracy [15].
• This model is able to handle complex
and nonlinear decision boundaries [21].
• Compare to other model this model
have less prone to over fitting [4].
• Task of implementation is simple [22].
• The model has high adaptive behavior.
• Parallel implementation is easy by using
this algorithm [4].
• It can tolerate noise data [19].
• Complex nonlinear relationships b/w
independent and dependent variables
implicitly detected by this model [25].
• It requires less statistical training [4].
• Domain Knowledge not required to
Constructs DT [4].
• High dimensional data can be handledby
this algorithm [2]
• Representation of the tree is easyto
understand [23].
• Algorithm complexity is high [16].
• It required extensive memory space [15].
• Choice of the kernel is difficult [4].
• SVM speed for training and testing is
slow [16].
• Storage requirement is high [4].
• Classification and testing speedis
slow [14].
• It suffer by over fitting [19].
• Computational burden is high.
• Training time requirement is high [26].
• It is unstable algorithm [1].
• it complex to create a tree With
numeric dataset [4].
• Output attribute must be categorical [2].
• This model is limited to only one
output attribute [1].

Na¨ıve Bayes • The Naive Bayes classifier considers that the
training dataset’s attributes are conditionally
independent and so attempts to estimate the class
-conditional probability using the given class label
[11]. When only simpler relationships exist,
the Naive Bayes classifier delivers the best results.
2.4 Ensemble Learning
In simple, the process of training multiple machine learning
models and combining their outputs together to get better
prediction is known as ensemble learning [29]. Various ma-
chine learning models are used as a base to create an efficient
model. Averaging the outputs of different models is one of
the simple ensemble learning techniques. Bagging and
booting are also common methods for combining various
learners [30] and there are many more complex algorithms
and techniques developed to combine the prediction of many
base machine learning models together.
2.5 Hybrid Classifiers
The term hybrid classifier refers to a classification system that
uses multiple Machine Learning approaches or algorithms. A
hybrid method is used to improve the detection rate of IDS.
There are some papers in which author uses hybrid classifiers
to build an efficient intrusion detection system [31].
• Construction of model is easy [6]. • Attributes are conditionally autonomous,
• Training is fast an easy [21]. which is not right all the time [20].
• it can handle noisy data [4].
• This model is highly scalable [21].
clustering, K-NN and Damper-shafer theory to improve the
performance of NIDS in [32] Chan TS, Yen KK and Luo
J, using an high and low dimensional feature spaces with
correlation analysis.
• Arif jamal malik et.al, proposed”Hybrid binary PSO and
random forest (RF) based NIDS”. To select most appropriate
features for classification author used BINARY- PSO.
Random forest classifier algorithm is used to classify the
classes of attacks [33].
• Mohammad abu alsheikh et al in [34] have proposed a
multilevel based classification model by using Neural
Network and K-NN classification algorithm. For anomaly
detection K- NN classifier was used to classify the given data
into one of thetwo category either normal or anomaly. In next
step a neural network is used to detect a specific type of attack
in anomaly.

• An IDS is implemented by using a combination of fuzzy Table 3 : Research Paper Based On Hybrid Classifier

1480
Rajesh Dhakad et al., International Journal of Emerging Trends in Engineering Research, 9(12), December 2021, 1477 – 1483

obtained from 3 files known as KDD full dataset, corrected

Classifier Paper Name Author KDD dataset and 10% KDD.
ANN • An approach to Intrusion Gang Wang,
Fuzzy Detection using ANN and 2010 [35]
Clustering fuzzy clustering.

Genetic • Real-time Anomaly Detection Su, 2011 [36] C. NSL KDD

algorithm systems for DOS attacks by
weighted k-NN classifier. There is a lot of redundancy in the data of KDDCUP 99
C4.5 • A new clustering based appr- Ravi Ranjan,
Decision Tree -oach for Anomaly IDS. 2014 [37] dataset, so the NSL KDD dataset was created to overcome the
Support problem of KDD dataset. The NSL KDD dataset, as a result,
Vector
Machine. has around 150,000 data points. The NSL KDD training set
K-means contains 125973 data points, whereas the testing set contains
clustering 22544 data points. The number of attributes in the NSL KDD
Artificial • Anomaly Based Intrusion Prof. D.P.Gaikwad,
Neural Network Detection System Using dataset is the same as in the KDDCUP 99 dataset [36] [42].
Fuzzy Artificial Neural Network 2012 [38]
Clustering. and Fuzzy Clustering.
Random Forest • Hybrid Approach for Network B.Nanda,Ajay D. Kyoto 2006+:
Rough Set Intrusion Detection System. Parikh 2019 [39]
Theory
J48 classifier • Hybrid Intrusion Detection Elekar,Kailas Kyoto 2006+ dataset comprises real network traffic data
Random Tree System by combining Data Shivsankar
Mining Techniques.
obtained from several honeypots. The Kyoto 2006+ dataset
(2015) [40]
has 24 features, 14 of which are identical to KDDCUP 99 and
. the remaining 10 are flow-based, such as IP address, ports or
3. DATASETS USED IN RESEARCH time. The type of attack is indicated by a label feature. Three
years of network traffic were collected in the Kyoto 2006+
dataset [44].
Dataset has an important role in the task of designing
machine learning based algorithm for e.g., Regression, Table 4: Dataset Analysis
Classification, Clustering and Function learning [41].
Datasets reviewed in this paper is for the purpose of Dataset Year of Normal Attack Count labeled
classification. There are various dataset available for NIDS. traffic creation traffic traffic
This paper show the datasets which are frequently used in DARPA 1998 Yes Yes N.S. Yes
previous years to develop IDS. 1999
KDDCUP_ 99 1998 Yes Yes 5M Yes
points
A. DARPA 1998/99
NSL KDD 1998 Yes Yes 150k Yes
points
The most commonly used datasets for intrusion detection KYOTO 2006 Yes Yes 93M Yes
are DARPA 1998/99. Within an imitated network 2006+ -2009 points
environment, DARPA datasets were developed at the MIT
LINCOLN lab. The DARPA 1998 and DARPA 1999 datasets
are packet-based datasets that comprise network traffic for 4. CONCLUSION
five weeks. Various types of attacks such as buffer overflow,
Now-a-days in the era of high speed network, Machine
DoS, rootkits, and port scan are included in this packet-based
learning based methods are extensively used to analyzing
network dataset [42].
large volume of traffic data on network. In designing of IDS a
significant challenge is reducing false negative and false
B. KDDCUP_99 positive state and achieving high intrusion detection rate. To
address these issues, this paper presented a study of detailed
The MIT LINCOLNS lab introduced the KDDCUP_99 overview of IDS and explanation of machine learning based
dataset, which is based on the DARPA dataset, for evaluating approaches for network intrusion detection. These machine
and surveying intrusion detection studies. The KDDCUP 99 learning based methods are working well to detect intrusion.
dataset has 41 attributes, 38 of which are discrete numeric or Many scholars and researchers have worked on the design of
continuous, and 3 of which are categorical. KDDCUP 99 has IDS over the years. But still more researches and study needs
four different groupings of attributes: 1. Basic attributes, 2. to be done to improve the detection rate and to reduce the false
Content attributes and 3. Time- based attributes and 4. state.
Host–based traffic attributes [24]. By studying the KDDCUP
99 dataset, a total of 23 levels were discovered, one of which 5. FUTURE SCOPE
falls under the normal data category while the other 22 levels
are attacks. These 22 attacks are categorized into four groups: In future going to design a NIDS by using Machine leaning
DOS, U2R, PROBE, and R2L [43]. This dataset can be based Decision Tree Model to improve detection rate by
detecting anomalies and reducing false negative state. And
1481
Rajesh Dhakad et al., International Journal of Emerging Trends in Engineering Research, 9(12), December 2021, 1477 – 1483

then try to reduce the computation power requirement of Information Processing-2016 (IMCIP-2016) Random
traditional signature based IDS based on the output of Forest Modeling for Network Intrusion Detec- tion
anomaly based IDS. System Nabila Farnaaz and M. A. Jabbar MJCET
Hyderabad, India.
REFERENCES 18. Tich Phuoc Tran, L. C. (2009). Novel Intrusion
Detection using Proba- bilistic Neural.
1. Decision Tree: A Machine Learning for Intrusion
19. Haykin, S. (1999). Neural networks: A
Detection Shilpashree. S, S. C. Lingareddy, Nayana G
comprehensive foundation (2nd Edition). New
Bhat, Sunil Kumar G.
Jersey: Prentice Hall.
2. Neha G.Relan, prof. Dharmaraj R. Patil,
20. Levent Koc, T. A. (2012). A network intrusion
”Implementation of Network Intrusion Detection detection system based on a Hidden Na¨ıve Bayes
System using Varient of Decision Tree algorithm” multiclass classifier.
IsCNTE-2015 21. Yung-Tsung Hou, Y. C.-S.-M. (2010). Malicious web
3. ”AN IMPROVED METHOD TO DETECT content detection by machine learning.
INTRUSION USING MA- CHINE LEARNING 22. G. Davanzo, E. M. (2011). Anomaly detection
ALGORITHMS”. Urvashi Modi1 and Anurag Jain2. techniques for a web defacement monitoring
CSE departments, Radharaman inst. of Tech and service.
Science, Bhopal, India 23. Yung-Tsung Hou, Y. C.-S.-M. (2010). Malicious web
4. ”Network Intrusion Detection using Selected Data content detection by machine learning.
Mining Approaches: A Review”. Munawara Saiyara 24. Su-Yun Wua, E. Y. (2009). Data mining-based
Munia, Samira Samrose, Pranab Dey. intrusion detectors.
5. Rachna kulhare, and Dr. Divakar Singh ”Survey paper 25. Han-Ching Wu, S.-H. S. (2010). Neural
on intrusion detection techniques” October 2007. networks-based detection of stepping-stone
6. Harshna (M.Tech C.S.E), NavneetKaur.’Survey paper intrusion.
on Data Mining techniques of Intrusion Detection’ 26. ”DETECTION OF ACCURACY FOR
April 2013. INTRUSION DETECTION SYSTEM USING
7. S. Elhag, A. Ferna´ndez, A. Bawakid, S. Alshomrani, NEURAL NETWORK CLASSIFIER.”S. Devaraju,
and F. Herrera, ”On the combination of genetic fuzzy S. R. (2013).
systems and pairwise learning for improving 27. ’An Efficient Algorithm for Network Intrusion
detection rates on intrusion detection systems,” 2015. Detection System’. V. Jaiganesh, P.
8. Chao, S. Wen, and C. Fong, ”CANN: an intrusion Rutravigneshwaran,P. Sumathi, Ph.D.
detection system based on combining cluster centers 28. Li Tian1, Wang “Research on Network Intrusion
and nearest neighbors, Knowl-edge Based Detection System Based on Improved K-means
System”2015 Clustering Algorithm”,2009.
9. Meshram A, Haas C (2017) Anomaly detection in 29. Chih-Fong Tsai, Y.-F. H.-Y.-Y. (2009). Intrusion
industrial networks using machine learning: a detection by machine learning: A review.
roadmap. In: Beyerer J, Niggemann O, Ku¨hnert C (eds) 30. Dewan Md. Farid, M. Z. (2011). Adaptive Intrusion
Machine learning for cyber physical systems. Detection based on Boosting .
31. Ravi Ranjan, G. S. (2014). A NEW CLUSTERING
10. Anderson, J. (1995). An introduction to neural
APPROACH FOR ANOMALY INTRUSION
networks. Cambridge: MIT Press. DETECTION.
11. Dewan Md. Farid, M. Z. (2011). Adaptive Intrusion 32. Chan TS, Yen KK and Luo J., “Network intrusion
Detection based on Boosting . detection design using feature selection of soft
12. Chih-Fong Tsai, Y.-F. H.-Y.-Y. (2009). Intrusion omputing paradigms”.
detection by machine learning: A review. expert 33. Arif Jamal Malik, Waseem Shahzad, Farrukh Aslam
systems with applications,ELSEVIER . Khan, ”Netword lD using hybrid binary PSO and
13. Dewan Md. Farid, L. Z. (2013). An Adaptive RF algorithm”.
Ensemble Classifier for Mining Concept-Drifting 34. Mohammad Abu Alsheikh, Shaowei Lin, Dusit
Data Streams. Niyato1 and Hwee-Pink Tan, ”Machine Learning in
14. C.M.Bishop. (1995). Neural networks for pattern Wireless Sensor Networks”.
recognition. Eng- land:Oxford University. 35. Gang Wang, J. H. (2010). A new approach to
15. Carlos A. Catania, F. B. (2012). An autonomous intrusion detection using Artificial Neural Network.
labeling approach to support vector machines 36. Su, M.-Y. (2011). Real-time anomaly detection
algorithms for network traffic anomaly detection. systems for Denial-of Service attacks by weighted.
16. Tax, D. (1999). Data domain description using 37. Ravi Ranjan, G. S. (2014). A NEW CLUSTERING
support vectors.Proceedings of the european APPROACH FOR ANOMALY INTRUSION
symposium on artificial neural networks,251-256. DETECTION .
17. Twelfth International Multi-Conference on 38. Prof. D.P. Gaikwad, S. J. (2012) Anomaly Based

1482
Rajesh Dhakad et al., International Journal of Emerging Trends in Engineering Research, 9(12), December 2021, 1477 – 1483

Intrusion Detection System Using Artificial Neural

Network and Fuzzy clustering.
39. ’Hybrid Approach for Network Intrusion Detection
System’ using Ran- don forest and Rough SetS”
B.Nanda Ajay Parikh 2019.
40. Elekar, Kailas shuvsankar, combination of Data
Mining methods for intrusion detection system.
41. Sahu, Shailendra, and B. M. Mehtre, Network
intrusion detection system using J48 Decision Tree,
Advances in Computing.
42. ’A Survey of Network-based Intrusion Detection
Data Sets’.Markus Ring, Sarah Wunderlich, Deniz
Scheuring, Dieter Landes and Andreas Hotho.
43. Kayacik, H. Gnes, A. Nur Zincir-Heywood, and
Malcolm I. Heywood. Selecting features for intrusion
detection: A feature relevance analysis on KDD 99
intrusion detection datasets(2005).
44. ’Intrusion Detection System using Data Mining A
Review’. varsga singh, Subha Puthran(2016).

1483