Applied Computational Intelligence and Soft Computing

Review Article

The Use of Artificial-Intelligence-Based Ensembles for Intrusion Detection: A Review

Table 2

Comparison of AI based ensembles for ID.
StudyArchitectureCombining approach Ensemble learning phase and ensemble level Combining method employed Metric DatasetDiversityBase classifier
GenerationSelectionIntegration
Giacinto and Roli [45]ParallelEnsembleFeature levelFusionMajority voting, average rule, belief functionError rate, FPR, costKDD 99ImplicitNN
Sabhnani and Serpen [23]HybridClassifier levelMulti-classifiers methodDR, FPRKDD 99NN, KM, GC
Chebrolu et al. [28]ParallelEnsembleClassifier levelSelectionWeighting methodCAKDD 99ImplicitBN, CART
Abraham et al. [43]ParallelEnsembleFeature levelClassifier levelSelectionWeighting methodCAKDD 99ImplicitDT, SVM
Kruegel et al. [109]ParallelEnsembleFeature and data levelFusionScore-and probability-based methodFPRReal world datasetImplicitBN
Perdisci et al. [88]EnsembleFusionClusteringReal world dataset
Hwang et al. [42]CascadingHybridConsecutive combinationDR, FPRKDD 99SVM
Chen et al. [41]HierarchicalHybridFeature levelMulti-classifiers methodDR, FNR, FPRKDD 99FNT
Khan et al. [40]CascadingHybridClustering + classificationCA, training time, FP, FNKDD 99SVM, clustering
Toosi and kahani [39]ParallelEnsembleClassifier levelFusionFuzzy theory methodCA, DR, FPR, CPEKDD 99ImplicitNN, fuzzy logic
Yan and Hao [111]ParallelEnsembleFeature levelSelectionDR, FPRKDD 99ImplicitNN
Xiang et al. [36]CascadingHybridData levelClassifier levelClustering + classificationTP, FPKDD 99DT, BC
Cretu et al. [113]ParallelEnsembleData level FusionVoting methodFP, TPReal world dataAnagram, Payl
Hu et al. [112]ParallelEnsembleFeature levelMixture of expert systemsDR, FAR, computation timeKDD 99ImplicitDS
Corona et al. [110]ParallelEnsembleFeature and data levelFusionThreshold probability methodFPR, DRReal world datasetImplicitHMM
Zainal et al. [35]ParallelEnsembleFeature levelClassifier levelFusionWeighted voting methodCA, TP, FPKDD 99ImplicitLGP, ANFIS, RF
Menahem et al. [106]ParallelEnsembleData levelClassifier levelFusionMeta learningCA, area under the ROC curve, training timeReal-time network trafficImplicitDT, NB, K-NN, VFI, OneR
Wang et al. [32]ParallelEnsembleData levelFusionMeta learningPrecision, recall, F-measureKDD 99ImplicitNN, fuzzy logic, clustering
Khreich et al. [2]ParallelEnsembleFusionIterative Boolean combination methodROC spaceUNM dataset, real world datasetImplicitHMM
Govindarajan and Chandrasekaran [30]ParallelEnsembleData levelFusionWeighted methodCAImmune system dataset from University of New MexicoImplicitMLP, RBF
Muda et al. [120]CascadingHybridData levelClustering + classificationCA, DR, FPRKDD 99KM, NB
Abbreviations—NN: neural network; KM: K-means clustering; GC: Gaussian classifier, BN: Bayesian network; CART: classification and regression trees; DT: decision tree; SVM: support vector machine; FNT: fuzzy neural tree; BC: bayesian clustering; DS: decision stump; LGP: linear genetic programming; ANFIS: adaptive neural fuzzy inference system; RF: random forest; NB: Naïve Bayes; K-NN: K-nearest neighbor; VFI: voting feature intervals; MLP: multilayer perceptron; RBF: radial basis function; HMM: hidden Markov model.