|
| Methods | Author Name | Techniques | Pros and Cons |
|
| Classification | Bhat et al. [11] | NB Tree & Random Forest | Through powerful algorithms, the method can distinguish between different class instances but they depend on labels. This is often impossible to achieve. |
| Fu et al. [12] | One Class and Two Class Support Vector Machines |
| Feng Zhao and Hai Jin [13] | Hidden Markov Model & mining algorithm |
|
| Nearest neighbor | Jabez et al. [5] | Outlier Detection | They are commonly used because they are unsupervised and do not require any data distribution, but for unsupervised techniques, if the normal data instances lack close enough neighbors or the anomalies have close enough neighbors, the technique fails to label them and computing complexity is, therefore, a challenge. |
|
| Clustering | Xinlong Zhao et al. [8] | K-means Clustering | The method is relatively faster than distance-based methods and they could reduce the computational complexity during the process of detecting intrusions in large datasets, but in smaller datasets, they may not provide accurate insights at the desired level of detail and dynamic updating of profiles is time consuming. |
| Pandeeswari and Kumar [14] | Fuzzy C-means Clustering & Artificial Neural Network |
|
| Statistical | Kumar and Pandeeswari [7] | Fuzzy system & Neural Network | A statistically-justifiable solution for detecting anomalies can be yielded from these methods, if the assumptions considering the data distribution hold true and the confidence interval for the anomaly score can be applied for decision making as additional information, but they are dependent on the assumption that the data is generated via a specific distribution. |
| Xiong et al. [4] | Neural Network & Catastrophe theory |
|
| Prediction | Yuehui Chen et al. [15] | Flexible Neural Tree | In some cases, predicting anomalies is done independently from normal traffic, but they almost depend on large historic data. |
| Moayedi and Shirazi [16] | Autoregressive Integrated Moving Average |
| Dalmazo et al. [6] | Poisson Moving Average |
|
