|
# | Reference | Journal/publisher | Title | Description | ML algorithms | Datasets | Noise | Evaluation metrics |
|
1 | [26] | IEEE Access/IEEE | Performance comparison of support vector machine, random forest, and extreme learning machine for intrusion detection | A performance comparison between different ML algorithms | (i) SVM (linear) | NSL-KDD | No noise injection or filtering | (i) Accuracy |
(ii) SVM radial basis function (RBF) | (ii) Precision |
(iii) Random forest | (iii) Recall |
(iv) Extreme learning machine (ELM) |
|
2 | [27] | IEEE Transactions on Emerging Topics in Computational Intelligence/IEEE | A deep learning approach to network intrusion detection | Utilizing a DL approach to optimize the intrusion detection | DL | (i) KDD CUP 99 | No noise injection or filtering | (i) Accuracy |
(ii) NSL-KDD | (ii) Precision |
(iii) Recall |
(iv) False alarm |
(v) F-score |
|
3 | [28] | IEEE Access/IEEE | An improved intrusion detection algorithm based on GA and SVM | Using a novel intrusion detection algorithm based on GA and SVM to optimize intrusion detection accuracy and detection rate while decreasing the false positive and the training time | (i) SVM | KDD CUP 99 | No noise injection or filtering | (i) Detection rate (DR) |
(ii) GA | (ii) False-positive rate (FPR) |
(iii) False-negative rate (FNR) |
|
4 | [29] | IEEE Access/IEEE | A deep learning approach for intrusion detection using recurrent neural networks | Utilizing a DL-based approach for intrusion detection using RNN and compares the results with other ML algorithms | Deep learning (DL) using recurrent neural networks (RNNs) | NSL-KDD | No noise injection or filtering | (i) Accuracy |
(ii) True-positive rate (TPR) |
(iii) False-positive rate (FPR) |
|
5 | [30] | Journal of Big Data/Springer | Intrusion detection model using machine learning algorithm on big data environment | The high dimensionality of the big data complicates the process of conducting accurate classification. The paper introduced an IDS model based on ML for big data. ChiSqSelector is used for feature selection and SVMWithSGD is used to conduct the classification. | SVM | KDD CUP 99 | No noise injection or filtering | (i) Area under curve (AUROC) |
(ii) Area under precision-recall curve (AUPR) |
|
6 | [31] | Knowledge-Based Systems/Elsevier BV | An effective intrusion detection framework based on SVM with feature augmentation | The empirical results showed that feature augmentation helped to obtain more concise training data, which positively influenced the accuracy of the SVM algorithm | SVM | NSL-KDD | No noise injection or filtering | (i) Accuracy |
(ii) Detection rate (DR) |
(iii) False alarm rate (FAR) |
|
7 | [32] | Future Generation Computer Systems/Elsevier BV | A novel statistical technique for intrusion detection systems | A statistical IDS based on least square SVM (LS-SVM) | LS-SVM | KDD CUP 99 | No noise injection or filtering | (i) Precision |
(ii) Recall |
(iii) F-value |
|
8 | [33] | International Journal of Network Management/Wiley | A deep learning method to detect network intrusion through flow-based features | An IDS based on DL designed to classify network traffic into normal and abnormal using a two-dimensional feature vector | DL | (i) ISCX 2012 | No noise was injected during the experimentation | (i) Precision |
(ii) CICIDS 2017 | (ii) Recall |
(iii) F1-score |
(iv) False alarm rate (FAR) |
(v) Accuracy |
|
9 | [14] | IEEE Access/IEEE | Deep learning-based intrusion detection with adversaries | The paper used different attack algorithms that were specifically developed to impact the classification accuracy within the image classification domain. The effectiveness of these attack algorithms tends to vary when applied on the intrusion detection dataset. | DL | NSL-KDD | The noise was injected using certain attacks such as JSMA | (i) Accuracy |
(ii) Precision |
(iii) Recall |
(iv) False alarm |
(v) F-score |
|
10 | [34] | Wireless Networks/Springer US | A novel support vector machine-based intrusion detection system for mobile ad hoc networks | An IDS based on SVM that can effectively detect DoS attacks in MANETs. This is achieved by detecting malicious nodes, which highly affects the performance of MANETs. | SVM | No dataset was used. The proposed solution was tested with three routing protocols: AODV, OLSR, and DSR. | No noise injection or filtering | (i) Detection rate (DR) |
(ii) Mean packet delivery ratio (PDR) |
(iii) Average end-to-end delay (EED) |
|