Document Type : Review Article
Authors
1 VIT-AP University, School of Computer Science and Engineering, Near Vijayawada, Andhra Pradesh, India
2 VIT-AP University, Center of Excellence, AI and Robotics, Near Vijayawada, Andhra Pradesh, India
Abstract
In recent decades, network security has become increasingly crucial, and intrusion detection systems play a critical role in securing it. An intrusion Detection System (IDS) is a mechanism that protects the network from various possible intrusions by analyzing network traffic. It provides confidentiality and ensures the integrity and availability of data. Intrusion detection is a classification task that classifies network data into benign and attack by using various machine learning and deep learning models. It further develops a better potential solution for detecting intrusions across the network and mitigating the false alarm rate efficiently. This paper presents an overview of current machine learning (ML), deep learning (DL), and eXplainable Artificial intelligence (XAI) techniques. Our findings provide helpful advice to researchers who are thinking about integrating ML and DL models into network intrusion detection. At the conclusion of this work, we outline various open challenges.
Keywords
- [1] Ahmad, A. Shahid Khan, C. Wai Shiang, J. Abdullah, and F. Ahmad, “Network intrusion detection system: A systematic study of machine learning and deep learning approaches,” Trans. Emerg. Telecommun. Technol., vol. 32, no. 1, pp. 1–29, 2021, doi: 10.1002/ett.4150.
- [2] “• Number of ransomware attacks per year 2022 | Statista.” https://www.statista.com/statistics/494947/ransomware-attacks-per-year-worldwide/ (accessed Aug. 09, 2022).
- [3] A. Cuadra, “In memoriam / In Memoriam,” Songs Cifar Sweet Sea, no. November, pp. 76–79, 2019, doi: 10.7312/cuad92890-037.
- [4] V. Brahmam, K. R. Sravan, and M. S. Bhavani, “Pearson Correlation based Outlier detection in spatial-temporal data of IoT Networks,” pp. 1–10.
- [5] Mohammadi et al., “A comprehensive survey and taxonomy of the SVM-based intrusion detection systems,” J. Netw. Comput. Appl., vol. 178, no. December 2020, p. 102983, 2021, doi: 10.1016/j.jnca.2021.102983.
- [6] Kulhare and D. D. Singh, “Survey paper on intrusion detection techniques,” Int. J. Comput. Technol., vol. 6, no. 2, pp. 329–335, 2013, doi: 10.24297/ijct.v6i2.3498.
- [7] Hajj, R. El Sibai, J. Bou Abdo, J. Demerjian, A. Makhoul, and C. Guyeux, “Anomaly-based intrusion detection systems: The requirements, methods, measurements, and datasets,” Trans. Emerg. Telecommun. Technol., vol. 32, no. 4, pp. 1–36, 2021, doi: 10.1002/ett.4240.
- [8] Moustafa and J. Slay, “UNSW-NB15: A comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set),” 2015 Mil. Commun. Inf. Syst. Conf. MilCIS 2015 - Proc., no. November, 2015, doi: 10.1109/MilCIS.2015.7348942.
- [9] Sonule, M. Kalla, A. Jain, and D. S. Chouhan, “Unsw-Nb15 Dataset and Machine Learning Based Intrusion Detection Systems,” Int. J. Eng. Adv. Technol., vol. 9, no. 3, pp. 2638–2648, 2020, doi: 10.35940/ijeat.c5809.029320.
- [10] Protić, “Review of KDD Cup ’99, NSL-KDD and Kyoto 2006+ datasets,” Vojnoteh. Glas., vol. 66, no. 3, pp. 580–596, 2018, doi: 10.5937/vojtehg66-16670.
- [11] Tavallaee, E. Bagheri, W. Lu, and A. A. Ghorbani, “A detailed analysis of the KDD CUP 99 data set,” IEEE Symp. Comput. Intell. Secur. Def. Appl. CISDA 2009, no. Cisda, pp. 1–6, 2009, doi: 10.1109/CISDA.2009.5356528.
- [12] Murovič and A. Trost, “Genetically optimized massively parallel binary neural networks for intrusion detection systems,” Comput. Commun., vol. 179, no. July, pp. 1–10, 2021, doi: 10.1016/j.comcom.2021.07.015.
- [13] Tavallaee, E. Bagheri, W. Lu, and A. A. Ghorbani, “2015 IEEE Symposium on Computational Intelligence for Security and Defense Applications, CISDA 2015 - Proceedings,” 2015 IEEE Symp. Comput. Intell. Secur. Def. Appl. CISDA 2015 - Proc., no. Cisda, pp. 1–6, 2015.
- [14] Sharafaldin, A. H. Lashkari, and A. A. Ghorbani, “Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization,” no. Cic, pp. 108–116, 2018, doi: 10.5220/0006639801080116.
- [15] Sharafaldin, A. H. Lashkari, S. Hakak, and A. A. Ghorbani, “Developing realistic distributed denial of service (DDoS) attack dataset and taxonomy,” Proc. - Int. Carnahan Conf. Secur. Technol., vol. 2019-Octob, no. Cic, 2019, doi: 10.1109/CCST.2019.8888419.
- [16] Montazerishatoori, L. Davidson, G. Kaur, and A. Habibi Lashkari, “Detection of DoH Tunnels using Time-series Classification of Encrypted Traffic,” Proc. - IEEE 18th Int. Conf. Dependable, Auton. Secur. Comput. IEEE 18th Int. Conf. Pervasive Intell. Comput. IEEE 6th Int. Conf. Cloud Big Data Comput. IEEE 5th Cybe, pp. 63–70, 2020, doi: 10.1109/DASC-PICom-CBDCom-CyberSciTech49142.2020.00026.
- [17] Last, G. Douzas, and F. Bacao, “Oversampling for Imbalanced Learning Based on K-Means and SMOTE,” pp. 1–19, 2017, doi: 10.1016/j.ins.2018.06.056.
- [18] S. Raj Kumar Batchu, “A Hybrid Detection System for DDoS Attacks Based on Deep Sparse Autoencoder and Light Gradient Boost Machine,” J. Inf. Knowl. Manag., p. 2250071, 2022, doi: RAJ KUMAR BATCHU, Now https://doi.org/10.1142/S021964922250071X.
- [19] K. Batchu and H. Seetha, “On Improving the Performance of DDoS attack detection system,” Microprocess. Microsyst., vol. 93, no. December 2021, p. 104571, 2022, doi: 10.1016/j.micpro.2022.104571.
- [20] K. Batchu and H. Seetha, “A generalized machine learning model for DDoS attacks detection using hybrid feature selection and hyperparameter tuning,” Comput. Networks, vol. 200, no. June, p. 108498, 2021, doi: 10.1016/j.comnet.2021.108498.
- [21] Han, W. Y. Wang, and B. H. Mao, “Gavel,” Lect. Notes Comput. Sci., vol. 3644, no. PART I, pp. 878–887, 2005, doi: 10.1007/11538059_91.
- [22] H. Lee and K. H. Park, “GAN-based imbalanced data intrusion detection system,” Pers. Ubiquitous Comput., vol. 25, no. 1, pp. 121–128, 2021, doi: 10.1007/s00779-019-01332-y.
- [23] Panigrahi and S. Borah, “Dual-stage intrusion detection for class imbalance scenarios,” Comput. Fraud Secur., vol. 2019, no. 12, pp. 12–19, 2019, doi: 10.1016/S1361-3723(19)30128-9.
- [24] Bedi, N. Gupta, and V. Jindal, “Siam-IDS: Handling class imbalance problem in Intrusion Detection Systems using Siamese Neural Network,” Procedia Comput. Sci., vol. 171, no. 2019, pp. 780–789, 2020, doi: 10.1016/j.procs.2020.04.085.
- [25] Gupta, V. Jindal, and P. Bedi, “LIO-IDS: Handling class imbalance using LSTM and improved one-vs-one technique in intrusion detection system,” Comput. Networks, vol. 192, no. December 2020, 2021, doi: 10.1016/j.comnet.2021.108076.
- [26] Zhang, L. Huang, C. Q. Wu, and Z. Li, “An effective convolutional neural network based on SMOTE and Gaussian mixture model for intrusion detection in imbalanced dataset,” Comput. Networks, vol. 177, no. May, 2020, doi: 10.1016/j.comnet.2020.107315.
- [27] Li, D. Kotani, and Y. Okabe, “Improving Attack Detection Performance in NIDS Using GAN,” Proc. - 2020 IEEE 44th Annu. Comput. Software, Appl. Conf. COMPSAC 2020, pp. 817–825, 2020, doi: 10.1109/COMPSAC48688.2020.0-162.
- [28] “Understanding AUC - ROC Curve | by Sarang Narkhede | Towards Data Science.” https://towardsdatascience.com/understanding-auc-roc-curve-68b2303cc9c5 (accessed Nov. 29, 2021).
- [29] Q. Review, “MIND,” pp. 433–460, 1950.
- [30] Security, C. Technology, D. I. Edeh, and A. Hakkala, “Network Intrusion Detection System using Deep Learning Technique,” no. June, 2021.
- [31] Ullah, F. Al-Turjman, L. Mostarda, and R. Gagliardi, “Applications of Artificial Intelligence and Machine learning in smart cities,” Comput. Commun., vol. 154, no. December 2019, pp. 313–323, 2020, doi: 10.1016/j.comcom.2020.02.069.
- [32] M. Borkar, L. H. Patil, D. Dalgade, and A. Hutke, “A novel clustering approach and adaptive SVM classifier for intrusion detection in WSN: A data mining concept,” Sustain. Comput. Informatics Syst., vol. 23, pp. 120–135, 2019, doi: 10.1016/j.suscom.2019.06.002.
- [33] Wazirali, “An Improved Intrusion Detection System Based on KNN Hyperparameter Tuning and Cross-Validation,” Arab. J. Sci. Eng., vol. 45, no. 12, pp. 10859–10873, 2020, doi: 10.1007/s13369-020-04907-7.
- [34] Amaran and R. Madhan Mohan, “Intrusion Detection System using Optimal Support Vector Machine for Wireless Sensor Networks,” Proc. - Int. Conf. Artif. Intell. Smart Syst. ICAIS 2021, pp. 1100–1104, 2021, doi: 10.1109/ICAIS50930.2021.9395919.
- [35] Khraisat, I. Gondal, P. Vamplew, J. Kamruzzaman, and A. Alazab, “Hybrid intrusion detection system based on the stacking ensemble of C5 decision tree classifier and one class support vector machine,” Electron., vol. 9, no. 1, 2020, doi: 10.3390/electronics9010173.
- [36] Pu, L. Wang, J. Shen, and F. Dong, “A hybrid unsupervised clustering-based anomaly detection method,” Tsinghua Sci. Technol., vol. 26, no. 2, pp. 146–153, 2021, doi: 10.26599/TST.2019.9010051.
- [37] Thakkar and R. Lohiya, "A survey on intrusion detection system: feature selection, model, performance measures, application perspective, challenges, and future research directions", vol. 55, no. 1. Springer Netherlands, 2022.
- [38] Mohammadi, A. Al-Fuqaha, S. Sorour, and M. Guizani, “Deep learning for IoT big data and streaming analytics: A survey,” IEEE Commun. Surv. Tutorials, vol. 20, no. 4, pp. 2923–2960, 2018, doi: 10.1109/COMST.2018.2844341.
- [39] Hosseini and M. Azizi, “The hybrid technique for DDoS detection with supervised learning algorithms,” Comput. Networks, vol. 158, pp. 35–45, 2019, doi: 10.1016/j.comnet.2019.04.027.
- [40] i, B. Shirazi, and I. Mahdavi, “Anomaly network-based intrusion detection system using a reliable hybrid artificial bee colony and AdaBoost algorithms,” J. King Saud Univ. - Comput. Inf. Sci., vol. 31, no. 4, pp. 541–553, 2019, doi: 10.1016/j.jksuci.2018.03.011.
- [41] S. Yange, O. Onyekware, and Y. M. Abdulmuminu, “A Data Analytics System for Network Intrusion Detection Using Decision Tree,” vol. 8, no. 1, pp. 21–29, 2020, doi: 10.12691/jcsa-8-1-4.
- [42] Wang, Y. Lu, and J. Qin, “A dynamic MLP-based DDoS attack detection method using feature selection and feedback,” Comput. Secur., vol. 88, 2020, doi: 10.1016/j.cose.2019.101645.
- [43] Gu and S. Lu, “An effective intrusion detection approach using SVM with na ¨ ıve Bayes feature embedding,” Comput. Secur., p. 102158, 2020, doi: 10.1016/j.cose.2020.102158.
- [44] V. Sharma and N. S. Yadav, “An optimal intrusion detection system using recursive feature elimination and ensemble of classifiers,” Microprocess. Microsyst., vol. 85, no. July 2020, p. 104293, 2021, doi: 10.1016/j.micpro.2021.104293.
- [45] Liu, Y. Gao, and F. Hu, “A fast network intrusion detection system LightGBM,” Comput. Secur., vol. 106, p. 102289, 2021, doi: 10.1016/j.cose.2021.102289.
- [46] Gavel, A. S. Raghuvanshi, and S. Tiwari, “Maximum correlation based mutual information scheme for intrusion detection in the data networks,” Expert Syst. Appl., vol. 189, no. January 2020, p. 116089, 2022, doi: 10.1016/j.eswa.2021.116089.
- [47] A. de Souza, C. B. Westphall, and R. B. Machado, “Two-step ensemble approach for intrusion detection and identification in IoT and fog computing environments,” Comput. Electr. Eng., vol. 98, no. December 2021, p. 107694, 2022, doi: 10.1016/j.compeleceng.2022.107694.
- [48] Kwon, H. Kim, J. Kim, S. C. Suh, I. Kim, and K. J. Kim, “A survey of deep learning-based network anomaly detection,” Cluster Comput., vol. 22, pp. 949–961, 2019, doi: 10.1007/s10586-017-1117-8.
- [49] Maithem and G. A. Al-Sultany, “Network intrusion detection system using deep neural networks,” J. Phys. Conf. Ser., vol. 1804, no. 1, 2021, doi: 10.1088/1742-6596/1804/1/012138.
- [50] E. Cil, K. Yildiz, and A. Buldu, “Detection of DDoS attacks with feed forward based deep neural network model,” Expert Syst. Appl., vol. 169, no. November 2020, p. 114520, 2021, doi: 10.1016/j.eswa.2020.114520.
- [51] Folino, G. Folino, M. Guarascio, F. S. Pisani, and L. Pontieri, “dee,” Inf. Fusion, vol. 72, no. December 2020, pp. 48–69, 2021, doi: 10.1016/j.inffus.2021.02.007.
- [52] Szegedy et al., “Going deeper with convolutions,” Proc. IEEE Comput. Soc. Conf. Comput. Vis. Pattern Recognit., vol. 07-12-June, pp. 1–9, 2015, doi: 10.1109/CVPR.2015.7298594.
- [53] Simonyan and A. Zisserman, “Very deep convolutional networks for large-scale image recognition,” in 3rd International Conference on Learning Representations, ICLR 2015 - Conference Track Proceedings, 2015, pp. 1–14.
- [54] He and J. Sun, “Deep Residual Learning for Image Recognition,” pp. 1–9.
- [55] V. O. de Assis, L. F. Carvalho, J. J. P. C. Rodrigues, J. Lloret, and M. L. Proença, “Near real-time security system applied to SDN environments in IoT networks using convolutional neural network,” Comput. Electr. Eng., vol. 86, p. 106738, 2020, doi: 10.1016/j.compeleceng.2020.106738.
- [56] Chen, Y. tao Yang, K. ke Hu, H. bin Zheng, and Z. Wang, “DAD-MCNN: DDoS attack detection via multi-channel CNN,” ACM Int. Conf. Proceeding Ser., vol. Part F1481, no. February 2019, pp. 484–488, 2019, doi: 10.1145/3318299.3318329.
- [57] S. ElSayed, N. A. Le-Khac, M. A. Albahar, and A. Jurcut, “A novel hybrid model for intrusion detection systems in SDNs based on CNN and a new regularization technique,” J. Netw. Comput. Appl., vol. 191, no. March, p. 103160, 2021, doi: 10.1016/j.jnca.2021.103160.
- [58] Yu et al., “PBCNN: Packet Bytes-based Convolutional Neural Network for Network Intrusion Detection,” Comput. Networks, vol. 194, no. March, p. 108117, 2021, doi: 10.1016/j.comnet.2021.108117.
- [59] A. Agalit, A. Sadiqui, Y. Khamlichi, and E. M. Chakir, “Hybrid Intrusion Detection System for Wireless Networks,” Lect. Notes Electr. Eng., vol. 745, no. June, pp. 507–513, 2022, doi: 10.1007/978-981-33-6893-4_47.
- [60] Shone, T. N. Ngoc, V. D. Phai, and Q. Shi, “A Deep Learning Approach to Network Intrusion Detection,” vol. 2, no. 1, pp. 41–50, 2018.
- [61] Kim and J. S. Park, “Designing online network intrusion detection using deep auto-encoder Q-learning,” Comput. Electr. Eng., vol. 79, 2019, doi: 10.1016/j.compeleceng.2019.106460.
- [62] K. Li, W. Chen, Q. Zhang, and L. Wu, “Building Auto-Encoder Intrusion Detection System based on random forest feature selection,” Comput. Secur., vol. 95, p. 101851, 2020, doi: 10.1016/j.cose.2020.101851.
- [63] Yao, N. Wang, Z. Liu, P. Chen, D. Ma, and X. Sheng, “Intrusion detection system in the Smart Distribution Network: A feature engineering based AE-LightGBM approach,” Energy Reports, vol. 7, pp. 353–361, 2021, doi: 10.1016/j.egyr.2021.10.024.
- [64] Zhang, H. Yan, and Q. Zhu, “An Improved LSTM Network Intrusion Detection Method,” 2020 IEEE 6th Int. Conf. Comput. Commun. ICCC 2020, pp. 1765–1769, 2020, doi: 10.1109/ICCC51575.2020.9344911.
- [65] A. Althubiti, E. M. Jones, and K. Roy, “LSTM for Anomaly-Based Network Intrusion Detection,” 2018 28th Int. Telecommun. Networks Appl. Conf. ITNAC 2018, pp. 1–3, 2019, doi: 10.1109/ATNAC.2018.8615300.
- [66] Pooja and S. Purohit, “Evaluating Neural Networks using Bi-Directional LSTM for Network IDS (Intrusion Detection Systems) in Cyber Security,” Glob. Transitions Proc., pp. 0–13, 2021, doi: 10.1016/j.gltp.2021.08.017.
- [67] Imrana, Y. Xiang, L. Ali, and Z. Abdul-Rauf, “A bidirectional LSTM deep learning approach for intrusion detection,” Expert Syst. Appl., vol. 185, no. June, p. 115524, 2021, doi: 10.1016/j.eswa.2021.115524.
- [68] Zhiqiang, G. Mohiuddin, Z. Jiangbin, M. Asim, and W. Sifei, “Intrusion detection in wireless sensor network using enhanced empirical based component analysis,” Futur. Gener. Comput. Syst., vol. 135, pp. 181–193, 2022, doi: 10.1016/j.future.2022.04.024.
- [69] ul H. Qazi, M. Imran, N. Haider, M. Shoaib, and I. Razzak, “An intelligent and efficient network intrusion detection system using deep learning,” Comput. Electr. Eng., vol. 99, no. February 2021, p. 107764, 2022, doi: 10.1016/j.compeleceng.2022.107764.
- [70] D. Moizuddin and M. V. Jose, “A bio-inspired hybrid deep learning model for network intrusion detection,” Knowledge-Based Syst., vol. 238, p. 107894, 2022, doi: 10.1016/j.knosys.2021.107894.
- [71] Zhang, Y. Zhang, N. Zhang, and M. Xiao, “A network intrusion detection method based on deep learning with higher accuracy,” Procedia Comput. Sci., vol. 174, no. 2019, pp. 50–54, 2020, doi: 10.1016/j.procs.2020.06.055.
- [72] Narayana Rao, K. Venkata Rao, and P. R. P.V.G.D., “A hybrid Intrusion Detection System based on Sparse autoencoder and Deep Neural Network,” Comput. Commun., 2021, doi: 10.1016/j.comcom.2021.08.026.
- [73] Qaddoura, A. M. Al-Zoubi, H. Faris, and I. Almomani, “A multi-layer classification approach for intrusion detection in iot networks based on deep learning,” Sensors, vol. 21, no. 9, pp. 1–21, 2021, doi: 10.3390/s21092987.
- [74] Sun et al., “DL-IDS: Extracting features using CNN-LSTM hybrid network for intrusion detection system,” Secur. Commun. Networks, vol. 2020, 2020, doi: 10.1155/2020/8890306.
- [75] Lo, H. Alqahtani, K. Thakur, A. Almadhor, S. Chander, and G. Kumar, “A hybrid deep learning based intrusion detection system using spatial-temporal representation of in-vehicle network traffic,” Veh. Commun., vol. 35, p. 100471, 2022, doi: 10.1016/j.vehcom.2022.100471.
- [76] Neupane et al., “Explainable Intrusion Detection Systems (X-IDS): A Survey of Current Methods, Challenges, and Opportunities,” pp. 1–25, 2022, [Online]. Available: http://arxiv.org/abs/2207.06236.
- [77] Yang, A. Rangarajan, and S. Ranka, “Global Model Interpretation Via Recursive Partitioning,” Proc. - 20th Int. Conf. High Perform. Comput. Commun. 16th Int. Conf. Smart City 4th Int. Conf. Data Sci. Syst. HPCC/SmartCity/DSS 2018, pp. 1563–1570, 2019, doi: 10.1109/HPCC/SmartCity/DSS.2018.00256.
- [78] Nguyen, A. Dosovitskiy, J. Yosinski, T. Brox, and J. Clune, “Synthesizing the preferred inputs for neurons in neural networks via deep generator networks,” Adv. Neural Inf. Process. Syst., no. Nips, pp. 3395–3403, 2016.
- [79] T. Ribeiro, S. Singh, and C. Guestrin, “‘Why Should I Trust You?’ Explaining the Predictions of Any Classifier,” NAACL-HLT 2016 - 2016 Conf. North Am. Chapter Assoc. Comput. Linguist. Hum. Lang. Technol. Proc. Demonstr. Sess., pp. 97–101, 2016, doi: 10.18653/v1/n16-3020.
- [80] Lei, M. G’Sell, A. Rinaldo, R. J. Tibshirani, and L. Wasserman, “Distribution-Free Predictive Inference for Regression,” J. Am. Stat. Assoc., vol. 113, no. 523, pp. 1094–1111, 2018, doi: 10.1080/01621459.2017.1307116.
- [81] M. Bårli, A. Yazidi, E. H. Viedma, and H. Haugerud, “DoS and DDoS mitigation using Variational Autoencoders,” Comput. Networks, vol. 199, no. February, p. 108399, 2021, doi: 10.1016/j.comnet.2021.108399.
- [82] M. Lundberg, P. G. Allen, and S.-I. Lee, “A Unified Approach to Interpreting Model Predictions.” [Online]. Available: https://github.com/slundberg/shap.
- [83] Amarasinghe and M. Manic, “Improving user trust on deep neural networks based intrusion detection systems,” Proc. IECON 2018 - 44th Annu. Conf. IEEE Ind. Electron. Soc., no. Ml, pp. 3262–3268, 2018, doi: 10.1109/IECON.2018.8591322.
- [84] Alenezi and S. A. Ludwig, “Explainability of Cybersecurity Threats Data Using SHAP.”
- [85] Mahbooba, M. Timilsina, R. Sahal, and M. Serrano, “Explainable Artificial Intelligence (XAI) to Enhance Trust Management in Intrusion Detection Systems Using Decision Tree Model,” Complexity, vol. 2021, 2021, doi: 10.1155/2021/6634811.
- [86] Liu, C. Zhong, A. Alnusair, and S. R. Islam, “FAIXID: A Framework for Enhancing AI Explainability of Intrusion Detection Results Using Data Cleaning Techniques,” J. Netw. Syst. Manag., vol. 29, no. 4, pp. 1–30, 2021, doi: 10.1007/s10922-021-09606-8.
- [87] Wang, K. Zheng, Y. Yang, and X. Wang, “An Explainable Machine Learning Framework for Intrusion Detection Systems,” IEEE Access, vol. 8, pp. 73127–73141, 2020, doi: 10.1109/ACCESS.2020.2988359.
- [88] A. Khan, N. Moustafa, D. Pi, K. M. Sallam, A. Y. Zomaya, and B. Li, “A New Explainable Deep Learning Framework for Cyber Threat Discovery in Industrial IoT Networks,” IEEE Internet Things J., vol. 9, no. 13, pp. 11604–11613, 2021, doi: 10.1109/JIOT.2021.3130156.
- [89] Mane and D. Rao, “Explaining Network Intrusion Detection System Using Explainable AI Framework,” no. Ml, pp. 1–10, 2021, [Online]. Available: http://arxiv.org/abs/2103.07110.
- [90] Wawrowski et al., “Detecting anomalies and attacks in network traffic monitoring with classification methods and XAI-based explainability,” Procedia Comput. Sci., vol. 192, no. 2019, pp. 2259–2268, 2021, doi: 10.1016/j.procs.2021.08.239.
- [91] Wali, I. A. Khan, and S. Member, “Explainable AI and Random Forest Based Reliable Intrusion Detection system Explainable AI and Random Forest Based Reliable Intrusion Detection system,” 2021, doi: 10.36227/techrxiv.17169080.v1.
- [92] T. H. Le, H. Kim, H. Kang, and H. Kim, “Classification and Explanation for Intrusion Detection System Based on Ensemble Trees and SHAP Method,” Sensors, vol. 22, no. 3, pp. 1–28, 2022, doi: 10.3390/s22031154.
- [93] Zebin, S. Rezvy, and Y. Luo, “An Explainable AI-Based Intrusion Detection System for DNS Over HTTPS (DoH) Attacks,” IEEE Trans. Inf. Forensics Secur., vol. 17, pp. 2339–2349, 2022, doi: 10.1109/tifs.2022.3183390.
- [94] K. Batchu and H. Seetha, “An Integrated Approach Explaining the Detection of Distributed Denial of Service Attacks,” Comput. Networks, p. 109269, 2022, doi: 10.1016/j.comnet.2022.109269.
- [95] Hariharan, R. R. R. Robinson, R. R. Prasad, and C. Thomas, “XAI for intrusion detection system : comparing explanations based on global and local scope,” J. Comput. Virol. Hacking Tech., 2022, doi: 10.1007/s11416-022-00441-2.
- [96] L. Buczak and E. Guven, “A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection,” IEEE Commun. Surv. Tutorials, vol. 18, no. 2, pp. 1153–1176, 2016, doi: 10.1109/COMST.2015.2494502.
- [97] J. Liao, C. H. Richard Lin, Y. C. Lin, and K. Y. Tung, “Intrusion detection system: A comprehensive review,” J. Netw. Comput. Appl., vol. 36, no. 1, pp. 16–24, 2013, doi: 10.1016/j.jnca.2012.09.004.
- [98] Riaz et al., “Intrusion Detection Systems in Cloud Computing: A Contemporary Review of Techniques and Solutions *,” J. Inf. Sci. Eng., vol. 33, no. 160088, pp. 611–634, 2017, doi: 10.6688/JISE.2017.33.3.2.
- [99] Thakkar and R. Lohiya, “ScienceDirect A Review Review of of the the Advancement Advancement in in Intrusion Intrusion Detection Detection Datasets Datasets,” vol. 00, no. 2019, 2020.
- [100] Khraisat, I. Gondal, P. Vamplew, and J. Kamruzzaman, “Survey of intrusion detection systems: techniques, datasets and challenges,” Cybersecurity, vol. 2, no. 1, 2019, doi: 10.1186/s42400-019-0038-7.
- [101] L. Leevy and T. M. Khoshgoftaar, “A survey and analysis of intrusion detection models based on CSE-CIC-IDS2018 Big Data,” J. Big Data, vol. 7, no. 1, 2020, doi: 10.1186/s40537-020-00382-x.
- [102] F. Kilincer, F. Ertam, and A. Sengur, “Machine learning methods for cyber security intrusion detection: Datasets and comparative study,” Comput. Networks, vol. 188, no. December 2020, p. 107840, 2021, doi: 10.1016/j.comnet.2021.107840.
- [103] Wu, D. Wei, and J. Feng, “Network attacks detection methods based on deep learning techniques: A survey,” Secur. Commun. Networks, vol. 2020, 2020, doi: 10.1155/2020/8872923.
- [104] Zhang, D. Jia, L. Wang, W. Wang, F. Liu, and A. Yang, “Comparative research on network intrusion detection methods based on machine learning,” Comput. Secur., vol. 121, p. 102861, 2022, doi: 10.1016/j.cose.2022.102861.
- [105] Ring, S. Wunderlich, D. Scheuring, D. Landes, and A. Hotho, “A survey of network-based intrusion detection data sets,” Comput. Secur., vol. 86, pp. 147–167, 2019, doi: 10.1016/j.cose.2019.06.005.
- [106] Alazzam, A. Sharieh, and K. E. Sabri, “A feature selection algorithm for intrusion detection system based on Pigeon Inspired Optimizer,” Expert Syst. Appl., vol. 148, 2020, doi: 10.1016/j.eswa.2020.113249.
- [107] Halim et al., “An Effective Genetic Algorithm-Based Feature Selection Method for Intrusion Detection Systems,” Comput. Secur., vol. 110, p. 102448, 2021, doi: 10.1016/j.cose.2021.102448.
- [108] Jiang, Z. He, G. Ye, and H. Zhang, “Network Intrusion Detection Based on PSO-Xgboost Model,” IEEE Access, vol. 8, pp. 58392–58401, 2020, doi: 10.1109/ACCESS.2020.2982418.
- [109] Mohammadi, H. Mirvaziri, M. Ghazizadeh-Ahsaee, and H. Karimipour, “Cyber intrusion detection by combined feature selection algorithm,” J. Inf. Secur. Appl., vol. 44, pp. 80–88, 2019, doi: 10.1016/j.jisa.2018.11.007.
- [110] Saroj Kr. Biswas, “Intrusion Detection Using Machine Learning: A Comparison Study,” J. Pure Appl. Math., vol. 118, no. 2018, pp. 101–114, 2018, [Online]. Available: http://www.ijpam.eu.
- [111] M. Elbasiony, E. A. Sallam, T. E. Eltobely, and M. M. Fahmy, “A hybrid network intrusion detection framework based on random forests and weighted k-means,” Ain Shams Eng. J., vol. 4, no. 4, pp. 753–762, 2013, doi: 10.1016/j.asej.2013.01.003.
- [112] Kuang, W. Xu, and S. Zhang, “A novel hybrid KPCA and SVM with GA model for intrusion detection,” Appl. Soft Comput. J., vol. 18, pp. 178–184, 2014, doi: 10.1016/j.asoc.2014.01.028.
- [113] W. Lee et al., “Towards secure intrusion detection systems using deep learning techniques: Comprehensive analysis and review,” J. Netw. Comput. Appl., vol. 187, no. December 2020, p. 103111, 2021, doi: 10.1016/j.jnca.2021.103111