International Journal of Emerging Trends & Technology in Computer Science (IJETTCS)
Web Site: www.ijettcs.org Email: editor@ijettcs.org
Volume 6, Issue 5, September- October 2017
Soft computing and classification approach to
Anomaly Based intrusion detection system:
A Survey
Preeti S. Joshi
Assistant Professor, Department of Information Technology Marthwada MitraMandals College of Engineering,Pune, India
Abstract
Intrusion detection is an eminent upcoming area, as more and
more complex data is being stored and processed in networked
systems. With extensive use of internet service, there is constant
threat of intrusions and misuse. Thus Intrusion Detection
system is most vital component of computer and its network
security. Intrusion Detection System is a software based
monitoring mechanism for a computer network that detects
presence of malevolent activity in the network. IDS system have
gathered consideration by maintaining high safety levels
ensuring trusted and safe announcement of the information
between dissimilar organizations. Intrusion detection systems
classify computer behavior into two main categories: normal
and distrustful activities. Many perspectives for intrusion
detection have been proposed before but none shows acceptable
results so we investigate for better upshot in this field .This
projected approaches represents the intrusion detection in
network using Genetic, Fuzzy and pattern matching Algorithm.
The proposed survey also takes an overview of different type of
classification techniques for Intrusion Detection System (IDS).
We also investigate in these different approaches, their accuracy
as well as false positive ratio
Keywords: Intrusion Detection system, Soft computing,
classification techniques.
1. INTRODUCTION
The wide use of computer networks, and the increase in
web based business has made security of the host and
network an important issue as these are vulnerable to
attacks. These attacks can be passive that just reads
confidential data or it can be active attack that also
modifies or fabricates the data. Since it is not possible to
avoid these vulnerabilities and design a completely secure
system. Intrusion detection has become a major challenge.
The primary objective of Intrusion detection system is to
identify the attack and in some cases analyze it. Various
techniques and approaches have been developed . But with
the evolution of new attacks more robust systems need to
be designed.
2. OVERVIEW OF IDS
2.1 Common types of Intrusion Detection:
There is a wide spectrum of IDS, varying from antivirus
software to hierarchical systems that monitor the traffic of
an entire backbone network. The most common
classifications are network intrusion detection systems
Volume 6, Issue 5, September October 2017
ISSN 2278-6856
(NIDS) and host-based intrusion detection systems
(HIDS).
A. Network Based Intrusion Detection System(Network
IDS)
Network based intrusion detection attempts to identify
unauthorized, illicit, and anomalous behavior based solely
on network traffic. A network IDS, using either a network
tap, span port, or hub collects packets that traverse a given
network. Using the captured data, the IDS system
processes and flags any suspicious traffic. Unlike an
intrusion prevention system, an intrusion detection system
does not actively block network traffic. The role of a
network IDS is passive, only gathering, identifying,
logging and alerting. SNORT is an example of NIDS
B. Host Based Intrusion Detection System(HIDS)
HIDS have based intrusion recognition tries to recognize
unapproved, illegal, and unusual conduct on a particular
gadget. HIDS for the most part includes software
introduced for checking and cautioning on neighborhood
OS and application action. The introduced specialist
utilizes a mix of marks, guidelines, and heuristics to
distinguish unapproved action. The part of a host IDS is
inactive, just assembling, distinguishing, logging, and
cautioning. Examples of HIDS: OSSEC (Open Source
Host-based Intrusion Detection System), Tripwire, AIDE
(Advanced Intrusion Detection Environment), Prelude
Hybrid IDS.
2.2 Classification of Intrusion Detection Based on
Detection Approach:
It is also possible to classify IDS by detection approach as
signature based or anomaly based Intrusion detection
system.
A. Signature-based detection:
It is otherwise called abuse discovery. So abuse
identification is Signature based IDS where identification
of intrusion is based on known patterns like antivirus
software. Thus the identification of an attack whos pattern
is not known cannot be identified by this method.
B. Anomaly-based detection:
The deviation from normal pattern is known as anomaly,
Identifying this is a challenging task and is not quite the
same as Misuse discovery as the kind of attack is not
Page 27
 International Journal of Emerging Trends & Technology in Computer Science (IJETTCS)
Web Site: www.ijettcs.org Email: editor@ijettcs.org
Volume 6, Issue 5, September- October 2017
known. The process at times may lead to false positives
where a legitimate activity may be classified as intrusion.
2.3 Classification Techniques
Classification refers to grouping elements to a particular
class, Three sections of classification are machine learning,
neural network and statistical classification.
1) K-Nearest Neighbor: It is one of the simplest
classification techniques. It calculates the distance
between different data points on the input vectors and
assigns the unlabeled data point to its nearest neighbor
class. K is an important parameter. If k=1, then the
object is assigned to the class of its nearest neighbor.
When value of K is large, then it takes large time for
prediction and influence the accuracy by reduces the
effect of noise.
2) Naive Bayes classifier: Naive Bayes classifier is
probabilistic classifier. It predicts the class according
to membership probability. To derive conditional
probability, it analyzes the relation between
independent and dependent variable.
Bayes Theorem:
P(H/X) = ( / ) . ( )/ ( ) (1)
Where, X is the data record and H is hypothesis which
represents data X and belongs to class C. P(H) is the prior
probability, P(H/X) is the posterior probability of H
conditioned on X and P(X/H) is the posterior probability of
X conditioned on H. Construction of Naive Bayes is easy
without any complicated iterative parameter. It may be
applied to large number of data points but time complexity
increases.
3) Support Vector Machine: Support Vector Machine is
supervised learning method used for prediction and
classification. It separate data points into two classes
+1 and -1 using hyperplane because it is binary
classification classifier. +1 represents normal data and
-1 for suspicious data. Hyperplane can be expressed
as: W. x+b=0 Where W={w1,w2,.......,wn} are weight
vector for n attributes A={A1,A2,..........,An},
x={x1,x2,......,xn} are attribute values and b is a scalar.
The main goal of SVM is to find a linear optimal
hyper plane so that the margin of separation between
the two classes is maximized. The SVM uses a portion
of the data to train the system.
4) K-Means Clustering algorithm: K-Means clustering
algorithm is simplest and widely used clustering
technique proposed by James Macqueen. In this
algorithm, number of clusters K is specified by user
means classifies instances into predefined number of
cluster. The first step of K-Means clustering is to
choose k instances as a center of clusters. Next assign
each instances of dataset to nearest cluster.
5) ID3 algorithm: It is celebrated choice tree calculation
created by Quinlan. ID3 calculation essentially
characteristic based calculation that develops choice
tree as indicated by preparing dataset. The quality
Volume 6, Issue 5, September October 2017
ISSN 2278-6856
which has most noteworthy data pick up is utilized as
a base of the tree.
6) J48 algorithm: It depends on ID3 calculation and
created by Ross Quinlan. In WEKA, C4.5 choice tree
calculation is known as J48 calculation. It develops
choice tree utilizing data pick up, quality which have
most elevated data pick up is chosen to settle on
choice. The fundamental disservice of this calculation
is that it requires more CPU time and memory in
execution. Another different tree based classifier.
7) AD Tree: Alternating decision tree is used for
classification. AD Tree have prediction node as both
leaf node and root node.
8) NB Tree NB: Tree algorithm uses both decision tree
and naive bayes classifier. Root node uses decision
tree classifier and leaf nodes uses naive bayes
classifier.
9) Random Forest: Random Forest is first presented by
Lepetit et.al. Furthermore, it is gathering grouping
strategy which comprises of at least two choice trees.
In Random Backwoods, each tree is set up by
haphazardly select the information from dataset. By
utilizing Random Forest enhance the exactness and
expectation control since it is less touchy to exception
information. It can without much of a stretch manage
high dimensional data.
2.4 Soft computing
Soft computing is gaining momentum in applications
which have task that can be categorized to be NP complete.
Components like machine learning, fuzzy logic,
evolutionary algorithms like genetic algorithm ,etc are
widely used in Intrusion detection system. We survey the
use of soft computing in Intrusion detection and their
success stories.
1) Fuzzy logic: These are used where instead of strict
bifurcation as 0 or 1, a fuzzy solution can be given.
2) Neural network: These try to simulate how a human
brain works with connected units called neurons,. and
are further advanced with concepts like feed forward
recurrent, radial basis etc..
3) Genetic algorithm: These are designed to solve
optimization problems with natural selection
3. LITERATURE SURVEY
3.1 Soft Computing base IDS
The authors in [1] propose the use of a Fuzzy Cognitive
Map (FCM) in combination with IDS to integrate
contextual information into the finding process. They also
evaluated the use of FCMs to adjust the Basic Probability
Assignment (BPA) values characterized before the
information combination process, which is essential for the
IDS. The outcomes that authors display confirm that FCMs
can enhance the effectiveness of framework's IDS by
lessening the quantity of false alerts, while not influencing
the quantity of right recognitions. The strategy that they
exhibit in this paper expands upon and enhances the
execution of framework's earlier work on a multilayer
Page 28
 International Journal of Emerging Trends & Technology in Computer Science (IJETTCS)
Web Site: www.ijettcs.org Email: editor@ijettcs.org
Volume 6, Issue 5, September- October 2017
information combination abnormality based IDS .They
likewise have proposed three conceivable methodologies
with the point of producing or affecting these convictions
in view of logical data as allocated by various human
specialists. The use of the FCM in conjunction with
framework's irregularity based IDS gives the capacity to
incorporate relevant data from the client to the discovery
procedure notwithstanding displaying impacts between
events.
In [2]the authors ,proposed a method to identify the attacks
in IDS. This strategy creates lead sets for Intrusion
Detection System utilizing non-ruled arranging hereditary
calculation (NSGA-II). NSGA-II is one kind of multi
objective hereditary calculations. This strategy considers
elements of association and characterizes two distinctive
wellness capacities for producing the tenets. The benefit of
this strategy contrasted techniques which connected
Evolutionary Algorithm. Since a few techniques connected
one wellness capacity or change over numerous targets to
single goal, they lost many components. As the multi
objective technique was utilized the impact of one element
on next is not overlooked. In other multi objective
methodologies, authors offered weight to each element and
afterward ascertained the whole of them that prompts
disregarding the impact of one component to next. The
proposed strategy was tried utilizing DARPA dataset for
assessing. The authors are attempting to apply this strategy
to Industrial control systems (ICS) and would provide
those results as future work.
The paper[3] presents a novel technique with an objective
of figuring out which alerts are related, by applying Neural
Networks and clustering, subsequently reducing the
quantity of alarms to physically process. The authors
advocates that domain knowledge is not required and
Neural network for feature selection and reducing human
effort.
A sensory system plan and association of a productive
procedure by genetic data encoded in DNA is suggested in
[4]. In Prediction of the impact of another medication on
Breast Cancer and KDDCUP'99 benchmark interruption
discovery dataset. A few favorable circumstances of the
proposed system are that it builds the level of certain
parallelism of the GA and is by all accounts fit for creating
negligible palatable neural structures, bringing about a
decrease of task costs and expanding the execution of the
advanced ANN, recommending a promising potential for
future applications.
In the paper [5] the authors presents advantages and
disadvantages of hybrid approach of neural networks and
fuzzy logic. Preprocessing is done with SOM is and
training data is used for ANFIS (Adaptive Network Based
Inference System) in view of neural systems and fuzzy
rationale contrasting it with comparable arrangements that
can be found in the writing
Volume 6, Issue 5, September October 2017
ISSN 2278-6856
In [6]the authors proposes a Artificial Neural Network
(ANN) based IDS display. The proposed IDS show the
sustain forward and the back spread calculations alongside
different other advancement procedures to limit the general
computational overhead, while in the meantime keep up a
superior level. Test on NSL-KDD dataset demonstrates
that the execution (exactness and discovery rate) of the
proposed ANN based IDS show that it beats the Naive
Bayes based model but equivalent to that of the SVM and
C4.5 based IDS models
In [8] authors used artificial immune system network based
intrusion detection. In framework's structure authors
propose utilizing GureKddcup database set for intrusion
identification and apply R-piece calculation of counterfeit
invulnerable framework system, it is utilized for anomaly
discovery .An upgraded highlight determination of harsh
set hypothesis utilized for improving tedious. Around the
productive execution of interruption location authors
accomplish the exactness and less tedious in discovery
activities. Authors make similarity between interruption
identification framework and fake invulnerable framework,
these assistance us to accomplish framework's objective.
AIS give speculation, multilevel guard and collaboration
between cells. RST Solve the issue of the unpredictability
of gureKDDcup informational collection by diminishing
41 elements to six components. Enhanced RST likewise
utilized for increment the execution of IDS by adding
distinctive weights to the estimations of the six elements
.The rate of true positive(TP) and true negative(TN)
become relatively high .
In [9] a grouping based identification procedure utilizing a
hereditary calculation named Genetic Clustering for
Anomaly-based Detection (GC-AD) is proposed. GC-AD
utilizes a divergence measure to frame k bunches. It, at that
point, applies a hereditary procedure where every
chromosome speaks to the centroids of the k groups.
Authors acquaint a certainty interim with refine the
bunches so as to get segments that are more homogeneous
and register, expand bunch fluctuation as. The exactness of
framework's system is tried on various subset from KDD99
dataset. The outcomes are talked about and contrasted with
kmeans grouping calculation. This paper proposes a
peculiarity based recognition conspire that uses an
unsupervised bunching approach joined with a hereditary
procedure. The primary reason for CG-AD (Clustering
Genetic for Anomaly-based Detection) is to get an ideal
homogenous apportioning of typical and oddity cases.
Because of the calculation of a certainty interim in the
fitness function, a cluster of rejected instances is created.
In [10] authors propose a shared data based calculation
that scientifically chooses the ideal component for
characterization. This shared data based element choice
calculation can deal with directly and nonlinearly
subordinate information highlights. Its adequacy is
assessed in the instances of system interruption discovery.
An Intrusion Detection System (IDS), named Least Square
Support Vector Machine based IDS (LSSVM-IDS), is
manufactured utilizing the components chose by
Page 29
 International Journal of Emerging Trends & Technology in Computer Science (IJETTCS)
Web Site: www.ijettcs.org Email: editor@ijettcs.org
Volume 6, Issue 5, September- October 2017
framework's proposed highlight determination calculation.
The execution of LSSVM-IDS is assessed utilizing three
interruption identification assessment datasets, to be
specific KDD Cup 99, NSL-KDD and Kyoto 2006+
dataset. The assessment comes about demonstrate that
framework's element choice calculation contributes more
basic components for LSSVM-IDS to accomplish better
precision and lower computational cost contrasted and the
cutting edge techniques. In this paper, an administered
channel based component determination calculation has
been proposed, to be specific Flexible Mutual Information
Feature Selection (FMIFS). FMIFS is a change over MIFS
and MMIFS. FMIFS proposes a change to Battiti's
calculation to lessen the excess among highlights. FMIFS
disposes of the excess parameter _ required in MIFS and
MMIFS. This is attractive practically speaking since there
is no particular system or rule to choose the best value for
this parameter.
In [11] authors proposed an approach based on genetic
algorithm (GA) and artificial immune system (AIS), called
GAAIS, for dynamic interruption identification in AODV-
based MANETs. GAAIS can adjust to arrange topology
changes utilizing two refreshing strategies: fractional and
add up to. Every ordinary component vector separated
from organize activity is spoken to by a hypersphere with
settle span. An arrangement of circular identifier is
produced utilizing NicheMGA calculation for covering the
nonself space. Round identifiers are utilized for
recognizing abnormality in organize movement. The
execution of GAAIS is assessed for recognizing a few sorts
of directing attacks recreated utilizing the NS2 test system,
for example, Flooding, Blackhole, Neighbor, Rushing, and
Wormhole. Trial comes about demonstrate that GAAIS is
more proficient in correlation with comparative
methodologies. Execution of this approach has been
assessed by different trials for recognition of some steering
attacks, for example, Flooding, Blackhole, Neighbor,
Rushing and Wormhole. Authors contrasted the
effectiveness of GAAIS and two other dynamic
methodologies, DCAD and WPCA. Test comes about
demonstrated that GAAIS expands the normal recognition
rate by over 0.36% and 8.22% and diminishes the normal
false caution rate by over 5.16% and 2.29% in examination
with those of DCAD and WPCA, respectively.
By joining the IDS with Genetic calculation authors in[12]
builds the execution of the discovery rate of the Network
Intrusion Detection Model and diminishes the false
positive rate. Palatable outcomes are delivered, regarding
high discovery rate (99%), strengthened by a low rate of
false positives (3%). The outcomes are after a few
upgrades of the approach utilized, for example, the
decision of the underlying populace for each kind of attack.
A novel intrusion detection system based on alternately
order of type fuzzy hunch route for extempore flooding
attack is mentioned in [13]. The results are dependable that
the coming intrusion detection system can look the casual
flooding attack indeed efficiently with fancy true positive
arm and a leg and reticent false positive
Volume 6, Issue 5, September October 2017
ISSN 2278-6856
e figure in MANETs. The packet dropping attack is
reduced by fuzzy parameter reduction, fuzzy inference and
decision module and response module.
Authors in [14] proposed An intrusion detection system
(IDS) is the fundamental part of the security infrastructure,
since it ensures the identification of any suspicious
activity.. Keeping in mind the end goal to enhance the
exactness of sensors, authors embrace a two-arrange
method. The first intends to create meta-cautions through
bunching and the second one means to decrease the rate of
false alarms utilizing a parallel characterization of the
produced meta-alarms. For the primary stage are utilized
two options, self-sorting out guide (SOM) with k-means
calculation and neural GAS with fuzzy c-implies
calculation. For the second stage experimenters utilize
three methodologies, SOM with K-means calculation,
bolster vector machine and choice trees. Results
demonstrate that framework's systems outflank other
contender strategies by lessening the rate of false
positives..
In [15] proposed method, rather than the typical five
classes, to change of acknowledgment exactness,11
subclasses are proposed Assessment of the proposed
technique is performed by KDDCup99 dataset. Authors
demonstrate that intrusion recognition framework with the
proposed preprocessing has performed superior to different
frameworks without preprocessing on account of grouping,
accuracy, review, f-measure, discovery and false caution
rate due to fuzzy sampling and clustering technique.
The authors in [16] investigates the problem of existing
normal Data Mining Techniques are not sufficiently
effective for the IDS execution and live learning is
required. A Stream Data Mining and Drift Detection
Method is proposed, as the information mining strategies
need to manage vast measure of information, a stream
information mining systems can be used for Intrusion
detection with less no. of passes, restricted memory and
time . It can be explored for further improvement and
evolution for high speed network where performance of
IDS is major issue.
The authors in [18] present a fuzzy-genetic approach to
recognizing system interruption. Paper shows the result of
the proposed framework is better in terms of precision,
execution time, and memory allotment. To execute and
measure the execution of the framework the KDD99
benchmark dataset is utilized. The KDD99 dataset utilized
is the 20% record which contains Normal, Denial of
Service (DoS), Probe association examples. Each record of
the datasets contains 41 components and one physically
allocated record sort. Nine system highlights were utilized
as a part of the Genetic Algorithm Genetic algorithm is
used to build the rule set and fuzzy algorithm is the used
for classification .
Page 30
 International Journal of Emerging Trends & Technology in Computer Science (IJETTCS)
Web Site: www.ijettcs.org Email: editor@ijettcs.org
Volume 6, Issue 5, September- October 2017
In [21], authors introduce Hybrid Evolutionary Neural
Network based Intrusion Detection system (IDS)
(HENN). A concise outline of IDS, genetic calculation,
and related discovery procedures and design are talked
about. Elements influencing the hereditary calculation are
tended to in detail. Not at all like different executions of
IDS, Input highlights, arrange structure and association
weights are advanced utilizing hereditary calculation in
HENN. Exploratory outcomes demonstrate that the
proposed IDS can productively enhance the detection rate
and accuracy rate. The trial comes about demonstrate that
the proposed technique achieves include determination and
structure improvement adequately. Through the near
examination, it can be seen that the HENN accomplishes
better identification execution regarding detection rate and
false positive rate.
In [22] paper Genetic algorithm (GA) is applied for
network intrusion detection. The objective to lessen false
positive rate and enhances precision and. Exploratory
outcomes demonstrate the productive recognition rates in
light of KDD99cup datasets which is a standard dataset for
interruption identification. Attacks can be ordered into
different stages, in spite of the fact that these are hard to
dissect and detect.GA is a randomization seeks strategy
which is frequently utilized for enhancement issue. GA is
promising technique for the discovery of pernicious
interruptions.. The False Positive alert rate can be
diminished and data rate can be expanded utilizing fitting
component determination with KDD 99 collection.
However False Positive alert rate is as yet the test for the
system base ID.
This paper[24] introduces a strategy that utilizations
measurable elements as the contribution to a lead learning
procedure. Initially, to extract reasonable components for
interruption location, an entropy and volume based
approach is presented. The blend of factual estimation and
control based machine learning gave a nonexclusive and
adaptable model. This model is not subject to the elements
separated from parcels headers and can be conveyed
anytime of system foundation. Two sources of data were
utilized to assess framework's proposed calculation (ESR-
NID) and to look at against four existing methods. In light
of the outcomes, ESR-NID delivered an adequate exchange
off amongst precision and size of the last rule set. For
DARPA/CAIDA dataset, just two entropy highlights were
required and for the second complex dataset, three
components were utilized.
The authors in[25] proposed and implemented a fuzzy
genetic algorithm using Kdd99 data set and fitness value
is calculated by fuzzy classifier.
System proposed in[28] is a genetic algorithm based
network intrusion detection system named IGIDS, where
the genetic calculation is utilized for pruning the best rules.
The procedure settles on the choice as the hunt space of the
subsequent set is much minimized when contrasted with
the first informational index. This makes IDS fast . and the
Volume 6, Issue 5, September October 2017
ISSN 2278-6856
technique shows a high identification rate with low false
positives
The work in [29], propose a multi-objective genetic
algorithm based intrusion detection system to give ideal
attack recognition in these systems. Authors inspected how
genetic calculations for intrusion discovery can be utilized.
The issue is displayed as a multi-objective genetic
calculation advancement issue to deal with the tradeoffs
among discovery precision, false positives and asset
utilization in WBAN.
Fuzzy logic based methods proposed in[30] together with
the techniques from Artificial Intelligence has gained
importance. Association rules together with fuzzy logic to
model the fuzzy association rules are being used for
classifying data. These together with the techniques of
genetic algorithms are producing better results .Therefore,
in this article, authors propose a genetics-based fuzzy
system algorithm. In the first stage of this algorithm, it
draws initial rules out by using fuzzy algorithm, and in the
second stage, the membership function is optimized by the
genetic algorithm, with simplification of fuzzy rules, to
build a high performance fuzzy system
3.2 Classification based IDS
The proposed work given in[7] utilizes data mining
procedures in intrusion discovery frameworks for the
grouping of the system occasions as either typical or
attack. Naive Bayes (NB) strategy is a straightforward,
effective and well known information mining technique
that is based on contingent autonomy of characteristics
presumption. Hidden Naive Bayes (HNB) is an expanded
type of NB that keeps the NB's effortlessness and
proficiency while unwinding its freedom presumption.
framework's exploratory research guarantees that the HNB
paired classifier model can be connected to interruption
discovery issue. Test comes about utilizing great KDD
1999 Cup interruption discovery dataset show that HNB
double classifier has better execution regarding location
precision contrasted with the conventional NB classifier.
Framework disclosed the expanding need to apply
information mining strategies to arrange organize attack
occasions. A straightforward and broadly utilized
information mining strategy is checked which is called
Naive Bayes (NB) classifier, it shows dependency on the
freedom of qualities suspicion. A paired classifier display
in view of the Hidden Naive Bayes (HNB) technique as an
augmentation to NB to decrease its naivety supposition is
presented. s connected this new classifier strategy to the
testing system interruption recognition issue and tried
execution of framework's model utilizing the very much
perceived KDD'99 interruption identification dataset.
framework's test ponder results demonstrate that the HNB
twofold characterization display expanded with EMD
discretization and CONS highlight determination channel
strategies has better general outcomes in wording of
detection accuracy, error rate and area under ROC curve
than the traditional NB model.
Page 31
 International Journal of Emerging Trends & Technology in Computer Science (IJETTCS)
Web Site: www.ijettcs.org Email: editor@ijettcs.org
Volume 6, Issue 5, September- October 2017
The System mentioned in [17] proposed a Artificial
immune to be an effective method for adaptive intrusion
detection. By using rough set (RS) and fuzzy set (FS), a
dynamic manufactured resistant based interruption
identification strategy utilizing unpleasant and fuzzy set is
composed (DAIIDRF). A plan in view of harsh set for
antibodies is proposed. Utilizing antibodies acquisition
technique, superb antibodies are guaranteed, in the
meantime, the identification speed is enhanced, the union
rate is higher. Finally, the recreation tries different things
with KDD99 and the examinations of two calculations are
given. The test comes about demonstrate its attainability
and viability of the proposed strategy. To tackle these
issues over, a memory neutralizer era plot in view of harsh
set and fuzzy set strategy was outlined; far reaching
technique to produce youthful antibodies was embraced.
By breaking down the calculation multifaceted nature,
DAIIDRF's opportunity many-sided quality is lower,
utilizing DAIIDRF authors can accomplish a higher
discovery rate. Finally, reproduction investigates the
KDD99 informational collection were actualized, the trial
comes about demonstrate that: utilizing the strategy for
harsh set technique to produce memory antibodies can
enhance the speed of discovery; to enhance the security of
the location calculation, in the meantime, the TP is
enhanced and the FP is equivalent with DynamiCS. The
following stage, authors will focus on research, how to
apply the proposed detection method in the cloud
computing environment.
In [19], authors propose a new hybrid intrusion detection
system by using accelerated genetic algorithm and rough
set theory (AGAAR). The vast majority of the current IDS
utilize each of the 41 includes in the system. The greater
part of these elements is repetitive and insignificant. The
authors utilize AGAAR to diminish this component and
genetic programming with nearby pursuit (GPLS) for
information characterization. The AGAAR strategy is
utilized to choose the most significant properties that can
speak to an intrusion recognition dataset. The outcomes
demonstrated show that characterization exactness
enhanced from 75.98% to 81.44% in the wake of utilizing
AGAAR characteristic diminishment for the NSL-KDD
dataset.. The classifier prepared with the full element of
20%-NSL-KDD. The classifier was prepared with 19.51%
of the dataset highlights. The classifier exactness enhances
the performance after diminishing dimensionality of the
dataset. This lessening influences a critical change in term
of memory and CPU to time. This demonstrates
framework's AGAAR can expel the significant elements in
interruption location. The examination demonstrates that
the GPLS utilizing lessened elements is more exact than
that uses the greater part of the components. Systems
classifiers (AGAAR-GPLS) contrasted and others
strategies, demonstrate preferable outcomes over numerous
techniques The authors in [20] present a new attempt in the
application of SN P system and as well provide a novel
idea and method for attack detection. The extension of SN
P system called trapezoidal Fuzzy Reasoning Spiking
Neural P (tFRSN P) framework is received in the system
Volume 6, Issue 5, September October 2017
ISSN 2278-6856
interruption .SN P framework is a neural-like registering
model enlivened from the way spiking neurons convey
utilizing spikes. It has a graphical demonstrating advantage
which influences it to appropriate for fuzzy thinking and
additionally fuzzy information portrayal. Keeping in mind
the end goal to assess the execution of tFRSN P framework
in interruption location, the freely accessible KDD Cup
benchmark dataset was utilized. After the tests,
framework's outcomes yielded high location rate of
99.78% and low false caution rate of 0.16% for Brute
Force Attack (BFA). 1) Proposing of a mapping/structure
for the location of BFA utilizing tFRSN P framework. This
applies a trapezoidal Fuzzy Reasoning Spiking Neural P
framework to distinguish meddling activity in a run based
condition of a system recognition interruption framework.
2) Modeling the learning base and characterizing the
participation elements of a BFA in an exceptionally
natural, and strikingly straightforward and justifiable
frame. 3) Analyzing and preparing expansive quantities of
system bundles at a fast. Be that as it may, as it is the
normal for other abuse/signature-based discovery
frameworks intended for a particular attack, it does not
have the fortitude to flag alarm for novel attacks.
In[23] the system is focused on Intrusion detection systems
with a two layered approach. The ANFIS (Adaptive neuro
fuzzy inference forms the first layer and the result of which
is then used for system applying genetic algorithm along
with application layer filtering for enhanced. A derivation
framework, Fuzzy surmising frameworks is additionally
used to decide if the movement is typical or malignant.
Proficient IDS frameworks are those equipped for
lessening false positives and create high rate attack
identification.
In[26] it was discovered that the execution was not
basically dependant on the GA parameters. With typical
estimations of parameters and iterative GA runs most sorts
of information were arranged effectively. It was discovered
that different speciation systems like sharing, swarming,
and limited mating were not extremely powerful in
empowering survival and concurrence of different types of
contrasting qualities. Here the mix of GA with sharing
gave the best execution. The authors further plan to
augment this work with the Multi-National GA to improve
the solution along with different classifiers and mining
technique In [27] authors propose method for intrusion
detection using ID3, KNN (K nearest neighbor) and
Genetic algorithm (GA). The ID3 is utilized for feature
reduction by finding the entropy of each attribute then
KNNGA together which enhances performance. The
examination of the approach is by utilizing the
KDDCUP'99 dataset. The examination of proposed
technique and SVM, KNN is assessed with respect to the
execution measurements like affectability, specificity and
exactness. Among all obtained results systems proposed
methods is better than the other methods.
Page 32
 International Journal of Emerging Trends & Technology in Computer Science (IJETTCS)
Web Site: www.ijettcs.org Email: editor@ijettcs.org
Volume 6, Issue 5, September- October 2017 ISSN 2278-6856

4. Discussions 6. Future Work

The proposed survey basically focus on soft computing
We propose to embed the multi-classification approach
and classification based detection approach, basically both
with different algorithm on NIDS as well as HIDS as
methods having the good detection rate but at times it
future enhancement. The second challenging task for future
generates more false positive ratio. Some system is also
enhancement is to detect and prevent the attack into both
not applicable in real time environment and some cant be
online and offline environment with forensic approach.
focus on misclassified anomalies. . As observed, most
applications still miss the mark as there is no system that at
present gives a 100% discovery rate and the sky is the References
limit. Research needs to be done in the areas of genetic [1] Francisco J. Aparicio-Navarro, Konstantinos G ,
algorithm to improve the detection rate. The Table below Adding Contextual Information to Intrusion Detection
shows the accuracy of different approaches in IDS. Systems Using Fuzzy Cognitive Maps in IEEE 2016.
[2] Ali Tamimi et. al. ,An Intrusion Detection System
Table 1 Percentage of detection ration and False positive Based on NSGA-II Algorithm in IEEE 2015.
ratio in each approach [3] Egon Kidmose, Matija Stevanovic and Jens Myrup
Pedersen Correlating intrusion detection alerts on bot
Method Approach Detection False malware infections using neural network in IEEE
Ratio Positive 2014.
GA 80.26% 5.12% [4] Lfdio Mauro Lima de Campos , Evolving Artificial
Soft FGA 85.56% 4.23% Neural Networks through L-System and Evolutionary
Computing ANN 81.45% 8.56% Computation IEEE 2015.
Base C-Means 68.75% 19.25% [5] A. Midzic, Z. Avdagic and S. Omanovic , Intrusion
PCA 88.52% 4.98% Detection System Modeling Based on Neural
J48 81.05% 13.12% Networks and Fuzzy Logic in IEEE 2016
Classificatio NB 76.56% 14.55% [6] Basant Subba , Santosh Biswas, Sushanta Karmakar , A
n NB Tree 82.03% 11.10% Neural Network Based System for Intrusion Detection
Base Random 80.67% 8.88% and Attack Classification IEEE 2016
Forest [7] Levent Koc and Alan D. Carswell , Network Intrusion
NB Tree 81.59% 9.14% Detection Using a HNB Binary Classifier in IEEE
ID3 81.76 12.87% 2015
[8] Eman Abd EI Raoof Abas Artificial immune system
based intrusion detection: anomaly detection and
5. Conclusion feature selection IEEE 2015.
Since the study of intrusion detection began to gain [9] Naila Belhadj Aissa, Mohamed Guerroumi , A Genetic
momentum in the security community roughly ten years Clustering Technique for Anomaly-Based Intrusion
ago, a number of diverse ideas have emerged for Detection Systems IEEE 2015
confronting this problem. Intrusion detection systems vary [10] Mohammed A. Ambusaidi et. al. , Building an
in the sources they use to obtain data and in the specific intrusion detection system using a filter-based feature
selection algorithm IEEE TRANSACTIONS ON
techniques they employ to analyze this data. Most systems
COMPUTERS, VOL., NO NOVEMBER 2014
today classify data either by misuse detection or anomaly
[11] Fatemeh Barani , A Hybrid Approach for Dynamic
detection. Each approach has its relative merits and is Intrusion Detection in Ad Hoc Networks Using
accompanied by a set of limitations. It is likely not realistic Genetic Algorithm and Artificial Immune System in
to expect that an intrusion detection system be capable of IEEE 2014.
correctly classifying every event that occurs on a given [12] Salah Eddine Benaicha, Lalia Saoudi, Salah Eddine
system. Perfect detection, like perfect security, is simply Bouhouita Guermeche, Ouarda Lounis , Intrusion
not an attainable goal given the complexity and rapid Detection System Using Genetic Algorithm Science
evolution of modern systems. An IDS can, however, strive and Information Conference 2014
to raise the bar for attackers by reducing the efficacy of [13] Alka Chaudhary, Vivekananda Tiwari, Anil Kumar ,
large classes of attacks and increasing the work factor A Novel Intrusion Detection System for Ad Hoc
required to achieve a system compromise. The coordinated Flooding Attacl( Using Fuzzy Logic in Mobile AdHoc
deployment of multiple intrusion detection systems Networks IEEE 2014
promises to allow greater confidence in the results of and [14] Hachmi Fatma and Limam Mohamed , A two-stage
to improve the coverage of intrusion detection, making this technique to improve intrusion detection systems
a critical component of any comprehensive security based on data mining algorithms IEEE 2013.
architecture. [15] Saeed Khazaee and Maryam Sharifi Rad ,Using fuzzy
c-means algorithm for improving intrusion detection
performance in IEEE 2013

Volume 6, Issue 5, September October 2017 Page 33

 International Journal of Emerging Trends & Technology in Computer Science (IJETTCS)
Web Site: www.ijettcs.org Email: editor@ijettcs.org
Volume 6, Issue 5, September- October 2017 ISSN 2278-6856
[16] Manish Kumar and Dr. M. Hanumanthappa, Intrusion
Detection System using Stream Data Mining and Drift AUTHOR
Detection Method in IEEE 2013.
[17] Ling Zhang, Zhongying Bai, Shoushan Luo, Preeti S. Joshi received B.E. CSE
Guanning Cui, Xing Li , A dynamic artificial immune and M.E .I.T degrees from D.Y patil
based intrusion detection method using rough and College of Engineering and VESIT
fuzzy set in IEEE 2015. chembur in 1999 and 2007,
[18] Yogita Danane and Thaksen Parvat , Intrusion respectively. She is now with
Detection System using Fuzzy Genetic Algorithm in Marathwada Mitra Mandals college of
IEEE 2015. Engineering, Pune, India as Assistant
[19] Abdel-Rahman Hedar, Mohamed A. Omer and professor in Department of Information Technology.
Ahmed F. Al-Sadek, Adel A. Sewisy , Hybrid
Evolutionary Algorithms for Data Classification in
Intrusion Detection Systems in IEEE 2015.
[20] Rufai Kazeem Idowu, Ravie Chandren M., Zulaiha
Ali Othman , Advocating the use of Fuzzy Reasoning
Spiking Neural P System in Intrusion Detection in
IEEE 2014.
[21] Fan Li proposed Hybrid Neural Network Intrusion
Detection System using Genetic Algorithm in IEEE
2010.
[22] Dipika Narsingyani and Ompriya Kale, Optimizing
False Positive In Anomaly based Intrusion Detection
using Genetic Algorithm in IEEE 2015.
[23] Biswajit Panja, Olugbenga Ogunyanwo, Priyanka
Meharia , Training of Intelligent Intrusion Detection
System using Neuro Fuzzy IEEE 2014.
[24] Samaneh Rastegari, Chiou-Peng Lam, Philip Hingston
proposed A Statistical Rule Learning Approach to
Network Intrusion Detection in IEEE 2015
[25] Ganesh Prasad Rout , Sachi Nandan Mohanty
proposed A Hybrid Approach for Network Intrusion
Detection in IEEE 2015.
[26] K. Sangeetha, P.S. Periasamy and S.Prakash proposed
Identification of Network Intrusion with Efficient
Genetic Algorithm Using Bayesian Classifier in IEEE
2015.
[27] Preeti Singh and Amrish Tiwari An Efficient
Approach for Intrusion Detection in Reduced Features
of KDD99 using ID3 and classification with KNNGA
in IEEE 2015.
[28] Srinivasa K G, SaumyaChandra, Siddharth Kajaria,
Shilpita Mukherjee proposed IGIDS: Intelligent
Intrusion Detection System Using Genetic Algorithms
in IEEE 2011.
[29] Geethapriya Thamilarasu proposed Genetic Algorithm
based Intrusion Detection System for Wireless Body
Area Networks in IEEE 2015.
[30] Wang Yunwu proposed Using Fuzzy Expert System
Based on Genetic Algorithms for Intrusion Detection
System in IEEE 2009.

Volume 6, Issue 5, September October 2017 Page 34