Next Article in Journal
Hardware Architecture for Asynchronous Cellular Self-Organizing Maps
Next Article in Special Issue
Modeling Bitcoin plus Ethereum as an Open System of Systems of Public Blockchains to Improve Their Resilience against Intentional Risk
Previous Article in Journal
Applications and Trends in Social Robotics
Previous Article in Special Issue
Privacy-Enhanced MQTT Protocol for Massive IoT
 
 
Article

A Survey on Data-Driven Learning for Intelligent Network Intrusion Detection Systems

by 1,*,†,‡, 1,†,‡, 1,†,‡ and 2,‡
1
Data Science and Cybersecurity Center, Department of Electrical Engineering and Computer Science, Howard University, Washington, DC 20059, USA
2
Microsoft Corporation, Reston, VA 20190, USA
*
Author to whom correspondence should be addressed.
Current address: Department of Electrical Engineering and Computer Science, School of Engineering and Architecture, Howard University, 2300 Sixth Street NW, Washington, DC 20059, USA.
These authors contributed equally to this work.
Academic Editor: Amir Mosavi
Electronics 2022, 11(2), 213; https://doi.org/10.3390/electronics11020213
Received: 7 December 2021 / Revised: 1 January 2022 / Accepted: 6 January 2022 / Published: 11 January 2022
(This article belongs to the Special Issue 10th Anniversary of Electronics: Advances in Networks)
An effective anomaly-based intelligent IDS (AN-Intel-IDS) must detect both known and unknown attacks. Hence, there is a need to train AN-Intel-IDS using dynamically generated, real-time data in an adversarial setting. Unfortunately, the public datasets available to train AN-Intel-IDS are ineluctably static, unrealistic, and prone to obsolescence. Further, the need to protect private data and conceal sensitive data features has limited data sharing, thus encouraging the use of synthetic data for training predictive and intrusion detection models. However, synthetic data can be unrealistic and potentially bias. On the other hand, real-time data are realistic and current; however, it is inherently imbalanced due to the uneven distribution of anomalous and non-anomalous examples. In general, non-anomalous or normal examples are more frequent than anomalous or attack examples, thus leading to skewed distribution. While imbalanced data are commonly predominant in intrusion detection applications, it can lead to inaccurate predictions and degraded performance. Furthermore, the lack of real-time data produces potentially biased models that are less effective in predicting unknown attacks. Therefore, training AN-Intel-IDS using imbalanced and adversarial learning is instrumental to their efficacy and high performance. This paper investigates imbalanced learning and adversarial learning for training AN-Intel-IDS using a qualitative study. It surveys and synthesizes generative-based data augmentation techniques for addressing the uneven data distribution and generative-based adversarial techniques for generating synthetic yet realistic data in an adversarial setting using rapid review, structured reporting, and subgroup analysis. View Full-Text
Keywords: imbalanced learning; adversarial learning; generative models; generative adversarial networks; oversampling; intrusion detection systems; machine learning; deep learning imbalanced learning; adversarial learning; generative models; generative adversarial networks; oversampling; intrusion detection systems; machine learning; deep learning
Show Figures

Figure 1

MDPI and ACS Style

Abdelmoumin, G.; Whitaker, J.; Rawat, D.B.; Rahman, A. A Survey on Data-Driven Learning for Intelligent Network Intrusion Detection Systems. Electronics 2022, 11, 213. https://doi.org/10.3390/electronics11020213

AMA Style

Abdelmoumin G, Whitaker J, Rawat DB, Rahman A. A Survey on Data-Driven Learning for Intelligent Network Intrusion Detection Systems. Electronics. 2022; 11(2):213. https://doi.org/10.3390/electronics11020213

Chicago/Turabian Style

Abdelmoumin, Ghada, Jessica Whitaker, Danda B. Rawat, and Abdul Rahman. 2022. "A Survey on Data-Driven Learning for Intelligent Network Intrusion Detection Systems" Electronics 11, no. 2: 213. https://doi.org/10.3390/electronics11020213

Find Other Styles
Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Article Access Map by Country/Region

1
Back to TopTop