Intrusion detection based on Machine Learning techniques in computer networks

Intrusions in computer networks have increased significantly in the last decade, due in part to a profitable underground cyber-crime economy and the availability of sophisticated tools for launching such intrusions. Researchers in industry and academia have been proposing methods and building systems for detecting and preventing such security breaches for more than four decades. Solutions proposed for dealing with network intrusions can be broadly classified as signature-based and anomaly-based. Signature-based intrusion detection systems look for patterns that match known attacks. On the other hand, anomaly-based intrusion detection systems develop a model for distinguishing legitimate users' behavior from that of malicious users' and hence are capable of detecting unknown attacks. One of the approaches used to classify legitimate and anomalous behavior is to use Machine Learning (ML) techniques. Several intrusion detection systems based on ML techniques have been proposed in the literature. In this paper, we present a comprehensive critical survey of ML-based intrusion detection approaches presented in the literature in the last ten years. This survey would serve as a supplement to other general surveys on intrusion detection as well as a reference to recent work done in the area for researchers working in ML-based intrusion detection systems. We also discuss some open issues that need to be addressed.