Security and Communication Networks / 2018 / Article / Tab 2 / Review Article
Data Fusion for Network Intrusion Detection: A Review Table 2 The performance of different feature reduction algorithms.
(a)
Feature fusion techniques Metrics Article Dataset Number of training/testing data Number of features Classifier Identified attack types Validity Efficiency Data security Scalability ACC PR RR F-Score FPR FNR FAR Training time (s) Testing time (s) NN [8 ] DARPA99 6819/3679 84/37 MLF All × × [9 ] KDD99 7000/7000 41/13 NN Attack/Normal 99.41% × [10 ] KDD99_10% 41/34 NN Attack/Normal 81.57% 18.19% 0.25% 9.22% × × PCA [11 ] KDD99_10% 5000/5000 41/10 SVM Probe 99.78% 99.85% 99.70% 99.77% 276 × × KDD99_10% 5000/5000 41/10 SVM R2L 99.70% 99.50% 99.39% 99.53% 237 × × [12 ] Kyoto 20606+ 31360/47040 18/5 MLP Attack/Normal 97.12% 4.29% 1.44% 2.87% 22.14 × × [13 ] NSL_KDD 125971/22000 41/23 NN All 86.49% 83.95% 83.78% × × Fisher-Score [14 ] KDD99_10% 1500/1500 41/13 RBF-NN Attack/Normal 85.33% 5.40% 6.71 0.13 × × 41/19 91.27% 5.20% 8.38 0.13 × × 41/28 95.70% 6.31% 9.07 0.18 × × 41/41 96.51% 11.74% 13.05 0.41 × × RF [15 ] KDD99_10% 16919/49838 41/34 RF Attack/Normal 94.20% 1.10% × × GA-LR [16 ] KDD99_10% 1000/1000 41/18 RF Attack/Normal 99.90% 99.81% 0.11% × × UNSW-NB15 2000/2000 49/20 C4.5 81.42% 6.39% × × Filter-MISF [17 ] KDD99_10% 15246/478775 41/6 LS-SVM Attack/Normal 99.90% 99.93% 99.53% 0.07% 63.19 27.32 × × Filter 41/19 99.75% 99.43% 99.34% 0.17% 87.83 30.64 × × MISF 41/25 99.70% 99.38% 99.34% 0.23% × × GFR [18 ] KDD99_10% 550/115705 41/19 Multi-class SVM All 98.62% 0.12 4.63 × × FRM-SFM 41/10 98.68% 0.16 7.8 × × SVM [10 ] KDD99_10% 41/30 Multi-class SVM All 99.61% 81.18 6.36 × × [19 ] KDD99_10% 424/106 41/17 SVM Dos and Probe 99.30% × × [9 ] KDD99 7000/7000 41/13 SVM Attack/Normal 99.52% 0.50% 163 1.06 × × SA-SVM [20 ] KDD99 93969/10441 41/23 SA-DT All 99.96% × × Chi-Square [21 ] NSL_KDD 8325/24975 41/31 Multi-class SVM All 98.00% 0.13%
LR: logistic regression; MISF: Mutual Information-Based Feature Selection; GFR: gradually feature removal method; FRM: feature removal method; SFM: sole feature method; SA: simulated annealing; MLF: multilayer feed-forward; LS: least square; and DT: decision tree.
given.
mentioned. Number of features
: and
represent the number of features before and after fusion, respectively.
(b)
Feature fusion techniques Metrics Article Dataset Number of training/testing data Number of features Classifier Identify attack types Validity Efficiency Data security Scalability ACC PR RR F-Score FPR FNR FAR Training time (s) Testing time (s) GeFS-CFS [19 ] KDD99_10% 424/106 41/4.5 C4.5 Dos and Probe 99.20% × × GeFS- mRMR 41/18 99.60% × × Markov-Blanket 41/17 BN 98.70% × × BN [22 ] KDD99 4700/4700 41/30 BN All 83.13% 37.44 × × [23 ] KDD99 5092/6890 41/17 BN All 91.06% 112.11 59.4 × × CART [23 ] KDD99 5092/6890 41/12 CART All 88.52% 3.86 0.19 × × [19 ] KDD99_10% 424/106 41/12 CART Dos and Probe 94.30% × × FMIFS [24 ] KDD99 41/19 LS-SVM Attack/Normal 99.79% 99.46% 0.13% × × NSL_KDD 99.91% 98.76% 0.28% × × Kyoto 2006+ 99.77% 99.64% 0.13% × × MIFS [24 ] KDD99 41/25 LS-SVM Attack/Normal 99.70% 99.38% 0.23% × × NSL_KDD 97.96% 95.96% 0.53% × × Kyoto 2006+ 99.32% 98.59% 0.16% × × FLCFS [24 ] KDD99 41/17 LS-SVM Attack/Normal 97.63% 89.26% 0.34% × × NSL_KDD 96.75% 93.26% 0.47% × × Kyoto 2006+ 99.12% 98.10% 0.58% × × CFS-GA [25 ] NSL_KDD 125973/22544 41/4 J48 Attack/Normal 91.86% 0.22 × × BBAL-NB [26 ] NSL_KDD 9566/4500 41/15 NB Attack/Normal 91.62% 5.73% 0.76 × × BBAL-SVM 41/16 SVM 95.87% 2.89% 68.77 × × FVBRM [27 ] NSL_KDD 56687/6299 41/24 NB All 97.78% 9.42 × × ML [28 ] KDD99 90000/10000 41/16 SVM All 90.36% × × NSL_KDD 90000/10000 41/16 Attack/Normal 89.35% × × Kyoto 2006+ 90000/10000 23/8 Attack/Normal 87.12% × × ARM [29 ] KDD99 41/11 NB All 62.02% × × UNSW-NB15 49/11 37.50% × × HVS [12 ] Kyoto 2006+ 31360/47040 18/5 MLP Attack/Normal 98.28% 3.05% 0.35% 1.70% 64.47 0.02 × × PLS 18/5 PLS Attack/Normal 94.72% 6.52% 4.02% 5.27% 0.02 0.03 × × CFS [30 ] NSL_KDD 25192/11850 41/8 RandomTree All 97.49% 2.50%
GeFS: generic feature selection; mRMR: minimal redundancy maximal relevance; BN: Bayesian networks; CART: classification and regression tree; FMIFS: flexible mutual information feature selection; MIFS: mutual information feature selection; FLCFS: flexible mutual information feature selection; BBAL: binary bat algorithm with lévy flights; FVBRM: feature vitality based reduction method; ML: feature vitality based reduction method; ARM: association rule mining; HVS: heuristic for variable selection; and PLS: partial least squares regression.
given.
mentioned. Number of features
: and
represent the number of features before and after fusion, respectively.