Security and Communication Networks / 2018 / Article / Tab 3 / Review Article
Data Fusion for Network Intrusion Detection: A Review Table 3 The performance of different decision reduction algorithms.
Decision fusion techniques Metrics Article Dataset Number of training/testing data Classifier Identified attack types Validity Data security Scalability ACC PR RR F-Score FPR FNR D-S Evidence Theory [31 ] KDD99 Multiclass SVM Attack/normal 95.10% 0.19% 4.74% × × [32 ] KDD99 RBF-NN Dos 99.08% 0.71% × × [33 ] KDD99 30000/30000 C4.5 Attack/normal 98.90% × × BN 96.70% × × NN 99.20% × × MDT 86.30% × × D-S fusion 99.10% × × RF [15 ] KDD99_10% 16919/49838 RF Attack/normal 94.20% 1.10% × × Adaboost [34 ] KDD99 494021/311029 Decision stumps Attack/normal 90.02% 1.68% × × NN [35 ] DARPA99 PHAD All 99% 35% 28.00% 31% × × ALAD 99% 38% 32.00% 35% × × Snort 99% 9% 51.00% 15% × × Data-dependent fusion 99% 39% 68.00% 50% × × RBF-NN [32 ] KDD99 RBF-NN Dos 99.59% 0.63% × × Majority voting rule [36 ] NSL_KDD 8105/11695 BN Attack/normal 93.10% 91.90% 92.20% × × IBK 99.60% 99.60% 99.60% × × J48 98.50% 98.50% 98.50% × × SVM 98.50% 92.90% 92.60% × × Classifier fusion 99.10% 99.40% 99.20% × × MLP [37 ] KDD99 833/7436 MLP-4 intrinsic features Attack/normal 3.19% × × MLP-7 content features 2.25% × × MLP-19 traffic features 23.94% × × MLP-30 features 3.57% × ×
PHAD: packet header anomaly detection system; ALAD: application layer anomaly detector; MDT: Multirandom Decision Tree; and IBK: lazy classifier.
given.
mentioned. Number of features (
):
and
represent the number of features before and after fusion, respectively.