Skip to main content

Table 25 Summary of ML for Hybrid Intrusion Detection

From: A comprehensive survey on machine learning for networking: evolution, applications and research opportunities

Ref. ML Technique Dataset Features Evaluation
     Settings Results
Mukkamala et al. [325] Supervised RBF-SVM (Online) KDD cup [257] all 41 features 7,312 training records -6,980 testing records -Platform used: SVMLight [224] Accuracy: 99.5% Training time: 17.77 sec Testing Time: 1.63 sec
Zhang et al. [494] Hybrid Hierarchical-RBF (Online) KDD Cup all 41 features -32,000 training records -32,000 testing records SHIDS Normal DR:=99.5%
      SHIDS Normal FP: 1.2%
      SHIDS Attack DR: [98.2%-99.3%]
      SHIDS Attack FP: [0%-5.4%]
      PHIDS level 1 DR: 99.8%
      PHIDS level 1 DR:1.2%
      PHIDS level 2 DR:[98.8%-99.7%]
      PHIDS level 2 FP:[0%-4%]
      PHIDS level 3 DR: 86.9%
      PHIDS level 3 FP: 0%
      Training time: 5 min
Depren et al. [116] Hybrid SOM w./ J.48 (Offline) KDD Cup 6 basic features for SOM all 41 features for J.48 -10-fold cross validation -Two-phases SOM Training -Phase 1 learning rate:0.6 -Phase 2 learning rate: 0.05 -Confidence Val. for J.48 pruning: 25% DR: 99.9% Missed Rate: 0.1% FP: 1.25%