A Systematic Literature Review of Intrusion Detection System for Network Security: Research Trends, Datasets and Methods

Abstract

Study on intrusion detection system (IDS) mostly allow network administrators to focus on development activities in terms of network security and making better use of resource. Many IDS datasets, techniques and methods conducted by some administrator to get a good performance of IDS. But, some methods, techniques and datasets published differently show that research in the field of intrusion detection is losing comprehensiveness. This literature review aims to analyze and identify the research trends of techniques, datasets and methods used on IDS topics that published in January 2016 to May 2020. Based on inclusion and exclusion criteria was found 62 primary studies that focus and related to IDS topic, that focuses on seven machine learning techniques: classification (81%), clustering (8%), estimation (3%), association (2%), prediction (2%), dataset analysis (3%) and the minor research covered only 1% for statistic. Beside that, the research studies used public datasets as 79% and private datasets as 21%. Eighteen different methods (algorithm) have been applied and proposed to detect intrusion. From the eighteen methods, six methods most applied in IDS, they are k Nearest Neighbor (k-NN) 7%, Random Forest (RF) 7%, Naive Bayes (NB) 15%, Decision Tree (DT) 17%, Neural Network (NN) 20% and Support Vector Machine (SVM) 34%. Furthermore, some researchers proposed some techniques and methods to improve the accuracy of machine learning classifier on IDS, like ensembling machine learning methods, using boosting algorithm and combined feature selection algorithm. Future work may ensemble classifier methods can tackle the classification problem and can improve accuracy in detecting intrusions.