Intrusion Detection Systems using Supervised Machine Learning Techniques: A survey

Abstract

This study examines intrusion detection from the standpoint of supervised machine learning, with the objective of organizing existing research into a comprehensive taxonomy that links intrusion detection systems with supervised learning techniques. To achieve this, the paper presents an in-depth discussion of the fundamental perceptions of intrusion detection systems, normally used supervised machine learning algorithms, and various categories of cybersecurity attacks. Subsequently, prior research efforts that apply supervised learning methodologies to intrusion detection are systematically reviewed and analyzed. Based on this review, a taxonomy is developed to organise and compare remaining approaches. The findings derived from this taxonomy indicate that supervised learning models demonstrate strong and encouraging classification performance when estimated on four widely used intrusion detection datasets: KDD’99, NSL-KDD, CICIDS2017, and UNSW-NB15. Additionally, the study highlights the critical role of feature selection, which is often necessary to improve detection accuracy and reduce computational complexity. Data imbalance is also identified as a significant challenge in intrusion detection datasets, and the use of appropriate sampling techniques is shown to effectively mitigate this issue. Finally, the analysis suggests that for achieving optimal performance on important intrusion detection datasets, deep learning-based supervised methods are particularly well suited.