Table 1. Critical analysis of IDS methods in relevant literature.
| Authors | Dataset | Data pre-processing | Features selection method | Classifier | Classification | No of features used | Evaluation metrics | Limitation |
|---|---|---|---|---|---|---|---|---|
| Roy et al. (2022) | CICIDS2017, NSL-KDD | Dimensions reduction | – | B-Stacking ensemble | Multi-class | 28 | Accuracy 98.5% | Low performance on U2R and R2L classes. |
| de Souza, Westphall & Machado (2022) | BoT-IoT, NSL-KDD, IoTID20, CICIDS2018 | Standard scaling, SMOTE | Extra tree | Ensemble of ET, RF and DNN | Multi-class | 20 | Accuracy 99.81%, Precision 99.81% | Low performance on U2R and R2L, Fewer IoT related attacks |
| Zhang et al. (2022) | NSL-KDD, KDD99, CICIDS2017 | MinMax normalization | CNN | CNN based RANet | Multi-class | 41 and 122 | Accuracy 83.23% | Poor performance on infrequent attack types |
| Rashid et al. (2022) | NSL-KDD, UNSW-NB15 | MinMax normalization | k-best model | Ensemble of RF, XGBoost and DT | Binary | 20 | Accuracy 99% | No information about attack classes |
| Dora & Lakshmi (2022) | NSL-KDD, DARPA1998, DDoS-1.0, KDD99 | Correlation minimization | CP-GWO (Closest Position) | CNN + LSTM | Binary | 5 | Accuracy 96.37%, Precision 97.44%, Recall 98.78% | Specifically designed for DDoS detection |
| Nasir et al. (2022) | NSL-KDD | Data normalization | Spider monkey (SM), PCA, IG | Deep neural network | Binary | 14 | Accuracy 99.23%, Precision 99.30%, Recall 99.24%, F1-Score 99.27% | No information about types of attacks |
| Otair et al. (2022) | NSL-KDD | Data normalization | GWO + PSO | Ensemble of KNN + SVM | Binary | 20 | Accuracy 98.97%, Detection Rate 98.57% | Can only distinguish between attack and benign traffic. |
| Chen, Fu & Zheng (2022) | KDD99, CICIDS2017 | Data normalization | Deep belief network | LSTM | Multi-class | – | Accuracy 94.25% | Low performance on U2R and R2L classes |
| Saeed (2022) | NSL-KDD, KDD CUP 99 | – | Minimum redundancy—Maximum relevance MRMR | KNN + Naïve Bayes | Binary | 16 | Accuracy 99%, Precision 99.7%, Recall 99.75% | Neglects additional attack information |
| Injadat et al. (2020) | CICIDS2017, UNSW-NB15 | Z-Score normalization, SMOTE | Information Gain, PSO, GA | KNN + RF | Multi-class | 31 and 41 | Accuracy 99%, Precision 98%, Recall 99% | Complex module-based architecture |
| Gu & Lu (2021) | UNSW-ND15, CICIDS2017, NSL-KDD, Kyoto 2006+ | Naïve Bayes feature embeddings | – | SVM | Binary | – | Accuracy 99.35%, Detection Rate 99.25% | Use a part of data instead of whole dataset, only consider binary classification problem |
| Abdel-Basset et al. (2021) | CICIDS2017, CICIDS2018 | Redundant feature elimination, Data normalization | Traffic Attention | Modified residual network | Multi-class | – | Accuracy 99.6%, Precision 92.31%, Recall 96.29% | Additional computational cost due to DL |
| Zhao et al. (2021) | KDD99, UNSW-NB15 | Data normalization, PCA | CNN | CNN + Dynamic autoencoder | Binary | – | Accuracy 93.1%, Precision 99.8%, Recall 91.6% (on KDD99) | Focus on lightweight model development and classification performance is very low. |
| Xu et al. (2021) | NSL-KDD and UNSW | Outlier analysis, Data normalization | – | Autoencoder | Binary | 122 | Accuracy 90.61%, Precision 86.83%, Recall 98.34%, F1-Score 92.26% | Cannot differentiate subclasses of the attack types |
| Kim et al. (2020) | KDD99, CICIDS2018 | – | CNN | Fully connected network | Binary | – | Accuracy 99.9%, Recall 100%, Precision 99.9% (KDD99) | Costly convolution operation + Special system for DDoS detection |
| Xu et al. (2020) | NSL-KDD | Data balancing using log-cosh function | CNN | Conditional variational autoencoder | Binary | – | Accuracy 85.51%, Precision 97.62%, Recall 68.90% | Expensive DL method + no information about attack classifications |
Note:
AWID, Aegean Wi-Fi Intrusion Dataset; MLP, Multi-Layer Perceptron; UNSW-NB15, University of New South Wales; SVM, Support Vector Machine; KDD, Knowledge Discovery in Databases; HFSA, Hybrid Feature Selection Algorithm; SDN, Software Defined Networking; KNN, k-Nearest Neighbors; PCA, Principal Components Analysis; CIC, Canadian Institute for Cybersecurity; LSTM, Long Short-Term Memory; CNN, Convolutional Neural Network; SMOTE, Synthetic Minority Oversampling Technique; GWO, Grey Wolf Optimizer; PSO, Particle Swarm Optimization.