Table 2.
Brief summaries of the reviewed papers.
| Authors | Year | Problem Domain | Dataset | Techniques | Results (Evaluation Metrics) |
|---|---|---|---|---|---|
| Churcher et al. [128] | 2021 | IDS | Bot-IoT | KNN, SVM, DT, NB, RF, LR, ANN | Binary class: Accuracy (RF-99%) Multi-class: Accuracy (KNN-99%) |
| Yang et al. [89] | 2021 | Malicious Traffic | CTU-13 | ResNet + DQN + DCGAN | Accuracy-99.94% |
| Tuor et al. [10] | 2021 | Insider Threat | CERT v6.2 | SVM, isolation forest, DNN, RNN | Recall (DNN, RNN, isolation forest-100%) |
| Marin et al. [62] | 2021 | Malware Attack | USTCTFC2016 | DeepMAL-using CNN layers | Accuracy (Rbot-99.9%, Neris-63.5%, Virut-54.7%) |
| Ahuja et al. [24] | 2021 | DDoS | Private Dataset | CNN, RNN, LSTM, CNN-LSTM, SVC-SOM, SAE-MLP | Accuracy (SAE-MLP-99.75%) |
| Yuan et al. [106] | 2021 | Malicious Traffic | Private Dataset | Neural Network, RNN | Accuracy (CapsNet, IndRNN = 99.78%) |
| Alshammari et al. [99] | 2021 | Malicious Traffic | ISOT CID | DT, KNN, RF, NB, SVM, NNet | Cross val: Accuracy (RF, DT, KNN-100%) Spit val: Accuracy (RF, DT-100%) |
| Mohammad and Alsmadi [145] | 2021 | IDS | NSL-KDD10 UCI benchmark datasets |
NB and C4.5 using HW | Reduced features give similar results Accuracy (C4.5-93.90%) |
| Qaddoura et al. [109] | 2021 | Common IoT attacks | IoT 20 | SLFN | SLFN + SVM-SMOTE: ratio-0.9, k value-3 for k-means++ |
| Qaddoura et al. [110] | 2021 | Common IoT attacks | IoT 20 | LSTM, SLFN | G-mean (LSTM + SLFN-78%) |
| Maniriho et al. [108] | 2021 | Common IoT attacks | IoT 20 | RF | DoS: Accuracy-99.95% MITM: Accuracy-99.9761% Scan: Accuracy-99.96% |
| Butnaru et al. [51] | 2021 | Phishing Attacks | Public Dataset from Kaggle & PhishTank | RF, MLP, SVM, NB, DT | Accuracy (RF-99.29%) |
| Lin et al. [50] | 2021 | Phishing Attacks | Private Dataset | Neural Network (Phishpedia) | Accuracy (Phishpedia-99.2%) |
| Rehman et al. [42] | 2021 | DDoS | CICDDoS2019 | GRU, RNN, NB, SMO | Accuracy (GRU-99.94%) |
| Wang et al. [96] | 2020 | Malicious Traffic | ISCX 2016 | NB | Accuracy (NB-90%) |
| Miller et al. [95] | 2020 | Malicious Traffic | Wireshark Network Captures | Neural Network | Accuracy (NNet-93.71%) |
| Thaseen et al. [127] | 2020 | IDS | Wireshark Network Captures | NB, SVM, RF, KNN | Accuracy (RF-99.81%) |
| Alam et al. [43] | 2020 | Phishing Attacks | Phishing dataset from Kaggle | RF, DT | Accuracy (RF-97%) |
| Barut et al. [60] | 2020 | Malware Traffic | Dataset from Stratosphere IPS, CICIDS2017 |
NB, C4.5, DT, RF, SVM, AdaBoost | Accuracy, DR (RF-99.996%), FAR (RF-2.97%) |
| Pande et al. [28] | 2020 | DDoS | NSL-KDD | RF, SVM, Clustering, Neural Networks | Accuracy (RF-99.76%) |
| Cui et al. [140] | 2020 | IDS | Network Captures | BC | TPR (BC-98.75%) |
| Alsubaie et al. [133] | 2020 | IDS | WSN-DS | J.48 form of DT, ANN | Accuracy (J.48-99.66%) |
| Dutta et al. [84] | 2020 | Malicious Traffic | IoT-23, LITNET-2020, and NetML-2020 | ensemble of DNN, LSTM, DSAE | Accuracy-99.7% |
| Al-Haija et al. [74] | 2020 | Common IoT attacks | NSL-KDD | CNN | Binary class: Accuracy-99.3% Multiclass: Accuracy-98.2% |
| Khan et al. [75] | 2020 | Common IoT attacks | NSL-KDD | ELM | Accuracy-93.91% |
| Elsayed et al. [21] | 2020 | DDoS | CICDDoS2019 | AE with RNN | Accuracy-99% |
| Yuan et al. [12] | 2020 | Insider Threat | CERT v4.2 | LSTM + CNN | AUC-0.9449 |
| Ahmed et al. [58] | 2020 | Zero-day attacks | CTU-13 | ANN | Accuracy (ANN-99.6%) |
| Doriguzzi-Corin et al. [23] | 2020 | DDoS | ISCX2012, CICIDS2017, CICIDS2018, UNB201X |
CNN | CSECIC2018: Accuracy-98.88% ISCX2012: Accuracy-99.87% CIC2017: Accuracy-99.67% UNB201X: Accuracy-99.46% |
| Yang et al. [82] | 2020 | Malicious Traffic | Network Captures | RNN | Accuracy (RNN-98%) |
| Ramos et al. [71] | 2020 | Botnet Attacks | ISOT-HTTP, CSE-CICIDS2018 | RF, DT, SVM, NB, KNN | CIC-IDS2018: Accuracy (RF, DT-99.99%) ISOT-HTTP: Accuracy (DT-99.90%) |
| Sethi et al. [101] | 2020 | Malicious Traffic | ISOT CID, NSL-KDD | DDQN | ISOT CID: Accuracy-96.87% NSL-KDD: Accuracy-83.40% |
| Singh et al. [111] | 2020 | Malicious DoH Traffic (at DNS level) | CIRA-CIC-DoHBrw-2020 | GB, NB, RF, KNN, LR | Accuracy (RF, GB-100%) |
| Mohammad et al. [35] | 2020 | DDoS | UNSW-NB15, UCI datasets | Improved Rule Induction (IRI) | F Score (IRI-93.90%) |
| Letteri et al. [70] | 2020 | Malware Attack | MTA KDD 19 | MLP using AE optimization or RRw optimization | Accuracy (MLP with RRw opt.-99.60%) |
| Rendall et al. [48] | 2020 | Phishing Attack | Private Dataset | SVM, NB, DT, MLP | Accuracy (MLP, DT-86%) |
| Kim et al. [41] | 2020 | DDoS | KDD-99, CICIDS2018 |
CNN, RNN | Accuracy (CNN-99% or more) |
| Alrashdi et al. [81] | 2019 | Common IoT attacks | UNSW-NB15 | RF | Accuracy (ML-99.34%) |
| Chawla et al. [146] | 2019 | IDS | ADFA | RNN, CNN | Time Taken (CNN-GRU 10× faster than LSTM) |
| Halimaa et al. [130] | 2019 | IDS | NSL-KDD | SVM, and NB. | Accuracy (SVM-93.95%) |
| Ongun et al. [98] | 2019 | Malicious Traffic | CTU-13 | LR, RF, and GB | AUC (RF-99%) |
| De Lucia et al. [91] | 2019 | Malicious Traffic | Datasets from Stratosphereips.org | SVM and CNN | F-Score (SVM-0.9997) |
| Filho et al. [32] | 2019 | DDoS | CICDoS2017, CICIDS2017, CICIDS2018 |
RF, LR, AdaBoost, Stochastic Gradient Descent, DT, and Perceptron | Accuracy (RF-96%) |
| Radivilova et al. [30] | 2019 | DDoS | SNMP-MIB | RF | Accuracy (RF-0.9) |
| Zhang et al. [116] | 2019 | IDS | NSL-KDD | AE | F-Score-76.47% Recall-79.47% |
| Vijayanand et al. [34] | 2019 | DDoS | CICIDS2017 | SVM, Multi-Layer Deep Networks | Accuracy (MLDN-99.99%) |
| Hu et al. [14] | 2019 | Insider Threat | Private Dataset | CNN | FAR-2.94% FRR-2.28% |
| Ullah et al. [76] | 2019 | Common IoT attacks | Private Dataset | CNN | Accuracy (CNN-97.46%) |
| Baek et al. [18] | 2019 | DDoS | Private Dataset | MLP | Accuracy (MLP-50%) |
| Shi et al. [26] | 2019 | DDoS | CICIDS2017 | LSTM | Accuracy (LSTM-99%) |
| Sabeel et al. [20] | 2019 | DDoS | CICIDS2017 | DNN, LSTM | TPR (DNN-99.8%) TPR (LSTM-99.9%) |
| Wu et al. [117] | 2019 | IDS | UNSW-NB15, NSL-KDD | CNN, RNN | Binary Class: Accuracy-99.24% Multiclass: Accuracy-99.05% |
| Tama et al. [148] | 2019 | IDS | NSL-KDD, UNSW-NB15 | rotation forest + bagging | UNSW-NB15: Accuracy-91.27% NSL-KDD: Accuracy-85.8% |
| Rao et al. [54] | 2019 | Phishing Attacks | Private Dataset | LSTM + SVM | Accuracy (LSTM + SVM-97.3%) |
| Min et al. [149] | 2018 | IDS | ISCX2012 | RF, SVM, NN, CNN | Accuracy (RF-99.13%) |
| Pektas et al. [73] | 2018 | Botnet Attacks | ISOT HTTP, CTU-13 | MLP + LSTM | ISOT: F score-98.8% CTU: F score-99.1% |
| Ahmad et al. [135] | 2018 | IDS | NSL-KDD | SVM, RF, ELM | Accuracy (ELM-99.5%) |
| Shafiq et al. [94] | 2018 | Malicious Traffic | HIT Trace 1 captures NIMS dataset |
BayesNet, NB, AdaBoost, Bagging, PART, C4.5, RF, Random Tree, Sequential Minimal Optimization, oneR, Hoeffding | HIT: Accuracy (PART-97.88%) NIMS: Accuracy (RF-100%) |
| Park et al. [64] | 2018 | Malware Traffic | Kyoto 2006+ | RF | F-Score (RF-99%) |
| Chou et al. [83] | 2018 | Malicious Traffic | NSL-KDD | NNET | Accuracy (NNet-97.65%) |
| Nguyen et al. [147] | 2018 | IDS | UNSW-NB15, KDD-99, NSL-KDD | NNET | Accuracy (KDD-99-97.11%) |
| Al-Qatf et al. [114] | 2018 | IDS | NSL-KDD | SVM, STL | Binary: (Accuracy-84.96%) Multiclass (Accuracy-80.48%) |
| Millar et al. [88] | 2018 | Malicious Traffic | UNSW-NB15 | NNET | F-Score (Flow image-94.2%) |
| Wu et al. [67] | 2018 | Malware Traffic | EMBER | DQN, SARSA, Double DQN | Accuracy (DQN-93.5%) |
| Li et al. [49] | 2018 | Phishing Attacks | 50K-PD, 50K-IPD | GBDT + XGBoost + LightGBM | 50K-PD: Accuracy-97.3% 50K-IPD: Accuracy-98.6% |
| Vanhoenshoven et al. [104] | 2017 | Malicious Traffic | Malicious URLs | KNN, RF, SVM, DT, NB, MLP | Accuracy (RF-97%) |
| Kumar et al. [141] | 2017 | IDS | Wireshark Network Captures | ensemble of RF, PART and JRIP | Accuracy-98.2% |
| Anderson et al. [151] | 2017 | Malware Traffic | Captured TLS encrypted sessions | Linear Regression, l1/l2-LR, DT, RF ensemble, SVM, MLP | Accuracy (LR-99.92%) |
| Almseidin et al. [125] | 2017 | IDS | KDD-99 | J.48, RF, Random Tree, Decision Table, NB, Bayes Network, MLP | Accuracy (RF-93.77%) |
| Ghanem et al. [131] | 2017 | IDS | Five datasets gathered from an IEEE 802.11 and a private dataset | SVM | DR, OSR (on all datasets-100%) |
| Xu et al. [90] | 2017 | Malicious Traffic | Network Capture | RF, LR | Kernet: DR(RF-100%) User-level: DR(RF-99%) |
| Tama et al. [78] | 2017 | Common IoT attacks | CIDDS-001, UNSW-NB15, GPRS-WEP, GPRS-WPA2 | DNN | CIDDS-001: Accuracy-94.17% UNSW-NB15: Accuracy-99.99% GPRS-WEP: Accuracy-82.89% GPRS-WPA2: Accuracy-94% |
| Yuan et al. [16] | 2017 | DDoS | ISCX 2012 | RNN | Error Rate (RNN-2.103%) |
| Amira et al. [136] | 2017 | IDS | NSL-KDD | NB, DT, NBTree, BFTree, J.48, RFT, MLP | Accuracy (MLP-98.54%) |
| Niyaz et al. [27] | 2017 | DDoS | Network Capture | SAE | Accuracy (SAE-95.65%) |
| Belavagi et al. [124] | 2016 | IDS | NSL-KDD | LR, SVM, NB, RF | Accuracy-(RF-99%) |
| Mehmood et al. [132] | 2016 | IDS | KDD-99 | SVM, NB, J.48, Decision Table | Accuracy (J.48-–99%) |
| Alrawashdeh et al. [122] | 2016 | IDS | KDD-99 | RBM, DBN, DBN + LR | Accuracy (DBN + LR-97.9%) |
| Robinson et al. [38] | 2016 | DDoS | CAIDA conficker, CAIDA DoS, KDD-99 | NB, RF, MLP, voting, BayesNet, IBK, J.48 | Accuracy (RF-100%) |
| Thabtah et al. [47] | 2016 | Phishing | Datasets from UCI | NNet | Accuracy-93.06% |
| Tahir et al. [142] | 2015 | IDS | NSL-KDD | hybrid of K-means Clustering and SVM | DR-96.26% |
| Choudhury et al. [126] | 2015 | IDS | NSL-KDD | BayesNet, LR, IBK, J.48, PART, JRip, Random Tree, RF, REPTree, boosting, bagging, and blending | Accuracy (RF-91.523%) |
| Niyaz et al. [115] | 2015 | IDS | NSL-KDD | STL with AE | Accuracy (STL-98%) |
| David et al. [66] | 2015 | Malware Attacks | Private Dataset | DBN | Accuracy (DBN-98.6%) |
| Barati et al. [40] | 2015 | DDoS | CAIDA USCD 2007 | GA + MLP | AUC-0.9991 |
| Abuadlla et al. [121] | 2014 | IDS | Network Capture | NNET, RBFN | Accuracy-99.4% |
| Xie et al. [102] | 2014 | Malicious Traffic | ADFA | SVM | Accuracy (70%), FPR (20% when k = 5) |
| Mohammad et al. [44] | 2014 | Phishing Attacks | Private Dataset | ANN | Accuracy (testing set-92.18%) |
| Beaver et al. [57] | 2013 | Zero-day Attacks | KDD-99 | AdaBoost | Accuracy (AdaBoost-94%) |
| Devikrishna et al. [120] | 2013 | IDS | KDD-99 | ANN | Successfully detected and classified attacks |
| Lehnert et al. [144] | 2012 | IDS | KDD-99 | SVM, Clustering, NNET | Error Rate (SVM-2.79%) |
| Sharma et al. [143] | 2012 | IDS | KDD-99 | K-means clustering via NB | DR-99% |
| Gogoi et al. [137] | 2012 | IDS | TUIDS, NSL-KDD, KDD-99 | Clustering | TUIDS Packet level: accuracy = 99.42%. KDD: accuracy = 92.39%. NSL-KDD: accuracy = 98.34% |
| Hasan et al. [118] | 2012 | IDS | DARPA 1998 | NNET | Accuracy (NNet-92%) |
| Wattanapongsakorn et al. [139] | 2011 | IDS | Network Capture | DT, Bayesian, Ripple Rule Back Propagation Neural Network | DR (DT-95.5%) |
| Al-Janabi et al. [123] | 2011 | IDS | KDD-99 | ANN | DR (ANN-91%) |
| Sun et al. [87] | 2010 | Malicious Traffic | Network Capture | SVM, RBFNN, PNN | Accuracy (PNN-88.18%) |