Table 2 Summary of optimization techniques of different anomaly detection models using AI
Methods/references | Learning model | Security threat | Optimization method | Applied to IDS | Dataset of cyber attacks | Remarks |
|---|---|---|---|---|---|---|
SAAE-DNN (Tang et al. 2020) | Stacked autoencoder | DoS, Probe, R2L and U2R | Attention vectors | \(\checkmark\) | NSL-KDD | Limited to simulation |
Passban (Eskandari et al. 2020) | IF, LOF | Port scan, SYS flood, HTTP and SSH brute-force | \(\times\) | \(\times\) | \(\times\) | High CPU 47.17% |
VecQ (Gong et al. 2020) | DNN | \(\times\) | Quantization | \(\times\) | \(\times\) | Not applied for IDS |
Hybrid deep learning technique (Popoola et al. 2020) | LAE, BLSTM | Mirai, BASHLITE | \(\times\) | \(\times\) | N_BaIoT | High false alarm rate to correlate TCP and SCAN attacks |
PSO + DT, PSO_KNN (Ogundokun et al. 2021) | DT KNN | DoS, Probe, R2L and U2R | Particle swarm | \(\checkmark\) | KDDCUP99 | Limited to simulation |
AS-IDS (Otoum and Nayak 2021) | DNN | DoS, Probe, R2L and U2R | Q-Learning | \(\checkmark\) | NSL-KDD | Limited to simulation |
OPQ (Hu et al. 2021) | DNN | \(\times\) | Pruning quantization | \(\times\) | \(\times\) | Not applied for IDS |
HNADAM-SDG (Shyla et al. 2022) | Regression | DoS and information theft | Hyper parameters | \(\checkmark\) | UNSW-NB15 | Performance depend on hyperparameters and type of dataset |
Deep learning models (Saba et al. 2022) | CNN | DoS, DDoS, reconnaissance | \(\times\)  | \(\checkmark\) | NID and BoT-IoT | CNN is too complex for IoT devices |
Quantized autoencoder (QAE-u8, QAE-f16) | Autoencoder | DDoS and SSH brute-force | Pruning, clustering and quantization | \({\checkmark }\) | RT-IoT2022 | Proposed method |