Data Mining with Big Data in Intrusion Detection Systems: A Systematic Literature Review

TL;DR

This systematic literature review analyzes data mining techniques used in intrusion detection systems within big data environments, highlighting current methods, their advantages, disadvantages, and the challenges faced from 2013 to 2018.

Contribution

It provides a comprehensive overview of 17 data mining techniques and their application in IDS, offering insights into their effectiveness and limitations in big data security.

Findings

Identified 17 data mining techniques used in IDS.

Compared merits and disadvantages of current methods.

Highlighted challenges in deploying IDS in big data environments.

Abstract

Cloud computing has become a powerful and indispensable technology for complex, high performance and scalable computation. The exponential expansion in the deployment of cloud technology has produced a massive amount of data from a variety of applications, resources and platforms. In turn, the rapid rate and volume of data creation has begun to pose significant challenges for data management and security. The design and deployment of intrusion detection systems (IDS) in the big data setting has, therefore, become a topic of importance. In this paper, we conduct a systematic literature review (SLR) of data mining techniques (DMT) used in IDS-based solutions through the period 2013-2018. We employed criterion-based, purposive sampling identifying 32 articles, which constitute the primary source of the present survey. After a careful investigation of these articles, we identified 17 separate DMTs deployed in an IDS context. This paper also presents the merits and disadvantages of the various works of current research that implemented DMTs and distributed streaming frameworks (DSF) to detect and/or prevent malicious attacks in a big data environment.