Journal of Computer Networks
ISSN (Print): 2372-4749 ISSN (Online): 2372-4757 Website: Editor-in-chief: Sergii Kavun, Naima kaabouch
Open Access
Journal Browser
Journal of Computer Networks. 2017, 4(1), 48-55
DOI: 10.12691/jcn-4-1-5
Open AccessReview Article

Big Data in Intrusion Detection Systems and Intrusion Prevention Systems

Lidong Wang1,

1Department of Engineering Technology, Mississippi Valley State University, Itta Bena, MS, USA

Pub. Date: August 19, 2017

Cite this paper:
Lidong Wang. Big Data in Intrusion Detection Systems and Intrusion Prevention Systems. Journal of Computer Networks. 2017; 4(1):48-55. doi: 10.12691/jcn-4-1-5


This paper introduces network attacks, intrusion detection systems, intrusion prevention systems, and intrusion detection methods including signature-based detection and anomaly-based detection. Intrusion detection/prevention system (ID/PS) methods are compared. Some data mining and machine learning methods and their applications in intrusion detection are introduced. Big data in intrusion detection systems and Big Data analytics for huge volume of data, heterogeneous features, and real-time stream processing are presented. Challenges of intrusion detection systems and challenges posed by stream processing of big data in the systems are also discussed.

big data intrusion detection system (IDS) intrusion prevention system (IPS) signature-based detection anomaly-based detection data mining machine learning network security

Creative CommonsThis work is licensed under a Creative Commons Attribution 4.0 International License. To view a copy of this license, visit


[1]  Choras M., Kozik R., Bruna MPT. Yautsiukhin A, Churchill A, Maciejewska I, & Jomni A. Comprehensive approach to increase cyber security and resilience. In Availability, Reliability and Security (ARES) 2015, 10th International Conference on (pp. 686-692). IEEE.
[2]  Faisal MA, Aung Z, Williams JR, Sanchez A. Securing advanced metering infrastructure using intrusion detection system with data stream mining. In Pacific-Asia Workshop on Intelligence and Security Informatics 2012 May 29 (pp. 96-111). Springer Berlin Heidelberg.
[3]  Scarfone K, Mell P. Guide to intrusion detection and prevention systems (idps). NIST special publication, 2007, 800(2007): 94.
[4]  Zuech R, Khoshgoftaar TM, Wald R. Intrusion detection and big heterogeneous data: a survey. Journal of Big Data. 2015, Feb 27; 2(1): 3.
[5]  Marchal S, Jiang X, State R, Engel T. A big data architecture for large scale security monitoring. InBig data (BigData Congress), 2014 IEEE international congress on 2014 Jun 27: 56-63. IEEE.
[6]  Kizza JM. Guide to computer network security. Springer; 2009.
[7]  Kukielka P, Kotulski Z. Analysis of different architectures of neural networks for application in intrusion detection systems. InComputer Science and Information Technology, 2008. IMCSIT 2008. International Multiconference on 2008 Oct 20: 807-811.. IEEE.
[8]  Anuar NB, Sallehudin H, Gani A, Zakari O. Identifying false alarm for network intrusion detection system using hybrid data mining and decision tree. Malaysian journal of computer science. 2008; 21(2):101-15.
[9]  Cárdenas AA, Manadhata PK, Rajan S. Big data analytics for security intelligence. University of Texas at Dallas@ Cloud Security Alliance. 2013 Sep.
[10]  Guillen E, Sánchez J, Paez R. Inefficiency of IDS static anomaly detectors in real-world networks. Future Internet. 2015 May 6; 7(2): 94-109.
[11]  Virvilis N, Serrano O. Big Data Analytics for Sophisticated Attack Detection, ISACA Journal, 2014, Volume 3, 1-8.
[12]  Vasiliadis G, Antonatos S, Polychronakis M, et al. Gnort: High performance network intrusion detection using graphics processors[C]//Recent Advances in Intrusion Detection. Springer Berlin/Heidelberg, 2008: 116-134.
[13]  Raiyn J. A survey of cyber attack detection strategies. International Journal of Security and Its Applications. 2014; 8(1):247-56.
[14]  Cisco, Implementing Secure Converged Wide Area Networks (ISCW), Module 6: Cisco IOS Threat Defense Features, 2016.
[15]  Zhang L, White G B. An approach to detect executable content for anomaly based network intrusion detection//Parallel and Distributed Processing Symposium, 2007. IPDPS 2007. IEEE International. IEEE, 2007: 1-8.
[16]  Singh J, Nene MJ. A survey on machine learning techniques for intrusion detection systems. International Journal of Advanced Research in Computer and Communication Engineering. 2013, Nov; 2(11): 4349-55.
[17]  Lu LF, Huang ZH, Ambusaidi MA, Gou KX. A large-scale network data analysis via sparse and low rank reconstruction. Discrete Dynamics in Nature and Society. 2014, May 26; 2014.
[18]  Rothman M., Network-based Threat Detection, Technical Report, Securosis, LLC, June 19, 2015, 1-24.
[19]  Mai J, Chuah CN, Sridharan A, Ye T, Zang H. Is sampled data sufficient for anomaly detection?. InProceedings of the 6th ACM SIGCOMM conference on Internet measurement 2006 Oct 25, 165-176. ACM.
[20]  Oseku-Afful T. The use of Big Data Analytics to protect Critical Information Infrastructures from Cyber-attacks, 2016, 1-64.
[21]  Chandola V, Banerjee A, Kumar V. Anomaly detection: A survey. ACM computing surveys (CSUR). 2009 Jul 1; 41(3): 15.
[22]  Kicanaoglu B. Unsupervised Anomaly Detection in Unstructured Log-Data for Root-Cause-Analysis, Master's Thesis, Computing and Electrical Engineering, Tampere University of Technology, on 4 March 2015.
[23]  Manandhar P, Aung Z. Intrusion Detection Based on Outlier Detection Method. ICIDIT ‘2014), April. 2014: 21-2.
[24]  Patel A, Taghavi M, Bakhtiyari K, JúNior JC. An intrusion detection and prevention system in cloud computing: A systematic review. Journal of network and computer applications. 2013 Jan 31; 36(1): 25-41.
[25]  Tyler G. Information Assurance Tools Report Intrusion Detection Systems. Information Assurance Technology Analysis Center (IATAC), 2009.
[26]  Stouten F. Big data analytics attack detection for Critical Information Infrastructure Protection. Thesis, Department of Computer Science, Electrical and Space Engineering, dissertation, Luleå University of Technology, 2016.
[27]  Han J, Pei J, Kamber M. Data mining: concepts and techniques. Elsevier; 2011, Jun 9.
[28]  De Sanctis M, Bisio I, Araniti G. Data mining algorithms for communication networks control: concepts, survey and guidelines. IEEE Network. 2016, Jan; 30(1):24-9.
[29]  Kumar GR, Mangathayaru N, Narsimha G. Intrusion Detection-A Text Mining Based Approach. International Journal of Computer Science and Information Security. 2016, Feb 1; 14: 76.
[30]  Nieves JF, Jiao YC. Data clustering for anomaly detection in network intrusion detection. Research Alliance in Math and Science. 2009, Aug 14: 1-2.
[31]  Sharma S and Gupta RK, Intrusion Detection System: A Review, International Journal of Security and Its Applications, 2015, Vol. 9, No. 5, 9-76.
[32]  Peddabachigari S, Abraham A, Grosan C, Thomas J. Modeling intrusion detection system using hybrid intelligent systems. Journal of network and computer applications. 2007, Jan 31; 30(1):114-32.
[33]  Shackleford, D. Using Analytics to Predict Future Attacks and Breaches. [online] SANS Institute, 2016. Available at: [Accessed 28 May 2016].
[34]  NESSI, Big Data: A New World of Opportunities, NESSI White Paper, December 2012, 1-25.
[35]  Bhattacharya D, Mitra M. Analytics on big fast data using real time stream data processing architecture. EMC Corporation; 2013.
[36]  Lopez M A, Lobato A G P, Duarte O C M B. A performance comparison of Open-Source stream processing platforms[C]//Global Communications Conference (GLOBECOM), 2016 IEEE. IEEE, 2016: 1-6.