Review of Incremental and Online Learning Methods for Network Anomaly Detection

The internet has emerged as one of the rapidly growing and transformative technologies over the past two decades. Due to the widespread availability of advanced network technologies, there is a serious concern about rise in threat in information and communication technology. The intrusion detection system (IDS) automates the monitoring process in computer networks and analyse the network packets and logs. Due to the static behavior of traditional data packets; the performance of the detection model reduces significantly. The intrusion detection system (IDS) automates the monitoring process in computer networks and analyse the network packets and logs. IDS should be updated timely in order to avoid the system degradation gradually. In order to adapt the model continually, incremental learning mechanism comes into picture in order to analyse network streams in real time. Incremental learning is a continuous or adaptive learning which emphasize on how a model acquire and fine-tune its knowledge. In this paper, various incremental approaches employed for detection of network anomalies are critically analysed in order to provide gist of how these techniques have influence the detection model while mitigating the effects of concept drift, noisy data, stability-plasticity dilemma, and complexity of the adaptive model. Various incremental learning classifiers along with challenges faced by incremental and online learning have also been discussed. In addition, this paper also focusses on study of anomaly detection techniques in high dimensionality and big data; that presents the comparative analysis of existing approaches to address some of the challenges of high dimensionality in large scale networks.