An overview of flow-based anomaly detection

被引:9
作者
Sharma, Rohini [1 ]
Guleria, Ajay [2 ]
Singla, R. K. [1 ]
机构
[1] Panjab Univ, Dept Comp Sci & Applicat, Chandigarh, India
[2] Panjab Univ, Comp Ctr, Chandigarh, India
关键词
network flows; anomaly detection; security; privacy; flow-based dataset; statistical techniques; machine learning; clustering; frequent pattern mining; software agents;
D O I
10.1504/IJCNDS.2018.10014505
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Intrusions in computer networks are handled using misuse or anomaly-based solutions. Deep packet inspection is generally incorporated in solutions for better detection and mitigation but with the growth of networks at exponential speed, it has become an expensive solution and makes real-time detection difficult. In this paper, network flows-based anomaly detection techniques are reviewed. The review starts with motivation behind using network flows and justifies why flow-based anomaly detection is the need of the hour. Flow-based datasets are also investigated and reviewed. The main focus is on techniques and methodologies used by researchers for anomaly detection in computer networks. The techniques reviewed are categorised into five classes: statistical, machine learning, clustering, frequent pattern mining and agent-based. At the end the core research problems and open challenges are discussed.
引用
收藏
页码:220 / 240
页数:21
相关论文
共 62 条
[1]   Flow-Based Anomaly Intrusion Detection System Using Two Neural Network Stages [J].
Abuadlla, Yousef ;
Kvascev, Goran ;
Gajin, Slavko ;
Jovanovic, Zoran .
COMPUTER SCIENCE AND INFORMATION SYSTEMS, 2014, 11 (02) :601-622
[2]   A new adaptive intrusion detection system based on the intersection of two different classifiers [J].
Ahmim, A. ;
Ghoualmi-Zine, N. .
International Journal of Security and Networks, 2014, 9 (03) :125-132
[3]   A new hierarchical intrusion detection system based on a binary tree of classifiers [J].
Ahmim, Ahmed ;
Zine, Nacira Ghoualmi .
INFORMATION AND COMPUTER SECURITY, 2015, 23 (01) :31-57
[4]  
Allan A., 2002, ENTERASYS NETWORKS D
[5]  
Anderson JP, 1980, TECHNICAL REPORT
[6]  
[Anonymous], 2007, SNORT IDS IPS TOOLKI
[7]   On the TCP Flow Inter-arrival Times Distribution [J].
Arshadi, Laleh ;
Jahangir, Amir Hossein .
UKSIM FIFTH EUROPEAN MODELLING SYMPOSIUM ON COMPUTER MODELLING AND SIMULATION (EMS 2011), 2011, :360-365
[8]  
Bhuyan Monowar H., 2012, International Journal of Network Security, V14, P339
[9]  
Bhuyan M. H., 2011, P INT C COMM COMP SE, P531
[10]   E-LDAT: a lightweight system for DDoS flooding attack detection and IP traceback using extended entropy metric [J].
Bhuyan, Monowar H. ;
Bhattacharyya, D. K. ;
Kalita, J. K. .
SECURITY AND COMMUNICATION NETWORKS, 2016, 9 (16) :3251-3270