Open Access
Data preprocessing for anomaly based network intrusion detection : a review
Jonathan J. Davis,Andrew Clark +1 more
- 25 May 2011
257
TL;DR: The review finds that many NIDS limit their view of network traffic to the TCP/IP packet headers, and shows a trend toward deeper packet inspection to construct more relevant features through targeted content parsing.
read more
Abstract: Data preprocessing is widely recognized as an important stage in anomaly detection. This paper reviews the data preprocessing techniques used by anomaly-based network intrusion detection systems (NIDS), concentrating on which aspects of the network traffic are analyzed, and what feature construction and selection methods have been used. Motivation for the paper comes from the large impact data preprocessing has on the accuracy and capability of anomaly-based NIDS. The review finds that many NIDS limit their view of network traffic to the TCP/IP packet headers. Time-based statistics can be derived from these headers to detect network scans, network worm behavior, and denial of service attacks. A number of other NIDS perform deeper inspection of request packets to detect attacks against network services and network applications. More recent approaches analyze full service responses to detect attacks targeting clients. The review covers a wide range of NIDS, highlighting which classes of attack are detectable by each of these approaches.
Data preprocessing is found to predominantly rely on expert domain knowledge for identifying the most relevant parts of network traffic and for constructing the initial candidate set of traffic features. On the other hand, automated methods have been widely used for feature extraction to reduce data dimensionality, and feature selection to find the most relevant subset of features from this candidate set. The review shows a trend toward deeper packet inspection to construct more relevant features through targeted content parsing. These context sensitive features are required to detect current attacks.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
An empirical comparison of botnet detection methods
TL;DR: It is concluded that comparing methods indeed helps to better estimate how good the methods are, to improve the algorithms, to build better datasets and to build a comparison methodology.
907
Intrusion detection systems for IoT-based smart environments: a survey
Mohamed Faisal Elrawy,Ali Ismail Awad,Hesham F. A. Hamed +2 more
- 01 Dec 2018
TL;DR: A comprehensive survey of the latest IDSs designed for the IoT model, with a focus on the corresponding methods, features, and mechanisms, and deep insight into the IoT architecture, emerging security vulnerabilities, and their relation to the layers of the IoT Architecture is provided.
Towards the Deployment of Machine Learning Solutions in Network Traffic Classification: A Systematic Survey
TL;DR: A systematic review is introduced based on the steps to achieve traffic classification by using ML techniques to identify the procedures followed by the existing works to achieve their goals and to outline future directions for ML-based traffic classification.
•Posted Content
IDSGAN: Generative Adversarial Networks for Attack Generation against Intrusion Detection
Zilong Lin,Yong Shi,Zhi Xue +2 more
TL;DR: A framework of the generative adversarial networks, IDSGAN, is proposed to generate the adversarial attacks, which can deceive and evade the intrusion detection system.
Unsupervised Clustering Approach for Network Anomaly Detection
Iwan Syarif,Adam Prügel-Bennett,Gary Wills +2 more
- 24 Apr 2012
TL;DR: The experiment shows that misuse detection techniques failed to detect network traffic, which contained a large number of unknown intrusions, and the anomaly detection module showed promising results where the distance-based outlier detection algorithm outperformed other algorithms with an accuracy of 80.15%.
References
Anomaly detection: A survey
TL;DR: This survey tries to provide a structured and comprehensive overview of the research on anomaly detection by grouping existing techniques into different categories based on the underlying approach adopted by each technique.
•Proceedings Article
Snort - Lightweight Intrusion Detection for Networks
Martin Roesch
- 12 Nov 1999
TL;DR: Snort provides a layer of defense which monitors network traffic for predefined suspicious activity or patterns, and alert system administrators when potential hostile traffic is detected.
Anomaly-based network intrusion detection: Techniques, systems and challenges
TL;DR: The main challenges to be dealt with for the wide scale deployment of anomaly-based intrusion detectors, with special emphasis on assessment issues are outlined.
2K
Data fusion
Jens Bleiholder,Felix Naumann +1 more
TL;DR: This article places data fusion into the greater context of data integration, precisely defines the goals of data fusion, namely, complete, concise, and consistent data, and highlights the challenges of data Fusion.
1.9K
An overview of anomaly detection techniques: Existing solutions and latest technological trends
Animesh Patcha,Jung-Min Park +1 more
TL;DR: This paper provides a comprehensive survey of anomaly detection systems and hybrid intrusion detection systems of the recent past and present and discusses recent technological trends in anomaly detection and identifies open problems and challenges in this area.
1.7K