A holistic review of Network Anomaly Detection Systems: A comprehensive survey
Tóm tắt
Từ khóa
Tài liệu tham khảo
Abolhasanzadeh, 2015, Nonlinear dimensionality reduction for intrusion detection using auto-encoder bottleneck features, 1
Aburomman, 2016, A novel svm-knn-pso ensemble method for intrusion detection system, Appl. Soft Comput., 38, 360, 10.1016/j.asoc.2015.10.011
Aburomman, 2017, A survey of intrusion detection systems based on ensemble and hybrid classifiers, Comput. Secur., 65, 135, 10.1016/j.cose.2016.11.004
Ahmed, 2016, A survey of network anomaly detection techniques, J. Netw. Comput. Appl., 60, 19, 10.1016/j.jnca.2015.11.016
Alom, 2015, Intrusion detection using deep belief networks, 339
Altwaijry, 2013, Bayesian based intrusion detection system, 29
Ambusaidi, 2016, Building an intrusion detection system using a filter-based feature selection algorithm, IEEE Trans. Comput., 65, 2986, 10.1109/TC.2016.2519914
Anwar, 2017, From intrusion detection to an intrusion response system: fundamentals, requirements, and future directions, Algorithms, 10, 39, 10.3390/a10020039
Araya, 2017, An ensemble learning framework for anomaly detection in building energy consumption, Energy Build., 144, 191, 10.1016/j.enbuild.2017.02.058
Baba, 2002, Tracing network attacks to their sources, IEEE Internet Comput., 6, 20, 10.1109/4236.991439
Bamakan, 2017, Ramp loss k-support vector classification-regression; a robust and sparse multi-class approach to the intrusion detection problem, Knowl. Base Syst., 126, 113, 10.1016/j.knosys.2017.03.012
Bar-Yanai, 2010, Realtime classification for encrypted traffic, 373
Benkhelifa, 2018, A critical review of practices and challenges in intrusion detection systems for iot: towards universal and resilient systems, IEEE Commun. Surv. Tutorials, 1
Bhuyan, 2011, Nado: network anomaly detection using outlier approach, 531
Bhuyan, 2012, An effective unsupervised network anomaly detection method, 533
Bhuyan, 2014, Network anomaly detection: methods, systems and tools, IEEE Commun. Surv. Tutorials, 16, 303, 10.1109/SURV.2013.052213.00046
Bhuyan, 2015, Towards generating real-life datasets for network intrusion detection, IJ Netw. Security, 17, 683
Bhuyan, 2017, Network traffic anomaly detection techniques and systems, 115
Boser, 1992, A training algorithm for optimal margin classifiers, 144
Breitenstein, 2009, Robust tracking-by-detection using a detector confidence particle filter, 1515
Buczak, 2016, A survey of data mining and machine learning methods for cyber security intrusion detection, IEEE Commun. Surv. Tutorials, 18, 1153, 10.1109/COMST.2015.2494502
Caudle, 2015, Using density estimation to detect computer intrusions, 43
Chadha, 2015, Hybrid genetic fuzzy rule based inference engine to detect intrusion in networks, 185
Chen, 2006, Survey and taxonomy of feature selection algorithms in intrusion detection system, 153
Colom, 2018, Scheduling framework for distributed intrusion detection systems over heterogeneous network architectures, J. Netw. Comput. Appl., 108, 76, 10.1016/j.jnca.2018.02.004
Corona, 2013, Adversarial attacks against intrusion detection systems: taxonomy, solutions and open issues, Inf. Sci., 239, 201, 10.1016/j.ins.2013.03.022
Costa, 2015, A nature-inspired approach to speed up optimum-path forest clustering and its application to intrusion detection in computer networks, Inf. Sci., 294, 95, 10.1016/j.ins.2014.09.025
Creech, 2014
Creech, 2014, A semantic approach to host-based intrusion detection systems using contiguous and discontiguous system call patterns, IEEE Trans. Comput., 63, 807, 10.1109/TC.2013.13
De la Hoz, 2015, Pca filtering and probabilistic som for network intrusion detection, Neurocomputing, 164, 71, 10.1016/j.neucom.2014.09.083
Dua, 2016, vol. 1
Dubey, 2015, Kbb: a hybrid method for intrusion detection, 1
Duffield, N., Haffner, P., Krishnamurthy, B., Ringberg, H.A., Systems and Methods for Rule-based Anomaly Detection on Ip Network Flow, uS Patent 9,680,877 (Jun. 13 2017).
Esmalifalak, 2011, Stealth false data injection using independent component analysis in smart grid, 244
Fan, 2011, Unsupervised anomaly intrusion detection via localized bayesian feature selection, 1032
Figlin, I., Zavalkovsky, A., Arzi, L., Hudis, E., LeMond, J.R., Fitzgerald, R.E., Ahmed, K.E., Williams, J.S., Hardy, E.W., Network Intrusion Detection with Distributed Correlation, uS Patent 9,560,068 (Jan. 31 2017).
Fink, 2001, A metrics-based approach to intrusion detection system evaluation for distributed real-time systems, 8
Folino, 2010, An ensemble-based evolutionary framework for coping with distributed intrusion detection, Genet. Program. Evolvable Mach., 11, 131, 10.1007/s10710-010-9101-6
Galar, 2012, A review on ensembles for the class imbalance problem: bagging-, boosting-, and hybrid-based approaches, IEEE Trans. Syst., Man, Cybern., Part C (Applications and Reviews), 42, 463, 10.1109/TSMCC.2011.2161285
Garcia-Teodoro, 2009, Anomaly-based network intrusion detection: techniques, systems and challenges, Comput. Secur., 28, 18, 10.1016/j.cose.2008.08.003
Garcia-Teodoro, 2009, Anomaly-based network intrusion detection: techniques, systems and challenges, Comput. Secur., 28, 18, 10.1016/j.cose.2008.08.003
Gasti, 2013, Dos and ddos in named data networking, 1
Gogoi, 2012, Packet and flow based network intrusion dataset, 322
Greggio, 2013, Learning anomalies in idss by means of multivariate finite mixture models, 251
Gruhl, 2015, A building block for awareness in technical systems: online novelty detection and reaction with an application in intrusion detection, 194
Haider, 2017, Generating realistic intrusion detection system dataset based on fuzzy qualitative modeling, J. Netw. Comput. Appl., 87, 185, 10.1016/j.jnca.2017.03.018
Haider, 2017, Generating realistic intrusion detection system dataset based on fuzzy qualitative modeling, J. Netw. Comput. Appl., 87, 185, 10.1016/j.jnca.2017.03.018
Han, 2015, A naive bayesian network intrusion detection algorithm based on principal component analysis, 325
Hasan, 2017, A constraint-based intrusion detection system, 12
He, 2014, Protecting users privacy from browser-based attacks, vol. 631, 941
Hodo, E., Bellekens, X., Hamilton, A., Tachtatzis, C., Atkinson, R., Shallow and Deep Networks Intrusion Detection System: a Taxonomy and Survey, arXiv:1701.02145.
Holm, 2014, Signature based intrusion detection for zero-day attacks:(not) a closed chapter?, 4895
Honda, 2015, Topase: detection of brute force attacks used disciplined ips from ids log, 1361
Horng, 2011, A novel intrusion detection system based on hierarchical clustering and support vector machines, Expert Syst. Appl., 38, 306, 10.1016/j.eswa.2010.06.066
Huang, 2011, Adversarial machine learning, 43
Huang, 2014, Deep architecture for traffic flow prediction: deep belief networks with multitask learning, IEEE Trans. Intell. Transport. Syst., 15, 2191, 10.1109/TITS.2014.2311123
Hung, 2008, A user-oriented ontology-based approach for network intrusion detection, Comput. Stand. Interfac., 30, 78, 10.1016/j.csi.2007.07.008
Ilgun, 1995, State transition analysis: a rule-based intrusion detection approach, IEEE Trans. Software Eng., 21, 181, 10.1109/32.372146
Inayat, 2016, Intrusion response systems: foundations, design, and challenges, J. Netw. Comput. Appl., 62, 53, 10.1016/j.jnca.2015.12.006
Jabbar, 2017, Rfaode: a novel ensemble intrusion detection system, Procedia Comput. Sci., 115, 226, 10.1016/j.procs.2017.09.129
Jadhav, 2013, A novel approach for the design of network intrusion detection system (nids), 22
Jasiul, 2014, Malware behavior modeling with colored petri nets, 667
Ji, 2017, Backdoor attacks against learning systems, 1
Jirapummin, 2002, Hybrid neural networks for intrusion detection system, 928
Kang, 2012, A differentiated one-class classification method with applications to intrusion detection, Expert Syst. Appl., 39, 3899, 10.1016/j.eswa.2011.06.033
Kaur, 2013, Automatic attack signature generation systems: a review, IEEE Secur. Priv., 11, 54, 10.1109/MSP.2013.51
Keshk, 2017, Privacy preservation intrusion detection technique for scada systems, 1
Khan, 2007, A new intrusion detection system using support vector machines and hierarchical clustering, The VLDB J. - Int. J. Very Large Data Bases, 16, 507, 10.1007/s00778-006-0002-5
Kholidy, 2012, Cids: a framework for intrusion detection in cloud systems, 379
Kumar, 2013, Encrypted traffic and ipsec challenges for intrusion detection system, 721
Lee, 2008, Ddos attack detection method using cluster analysis, Expert Syst. Appl., 34, 1659, 10.1016/j.eswa.2007.01.040
Lee, 1998, Data mining approaches for intrusion detection
Li, 2010, Research and implementation of an anomaly detection model based on clustering analysis, 458
Li, 2013, A survey of network flow applications, J. Netw. Comput. Appl., 36, 567, 10.1016/j.jnca.2012.12.020
Liao, 2013, Intrusion detection system: a comprehensive review, J. Netw. Comput. Appl., 36, 16, 10.1016/j.jnca.2012.09.004
Lin, 2010
Lin, 2015, Cann: an intrusion detection system based on combining cluster centers and nearest neighbors, Knowl. Base Syst., 78, 13, 10.1016/j.knosys.2015.01.009
Liu, 2012, vol. 454
Ludwig, 2017, Intrusion detection of multiple attack classes using a deep neural net ensemble, 1
Lunt, 1988, A prototype real-time intrusion-detection expert system, 59
Luo, 2000, Mining fuzzy association rules and fuzzy frequency episodes for intrusion detection, Int. J. Intell. Syst., 15, 687, 10.1002/1098-111X(200008)15:8<687::AID-INT1>3.0.CO;2-X
Marhas, 2012, Anomaly detection in network traffic: a statistical approach, Int. J. IT, Eng. Appl. Sci. Res. (IJIEASR), 1, 16
McGrew, D., Rigoudy, T., Intrusion Detection to Prevent Impersonation Attacks in Computer Networks, uS Patent App. 15/616,514 (Sep. 21 2017).
Midi, 2017, KalisÚŮa system for knowledge-driven adaptable intrusion detection for the internet of things, 656
Milenkoski, 2015, Evaluating computer intrusion detection systems: a survey of common practices, ACM Comput. Surv., 48, 12, 10.1145/2808691
Moon, 2016, Host-based intrusion detection system for secure human-centric computing, J. Supercomput., 72, 2520, 10.1007/s11227-015-1506-9
Mostardinha, 2012, A negative selection approach to intrusion detection, 178
Moustaf, 2015, Creating novel features to anomaly network detection using darpa-2009 data set, 204
Moustafa, 2015, Unsw-nb15: a comprehensive data set for network intrusion detection systems (unsw-nb15 network data set), 1
Moustafa, 2015, A hybrid feature selection for network intrusion detection systems: central points, 5
Moustafa, 2015, The significant features of the unsw-nb15 and the kdd99 data sets for network intrusion detection systems, 25
Moustafa, 2016, The evaluation of network anomaly detection systems: statistical analysis of the unsw-nb15 data set and the comparison with the kdd99 data set, Inf. Secur. J. A Glob. Perspect., 25, 18, 10.1080/19393555.2015.1125974
Moustafa, 2018, A network forensic scheme using correntropy-variation for attack detection, 225
Moustafa, N., Misra, G., Slay, J., Generalized outlier Gaussian mixture technique based on automated association features for simulating and detecting web application attacks, IEEE Trans. Sustain. Comput. https://doi.org/10.1109/TSUSC.2018.2808430.
Moustafa, 2017, Big data analytics for intrusion detection system: statistical decision-making using finite dirichlet mixture models, 127
Moustafa, 2017, Novel geometric area analysis technique for anomaly detection using trapezoidal area estimation on large-scale networks, IEEE Transactions on Big Data, 1, 10.1109/TBDATA.2017.2715166
Moustafa, 2017, Collaborative anomaly detection framework for handling big data of cloud computing, 1
Moustafa, 2017, Flow aggregator module for analysing network traffic
Moustafa, 2018, Anomaly detection system using beta mixture models and outlier detection, 125
Moustafa, 2018, An ensemble intrusion detection technique based on proposed statistical flow features for protecting network traffic of internet of things, IEEE Internet of Things Journal, 1, 10.1109/JIOT.2018.2871719
Moustafa, 2018, A new threat intelligence scheme for safeguarding industry 4.0 systems, IEEE Access, 6, 32910, 10.1109/ACCESS.2018.2844794
Nadiammai, 2012, An evaluation of clustering technique over intrusion detection system, 1054
Nalavade, 2014, Mining association rules to evade network intrusion in network audit data, Int. J. Adv. Comput. Res., 4, 560
Naldurg, 2004, A temporal logic based framework for intrusion detection, 359
Narudin, 2016, Evaluation of machine learning classifiers for mobile malware detection, Soft Computing, 20, 343, 10.1007/s00500-014-1511-6
Nguyen, 2011, An efficient local region and clustering-based ensemble system for intrusion detection, 185
Pajouh, 2016, A two-layer dimension reduction and two-tier classification model for anomaly-based intrusion detection in iot backbone networks, IEEE Transactions on Emerging Topics in Computing, 1, 10.1109/TETC.2016.2633228
Palmieri, 2014, A distributed approach to network anomaly detection based on independent component analysis, Concurrency Comput. Pract. Ex., 26, 1113, 10.1002/cpe.3061
Pang, 2017, Anomaly detection based on uncertainty fusion for univariate monitoring series, Measurement, 95, 280, 10.1016/j.measurement.2016.10.031
Patcha, 2007, An overview of anomaly detection techniques: existing solutions and latest technological trends, Comput. Network., 51, 3448, 10.1016/j.comnet.2007.02.001
Peng, 2016, User profiling in intrusion detection: a review, J. Netw. Comput. Appl., 72, 14, 10.1016/j.jnca.2016.06.012
Perdisci, 2006, Using an ensemble of one-class svm classifiers to harden payload-based anomaly detection systems, 488
Pontarelli, 2013, Traffic-aware design of a high-speed fpga network intrusion detection system, IEEE Trans. Comput., 62, 2322, 10.1109/TC.2012.105
Poornachandran, 2017, Drive-by-download malware detection in hosts by analyzing system resource utilization using one class support vector machines, 129
Porras, 1998, Live traffic analysis of tcp/ip gateways
Pudil, 1998, Novel methods for feature subset selection with respect to problem knowledge, 101
Ramdane, 2014, A new negative selection algorithm for adaptive network intrusion detection system, Int. J. Inf. Secur. Priv., 8, 1, 10.4018/IJISP.2014100101
Resende, 2018, A survey of random forest based methods for intrusion detection systems, ACM Comput. Surv., 51, 48, 10.1145/3178582
Roman, 2018, Mobile edge computing, fog et al.: a survey and analysis of security threats and challenges, Future Generat. Comput. Syst., 78, 680, 10.1016/j.future.2016.11.009
Saber, 2017, Performance analysis of an intrusion detection systems based of artificial neural network, 511
Sager, 2014, 1
Saurabh, 2016, An efficient proactive artificial immune system based anomaly detection and prevention system, Expert Syst. Appl., 60, 311, 10.1016/j.eswa.2016.03.042
Scrucca, 2016, Mclust 5: clustering, classification and density estimation using Gaussian finite mixture models, The R Journal, 8, 289, 10.32614/RJ-2016-021
Shah, 2016, Performance improvement of intrusion detection with fusion of multiple sensors, Complex & Intelligent Systems, 1
Shahid, 2015, Characteristics and classification of outlier detection techniques for wireless sensor networks in harsh environments: a survey, Artif. Intell. Rev., 43, 193, 10.1007/s10462-012-9370-y
Shameli-Sendi, 2014, Taxonomy of intrusion risk assessment and response system, Comput. Secur., 45, 1, 10.1016/j.cose.2014.04.009
Sharafaldin, 2018, Toward generating a new intrusion detection dataset and intrusion traffic characterization, 108
Sharma, 2018, A survey on intrusion detection systems and honeypot based proactive security mechanisms in vanets and vanet cloud, Vehicular Communications, 138, 10.1016/j.vehcom.2018.04.005
Shen, 2006, Kernel density estimation for an anomaly based intrusion detection system, 161
Shiravi, 2012, Toward developing a systematic approach to generate benchmark datasets for intrusion detection, Comput. Secur., 31, 357, 10.1016/j.cose.2011.12.012
Singh, 2014, Big data analytics framework for peer-to-peer botnet detection using random forests, Inf. Sci., 278, 488, 10.1016/j.ins.2014.03.066
Soltanolkotabi, 2012, A geometric analysis of subspace clustering with outliers, Ann. Stat., 40, 2195, 10.1214/12-AOS1034
Soule, 2005, Combining filtering and statistical methods for anomaly detection
Tan, 2014, A system for denial-of-service attack detection based on multivariate correlation analysis, IEEE Trans. Parallel Distr. Syst., 25, 447, 10.1109/TPDS.2013.146
The acsc threat report. URL https://www.acsc.gov.au/publications/.
The adfa intrusion detection datasets. URL https://www.unsw.adfa.edu.au/australian-centre-for-cyber-security/cybersecurity/ADFA-IDS-Datasets/.
The caida datasets. URL https://www.caida.org/data/.
The cdx datasets. URL https://www.usma.edu/crc/SitePages/DataSets.aspx.
The ctu-13 dataset. URL https://www.usma.edu/crc/SitePages/DataSets.aspx.
The darpa-2009 dataset. darpa scalable network monitoring (snm) program traffic. packet clearing house. 11/3/2009 to 11/12/2009. URL https://www.predict.org/.
The darpa98 and kddcup99 datasets. URL http://www.ll.mit.edu/ideval/data/1998data.html.
The defcon dataset. URL http://www.netresec.com/?page=PcapFiles.
The hadoop technologies. URL http://hadoop.apache.org/.
The iscx dataset. URL http://www.unb.ca/research/iscx/dataset/iscx-IDS-dataset.html.
The lbnl dataset. URL http://powerdata.lbl.gov/download.html.
The macafee threat report. URL http://www.mcafee.com/us/resources/.
The mysql cluster cge technology. URL https://www.mysql.com/products/cluster/.
The nslkdd dataset. URL https://web.archive.org/web/20150205070216/ http://nsl.cs.unb.ca/NSL-KDD/.
The snort tool. URL https://www.snort.org/.
The unibs dataset. URL http://netweb.ing.unibs.it/ntw/tools/traces/.
The unsw-nb15 dataset. URL https://www.unsw.adfa.edu.au/australian-centre-for-cyber-security/cybersecurity/ADFA-NB15-Datasets/.
Vaccaro, 1989, Detection of anomalous computer session activity, 280
Vasudevan, 2011, Ssenet-2011: a network intrusion detection system dataset and its comparison with kdd cup 99 dataset, 1
Wagner, 2011, Machine learning approach for ip-flow record anomaly detection, 28
Wang, 2008
Wang, 2017, Big data analytics for network intrusion detection: a survey, Int. J. Network. Commun., 7, 24
Wang, 2015, Ddos attack protection in the era of cloud computing and software-defined networking, Comput. Network., 81, 308, 10.1016/j.comnet.2015.02.026
Xanthopoulos, 2013, Principal component analysis, 21
Xu, J., Shelton, C.R., Intrusion Detection Using Continuous Time Bayesian Networks, arXiv:1401.3851.
Yanyan, 2010, Study of database intrusion detection based on improved association rule algorithm, vol. 4, 673
Yin, 2017, A deep learning approach for intrusion detection using recurrent neural networks, IEEE Access, 5, 21954, 10.1109/ACCESS.2017.2762418
Zarpelao, 2017, A survey of intrusion detection in internet of things, J. Netw. Comput. Appl., 84, 25, 10.1016/j.jnca.2017.02.009
Zhao, 2015, 1