2020
DOI: 10.1109/tnsm.2020.3016246
|View full text |Cite
|
Sign up to set email alerts
|

Survey of Network Intrusion Detection Methods From the Perspective of the Knowledge Discovery in Databases Process

Abstract: The identification of cyberattacks which target information and communication systems has been a focus of the research community for years. Network intrusion detection is a complex problem which presents a diverse number of challenges. Many attacks currently remain undetected, while newer ones emerge due to the proliferation of connected devices and the evolution of communication technology. In this survey, we review the methods that have been applied to network data with the purpose of developing an intrusion… Show more

Help me understand this report
View preprint versions

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
1
1

Citation Types

0
35
0
9

Year Published

2021
2021
2024
2024

Publication Types

Select...
3
3
2

Relationship

0
8

Authors

Journals

citations
Cited by 79 publications
(44 citation statements)
references
References 175 publications
(347 reference statements)
0
35
0
9
Order By: Relevance
“…To compute multiple flow features, flows are commonly grouped using criteria such as "inside a time window T " or "in last N flows" in terms of time and flow counts, respectively. They are useful to identify attacks that spread their activity over several flows, such as (D)DoS attacks or probes [7].…”
Section: Derivation Of Multiple Flow Featuresmentioning
confidence: 99%
“…To compute multiple flow features, flows are commonly grouped using criteria such as "inside a time window T " or "in last N flows" in terms of time and flow counts, respectively. They are useful to identify attacks that spread their activity over several flows, such as (D)DoS attacks or probes [7].…”
Section: Derivation Of Multiple Flow Featuresmentioning
confidence: 99%
“…Como resultado, pouco ou nenhum esforçoé dado para facilitar o processo de atualização do modelo [Gates and Taylor 2006], que deve exigir o mínimo possível de eventos de rede rotulados e baixos custos computacionais. No entanto, as técnicas tradicionais de reconhecimento de padrões não são capazes de fornecer tais características, visto que quando ocorre uma atualização do modelo, o modelo desatualizadoé descartado e um novo conjunto de dados de treinamento, com milhões de eventos rotulados deve ser construído [Molina-Coronado et al 2020].…”
Section: Aprendizagem De Máquina Para Detecção De Intrusãounclassified
“…Sistemas de detecção de intrusão baseados em rede (Network-based Intrusion Detection Systems -NIDS) têm sido amplamente usados para detectar ameaças de rede, através de abordagens baseadas em assinatura ou abordagens baseadas em comportamento [Molina-Coronado et al 2020]. Abordagens baseadas em assinatura só conseguem identificar ataques conhecidos anteriormente durante o treinamento.…”
Section: Introductionunclassified
See 1 more Smart Citation
“…Meantime, serious network intrusions and attacks have been seeing an increasing trend and lead to greatly increasing critical threats for the computerized systems. The detection of intrusion and attacks is critical because networks can be vulnerable to these threats, and the intrusion may lead to dramatically financial loss [1,2]. Thus, it is desirable to design an automatic network anomaly detection (NAD) approach.…”
Section: Introductionmentioning
confidence: 99%