Data-Driven Network Intrusion Detection: A Taxonomy of Challenges and Methods

09/15/2020
by   Dylan Chou, et al.
0

Data-driven methods have been widely used in network intrusion detection (NID) systems. However, there are currently a number of challenges derived from how the datasets are being collected. Most attack classes in network intrusion datasets are considered the minority compared to normal traffic and many datasets are collected through virtual machines or other simulated environments rather than real-world networks. These challenges undermine the performance of intrusion detection machine learning models by fitting models such as random forests or support vector machines to unrepresentative "sandbox" datasets. This survey presents a carefully designed taxonomy highlighting eight main challenges and solutions and explores common datasets from 1999 to 2020. Trends are analyzed on the distribution of challenges addressed for the past decade and future directions are proposed on expanding NID into cloud-based environments, devising scalable models for larger amount of network intrusion data, and creating labeled datasets collected in real-world networks.

READ FULL TEXT

page 1

page 11

page 17

page 18

page 26

page 27

research
06/09/2018

A Taxonomy of Malicious Traffic for Intrusion Detection Systems

With the increasing number of network threats it is essential to have a ...
research
02/07/2018

New Use Cases for Snort: Cloud and Mobile Environments

First, this case study explores an Intrusion Detection System package ca...
research
03/16/2022

Maintainable Log Datasets for Evaluation of Intrusion Detection Systems

Intrusion detection systems (IDS) monitor system logs and network traffi...
research
11/12/2020

Traffic Generation using Containerization for Machine Learning

The design and evaluation of data-driven network intrusion detection met...
research
06/26/2023

Ensemble of Random and Isolation Forests for Graph-Based Intrusion Detection in Containers

We propose a novel solution combining supervised and unsupervised machin...
research
03/02/2023

EdgeServe: An Execution Layer for Decentralized Prediction

The relevant features for a machine learning task may be aggregated from...
research
06/09/2018

A Taxonomy and Survey of Intrusion Detection System Design Techniques, Network Threats and Datasets

With the world moving towards being increasingly dependent on computers ...

Please sign up or login with your details

Forgot password? Click here to reset