With the Internet's unprecedented growth and nations' reliance on computer networks, new cyber‐attacks are created every day as means for achieving financial gain, imposing political agendas, and developing cyberwarfare arsenals. Network security is thus acquiring increasing attention among researchers, practitioners, network architects, policy makers, and others. To defend organizations' networks from existing, foreseen, and future threats, intrusion detection systems (IDSs) are becoming a must. Existing surveys on anomaly‐based IDS (AIDS) focus on specific components such as detection mechanisms and lack many others. In contrast to existing surveys, this article covers the full scope needed by researchers and practitioners alike when studying AIDS. The scope ranges from the intrusion detection techniques to attacks forms and passing through the relevant attack features, most‐used datasets, challenges, and potential solutions. This article provides an exhaustive review of IDSs and discusses their requirements and performance metrics in deep. It presents a taxonomy of IDSs based on four criteria: information source, detection strategy, detection mode, and architecture. Then, in‐depth analysis and a comparison of network intrusion detection approaches based on anomaly detection techniques are given. The article also introduces a classification of computer network attacks, along with their different forms and the relevant network traffic features to detect them, as well as a summary of the popular datasets used by the researchers to evaluate the IDSs. Finally, the article highlights several research challenges and the possible solutions to deal with them.
Given that the Internet traffic speed and volume are growing at a rapid pace, monitoring the network in a real-time manner has introduced several issues in terms of computing and storage capabilities. Fast processing of traffic data and early warnings on the detected attacks are required while maintaining a single pass over the traffic measurements. To palliate these problems, one can reduce the amount of traffic to be processed by using a sampling technique and detect the attacks based on the sampled traffic. Different parameters have an impact on the efficiency of this process, mainly, the applied sampling policy and sampling ratio. In this paper, we investigate the statistical impact of sampling the network traffic and we quantify the amount of deterioration that the sampling process introduces. In this context, an experimental comparison of existing sampling techniques is performed based on their impact on several well-known statistical measures.
With the proliferation of IoT devices, ensuring the security and privacy of these devices and their associated data has become a critical challenge. In this paper, we propose a federated sampling and lightweight intrusion-detection system for IoT networks that use K-meansfor sampling network traffic and identifying anomalies in a semi-supervised way. The system is designed to preserve data privacy by performing local clustering on each device and sharing only summary statistics with a central aggregator. The proposed system is particularly suitable for resource-constrained IoT devices such as sensors with limited computational and storage capabilities. We evaluate the system’s performance using the publicly available NSL-KDD dataset. Our experiments and simulations demonstrate the effectiveness and efficiency of the proposed intrusion-detection system, highlighting the trade-offs between precision and recall when sharing statistics between workers and the coordinator. Notably, our experiments show that the proposed federated IDS can increase the true-positive rate up to 10% when the workers and the coordinator collaborate.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.