IEEE Transactions on Software Engineering - Special issue on computer security and privacy
NADIR: an automated system for detecting network intrusion and misuse
Computers and Security
ACM SIGCOMM Computer Communication Review
A taxonomy of computer program security flaws
ACM Computing Surveys (CSUR)
Empirically derived analytic models of wide-area TCP connections
IEEE/ACM Transactions on Networking (TON)
Wide area traffic: the failure of Poisson modeling
IEEE/ACM Transactions on Networking (TON)
The 1999 DARPA off-line intrusion detection evaluation
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on recent advances in intrusion detection systems
ACM Transactions on Information and System Security (TISSEC)
Characteristics of network traffic flow anomalies
IMW '01 Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement
Service specific anomaly detection for network intrusion detection
Proceedings of the 2002 ACM symposium on Applied computing
Specification-based anomaly detection: a new approach for detecting network intrusions
Proceedings of the 9th ACM conference on Computer and communications security
A signal analysis of network traffic anomalies
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Architecture of Generalized Network Service Anomaly and Fault Thresholds
MMNS '01 Proceedings of the 4th IFIP/IEEE International Conference on Management of Multimedia Networks and Services: Management of Multimedia on the Internet
Learning nonstationary models of normal network traffic for detecting novel attacks
Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining
Statistical Traffic Modeling for Network Intrusion Detection
MASCOTS '00 Proceedings of the 8th International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunication Systems
Intrusion Detection Testing and Benchmarking Methodologies
IEEE-IWIA '03 Proceedings of the First IEEE International Workshop on Information Assurance (IWIA'03)
Network traffic anomaly detection based on packet bytes
Proceedings of the 2003 ACM symposium on Applied computing
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
Inferring internet denial-of-service activity
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
A sense of self for Unix processes
SP'96 Proceedings of the 1996 IEEE conference on Security and privacy
An overview of anomaly detection techniques: Existing solutions and latest technological trends
Computer Networks: The International Journal of Computer and Telecommunications Networking
An efficient network intrusion detection
Computer Communications
Similarity-based classification using specific features in network intrusion detection
AsiaCSN '08 Proceedings of the Fifth IASTED International Conference on Communication Systems and Networks
Parameterized anomaly detection system with automatic configuration
GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
AnomBench: a benchmark for volume-based internet anomaly detection
GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
Design of a secure packet processor
Proceedings of the 6th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
ISNN'06 Proceedings of the Third international conference on Advances in Neural Networks - Volume Part III
Review: An intrusion detection and prevention system in cloud computing: A systematic review
Journal of Network and Computer Applications
Review: Intrusion detection system: A comprehensive review
Journal of Network and Computer Applications
An ecological approach to anomaly detection: the EIA model
ICARIS'12 Proceedings of the 11th international conference on Artificial Immune Systems
Detecting latent attack behavior from aggregated Web traffic
Computer Communications
An efficient hybrid approach to per-flow state tracking for high-speed networks
Computer Communications
Improving energy efficiency in distributed intrusion detection systems
Journal of High Speed Networks
Hi-index | 0.24 |
Despite the advances reached along the last 20 years, anomaly detection in network behavior is still an immature technology, and the shortage of commercial tools thus corroborates it. Nevertheless, the benefits which could be obtained from a better understanding of the problem itself as well as the improvement of these mechanisms, especially in network security, justify the demand for more research efforts in this direction. This article presents a survey on current anomaly detection methods for network intrusion detection in classical wired environments. After introducing the problem and elucidating its interest, a taxonomy of current solutions is presented. The outlined scheme allows us to systematically classify current detection methods as well as to study the different facets of the problem. The more relevant paradigms are subsequently discussed and illustrated through several case studies of selected systems developed in the field. The problems addressed by each of them as well as their weakest points are thus explained. Finally, this work concludes with an analysis of the problems that still remain open. Based on this discussion, some research lines are identified.