From intrusion detection to attacker attribution: A comprehensive survey of unsupervised methods
Authors: Nisioti, A., Mylonas, A., Yoo, P.D. and Katos, V.
Journal: IEEE Communications Surveys and Tutorials
Volume: 20
Issue: 4
Pages: 3369-3388
eISSN: 1553-877X
DOI: 10.1109/COMST.2018.2854724
Abstract:Over the last five years there has been an increase in the frequency and diversity of network attacks. This holds true, as more and more organizations admit compromises on a daily basis. Many misuse and anomaly based intrusion detection systems (IDSs) that rely on either signatures, supervised or statistical methods have been proposed in the literature, but their trustworthiness is debatable. Moreover, as this paper uncovers, the current IDSs are based on obsolete attack classes that do not reflect the current attack trends. For these reasons, this paper provides a comprehensive overview of unsupervised and hybrid methods for intrusion detection, discussing their potential in the domain. We also present and highlight the importance of feature engineering techniques that have been proposed for intrusion detection. Furthermore, we discuss that current IDSs should evolve from simple detection to correlation and attribution. We descant how IDS data could be used to reconstruct and correlate attacks to identify attackers, with the use of advanced data analytics techniques. Finally, we argue how the present IDS attack classes can be extended to match the modern attacks and propose three new classes regarding the outgoing network communication.
https://eprints.bournemouth.ac.uk/30985/
Source: Scopus
From Intrusion Detection to Attacker Attribution: A Comprehensive Survey of Unsupervised Methods
Authors: Nisioti, A., Mylonas, A., Yoo, P.D. and Katos, V.
Journal: IEEE COMMUNICATIONS SURVEYS AND TUTORIALS
Volume: 20
Issue: 4
Pages: 3369-3388
eISSN: 1553-877X
DOI: 10.1109/COMST.2018.2854724
https://eprints.bournemouth.ac.uk/30985/
Source: Web of Science (Lite)
From Intrusion Detection to Attacker Attribution: A Comprehensive Survey of Unsupervised Methods
Authors: Nisioti, A., Mylonas, A., Yoo, P. and Katos, V.
Journal: IEEE Communications Surveys and Tutorials
Publisher: IEEE
ISSN: 1553-877X
DOI: 10.1109/COMST.2018.2854724
https://eprints.bournemouth.ac.uk/30985/
Source: Manual
From Intrusion Detection to Attacker Attribution: A Comprehensive Survey of Unsupervised Methods.
Authors: Nisioti, A., Mylonas, A., Yoo, P.D. and Katos, V.
Journal: IEEE Commun. Surv. Tutorials
Volume: 20
Pages: 3369-3388
DOI: 10.1109/COMST.2018.2854724
https://eprints.bournemouth.ac.uk/30985/
Source: DBLP
From Intrusion Detection to Attacker Attribution: A Comprehensive Survey of Unsupervised Methods
Authors: Nisioti, A., Mylonas, A., Yoo, P.D. and Katos, V.
Journal: IEEE Communications Surveys and Tutorials
Volume: 20
Issue: 4
Pages: 3369-3388
ISSN: 1553-877X
Abstract:Over the last five years there has been an increase in the frequency and diversity of network attacks. This holds true, as more and more organisations admit compromises on a daily basis. Many misuse and anomaly based Intrusion Detection Systems (IDSs) that rely on either signatures, supervised or statistical methods have been proposed in the literature, but their trustworthiness is debatable. Moreover, as this work uncovers, the current IDSs are based on obsolete attack classes that do not reflect the current attack trends. For these reasons, this paper provides a comprehensive overview of unsupervised and hybrid methods for intrusion detection, discussing their potential in the domain. We also present and highlight the importance of feature engineering techniques that have been proposed for intrusion detection. Furthermore, we discuss that current IDSs should evolve from simple detection to correlation and attribution. We descant how IDS data could be used to reconstruct and correlate attacks to identify attackers, with the use of advanced data analytics techniques. Finally, we argue how the present IDS attack classes can be extended to match the modern attacks and propose three new classes regarding the outgoing network communication
https://eprints.bournemouth.ac.uk/30985/
Source: BURO EPrints