A Taxonomy of Network Threats and the Effect of Current Datasets on Intrusion Detection Systems (2020-06-04T00:00:00.000000Z)

TL;DR

A unique combination of the taxonomy and the analysis of the datasets provided in this manuscript aims to improve the creation of datasets and the collection of real-world data and reflect network threats more accurately within new datasets.

Abstract

As the world moves towards being increasingly dependent on computers and automation, building secure applications, systems and networks are some of the main challenges faced in the current decade. The number of threats that individuals and businesses face is rising exponentially due to the increasing complexity of networks and services of modern networks. To alleviate the impact of these threats, researchers have proposed numerous solutions for anomaly detection; however, current tools often fail to adapt to ever-changing architectures, associated threats and zero-day attacks. This manuscript aims to pinpoint research gaps and shortcomings of current datasets, their impact on building Network Intrusion Detection Systems (NIDS) and the growing number of sophisticated threats. To this end, this manuscript provides researchers with two key pieces of information; a survey of prominent datasets, analyzing their use and impact on the development of the past decade’s Intrusion Detection Systems (IDS) and a taxonomy of network threats and associated tools to carry out these attacks. The manuscript highlights that current IDS research covers only 33.3% of our threat taxonomy. Current datasets demonstrate a clear lack of real-network threats, attack representation and include a large number of deprecated threats, which together limit the detection accuracy of current machine learning IDS approaches. The unique combination of the taxonomy and the analysis of the datasets provided in this manuscript aims to improve the creation of datasets and the collection of real-world data. As a result, this will improve the efficiency of the next generation IDS and reflect network threats more accurately within new datasets.

References174 items

Hierarchical Intrusion Detection Using Machine Learning and Knowledge Model

Passban IDS: An Intelligent Anomaly-Based Intrusion Detection System for IoT Edge Devices

Intrusion detection system using an optimized kernel extreme learning machine and efficient features

Leveraging Machine Learning Approach to Setup Software-Defined Network(SDN) Controller Rules During DDoS Attack

Blockchain and Random Subspace Learning-Based IDS for SDN-Enabled Industrial IoT Security

On Generating Network Traffic Datasets with Synthetic Attacks for Intrusion Detection

Prediction of drive-by download attacks on Twitter

Intrusion Detection Using Big Data and Deep Learning Techniques

Deep Learning Approach for Intelligent Intrusion Detection System

Enabling Dynamic Network Access Control with Anomaly-based IDS and SDN

A Survey of Network-based Intrusion Detection Data Sets

Adaptive Wavelet Domain Filter for Versatile Video Coding (VVC)

Cyber intrusion detection by combined feature selection algorithm

KDD Cup 99 Data Sets: A Perspective on the Role of Data Sets in Network Intrusion Detection Research

Dimensionality reduction with IG-PCA and ensemble classifier for network intrusion detection

Machine Learning in Cyber-Security - Problems, Challenges and Data Sets

Towards the Development of Realistic Botnet Dataset in the Internet of Things for Network Forensic Analytics: Bot-IoT Dataset

Deep Learning for Encrypted Traffic Classification: An Overview

KDD 1999 generation faults: a review and analysis

Improving SIEM for Critical SCADA Water Infrastructures Using Machine Learning

Zero-day malware detection using transferred generative adversarial networks based on deep autoencoders

Identification of malicious activities in industrial internet of things based on deep learning models

TESSERACT: Eliminating Experimental Bias in Malware Classification across Space and Time

Network Intrusion Detection Using Kernel-based Fuzzy-rough Feature Selection

An Improved Kernel Clustering Algorithm Used in Computer Network Intrusion Detection

Foundations and applications of artificial Intelligence for zero-day and multi-step attack detection

A New Intrusion Detection System Based on Fast Learning Network and Particle Swarm Optimization

Applying Artificial Immune System for Intrusion Detection

Deep Abstraction and Weighted Feature Selection for Wi-Fi Impersonation Detection

Adaptive artificial immune networks for mitigating DoS flooding attacks

When Intrusion Detection Meets Blockchain Technology: A Review

Compression Header Analyzer Intrusion Detection System (CHA - IDS) for 6LoWPAN Communication Protocol

A Deep Learning Approach to Network Intrusion Detection

Taxonomy for Identification of Security Issues in Cloud Computing Environments

Toward a reliable anomaly-based intrusion detection in real-world environments

HA-IDS: A heterogeneous anomaly-based intrusion detection system

A Dimension Reduction Model and Classifier for Anomaly-Based Intrusion Detection in Internet of Things

Classification of intrusion detection system (IDS) based on computer network

Incremental k-NN SVM method in intrusion detection

Anomaly-Based Intrusion Detection by Modeling Probability Distributions of Flow Characteristics

A Deep Learning Approach for Intrusion Detection Using Recurrent Neural Networks

Comparative study of conjugate gradient to optimize learning process of neural network for Intrusion Detection System (IDS)

Intrusion detection system using hybrid binary PSO and K-nearest neighborhood algorithm

Network Intrusion Detection Based on Semi-supervised Variational Auto-Encoder

An enhanced J48 classification algorithm for the anomaly intrusion detection systems

Machine Learning Approach for Detection of nonTor Traffic

Software Vulnerability Analysis and Discovery Using Machine-Learning and Data-Mining Techniques

Unified Host and Network Data Set

An Intrusion Detection System Based on Polynomial Feature Correlation Analysis

Dataset of anomalies and malicious acts in a cyber-physical subsystem

A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection

Shallow and Deep Networks Intrusion Detection System: A Taxonomy and Survey

An Evaluation Framework for Intrusion Detection Dataset

IoT SENTINEL: Automated Device-Type Identification for Security Enforcement in IoT

Enhancing performance of anomaly based intrusion detection systems through dimensionality reduction using principal component analysis

Intrusion detection system using PCA and Fuzzy PCA techniques

Detection of SQL injection and XSS attacks in three tier web applications

Distributed Network Intrusion Detection Systems: An Artificial Immune System Approach

Kharon dataset: Android malware under a microscope

Threat analysis of IoT networks using artificial neural network intrusion detection system

Principle component analysis based intrusion detection system using support vector machine

Towards the creation of synthetic, yet realistic, intrusion detection datasets

ID2T: A DIY dataset creation toolkit for Intrusion Detection Systems

Artificial immune system based intrusion detection

Study on implementation of machine learning methods combination for improving attacks detection accuracy on Intrusion Detection System (IDS)

Classification model of network intrusion using Weighted Extreme Learning Machine

Behavior-based features model for malware detection

Booters — An analysis of DDoS-as-a-service attacks

Design and Analysis of Multimodel-Based Anomaly Intrusion Detection Systems in Industrial Process Automation

A novel feature-selection approach based on the cuttlefish optimization algorithm for intrusion detection systems

CANN: An intrusion detection system based on combining cluster centers and nearest neighbors

Using extreme learning machine for intrusion detection in a big data environment

MAIS-IDS: A distributed intrusion detection system using multi-agent AIS approach

GLoP: Enabling Massively Parallel Incident Response Through GPU Log Processing

An empirical comparison of botnet detection methods

An Ensemble Model for Classification of Attacks with Feature Selection based on KDD99 and NSL-KDD Data Set

Mining network data for intrusion detection through combining SVMs with ant colony networks

A New Clustering Approach for Anomaly Intrusion Detection

Network attacks: Taxonomy, tools and systems

A novel hybrid intrusion detection method integrating anomaly detection with misuse detection

A Survey of Intrusion Detection Systems in Wireless Sensor Networks

A cost-sensitive decision tree approach for fraud detection

Anomaly-based intrusion detection through K-means clustering and naives bayes classification

A hybrid framework based on neural network MLP and K-means clustering for intrusion detection system

GMDH-based networks for intelligent intrusion detection

How to validate traffic generators?

Intrusion detection system (IDS) for combating attacks against cognitive radio networks

Hybrid of fuzzy Clustering Neural Network over NSL Dataset for Intrusion Detection System

Generation of a new IDS test dataset: Time to retire the KDD collection

Fortification of Hybrid Intrusion Detection System Using Variants of Neural Networks and Support Vector Machines

A network intrusion detection system based on a Hidden Naïve Bayes multiclass classifier

An intelligent algorithm with feature selection and decision rules applied to anomaly intrusion detection

THE COMBINED APPROACH FOR ANOMALY DETECTION USING NEUR AL NETWORKS AND CLUSTERING TECHNIQUE S

Camouflage in Malware: from Encryption to Metamorphism

Taxonomy of compliant information security behavior

Extreme learning machines for intrusion detection

Dissecting Android Malware: Characterization and Evolution

Toward developing a systematic approach to generate benchmark datasets for intrusion detection

A differentiated one-class classification method with applications to intrusion detection

100

An autonomous labeling approach to support vector machines algorithms for network traffic anomaly detection

101

Practical real-time intrusion detection using machine learning approaches

102

Self-adaptive and dynamic clustering for online anomaly detection

103

An Integrated Intrusion Detection System for Cluster-based Wireless Sensor Networks

104

Forensic investigation of the OneSwarm anonymous filesharing system

105

Design and analysis of genetic fuzzy systems for intrusion detection in computer networks

106

Adaptive Intrusion Detection based on Boosting and Naïve Bayesian Classifier

107

Incremental SVM based on reserved set for network intrusion detection

108

Machine Learning Approach for IP-Flow Record Anomaly Detection

109

Statistical analysis of honeypot data and building of Kyoto 2006+ dataset for NIDS evaluation

110

Real-time anomaly detection systems for Denial-of-Service attacks by weighted k-nearest-neighbor classifiers

111

A K-Means and Naive Bayes Learning Approach for Better Intrusion Detection

112

A threat taxonomy for mHealth privacy

113

Random effects logistic regression model for anomaly detection

114

A new approach to intrusion detection using Artificial Neural Networks and fuzzy clustering

115

Proposed Security Model and Threat Taxonomy for the Internet of Things (IoT)

116

An adaptive genetic-based signature learning system for intrusion detection

117

A Labeled Data Set for Flow-Based Intrusion Detection

118

Novel Intrusion Detection using Probabilistic Neural Network and Adaptive Boosting

119

A research using hybrid RBF/Elman neural networks for intrusion detection system secure model

120

Detecting Network Anomalies Using CUSUM and EM Clustering

121

Toward Instrumenting Network Warfare Competitions to Generate Labeled Datasets

122

Data mining-based intrusion detectors

123

Intrusion detection using fuzzy association rules

124

Association rules applied to credit card fraud detection

125

A survey of techniques for internet traffic classification using machine learning

126

Anomaly pattern detection in categorical datasets

127

FLAME: A Flow-Level Anomaly Modeling Engine

128

AdaBoost-Based Algorithm for Network Intrusion Detection

129

LaasNetExp: a generic polymorphic platform for network emulation and experiments

130

Code Normalization for Self-Mutating Malware

131

Survey and Taxonomy of Feature Selection Algorithms in Intrusion Detection System

132

Design of Multiple-Level Hybrid Classifier for Intrusion Detection System

133

Stochastic models for generating synthetic HTTP source traffic

134

An Analysis of the 1999 DARPA/Lincoln Laboratory Evaluation Data for Network Anomaly Detection

135

Wireless security threat taxonomy

136

Flash crowds and denial of service attacks: characterization and implications for CDNs and web sites

137

Testing Intrusion detection systems

138

The base-rate fallacy and the difficulty of intrusion detection

139

Hacking Exposed; Network Security Secrets and Solutions

140

A Database of Computer Attacks for the Evaluation of Intrusion Detection Systems

141

Towards a taxonomy of intrusion-detection systems

142

The use of the area under the ROC curve in the evaluation of machine learning algorithms

143

The CAIDA UCSD ‘DDoS Attack 2007’ Dataset

144

Official ID2T Repository. ID2T Creates Labeled IT Network Datasets That Contain User Defined Synthetic Attacks

145

Telecooperation Lab—TU Darmstadt

146

A Survey and Taxonomy of Classifiers of Intrusion Detection Systems

147

A Survey of Feature Selection Techniques in Intrusion Detection System: A Soft Computing Perspective

148

Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization

149

Botnet Research Team, Xi’an Jiaotong University

150

and S. D

151

The Top 9 Network Security Threats of 2019

152

Understanding AUC—ROC Curve

153

Malware Vs Viruses: What’s the Difference? Accessed: Feb. 28, 2018

154

Towards a Reliable Intrusion Detection Benchmark Dataset

155

Android Adware and General Malware Dataset

156

Threat Landscape Survey: Users on the Front Line

157

Trends in Validation of DDoS Research

158

‘‘Measuring the impact of DDoS attacks on Webservices-arealtimeexperimentation,’’

159

Towards Generating Real-life Datasets for Network Intrusion Detection

160

Advanced probabilistic approach for network intrusion forecasting and detection

161

Decision tree based light weight intrusion detection using a wrapper approach

162

An efficient intrusion detection system based on support vector machines and gradually feature removal method

163

Design Network Intrusion Detection System using hybrid Fuzzy-Neural Network

164

The Waikoto Internet Trace Storage Project Dataset

165

Intrusion detection in computer networks by a modular ensemble of one-class classifiers

166

How Real Can Synthetic Network Traffic Be

167

MIT Lincoln Laboratory: DARPA Intrusion Detection Evaluation

168

Addressing the Curse of Imbalanced Training Sets: One-Sided Selection

169

SCADA / ICS PCAP Files From 4SICS

170

DEFCON 8, 10 and 11

171

CAIDA Data

172

Botnet Dataset

173

LBNL/ICSI Enterprise Tracing Project

174