Abstract
Flow-based intrusion detection is an innovative way of detecting intrusions in high-speed networks. Flow-based intrusion detection only inspects the packet header and does not analyze the packet payload. This paper gives an intro- duction to a flow-based intrusion detection system and surveys state of the art in flow-based intrusion detection. It also describes the available flow-based datasets used for evaluation of flow-based intrusion detection systems. The paper proposes a taxonomy for flow-based intrusion detection systems on the basis of the technique used for detection of maliciousness in IP flow records. We review the architecture and evaluation results of available flow-based intrusion detection systems and identify important research challenges for future research in the area of flow-based intrusion detection.
Original language | English |
---|---|
Pages (from-to) | 238-254 |
Journal | Computers and Security |
Volume | 70 |
Issue number | 16 |
Early online date | 1 Jun 2017 |
DOIs | |
Publication status | Published online - 1 Jun 2017 |
Keywords
- IP flows
- Flow-based intrusion detection
- Flow-based datasets
- Machine learning