Flow-based intrusion detection: Techniques and challenges

Muhammad Fahad Umer, Muhammad Sher, Yaxin Bi

Research output: Contribution to journalArticle

18 Citations (Scopus)

Abstract

Flow-based intrusion detection is an innovative way of detecting intrusions in high-speed networks. Flow-based intrusion detection only inspects the packet header and does not analyze the packet payload. This paper gives an intro- duction to a flow-based intrusion detection system and surveys state of the art in flow-based intrusion detection. It also describes the available flow-based datasets used for evaluation of flow-based intrusion detection systems. The paper proposes a taxonomy for flow-based intrusion detection systems on the basis of the technique used for detection of maliciousness in IP flow records. We review the architecture and evaluation results of available flow-based intrusion detection systems and identify important research challenges for future research in the area of flow-based intrusion detection.
LanguageEnglish
Pages238-254
JournalComputers and Security
Volume70
Issue number16
Early online date1 Jun 2017
DOIs
Publication statusE-pub ahead of print - 1 Jun 2017

Fingerprint

Intrusion detection
HIgh speed networks
Taxonomies

Keywords

  • IP flows
  • Flow-based intrusion detection
  • Flow-based datasets
  • Machine learning

Cite this

Umer, Muhammad Fahad ; Sher, Muhammad ; Bi, Yaxin. / Flow-based intrusion detection: Techniques and challenges. 2017 ; Vol. 70, No. 16. pp. 238-254.
@article{57f7864dfef841669c8cdf86c6b6eb0a,
title = "Flow-based intrusion detection: Techniques and challenges",
abstract = "Flow-based intrusion detection is an innovative way of detecting intrusions in high-speed networks. Flow-based intrusion detection only inspects the packet header and does not analyze the packet payload. This paper gives an intro- duction to a flow-based intrusion detection system and surveys state of the art in flow-based intrusion detection. It also describes the available flow-based datasets used for evaluation of flow-based intrusion detection systems. The paper proposes a taxonomy for flow-based intrusion detection systems on the basis of the technique used for detection of maliciousness in IP flow records. We review the architecture and evaluation results of available flow-based intrusion detection systems and identify important research challenges for future research in the area of flow-based intrusion detection.",
keywords = "IP flows, Flow-based intrusion detection, Flow-based datasets, Machine learning",
author = "Umer, {Muhammad Fahad} and Muhammad Sher and Yaxin Bi",
year = "2017",
month = "6",
day = "1",
doi = "10.1016/j.cose.2017.05.009",
language = "English",
volume = "70",
pages = "238--254",
number = "16",

}

Flow-based intrusion detection: Techniques and challenges. / Umer, Muhammad Fahad; Sher, Muhammad; Bi, Yaxin.

Vol. 70, No. 16, 01.06.2017, p. 238-254.

Research output: Contribution to journalArticle

TY - JOUR

T1 - Flow-based intrusion detection: Techniques and challenges

AU - Umer, Muhammad Fahad

AU - Sher, Muhammad

AU - Bi, Yaxin

PY - 2017/6/1

Y1 - 2017/6/1

N2 - Flow-based intrusion detection is an innovative way of detecting intrusions in high-speed networks. Flow-based intrusion detection only inspects the packet header and does not analyze the packet payload. This paper gives an intro- duction to a flow-based intrusion detection system and surveys state of the art in flow-based intrusion detection. It also describes the available flow-based datasets used for evaluation of flow-based intrusion detection systems. The paper proposes a taxonomy for flow-based intrusion detection systems on the basis of the technique used for detection of maliciousness in IP flow records. We review the architecture and evaluation results of available flow-based intrusion detection systems and identify important research challenges for future research in the area of flow-based intrusion detection.

AB - Flow-based intrusion detection is an innovative way of detecting intrusions in high-speed networks. Flow-based intrusion detection only inspects the packet header and does not analyze the packet payload. This paper gives an intro- duction to a flow-based intrusion detection system and surveys state of the art in flow-based intrusion detection. It also describes the available flow-based datasets used for evaluation of flow-based intrusion detection systems. The paper proposes a taxonomy for flow-based intrusion detection systems on the basis of the technique used for detection of maliciousness in IP flow records. We review the architecture and evaluation results of available flow-based intrusion detection systems and identify important research challenges for future research in the area of flow-based intrusion detection.

KW - IP flows

KW - Flow-based intrusion detection

KW - Flow-based datasets

KW - Machine learning

U2 - 10.1016/j.cose.2017.05.009

DO - 10.1016/j.cose.2017.05.009

M3 - Article

VL - 70

SP - 238

EP - 254

IS - 16

ER -