Flow-based intrusion detection: Techniques and challenges

Muhammad Fahad Umer, Muhammad Sher, Yaxin Bi

Research output: Contribution to journalArticlepeer-review

132 Citations (Scopus)


Flow-based intrusion detection is an innovative way of detecting intrusions in high-speed networks. Flow-based intrusion detection only inspects the packet header and does not analyze the packet payload. This paper gives an intro- duction to a flow-based intrusion detection system and surveys state of the art in flow-based intrusion detection. It also describes the available flow-based datasets used for evaluation of flow-based intrusion detection systems. The paper proposes a taxonomy for flow-based intrusion detection systems on the basis of the technique used for detection of maliciousness in IP flow records. We review the architecture and evaluation results of available flow-based intrusion detection systems and identify important research challenges for future research in the area of flow-based intrusion detection.
Original languageEnglish
Pages (from-to)238-254
JournalComputers and Security
Issue number16
Early online date1 Jun 2017
Publication statusPublished online - 1 Jun 2017


  • IP flows
  • Flow-based intrusion detection
  • Flow-based datasets
  • Machine learning


Dive into the research topics of 'Flow-based intrusion detection: Techniques and challenges'. Together they form a unique fingerprint.

Cite this