Skip to main content
SpringerLink
Log in

Flow-Based Intrusion Detection Systems: A Survey

  • Conference paper
  • First Online:
Applications and Techniques in Information Security (ATIS 2021)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1554))

  • 282 Accesses

Abstract

After developing IoT devices, information security takes a critical role than any other period. Most IoT devices use weak passwords, insecure interface, poor management, and lack of patches and updates mechanism. To that end, researchers have used different techniques for building a system that can detect intrusions and ensure secured systems. This paper explored the most common types of attacks that threaten networks. Besides, it provides an overview of the existing datasets that researchers can use as benchmark datasets for evaluating their proposed approaches. Furthermore, we review the most significant works during the last ten years that have been introduced for building flow-based intrusion detection systems.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 54.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 69.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Alturfi, S.M., Marhoon, H.A., Al-Musawi, B.: Internet of Things security techniques: a survey. In: AIP Conference Proceedings. AIP Publishing LLC. (2020)

    Google Scholar 

  2. Roesch, M.: Snort, intrusion detection system (2008). http://www.snort.org/. TH Project, Tools http://project.honeynet.org/tools/index

  3. Paxson, V.: Bro: a system for detecting network intruders in real-time. Comput. Netw. 31(23–24), 2435–2463 (1999)

    Article  Google Scholar 

  4. Sperotto, A., et al.: An overview of IP flow-based intrusion detection. IEEE Commun. Surv. Tut. 12(3), 343–356 (2010)

    Article  Google Scholar 

  5. Khraisat, A., Gondal, I., Vamplew, P., Kamruzzaman, J.: Survey of intrusion detection systems: techniques, datasets and challenges. Cybersecurity 2(1), 1–22 (2019). https://doi.org/10.1186/s42400-019-0038-7

    Article  Google Scholar 

  6. Al-Bakaa, A., Al-Musawi, B.: Improving the performance of intrusion detection system through finding the most effective features. In: 2021 International Congress of Advanced Technology and Engineering (ICOTEN). IEEE (2021)

    Google Scholar 

  7. AL-Musawi, B.Q.M.: Mitigating DoS/DDoS attacks using IPTables. Int. J. Eng. Technol. 12(3), 101–111 (2012)

    Google Scholar 

  8. Elrawy, M.F., Awad, A.I., Hamed, H.F.A.: Intrusion detection systems for IoT-based smart environments: a survey. J. Cloud Comput. 7(1), 1–20 (2018)

    Article  Google Scholar 

  9. Hindy, H., et al.: A taxonomy and survey of intrusion detection system design techniques, network threats and datasets (2018)

    Google Scholar 

  10. Patcha, A., Park, J.-M.: An overview of anomaly detection techniques: existing solutions and latest technological trends. Comput. Netw. 51(12), 3448–3470 (2007)

    Article  Google Scholar 

  11. Vasudevan, A., Harshini, E., Selvakumar, S.: SSENet-2011: a network intrusion detection system dataset and its comparison with KDD CUP 99 dataset. In: 2011 2nd Asian Himalayas International Conference on Internet (AH-ICI). IEEE (2011)

    Google Scholar 

  12. Moustafa, N., Hu, J., Slay, J.: A holistic review of network anomaly detection systems: a comprehensive survey. J. Netw. Comput. Appl. 128, 33–55 (2019)

    Article  Google Scholar 

  13. Maciá-Fernández, G., et al.: UGR ‘16: a new dataset for the evaluation of cyclostationarity-based network IDSs. Comput. Secur. 73, 411–424 (2018)

    Article  Google Scholar 

  14. Umer, M.F., Sher, M., Bi, Y.: Flow-based intrusion detection: techniques and challenges. Comput. Secur. 70, 238–254 (2017)

    Article  Google Scholar 

  15. Damasevicius, R., et al.: LITNET-2020: an annotated real-world network flow dataset for network intrusion detection. Electronics 9(5), 800 (2020)

    Article  Google Scholar 

  16. Ring, M., et al.: A survey of network-based intrusion detection data sets. Comput. Secur. 86, 147–167 (2019)

    Article  Google Scholar 

  17. Kddcup 1999 (1999). http://kdd.ics.uci.edu/databases

  18. Song, J., et al.: Statistical analysis of honeypot data and building of Kyoto 2006+ dataset for NIDS evaluation. In: Proceedings of the 1st Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (2011)

    Google Scholar 

  19. Defcon dataset (2000). https://www.defcon.org/html/links/dc-ctf.html

  20. LBNL dataset (2005). http://powerdata.lbl.gov/download.html

  21. CAIDA dataset (2008). https://www.caida.org/data/

  22. Gringoli, F., et al.: Gt: picking up the truth from the ground for internet traffic. ACM SIGCOMM Comput. Commun. Rev. 39(5), 12–18 (2009)

    Article  Google Scholar 

  23. Tavallaee, M., et al.: A detailed analysis of the KDD CUP 99 data set. In: 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications. IEEE (2009)

    Google Scholar 

  24. Sangster, B., et al.: Toward instrumenting network warfare competitions to generate labeled datasets. In: CSET (2009)

    Google Scholar 

  25. DARPA 2009 dataset (2009). https://www.predict.org/

  26. Fontugne, R., et al.: MAWILab: combining diverse anomaly detectors for automated anomaly labeling and performance benchmarking. In: Proceedings of the 6th International Conference (2010)

    Google Scholar 

  27. Saad, S., et al.: Detecting P2P botnets through network behavior analysis and machine learning. In: 2011 9th Annual International Conference on Privacy, Security and Trust. IEEE (2011)

    Google Scholar 

  28. Gogoi, P., Bhuyan, M.H., Bhattacharyya, D.K., Kalita, J.K.: Packet and flow based network intrusion dataset. In: Parashar, M., Kaushik, D., Rana, O.F., Samtaney, R., Yang, Y., Zomaya, A. (eds.) IC3 2012. CCIS, vol. 306, pp. 322–334. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32129-0_34

    Chapter  Google Scholar 

  29. Shiravi, A., et al.: Toward developing a systematic approach to generate benchmark datasets for intrusion detection. Comput. Secur. 31(3), 357–374 (2012)

    Article  Google Scholar 

  30. Garcia, S., et al.: An empirical comparison of botnet detection methods. Comput. Secur. 45, 100–123 (2014)

    Article  Google Scholar 

  31. ADFA dataset (2014). https://www.unsw.adfa.edu.au/australian-centre-for-cyber-security/cybersecurity/ADFA-IDS-Datasets/

  32. Hofstede, R., et al.: SSH compromise detection using NetFlow/IPFIX. ACM SIGCOMM Comput. Commun. Rev. 44(5), 20–26 (2014)

    Article  Google Scholar 

  33. Moustafa, N., Slay, J.: UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). In: 2015 Military Communications and Information Systems Conference (MilCIS). IEEE (2015)

    Google Scholar 

  34. Alkasassbeh, M., et al.: Detecting distributed denial of service attacks using data mining techniques. Int. J. Adv. Comput. Sci. Appl. 7(1), 436–445 (2016)

    Google Scholar 

  35. Sharafaldin, I., Lashkari, A.H., Ghorbani, A.A.: Toward generating a new intrusion detection dataset and intrusion traffic characterization. ICISSp 1, 108–116 (2018)

    Google Scholar 

  36. Haider, W., et al.: Generating realistic intrusion detection system dataset based on fuzzy qualitative modeling. J. Netw. Comput. Appl. 87, 185–192 (2017)

    Article  Google Scholar 

  37. CSE-CIC-IDS2018 dataset (2018). https://www.unb.ca/cic/datasets/ids-2018.html

  38. Salem, O., et al.: Flooding attacks detection in traffic of backbone networks. In: 2011 IEEE 36th Conference on Local Computer Networks. IEEE (2011)

    Google Scholar 

  39. Fan, W., Bouguila, N., Ziou, D.: Unsupervised anomaly intrusion detection via localized bayesian feature selection. In: 2011 IEEE 11th International Conference on Data Mining. IEEE (2011)

    Google Scholar 

  40. Zhang, C., et al.: Flow level detection and filtering of low-rate DDoS. Comput. Netw. 56(15), 3417–3431 (2012)

    Article  Google Scholar 

  41. Tan, Z., et al.: A system for denial-of-service attack detection based on multivariate correlation analysis. IEEE Trans. Parallel Distrib. Syst. 25(2), 447–456 (2013)

    Google Scholar 

  42. Altwaijry, H.: Bayesian based intrusion detection system. In: Kim, H., Ao, S.I., Rieger, B. (eds.) IAENG Transactions on Engineering Technologies. Lecture Notes in Electrical Engineering, vol. 170, pp. 29–44. Springer, Dordrecht (2013). https://doi.org/10.1007/978-94-007-4786-9_3

  43. Hofstede, R., et al.: Towards real-time intrusion detection for NetFlow and IPFIX. In: Proceedings of the 9th International Conference on Network and Service Management, CNSM 2013. IEEE (2013)

    Google Scholar 

  44. Kanda, Y., et al.: ADMIRE: anomaly detection method using entropy-based PCA with three-step sketches. Comput. Commun. 36(5), 575–588 (2013)

    Article  Google Scholar 

  45. Fernandes, G., Jr., Rodrigues, J.J., Proenca, M.L., Jr.: Autonomous profile-based anomaly detection system using principal component analysis and flow analysis. Appl. Soft Comput. 34, 513–525 (2015)

    Article  Google Scholar 

  46. Gruhl, C., et al.: A building block for awareness in technical systems: online novelty detection and reaction with an application in intrusion detection. In: 2015 IEEE 7th International Conference on Awareness Science and Technology (iCAST). IEEE (2015)

    Google Scholar 

  47. Han, X., et al.: A Naive Bayesian network intrusion detection algorithm based on principal component analysis. In: 2015 7th International Conference on Information Technology in Medicine and Education (ITME). IEEE (2015)

    Google Scholar 

  48. Moustafa, N., Slay, J.: The significant features of the UNSW-NB15 and the KDD99 data sets for network intrusion detection systems. In: 2015 4th International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS). IEEE (2015)

    Google Scholar 

  49. Moustafa, N., et al.: Collaborative anomaly detection framework for handling big data of cloud computing. In: 2017 Military Communications and Information Systems Conference (MilCIS). IEEE (2017)

    Google Scholar 

  50. Moustafa, N., et al.: A new threat intelligence scheme for safeguarding Industry 4.0 systems. IEEE Access 6, 32910–32924 (2018)

    Google Scholar 

  51. Moustafa, N., Creech, G., Slay, J.: Big data analytics for intrusion detection system: statistical decision-making using finite dirichlet mixture models. In: Carrascosa, I.P., Kalutarage, H.K., Huang, Y. (eds.) Data analytics and decision support for cybersecurity. DA, pp. 127–156. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-59439-2_5

    Chapter  Google Scholar 

  52. Belouch, M., El Hadaj, S., Idhammad, M.: A two-stage classifier approach using REPTree algorithm for network intrusion detection. Int. J. Adv. Comput. Sci. Appl. 8(6), 389–394 (2017)

    Google Scholar 

  53. Khammassi, C., Krichen, S.: A GA-LR wrapper approach for feature selection in network intrusion detection. Comput. Secur. 70, 255–277 (2017)

    Article  Google Scholar 

  54. Moustafa, N., Creech, G., Slay, J.: Anomaly detection system using beta mixture models and outlier detection. In: Pattnaik, P.K., Rautaray, S.S., Das, H., Nayak, J. (eds.) Progress in Computing, Analytics and Networking. AISC, vol. 710, pp. 125–135. Springer, Singapore (2018). https://doi.org/10.1007/978-981-10-7871-2_13

    Chapter  Google Scholar 

  55. Moustafa, N., Turnbull, B., Choo, K.-K.R.: An ensemble intrusion detection technique based on proposed statistical flow features for protecting network traffic of internet of things. IEEE Internet Things J. 6(3), 4815–4830 (2018)

    Article  Google Scholar 

  56. Meftah, S., Rachidi, T., Assem, N.: Network based intrusion detection using the UNSW-NB15 dataset. Int. J. Comput. Digit. Syst. 8(5), 478–487 (2019)

    Google Scholar 

  57. Ahmad, T., Aziz, M.N.: Data preprocessing and feature selection for machine learning intrusion detection systems. ICIC Exp. Lett. 13(2), 93–101 (2019)

    Google Scholar 

  58. Mebawondu, J.O., Alowolodu, O.D., Mebawondu, J.O., Adetunmbi, A.O.: Network intrusion detection system using supervised learning paradigm. Sci. Afr. 9, e00497 (2020)

    Google Scholar 

  59. Wei, W., et al.: A multi-objective immune algorithm for intrusion feature selection. Appl. Soft Comput. 95, 106522 (2020)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Faculty of Engineering, University of Kufa, Najaf, Iraq

    Aliaa Al-Bakaa & Bahaa Al-Musawi

Authors
  1. Aliaa Al-Bakaa
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Bahaa Al-Musawi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Aliaa Al-Bakaa or Bahaa Al-Musawi .

Editor information

Editors and Affiliations

  1. Deakin University, Burwood, Australia

    Shiva Raj Pokhrel

  2. Chinese Academy of Sciences, Beijing, China

    Min Yu

  3. Deakin University, Burwood, Australia

    Gang Li

Rights and permissions

Reprints and permissions

Copyright information

© 2022 Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Al-Bakaa, A., Al-Musawi, B. (2022). Flow-Based Intrusion Detection Systems: A Survey. In: Pokhrel, S.R., Yu, M., Li, G. (eds) Applications and Techniques in Information Security. ATIS 2021. Communications in Computer and Information Science, vol 1554. Springer, Singapore. https://doi.org/10.1007/978-981-19-1166-8_10

Download citation

  • DOI: https://doi.org/10.1007/978-981-19-1166-8_10

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-19-1165-1

  • Online ISBN: 978-981-19-1166-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation