Abstract
After developing IoT devices, information security takes a critical role than any other period. Most IoT devices use weak passwords, insecure interface, poor management, and lack of patches and updates mechanism. To that end, researchers have used different techniques for building a system that can detect intrusions and ensure secured systems. This paper explored the most common types of attacks that threaten networks. Besides, it provides an overview of the existing datasets that researchers can use as benchmark datasets for evaluating their proposed approaches. Furthermore, we review the most significant works during the last ten years that have been introduced for building flow-based intrusion detection systems.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Alturfi, S.M., Marhoon, H.A., Al-Musawi, B.: Internet of Things security techniques: a survey. In: AIP Conference Proceedings. AIP Publishing LLC. (2020)
Roesch, M.: Snort, intrusion detection system (2008). http://www.snort.org/. TH Project, Tools http://project.honeynet.org/tools/index
Paxson, V.: Bro: a system for detecting network intruders in real-time. Comput. Netw. 31(23–24), 2435–2463 (1999)
Sperotto, A., et al.: An overview of IP flow-based intrusion detection. IEEE Commun. Surv. Tut. 12(3), 343–356 (2010)
Khraisat, A., Gondal, I., Vamplew, P., Kamruzzaman, J.: Survey of intrusion detection systems: techniques, datasets and challenges. Cybersecurity 2(1), 1–22 (2019). https://doi.org/10.1186/s42400-019-0038-7
Al-Bakaa, A., Al-Musawi, B.: Improving the performance of intrusion detection system through finding the most effective features. In: 2021 International Congress of Advanced Technology and Engineering (ICOTEN). IEEE (2021)
AL-Musawi, B.Q.M.: Mitigating DoS/DDoS attacks using IPTables. Int. J. Eng. Technol. 12(3), 101–111 (2012)
Elrawy, M.F., Awad, A.I., Hamed, H.F.A.: Intrusion detection systems for IoT-based smart environments: a survey. J. Cloud Comput. 7(1), 1–20 (2018)
Hindy, H., et al.: A taxonomy and survey of intrusion detection system design techniques, network threats and datasets (2018)
Patcha, A., Park, J.-M.: An overview of anomaly detection techniques: existing solutions and latest technological trends. Comput. Netw. 51(12), 3448–3470 (2007)
Vasudevan, A., Harshini, E., Selvakumar, S.: SSENet-2011: a network intrusion detection system dataset and its comparison with KDD CUP 99 dataset. In: 2011 2nd Asian Himalayas International Conference on Internet (AH-ICI). IEEE (2011)
Moustafa, N., Hu, J., Slay, J.: A holistic review of network anomaly detection systems: a comprehensive survey. J. Netw. Comput. Appl. 128, 33–55 (2019)
Maciá-Fernández, G., et al.: UGR ‘16: a new dataset for the evaluation of cyclostationarity-based network IDSs. Comput. Secur. 73, 411–424 (2018)
Umer, M.F., Sher, M., Bi, Y.: Flow-based intrusion detection: techniques and challenges. Comput. Secur. 70, 238–254 (2017)
Damasevicius, R., et al.: LITNET-2020: an annotated real-world network flow dataset for network intrusion detection. Electronics 9(5), 800 (2020)
Ring, M., et al.: A survey of network-based intrusion detection data sets. Comput. Secur. 86, 147–167 (2019)
Kddcup 1999 (1999). http://kdd.ics.uci.edu/databases
Song, J., et al.: Statistical analysis of honeypot data and building of Kyoto 2006+ dataset for NIDS evaluation. In: Proceedings of the 1st Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (2011)
Defcon dataset (2000). https://www.defcon.org/html/links/dc-ctf.html
LBNL dataset (2005). http://powerdata.lbl.gov/download.html
CAIDA dataset (2008). https://www.caida.org/data/
Gringoli, F., et al.: Gt: picking up the truth from the ground for internet traffic. ACM SIGCOMM Comput. Commun. Rev. 39(5), 12–18 (2009)
Tavallaee, M., et al.: A detailed analysis of the KDD CUP 99 data set. In: 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications. IEEE (2009)
Sangster, B., et al.: Toward instrumenting network warfare competitions to generate labeled datasets. In: CSET (2009)
DARPA 2009 dataset (2009). https://www.predict.org/
Fontugne, R., et al.: MAWILab: combining diverse anomaly detectors for automated anomaly labeling and performance benchmarking. In: Proceedings of the 6th International Conference (2010)
Saad, S., et al.: Detecting P2P botnets through network behavior analysis and machine learning. In: 2011 9th Annual International Conference on Privacy, Security and Trust. IEEE (2011)
Gogoi, P., Bhuyan, M.H., Bhattacharyya, D.K., Kalita, J.K.: Packet and flow based network intrusion dataset. In: Parashar, M., Kaushik, D., Rana, O.F., Samtaney, R., Yang, Y., Zomaya, A. (eds.) IC3 2012. CCIS, vol. 306, pp. 322–334. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32129-0_34
Shiravi, A., et al.: Toward developing a systematic approach to generate benchmark datasets for intrusion detection. Comput. Secur. 31(3), 357–374 (2012)
Garcia, S., et al.: An empirical comparison of botnet detection methods. Comput. Secur. 45, 100–123 (2014)
ADFA dataset (2014). https://www.unsw.adfa.edu.au/australian-centre-for-cyber-security/cybersecurity/ADFA-IDS-Datasets/
Hofstede, R., et al.: SSH compromise detection using NetFlow/IPFIX. ACM SIGCOMM Comput. Commun. Rev. 44(5), 20–26 (2014)
Moustafa, N., Slay, J.: UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). In: 2015 Military Communications and Information Systems Conference (MilCIS). IEEE (2015)
Alkasassbeh, M., et al.: Detecting distributed denial of service attacks using data mining techniques. Int. J. Adv. Comput. Sci. Appl. 7(1), 436–445 (2016)
Sharafaldin, I., Lashkari, A.H., Ghorbani, A.A.: Toward generating a new intrusion detection dataset and intrusion traffic characterization. ICISSp 1, 108–116 (2018)
Haider, W., et al.: Generating realistic intrusion detection system dataset based on fuzzy qualitative modeling. J. Netw. Comput. Appl. 87, 185–192 (2017)
CSE-CIC-IDS2018 dataset (2018). https://www.unb.ca/cic/datasets/ids-2018.html
Salem, O., et al.: Flooding attacks detection in traffic of backbone networks. In: 2011 IEEE 36th Conference on Local Computer Networks. IEEE (2011)
Fan, W., Bouguila, N., Ziou, D.: Unsupervised anomaly intrusion detection via localized bayesian feature selection. In: 2011 IEEE 11th International Conference on Data Mining. IEEE (2011)
Zhang, C., et al.: Flow level detection and filtering of low-rate DDoS. Comput. Netw. 56(15), 3417–3431 (2012)
Tan, Z., et al.: A system for denial-of-service attack detection based on multivariate correlation analysis. IEEE Trans. Parallel Distrib. Syst. 25(2), 447–456 (2013)
Altwaijry, H.: Bayesian based intrusion detection system. In: Kim, H., Ao, S.I., Rieger, B. (eds.) IAENG Transactions on Engineering Technologies. Lecture Notes in Electrical Engineering, vol. 170, pp. 29–44. Springer, Dordrecht (2013). https://doi.org/10.1007/978-94-007-4786-9_3
Hofstede, R., et al.: Towards real-time intrusion detection for NetFlow and IPFIX. In: Proceedings of the 9th International Conference on Network and Service Management, CNSM 2013. IEEE (2013)
Kanda, Y., et al.: ADMIRE: anomaly detection method using entropy-based PCA with three-step sketches. Comput. Commun. 36(5), 575–588 (2013)
Fernandes, G., Jr., Rodrigues, J.J., Proenca, M.L., Jr.: Autonomous profile-based anomaly detection system using principal component analysis and flow analysis. Appl. Soft Comput. 34, 513–525 (2015)
Gruhl, C., et al.: A building block for awareness in technical systems: online novelty detection and reaction with an application in intrusion detection. In: 2015 IEEE 7th International Conference on Awareness Science and Technology (iCAST). IEEE (2015)
Han, X., et al.: A Naive Bayesian network intrusion detection algorithm based on principal component analysis. In: 2015 7th International Conference on Information Technology in Medicine and Education (ITME). IEEE (2015)
Moustafa, N., Slay, J.: The significant features of the UNSW-NB15 and the KDD99 data sets for network intrusion detection systems. In: 2015 4th International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS). IEEE (2015)
Moustafa, N., et al.: Collaborative anomaly detection framework for handling big data of cloud computing. In: 2017 Military Communications and Information Systems Conference (MilCIS). IEEE (2017)
Moustafa, N., et al.: A new threat intelligence scheme for safeguarding Industry 4.0 systems. IEEE Access 6, 32910–32924 (2018)
Moustafa, N., Creech, G., Slay, J.: Big data analytics for intrusion detection system: statistical decision-making using finite dirichlet mixture models. In: Carrascosa, I.P., Kalutarage, H.K., Huang, Y. (eds.) Data analytics and decision support for cybersecurity. DA, pp. 127–156. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-59439-2_5
Belouch, M., El Hadaj, S., Idhammad, M.: A two-stage classifier approach using REPTree algorithm for network intrusion detection. Int. J. Adv. Comput. Sci. Appl. 8(6), 389–394 (2017)
Khammassi, C., Krichen, S.: A GA-LR wrapper approach for feature selection in network intrusion detection. Comput. Secur. 70, 255–277 (2017)
Moustafa, N., Creech, G., Slay, J.: Anomaly detection system using beta mixture models and outlier detection. In: Pattnaik, P.K., Rautaray, S.S., Das, H., Nayak, J. (eds.) Progress in Computing, Analytics and Networking. AISC, vol. 710, pp. 125–135. Springer, Singapore (2018). https://doi.org/10.1007/978-981-10-7871-2_13
Moustafa, N., Turnbull, B., Choo, K.-K.R.: An ensemble intrusion detection technique based on proposed statistical flow features for protecting network traffic of internet of things. IEEE Internet Things J. 6(3), 4815–4830 (2018)
Meftah, S., Rachidi, T., Assem, N.: Network based intrusion detection using the UNSW-NB15 dataset. Int. J. Comput. Digit. Syst. 8(5), 478–487 (2019)
Ahmad, T., Aziz, M.N.: Data preprocessing and feature selection for machine learning intrusion detection systems. ICIC Exp. Lett. 13(2), 93–101 (2019)
Mebawondu, J.O., Alowolodu, O.D., Mebawondu, J.O., Adetunmbi, A.O.: Network intrusion detection system using supervised learning paradigm. Sci. Afr. 9, e00497 (2020)
Wei, W., et al.: A multi-objective immune algorithm for intrusion feature selection. Appl. Soft Comput. 95, 106522 (2020)
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Al-Bakaa, A., Al-Musawi, B. (2022). Flow-Based Intrusion Detection Systems: A Survey. In: Pokhrel, S.R., Yu, M., Li, G. (eds) Applications and Techniques in Information Security. ATIS 2021. Communications in Computer and Information Science, vol 1554. Springer, Singapore. https://doi.org/10.1007/978-981-19-1166-8_10
Download citation
DOI: https://doi.org/10.1007/978-981-19-1166-8_10
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-19-1165-1
Online ISBN: 978-981-19-1166-8
eBook Packages: Computer ScienceComputer Science (R0)