State of the Art Literature Review on Network Anomaly Detection

  • Tero BodströmEmail author
  • Timo Hämäläinen
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11118)


As network attacks are evolving along with extreme growth in the amount of data that is present in networks, there is a significant need for faster and more effective anomaly detection methods. Even though current systems perform well when identifying known attacks, previously unknown attacks are still difficult to identify under occurrence. To emphasize, attacks that might have more than one ongoing attack vectors in one network at the same time, or also known as APT (Advanced Persistent Threat) attack, may be hardly notable since it masquerades itself as legitimate traffic. Furthermore, with the help of hiding functionality, this type of attack can even hide in a network for years. Additionally, the expected number of connected devices as well as the fast-paced development caused by the Internet of Things, raises huge risks in cyber security that must be dealt with accordingly. When considering all above-mentioned reasons, there is no doubt that there is plenty of room for more advanced methods in network anomaly detection hence more advanced statistical methods and machine learning based techniques have been proposed recently in detecting anomalies. The papers reviewed showed that different methods vary greatly in their performance to detect anomalies. Every method had its advantages and disadvantages, however most of the presented methods cannot detect previously unknown attacks but on the contrary, for example, detects DDoS attacks extremely well.


Network attacks Anomaly detection Machine learning 


  1. 1.
    Andropov, S., Guirik, A., Budko, M., Budko, M.: Network anomaly detection using artificial neural networks. In: 2017 20th Conference of Open Innovations Association (FRUCT) (2017).
  2. 2.
    Aygun, R.C., Yavuz, A.G.: Network anomaly detection with stochastically improved autoencoder based models. In: 2017 IEEE 4th International Conference on Cyber Security and Cloud Computing, pp. 193–198 (2017).
  3. 3.
    Yuan, X., Li, C., Li, X.: DeepDefense: identifying DDoS attack via deep learning. In: 2017 IEEE International Conference on Smart Computing (SMARTCOMP) (2017).
  4. 4.
    Kim, J., Yoo, A., Sim, A., Suh, S., Kim, I.: A lightweight network anomaly detection technique. In: 2017 Workshop on Computing, Networking and Communications (CNC) (2017).
  5. 5.
    Iordache, M., Jouet, S., Marnerides, A.K., Dimitrios, P.P.: Distributed, multi-level network anomaly detection for datacentre networks. In: IEEE ICC 2017 Next Generation Networking and Internet Symposium (2017).
  6. 6.
    Terzi, D.S., Terzi, R., Sagiroglu, S.: Big data analytics for network anomaly detection from netflow data. In: 2017 International Conference on Computer Science and Engineering (UBMK), pp. 592–597 (2017).
  7. 7.
    Elkhadir, Z., Chougdali, K., Benattou, M.: Combination of R1-PCA and median LDA for anomaly network detection. In: Intelligent Systems and Computer Vision (ISCV) (2017).
  8. 8.
    Ussath, M. Jaeger, D., Cheng, F., Meinel, C.: Advanced persistent threats: behind the scenes. In: 2016 Annual Conference on Information Science and Systems (CISS) (2016).
  9. 9.
    Pamukchiev, A., Jouet, S., Pezaros, D.P.: Distributed network anomaly detection on an event processing framework. In: 2017 14th IEEE Annual Consumer Communications & Networking Conference (CCNC), pp. 659–664 (2017).
  10. 10.
    Callegari, C., Giordano, S., Pagano, M.: Entropy-based network anomaly detection. In: 2017 International Conference on Computing, Networking and Communications (ICNC): Communications and Information Security Symposium (2017).
  11. 11.
    Dromard, J., Owezarski, P.: Integrating short history for improving clustering based network traffic anomaly detection. In: 2017 IEEE 2nd International Workshops on Foundations and Applications of Self* Systems (FAS*W), pp. 227–234 (2017).
  12. 12.
    Liu, Y., et al.: Network anomaly detection based on dynamic hierarchical clustering of cross domain data. In: 2017 IEEE International Conference on Software Quality, Reliability and Security (Companion Volume), pp. 200–204 (2017).
  13. 13.
    Ivannikova, E., Zolotukhin, M., Hämäläinen, T.: Probabilistic transition-based approach for detecting application-layer DDoS attacks in encrypted software-defined networks. In: Yan, Z., Molva, R., Mazurczyk, W., Kantola, R. (eds.) NSS 2017. LNCS, vol. 10394, pp. 531–543. Springer, Cham (2017). Scholar
  14. 14.
    Baddar, S., Merlo, A., Migliardi, M.: Anomaly detection in computer networks: a state-of-the-art review. J. Wirel. Mob. Netw. Ubiquitous Comput. Dependable Appl. (JoWUA) 5, 29–64 (2014).

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  1. 1.Faculty of Information TechnologyUniversity of JyväskyläJyväskyläFinland

Personalised recommendations