A taxonomy and survey of intrusion detection system design techniques, network threats and datasets

Hanan Hindy, David Brosset, Ethan Bayne, Amar Seeam, Christos Tachtatzis, Robert Atkinson, Xavier Bellekens

Research output: Working paper

Abstract

With the world moving towards being increasingly dependent on computers and automation, one of the main challenges in the current decade has been to build secure applications, systems and networks. Alongside these challenges, the number of threats is rising exponentially due to the attack surface increasing through numerous interfaces offered for each service. To alleviate the impact of these threats, researchers have proposed numerous solutions; however, current tools often fail to adapt to ever-changing architectures, associated threats and 0-days. This manuscript aims to provide researchers with a taxonomy and survey of current dataset composition and current Intrusion Detection Systems (IDS) capabilities and assets. These taxonomies and surveys aim to improve both the efficiency of IDS and the creation of datasets to build the next generation IDS as well as to reflect networks threats more accurately in future datasets. To this end, this manuscript also provides a taxonomy and survey or network threats and associated tools. The manuscript highlights that current IDS only cover 25% of our threat taxonomy, while current datasets demonstrate clear lack of real-network threats and attack representation, but rather include a large number of deprecated threats, hence limiting the accuracy of current machine learning IDS. Moreover, the taxonomies are open-sourced to allow public contributions through a Github repository.
LanguageEnglish
Place of PublicationIthaca, N.Y.
Number of pages35
Publication statusPublished - 9 Jun 2018

Fingerprint

Intrusion detection
Taxonomies
Systems analysis
Learning systems
Automation
Chemical analysis

Keywords

  • cryptography
  • artificial intelligence
  • networking
  • internet architecture

Cite this

Hindy, Hanan ; Brosset, David ; Bayne, Ethan ; Seeam, Amar ; Tachtatzis, Christos ; Atkinson, Robert ; Bellekens, Xavier. / A taxonomy and survey of intrusion detection system design techniques, network threats and datasets. Ithaca, N.Y., 2018.
@techreport{35b8bcd683624daf8554c67c3e8f0306,
title = "A taxonomy and survey of intrusion detection system design techniques, network threats and datasets",
abstract = "With the world moving towards being increasingly dependent on computers and automation, one of the main challenges in the current decade has been to build secure applications, systems and networks. Alongside these challenges, the number of threats is rising exponentially due to the attack surface increasing through numerous interfaces offered for each service. To alleviate the impact of these threats, researchers have proposed numerous solutions; however, current tools often fail to adapt to ever-changing architectures, associated threats and 0-days. This manuscript aims to provide researchers with a taxonomy and survey of current dataset composition and current Intrusion Detection Systems (IDS) capabilities and assets. These taxonomies and surveys aim to improve both the efficiency of IDS and the creation of datasets to build the next generation IDS as well as to reflect networks threats more accurately in future datasets. To this end, this manuscript also provides a taxonomy and survey or network threats and associated tools. The manuscript highlights that current IDS only cover 25{\%} of our threat taxonomy, while current datasets demonstrate clear lack of real-network threats and attack representation, but rather include a large number of deprecated threats, hence limiting the accuracy of current machine learning IDS. Moreover, the taxonomies are open-sourced to allow public contributions through a Github repository.",
keywords = "cryptography, artificial intelligence, networking, internet architecture",
author = "Hanan Hindy and David Brosset and Ethan Bayne and Amar Seeam and Christos Tachtatzis and Robert Atkinson and Xavier Bellekens",
note = "35 Pages, 9 Figures",
year = "2018",
month = "6",
day = "9",
language = "English",
type = "WorkingPaper",

}

A taxonomy and survey of intrusion detection system design techniques, network threats and datasets. / Hindy, Hanan; Brosset, David; Bayne, Ethan; Seeam, Amar; Tachtatzis, Christos; Atkinson, Robert; Bellekens, Xavier.

Ithaca, N.Y., 2018.

Research output: Working paper

TY - UNPB

T1 - A taxonomy and survey of intrusion detection system design techniques, network threats and datasets

AU - Hindy, Hanan

AU - Brosset, David

AU - Bayne, Ethan

AU - Seeam, Amar

AU - Tachtatzis, Christos

AU - Atkinson, Robert

AU - Bellekens, Xavier

N1 - 35 Pages, 9 Figures

PY - 2018/6/9

Y1 - 2018/6/9

N2 - With the world moving towards being increasingly dependent on computers and automation, one of the main challenges in the current decade has been to build secure applications, systems and networks. Alongside these challenges, the number of threats is rising exponentially due to the attack surface increasing through numerous interfaces offered for each service. To alleviate the impact of these threats, researchers have proposed numerous solutions; however, current tools often fail to adapt to ever-changing architectures, associated threats and 0-days. This manuscript aims to provide researchers with a taxonomy and survey of current dataset composition and current Intrusion Detection Systems (IDS) capabilities and assets. These taxonomies and surveys aim to improve both the efficiency of IDS and the creation of datasets to build the next generation IDS as well as to reflect networks threats more accurately in future datasets. To this end, this manuscript also provides a taxonomy and survey or network threats and associated tools. The manuscript highlights that current IDS only cover 25% of our threat taxonomy, while current datasets demonstrate clear lack of real-network threats and attack representation, but rather include a large number of deprecated threats, hence limiting the accuracy of current machine learning IDS. Moreover, the taxonomies are open-sourced to allow public contributions through a Github repository.

AB - With the world moving towards being increasingly dependent on computers and automation, one of the main challenges in the current decade has been to build secure applications, systems and networks. Alongside these challenges, the number of threats is rising exponentially due to the attack surface increasing through numerous interfaces offered for each service. To alleviate the impact of these threats, researchers have proposed numerous solutions; however, current tools often fail to adapt to ever-changing architectures, associated threats and 0-days. This manuscript aims to provide researchers with a taxonomy and survey of current dataset composition and current Intrusion Detection Systems (IDS) capabilities and assets. These taxonomies and surveys aim to improve both the efficiency of IDS and the creation of datasets to build the next generation IDS as well as to reflect networks threats more accurately in future datasets. To this end, this manuscript also provides a taxonomy and survey or network threats and associated tools. The manuscript highlights that current IDS only cover 25% of our threat taxonomy, while current datasets demonstrate clear lack of real-network threats and attack representation, but rather include a large number of deprecated threats, hence limiting the accuracy of current machine learning IDS. Moreover, the taxonomies are open-sourced to allow public contributions through a Github repository.

KW - cryptography

KW - artificial intelligence

KW - networking

KW - internet architecture

UR - https://arxiv.org/abs/1806.03517

M3 - Working paper

BT - A taxonomy and survey of intrusion detection system design techniques, network threats and datasets

CY - Ithaca, N.Y.

ER -