6533b7d6fe1ef96bd1265e24

RESEARCH PRODUCT

State of the Art Literature Review on Network Anomaly Detection

Timo HämäläinenTero Bodström

subject

Advanced persistent threatComputer science05 social sciences050801 communication & media studiesDenial-of-service attack02 engineering and technology021001 nanoscience & nanotechnologyComputer securitycomputer.software_genrenetwork anomaly detection0508 media and communicationsAnomaly detectionState (computer science)tietoturva0210 nano-technologyverkkohyökkäyksetcomputer

description

As network attacks are evolving along with extreme growth in the amount of data that is present in networks, there is a significant need for faster and more effective anomaly detection methods. Even though current systems perform well when identifying known attacks, previously unknown attacks are still difficult to identify under occurrence. To emphasize, attacks that might have more than one ongoing attack vectors in one network at the same time, or also known as APT (Advanced Persistent Threat) attack, may be hardly notable since it masquerades itself as legitimate traffic. Furthermore, with the help of hiding functionality, this type of attack can even hide in a network for years. Additionally, the expected number of connected devices as well as the fast-paced development caused by the Internet of Things, raises huge risks in cyber security that must be dealt with accordingly. When considering all above-mentioned reasons, there is no doubt that there is plenty of room for more advanced methods in network anomaly detection hence more advanced statistical methods and machine learning based techniques have been proposed recently in detecting anomalies. The papers reviewed showed that different methods vary greatly in their performance to detect anomalies. Every method had its advantages and disadvantages, however most of the presented methods cannot detect previously unknown attacks but on the contrary, for example, detects DDoS attacks extremely well.

https://doi.org/10.1007/978-3-030-01168-0_9