1 research outputs found
Survey of Network Intrusion Detection Methods from the Perspective of the Knowledge Discovery in Databases Process
The identification of cyberattacks which target information and communication
systems has been a focus of the research community for years. Network intrusion
detection is a complex problem which presents a diverse number of challenges.
Many attacks currently remain undetected, while newer ones emerge due to the
proliferation of connected devices and the evolution of communication
technology. In this survey, we review the methods that have been applied to
network data with the purpose of developing an intrusion detector, but contrary
to previous reviews in the area, we analyze them from the perspective of the
Knowledge Discovery in Databases (KDD) process. As such, we discuss the
techniques used for the capture, preparation and transformation of the data, as
well as, the data mining and evaluation methods. In addition, we also present
the characteristics and motivations behind the use of each of these techniques
and propose more adequate and up-to-date taxonomies and definitions for
intrusion detectors based on the terminology used in the area of data mining
and KDD. Special importance is given to the evaluation procedures followed to
assess the different detectors, discussing their applicability in current real
networks. Finally, as a result of this literature review, we investigate some
open issues which will need to be considered for further research in the area
of network security