A taxonomy of network threats and the effect of current datasets on intrusion detection systems

Hindy, Hanan and Brosset, David and Bayne, Ethan and Seeam, Amar and Tachtatzis, Christos and Atkinson, Robert and Bellekens, Xavier (2020) A taxonomy of network threats and the effect of current datasets on intrusion detection systems. IEEE Access, 8. pp. 104650-104675. ISSN 2169-3536 (https://doi.org/10.1109/ACCESS.2020.3000179)

[thumbnail of Hindy-etal-IEEE-Acces-2020-A-taxonomy-of-network-threats-and-the-effect-of-current-datasets]
Preview
 Text. Filename: Hindy_etal_IEEE_Acces_2020_A_taxonomy_of_network_threats_and_the_effect_of_current_datasets.pdf
Final Published Version
License: Creative Commons Attribution 4.0 logo
Download (3MB)| Preview

Abstract

As the world moves towards being increasingly dependent on computers and automation, building secure applications, systems and networks are some of the main challenges faced in the current decade. The number of threats that individuals and businesses face is rising exponentially due to the increasing complexity of networks and services of modern networks. To alleviate the impact of these threats, researchers have proposed numerous solutions for anomaly detection; however, current tools often fail to adapt to ever-changing architectures, associated threats and zero-day attacks. This manuscript aims to pinpoint research gaps and shortcomings of current datasets, their impact on building Network Intrusion Detection Systems (NIDS) and the growing number of sophisticated threats. To this end, this manuscript provides researchers with two key pieces of information; a survey of prominent datasets, analyzing their use and impact on the development of the past decade’s Intrusion Detection Systems (IDS) and a taxonomy of network threats and associated tools to carry out these attacks. The manuscript highlights that current IDS research covers only 33.3% of our threat taxonomy. Current datasets demonstrate a clear lack of real-network threats, attack representation and include a large number of deprecated threats, which together limit the detection accuracy of current machine learning IDS approaches. The unique combination of the taxonomy and the analysis of the datasets provided in this manuscript aims to improve the creation of datasets and the collection of real-world data. As a result, this will improve the efficiency of the next generation IDS and reflect network threats more accurately within new datasets.

ORCID iDs

Hindy, Hanan, Brosset, David, Bayne, Ethan, Seeam, Amar, Tachtatzis, Christos ORCID logoORCID: https://orcid.org/0000-0001-9150-6805, Atkinson, Robert ORCID logoORCID: https://orcid.org/0000-0002-6206-2229 and Bellekens, Xavier ORCID logoORCID: https://orcid.org/0000-0003-1849-5788;
CORE (COnnecting REpositories)