Automatic network intrusion detection: Current techniques and open issues

Automatic network intrusion detection has been an important research topic for the last 20 years. In that time, approaches based on signatures describing intrusive behavior have become the de-facto industry standard. Alternatively, other novel techniques have been used for improving automation of the intrusion detection process. In this regard, statistical methods, machine learning and data mining techniques have been proposed arguing higher automation capabilities than signature-based approaches. However, the majority of these novel techniques have never been deployed on real-life scenarios. The fact is that signature-based still is the most widely used strategy for automatic intrusion detection. In the present article we survey the most relevant works in the field of automatic network intrusion detection. In contrast to previous surveys, our analysis considers several features required for truly deploying each one of the reviewed approaches. This wider perspective can help us to identify the possible causes behind the lack of acceptance of novel techniques by network security experts.

Graphical abstractFigure optionsDownload full-size imageDownload as PowerPoint slideHighlights► This document reviews the most relevant techniques applied to intrusion detection. ► Techniques aim at providing better detection capabilities in a more automatic way. ► Those techniques claiming high accuracy are not easily deployable in real life. ► The assumptions in which these techniques rely on still need a lot of expert work. ► Efforts should be directed to reduce the need of human interaction in the process.