Flow-based intrusion detection: Techniques and challenges

Flow-based intrusion detection is an innovative way of detecting intrusions in high-speed networks. Flow-based intrusion detection only inspects the packet header and does not analyze the packet payload. This paper provides a comprehensive survey of current state of the art in flow-based intrusion detection. It also describes the available flow-based datasets used for evaluation of flow-based intrusion detection systems. The paper proposes a taxonomy for flow-based intrusion detection systems on the basis of the technique used for detection of maliciousness in flow records. We review the architecture and evaluation results of available flow-based intrusion detection systems. We also identify important research challenges for future research in the area of flow-based intrusion detection.