Skip to main content

From Intrusion Detection to Attacker Attribution: A Comprehensive Survey of Unsupervised Methods.

Nisioti, A., Mylonas, A., Yoo, P.D. and Katos, V., 2018. From Intrusion Detection to Attacker Attribution: A Comprehensive Survey of Unsupervised Methods. IEEE Communications Surveys and Tutorials, 20 (4), 3369-3388.

Full text available as:

08410366.pdf - Published Version
Available under License Creative Commons Attribution.

PDF ((c) 2018 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses)
IEEE COMST 18 - From_intrusion_detection_to_attribution_.pdf - Accepted Version
Available under License Creative Commons Attribution Non-commercial No Derivatives.


DOI: 10.1109/COMST.2018.2854724


Over the last five years there has been an increase in the frequency and diversity of network attacks. This holds true, as more and more organisations admit compromises on a daily basis. Many misuse and anomaly based Intrusion Detection Systems (IDSs) that rely on either signatures, supervised or statistical methods have been proposed in the literature, but their trustworthiness is debatable. Moreover, as this work uncovers, the current IDSs are based on obsolete attack classes that do not reflect the current attack trends. For these reasons, this paper provides a comprehensive overview of unsupervised and hybrid methods for intrusion detection, discussing their potential in the domain. We also present and highlight the importance of feature engineering techniques that have been proposed for intrusion detection. Furthermore, we discuss that current IDSs should evolve from simple detection to correlation and attribution. We descant how IDS data could be used to reconstruct and correlate attacks to identify attackers, with the use of advanced data analytics techniques. Finally, we argue how the present IDS attack classes can be extended to match the modern attacks and propose three new classes regarding the outgoing network communication

Item Type:Article
Uncontrolled Keywords:Anomaly IDS; correlation and attribution; attack reconstruction; digital forensics; network forensics; data analytics; unsupervised learning; feature selection; Intrusion detection; Correlation; Feature extraction; Forensics; Computer crime; Telecommunication traffic; Monitoring
Group:Faculty of Science & Technology
ID Code:30985
Deposited By: Symplectic RT2
Deposited On:16 Jul 2018 13:08
Last Modified:14 Mar 2022 14:11


Downloads per month over past year

More statistics for this item...
Repository Staff Only -