Abstract
Research in cyber-security has demonstrated that dealing with cyber-attacks is by no means an easy task. One particular limitation of existing research originates from the uncertainty of information that is gathered to discover attacks. This uncertainty is partly due to the lack of attack prediction models that utilize contextual information to analyze activities that target computer networks. The focus of this paper is a comprehensive review of data analytics paradigms for intrusion detection along with an overview of techniques that apply contextual information for intrusion detection. A new research taxonomy is introduced consisting of several dimensions of data mining techniques, which create attack prediction models. The survey reveals the need to use multiple categories of contextual information in a layered manner with consistent, coherent, and feasible evidence toward the correct prediction of cyber-attacks.
| Original language | English (US) |
|---|---|
| Pages (from-to) | 563-619 |
| Number of pages | 57 |
| Journal | Knowledge and Information Systems |
| Volume | 52 |
| Issue number | 3 |
| DOIs | |
| State | Published - Sep 1 2017 |
| Externally published | Yes |
Keywords
- Context
- Contextual information
- Cyber-security
- Intrusion detection
- Netflows
- Semantics
ASJC Scopus subject areas
- Software
- Information Systems
- Human-Computer Interaction
- Hardware and Architecture
- Artificial Intelligence