A systematic literature review of methods and datasets for anomaly-based network intrusion detection

As network techniques rapidly evolve, attacks are becoming increasingly sophisticated and threatening. Network intrusion detection has been widely accepted as an effective method to deal with network threats. Many approaches have been proposed, exploring different techniques and targeting different types of traffic. Anomaly-based network intrusion detection is an important research and development di-rection of intrusion detection. Despite the extensive investigation of anomaly-based network intrusion de-tection techniques, there lacks a systematic literature review of recent techniques and datasets. We follow the methodology of systematic literature review to survey and study 119 top-cited papers on anomaly-based intrusion detection. Our study rigorously and comprehensively investigates the technical landscape of the field in order to facilitate subsequent research within this field. Specifically, our investigation is conducted from the following perspectives: application domains, data preprocessing and attack-detection techniques, evaluation metrics, coauthor relationships, and datasets. Based on the research results, we identify unsolved research challenges and unstudied research topics from each perspective, respectively. Finally, we present several promising high-impact future research directions. (c) 2022 The Authors. Published by Elsevier Ltd. This is an open access article under the CC BY license ( http://creativecommons.org/licenses/by/4.0/ )

Automated summary

With the rapid evolution of network techniques, network attacks are becoming more sophisticated and threatening. Network intrusion detection is widely recognized as an effective method to address network threats. Anomaly-based network intrusion detection is an important research direction, but there is a lack of systematic literature reviews on recent techniques and datasets. In this study, we conducted a systematic literature review of 119 top-cited papers on anomaly-based intrusion detection, investigating the technical landscape of the field from various perspectives, and identifying unsolved research challenges and future research directions.