Security Data Collection and Data Analytics in the Internet: A Survey
Loading...
Access rights
openAccess
URL
Journal Title
Journal ISSN
Volume Title
A2 Katsausartikkeli tieteellisessä aikakauslehdessä
This publication is imported from Aalto University research portal.
View publication in the Research portal (opens in new window)
View/Open full text file from the Research portal (opens in new window)
Other link related to publication (opens in new window)
View publication in the Research portal (opens in new window)
View/Open full text file from the Research portal (opens in new window)
Other link related to publication (opens in new window)
Authors
Date
2019-01-01
Major/Subject
Mcode
Degree programme
Language
en
Pages
Series
IEEE Communications Surveys and Tutorials
Abstract
Attacks over the Internet are becoming more and more complex and sophisticated. How to detect security threats and measure the security of the Internet arises a significant research topic. For detecting the Internet attacks and measuring its security, collecting different categories of data and employing methods of data analytics are essential. However, the literature still lacks a thorough review on security-related data collection and analytics on the Internet. Therefore, it becomes a necessity to review the current state of the art in order to gain a deep insight on what categories of data should be collected and which methods should be used to detect the Internet attacks and to measure its security. In this paper, we survey existing studies about security-related data collection and analytics for the purpose of measuring the Internet security. We first divide the data related to network security measurement into four categories: 1) packet-level data; 2) flow-level data; 3) connection-level data; and 4) host-level data. For each category of data, we provide a specific classification and discuss its advantages and disadvantages with regard to the Internet security threat detection. We also propose several additional requirements for security-related data analytics in order to make the analytics flexible and scalable. Based on the usage of data categories and the types of data analytic methods, we review current detection methods for distributed denial of service flooding and worm attacks by applying the proposed requirements to evaluate their performance. Finally, based on the completed review, a list of open issues is outlined and future research directions are identified.Description
OA-julkaisu. Tuo IEEE:n tietokannasta, kun julkaistu.
Keywords
Computer crime, Data analysis, data analytics, Data collection, data collection, DDoS flooding attacks, Grippers, Internet, Protocols, security measurement., Security-related data, worm attacks
Other note
Citation
Jing, X, Yan, Z & Pedrycz, W 2019, ' Security Data Collection and Data Analytics in the Internet : A Survey ', IEEE Communications Surveys and Tutorials, vol. 21, no. 1, 8428412, pp. 586 - 618 . https://doi.org/10.1109/COMST.2018.2863942