Contextual information fusion for intrusion detection: a survey and taxonomy

Ahmed Aleroud, George Karabatis

Research output: Contribution to journalArticlepeer-review

26 Scopus citations

Abstract

Research in cyber-security has demonstrated that dealing with cyber-attacks is by no means an easy task. One particular limitation of existing research originates from the uncertainty of information that is gathered to discover attacks. This uncertainty is partly due to the lack of attack prediction models that utilize contextual information to analyze activities that target computer networks. The focus of this paper is a comprehensive review of data analytics paradigms for intrusion detection along with an overview of techniques that apply contextual information for intrusion detection. A new research taxonomy is introduced consisting of several dimensions of data mining techniques, which create attack prediction models. The survey reveals the need to use multiple categories of contextual information in a layered manner with consistent, coherent, and feasible evidence toward the correct prediction of cyber-attacks.

Original languageEnglish (US)
Pages (from-to)563-619
Number of pages57
JournalKnowledge and Information Systems
Volume52
Issue number3
DOIs
StatePublished - Sep 1 2017
Externally publishedYes

Keywords

  • Context
  • Contextual information
  • Cyber-security
  • Intrusion detection
  • Netflows
  • Semantics

ASJC Scopus subject areas

  • Software
  • Information Systems
  • Human-Computer Interaction
  • Hardware and Architecture
  • Artificial Intelligence

Fingerprint

Dive into the research topics of 'Contextual information fusion for intrusion detection: a survey and taxonomy'. Together they form a unique fingerprint.

Cite this