A Survey of Data Stream-Based Intrusion Detection Systems

Abstract

Detecting malicious activities in network environments poses a challenge that attracts significant attention due to its complexity and importance. Advances in the field have led to the development of several algorithms that approach the problem under the view of a data stream machine learning task. This task involves a set of steps: data collection or choice of public datasets, data pre-processing, data reduction, development or application of data mining techniques, and evaluation methodology. However, these steps must address the inherent issues of dynamic environments such as data streams and intrusion detection systems. These issues include, but are not limited to, the continuous influx of data, changes in both normal and attack class distributions, the emergence of new attack types, and the scarcity of labeled data examples to update the decision models. This survey provides an overview of intrusion detection systems (IDS) using data stream machine learning techniques, characterizing the literature approaches according to the classic steps of the data mining task. In addition, we discuss recommendations for practical IDS development and highlight datasets and tools that can aid in detecting malicious behavior. Finally, we outline potential avenues for future research and open questions in the field.