A Survey on Network Security-Related Data Collection Technologies

Security threats and economic loss caused by network attacks, intrusions, and vulnerabilities have motivated intensive studies on network security. Normally, data collected in a network system can reflect or can be used to detect security threats. We define these data as network security-related data. Studying and analyzing security-related data can help detect network attacks and intrusions, thus making it possible to further measure the security level of the whole network system. Obviously, the first step in detecting network attacks and intrusions is to collect security-related data. However, in the context of big data and 5G, there exist a number of challenges in collecting these security-related data. In this paper, we first briefly introduce network security-related data, including its definition and characteristics, and the applications of network data collection. We then provide the requirements and objectives for security-related data collection and present a taxonomy of data collection technologies. Moreover, we review existing collection nodes, collection tools, and collection mechanisms in terms of network data collection and analyze them based on the proposed requirements and objectives toward high quality security-related data collection. Finally, we discuss open research issues and conclude with suggestions for future research directions.

[1]  Zhang Xing,et al.  User traffic collection and prediction in cellular networks: Architecture, platform and case study , 2014, 2014 4th IEEE International Conference on Network Infrastructure and Digital Content.

[2]  Deborah Estrin,et al.  A first look at traffic on smartphones , 2010, IMC '10.

[3]  Oksam Chae,et al.  A Design and Implementation of Network Traffic Monitoring System for PC-room Management , 2004, NPC.

[4]  Rishabh Kaushal,et al.  CREDROID: Android malware detection by network traffic analysis , 2016, PAMCO '16.

[5]  Luca Deri nCap: wire-speed packet capture and transmission , 2005, Workshop on End-to-End Monitoring Techniques and Services, 2005..

[6]  Jianming Liu,et al.  Study on data acquisition solution of network security monitoring system , 2010, 2010 IEEE International Conference on Information Theory and Information Security.

[7]  Armando Ferro,et al.  Modelling packet capturing in a traffic monitoring system based on Linux , 2012, 2012 International Symposium on Performance Evaluation of Computer & Telecommunication Systems (SPECTS).

[8]  Shufen Liu,et al.  A Method for Network Data Collection and Processing in the Pervasive Computing Environment , 2006, 2006 First International Symposium on Pervasive Computing and Applications.

[9]  Alireza Khotanzad,et al.  Multi-scale high-speed network traffic prediction using combination of neural networks , 2003, Proceedings of the International Joint Conference on Neural Networks, 2003..

[10]  Ali Movaghar-Rahimabadi,et al.  Intrusion Detection: A Survey , 2008, 2008 Third International Conference on Systems and Networks Communications.

[11]  Salah-Ddine Krit,et al.  Review on the IT security: Attack and defense , 2016, 2016 International Conference on Engineering & MIS (ICEMIS).

[12]  Arshad Iqbal,et al.  Network Traffic Analysis and Intrusion Detection Using Packet Sniffer , 2010, 2010 Second International Conference on Communication Software and Networks.

[13]  Selvakumar Manickam,et al.  A Study on Packet Capture Mechanisms in Real Time Network Traffic , 2013, 2013 International Conference on Advanced Computer Science Applications and Technologies.

[14]  Ping Yan,et al.  A survey on dynamic mobile malware detection , 2017, Software Quality Journal.

[15]  Witold Pedrycz,et al.  Data collection for attack detection and security measurement in Mobile Ad Hoc Networks: A survey , 2018, J. Netw. Comput. Appl..

[16]  Maode Ma,et al.  SVM-Based Models for Predicting WLAN Traffic , 2006, 2006 IEEE International Conference on Communications.

[17]  Samira Moussaoui,et al.  A BLE-based data collection system for IoT , 2015, 2015 First International Conference on New Technologies of Information and Communication (NTIC).

[18]  Colin J. Fidge,et al.  A network forensics tool for precise data packet capture and replay in cyber-physical systems , 2016, ACSW.

[19]  Raimo Kantola,et al.  Analysis on the acceptance of Global Trust Management for unwanted traffic control based on game theory , 2014, Comput. Secur..

[20]  Yanhua Yu,et al.  Traffic prediction in 3G mobile networks based on multifractal exploration , 2013 .

[21]  Athanasios V. Vasilakos,et al.  A survey on trust management for Internet of Things , 2014, J. Netw. Comput. Appl..

[22]  Qiben Yan,et al.  A Real-time Android Malware Detection System Based on Network Traffic Analysis , 2015, ICA3PP.

[23]  Anja Feldmann,et al.  Packet Capture in 10-Gigabit Ethernet Environments Using Contemporary Commodity Hardware , 2007, PAM.

[24]  R.C. Joshi,et al.  A honeypot system for efficient capture and analysis of network attack traffic , 2011, 2011 International Conference on Signal Processing, Communication, Computing and Networking Technologies.

[25]  Marco Canini,et al.  Per flow packet sampling for high-speed network monitoring , 2009, 2009 First International Communication Systems and Networks and Workshops.

[26]  M. Shyu,et al.  A Novel Anomaly Detection Scheme Based on Principal Component Classifier , 2003 .

[27]  Luca Deri,et al.  High speed network traffic analysis with commodity multi-core systems , 2010, IMC '10.

[28]  Hyuk Lim,et al.  Scalable Traffic Sampling Using Centrality Measure on Software-Defined Networks , 2017, IEEE Communications Magazine.

[29]  Raimo Kantola,et al.  Privacy-preserving trust management for unwanted traffic control , 2017, Future Gener. Comput. Syst..

[30]  Zhifeng Zhao,et al.  Spatial-temporal compressed sensing based traffic prediction in cellular networks , 2012, 2012 1st IEEE International Conference on Communications in China Workshops (ICCC).

[31]  Li-Wenyin,et al.  A study of traffic collection techniques for network management and accounting systems , 2004, 8th International Conference on Computer Supported Cooperative Work in Design.

[32]  Martin Kappes,et al.  Header Field Based Partitioning of Network Traffic for Distributed Packet Capturing and Processing , 2014, 2014 IEEE 28th International Conference on Advanced Information Networking and Applications.

[33]  Evangelos P. Markatos,et al.  Improving the Performance of Passive Network Monitoring Applications using Locality Buffering , 2007, 2007 15th International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunication Systems.

[34]  Han Li,et al.  A distributed intrusion detection model based on cloud theory , 2012, 2012 IEEE 2nd International Conference on Cloud Computing and Intelligence Systems.

[35]  Taghi M. Khoshgoftaar,et al.  A Session Based Approach for Aggregating Network Traffic Data -- The SANTA Dataset , 2014, 2014 IEEE International Conference on Bioinformatics and Bioengineering.

[36]  Meng Zhang,et al.  Data Collection for Intrusion Detection System Based on Stratified Random Sampling , 2007, 2007 IEEE International Conference on Networking, Sensing and Control.

[37]  Stefanos D. Kollias,et al.  An adaptable neural-network model for recursive nonlinear traffic prediction and modeling of MPEG video sources , 2003, IEEE Trans. Neural Networks.

[38]  Guanglu Sun,et al.  Traffic Collection and Analysis System , 2016, ICYCSEE.

[39]  Xin Wang,et al.  A wavelet-based method to predict Internet traffic , 2002, IEEE 2002 International Conference on Communications, Circuits and Systems and West Sino Expositions.

[40]  Raktim Bhattacharjee,et al.  Traffic capture beyond 10 Gbps: Linear scaling with multiple network interface cards on commodity servers , 2014, 2014 International Conference on Data Science & Engineering (ICDSE).

[41]  Xuesong Qiu,et al.  A random switching traffic scheduling algorithm for data collection in wireless mesh network , 2014, The 16th Asia-Pacific Network Operations and Management Symposium.

[42]  Hong Ni,et al.  A Novel Two-Dimension Adaptive Data Collection Method for Network Management , 2009, 2009 WRI International Conference on Communications and Mobile Computing.

[43]  Mohammed Atiquzzaman,et al.  LTE/LTE-A Network Security Data Collection and Analysis for Security Measurement: A Survey , 2018, IEEE Access.

[44]  Martin Kappes,et al.  Monitoring traffic in computer networks with dynamic distributed remote packet capturing , 2015, 2015 IEEE International Conference on Communications (ICC).

[45]  Cecília M. F. Rubira,et al.  A Robust Software Product Line Architecture for Data Collection in Android Platform , 2015, 2015 IX Brazilian Symposium on Components, Architectures and Reuse Software.

[46]  Sang-Soo Choi,et al.  A Malware Collection and Analysis Framework Based on Darknet Traffic , 2012, ICONIP.

[47]  Liang Liu,et al.  Exploring Diversified Incentive Strategies for Long-Term Participatory Sensing Data Collections , 2017, 2017 3rd International Conference on Big Data Computing and Communications (BIGCOM).

[48]  Farouk Kamoun,et al.  Traffic Anomaly Detection and Characterization in the Tunisian National University Network , 2006, Networking.

[49]  Liang Hu,et al.  A DATA COLLECTION MODEL FOR INTRUSION DETECTION SYSTEM BASED ON SIMPLE RANDOM SAMPLING , 2006 .

[50]  Martin S. Olivier,et al.  Active Traffic Capture for Network Forensics , 2006, IFIP Int. Conf. Digital Forensics.

[51]  César Viho,et al.  Embeding traffic capturing and analysis extensions into TTCN-3 System Adaptor , 2006 .

[52]  Krishna M. Sivalingam,et al.  Implementation of wrap around mechanism for system level simulation of LTE cellular networks in NS3 , 2017, 2017 IEEE 18th International Symposium on A World of Wireless, Mobile and Multimedia Networks (WoWMoM).

[53]  Georg Carle,et al.  Comparing and improving current packet capturing solutions based on commodity hardware , 2010, IMC '10.

[54]  B.A. Fessi,et al.  Data collection for information security system , 2010, 2010 Second International Conference on Engineering System Management and Applications.

[55]  Evangelos P. Markatos,et al.  Improving the performance of passive network monitoring applications with memory locality enhancements , 2012, Comput. Commun..

[56]  Stefano Giordano,et al.  Towards smarter probes: in-network traffic capturing and processing , 2011 .

[57]  Andrei Vladyko,et al.  A fuzzy logic-based information security management for software-defined networks , 2014, 16th International Conference on Advanced Communication Technology.

[58]  Raimo Kantola,et al.  A generic solution for unwanted traffic control through trust management , 2014, New Rev. Hypermedia Multim..

[59]  Prasant Mohapatra,et al.  Efficient data capturing for network forensics in cognitive radio networks , 2011, 2011 19th IEEE International Conference on Network Protocols.

[60]  Lalu Banoth,et al.  A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection , 2017 .

[61]  Mauro Conti,et al.  A Host and Network Based Intrusion Detection for Android Smartphones , 2016, 2016 30th International Conference on Advanced Information Networking and Applications Workshops (WAINA).

[62]  Liang Chen,et al.  TruSMS: A trustworthy SMS spam control system based on trust management , 2015, Future Gener. Comput. Syst..

[63]  Javier Aracil,et al.  A queueing equivalent thresholding method for thinning traffic captures , 2008, NOMS 2008 - 2008 IEEE Network Operations and Management Symposium.

[64]  Deep Medhi,et al.  Adaptive bandwidth provisioning envelope based on discrete temporal network measurements , 2004, IEEE INFOCOM 2004.

[65]  Li Lin,et al.  A Cluster-Based Intrusion Detection Framework for Monitoring the Traffic of Cloud Environments , 2016, 2016 IEEE 3rd International Conference on Cyber Security and Cloud Computing (CSCloud).

[66]  Xiangyang Li,et al.  An SDN-supported collaborative approach for DDoS flooding detection and containment , 2015, MILCOM 2015 - 2015 IEEE Military Communications Conference.