{"id":"https://openalex.org/W3205985117","doi":"https://doi.org/10.1145/3472753","title":"A Survey on Data-driven Network Intrusion Detection","display_name":"A Survey on Data-driven Network Intrusion Detection","publication_year":2021,"publication_date":"2021-10-08","ids":{"openalex":"https://openalex.org/W3205985117","doi":"https://doi.org/10.1145/3472753","mag":"3205985117"},"language":"en","primary_location":{"id":"doi:10.1145/3472753","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3472753","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3472753","source":{"id":"https://openalex.org/S157921468","display_name":"ACM Computing Surveys","issn_l":"0360-0300","issn":["0360-0300","1557-7341"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Computing Surveys","raw_type":"journal-article"},"type":"review","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"bronze","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3472753","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5022994603","display_name":"Dylan Chou","orcid":null},"institutions":[{"id":"https://openalex.org/I74973139","display_name":"Carnegie Mellon University","ror":"https://ror.org/05x2bcf33","country_code":"US","type":"education","lineage":["https://openalex.org/I74973139"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Dylan Chou","raw_affiliation_strings":["Carnegie Mellon University, Pittsburgh, PA"],"affiliations":[{"raw_affiliation_string":"Carnegie Mellon University, Pittsburgh, PA","institution_ids":["https://openalex.org/I74973139"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5074821819","display_name":"Meng Jiang","orcid":"https://orcid.org/0000-0002-3009-519X"},"institutions":[{"id":"https://openalex.org/I107639228","display_name":"University of Notre Dame","ror":"https://ror.org/00mkhxb43","country_code":"US","type":"education","lineage":["https://openalex.org/I107639228"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Meng Jiang","raw_affiliation_strings":["University of Notre Dame, Notre Dame, Indiana"],"affiliations":[{"raw_affiliation_string":"University of Notre Dame, Notre Dame, Indiana","institution_ids":["https://openalex.org/I107639228"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5022994603"],"corresponding_institution_ids":["https://openalex.org/I74973139"],"apc_list":null,"apc_paid":null,"fwci":16.4828,"has_fulltext":true,"cited_by_count":162,"citation_normalized_percentile":{"value":0.99441566,"is_in_top_1_percent":true,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":95,"max":100},"biblio":{"volume":"54","issue":"9","first_page":"1","last_page":"36"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9990000128746033,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9943000078201294,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8756263256072998},{"id":"https://openalex.org/keywords/sandbox","display_name":"Sandbox (software development)","score":0.7464910745620728},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.6342997550964355},{"id":"https://openalex.org/keywords/scalability","display_name":"Scalability","score":0.5778539180755615},{"id":"https://openalex.org/keywords/intrusion","display_name":"Intrusion","score":0.4951919615268707},{"id":"https://openalex.org/keywords/inference","display_name":"Inference","score":0.488647997379303},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.4795686602592468},{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.4795372486114502},{"id":"https://openalex.org/keywords/honeypot","display_name":"Honeypot","score":0.4660099148750305},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.4167308211326599},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.4141392409801483},{"id":"https://openalex.org/keywords/data-science","display_name":"Data science","score":0.39269182085990906},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.20170018076896667},{"id":"https://openalex.org/keywords/database","display_name":"Database","score":0.1224277913570404},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.08031988143920898}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8756263256072998},{"id":"https://openalex.org/C167981075","wikidata":"https://www.wikidata.org/wiki/Q2667186","display_name":"Sandbox (software development)","level":2,"score":0.7464910745620728},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.6342997550964355},{"id":"https://openalex.org/C48044578","wikidata":"https://www.wikidata.org/wiki/Q727490","display_name":"Scalability","level":2,"score":0.5778539180755615},{"id":"https://openalex.org/C158251709","wikidata":"https://www.wikidata.org/wiki/Q354025","display_name":"Intrusion","level":2,"score":0.4951919615268707},{"id":"https://openalex.org/C2776214188","wikidata":"https://www.wikidata.org/wiki/Q408386","display_name":"Inference","level":2,"score":0.488647997379303},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.4795686602592468},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.4795372486114502},{"id":"https://openalex.org/C191267431","wikidata":"https://www.wikidata.org/wiki/Q911932","display_name":"Honeypot","level":2,"score":0.4660099148750305},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.4167308211326599},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.4141392409801483},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.39269182085990906},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.20170018076896667},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.1224277913570404},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.08031988143920898},{"id":"https://openalex.org/C127313418","wikidata":"https://www.wikidata.org/wiki/Q1069","display_name":"Geology","level":0,"score":0.0},{"id":"https://openalex.org/C17409809","wikidata":"https://www.wikidata.org/wiki/Q161764","display_name":"Geochemistry","level":1,"score":0.0},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3472753","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3472753","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3472753","source":{"id":"https://openalex.org/S157921468","display_name":"ACM Computing Surveys","issn_l":"0360-0300","issn":["0360-0300","1557-7341"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Computing Surveys","raw_type":"journal-article"}],"best_oa_location":{"id":"doi:10.1145/3472753","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3472753","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3472753","source":{"id":"https://openalex.org/S157921468","display_name":"ACM Computing Surveys","issn_l":"0360-0300","issn":["0360-0300","1557-7341"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Computing Surveys","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G4512456570","display_name":null,"funder_award_id":"IIS-1849816","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G7526817510","display_name":null,"funder_award_id":"1849816","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W3205985117.pdf","grobid_xml":"https://content.openalex.org/works/W3205985117.grobid-xml"},"referenced_works_count":151,"referenced_works":["https://openalex.org/W42722137","https://openalex.org/W573815303","https://openalex.org/W1489073918","https://openalex.org/W1509669977","https://openalex.org/W1648214972","https://openalex.org/W1965334909","https://openalex.org/W1967376128","https://openalex.org/W1970586689","https://openalex.org/W1975415766","https://openalex.org/W1978113542","https://openalex.org/W1983291981","https://openalex.org/W1985987493","https://openalex.org/W1986614398","https://openalex.org/W2007541629","https://openalex.org/W2032620230","https://openalex.org/W2036695131","https://openalex.org/W2038536589","https://openalex.org/W2040333627","https://openalex.org/W2041415879","https://openalex.org/W2056964535","https://openalex.org/W2061951830","https://openalex.org/W2065523140","https://openalex.org/W2078559757","https://openalex.org/W2084496302","https://openalex.org/W2086540457","https://openalex.org/W2091990279","https://openalex.org/W2100495367","https://openalex.org/W2100537916","https://openalex.org/W2101756295","https://openalex.org/W2105442001","https://openalex.org/W2105509454","https://openalex.org/W2110700924","https://openalex.org/W2115569246","https://openalex.org/W2127589108","https://openalex.org/W2131389289","https://openalex.org/W2141684651","https://openalex.org/W2142889610","https://openalex.org/W2142897102","https://openalex.org/W2150755264","https://openalex.org/W2156612354","https://openalex.org/W2161778376","https://openalex.org/W2170689836","https://openalex.org/W2188268519","https://openalex.org/W2278186031","https://openalex.org/W2286850974","https://openalex.org/W2290318923","https://openalex.org/W2337240321","https://openalex.org/W2341871820","https://openalex.org/W2342408547","https://openalex.org/W2391440061","https://openalex.org/W2399941526","https://openalex.org/W2462597051","https://openalex.org/W2473813716","https://openalex.org/W2485030193","https://openalex.org/W2505839951","https://openalex.org/W2507920413","https://openalex.org/W2512144135","https://openalex.org/W2588217585","https://openalex.org/W2590761734","https://openalex.org/W2601474892","https://openalex.org/W2602509076","https://openalex.org/W2607460355","https://openalex.org/W2626468835","https://openalex.org/W2770942607","https://openalex.org/W2783741806","https://openalex.org/W2790583291","https://openalex.org/W2793412195","https://openalex.org/W2798336999","https://openalex.org/W2803217416","https://openalex.org/W2887597525","https://openalex.org/W2889165715","https://openalex.org/W2890474333","https://openalex.org/W2892214024","https://openalex.org/W2892336822","https://openalex.org/W2897256107","https://openalex.org/W2899653275","https://openalex.org/W2901492899","https://openalex.org/W2902529532","https://openalex.org/W2902900716","https://openalex.org/W2913330314","https://openalex.org/W2922628727","https://openalex.org/W2924689635","https://openalex.org/W2925211503","https://openalex.org/W2940934424","https://openalex.org/W2944643572","https://openalex.org/W2944992190","https://openalex.org/W2945230547","https://openalex.org/W2946156428","https://openalex.org/W2946361217","https://openalex.org/W2950204666","https://openalex.org/W2950250245","https://openalex.org/W2959717179","https://openalex.org/W2963276095","https://openalex.org/W2963391384","https://openalex.org/W2965481252","https://openalex.org/W2965567524","https://openalex.org/W2965644191","https://openalex.org/W2966689929","https://openalex.org/W2969495950","https://openalex.org/W2969804742","https://openalex.org/W2975107074","https://openalex.org/W2979389376","https://openalex.org/W2979560086","https://openalex.org/W2979619706","https://openalex.org/W2990352665","https://openalex.org/W2990664669","https://openalex.org/W2994866269","https://openalex.org/W2996900869","https://openalex.org/W2997442262","https://openalex.org/W2998722477","https://openalex.org/W3003727567","https://openalex.org/W3005588871","https://openalex.org/W3005630930","https://openalex.org/W3005805195","https://openalex.org/W3007153438","https://openalex.org/W3008195198","https://openalex.org/W3008540096","https://openalex.org/W3011524935","https://openalex.org/W3012981875","https://openalex.org/W3017093935","https://openalex.org/W3020912042","https://openalex.org/W3021740526","https://openalex.org/W3022454434","https://openalex.org/W3026559324","https://openalex.org/W3029494242","https://openalex.org/W3033728179","https://openalex.org/W3035735617","https://openalex.org/W3043077209","https://openalex.org/W3090540360","https://openalex.org/W3093649180","https://openalex.org/W3105682467","https://openalex.org/W3141184276","https://openalex.org/W4230685329","https://openalex.org/W4234865505","https://openalex.org/W4235157178","https://openalex.org/W4239963787","https://openalex.org/W4241521163","https://openalex.org/W4242866185","https://openalex.org/W4244291872","https://openalex.org/W4244424141","https://openalex.org/W4245053994","https://openalex.org/W4248285974","https://openalex.org/W4249267531","https://openalex.org/W4250117065","https://openalex.org/W4251291391","https://openalex.org/W4252479810","https://openalex.org/W4253254734","https://openalex.org/W4301329292","https://openalex.org/W4323645769","https://openalex.org/W4389312989","https://openalex.org/W6686806119"],"related_works":["https://openalex.org/W2789663798","https://openalex.org/W2375896275","https://openalex.org/W2166943775","https://openalex.org/W1903420481","https://openalex.org/W2158007046","https://openalex.org/W2392120181","https://openalex.org/W2307276533","https://openalex.org/W2390124310","https://openalex.org/W2594597562","https://openalex.org/W2133389611"],"abstract_inverted_index":{"Data-driven":[0],"network":[1,90],"intrusion":[2,33],"detection":[3,34],"(NID)":[4],"has":[5],"a":[6,50],"tendency":[7],"towards":[8],"minority":[9],"attack":[10],"classes":[11],"compared":[12],"to":[13,43,62],"normal":[14],"traffic.":[15],"Many":[16],"datasets":[17,59,95],"are":[18,65,77],"collected":[19,96],"in":[20,70,97],"simulated":[21],"environments":[22],"rather":[23],"than":[24],"real-world":[25,98],"networks.":[26,99],"These":[27],"challenges":[28,55,69],"undermine":[29],"the":[30,68,71],"performance":[31],"of":[32],"machine":[35,40],"learning":[36,41],"models":[37,42,87],"by":[38],"fitting":[39],"unrepresentative":[44],"\u201csandbox\u201d":[45],"datasets.":[46],"This":[47],"survey":[48],"presents":[49],"taxonomy":[51],"with":[52],"eight":[53],"main":[54],"and":[56,74,92],"explores":[57],"common":[58],"from":[60],"1999":[61],"2020.":[63],"Trends":[64],"analyzed":[66],"on":[67,79],"past":[72],"decade":[73],"future":[75],"directions":[76],"proposed":[78],"expanding":[80],"NID":[81],"into":[82],"cloud-based":[83],"environments,":[84],"devising":[85],"scalable":[86],"for":[88],"large":[89],"data,":[91],"creating":[93],"labeled":[94]},"counts_by_year":[{"year":2026,"cited_by_count":7},{"year":2025,"cited_by_count":52},{"year":2024,"cited_by_count":38},{"year":2023,"cited_by_count":36},{"year":2022,"cited_by_count":26},{"year":2021,"cited_by_count":3}],"updated_date":"2026-04-10T15:06:20.359241","created_date":"2025-10-10T00:00:00"}