Security and Communication Networks

Review Article

Towards Large-Scale, Heterogeneous Anomaly Detection Systems in Industrial Networks: A Survey of Current Trends

Comparison of the surveyed works.


Name	Ref.	Domain	Granul.	Time of detect.	Sources	Main Detect. technique

Beehive	[23]	IT	Batch	Nonreal	Proxy logs	-means
Bumgardner and Marek	[24]	IT	Both	Real	Network flows	Established thresholds
Camacho et al.	[17]	IT	Both	Nonreal	Firewall & IDS logs	PCA
Dromard et al.	[25]	IT	Batch	Nonreal	Network flows	DBSCAN
Difallah et al.	[26]	IN	Both	Real	Process data	LISA
Giura and Wang	[27]	IT	Batch	Nonreal	Network and application data	Threshold establishing
Gupta and Kulariya	[28]	IT	Batch	Nonreal	Network captures	Several feature extraction and classification algorithms
Gonçalves et al.	[29]	IT	Batch	Nonreal	DHCP, Authentication and Firewall logs	EM
Hadžiosmanović et al.	[30]	IN	Batch	Nonreal	SCADA logs	FP-Graph
Hashdoop	[31]	IT	Batch	Nonreal	Network traffic (textual format)	None
Hurst et al.	[32]	IN	Batch	Nonreal	Process data	Multiple classification algs.
Iturbe et al.	[33]	IN	Batch	Nonreal	Network flows	Whitelisting
Kiss et al.	[34]	IN	Batch	Nonreal	Process data	-means
Marchal et al.	[35]	IT	Batch	Nonreal	Honeypot, DNS, HTTP and Network flow data	Threshold establishing
MATATABI	[36]	IT	Batch	Nonreal	DNS records, Network flows, Spam email	Multiple
Rathore et al.	[37]	IT	Batch	Nonreal	Network flows	C4.5, RepTree
Ratner and Kelly	[38]	IT	Batch	Nonreal	Network packets	Manual data querying
Therdphapiyanak and Piromsopa	[39]	IT	Batch	Nonreal	Network logs	-means
TADOOP	[40]	IT	Batch	Nonreal	Network flows	DTE-FP
Wallace et al.	[18]	IN	Continuous	Real	Process data	Cumulative Probability Distribution
Wang et al.	[41]	IT	Continuous	Real	Network flows	Intergroup entropy, LMS
Xu et al.	[42]	IT	Batch	Nonreal	Console logs	PCA