A review on intrusion detection datasets: tools, processes, and features

IF 4.4 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE Computer Networks Pub Date : 2025-03-13 DOI:10.1016/j.comnet.2025.111177

Daniela Pinto , Ivone Amorim , Eva Maia , Isabel Praça

{"title":"A review on intrusion detection datasets: tools, processes, and features","authors":"Daniela Pinto , Ivone Amorim , Eva Maia , Isabel Praça","doi":"10.1016/j.comnet.2025.111177","DOIUrl":null,"url":null,"abstract":"<div><div>Network intrusion detection systems are fundamental to the early detection of anomalous behaviour in networks. Modern versions of these tools take advantage of Machine Learning to process large amounts of data, identify patterns, and make predictions. Their development relies on the ability to access good historical network data. Therefore, the research community has been actively working on creating new datasets, and network traffic analysis tools are frequently used in this context. This study provides a comprehensive review of existing tools for network traffic analysis, highlighting their main advantages and drawbacks. A categorisation for these tools is introduced, as well as an overview of the dataset creation process by combining one or more of these categories. An updated analysis of existing datasets is also provided, along with details regarding their creation, highlighting the progression in dataset production. Finally, the impact of dataset features is discussed, underscoring their role in enhancing the effectiveness of network intrusion detection systems.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"262 ","pages":"Article 111177"},"PeriodicalIF":4.4000,"publicationDate":"2025-03-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Networks","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1389128625001458","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

Abstract

Network intrusion detection systems are fundamental to the early detection of anomalous behaviour in networks. Modern versions of these tools take advantage of Machine Learning to process large amounts of data, identify patterns, and make predictions. Their development relies on the ability to access good historical network data. Therefore, the research community has been actively working on creating new datasets, and network traffic analysis tools are frequently used in this context. This study provides a comprehensive review of existing tools for network traffic analysis, highlighting their main advantages and drawbacks. A categorisation for these tools is introduced, as well as an overview of the dataset creation process by combining one or more of these categories. An updated analysis of existing datasets is also provided, along with details regarding their creation, highlighting the progression in dataset production. Finally, the impact of dataset features is discussed, underscoring their role in enhancing the effectiveness of network intrusion detection systems.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

求助全文

约1分钟内获得全文去求助

来源期刊

Computer Networks 工程技术-电信学

CiteScore

10.80

自引率

3.60%

发文量

434

审稿时长

8.6 months

期刊介绍： Computer Networks is an international, archival journal providing a publication vehicle for complete coverage of all topics of interest to those involved in the computer communications networking area. The audience includes researchers, managers and operators of networks as well as designers and implementors. The Editorial Board will consider any material for publication that is of interest to those groups.