Anomaly Detection Systems Using IP Flows: A Review

The dependency on computer networks is increasing in all the sectors of the society and so are the threats. An anomaly detection system detects new attacks, identifies the intruder, and blocks them from further attacks. The researchers are proposing various techniques to detect the anomalies. In this paper, various aspects of the anomaly detection systems are discussed. Flow collection process and the tools used for collection are discussed in detail. The various statistical, data mining, deep learning, outlier-based, ensemble-based, and other techniques used by researchers in developing anomaly detection systems have been reviewed in detail. The research gaps in the study of anomaly detection are also discussed to give future directions.