A Survey on Enterprise Network Security: Asset Behavioral Monitoring and Distributed Attack Detection

Enterprise networks that host valuable assets and services are popular and frequent targets of distributed network attacks. In order to cope with the ever-increasing threats, industrial and research communities develop systems and methods to monitor the behaviors of their assets and protect them fro...

Full description

Saved in:
Bibliographic Details
Published inIEEE access Vol. 12; pp. 89363 - 89383
Main Authors Lyu, Minzhao, Habibi Gharakheili, Hassan, Sivaraman, Vijay
Format Journal Article
LanguageEnglish
Published Piscataway IEEE 2024
The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Subjects
Botnet
Chatbots
DDoS
Denial of service attacks
Denial-of-service attack
enterprise network
host monitoring
Machine learning
Monitoring
Network security
Open source software
Reconnaissance
reconnaissance scan
Servers
Software
Surveys
Taxonomy
Online AccessGet full text

Cover

More Information
Summary:Enterprise networks that host valuable assets and services are popular and frequent targets of distributed network attacks. In order to cope with the ever-increasing threats, industrial and research communities develop systems and methods to monitor the behaviors of their assets and protect them from critical attacks. In this survey, we systematically survey related research articles and industrial systems to highlight the current status of this arms race in enterprise network security. First, we discuss the taxonomy of distributed network attacks on enterprise assets, including reconnaissance attacks probing vulnerable enterprise hosts and servers, and distributed denial-of-service (DDoS) attacks aiming to paralyze network services hosted within an enterprise network. Second, we review existing methods that leverage either static configurations or dynamic network graphs to monitor network behavior of enterprise hosts, verify their benign activities and isolate potential anomalies. Third, state-of-the-art detection methods for distributed network attacks sourced from external attackers, such as proprietary rules in commercial firewalls and community signatures in open-source software tools are elaborated with highlights on their merits and bottlenecks. Fourth, as programmable networks and machine learning (ML) techniques are increasingly becoming adopted by the community, their current applications in network security are discussed. Finally, we suggest several research gaps on enterprise network security to inspire future research.
ISSN:2169-3536
2169-3536
DOI:10.1109/ACCESS.2024.3419068