Abstract

As network techniques rapidly evolve, attacks are becoming increasingly sophisticated and threatening. Network intrusion detection has been widely accepted as an effective method to deal with network threats. Many approaches have been proposed, exploring different techniques and targeting different types of traffic. Anomaly-based network intrusion detection is an important research and development direction of intrusion detection. Despite the extensive investigation of anomaly-based network intrusion detection techniques, there lacks a systematic literature review of recent techniques and datasets. We follow the methodology of systematic literature review to survey and study 119 top-cited papers on anomaly-based intrusion detection. Our study rigorously and comprehensively investigates the technical landscape of the field in order to facilitate subsequent research within this field. Specifically, our investigation is conducted from the following perspectives: application domains, data preprocessing and attack-detection techniques, evaluation metrics, coauthor relationships, and datasets. Based on the research results, we identify unsolved research challenges and unstudied research topics from each perspective, respectively. Finally, we present several promising high-impact future research directions.