A Survey on Enterprise Network Security: Asset Behavioral Monitoring and Distributed Attack Detection

TL;DR

This survey reviews current research and industrial systems on enterprise network security, focusing on attack taxonomy, behavior monitoring, detection methods, and the application of machine learning, highlighting gaps and future directions.

Contribution

It provides a comprehensive overview of existing approaches to asset behavior monitoring and distributed attack detection, emphasizing recent advances and research gaps in enterprise network security.

Findings

Taxonomy of distributed network attacks including DDoS and reconnaissance.

Review of monitoring and classification methods for network behavior.

Discussion of machine learning applications in network security.

Abstract

Enterprise networks that host valuable assets and services are popular and frequent targets of distributed network attacks. In order to cope with the ever-increasing threats, industrial and research communities develop systems and methods to monitor the behaviors of their assets and protect them from critical attacks. In this paper, we systematically survey related research articles and industrial systems to highlight the current status of this arms race in enterprise network security. First, we discuss the taxonomy of distributed network attacks on enterprise assets, including distributed denial-of-service (DDoS) and reconnaissance attacks. Second, we review existing methods in monitoring and classifying network behavior of enterprise hosts to verify their benign activities and isolate potential anomalies. Third, state-of-the-art detection methods for distributed network attacks sourced from external attackers are elaborated, highlighting their merits and bottlenecks. Fourth, as programmable networks and machine learning (ML) techniques are increasingly becoming adopted by the community, their current applications in network security are discussed. Finally, we highlight several research gaps on enterprise network security to inspire future research.