IEEE Access (Jan 2024)
A Survey on Enterprise Network Security: Asset Behavioral Monitoring and Distributed Attack Detection
Abstract
Enterprise networks that host valuable assets and services are popular and frequent targets of distributed network attacks. In order to cope with the ever-increasing threats, industrial and research communities develop systems and methods to monitor the behaviors of their assets and protect them from critical attacks. In this survey, we systematically survey related research articles and industrial systems to highlight the current status of this arms race in enterprise network security. First, we discuss the taxonomy of distributed network attacks on enterprise assets, including reconnaissance attacks probing vulnerable enterprise hosts and servers, and distributed denial-of-service (DDoS) attacks aiming to paralyze network services hosted within an enterprise network. Second, we review existing methods that leverage either static configurations or dynamic network graphs to monitor network behavior of enterprise hosts, verify their benign activities and isolate potential anomalies. Third, state-of-the-art detection methods for distributed network attacks sourced from external attackers, such as proprietary rules in commercial firewalls and community signatures in open-source software tools are elaborated with highlights on their merits and bottlenecks. Fourth, as programmable networks and machine learning (ML) techniques are increasingly becoming adopted by the community, their current applications in network security are discussed. Finally, we suggest several research gaps on enterprise network security to inspire future research.
Keywords
