Frontiers of Data and Computing ›› 2024, Vol. 6 ›› Issue (1): 162-178.

CSTR: 32002.14.jfdc.CN10-1649/TP.2024.01.015

doi: 10.11871/jfdc.issn.2096-742X.2024.01.015

• Technology and Application • Previous Articles     Next Articles

A Review of Concept Drift in the Field of Network Anomaly Detection

DU Guanyao1(),GUO Yongjie1,2,LONG Chun1,*(),ZHAO Jing1,WAN Wei1   

  1. 1. Computer Network Information Center, Chinese Academy of Sciences, Beijing 100083, China
    2. University of Chinese Academy of Sciences, Beijing 100190, China
  • Received:2023-08-01 Online:2024-02-20 Published:2024-02-21

Abstract:

[Purpose] With the rapid development and widespread application of network technology, network anomaly detection has become increasingly crucial as a means to safeguard network security and maintain the normal operation of systems. However, the evolving nature of abnormal behaviors and attack methods in networks presents new challenges to anomaly detection. Among these challenges, the concept drift problem is one of the widely recognized complexities in the field of network anomaly detection. [Methods] This review aims to conduct research analysis and summarization on the concept drift problem in the field of network anomaly detection. In comparison to previous studies, this paper will focus specifically on the field of flow data in network anomaly detection. [Literature Scope] Firstly, a detailed introduction to concept drift is provided, including its definition, causes, and characteristics. A comprehensive understanding of concept drift is intended to guide subsequent detection methods. Secondly, a systematic introduction to concept drift detection methods is presented, primarily including statistical methods, machine learning methods, and deep learning methods, while comparing the advantages, disadvantages, and application scenarios of each method. Finally, potential future research directions for concept drift are discussed. [Conclusion] This paper centers on the concept drift problem in the field of network anomaly detection. By providing a detailed introduction to the definition, causes, and characteristics of concept drift and conducting an in-depth analysis and summarization of concept drift detection methods tailored for flow data, the paper offers valuable references and guidance for future research directions.

Key words: concept drift, network anomaly detection, data distribution, model updating