Anomaly Detection in Computer Networks:
A State-of-the-Art Review

Sherenaz Al-Haj Baddar¹, Alessio Merlo²⁺, and Mauro Migliardi<sup>3

1</sup>Department of Computer Science, KASIT, The University of Jordan, Amman, 11942, Jordan
 s.baddar@ju.du.jo  

²Department Computer Security Lab (CSec Lab)
DIBRIS - University of Genova, Genova, 16145, Italy

alessio.merlo@unige.it

³DEI - University of Padova, Padova, 35131, Italy

mauro.migliardi@unipd.it

Abstract

The ever-lasting challenge of detecting and mitigating failures in computer networks has become more essential than ever; especially with the enormous number of smart devices that get connected to all sorts of network every day. Whether the root cause of a given anomaly is a security breach, a component failure, an environmental factor, or even any combination of these reasons, anomalies need to be detected and mitigated timely and properly. In this paper, we review and evaluate the state-of-the-art studies on the problem of anomaly detection in computer networks. We provide an elaborate description of the anomaly detection problem, and depict the different categorizations of its solutions. We also illustrate some recent state-of-the-art solutions on the network level, and depict current trends in handling malware-induced anomalies in smartphone networks. Additionally, we evaluate the presented solutions and highlight their shortcomings.

Keywords: Anomaly Detection, Network-level Detection, Application-level Detection,
Mobile Security, Android Security.

+: Corresponding author: Alessio Merlo

Computer Security Lab, DIBRIS, University of Genova, Viale F. Causa, 13, 16145, Genova.
Tel: +39-010-353-2344. Homepage: http://www.csec.it/people/alessio/

Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA),

Vol. 5, No. 4, pp. 29-64, December 2014 [pdf]