Security Data Collection and Data Analytics in the Internet: A Survey

Research output: Contribution to journalReview ArticleScientificpeer-review


Research units

  • Xidian University
  • University of Alberta


Attacks over the Internet are becoming more and more complex and sophisticated. How to detect security threats and measure the security of the Internet arises a significant research topic. For detecting the Internet attacks and measuring its security, collecting different categories of data and employing methods of data analytics are essential. However, the literature still lacks a thorough review on security-related data collection and analytics on the Internet. Therefore, it becomes a necessity to review the current state of the art in order to gain a deep insight on what categories of data should be collected and which methods should be used to detect the Internet attacks and to measure its security. In this paper, we survey existing studies about security-related data collection and analytics for the purpose of measuring the Internet security. We first divide the data related to network security measurement into four categories: packet-level data, flow-level data, connection-level data, and host-level data. For each category of data, we provide a specific classification and discuss its advantages and disadvantages with regard to the Internet security threat detection. We also propose several additional requirements for security-related data analytics in order to make the analytics flexible and scalable. Based on the usage of data categories and the types of data analytic methods, we review current detection methods for Distributed Denial of Service (DDoS) flooding and worm attacks by applying the proposed requirements to evaluate their performance. Finally, based on the completed review, a list of open issues is outlined and future research directions are identified.


Original languageEnglish
Pages (from-to)586 - 618
JournalIEEE Communications Surveys and Tutorials
Issue number1
Early online date2018
Publication statusPublished - 2019
MoE publication typeA2 Review article in a scientific journal

    Research areas

  • Computer crime, Data analysis, data analytics, Data collection, data collection, DDoS flooding attacks, Grippers, Internet, Protocols, security measurement., Security-related data, worm attacks

Download statistics

No data available

ID: 27476862