I’ve been too lazy to read this kind of review articles before, and I think it’s watery, but after careful reading, I found that it is still very rewarding. I can read out the directions that many predecessors have been researching, and the technical results they are currently researching. It is worth reading.
A rough mind map (more than the above picture in the text) is shown in the picture above. In general, it is worth reading
Chinese, just search it on HowNet
In fact, after reading this paper, the biggest gain is:
Traditional misuse detection can be almost 100% accurate for intrusions, viruses, etc., but it is very weak for encryption and obfuscation, or 0day attacks; machine learning, deep learning, through various feature extraction, to build models, can Effectively intercept encrypted attacks and capture 0days, but the problem is that sometimes it is just the abnormal behavior of ordinary users that may also be dealt with. Not to mention the user experience, at least the burden on the system is very large, and such a large amount of data , How to train a model that does not fit but works well? worthy of study