A survey of IT early warning systems: architectures, challenges, and solutions

With the advent of new technologies and various services provided in the context of computer networks, a large volume of data is being generated. The main challenge in this area is providing network protection services against various threats and vulnerabilities. So far, many techniques have been proposed to deal with these threats. All of these techniques pursue the same goal, preventing attackers from reaching their objectives. A solution based on early warning system(s) (EWSs) is what exactly security teams need to manage the threats properly. EWS, as a complement to Intrusion Detection System, is a proactive approach against security threats. This is carried out through the early detection of potential behavior of a system, evaluating the scope of malicious behavior, and finally, using suitable response against any kind of detectable security event. This paper presents a comprehensive review on EWSs including definitions, applications, architectures, alert correlation aspects, and other technical requirements. Furthermore, previous studies and existing EWSs have been described and analyzed here. A classification of EWSs has been presented: commercial systems and systems under research and development. Finally, from the studies about EWSs, we conclude some challenges and research issues are still remain open. Copyright (C) 2016 John Wiley & Sons, Ltd.