Enterprise networks that host valuable assets and services are popular and frequent targets of distributed network attacks. In order to cope with the ever-increasing threats, industrial and research communities develop systems and methods to monitor the behaviors of their assets and protect them from critical attacks. In this paper, we systematically survey related research articles and industrial systems to highlight the current status of this arms race in enterprise network security. First, we discuss the taxonomy of distributed network attacks on enterprise assets, including distributed denial-of-service (DDoS) and reconnaissance attacks. Second, we review existing methods in monitoring and classifying network behavior of enterprise hosts to verify their benign activities and isolate potential anomalies. Third, state-of-the-art detection methods for distributed network attacks sourced from external attackers are elaborated, highlighting their merits and bottlenecks. Fourth, as programmable networks and machine learning (ML) techniques are increasingly becoming adopted by the community, their current applications in network security are discussed. Finally, we highlight several research gaps on enterprise network security to inspire future research.

翻译：承载着高价值资产与服务的企业网络，常成为分布式网络攻击的普遍高频目标。为应对日益增长的威胁，工业界与学术界持续开发系统与方法，以监控资产行为并保护其免受重大攻击。本文对相关研究论文与工业系统进行系统性综述，旨在揭示企业网络安全领域这场军备竞赛的现状。首先，我们探讨针对企业资产的分布式网络攻击分类体系，包括分布式拒绝服务攻击（DDoS）与侦察攻击。其次，我们综述企业主机网络行为监控与分类的现有方法，以验证其良性活动并隔离潜在异常。再次，详细阐述源自外部攻击者的分布式网络攻击前沿检测方法，重点分析其优势与瓶颈。随后，鉴于可编程网络与机器学习技术在该领域的日益普及，讨论其在网络安全中的当前应用。最后，我们指出企业网络安全领域的若干研究空白，以启发未来研究方向。