Temporal Analysis Framework for Intrusion Detection Systems: A Novel Taxonomy for Time-Aware Cybersecurity
Tatiana S. Parlanti, Carlos A. Catania
TL;DR
The paper addresses the deficit in early threat detection by introducing a temporal analysis framework and taxonomy for time-aware NIDS. Through a systematic review of publications from 2020–2025, it classifies approaches into five temporal categories (S.1–T.3) and maps them to MITRE ATT&CK tactics, revealing coverage gaps and dataset biases toward late-stage attacks. The work highlights the need for temporally rich datasets and richer evaluation metrics to assess early detection and generalization across networks. Overall, the framework aims to shift intrusion detection toward proactive defense by enabling detection of evolving adversarial patterns across the attack lifecycle.
Abstract
Most intrusion detection systems still identify attacks only after significant damage has occurred, detecting late-stage tactics rather than early indicators of compromise. This paper introduces a temporal analysis framework and taxonomy for time-aware network intrusion detection. Through a systematic review of over 40 studies published between 2020 and 2025, we classify NIDS methods according to their treatment of time, from static per-flow analysis to multi-window sequential modeling. The proposed taxonomy reveals that inter-flow sequential and temporal window-based methods provide the broadest temporal coverage across MITRE ATT&CK tactics, enabling detection from Reconnaissance through Impact stages. Our analysis further exposes systematic bias in widely used datasets, which emphasize late-stage attacks and thus limit progress toward early detection. This framework provides essential groundwork for developing IDS capable of anticipating rather than merely reacting to cyber threats, advancing the field toward truly proactive defense mechanisms.