Moemedi Lefoane
ABSTRACT
Technological advancements have played a pivotal role in the rapid proliferation of the fourth industrial revolution (4IR) through the deployment of Internet of Things (IoT) devices in large numbers. COVID-19 caused serious disruptions across many industries with lockdowns and travel restrictions imposed across the globe. As a result, conducting business as usual became increasingly untenable, necessitating the adoption of new approaches in the workplace. For instance, virtual doctor consultations, remote learning, and virtual private network (VPN) connections for employees working from home became more prevalent. This paradigm shift has brought about positive benefits, however, it has also increased the attack vectors and surface, creating lucrative opportunities for cyber-attacks. Consequently, more sophisticated attacks have emerged, including Botnet attacks which typically lead to Distributed Denial of Service (DDoS). These pose a serious threat to businesses and organisations worldwide. This paper proposes a system for detecting malicious activities in network traffic using sequential pattern mining (SPM) techniques. The proposed approach utilises SPM as an unsupervised learning technique to extract intrinsic communication patterns from network traffic, enabling the discovery of rules for detecting malicious activities and generating security alerts accordingly. By leveraging this approach, businesses and organisations can enhance the security of their networks, detect malicious activities including emerging ones, and thus respond proactively to potential threats. The performance evaluation for the proposed approach reveals a True Positive Rate (TPR) of over 99% and a False Positive Rate (FPR) of 0%.
- Evgeny V. Ananin, Arina V. Nikishova, and Irina S. Kozhevnikova. 2017. Port scanning detection based on anomalies. In 2017 Dynamics of Systems, Mechanisms and Machines (Dynamics). 1–5. https://doi.org/10.1109/Dynamics.2017.8239427Google Scholar
Cross Ref
- Francisco J Aparicio-Navarro, Timothy A Chadza, Konstantinos G Kyriakopoulos, Ibrahim Ghafir, Sangarapillai Lambotharan, and Basil AsSadhan. 2019. Addressing multi-stage attacks using expert knowledge and contextual information. In 2019 22nd Conference on Innovation in Clouds, Internet and Networks and Workshops (ICIN). IEEE, 188–194.Google ScholarCross Ref
- Franciso J Aparicio-Navarro, Konstantinos G Kyriakopoulos, Ibrahim Ghafir, Sangarapillai Lambotharan, and Jonathon A Chambers. 2018. Multi-stage attack detection using contextual information. In MILCOM 2018-2018 IEEE Military Communications Conference (MILCOM). IEEE, 1–9.Google ScholarDigital Library
- Francisco J. Aparicio-Navarro, Konstantinos G. Kyriakopoulos, Yu Gong, David J. Parish, and Jonathon A. Chambers. 2017. Using Pattern-of-Life as Contextual Information for Anomaly-Based Intrusion Detection Systems. IEEE Access 5 (2017), 22177–22193. https://doi.org/10.1109/ACCESS.2017.2762162Google ScholarCross Ref
- Celyn Birkinshaw, Elpida Rouka, and Vassilios G. Vassilakis. 2019. Implementing an intrusion detection and prevention system using software-defined networking: Defending against port-scanning and denial-of-service attacks. Journal of Network and Computer Applications 136 (2019), 71–85. https://doi.org/10.1016/j.jnca.2019.03.005Google ScholarDigital Library
- Andrew Carlin, Mohammad Hammoudeh, and Omar Aldabbas. 2015. Intrusion detection and countermeasure of virtual cloud systems-state of the art and current challenges. International Journal of Advanced Computer Science and Applications 6, 6 (2015).Google ScholarCross Ref
- Cisco. 2021. Snort. https://www.snort.org/. Accessed: 2021-10-20.Google Scholar
- Diab M Diab, Basil AsSadhan, Hamad Binsalleeh, Sangarapillai Lambotharan, Konstantinos G Kyriakopoulos, and Ibrahim Ghafir. 2019. Anomaly detection using dynamic time warping. In 2019 IEEE International Conference on Computational Science and Engineering (CSE) and IEEE International Conference on Embedded and Ubiquitous Computing (EUC). IEEE, 193–198.Google ScholarCross Ref
- Diab M Diab, Basil AsSadhan, Hamad Binsalleeh, Sangarapillai Lambotharan, Konstantinos G Kyriakopoulos, and Ibrahim Ghafir. 2021. Denial of service detection using dynamic time warping. International Journal of Network Management 31, 6 (2021), e2159.Google ScholarDigital Library
- Philippe Fournier-Viger. 2021. SPMF An Open-Source Data Mining Library. https://www.philippe-fournier-viger.com/spmf/index.php/. Accessed: 2023-11-24.Google Scholar
- Philippe Fournier-Viger, Jerry Chun‐wei Lin, Rage Uday Kiran, Yun Sing Koh, and Rincy Thomas. 2017. A Survey of Sequential Pattern Mining. https://api.semanticscholar.org/CorpusID:9784038Google Scholar
- Philippe Fournier-Viger, Jerry Chun-Wei Lin, Antonio Gomariz, Ted Gueniche, Azadeh Soltani, Zhihong Deng, and Hoang Thanh Lam. 2016. The SPMF Open-Source Data Mining Library Version 2. In Machine Learning and Knowledge Discovery in Databases, Bettina Berendt, Björn Bringmann, Élisa Fromont, Gemma Garriga, Pauli Miettinen, Nikolaj Tatti, and Volker Tresp (Eds.). Springer International Publishing, Cham, 36–40.Google Scholar
- RaviTeja Gaddam and M. Nandhini. 2017. An analysis of various snort based techniques to detect and prevent intrusions in networks proposal with code refactoring snort tool in Kali Linux environment. In 2017 International Conference on Inventive Communication and Computational Technologies (ICICCT). 10–15. https://doi.org/10.1109/ICICCT.2017.7975177Google ScholarCross Ref
- Ibrahim Ghafir, Mohammad Hammoudeh, Vaclav Prenosil, Liangxiu Han, Robert Hegarty, Khaled Rabie, and Francisco J. Aparicio-Navarro. 2018. Detection of advanced persistent threat using machine-learning correlation analysis. Future Generation Computer Systems 89 (2018), 349–359. https://doi.org/10.1016/j.future.2018.06.055Google ScholarDigital Library
- Mohammad Hammoudeh, Gregory Epiphaniou, Sana Belguith, Devrim Unal, Bamidele Adebisi, Thar Baker, ASM Kayes, and Paul Watters. 2020. A service-oriented approach for sensing in the Internet of Things: Intelligent transportation systems and privacy use cases. IEEE Sensors Journal 21, 14 (2020), 15753–15761.Google ScholarCross Ref
- Mohammad Hammoudeh and Robert Newman. 2015. Information extraction from sensor networks using the Watershed transform algorithm. Information Fusion 22 (2015), 39–49.Google ScholarCross Ref
- Xiaojin Hong, Changzhen Hu, Zhigang Wang, Guoqiang Wang, and Ying Wan. 2012. VisSRA: Visualizing Snort Rules and Alerts. In 2012 Fourth International Conference on Computational Intelligence and Communication Networks. 441–444. https://doi.org/10.1109/CICN.2012.207Google ScholarDigital Library
- Martin Husák, Jaroslav Kašpar, Elias Bou-Harb, and Pavel Čeleda. 2017. On the Sequential Pattern and Rule Mining in the Analysis of Cyber Security Alerts. In Proceedings of the 12th International Conference on Availability, Reliability and Security (Reggio Calabria, Italy) (ARES ’17). Association for Computing Machinery, New York, NY, USA, Article 22, 10 pages. https://doi.org/10.1145/3098954.3098981Google ScholarDigital Library
- Jafar Haadi Jafarian, Masoumeh Abolfathi, and Mahsa Rahimian. 2023. Detecting Network Scanning Through Monitoring and Manipulation of DNS Traffic. IEEE Access 11 (2023), 20267–20283. https://doi.org/10.1109/ACCESS.2023.3250106Google ScholarCross Ref
- Gozde Karatas, Onder Demir, and Ozgur Koray Sahingoz. 2018. Deep Learning in Intrusion Detection Systems. In 2018 International Congress on Big Data, Deep Learning and Fighting Cyber Terrorism (IBIGDELFT). 113–116. https://doi.org/10.1109/IBIGDELFT.2018.8625278Google ScholarCross Ref
- Moemedi Lefoane, Ibrahim Ghafir, Sohag Kabir, and Irfan-Ullah Awan. 2021. Machine Learning for Botnet Detection: An Optimized Feature Selection Approach. In The 5th International Conference on Future Networks & Distributed Systems (Dubai, United Arab Emirates) (ICFNDS 2021). Association for Computing Machinery, New York, NY, USA, 195–200.Google Scholar
- Moemedi Lefoane, Ibrahim Ghafir, Sohag Kabir, and Irfan-Ullah Awan. 2022. Multi-stage Attack Detection: Emerging Challenges for Wireless Networks. In 2022 International Conference on Smart Applications, Communications and Networking (SmartNets). 01–05. https://doi.org/10.1109/SmartNets55823.2022.9994027Google ScholarCross Ref
- Moemedi Lefoane, Ibrahim Ghafir, Sohag Kabir, and Irfan-Ullah Awan. 2023. Latent Dirichlet Allocation for the Detection of Multi-Stage Attacks. In The 24th International Arab Conference on Information Technology. IEEE, 1–6.Google Scholar
- Moemedi Lefoane, Ibrahim Ghafir, Sohag Kabir, and Irfan-Ullah Awan. 2023. Unsupervised Learning for Feature Selection: A Proposed Solution for Botnet Detection in 5G Networks. IEEE Transactions on Industrial Informatics 19, 1 (2023), 921–929. https://doi.org/10.1109/TII.2022.3192044Google ScholarCross Ref
- Euclides Carlos Pinto Neto, Sajjad Dadkhah, Raphael Ferreira, Alireza Zohourian, Rongxing Lu, and Ali A. Ghorbani. 2023. CICIoT2023: A Real-Time Dataset and Benchmark for Large-Scale Attacks in IoT Environment. Sensors 23, 13 (2023). https://doi.org/10.3390/s23135941Google ScholarCross Ref
- NMAP. 2023. Custom Scan Types with –scanflags. https://nmap.org/book/scan-methods-custom-scanflags.html/. Accessed: 2023-11-26.Google Scholar
- Jian Pei, Jiawei Han, B. Mortazavi-Asl, Jianyong Wang, H. Pinto, Qiming Chen, U. Dayal, and Mei-Chun Hsu. 2004. Mining sequential patterns by pattern-growth: the PrefixSpan approach. IEEE Transactions on Knowledge and Data Engineering 16, 11 (2004), 1424–1440. https://doi.org/10.1109/TKDE.2004.77Google ScholarDigital Library
- E.S. Sagatov, S. Mayhoub, A.M. Sukhov, F. Esposito, and P. Calyam. 2021. Proactive Detection for Countermeasures on Port Scanning based Attacks. In 2021 17th International Conference on Network and Service Management (CNSM). 402–406. https://doi.org/10.23919/CNSM52442.2021.9615577Google ScholarCross Ref
- The-Zeek-Project. 2021. Zeek. https://zeek.org/. Accessed: 2021-10-20.Google Scholar
- Ridho Trivonanda, Rahmad Mahendra, Indra Budi, and Rani Aulia Hidayat. 2020. Sequential Pattern Mining for e-Commerce Recommender System. In 2020 International Conference on Advanced Computer Science and Information Systems (ICACSIS). 393–398. https://doi.org/10.1109/ICACSIS51025.2020.9263192Google ScholarCross Ref
- Doruk Tıktıklar, Gürsel Baltaoğlu, Efsa Çakır, Zeynep Küçük, and Mehmet S. Aktas. 2021. On the Comparative Analysis of Sequence Mining Algorithms: Case Study in Telecommunications. In 2021 6th International Conference on Computer Science and Engineering (UBMK). 145–150. https://doi.org/10.1109/UBMK52708.2021.9558935Google ScholarCross Ref
- R. Vinayakumar, Mamoun Alazab, K. P. Soman, Prabaharan Poornachandran, Ameer Al-Nemrat, and Sitalakshmi Venkatraman. 2019. Deep Learning Approach for Intelligent Intrusion Detection System. IEEE Access 7 (2019), 41525–41550. https://doi.org/10.1109/ACCESS.2019.2895334Google ScholarCross Ref
- Chuan Yue, Lide Wang, Dengrui Wang, Ruifeng Duo, and Xiaobo Nie. 2021. An Ensemble Intrusion Detection Method for Train Ethernet Consist Network Based on CNN and RNN. IEEE Access 9 (2021), 59527–59539. https://doi.org/10.1109/ACCESS.2021.3073413Google ScholarCross Ref
- Yuan Zhang, Qinghai Yang, Sangarapillai Lambotharan, Konstantinos Kyriakopoulos, Ibrahim Ghafir, and Basil AsSadhan. 2019. Anomaly-based network intrusion detection using SVM. In 2019 11th International conference on wireless communications and signal processing (WCSP). IEEE, 1–6.Google ScholarCross Ref
Index Terms
- Sequential Pattern Mining: A Proposed Approach for Intrusion Detection Systems
Recommendations
Malicious sequential pattern mining for automatic malware detection
An effective framework using sequence mining technique is proposed for automatic malware detection.An efficient sequential pattern mining algorithm for discovering discriminative patterns between malware and benign samples.A new nearest neighbor ...
Enhancing Intrusion Detection System with proximity information
Intrusion Detection Systems (IDSes) proposed to identify or prevent the wide spread of worms can be largely classified as signature-based or anomaly-based. Modern worms are often sufficiently intelligent to hide their activities and evade anomaly ...
Building Trustworthy Intrusion Detection through VM Introspection
IAS '07: Proceedings of the Third International Symposium on Information Assurance and SecurityPsyco-Virt is a high assurance intrusion detection tool that merges host and network intrusion detection technologies with virtual machine introspection. Psyco-Virt architecture includes a cluster of virtual machines, the monitored VMs, which run the OS ...
Comments