Smart network anomaly detection software architecture for network-enabled ubiquitous devices

• Autorzy: Pelc Mariusz , Galus Dawid , Gola Mariusz , Kawala-Sterniuk Aleksandra

Identyfikatory

DOI

10.24425/bpasts.2023.146285

• Języki publikacji: EN

Abstrakty

EN

In this paper we present an architecture for run-time reconfiguration of network-enabled ubiquitous devices. The whole idea is based on a policy-based system where the whole decision-making (e.g. anomaly detection-related) logic is provided in a form of an externally loaded policy file. The architecture is verified through real-life implementation on an embedded system whose sensitivity can be easily modified should a need arise in run-time without affecting network device/segment (and thus potentially a number of network services) so that they continue working while the re-configuration process is triggered.

Słowa kluczowe

EN

network anomaly detection; network threats detection; smart systems; policy-based computing

PL

inteligentne systemy; detekcja anomalii sieciowych; detekcja zagrożeń sieciowych; przetwarzanie danych

• Wydawca: Polska Akademia Nauk, Wydział IV Nauk Technicznych
• Czasopismo: Bulletin of the Polish Academy of Sciences. Technical Sciences
• Rocznik: 2023
• Tom: Vol. 71, nr 4
• Strony: art. no. e146285
• Opis fizyczny: Bibliogr. 37 poz., rys., tab.

Twórcy

autor

Pelc Mariusz

• Faculty of Electrical Engineering, Automatic Control and Informatics, Opole University of Technology, Opole, Poland
• School of Computing and Mathematical Sciences, University of Greenwich, London, UK

• https://orcid.org/0000-0003-2818-1010

autor

Galus Dawid

• Faculty of Electrical Engineering, Automatic Control and Informatics, Opole University of Technology, Opole, Poland

• https://orcid.org/0000-0002-6970-6760

autor

Gola Mariusz

• Faculty of Electrical Engineering, Automatic Control and Informatics, Opole University of Technology, Opole, Poland

• https://orcid.org/0000-0003-1469-5723

autor

Kawala-Sterniuk Aleksandra

• Faculty of Electrical Engineering, Automatic Control and Informatics, Opole University of Technology, Opole, Poland

• https://orcid.org/0000-0001-7826-1292

Bibliografia

• [1] P. Mulinka and P. Casas, “Stream-based machine learning for network security and anomaly detection,” in Proceedings of the 2018 Workshop on Big Data Analytics and Machine Learning for Data Communication Networks, ser. Big-DAMA ’18. New York, NY, USA: Association for Computing Machinery, 2018, pp. 1–7.
• [2] A. Meyer-Berg, R. Egert, L. Böck, and M. Mühlhäuser, “Iot dataset generation framework for evaluating anomaly detection mechanisms,” in Proceedings of the 15th International Conference on Availability, Reliability and Security, ser. ARES ’20. New York, NY, USA: Association for Computing Machinery, 2020, p. 30.
• [3] I.C. Paschalidis and Y. Chen, “Statistical anomaly detection with sensor networks,” ACM Trans. Sen. Netw., vol. 7, no. 2, p. 17, Sep. 2010.
• [4] G. Fernandes, E.H.M. Pena, L.F. Carvalho, J.J.P.C. Rodrigues, and M.L. Proença, “Statistical, forecasting and metaheuristic techniques for network anomaly detection,” ser. SAC ’15. New York, NY, USA: Association for Computing Machinery, 2015, pp. 701–707.
• [5] T.L. Fond, J. Neville, and B. Gallagher, “Designing size consistent statistics for accurate anomaly detection in dynamic networks,” ACM Trans. Knowl. Discov. Data, vol. 12, no. 4, p. 46, Apr. 2018.
• [6] J.O. Kephart and D.M. Chess, “The vision of autonomic computing.” Computer, vol. 1, pp. 41–50, 2003.
• [7] G. Pang, C. Shen, L. Cao, and A.V.D. Hengel, “Deep learning for anomaly detection: A review,” ACM Comput. Surv., vol. 54, no. 2, p. 38, mar 2021, doi: 10.1145/3439950.
• [8] J. Arevalo-Herrera, J.E. Camargo Mendoza, and J.I. Martinez Torre, “Network anomaly detection with machine learning techniques for sdn networks,” in Proceedings of the 7th International Conference on Information and Education Innovations, ser. ICIEI ’22. New York, NY, USA: Association for Computing Machinery, 2022, pp. 129–135. [Online]. Available: https://doi.org/10.1145/3535735.3535750
• [9] R.J. Anthony, “A policy-definition language and prototype implementation library for policy-based autonomic systems,” in Proc. of 3rd International Conference on Autonomic Computing. IEEE Computer Society, 2006, pp. 265–276.
• [10] M. Pelc, “Context aware fuzzy control systems.” Int. J. Softw. Eng. Knowl. Eng., vol. 24(5), pp. 825–856, 2014.
• [11] M. Solaimani, M. Iftekhar, L. Khan, and B. Thuraisingham, “Statistical technique for online anomaly detection using spark over heterogeneous data from multi-source vmware performance data,” in 2014 IEEE International Conference on Big Data (Big Data), 2014, pp. 1086–1094.
• [12] T. Liu, A. Qi, Y. Hou, and X. Chang, “Method for network anomaly detection based on bayesian statistical model with time slicing,” in 2008 7th World Congress on Intelligent Control and Automation, 2008, pp. 3359–3362.
• [13] P. Kromkowski, S. Li, W. Zhao, B. Abraham, A. Osborne, and D.E. Brown, “Evaluating statistical models for network traffic anomaly detection,” in 2019 Systems and Information Engineering Design Symposium (SIEDS), 2019, pp. 1–6.
• [14] M.H. Bhuyan, D.K. Bhattacharyya, and J.K. Kalita, “Nado: Network anomaly detection using outlier approach,” in Proceedings of the 2011 International Conference on Communication, Computing & Security, ser. ICCCS’11. New York, NY, USA: Association for Computing Machinery, 2011, pp. 531–536.
• [15] P. Kaur, “Outlier detection using kmeans and fuzzy min max neural network in network data,” in 2016 8th International Conference on Computational Intelligence and Communication Networks (CICN), 2016, pp. 693–696, doi: 10.1109/CICN.2016.142.
• [16] J. Mazel, P. Casas, Y. Labit, and P. Owezarski, “Sub-space clustering, inter-clustering results association & anomaly correlation for unsupervised network anomaly detection,” in Proceedings of the 7th International Conference on Network and Services Management, ser. CNSM ’11. Laxenburg, AUT: International Federation for Information Processing, 2011, pp. 73–80.
• [17] K. Flanagan, E. Fallon, P. Connolly, and A. Awad, “Network anomaly detection in time series using distance based outlier detection with cluster density analysis,” in 2017 Internet Technologies and Applications (ITA), 2017, pp. 116–121.
• [18] T. Kenaza, K. Bennaceur, and A. Labed, “An efficient hybrid svdd/clustering approach for anomaly-based intrusion detection,” ser. SAC ’18. New York, NY, USA: Association for Computing Machinery, 2018, pp. 435–443.
• [19] R. Bhatia, S. Benno, J. Esteban, T.V. Lakshman, and J. Grogan, “Unsupervised machine learning for network-centric anomaly detection in iot,” ser. Big-DAMA ’19. New York, NY, USA: Association for Computing Machinery, 2019, pp. 42–48.
• [20] X. Lu, P. Liu, and J. Lin, “Network traffic anomaly detection based on information gain and deep learning,” in Proceedings of the 2019 3rd International Conference on Information System and Data Mining, ser. ICISDM 2019. New York, NY, USA: Association for Computing Machinery, 2019, pp. 11–15.
• [21] Y. Su, Y. Zhao, C. Niu, R. Liu, W. Sun, and D. Pei, “Robust anomaly detection for multivariate time series through stochastic recurrent neural network,” in Proceedings of the 25th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining, ser. KDD ’19. New York, NY, USA: Association for Computing Machinery, 2019, pp. 2828–2837.
• [22] P.P. Chapke and R.R. Deshmukh, “Intrusion detection system using fuzzy logic and data mining technique,” ser. ICARCSET ’15. New York, NY, USA: Association for Computing Machinery, 2015, p. 63.
• [23] Z. Chiba, N. Abghour, K. Moussaid, A.E. Omri, and M. Rida, “A hybrid optimization framework based on genetic algorithm and simulated annealing algorithm to enhance performance of anomaly network intrusion detection system based on bp neural network,” in 2018 International Symposium on Advanced Electrical and Communication Technologies (ISAECT), 2018, pp. 1–6.
• [24] M. Bitaab and S. Hashemi, “Hybrid intrusion detection: Combining decision tree and gaussian mixture model,” in 2017 14th International ISC (Iranian Society of Cryptology) Conference on Information Security and Cryptology (ISCISC), 2017, pp. 8–12.
• [25] G. Pang, C. Shen, and A. van den Hengel, “Deep anomaly detection with deviation networks,” in Proceedings of the 25th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining, ser. KDD’19. New York, NY, USA: Association for Computing Machinery, 2019, pp. 353–362.
• [26] K.M. Prasad, A.R.M. Reddy, and K.V. Rao, “Bartd: Bio-inspired anomaly based real time detection of under rated app-ddos attack on web,” J. King Saud Univ.-Comput. Inf. Sci., vol. 32, no. 1, pp. 73–87, 2020.
• [27] L.K.G. Gonzalo P. Suárez and N.H. Fefferman, “A case study in tailoring a bio-inspired cyber-security algorithm: Designing anomaly detection for multilayer networks,” J. Cyber Secur. Mobil., vol. 8, no. 1, pp. 113–132, 2019.
• [28] P. Ward, M. Pelc, J. Hawthorne, and R.J. Anthony, “Embedding dynamic behaviour into a self-configuring software system,” in Proceedings of 5th International Conference on Autonomic and Trusted Computing. Springer LNCS, 2008, pp. 373–387.
• [29] R.J. Anthony, M. Pelc, P. Ward, and J. Hawthorne, “A run-time configurable software architecture for self-managing systems,” in Proc. of ICAC 2008. IEEE Computer Society, 2008, pp. 207–208.
• [30] M. Pelc and R. Anthony, “Towards policy-based self-configuration of embedded systems,” SIWN Syst. Infor. Sci. Notes, vol. 2, no. 1, pp. 20–26, 2007.
• [31] H.B. Mann, “Non-parametric test against trend,” Econometrica, vol. 13, pp. 245–256, 1945.
• [32] M.G. Kendall, Rank Correlation Methods. Charles Griffin, 1975.
• [33] M. Hussain and I. Mahmud, “Pymannkendall: a python package for non parametric mann kendall family of trend tests.” J. Open Source Softw., vol. 4, no. 39, p. 1556, 2019.
• [34] M. Pelc, “Github policies repository,” https://github.com/mariusz-pelc/policies, 2023 (accessed January 14, 2023).
• [35] E. Dostatni, D. Mikołajewski, J. Doro˙zy´nski, and I. Rojek, “Ecological design with the use of selected inventive methods including ai-based,” Appl. Sci., vol. 12, no. 19, p. 9577, 2022.
• [36] I. Rojek, E. Dostatni, D. Mikołajewski, L. Pawłowski, and K.M. Węgrzyn-Wolska, “Modern approach to sustainable production in the context of industry 4.0,” Bull. Pol. Acad. Sci. Tech. Sci., p. e143828, 2022.
• [37] J. Vanus, J. Kubicek, O.M. Gorjani, and J. Koziorek, “Using the ibm spss sw tool with wavelet transformation for co2 prediction within iot in smart home care,” Sensors, vol. 19, no. 6, p. 1407, 2019.

Uwagi

Opracowanie rekordu ze środków MEiN, umowa nr SONP/SP/546092/2022 w ramach programu "Społeczna odpowiedzialność nauki" - moduł: Popularyzacja nauki i promocja sportu (2022-2023).