No Cover Image

Conference Paper/Proceeding/Abstract 479 views 1 download

Data-Driven Design for Anomaly Detection in Network Access Control Systems

Musa Abubakar Muhammad, Fabio Caraffini Orcid Logo, Adebamigbe Fasanmade, Olabayo Ishola, Kabiru Mohammed, Jarrad Morden

2023 International Conference on Business Analytics for Technology and Security (ICBATS)

Swansea University Author: Fabio Caraffini Orcid Logo

  • Data_Driven_Design.pdf

    PDF | Accepted Manuscript

    “© 20XX IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.”

    Download (352.23KB)

DOI (Published version): 10.1109/icbats57792.2023.10111130

Abstract

Current network access control systems can contain unpredictable interactions between multiple device models, multiple network protocol layers (e.g. TCP, UDP and ICMP), hardware, and clock-skew-specific influences, and cannot detect or identify abnormal behaviours based on the type of device.To comp...

Full description

Published in: 2023 International Conference on Business Analytics for Technology and Security (ICBATS)
ISBN: 979-8-3503-3565-1 979-8-3503-3564-4
Published: IEEE 2023
Online Access: http://dx.doi.org/10.1109/icbats57792.2023.10111130
URI: https://cronfa.swan.ac.uk/Record/cronfa62224
Abstract: Current network access control systems can contain unpredictable interactions between multiple device models, multiple network protocol layers (e.g. TCP, UDP and ICMP), hardware, and clock-skew-specific influences, and cannot detect or identify abnormal behaviours based on the type of device.To complicate things further, the ‘bring your own device’ policy is increasing security threats, ulnerabilities, and risks to enterprise network environments, making intrusion detection and prevention systems unable to detect illegal and unauthorised access to devices in the enterprise network. The consequences can be disastrous. In this light, we propose a simple but effective clustering approach capable of separating normal and abnormal network traffic patterns to detect such challenges (anomalies). We apply this approach to single devices and aggregations of data per device type. Additionally, we propose plotting the notched box for each cluster to acquire a better understanding of their data distributions and measuring the clusters’ performance using the Adjusted Rand Index. Our results show that the proposed method is valid, can be used in several contexts, and features a 95%confidence that most single device and device type distributions overlap, which makes them equivalently usable for anomaly detection purposes.
College: Faculty of Science and Engineering

Similar Items