Conference Paper/Proceeding/Abstract 908 views 163 downloads
Data-Driven Design for Anomaly Detection in Network Access Control Systems
Musa Abubakar Muhammad,
Fabio Caraffini 
,
Adebamigbe Fasanmade,
Olabayo Ishola,
Kabiru Mohammed,
Jarrad Morden
,
Adebamigbe Fasanmade,
Olabayo Ishola,
Kabiru Mohammed,
Jarrad Morden
2023 International Conference on Business Analytics for Technology and Security (ICBATS), Pages: 1 - 10
Swansea University Author:
Fabio Caraffini
-
PDF | Accepted Manuscript
Download (352.23KB)
DOI (Published version): 10.1109/icbats57792.2023.10111130
Abstract
Current network access control systems can contain unpredictable interactions between multiple device models, multiple network protocol layers (e.g. TCP, UDP and ICMP), hardware, and clock-skew-specific influences, and cannot detect or identify abnormal behaviours based on the type of device.To comp...
| Published in: | 2023 International Conference on Business Analytics for Technology and Security (ICBATS) |
|---|---|
| ISBN: | 979-8-3503-3565-1 979-8-3503-3564-4 |
| Published: |
IEEE
2023
|
| URI: | https://cronfa.swan.ac.uk/Record/cronfa62224 |
| first_indexed |
2023-04-14T14:37:09Z |
|---|---|
| last_indexed |
2025-02-13T05:29:46Z |
| id |
cronfa62224 |
| recordtype |
SURis |
| fullrecord |
<?xml version="1.0"?><rfc1807><datestamp>2025-02-12T11:31:32.4809410</datestamp><bib-version>v2</bib-version><id>62224</id><entry>2022-12-30</entry><title>Data-Driven Design for Anomaly Detection in Network Access Control Systems</title><swanseaauthors><author><sid>d0b8d4e63d512d4d67a02a23dd20dfdb</sid><ORCID>0000-0001-9199-7368</ORCID><firstname>Fabio</firstname><surname>Caraffini</surname><name>Fabio Caraffini</name><active>true</active><ethesisStudent>false</ethesisStudent></author></swanseaauthors><date>2022-12-30</date><deptcode>MACS</deptcode><abstract>Current network access control systems can contain unpredictable interactions between multiple device models, multiple network protocol layers (e.g. TCP, UDP and ICMP), hardware, and clock-skew-specific influences, and cannot detect or identify abnormal behaviours based on the type of device.To complicate things further, the ‘bring your own device’ policy is increasing security threats, ulnerabilities, and risks to enterprise network environments, making intrusion detection and prevention systems unable to detect illegal and unauthorised access to devices in the enterprise network. The consequences can be disastrous. In this light, we propose a simple but effective clustering approach capable of separating normal and abnormal network traffic patterns to detect such challenges (anomalies). We apply this approach to single devices and aggregations of data per device type. Additionally, we propose plotting the notched box for each cluster to acquire a better understanding of their data distributions and measuring the clusters’ performance using the Adjusted Rand Index. Our results show that the proposed method is valid, can be used in several contexts, and features a 95%confidence that most single device and device type distributions overlap, which makes them equivalently usable for anomaly detection purposes.</abstract><type>Conference Paper/Proceeding/Abstract</type><journal>2023 International Conference on Business Analytics for Technology and Security (ICBATS)</journal><volume/><journalNumber/><paginationStart>1</paginationStart><paginationEnd>10</paginationEnd><publisher>IEEE</publisher><placeOfPublication/><isbnPrint>979-8-3503-3565-1</isbnPrint><isbnElectronic>979-8-3503-3564-4</isbnElectronic><issnPrint/><issnElectronic/><keywords/><publishedDay>15</publishedDay><publishedMonth>5</publishedMonth><publishedYear>2023</publishedYear><publishedDate>2023-05-15</publishedDate><doi>10.1109/icbats57792.2023.10111130</doi><url/><notes/><college>COLLEGE NANME</college><department>Mathematics and Computer Science School</department><CollegeCode>COLLEGE CODE</CollegeCode><DepartmentCode>MACS</DepartmentCode><institution>Swansea University</institution><apcterm/><funders/><projectreference/><lastEdited>2025-02-12T11:31:32.4809410</lastEdited><Created>2022-12-30T17:11:08.1405306</Created><path><level id="1">Faculty of Science and Engineering</level><level id="2">School of Mathematics and Computer Science - Computer Science</level></path><authors><author><firstname>Musa Abubakar</firstname><surname>Muhammad</surname><order>1</order></author><author><firstname>Fabio</firstname><surname>Caraffini</surname><orcid>0000-0001-9199-7368</orcid><order>2</order></author><author><firstname>Adebamigbe</firstname><surname>Fasanmade</surname><order>3</order></author><author><firstname>Olabayo</firstname><surname>Ishola</surname><order>4</order></author><author><firstname>Kabiru</firstname><surname>Mohammed</surname><order>5</order></author><author><firstname>Jarrad</firstname><surname>Morden</surname><order>6</order></author></authors><documents><document><filename>62224__26147__f075bcd05c9a4a0fac8c18ebbeb891bc.pdf</filename><originalFilename>Data_Driven_Design.pdf</originalFilename><uploaded>2022-12-30T17:25:10.2232407</uploaded><type>Output</type><contentLength>360681</contentLength><contentType>application/pdf</contentType><version>Accepted Manuscript</version><cronfaStatus>true</cronfaStatus><embargoDate>2024-12-30T00:00:00.0000000</embargoDate><copyrightCorrect>true</copyrightCorrect><language>eng</language></document></documents><OutputDurs/></rfc1807> |
| spelling |
2025-02-12T11:31:32.4809410 v2 62224 2022-12-30 Data-Driven Design for Anomaly Detection in Network Access Control Systems d0b8d4e63d512d4d67a02a23dd20dfdb 0000-0001-9199-7368 Fabio Caraffini Fabio Caraffini true false 2022-12-30 MACS Current network access control systems can contain unpredictable interactions between multiple device models, multiple network protocol layers (e.g. TCP, UDP and ICMP), hardware, and clock-skew-specific influences, and cannot detect or identify abnormal behaviours based on the type of device.To complicate things further, the ‘bring your own device’ policy is increasing security threats, ulnerabilities, and risks to enterprise network environments, making intrusion detection and prevention systems unable to detect illegal and unauthorised access to devices in the enterprise network. The consequences can be disastrous. In this light, we propose a simple but effective clustering approach capable of separating normal and abnormal network traffic patterns to detect such challenges (anomalies). We apply this approach to single devices and aggregations of data per device type. Additionally, we propose plotting the notched box for each cluster to acquire a better understanding of their data distributions and measuring the clusters’ performance using the Adjusted Rand Index. Our results show that the proposed method is valid, can be used in several contexts, and features a 95%confidence that most single device and device type distributions overlap, which makes them equivalently usable for anomaly detection purposes. Conference Paper/Proceeding/Abstract 2023 International Conference on Business Analytics for Technology and Security (ICBATS) 1 10 IEEE 979-8-3503-3565-1 979-8-3503-3564-4 15 5 2023 2023-05-15 10.1109/icbats57792.2023.10111130 COLLEGE NANME Mathematics and Computer Science School COLLEGE CODE MACS Swansea University 2025-02-12T11:31:32.4809410 2022-12-30T17:11:08.1405306 Faculty of Science and Engineering School of Mathematics and Computer Science - Computer Science Musa Abubakar Muhammad 1 Fabio Caraffini 0000-0001-9199-7368 2 Adebamigbe Fasanmade 3 Olabayo Ishola 4 Kabiru Mohammed 5 Jarrad Morden 6 62224__26147__f075bcd05c9a4a0fac8c18ebbeb891bc.pdf Data_Driven_Design.pdf 2022-12-30T17:25:10.2232407 Output 360681 application/pdf Accepted Manuscript true 2024-12-30T00:00:00.0000000 true eng |
| title |
Data-Driven Design for Anomaly Detection in Network Access Control Systems |
| spellingShingle |
Data-Driven Design for Anomaly Detection in Network Access Control Systems Fabio Caraffini |
| title_short |
Data-Driven Design for Anomaly Detection in Network Access Control Systems |
| title_full |
Data-Driven Design for Anomaly Detection in Network Access Control Systems |
| title_fullStr |
Data-Driven Design for Anomaly Detection in Network Access Control Systems |
| title_full_unstemmed |
Data-Driven Design for Anomaly Detection in Network Access Control Systems |
| title_sort |
Data-Driven Design for Anomaly Detection in Network Access Control Systems |
| author_id_str_mv |
d0b8d4e63d512d4d67a02a23dd20dfdb |
| author_id_fullname_str_mv |
d0b8d4e63d512d4d67a02a23dd20dfdb_***_Fabio Caraffini |
| author |
Fabio Caraffini |
| author2 |
Musa Abubakar Muhammad Fabio Caraffini Adebamigbe Fasanmade Olabayo Ishola Kabiru Mohammed Jarrad Morden |
| format |
Conference Paper/Proceeding/Abstract |
| container_title |
2023 International Conference on Business Analytics for Technology and Security (ICBATS) |
| container_start_page |
1 |
| publishDate |
2023 |
| institution |
Swansea University |
| isbn |
979-8-3503-3565-1 979-8-3503-3564-4 |
| doi_str_mv |
10.1109/icbats57792.2023.10111130 |
| publisher |
IEEE |
| college_str |
Faculty of Science and Engineering |
| hierarchytype |
|
| hierarchy_top_id |
facultyofscienceandengineering |
| hierarchy_top_title |
Faculty of Science and Engineering |
| hierarchy_parent_id |
facultyofscienceandengineering |
| hierarchy_parent_title |
Faculty of Science and Engineering |
| department_str |
School of Mathematics and Computer Science - Computer Science{{{_:::_}}}Faculty of Science and Engineering{{{_:::_}}}School of Mathematics and Computer Science - Computer Science |
| document_store_str |
1 |
| active_str |
0 |
| description |
Current network access control systems can contain unpredictable interactions between multiple device models, multiple network protocol layers (e.g. TCP, UDP and ICMP), hardware, and clock-skew-specific influences, and cannot detect or identify abnormal behaviours based on the type of device.To complicate things further, the ‘bring your own device’ policy is increasing security threats, ulnerabilities, and risks to enterprise network environments, making intrusion detection and prevention systems unable to detect illegal and unauthorised access to devices in the enterprise network. The consequences can be disastrous. In this light, we propose a simple but effective clustering approach capable of separating normal and abnormal network traffic patterns to detect such challenges (anomalies). We apply this approach to single devices and aggregations of data per device type. Additionally, we propose plotting the notched box for each cluster to acquire a better understanding of their data distributions and measuring the clusters’ performance using the Adjusted Rand Index. Our results show that the proposed method is valid, can be used in several contexts, and features a 95%confidence that most single device and device type distributions overlap, which makes them equivalently usable for anomaly detection purposes. |
| published_date |
2023-05-15T05:09:31Z |
| _version_ |
1851096691263930368 |
| score |
11.089386 |