Conference Paper/Proceeding/Abstract 348 views
Data-Driven Design for Anomaly Detection in Network Access Control Systems
Musa Abubakar Muhammad,
Fabio Caraffini 
,
Adebamigbe Fasanmade,
Olabayo Ishola,
Kabiru Mohammed,
Jarrad Morden
,
Adebamigbe Fasanmade,
Olabayo Ishola,
Kabiru Mohammed,
Jarrad Morden
2023 International Conference on Business Analytics for Technology and Security (ICBATS)
Swansea University Author:
Fabio Caraffini
DOI (Published version): 10.1109/icbats57792.2023.10111130
Abstract
Current network access control systems can contain unpredictable interactions between multiple device models, multiple network protocol layers (e.g. TCP, UDP and ICMP), hardware, and clock-skew-specific influences, and cannot detect or identify abnormal behaviours based on the type of device.To comp...
| Published in: | 2023 International Conference on Business Analytics for Technology and Security (ICBATS) |
|---|---|
| ISBN: | 979-8-3503-3565-1 979-8-3503-3564-4 |
| Published: |
IEEE
2023
|
| Online Access: |
http://dx.doi.org/10.1109/icbats57792.2023.10111130 |
| URI: | https://cronfa.swan.ac.uk/Record/cronfa62224 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| first_indexed |
2023-04-14T14:37:09Z |
|---|---|
| last_indexed |
2023-04-15T03:21:13Z |
| id |
cronfa62224 |
| recordtype |
SURis |
| fullrecord |
<?xml version="1.0" encoding="utf-8"?><rfc1807 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><bib-version>v2</bib-version><id>62224</id><entry>2022-12-30</entry><title>Data-Driven Design for Anomaly Detection in Network Access Control Systems</title><swanseaauthors><author><sid>d0b8d4e63d512d4d67a02a23dd20dfdb</sid><ORCID>0000-0001-9199-7368</ORCID><firstname>Fabio</firstname><surname>Caraffini</surname><name>Fabio Caraffini</name><active>true</active><ethesisStudent>false</ethesisStudent></author></swanseaauthors><date>2022-12-30</date><deptcode>SCS</deptcode><abstract>Current network access control systems can contain unpredictable interactions between multiple device models, multiple network protocol layers (e.g. TCP, UDP and ICMP), hardware, and clock-skew-specific influences, and cannot detect or identify abnormal behaviours based on the type of device.To complicate things further, the ‘bring your own device’ policy is increasing security threats, ulnerabilities, and risks to enterprise network environments, making intrusion detection and prevention systems unable to detect illegal and unauthorised access to devices in the enterprise network. The consequences can be disastrous. In this light, we propose a simple but effective clustering approach capable of separating normal and abnormal network traffic patterns to detect such challenges (anomalies). We apply this approach to single devices and aggregations of data per device type. Additionally, we propose plotting the notched box for each cluster to acquire a better understanding of their data distributions and measuring the clusters’ performance using the Adjusted Rand Index. Our results show that the proposed method is valid, can be used in several contexts, and features a 95%confidence that most single device and device type distributions overlap, which makes them equivalently usable for anomaly detection purposes.</abstract><type>Conference Paper/Proceeding/Abstract</type><journal>2023 International Conference on Business Analytics for Technology and Security (ICBATS)</journal><volume/><journalNumber/><paginationStart/><paginationEnd/><publisher>IEEE</publisher><placeOfPublication/><isbnPrint>979-8-3503-3565-1</isbnPrint><isbnElectronic>979-8-3503-3564-4</isbnElectronic><issnPrint/><issnElectronic/><keywords/><publishedDay>7</publishedDay><publishedMonth>3</publishedMonth><publishedYear>2023</publishedYear><publishedDate>2023-03-07</publishedDate><doi>10.1109/icbats57792.2023.10111130</doi><url>http://dx.doi.org/10.1109/icbats57792.2023.10111130</url><notes/><college>COLLEGE NANME</college><department>Computer Science</department><CollegeCode>COLLEGE CODE</CollegeCode><DepartmentCode>SCS</DepartmentCode><institution>Swansea University</institution><apcterm/><funders/><projectreference/><lastEdited>2023-06-13T11:14:49.1041417</lastEdited><Created>2022-12-30T17:11:08.1405306</Created><path><level id="1">Faculty of Science and Engineering</level><level id="2">School of Mathematics and Computer Science - Computer Science</level></path><authors><author><firstname>Musa Abubakar</firstname><surname>Muhammad</surname><order>1</order></author><author><firstname>Fabio</firstname><surname>Caraffini</surname><orcid>0000-0001-9199-7368</orcid><order>2</order></author><author><firstname>Adebamigbe</firstname><surname>Fasanmade</surname><order>3</order></author><author><firstname>Olabayo</firstname><surname>Ishola</surname><order>4</order></author><author><firstname>Kabiru</firstname><surname>Mohammed</surname><order>5</order></author><author><firstname>Jarrad</firstname><surname>Morden</surname><order>6</order></author></authors><documents><document><filename>Under embargo</filename><originalFilename>Under embargo</originalFilename><uploaded>2022-12-30T17:25:10.2232407</uploaded><type>Output</type><contentLength>360681</contentLength><contentType>application/pdf</contentType><version>Accepted Manuscript</version><cronfaStatus>true</cronfaStatus><embargoDate>2024-12-30T00:00:00.0000000</embargoDate><documentNotes>“© 20XX IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.”</documentNotes><copyrightCorrect>true</copyrightCorrect><language>English</language></document></documents><OutputDurs/></rfc1807> |
| spelling |
v2 62224 2022-12-30 Data-Driven Design for Anomaly Detection in Network Access Control Systems d0b8d4e63d512d4d67a02a23dd20dfdb 0000-0001-9199-7368 Fabio Caraffini Fabio Caraffini true false 2022-12-30 SCS Current network access control systems can contain unpredictable interactions between multiple device models, multiple network protocol layers (e.g. TCP, UDP and ICMP), hardware, and clock-skew-specific influences, and cannot detect or identify abnormal behaviours based on the type of device.To complicate things further, the ‘bring your own device’ policy is increasing security threats, ulnerabilities, and risks to enterprise network environments, making intrusion detection and prevention systems unable to detect illegal and unauthorised access to devices in the enterprise network. The consequences can be disastrous. In this light, we propose a simple but effective clustering approach capable of separating normal and abnormal network traffic patterns to detect such challenges (anomalies). We apply this approach to single devices and aggregations of data per device type. Additionally, we propose plotting the notched box for each cluster to acquire a better understanding of their data distributions and measuring the clusters’ performance using the Adjusted Rand Index. Our results show that the proposed method is valid, can be used in several contexts, and features a 95%confidence that most single device and device type distributions overlap, which makes them equivalently usable for anomaly detection purposes. Conference Paper/Proceeding/Abstract 2023 International Conference on Business Analytics for Technology and Security (ICBATS) IEEE 979-8-3503-3565-1 979-8-3503-3564-4 7 3 2023 2023-03-07 10.1109/icbats57792.2023.10111130 http://dx.doi.org/10.1109/icbats57792.2023.10111130 COLLEGE NANME Computer Science COLLEGE CODE SCS Swansea University 2023-06-13T11:14:49.1041417 2022-12-30T17:11:08.1405306 Faculty of Science and Engineering School of Mathematics and Computer Science - Computer Science Musa Abubakar Muhammad 1 Fabio Caraffini 0000-0001-9199-7368 2 Adebamigbe Fasanmade 3 Olabayo Ishola 4 Kabiru Mohammed 5 Jarrad Morden 6 Under embargo Under embargo 2022-12-30T17:25:10.2232407 Output 360681 application/pdf Accepted Manuscript true 2024-12-30T00:00:00.0000000 “© 20XX IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.” true English |
| title |
Data-Driven Design for Anomaly Detection in Network Access Control Systems |
| spellingShingle |
Data-Driven Design for Anomaly Detection in Network Access Control Systems Fabio Caraffini |
| title_short |
Data-Driven Design for Anomaly Detection in Network Access Control Systems |
| title_full |
Data-Driven Design for Anomaly Detection in Network Access Control Systems |
| title_fullStr |
Data-Driven Design for Anomaly Detection in Network Access Control Systems |
| title_full_unstemmed |
Data-Driven Design for Anomaly Detection in Network Access Control Systems |
| title_sort |
Data-Driven Design for Anomaly Detection in Network Access Control Systems |
| author_id_str_mv |
d0b8d4e63d512d4d67a02a23dd20dfdb |
| author_id_fullname_str_mv |
d0b8d4e63d512d4d67a02a23dd20dfdb_***_Fabio Caraffini |
| author |
Fabio Caraffini |
| author2 |
Musa Abubakar Muhammad Fabio Caraffini Adebamigbe Fasanmade Olabayo Ishola Kabiru Mohammed Jarrad Morden |
| format |
Conference Paper/Proceeding/Abstract |
| container_title |
2023 International Conference on Business Analytics for Technology and Security (ICBATS) |
| publishDate |
2023 |
| institution |
Swansea University |
| isbn |
979-8-3503-3565-1 979-8-3503-3564-4 |
| doi_str_mv |
10.1109/icbats57792.2023.10111130 |
| publisher |
IEEE |
| college_str |
Faculty of Science and Engineering |
| hierarchytype |
|
| hierarchy_top_id |
facultyofscienceandengineering |
| hierarchy_top_title |
Faculty of Science and Engineering |
| hierarchy_parent_id |
facultyofscienceandengineering |
| hierarchy_parent_title |
Faculty of Science and Engineering |
| department_str |
School of Mathematics and Computer Science - Computer Science{{{_:::_}}}Faculty of Science and Engineering{{{_:::_}}}School of Mathematics and Computer Science - Computer Science |
| url |
http://dx.doi.org/10.1109/icbats57792.2023.10111130 |
| document_store_str |
0 |
| active_str |
0 |
| description |
Current network access control systems can contain unpredictable interactions between multiple device models, multiple network protocol layers (e.g. TCP, UDP and ICMP), hardware, and clock-skew-specific influences, and cannot detect or identify abnormal behaviours based on the type of device.To complicate things further, the ‘bring your own device’ policy is increasing security threats, ulnerabilities, and risks to enterprise network environments, making intrusion detection and prevention systems unable to detect illegal and unauthorised access to devices in the enterprise network. The consequences can be disastrous. In this light, we propose a simple but effective clustering approach capable of separating normal and abnormal network traffic patterns to detect such challenges (anomalies). We apply this approach to single devices and aggregations of data per device type. Additionally, we propose plotting the notched box for each cluster to acquire a better understanding of their data distributions and measuring the clusters’ performance using the Adjusted Rand Index. Our results show that the proposed method is valid, can be used in several contexts, and features a 95%confidence that most single device and device type distributions overlap, which makes them equivalently usable for anomaly detection purposes. |
| published_date |
2023-03-07T11:14:50Z |
| _version_ |
1768582063305261056 |
| score |
11.013619 |