Analysis and selection of relevant network anomaly detection metrics

Authors

DOI:

https://doi.org/10.30837/ITSSI.2023.26.145

Keywords:

network anomaly, intrusion detection system, proximity measure, attack classification

Abstract

The object of the study is the detection of network anomalies - an important and dynamically developing area of research. The article discusses the main aspects of network anomaly detection. Principles are formulated that allow generalization of various anomaly detection methods. The attacks that network intrusion detection systems typically face are presented, along with the characteristics and types of intrusion detection methods. Network anomalies are considered as manifestations of network attacks, which makes it possible to classify anomalies. The analysis of iterative sources showed that, despite the breadth of coverage of various methods, subject areas and tasks for detecting network anomalies, less attention is paid to the key issue – the analysis of network anomaly metrics and the rationale for choosing the relevant metric in a particular case. The paper presents types, characteristics and examples of network anomalies. To classify and facilitate the detection of network anomalies, metrics are proposed that are based on proximity measures for numeric, categorical, and mixed data types that characterize anomalies. The network anomaly detection problem is presented as a classification or clustering problem. The components that characterize this problem are identified, namely types of input data, acceptability of proximity measures, data labeling, classification of methods based on the use of labeled data, identifying relevant features and reporting anomalies. An approach is described that allows you to timely generate the required set of metrics, which will ensure not only the formation of preventive countermeasures, but also allow you to assess the current state of the security system as a whole. In addition, it provides the possibility of forming multi-circuit security systems, taking into account the influence (integration) of targeted (mixed) attacks on infrastructure elements, as well as the possibility of their synthesis with social engineering methods.

Author Biography

Kyrylo Bondarenko, National Technical University "Kharkiv Polytechnic Institute"

PhD student, National Technical University "Kharkiv polytechnic institute"

References

Список джерел

Yevseiev S., Zviertseva N., Pribyliev Y., Lezik O., Komisarenko O., Nalyvaiko A., Pogorelov V., Katsalap V., Husarova I. Development of the concept for determining the level of critical business processes security. Eastern-European Journal of Enterprise Technologies. 2023. Vol. 1/9. No. 121. P. 21–40. DOI: 10.15587/1729-4061.2023.274301

Blazquez-Gartfa, A., Conde A., Mori U., Lozano J. A review on outlier/anomaly detection in time series data, ACM Comput. Surv. 2021. Vol. 54. No. 3. DOI: http://dx.doi.org/10.1145/3444690.

Arif I., Ackovska N. IoT aided smart home architecture for anomaly detection, in: Data Science and Internet of Things: Research and Applications at the Intersection of DS and IoT. Springer International Publishing, Cham. 2021. P. 1-19. DOI: http://dx.doi.org/10.1007/978-3-030-67197-6_1.

Lin X., Yeh E., Lin P. Anomaly detection for IoT systems, in: Encyclopedia of Wireless Networks. Springer International Publishing, Cham. 2020. P. 18-20. DOI: http://dx.doi.org/10.1007/978-3-319-78262-1_183.

Pei J., Zhong K., Jan M., Li J. RETRACTED: Personalized federated learning framework for network traffic anomaly detection. Computer Networks. 2022. Vol. 209, P. 1389-1286. DOI: https://doi.org/10.1016/j.comnet.2022.108906.

Fahim M., Sillitti A. Anomaly detection, analysis and prediction techniques in IoT environment: A systematic literature review. IEEE Access 7. 2019. P. 81664-81681. DOI: http://dx.doi.org/10.1109/ACCESS.2019.2921912.

Cook A., Misirli G., Fan Z. Anomaly detection for loT time-series data: A survey. IEEE Internet Things J. 2020. Vol. 7. No. 7. P. 6481-6494. DOI: http://dx.doi.org/ 10.1109/JIOT.2019.2958185.

O’Reilly C., Gluhak A., Imran M. Distributed anomaly detection using minimum volume elliptical principal component analysis. IEEE Trans. Knowl. 2016. Vol. 28. No. 9. P. 2320-2333. DOI: http://dx.doi.org/10.1109/TKDE.2016.2555804.

Mahajan S., Chen L., Tsai T. Short-term PM2.5 forecasting using exponential smoothing method: a comparative analysis. Sensors. 2018. Vol. 18. No. 10. 3223 р. DOI: http://dx.doi.org/10.3390/s18103223.

Charles, A. Interpreting deep learning: the machine learning rorschach test? 2018. URL: arXiv:1806.00148.

Chen Z., Chen D., Zhang X., Yuan Z., Cheng X. Learning graph structures with transformer for multivariate time series anomaly detection in IoT. IEEE Internet Things J. 2021. No. 1. Р.1-12. DOI: http://dx.doi.org/10.1109/JIOT.2021.3100509

Ukil A., Bandyoapdhyay S., Puri C., Pal A. IoT healthcare analytics: The importance of anomaly detection. 30th International Conference on Advanced Information Networking and Applications. AINA. 2016. P. 994-997. DOI: http://dx.doi.org/10.1109/AINA.2016.158.

Yang K., Kpotufe S., Feamster N. An efficient one-class SVM for anomaly detection in the internet of things. 2021. URL: arXiv:2104.11146.

Dunne M., Gracioli G., Fischmeister S. A comparison of data streaming frameworks for anomaly detection in embedded systems. Proceedings of the 1st International Workshop on Security and Privacy for the Internet-of-Things IoTSec. 2018. Orlando. FL. USA, URL: https://uwaterloo.ca/embedded-software-group/publications/comparison-data-streaming-frameworks-anomaly-detection

Wu D., Jiang Z., Xie X., Wei X., Yu W., Li R. LSTM learning with Bayesian and Gaussian processing for anomaly detection in industrial IoT. IEEE Trans. Ind. Inf. 2020. Vol 16. No 8. P. 5244-5253. DOI: http://dx.doi.org/10.1109/TII.2019.2952917.

Fahim M., Sillitti A. Anomaly detection, analysis and prediction techniques in IoT environment: A systematic literature review. IEEE Access. 2019. Vol. 7. P. 81664-81681. DOI: http://dx.doi.org/10.1109/ACCESS.2019.2921912.

Galvao Y., Albuquerque V., Fernandes B., Valenka M. Anomaly detection in smart houses: Monitoring elderly daily behavior for fall detecting. Latin American Conference on Computational Intelligence. la-CCI. 2017. P. 1-6. DOI: http://dx.doi.org/10.1109/LA- CCI.2017.8285701.

Lu H., Li Y., Mu S., Wang D., Kim H., Serikawa S. Motor anomaly detection for unmanned aerial vehicles using reinforcement learning. IEEE Internet Things J. 2018. Vol. 5. No. 4. P. 2315-2322. DOI: http://dx.doi.org/10.1109/JIOT.2017.2737479.

Nguyen T., Marchal S., Miettinen M., Fereidooni H., Asokan N., Sadeghi A. Diot: A federated self-learning anomaly detection system for loT. 39th International Conference on Distributed Computing Systems. ICDCS. 2019. P. 756-767. DOI: http://dx.doi.org/10.1109/ICDCS.2019.00080.

Alsheikh M., Konieczny L., Prater M., Smith G., Uludag S. State and trends of IoT security: Unequivocal appeal to cybercriminals, onerous to defenders. IEEE Consum. Electr. Mag. 2021. Vol. 1. Р. 1-17. DOI: http://dx.doi.org/10.1109/MCE.2021.3079635.

Munir M., Siddiqui S., Dengel A., Ahmed S. DeepAnT: A deep learning approach for unsupervised anomaly detection in time series. IEEE Access. 2019. Vol. 7. P. 1991-2005. DOI: http://dx.doi.org/10.1109/ACCESS.2018.2886457.

Srikanth P. An efficient approach for clustering and classification for fraud detection using bankruptcy data in IoT environment. Int. J. Inf. Technol. 2021. P. 1-7. URL: https://www.x-mol.net/paper/article/1442394146737025024

Hafeez I., Antikainen M., Ding A., Tarkoma S. IoT-KEEPER: Detecting malicious IoT network activity using online traffic analysis at the edge. IEEE Trans. Netw. Serv. Manag. 2020. Vol. 17. No. 1. P. 45-59. DOI: http://dx.doi.org/10.1109/TNSM.2020.2966951.

Bosman H., Lacca G., Tejada A., Wortche H., Liotta A. Ensembles of incremental learners to detect anomalies in ad hoc sensor networks. Ad Hoc Netw. 2015. No. 35. P. 14-36. DOI: http://dx.doi.org/10.1016/j.adhoc.2015.07.013,

Milov O., Yevseiev S., Opirskyy I., Dunaievska O., Huk O., Pogorelov V., Bondarenko K., Zviertseva N., Yevgen Melenti Y., Tomashevsky B. Development of concepts for the cyber security metrics classification. Eastern-European Journal of Enterprise Technologies. 2022. Vol. 4/4. No. 118. P. 6–18, DOI: https://doi.org/10.15587/1729-4061.2022.263416

References

Yevseiev, S., Zviertseva, N., Pribyliev, Y., Lezik, O., Komisarenko, O., Nalyvaiko, A., Pogorelov, V., Katsalap, V., Husarova, I. (2023), "Development of the concept for determining the level of critical business processes security", Eastern-European Journal of Enterprise Technologies, No. 1/9 (121). P. 21–40. DOI: 10.15587/1729-4061.2023.274301

Blazquez-Gartfa, A., Conde, A., Mori, U., Lozano, J. (2021), "A review on outlier/anomaly detection in time series data", ACM Comput, No. 54 (3). DOI: http://dx.doi.org/10.1145/3444690.

Arif, I., Ackovska, N. (2021), "IoT aided smart home architecture for anomaly detection, in: Data Science and Internet of Things: Research and Applications at the Intersection of DS and IoT", Springer International Publishing, Cham, P. 1-19. DOI: http://dx.doi.org/10.1007/978-3-030-67197-6_1.

Lin, X., Yeh, E., Lin, P. (2020), "Anomaly detection for IoT systems, in: Encyclopedia of Wireless Networks", Springer International Publishing, Cham, P. 18-20. DOI: http://dx.doi.org/10.1007/978-3-319-78262-1_183.

Pei, J., Zhong, K., Jan, M., Li, J. (2022), "RETRACTED: Personalized federated learning framework for network traffic anomaly detection", Computer Networks, Vol. 209, 108906, ISSN 1389-1286. DOI: https://doi.org/10.1016/j.comnet.2022.108906.

Fahim, M., Sillitti, A. (2019), "Anomaly detection, analysis and prediction techniques in IoT environment: A systematic literature review", IEEE Access No.7, P. 81664-81681. DOI: http://dx.doi.org/10.1109/ACCESS.2019.2921912.

Cook, A., Misirli, G., Fan, Z. (2020), "Anomaly detection for loT time-series data: A survey", IEEE Internet Things J., Vol. 7, No. 7, P. 6481-6494. DOI: http://dx.doi.org/ 10.1109/JIOT.2019.2958185.

O’Reilly, C., Gluhak, A., A. Imran, M. (2016), "Distributed anomaly detection using minimum volume elliptical principal component analysis", IEEE Trans. Knowl, Vol. 28, No. 9, P. 2320-2333. DOI: http://dx.doi.org/10.1109/TKDE.2016.2555804.

Mahajan, S., Chen, L., Tsai, T. (2018), "Short-term PM2.5 forecasting using exponential smoothing method: a comparative analysis", Sensors, Vol. 18, No. 10. 3223 р. DOI: http://dx.doi.org/10.3390/s18103223.

Charles, A. (2018), "Interpreting deep learning: the machine learning rorschach test?" available at: arXiv:1806.00148.

Chen, Z., Chen, D., Zhang, X., Yuan, Z., Cheng, X. (2021), "Learning graph structures with transformer for multivariate time series anomaly detection in IoT", IEEE Internet Things J. No. 1. Р.1-12. DOI: http://dx.doi.org/10.1109/JIOT.2021.3100509.

Ukil, A., Bandyoapdhyay, S., Puri, C., Pal, A. (2016), "IoT healthcare analytics: The importance of anomaly detection, in: 2016 IEEE", 30th International Conference on Advanced Information Networking and Applications, AINA, P. 994-997. DOI: http://dx.doi.org/10.1109/AINA.2016.158.

Yang, K., Kpotufe, S., Feamster, N. (2021), "An efficient one-class SVM for anomaly detection in the internet of things", available at: arXiv:2104.11146.

Dunne, M., Gracioli, G., Fischmeister, S. (2018), "A comparison of data streaming frameworks for anomaly detection in embedded systems", Proceedings of the, available at: https://uwaterloo.ca/embedded-software-group/publications/comparison-data-streaming-frameworks-anomaly-detection

Wu, D., Jiang, Z., Xie, X., Wei, X., Yu, W., Li, R. (2020), "LSTM learning with Bayesian and Gaussian processing for anomaly detection in industrial IoT", IEEE Trans, Vol. 16, No. 8, P. 5244-5253. DOI: http://dx.doi.org/10.1109/TII.2019.2952917.

Fahim, M., Sillitti, A. (2019), "Anomaly detection, analysis and prediction techniques in IoT environment: A systematic literature review", IEEE Access No. 7, P. 81664-81681. DOI: http://dx.doi.org/10.1109/ACCESS.2019.2921912.

Galvao, Y., Albuquerque, V., Fernandes, B., Valenka, M. (2017), "Anomaly detection in smart houses: Monitoring elderly daily behavior for fall detecting", IEEE Latin American Conference on Computational Intelligence, la-CCI, P. 1-6. DOI: http://dx.doi.org/10.1109/LA- CCI.2017.8285701.

Lu, H., Li, Y., Mu, S., Wang, D., Kim, H., Serikawa, S. (2018), "Motor anomaly detection for unmanned aerial vehicles using reinforcement learning", IEEE Internet Things J., Vol. 5, No. 4, P. 2315-2322. DOI: http://dx.doi.org/10.1109/JIOT.2017.2737479.

Nguyen, T., Marchal S., Miettinen, M., Fereidooni, H., Asokan, N., Sadeghi, A. "Diot: A federated self-learning anomaly detection system for loT", 39th International Conference on Distributed Computing Systems, ICDCS, P. 756-767. DOI: http://dx.doi.org/10.1109/ICDCS.2019.00080.

Alsheikh, M., Konieczny, L., Prater, M., Smith, G., Uludag, S. "State and trends of IoT security: Unequivocal appeal to cybercriminals, onerous to defenders", IEEE Consum. Electr. Mag. Vol. 1, Р. 1-17. DOI: http://dx.doi.org/10.1109/MCE.2021.3079635.

Munir, M., Siddiqui, S., Dengel, A., Ahmed, S. (2019), "DeepAnT: A deep learning approach for unsupervised anomaly detection in time series", IEEE Access, Vol. 7, P. 1991-2005. DOI: http://dx.doi.org/10.1109/ACCESS.2018.2886457.

Srikanth, P. (2021), "An efficient approach for clustering and classification for fraud detection using bankruptcy data in IoT environment", Int. J. Inf. Techno., , available at: https://www.x-mol.net/paper/article/1442394146737025024

Hafeez, I., Antikainen, M., Ding, A., Tarkoma, S. (2020), “IoT-KEEPER: Detecting malicious IoT network activity using online traffic analysis at the edge”, IEEE Trans. Netw. Serv. Manag, Vol. 17, No. 1, P. 45-59. DOI: http://dx.doi.org/10.1109/TNSM.2020.2966951.

Bosman, H., Lacca, G., Tejada, A., Wortche, H., Liotta, A. (2015), "Ensembles of incremental learners to detect anomalies in ad hoc sensor networks", Ad Hoc Netw., No. 35, P. 14-36. DOI: http://dx.doi.org/10.1016/j.adhoc.2015.07.013.

Milov, O., Yevseiev, S., Opirskyy, I., Dunaievska, O., Huk, O., Pogorelov, V., Bondarenko, K., Zviertseva, N., Melenti, Y., Tomashevsky, B. (2022), "Development of concepts for the cyber security metrics classification", Eastern-European Journal of Enterprise Technologies. Vol. 4/4, No. 118, P. 6–18, DOI: https://doi.org/10.15587/1729-4061.2022.263416

Downloads

Published

2023-12-27

How to Cite

Bondarenko, K. (2023). Analysis and selection of relevant network anomaly detection metrics. INNOVATIVE TECHNOLOGIES AND SCIENTIFIC SOLUTIONS FOR INDUSTRIES, (4(26), 145–157. https://doi.org/10.30837/ITSSI.2023.26.145

Issue

No. 4(26) (2023): Innovative Technologies and Scientific Solutions for Industries

Section

INFORMATION TECHNOLOGY

License

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

Our journal abides by the Creative Commons copyright rights and permissions for open access journals.

Authors who publish with this journal agree to the following terms:

  • Authors hold the copyright without restrictions and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License (CC BY-NC-SA 4.0) that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.

  • Authors are able to enter into separate, additional contractual arrangements for the non-commercial and non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial publication in this journal.

  • Authors are permitted and encouraged to post their published work online (e.g., in institutional repositories or on their website) as it can lead to productive exchanges, as well as earlier and greater citation of published work.