Online and Early Detection of Network Attacks using Matrix Profile
Abstract
In the digital age, the increasing sophistication and variety of cyber threats highlight the importance of strengthening cybersecurity to protect current networks. This study proposes an approach for the early detection of attacks, using the Matrix Profile (MP) technique to analyze network data streams as time series in an online manner. This method focuses on identifying anomalies in the network as early indicators of network attacks, addressing the limitations of existing Machine Learning systems that predominantly rely on offline training and struggle to recognize patterns of new or untrained attacks. Our proposal was evaluated in various attack scenarios, demonstrating superior performance metrics compared to traditional methods such as CUSUM, EWMA, and ARIMA.References
Abreu, D. and Abelém, A. (2022). Ominacs: Online ml-based iot network attack detection and classification system. In 2022 IEEE Latin-American Conference on Communications (LATINCOM), pages 1–6. IEEE.
Abreu, D. M., Carvalho, I. F., Abelém, A. J. G., Menasché, D. S., Leão, R. M. M., and Silva, E. S. (2020). Seleção de características por clusterização para melhorar a detecção de ataques de rede. In Anais do XXXVIII Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos, pages 295–308. SBC.
Ahmad, R., Alsmadi, I., Alhamdani, W., and Tawalbeh, L. (2023). Zero-day attack detection: a systematic literature review. Artificial Intelligence Review, pages 1–79.
Alotaibi, F. and Lisitsa, A. (2021). Matrix profile for ddos attacks detection. In 2021 16th Conference on Computer Science and Intelligence Systems (FedCSIS), pages 357–361. IEEE.
Alzahrani, M. A., Alzahrani, A. M., and Siddiqui, M. S. (2022). Detecting ddos attacks in iot-based networks using matrix profile. Applied Sciences, 12(16):8294.
Anton, S. D. D., Hafner, A., and Schotten, H. D. (2019). Devil in the detail: Attack scenarios in industrial applications. In 2019 IEEE Security and Privacy Workshops (SPW), pages 169–174. IEEE.
De Neira, A. B., Borges, L. F., de Araújo, A. M., and Nogueira, M. (2023). Engenharia de sinais precoces de alerta para a predição de ataques ddos. In Anais do XXVIII Workshop de Gerência e Operação de Redes e Serviços, pages 139–152. SBC.
Elbez, G., Nahrstedt, K., and Hagenmeyer, V. (2023). Early attack detection for securing goose network traffic. IEEE Transactions on Smart Grid.
Gharghabi, S., Ding, Y., Yeh, C.-C. M., Kamgar, K., Ulanova, L., and Keogh, E. (2017). Matrix profile viii: Domain agnostic online semantic segmentation at superhuman performance levels. In 2017 IEEE International Conference on Data Mining (ICDM), pages 117–126.
Gomes, H. M., Read, J., Bifet, A., Barddal, J. P., and Gama, J. (2019). Machine learning for streaming data: state of the art, challenges, and opportunities. ACM SIGKDD Explorations Newsletter, 21(2):6–22.
He, K., Kim, D. D., and Asghar, M. R. (2023). Adversarial machine learning for network intrusion detection systems: a comprehensive survey. IEEE Communications Surveys & Tutorials.
Jacobs, A. S., Beltiukov, R., Willinger, W., Ferreira, R. A., Gupta, A., and Granville, L. Z. (2022). Ai/ml for network security: The emperor has no clothes. In Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, pages 1537–1551.
Kim, S., Park, K.-J., and Lu, C. (2022). A survey on network security for cyber–physical systems: From threats to resilient design. IEEE Communications Surveys & Tutorials, 24(3):1534–1573.
Lu, W. and Tong, H. (2009). Detecting network anomalies using cusum and em clustering. In Advances in Computation and Intelligence: 4th International Symposium, ISICA 2009 Huangshi, China, Ocotober 23-25, 2009 Proceedings 4, pages 297–308. Springer.
Nascimento, A., Abreu, D., Riker, A., and Abelém, A. (2023). Aid-sdn: Advanced intelligent defense for sdn using p4 and machine learning. In 2023 IEEE Latin-American Conference on Communications (LATINCOM), pages 1–6. IEEE.
Sharafaldin, I., Lashkari, A. H., and Ghorbani, A. A. (2018). Toward generating a new intrusion detection dataset and intrusion traffic characterization. ICISSp, 1:108–116.
Yaacob, A. H., Tan, I. K., Chien, S. F., and Tan, H. K. (2010). Arima based network anomaly detection. In 2010 Second International Conference on Communication Software and Networks, pages 205–209. IEEE.
Yeh, C.-C. M., Kavantzas, N., and Keogh, E. (2017). Matrix profile vi: Meaningful multidimensional motif discovery. In 2017 IEEE international conference on data mining (ICDM), pages 565–574. IEEE.
Yeh, C.-C. M., Zhu, Y., Ulanova, L., Begum, N., Ding, Y., Dau, H. A., Silva, D. F., Mueen, A., and Keogh, E. (2016). Matrix profile i: all pairs similarity joins for time series: a unifying view that includes motifs, discords and shapelets. In 2016 IEEE 16th international conference on data mining (ICDM), pages 1317–1322. Ieee.
Zhou, Z.-G. and Tang, P. (2016). Improving time series anomaly detection based on exponentially weighted moving average (ewma) of season-trend model residuals. In 2016 IEEE International Geoscience and Remote Sensing Symposium (IGARSS), pages 3414–3417. IEEE.
Abreu, D. M., Carvalho, I. F., Abelém, A. J. G., Menasché, D. S., Leão, R. M. M., and Silva, E. S. (2020). Seleção de características por clusterização para melhorar a detecção de ataques de rede. In Anais do XXXVIII Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos, pages 295–308. SBC.
Ahmad, R., Alsmadi, I., Alhamdani, W., and Tawalbeh, L. (2023). Zero-day attack detection: a systematic literature review. Artificial Intelligence Review, pages 1–79.
Alotaibi, F. and Lisitsa, A. (2021). Matrix profile for ddos attacks detection. In 2021 16th Conference on Computer Science and Intelligence Systems (FedCSIS), pages 357–361. IEEE.
Alzahrani, M. A., Alzahrani, A. M., and Siddiqui, M. S. (2022). Detecting ddos attacks in iot-based networks using matrix profile. Applied Sciences, 12(16):8294.
Anton, S. D. D., Hafner, A., and Schotten, H. D. (2019). Devil in the detail: Attack scenarios in industrial applications. In 2019 IEEE Security and Privacy Workshops (SPW), pages 169–174. IEEE.
De Neira, A. B., Borges, L. F., de Araújo, A. M., and Nogueira, M. (2023). Engenharia de sinais precoces de alerta para a predição de ataques ddos. In Anais do XXVIII Workshop de Gerência e Operação de Redes e Serviços, pages 139–152. SBC.
Elbez, G., Nahrstedt, K., and Hagenmeyer, V. (2023). Early attack detection for securing goose network traffic. IEEE Transactions on Smart Grid.
Gharghabi, S., Ding, Y., Yeh, C.-C. M., Kamgar, K., Ulanova, L., and Keogh, E. (2017). Matrix profile viii: Domain agnostic online semantic segmentation at superhuman performance levels. In 2017 IEEE International Conference on Data Mining (ICDM), pages 117–126.
Gomes, H. M., Read, J., Bifet, A., Barddal, J. P., and Gama, J. (2019). Machine learning for streaming data: state of the art, challenges, and opportunities. ACM SIGKDD Explorations Newsletter, 21(2):6–22.
He, K., Kim, D. D., and Asghar, M. R. (2023). Adversarial machine learning for network intrusion detection systems: a comprehensive survey. IEEE Communications Surveys & Tutorials.
Jacobs, A. S., Beltiukov, R., Willinger, W., Ferreira, R. A., Gupta, A., and Granville, L. Z. (2022). Ai/ml for network security: The emperor has no clothes. In Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, pages 1537–1551.
Kim, S., Park, K.-J., and Lu, C. (2022). A survey on network security for cyber–physical systems: From threats to resilient design. IEEE Communications Surveys & Tutorials, 24(3):1534–1573.
Lu, W. and Tong, H. (2009). Detecting network anomalies using cusum and em clustering. In Advances in Computation and Intelligence: 4th International Symposium, ISICA 2009 Huangshi, China, Ocotober 23-25, 2009 Proceedings 4, pages 297–308. Springer.
Nascimento, A., Abreu, D., Riker, A., and Abelém, A. (2023). Aid-sdn: Advanced intelligent defense for sdn using p4 and machine learning. In 2023 IEEE Latin-American Conference on Communications (LATINCOM), pages 1–6. IEEE.
Sharafaldin, I., Lashkari, A. H., and Ghorbani, A. A. (2018). Toward generating a new intrusion detection dataset and intrusion traffic characterization. ICISSp, 1:108–116.
Yaacob, A. H., Tan, I. K., Chien, S. F., and Tan, H. K. (2010). Arima based network anomaly detection. In 2010 Second International Conference on Communication Software and Networks, pages 205–209. IEEE.
Yeh, C.-C. M., Kavantzas, N., and Keogh, E. (2017). Matrix profile vi: Meaningful multidimensional motif discovery. In 2017 IEEE international conference on data mining (ICDM), pages 565–574. IEEE.
Yeh, C.-C. M., Zhu, Y., Ulanova, L., Begum, N., Ding, Y., Dau, H. A., Silva, D. F., Mueen, A., and Keogh, E. (2016). Matrix profile i: all pairs similarity joins for time series: a unifying view that includes motifs, discords and shapelets. In 2016 IEEE 16th international conference on data mining (ICDM), pages 1317–1322. Ieee.
Zhou, Z.-G. and Tang, P. (2016). Improving time series anomaly detection based on exponentially weighted moving average (ewma) of season-trend model residuals. In 2016 IEEE International Geoscience and Remote Sensing Symposium (IGARSS), pages 3414–3417. IEEE.
Published
2024-05-20
How to Cite
ABREU, Diego; ABELÉM, Antônio.
Online and Early Detection of Network Attacks using Matrix Profile. In: BRAZILIAN SYMPOSIUM ON COMPUTER NETWORKS AND DISTRIBUTED SYSTEMS (SBRC), 42. , 2024, Niterói/RJ.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2024
.
p. 211-224.
ISSN 2177-9384.
DOI: https://doi.org/10.5753/sbrc.2024.1304.
