A Dynamic Mechanism for Network Anomaly Detection Based on Local Outlier Factor and MUD
Abstract
We witness daily the occurrence of cyberspace attacks that are increasingly sophisticated and difficult to identify. Distributed Denial of Service (DDoS) attacks are characterized by the ability to make a system unavailable by interrupting services to legitimate users. This article presents a dynamic mechanism for detecting anomalies in the network based on the manufacturer usage description (MUD) associated with the LOF (local outlier factor) machine learning algorithm. Based on the theory of early warning signals (EWS), the results indicate that the mechanism can predict and detect anomalous traffic on the network with accuracy and specificity above 90%.
References
Breunig, M. M., Kriegel, H.-P., Ng, R. T., and Sander, J. (2000). Lof: Identifying density-based local outliers. In ACM SIGMOD Record.
Dunbar, L., Lear, E., Droms, R., and Romascanu, D. (2019). Manufacturer usage description specification. RFC 8520, RFC Editor.
Gonçalves, D., Kfouri, G., Dutra, B., Alencastro, J., Filho, F., Martins, L., Albuquerque, R., and de Sousa Junior, R. (2019). Arquitetura de IPS para redes IoT sobrepostas em SDN. In Anais do XIX SBSeg, pages 309–322.
Griffioen, H. and Doerr, C. (2020). Examining mirai’s battle over the internet of things. In Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, pages 743–756.
Jia, Y., Zhong, F., Alrawais, A., Gong, B., and Cheng, X. (2020). FlowGuard: An intelligent edge defense mechanism against IoT DDoS attacks. IEEE Internet of Things Journal, 7(10):9552–9562.
Kang, H., Ahn, D. H., Lee, G. M., Yoo, J. D., Park, K. H., and Kim, H. K. (2019). IoT network intrusion dataset. DOI: 10.21227/q70p-q449.
Maciel, R. d. S. (2018). Avaliação do impacto de ataques ddos e malware: uma abordagem baseada em árvore de ataque. Master’s thesis, Universidade Federal de Pernambuco.
Mazhar, N., Salleh, R., Zeeshan, M., Hameed, M. M., and Khan, N. (2021). R-IDPS: Real time SDN based IDPS system for IoT security. In IEEE HONET 2021, pages 71–76.
Mirdula and Roopa (2023). MUD enabled deep learning framework for anomaly detection in IoT integrated smart building. e-Prime - Advances in Electrical Engineering, Electronics and Energy, 5:100186.
Morgese Zangrandi, L., van Ede, T., Booij, T., Sciancalepore, S., Allodi, L., and Continella, A. (2022). Stepping out of the MUD: Contextual thr information for IoT devices with manufacturer-provided behavior profiles. In Proceedings of ACSAC ’22. ACM.
Pelloso, M., Vergütz, A., Santos, A., and Nogueira, M. (2018). Um sistema autoadaptável para predição de ataques DDoS fundado na teoria da metaestabilidade. In Anais do XXXVI SBRC, pages 726–739, Porto Alegre, RS, Brasil. SBC.
Sapienza, A., Bessi, A., Damodaran, S., Shakarian, P., Lerman, K., and Ferrara, E. (2017). Early warnings of cyber threats in online discussions. In 2017 Annual Computer Security Applications Conference (ICDMW), pages 667–674.
Tang, M., Alazab, M., Luo, Y., and Donlon, M. (2018). Disclosure of cyber security vulnerabilities: time series modelling. International Journal of Electronic Security and Digital Forensics, 10(3):255–275.
Woolf, N. (2016). DDoS attack that disrupted internet was largest of its kind in history, experts say. The Guardian, 26.
Yan, X. and Zhang, J. Y. (2013). Early detection of cyber security threats using structured behavior modeling. ACM Transactions on Information and System Security, 5(10).
Zangrandi, L., van Ede, T., Booij, T., Sciancalepore, S., Allodi, L., and Continella, A. (2022). MUDscope dataset. DOI: 10.5281/zenodo.7182597.
Dunbar, L., Lear, E., Droms, R., and Romascanu, D. (2019). Manufacturer usage description specification. RFC 8520, RFC Editor.
Gonçalves, D., Kfouri, G., Dutra, B., Alencastro, J., Filho, F., Martins, L., Albuquerque, R., and de Sousa Junior, R. (2019). Arquitetura de IPS para redes IoT sobrepostas em SDN. In Anais do XIX SBSeg, pages 309–322.
Griffioen, H. and Doerr, C. (2020). Examining mirai’s battle over the internet of things. In Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, pages 743–756.
Jia, Y., Zhong, F., Alrawais, A., Gong, B., and Cheng, X. (2020). FlowGuard: An intelligent edge defense mechanism against IoT DDoS attacks. IEEE Internet of Things Journal, 7(10):9552–9562.
Kang, H., Ahn, D. H., Lee, G. M., Yoo, J. D., Park, K. H., and Kim, H. K. (2019). IoT network intrusion dataset. DOI: 10.21227/q70p-q449.
Maciel, R. d. S. (2018). Avaliação do impacto de ataques ddos e malware: uma abordagem baseada em árvore de ataque. Master’s thesis, Universidade Federal de Pernambuco.
Mazhar, N., Salleh, R., Zeeshan, M., Hameed, M. M., and Khan, N. (2021). R-IDPS: Real time SDN based IDPS system for IoT security. In IEEE HONET 2021, pages 71–76.
Mirdula and Roopa (2023). MUD enabled deep learning framework for anomaly detection in IoT integrated smart building. e-Prime - Advances in Electrical Engineering, Electronics and Energy, 5:100186.
Morgese Zangrandi, L., van Ede, T., Booij, T., Sciancalepore, S., Allodi, L., and Continella, A. (2022). Stepping out of the MUD: Contextual thr information for IoT devices with manufacturer-provided behavior profiles. In Proceedings of ACSAC ’22. ACM.
Pelloso, M., Vergütz, A., Santos, A., and Nogueira, M. (2018). Um sistema autoadaptável para predição de ataques DDoS fundado na teoria da metaestabilidade. In Anais do XXXVI SBRC, pages 726–739, Porto Alegre, RS, Brasil. SBC.
Sapienza, A., Bessi, A., Damodaran, S., Shakarian, P., Lerman, K., and Ferrara, E. (2017). Early warnings of cyber threats in online discussions. In 2017 Annual Computer Security Applications Conference (ICDMW), pages 667–674.
Tang, M., Alazab, M., Luo, Y., and Donlon, M. (2018). Disclosure of cyber security vulnerabilities: time series modelling. International Journal of Electronic Security and Digital Forensics, 10(3):255–275.
Woolf, N. (2016). DDoS attack that disrupted internet was largest of its kind in history, experts say. The Guardian, 26.
Yan, X. and Zhang, J. Y. (2013). Early detection of cyber security threats using structured behavior modeling. ACM Transactions on Information and System Security, 5(10).
Zangrandi, L., van Ede, T., Booij, T., Sciancalepore, S., Allodi, L., and Continella, A. (2022). MUDscope dataset. DOI: 10.5281/zenodo.7182597.
Published
2024-05-20
How to Cite
VENCESLAU, Franklin A. M.; MONTEIRO, José A. Suruagy.
A Dynamic Mechanism for Network Anomaly Detection Based on Local Outlier Factor and MUD. In: BRAZILIAN SYMPOSIUM ON COMPUTER NETWORKS AND DISTRIBUTED SYSTEMS (SBRC), 42. , 2024, Niterói/RJ.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2024
.
p. 1120-1133.
ISSN 2177-9384.
DOI: https://doi.org/10.5753/sbrc.2024.1550.
