No Cover Image

Conference Paper/Proceeding/Abstract 478 views

Data-Driven Design for Anomaly Detection in Network Access Control Systems

Musa Abubakar Muhammad, Fabio Caraffini Orcid Logo, Adebamigbe Fasanmade, Olabayo Ishola, Kabiru Mohammed, Jarrad Morden

2023 International Conference on Business Analytics for Technology and Security (ICBATS)

Swansea University Author: Fabio Caraffini Orcid Logo

  • Accepted Manuscript under embargo until: 30th December 2024

DOI (Published version): 10.1109/icbats57792.2023.10111130

Abstract

Current network access control systems can contain unpredictable interactions between multiple device models, multiple network protocol layers (e.g. TCP, UDP and ICMP), hardware, and clock-skew-specific influences, and cannot detect or identify abnormal behaviours based on the type of device.To comp...

Full description

Published in: 2023 International Conference on Business Analytics for Technology and Security (ICBATS)
ISBN: 979-8-3503-3565-1 979-8-3503-3564-4
Published: IEEE 2023
Online Access: http://dx.doi.org/10.1109/icbats57792.2023.10111130
URI: https://cronfa.swan.ac.uk/Record/cronfa62224
Tags: Add Tag
No Tags, Be the first to tag this record!
Abstract: Current network access control systems can contain unpredictable interactions between multiple device models, multiple network protocol layers (e.g. TCP, UDP and ICMP), hardware, and clock-skew-specific influences, and cannot detect or identify abnormal behaviours based on the type of device.To complicate things further, the ‘bring your own device’ policy is increasing security threats, ulnerabilities, and risks to enterprise network environments, making intrusion detection and prevention systems unable to detect illegal and unauthorised access to devices in the enterprise network. The consequences can be disastrous. In this light, we propose a simple but effective clustering approach capable of separating normal and abnormal network traffic patterns to detect such challenges (anomalies). We apply this approach to single devices and aggregations of data per device type. Additionally, we propose plotting the notched box for each cluster to acquire a better understanding of their data distributions and measuring the clusters’ performance using the Adjusted Rand Index. Our results show that the proposed method is valid, can be used in several contexts, and features a 95%confidence that most single device and device type distributions overlap, which makes them equivalently usable for anomaly detection purposes.
College: Faculty of Science and Engineering

Similar Items