More Web Proxy on the site http://driver.im/

research-article

Behavior-Based Outlier Detection for Network Access Control Systems

Authors:

Musa Abubakar Muhammad,

Isabel WagnerAuthors Info & Claims

ICFNDS '19: Proceedings of the 3rd International Conference on Future Networks and Distributed Systems

Article No.: 14, Pages 1 - 6

https://doi.org/10.1145/3341325.3342004

Published: 01 July 2019 Publication History

Abstract

Network Access Control (NAC) systems manage the access of new devices into enterprise networks to prevent unauthorised devices from attacking network services. The main difficulty with this approach is that NAC cannot detect abnormal behaviour of devices connected to an enterprise network. These abnormal devices can be detected using outlier detection techniques. Existing outlier detection techniques focus on specific application domains such as fraud, event or system health monitoring. In this paper, we review attacks on Bring Your Own Device (BYOD) enterprise networks as well as existing clustering-based outlier detection algorithms along with their limitations. Importantly, existing techniques can detect outliers, but cannot detect where or which device is causing the abnormal behaviour. We develop a novel behaviour-based outlier detection technique which detects abnormal behaviour according to a device type profile. Based on data analysis with K-means clustering, we build device type profiles using Clustering-based Multivariate Gaussian Outlier Score (CMGOS) and filter out abnormal devices from the device type profile. The experimental results show the applicability of our approach as we can obtain a device type profile for five dell-netbooks, three iPads, two iPhone 3G, two iPhones 4G and Nokia Phones and detect outlying devices within the device type profile.

References

[1]

Mennatallah Amer, Markus Goldstein, and Slim Abdennadher. 2013. Enhancing One-class Support Vector Machines for Unsupervised Anomaly Detection. In Proceedings of the ACM SIGKDD Workshop on Outlier Detection and Description (ODD '13). ACM, New York, NY, USA, 8--15.

Digital Library

[2]

Sandhya Aneja, Nagender Aneja, and Md Shohidul Islam. 2018. IoT Device Fingerprint using Deep Learning. In 2018 IEEE International Conference on Internet of Things and Intelligence System (IOTAIS). IEEE, 174--179.

[3]

Varun Chandola, Arindam Banerjee, and Vipin Kumar. 2009. Anomaly Detection: A Survey. ACM Comput. Surv. 41, 3, Article 15 (July 2009), 58 pages.

Digital Library

[4]

Gurjeet Singh Dhillon. 2017. Vulnerabilities & Attacks in Mobile Adhoc Networks (MANET). International Journal of Advanced Research in Computer Science 8, 4 (2017).

[5]

Xuemei Ding, Yuhua Li, Ammar Belatreche, and Liam P Maguire. 2014. An experimental evaluation of novelty detection methods. Neurocomputing 135 (2014), 313--327.

Digital Library

[6]

Lian Duan, Lida Xu, Ying Liu, and Jun Lee. 2009. Cluster-based outlier detection. Annals of Operations Research 168, 1 (01 Apr 2009), 151--168.

[7]

Eleazar Eskin, Andrew Arnold, Michael Prerau, Leonid Portnoy, and Sal Stolfo. 2002. A geometric framework for unsupervised anomaly detection. In Applications of data mining in computer security. Springer, 77--101.

[8]

M. Eslahi, M. V. Naseri, H. Hashim, N. M. Tahir, and E. H. M. Saad. 2014. BYOD: Current state and security challenges. In Computer Applications and Industrial Electronics (ISCAIE), 2014 IEEE Symposium on. 189--192.

[9]

Markus Goldstein and Seiichi Uchida. 2016. A Comparative Evaluation of Unsupervised Anomaly Detection Algorithms for Multivariate Data. PLOS ONE 11, 4 (04 2016), 1--31.

[10]

Zengyou He, Xiaofei Xu, and Shengchun Deng. 2003. Discovering cluster-based local outliers. Pattern Recognition Letters 24, 9 (2003), 1641--1650. http://www.sciencedirect.com/science/article/pii/S0167865503000035

Digital Library

[11]

Dongwan Kang, Joohyung Oh, and Chaetae Im. 2014. Context based smart access control on BYOD environments. In International Workshop on Information Security Applications. Springer, 165--176.

[12]

T. Kim and H. Kim. 2015. A system for detection of abnormal behavior in BYOD based on web usage patterns. In Information and Communication Technology Convergence (ICTC), 2015 International Conference on. 1288--1293.

[13]

Merima Kulin, Carolina Fortuna, Eli De Poorter, Dirk Deschrijver, and Ingrid Moerman. 2016. Data-driven design of intelligent wireless networks: An overview and tutorial. Sensors 16, 6 (2016), 790.

[14]

Fudong Li, Nathan Clarke, Maria Papadaki, and Paul Dowland. 2010. Behaviour profiling on mobile devices. In Emerging Security Technologies (EST), 2010 International Conference on. IEEE, 77--82.

Digital Library

[15]

José María Luna-Romera, Jorge García-Gutiérrez, María Martínez-Ballesteros, and José C Riquelme Santos. 2018. An approach to validity indices for clustering techniques in Big Data. Progress in Artificial Intelligence (2018), 1--14.

[16]

Ingo Mierswa, Michael Wurst, Ralf Klinkenberg, Martin Scholz, and Timm Euler. 2006. YALE: Rapid Prototyping for Complex Data Mining Tasks. In Proceedings of the 12th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (KDD '06). ACM, New York, NY, USA, 935--940.

Digital Library

[17]

Musa Abubakar Muhammad and Aladdin Ayesh. 2019. A Behaviour Profiling Based Technique for Network Access Control Systems. International Journal of Cyber-Security and Digital Forensics (IJCSDF) Vol. 8, No. 1 (2019), 23--30.

[18]

Musa Abubakar Muhammad, Aladdin Ayesh, and Pooneh Bagheri Zadeh. 2017. Developing an Intelligent Filtering Technique for Bring Your Own Device Network Access Control. In Proceedings of the International Conference on Future Networks and Distributed Systems (ICFNDS '17). ACM, Article 46, 8 pages.

Digital Library

[19]

Danny Palmer. 2017. Your failure to apply critical cybersecurity updates is putting your company at risk from the next WannaCry or Petya. (Aug 2017). https://www.zdnet.com/article/your-failure-to-apply-critical-cyber-security-updates-puts-your-company-at-risk-from-the-next/

[20]

Vaishali R Patel and Rupa G Mehta. 2012. Data clustering: integrating different distance measures with modified k-means algorithm. (2012), 691--700.

[21]

Sakthi Vignesh Radhakrishnan, A Selcuk Uluagac, and Raheem Beyah. 2015. GTID: A technique for physical device and device type fingerprinting. IEEE Transactions on Dependable and Secure Computing 12, 5 (2015), 519--532.

Digital Library

[22]

Manmeet Mahinderjit Singh, Soh Sin Siang, Oh Ying San, Nurul Hashimah, Ahamed Hassain Malim, and Azizul Rahman Mohd Shariff. 2014. Security Attacks Taxonomy on Bring Your Own Devices (BYOD) Model. International Journal of Mobile Network Communications & Telematics (IJMNCT) Vol 4 (2014).

[23]

A. Uluagac. 2018. CRAWDAD dataset gatech/fingerprinting (v.2014-06-09). (2018). https://crawdad.org/gatech/fingerprinting/20140609/

[24]

A Selcuk Uluagac, Sakthi V Radhakrishnan, Cherita Corbett, Antony Baca, and Raheem Beyah. 2013. A passive technique for fingerprinting wireless devices with wired-side observations. In Communications and Network Security (CNS), 2013 IEEE Conference on. IEEE, 305--313.

Cited By

Wang C(2024)Theoretical Exploration of Extension Analysis of Network Behavior Information Detection2024 5th International Seminar on Artificial Intelligence, Networking and Information Technology (AINIT)10.1109/AINIT61980.2024.10581747(2133-2137)Online publication date: 29-Mar-2024
https://doi.org/10.1109/AINIT61980.2024.10581747
Eke CNorman AMulenga M(2023)Machine learning approach for detecting and combating bring your own device (BYOD) security threats and attacks: a systematic mapping reviewArtificial Intelligence Review10.1007/s10462-022-10382-356:8(8815-8858)Online publication date: 17-Jan-2023
https://doi.org/10.1007/s10462-022-10382-3
Sun Y(2022)Research on Network Access Control System Model Based on Virtualization Technology2022 Fourth International Conference on Emerging Research in Electronics, Computer Science and Technology (ICERECT)10.1109/ICERECT56837.2022.10059594(1-5)Online publication date: 26-Dec-2022
https://doi.org/10.1109/ICERECT56837.2022.10059594
Show More Cited By

Recommendations

Device-Type Profiling for Network Access Control Systems using Clustering-Based Multivariate Gaussian Outlier Score
ICFNDS '21: Proceedings of the 5th International Conference on Future Networks and Distributed Systems

Behaviour profiling is used in organisations to identify the working patterns of agents: humans or devices. It can be used to detect abnormal patterns of devices in an organisation’s BYOD network to help control network access. Although BYOD offers ...
A Novel Outlier Detection Scheme for Network Intrusion Detection Systems
ISA '08: Proceedings of the 2008 International Conference on Information Security and Assurance (isa 2008)

Network intrusion detection system serves as a second line of defense to intrusion prevention. Anomaly detection approach is important in order to detect new attacks. This paper adopted connectivity-based outlier detection scheme from statistical field ...
Enhancing Outlier Detection by an Outlier Indicator
Machine Learning and Data Mining in Pattern Recognition
Abstract
Outlier detection is an important task in data mining and has high practical value in numerous applications such as astronomical observation, text detection, fraud detection and so on. At present, a large number of popular outlier detection ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

ICFNDS '19: Proceedings of the 3rd International Conference on Future Networks and Distributed Systems

July 2019

346 pages

ISBN:9781450371636

DOI:10.1145/3341325

Copyright © 2019 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

In-Cooperation

CNAM: Conservatoire des Arts et Métiers

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 July 2019

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article
Research
Refereed limited

Conference

ICFNDS '19

ICFNDS '19: 3rd International Conference on Future Networks and Distributed Systems

July 1 - 2, 2019

Paris, France

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

5
Total Citations
View Citations
133
Total Downloads

Downloads (Last 12 months)14
Downloads (Last 6 weeks)2

Reflects downloads up to 04 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Wang C(2024)Theoretical Exploration of Extension Analysis of Network Behavior Information Detection2024 5th International Seminar on Artificial Intelligence, Networking and Information Technology (AINIT)10.1109/AINIT61980.2024.10581747(2133-2137)Online publication date: 29-Mar-2024
https://doi.org/10.1109/AINIT61980.2024.10581747
Eke CNorman AMulenga M(2023)Machine learning approach for detecting and combating bring your own device (BYOD) security threats and attacks: a systematic mapping reviewArtificial Intelligence Review10.1007/s10462-022-10382-356:8(8815-8858)Online publication date: 17-Jan-2023
https://doi.org/10.1007/s10462-022-10382-3
Sun Y(2022)Research on Network Access Control System Model Based on Virtualization Technology2022 Fourth International Conference on Emerging Research in Electronics, Computer Science and Technology (ICERECT)10.1109/ICERECT56837.2022.10059594(1-5)Online publication date: 26-Dec-2022
https://doi.org/10.1109/ICERECT56837.2022.10059594
Muhammad MDaniel Ani UAbdullahi ARadanliev P(2021)Device-Type Profiling for Network Access Control Systems using Clustering-Based Multivariate Gaussian Outlier ScoreProceedings of the 5th International Conference on Future Networks and Distributed Systems10.1145/3508072.3508113(270-279)Online publication date: 15-Dec-2021
https://dl.acm.org/doi/10.1145/3508072.3508113
Eke CNorman Anir A(2021)Bring Your Own Device (BYOD) Security Threats and Mitigation Mechanisms: Systematic Mapping2021 International Conference on Computer Science and Engineering (IC2SE)10.1109/IC2SE52832.2021.9791907(1-10)Online publication date: 16-Nov-2021
https://doi.org/10.1109/IC2SE52832.2021.9791907

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents