An Approach for Anomaly Detection in Network Communications Using <i>k-Path</i> Analysis
In this paper, we present an innovative approach inspired by the <i>Path-scan</i> model to detect paths with <i>k</i> adjacent edges (<i>k-path</i>) exhibiting unusual behavior (synonymous with anomaly) within network communications. This work is motivated by the...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2024-07-01
|
| Series: | Journal of Cybersecurity and Privacy |
| Subjects: | |
| Online Access: | https://www.mdpi.com/2624-800X/4/3/22 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | In this paper, we present an innovative approach inspired by the <i>Path-scan</i> model to detect paths with <i>k</i> adjacent edges (<i>k-path</i>) exhibiting unusual behavior (synonymous with anomaly) within network communications. This work is motivated by the challenge of identifying malicious activities carried out in vulnerable <i>k-path</i> in a small to medium-sized computer network. Each observed edge (time series of the number of events or the number of packets exchanged between two computers in the network) is modeled using the three-state observed Markov model, as opposed to the <i>Path-scan</i> model which uses a two-state model (active state and inactive state), to establish baselines of behavior in order to detect anomalies. This model captures the typical behavior of network communications, as well as patterns of suspicious activity, such as those associated with brute force attacks. We take a perspective by analyzing each vulnerable <i>k-path</i>, enabling the accurate detection of anomalies on the <i>k-path</i>. Using this approach, our method aims to enhance the detection of suspicious activities in computer networks, thus providing a more robust and accurate solution to ensure the security of computer systems. |
|---|---|
| ISSN: | 2624-800X |