An Approach for Anomaly Detection in Network Communications Using <i>k-Path</i> Analysis

In this paper, we present an innovative approach inspired by the <i>Path-scan</i> model to detect paths with <i>k</i> adjacent edges (<i>k-path</i>) exhibiting unusual behavior (synonymous with anomaly) within network communications. This work is motivated by the...

Full description

Saved in:
Bibliographic Details
Main Authors: Mamadou Kasse, Rodolphe Charrier, Alexandre Berred, Cyrille Bertelle, Christophe Delpierre
Format: Article
Language:English
Published: MDPI AG 2024-07-01
Series:Journal of Cybersecurity and Privacy
Subjects:
Online Access:https://www.mdpi.com/2624-800X/4/3/22
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1850260772302618624
author Mamadou Kasse
Rodolphe Charrier
Alexandre Berred
Cyrille Bertelle
Christophe Delpierre
author_facet Mamadou Kasse
Rodolphe Charrier
Alexandre Berred
Cyrille Bertelle
Christophe Delpierre
author_sort Mamadou Kasse
collection DOAJ
description In this paper, we present an innovative approach inspired by the <i>Path-scan</i> model to detect paths with <i>k</i> adjacent edges (<i>k-path</i>) exhibiting unusual behavior (synonymous with anomaly) within network communications. This work is motivated by the challenge of identifying malicious activities carried out in vulnerable <i>k-path</i> in a small to medium-sized computer network. Each observed edge (time series of the number of events or the number of packets exchanged between two computers in the network) is modeled using the three-state observed Markov model, as opposed to the <i>Path-scan</i> model which uses a two-state model (active state and inactive state), to establish baselines of behavior in order to detect anomalies. This model captures the typical behavior of network communications, as well as patterns of suspicious activity, such as those associated with brute force attacks. We take a perspective by analyzing each vulnerable <i>k-path</i>, enabling the accurate detection of anomalies on the <i>k-path</i>. Using this approach, our method aims to enhance the detection of suspicious activities in computer networks, thus providing a more robust and accurate solution to ensure the security of computer systems.
format Article
id doaj-art-300dc6ce6cda436683dc96aa52f36c93
institution OA Journals
issn 2624-800X
language English
publishDate 2024-07-01
publisher MDPI AG
record_format Article
series Journal of Cybersecurity and Privacy
spelling doaj-art-300dc6ce6cda436683dc96aa52f36c932025-08-20T01:55:34ZengMDPI AGJournal of Cybersecurity and Privacy2624-800X2024-07-014344946710.3390/jcp4030022An Approach for Anomaly Detection in Network Communications Using <i>k-Path</i> AnalysisMamadou Kasse0Rodolphe Charrier1Alexandre Berred2Cyrille Bertelle3Christophe Delpierre4Laboratoire d’Informatique, du Traitement de l’Information et des Systèmes, UFR Sciences and Technology, University of Le Havre, 25 rue Philippe Lebon, 76058 Le Havre Cedex, FranceLaboratoire d’Informatique, du Traitement de l’Information et des Systèmes, UFR Sciences and Technology, University of Le Havre, 25 rue Philippe Lebon, 76058 Le Havre Cedex, FranceLaboratoire de Mathématiques Appliquées du Havre, UFR Sciences and Technology, University of Le Havre, 25 Rue Philippe Lebon, 76063 Le Havre Cedex, FranceLaboratoire d’Informatique, du Traitement de l’Information et des Systèmes, UFR Sciences and Technology, University of Le Havre, 25 rue Philippe Lebon, 76058 Le Havre Cedex, FranceRisk n Tic, 93360 Neuilly Plaisance, FranceIn this paper, we present an innovative approach inspired by the <i>Path-scan</i> model to detect paths with <i>k</i> adjacent edges (<i>k-path</i>) exhibiting unusual behavior (synonymous with anomaly) within network communications. This work is motivated by the challenge of identifying malicious activities carried out in vulnerable <i>k-path</i> in a small to medium-sized computer network. Each observed edge (time series of the number of events or the number of packets exchanged between two computers in the network) is modeled using the three-state observed Markov model, as opposed to the <i>Path-scan</i> model which uses a two-state model (active state and inactive state), to establish baselines of behavior in order to detect anomalies. This model captures the typical behavior of network communications, as well as patterns of suspicious activity, such as those associated with brute force attacks. We take a perspective by analyzing each vulnerable <i>k-path</i>, enabling the accurate detection of anomalies on the <i>k-path</i>. Using this approach, our method aims to enhance the detection of suspicious activities in computer networks, thus providing a more robust and accurate solution to ensure the security of computer systems.https://www.mdpi.com/2624-800X/4/3/22cybersecuritycyberattacksMarkovian modelgeneralized maximum likelihood ratiocomputer networksnetwork traffic
spellingShingle Mamadou Kasse
Rodolphe Charrier
Alexandre Berred
Cyrille Bertelle
Christophe Delpierre
An Approach for Anomaly Detection in Network Communications Using <i>k-Path</i> Analysis
Journal of Cybersecurity and Privacy
cybersecurity
cyberattacks
Markovian model
generalized maximum likelihood ratio
computer networks
network traffic
title An Approach for Anomaly Detection in Network Communications Using <i>k-Path</i> Analysis
title_full An Approach for Anomaly Detection in Network Communications Using <i>k-Path</i> Analysis
title_fullStr An Approach for Anomaly Detection in Network Communications Using <i>k-Path</i> Analysis
title_full_unstemmed An Approach for Anomaly Detection in Network Communications Using <i>k-Path</i> Analysis
title_short An Approach for Anomaly Detection in Network Communications Using <i>k-Path</i> Analysis
title_sort approach for anomaly detection in network communications using i k path i analysis
topic cybersecurity
cyberattacks
Markovian model
generalized maximum likelihood ratio
computer networks
network traffic
url https://www.mdpi.com/2624-800X/4/3/22
work_keys_str_mv AT mamadoukasse anapproachforanomalydetectioninnetworkcommunicationsusingikpathianalysis
AT rodolphecharrier anapproachforanomalydetectioninnetworkcommunicationsusingikpathianalysis
AT alexandreberred anapproachforanomalydetectioninnetworkcommunicationsusingikpathianalysis
AT cyrillebertelle anapproachforanomalydetectioninnetworkcommunicationsusingikpathianalysis
AT christophedelpierre anapproachforanomalydetectioninnetworkcommunicationsusingikpathianalysis
AT mamadoukasse approachforanomalydetectioninnetworkcommunicationsusingikpathianalysis
AT rodolphecharrier approachforanomalydetectioninnetworkcommunicationsusingikpathianalysis
AT alexandreberred approachforanomalydetectioninnetworkcommunicationsusingikpathianalysis
AT cyrillebertelle approachforanomalydetectioninnetworkcommunicationsusingikpathianalysis
AT christophedelpierre approachforanomalydetectioninnetworkcommunicationsusingikpathianalysis