An Approach for Anomaly Detection in Network Communications Using <i>k-Path</i> Analysis
In this paper, we present an innovative approach inspired by the <i>Path-scan</i> model to detect paths with <i>k</i> adjacent edges (<i>k-path</i>) exhibiting unusual behavior (synonymous with anomaly) within network communications. This work is motivated by the...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2024-07-01
|
| Series: | Journal of Cybersecurity and Privacy |
| Subjects: | |
| Online Access: | https://www.mdpi.com/2624-800X/4/3/22 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1850260772302618624 |
|---|---|
| author | Mamadou Kasse Rodolphe Charrier Alexandre Berred Cyrille Bertelle Christophe Delpierre |
| author_facet | Mamadou Kasse Rodolphe Charrier Alexandre Berred Cyrille Bertelle Christophe Delpierre |
| author_sort | Mamadou Kasse |
| collection | DOAJ |
| description | In this paper, we present an innovative approach inspired by the <i>Path-scan</i> model to detect paths with <i>k</i> adjacent edges (<i>k-path</i>) exhibiting unusual behavior (synonymous with anomaly) within network communications. This work is motivated by the challenge of identifying malicious activities carried out in vulnerable <i>k-path</i> in a small to medium-sized computer network. Each observed edge (time series of the number of events or the number of packets exchanged between two computers in the network) is modeled using the three-state observed Markov model, as opposed to the <i>Path-scan</i> model which uses a two-state model (active state and inactive state), to establish baselines of behavior in order to detect anomalies. This model captures the typical behavior of network communications, as well as patterns of suspicious activity, such as those associated with brute force attacks. We take a perspective by analyzing each vulnerable <i>k-path</i>, enabling the accurate detection of anomalies on the <i>k-path</i>. Using this approach, our method aims to enhance the detection of suspicious activities in computer networks, thus providing a more robust and accurate solution to ensure the security of computer systems. |
| format | Article |
| id | doaj-art-300dc6ce6cda436683dc96aa52f36c93 |
| institution | OA Journals |
| issn | 2624-800X |
| language | English |
| publishDate | 2024-07-01 |
| publisher | MDPI AG |
| record_format | Article |
| series | Journal of Cybersecurity and Privacy |
| spelling | doaj-art-300dc6ce6cda436683dc96aa52f36c932025-08-20T01:55:34ZengMDPI AGJournal of Cybersecurity and Privacy2624-800X2024-07-014344946710.3390/jcp4030022An Approach for Anomaly Detection in Network Communications Using <i>k-Path</i> AnalysisMamadou Kasse0Rodolphe Charrier1Alexandre Berred2Cyrille Bertelle3Christophe Delpierre4Laboratoire d’Informatique, du Traitement de l’Information et des Systèmes, UFR Sciences and Technology, University of Le Havre, 25 rue Philippe Lebon, 76058 Le Havre Cedex, FranceLaboratoire d’Informatique, du Traitement de l’Information et des Systèmes, UFR Sciences and Technology, University of Le Havre, 25 rue Philippe Lebon, 76058 Le Havre Cedex, FranceLaboratoire de Mathématiques Appliquées du Havre, UFR Sciences and Technology, University of Le Havre, 25 Rue Philippe Lebon, 76063 Le Havre Cedex, FranceLaboratoire d’Informatique, du Traitement de l’Information et des Systèmes, UFR Sciences and Technology, University of Le Havre, 25 rue Philippe Lebon, 76058 Le Havre Cedex, FranceRisk n Tic, 93360 Neuilly Plaisance, FranceIn this paper, we present an innovative approach inspired by the <i>Path-scan</i> model to detect paths with <i>k</i> adjacent edges (<i>k-path</i>) exhibiting unusual behavior (synonymous with anomaly) within network communications. This work is motivated by the challenge of identifying malicious activities carried out in vulnerable <i>k-path</i> in a small to medium-sized computer network. Each observed edge (time series of the number of events or the number of packets exchanged between two computers in the network) is modeled using the three-state observed Markov model, as opposed to the <i>Path-scan</i> model which uses a two-state model (active state and inactive state), to establish baselines of behavior in order to detect anomalies. This model captures the typical behavior of network communications, as well as patterns of suspicious activity, such as those associated with brute force attacks. We take a perspective by analyzing each vulnerable <i>k-path</i>, enabling the accurate detection of anomalies on the <i>k-path</i>. Using this approach, our method aims to enhance the detection of suspicious activities in computer networks, thus providing a more robust and accurate solution to ensure the security of computer systems.https://www.mdpi.com/2624-800X/4/3/22cybersecuritycyberattacksMarkovian modelgeneralized maximum likelihood ratiocomputer networksnetwork traffic |
| spellingShingle | Mamadou Kasse Rodolphe Charrier Alexandre Berred Cyrille Bertelle Christophe Delpierre An Approach for Anomaly Detection in Network Communications Using <i>k-Path</i> Analysis Journal of Cybersecurity and Privacy cybersecurity cyberattacks Markovian model generalized maximum likelihood ratio computer networks network traffic |
| title | An Approach for Anomaly Detection in Network Communications Using <i>k-Path</i> Analysis |
| title_full | An Approach for Anomaly Detection in Network Communications Using <i>k-Path</i> Analysis |
| title_fullStr | An Approach for Anomaly Detection in Network Communications Using <i>k-Path</i> Analysis |
| title_full_unstemmed | An Approach for Anomaly Detection in Network Communications Using <i>k-Path</i> Analysis |
| title_short | An Approach for Anomaly Detection in Network Communications Using <i>k-Path</i> Analysis |
| title_sort | approach for anomaly detection in network communications using i k path i analysis |
| topic | cybersecurity cyberattacks Markovian model generalized maximum likelihood ratio computer networks network traffic |
| url | https://www.mdpi.com/2624-800X/4/3/22 |
| work_keys_str_mv | AT mamadoukasse anapproachforanomalydetectioninnetworkcommunicationsusingikpathianalysis AT rodolphecharrier anapproachforanomalydetectioninnetworkcommunicationsusingikpathianalysis AT alexandreberred anapproachforanomalydetectioninnetworkcommunicationsusingikpathianalysis AT cyrillebertelle anapproachforanomalydetectioninnetworkcommunicationsusingikpathianalysis AT christophedelpierre anapproachforanomalydetectioninnetworkcommunicationsusingikpathianalysis AT mamadoukasse approachforanomalydetectioninnetworkcommunicationsusingikpathianalysis AT rodolphecharrier approachforanomalydetectioninnetworkcommunicationsusingikpathianalysis AT alexandreberred approachforanomalydetectioninnetworkcommunicationsusingikpathianalysis AT cyrillebertelle approachforanomalydetectioninnetworkcommunicationsusingikpathianalysis AT christophedelpierre approachforanomalydetectioninnetworkcommunicationsusingikpathianalysis |