Abstract
Current network access control systems can contain unpredictable interactions between multiple device models, multiple network protocol layers (e.g. TCP, UDP and ICMP), hardware, and clock-skew-specific influences, and cannot detect or identify abnormal behaviours based on the type of device. To complicate things further, the ‘bring your own device’ policy is increasing security threats, vulnerabilities, and risks to enterprise network environments, making intrusion detection and prevention systems unable to detect illegal and unauthorised access to devices in the enterprise network. The consequences can be disastrous. In this light, this work propose a simple but effective clustering approach capable of separating normal and abnormal network traffic patterns to detect such challenges (anomalies). The work in this paper applies this approach to single devices and aggregations of data per device type. Additionally, this work propose plotting the notched box for each cluster to acquire a better understanding of their data distributions and measuring the clusters’ performance using the Adjusted Rand Index. The results show that the proposed method is valid, can be used in several contexts, and features a 95% confidence that most single device and device type distributions overlap, which makes them equivalently usable for anomaly detection purposes.
Original language | English |
---|---|
Title of host publication | 2nd International Conference on Business Analytics for Technology and Security, ICBATS 2023 |
Publisher | IEEE |
Number of pages | 10 |
ISBN (Electronic) | 979-8-3503-3564-4 |
ISBN (Print) | 979-8-3503-3565-1 |
DOIs | |
Publication status | E-pub ahead of print - 15 Mar 2023 |
Event | 2023 International Conference on Business Analytics for Technology and Security (ICBATS) - Dubai, United Arab Emirates Duration: 7 Mar 2023 → 8 Mar 2023 |
Conference
Conference | 2023 International Conference on Business Analytics for Technology and Security (ICBATS) |
---|---|
Abbreviated title | ICBATS |
Country/Territory | United Arab Emirates |
City | Dubai |
Period | 7/03/23 → 8/03/23 |
Keywords
- Data-driven research
- Behaviour Profiling
- Device Fingerprinting
- Network Access Control
- K-Means Clustering
- Anomaly Detection
ASJC Scopus subject areas
- Information Systems and Management
- Artificial Intelligence
- Safety, Risk, Reliability and Quality
- Health Informatics
- Management of Technology and Innovation
- Computer Science Applications
- Statistics, Probability and Uncertainty
- Management Science and Operations Research