• PDF / 2,929,739 Bytes
• 15 Pages / 595.224 x 790.955 pts Page_size
• 35 Downloads / 184 Views

DOWNLOAD

REPORT

Cyber intrusion detection through association rule mining on multi-source logs Ping Lou1,2 · Guantong Lu1,2 · Xuemei Jiang1,2 · Zheng Xiao1,2 · Jiwei Hu1,2 · Junwei Yan1,2 Accepted: 7 October 2020 © Springer Science+Business Media, LLC, part of Springer Nature 2020

Abstract Security logs in cloud environment like intrusion detection system (IDS) logs, firewall logs, and system logs provide historical information describing potential security risks. However, the use of logs for cyber intrusion detection relies heavily on expert knowledge. It is very difficult for the non-expert to identify these intrusion behaviors. This paper proposes a new method for mining association rules from multi-source logs to detect various intrusion behaviors in the cloud computing platform. In this method, a rule base is constructed to detect cyber intrusion. An adaptive approach is used to speed up the calculation of the association rule mining, in which the decision depends on the time complexity of the algorithm. Various cyber-attacks are simulated in the verification experiments which show the calculation speed of the proposed method is faster than other algorithms. Furthermore, compared with other methods, the performance of the proposed intrusion detection method is better than others in term of precision, recall, and f-measure. Keywords Security logs · Association rules · Data mining · Cyber intrusion

1 Introduction With the development of computer network, there are lots of security threats in cyberspace, the various intrusion methods emerge in endlessly, such as DDOS attack, worm virus, brute force, etc. Cloud platform and clusters are increasingly at risk [14]. Global cyber security incidents occurred every month in 2018. In February 2018, an American sports equipment brand found that its health and fitness tracking app MyFitnessPal was hacked and about 150 million users were affected. In March 2018, hackers took advantage of Cisco’s high-risk vulnerability to attack network infrastructure and a number of domestic institutions were caught by this attack. The situation of cyber security is increasingly serious, which prompts the cyber intrusion detection to become a hot research topic in cyber security. At present, there are many types of  Junwei Yan

[email protected] 1

School of Information Engineering, Wuhan University of Technology, Wuhan 430070, China

2

Hubei Key Laboratory of Broadband Wireless Communication and Sensor Networks, Wuhan University of Technology, Wuhan 430070, China

cyber intrusion detection including honeypot data-based [15], network flow-based [30], logs-based [22], and so on. Cloud computing platform provides information about their state and operation in the form of security logs. The security logs (such as IDS logs, firewall logs, system logs, etc.) can not only record the historical information of the system operation, but also monitor the events occurring in the system. Cloud computing platform and system provide information about their state and operation in the form of log records. At pres

Recommend Documents

Association Rule Mining on Streams

226 45 5MB

A Proposal of Rule-Based Hybrid Intrusion Detection System Through Analysis of Rule-Based Supervised Classifiers

186 108 25MB

Association Rule Hiding for Data Mining

228 41 3MB

Association Rule Mining Models and Algorithms

209 69 3MB

Predicting Occupant Locations Using Association Rule Mining

166 89 297KB

Understanding Intrusion Detection Through Visualization

172 19 22MB

Association Rule Mining for Unknown Video Games

178 98 7MB

Intrusion Detection A Data Mining Approach

213 107 5MB

Gender Classification Based on Fingerprint Database Using Association Rule Mining

180 94 34MB

On the Potential of Numerical Association Rule Mining

159 44 80MB

Closed Itemset Mining and Non-redundant Association Rule Mining

179 27 2MB

Analysis of Web Log Mining Based on Association Rule

167 95 48MB