Analysis of corporate network cyber threats based on parallel processing of Netflow data

Analysis of corporate network cyber threats based on parallel processing of Netflow data

Автор: Kononov D.D., Isaev S.V.

Журнал: Siberian Aerospace Journal @vestnik-sibsau-en

Рубрика: Informatics, computer technology and management

Статья в выпуске: 4 vol.24, 2023 года.

Бесплатный доступ

Public services of various organizations are subject to constant cyber attacks, which increases information security risks. Network traffic analysis is an important task to ensure the safe operation of network infrastructure, including corporate networks. This paper provides an overview of the main approaches for analyzing network traffic, it provides the related work and points out the shortcomings of the existing work. Here is a method is to analyze network traffic data using the Netflow protocol, which allows traffic data to be stored at the L3 layer of the OSI model. A feature of the study is the use of long observation periods. When storing data over long time intervals, the logs become large, which requires parallelization for primary data processing. The authors developed a cross-platform software package for distributed processing of network activity logs, which was used to analyze the network activity of the corporate network of the Krasnoyarsk Scientific Center for 2021–2022. A diagram of the software package is shown, its capabilities and operating features are described. Data sources for analysis and processing methods are provided. In this paper the authors formulated and formalized heuristic criteria for the anomaly of network traffic, which identify the presence of possible network attacks, and extracted datasets on the network activity of various application-level protocols. For the obtained data sets, statistical indicators were calculated, information about anomalous network activity was obtained for two years. In this research, we tested the previously proposed method for comparing the cyber threats risks for different time intervals, which showed a significant increase in risks for 50% of indicators in 2022. Comparisons of monthly intervals over different years showed similar increases in risk. Therefore, the method has shown its efficiency and can be used in other areas in which there are groups of criteria for independent indicators. The authors have proposed plans for further development of methods for analyzing network activity.

Еще

Internet, network security, network traffic analysis, risk assessment, cyber threats, corporate network

Короткий адрес: https://sciup.org/148329709

IDR: 148329709   |   DOI: 10.31772/2712-8970-2023-24-4-663-672

Список литературы Analysis of corporate network cyber threats based on parallel processing of Netflow data

  • Shahid M. R., Blanc G., Zhang Z., Debar H. IoT Devices Recognition Through Network Traffic Analysis. 2018 IEEE International Conference on Big Data (Big Data). 2018, P. 5187–5192.
  • Sairam R., Bhunia S. S., Thangavelu V., Gurusamy M. NETRA: Enhancing IoT security using NFV-based edge traffic analysis. IEEE Sensors Journal. 2019, Vol. 19(12), P. 4660–4671.
  • Holland J., Schmitt P., Mittal P., Feamster N. Towards Reproducible Network Traffic Analysis. arXiv preprint arXiv:2203. 2022, P. 12410.
  • Alqudah N., Yaseen Q. Machine learning for traffic analysis: a review. Procedia Computer Science. 2020, Vol. 170, P. 911–916.
  • Abbasi M., Shahraki A., and Taherkordi A. Deep learning for network traffic monitoring and analysis (NTMA): A survey. Computer Communications. 2021, Vol. 170, P. 19–41.
  • Conti M., Li Q. Q., Maragno A., Spolaor R. The dark side (-channel) of mobile devices: A survey on network traffic analysis. IEEE communications surveys & tutorials. 2018, Vol. 20(4), P. 2658–2713.
  • Taylor V. F., Spolaor R., Conti M., Martinovic I. Robust smartphone app identification via encrypted network traffic analysis. IEEE Transactions on Information Forensics and Security. 2017, Vol. 13(1), P. 63–78.
  • Goldstein M., and Uchida S. A comparative evaluation of unsupervised anomaly detection algorithms for multivariate data. PloS one. 2016, Vol. 11(4), P. e0152173.
  • Garg R., Mukherjee S. A comparative study using supervised learning for anomaly detection in network traffic. Journal of Physics: Conference Series. 2022, Vol. 2161, No. 1, P. 012030.
  • Arunraj N. S., Hable R., Fernandes M., Leidl K., Heigl M. Comparison of supervised, semisupervised and unsupervised learning methods in network intrusion detection system (NIDS) application. Anwendungen und Konzepte der Wirtschaftsinformatik. 2017, No. 6, P. 10–19.
  • Zhang P., Ma W., Qian S. Cluster analysis of day-to-day traffic data in networks. Transportation Research Part C: Emerging Technologies. 2022, Vol. 144, P. 103882.
  • Zhongsheng W., Jianguo W., Sen Y., Jiaqiong G. Retracted: Traffic identification and traffic analysis based on support vector machine. Concurrency and Computation: Practice and Experience. 2020, Vol. 32(2), P. e5292.
  • Gao M., Ma L., Liu H., Zhang Z., Ning Z., Xu J. Malicious network traffic detection based on deep neural networks and association analysis. Sensors. 2020, Vol. 20(5), P. 1452.
  • Vinayakumar R., Soman K. P., Poornachandran P. Evaluation of recurrent neural network and its variants for intrusion detection system (IDS). International Journal of Information System Modeling and Design (IJISMD). 2017, Vol. 8(3), P. 43–63.
  • Wei Y. Z., Md-Arshad M., Samad A. A., Ithnin N. Comparing Malware Attack Detection using Machine Learning Techniques in IoT Network Traffic. International Journal of Innovative Computing. 2023, Vol. 13(1), P. 21–27.
  • Nie L., Jiang D., Lv Z. Modeling network traffic for traffic matrix estimation and anomaly detection based on Bayesian network in cloud computing networks. Annals of Telecommunications. 2017, Vol. 72, P. 297–305.
  • Landoll D. The security risk assessment handbook: A complete guide for performing security risk assessments. CRC Press, 2021.
  • Macek D., Magdalenic I., Redep N. B. A systematic literature review on the application of multicriteria decision making methods for information security risk assessment. International Journal of Safety and Security Engineering. 2020, Vol. 10, No. 2, P. 161–174.
  • Jouini M., Rabai L. B. A. Comparative study of information security risk assessment models for cloud computing systems. Procedia Computer Science. 2016, 83, P. 1084–1089.
  • Haji S., Tan Q., Costa R.S. A hybrid model for information security risk assessment. Int. j. adv. trends comput. sci. eng. 2019, ART-2019-111611.
  • Hu L., Li H., Wei Z., Dong S., Zhang Z. Summary of research on IT network and industrial control network security assessment. 2019 IEEE 3rd information technology, networking, electronic and automation control conference (ITNEC). 2019, P. 1203–1210.
  • Cherdantseva Y., Burnap P., Blyth A., Eden P., Jones K., Soulsby H., Stoddart K. A review of cyber security risk assessment methods for SCADA systems. Computers & security. 2016, Vol. 56, P. 1–27.
  • Mahak M., Singh Y. Threat modelling and risk assessment in internet of things: A review. Proceedings of Second International Conference on Computing, Communications, and Cyber-Security: IC4S 2020. 2021, Springer Singapore, P. 293–305.
  • Lyu X., Ding Y., Yang S. H. Safety and security risk assessment in cyber-physical systems. IET Cyber-Physical Systems: Theory & Applications. 2019, Vol. 4(3), P. 221–232.
  • Isaev S. V., Kononov D. D. A study of dynamics and classification of attacks on corporate network web services. Siberian Aerospace Journal. 2022, Vol. 23, No. 4, P. 593–601.
Еще
Статья научная
QR-код для установки приложения SciUp Наведите камеру и скачайте бесплатное приложение SciUp