Cargando…

Anomalies Detection and Proactive Defence of Routers Based on Multiple Information Learning †

Routers are of great importance in the network that forward the data among the communication devices. If an attack attempts to intercept the information or make the network paralyzed, it can launch an attack towards the router and realize the suspicious goal. Therefore, protecting router security ha...

Descripción completa

Detalles Bibliográficos
Autores principales: Li, Teng, Ma, Jianfeng, Shen, Yulong, Pei, Qingqi
Formato: Online Artículo Texto
Lenguaje:English
Publicado: MDPI 2019
Materias:
Acceso en línea:https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7515263/
https://www.ncbi.nlm.nih.gov/pubmed/33267448
http://dx.doi.org/10.3390/e21080734
_version_ 1783586776780111872
author Li, Teng
Ma, Jianfeng
Shen, Yulong
Pei, Qingqi
author_facet Li, Teng
Ma, Jianfeng
Shen, Yulong
Pei, Qingqi
author_sort Li, Teng
collection PubMed
description Routers are of great importance in the network that forward the data among the communication devices. If an attack attempts to intercept the information or make the network paralyzed, it can launch an attack towards the router and realize the suspicious goal. Therefore, protecting router security has great importance. However, router systems are notoriously difficult to understand or diagnose for their inaccessibility and heterogeneity. A common way of gaining access to the router system and detecting the anomaly behaviors is to inspect the router syslogs or monitor the packets of information flowing to the routers. These approaches just diagnose the routers from one aspect but do not correlate multiple logs. In this paper, we propose an approach to detect the anomalies and faults of the routers with multiple information learning. First, we do the offline learning to transform the benign or corrupted user actions into the syslogs. Then, we construct the log correlation among different events. During the detection phase, we calculate the distance between the event and the cluster to decide if it is an anomalous event and we use the attack chain to predict the potential threat. We applied our approach in a university network which contains Huawei, Cisco and Dlink routers for three months. We aligned our experiment with former work as a baseline for comparison. Our approach obtained 89.6% accuracy in detecting the attacks, which is 5.1% higher than the former work. The results show that our approach performs in limited time as well as memory usages and has high detection and low false positives.
format Online
Article
Text
id pubmed-7515263
institution National Center for Biotechnology Information
language English
publishDate 2019
publisher MDPI
record_format MEDLINE/PubMed
spelling pubmed-75152632020-11-09 Anomalies Detection and Proactive Defence of Routers Based on Multiple Information Learning † Li, Teng Ma, Jianfeng Shen, Yulong Pei, Qingqi Entropy (Basel) Article Routers are of great importance in the network that forward the data among the communication devices. If an attack attempts to intercept the information or make the network paralyzed, it can launch an attack towards the router and realize the suspicious goal. Therefore, protecting router security has great importance. However, router systems are notoriously difficult to understand or diagnose for their inaccessibility and heterogeneity. A common way of gaining access to the router system and detecting the anomaly behaviors is to inspect the router syslogs or monitor the packets of information flowing to the routers. These approaches just diagnose the routers from one aspect but do not correlate multiple logs. In this paper, we propose an approach to detect the anomalies and faults of the routers with multiple information learning. First, we do the offline learning to transform the benign or corrupted user actions into the syslogs. Then, we construct the log correlation among different events. During the detection phase, we calculate the distance between the event and the cluster to decide if it is an anomalous event and we use the attack chain to predict the potential threat. We applied our approach in a university network which contains Huawei, Cisco and Dlink routers for three months. We aligned our experiment with former work as a baseline for comparison. Our approach obtained 89.6% accuracy in detecting the attacks, which is 5.1% higher than the former work. The results show that our approach performs in limited time as well as memory usages and has high detection and low false positives. MDPI 2019-07-26 /pmc/articles/PMC7515263/ /pubmed/33267448 http://dx.doi.org/10.3390/e21080734 Text en © 2019 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/).
spellingShingle Article
Li, Teng
Ma, Jianfeng
Shen, Yulong
Pei, Qingqi
Anomalies Detection and Proactive Defence of Routers Based on Multiple Information Learning †
title Anomalies Detection and Proactive Defence of Routers Based on Multiple Information Learning †
title_full Anomalies Detection and Proactive Defence of Routers Based on Multiple Information Learning †
title_fullStr Anomalies Detection and Proactive Defence of Routers Based on Multiple Information Learning †
title_full_unstemmed Anomalies Detection and Proactive Defence of Routers Based on Multiple Information Learning †
title_short Anomalies Detection and Proactive Defence of Routers Based on Multiple Information Learning †
title_sort anomalies detection and proactive defence of routers based on multiple information learning †
topic Article
url https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7515263/
https://www.ncbi.nlm.nih.gov/pubmed/33267448
http://dx.doi.org/10.3390/e21080734
work_keys_str_mv AT liteng anomaliesdetectionandproactivedefenceofroutersbasedonmultipleinformationlearning
AT majianfeng anomaliesdetectionandproactivedefenceofroutersbasedonmultipleinformationlearning
AT shenyulong anomaliesdetectionandproactivedefenceofroutersbasedonmultipleinformationlearning
AT peiqingqi anomaliesdetectionandproactivedefenceofroutersbasedonmultipleinformationlearning