Acta Informatica Pragensia 2021, 10(1), 75-84 | DOI: 10.18267/j.aip.1472985
Automated Computer Attacks Detection in University Environment
- Faculty of Informatics and Statistics, Prague University of Economics and Business, W. Churchill Sq. 1938/4, 130 67 Prague 3, Czech Republic
Since the massive expansion of the Internet into a commercial world, the security of computer systems has become a priority. There are other areas that see an increase in the inclusion of the Internet, like national governments, hospitals, and university systems. All these systems contain highly sensitive information. In an effort to increase the security of internal data, we propose a novel method for the detection of automated computer attacks. This method was tested on a custom dataset prepared from the logs of the university information system at Prague University of Economics and Business. Two datasets were used. The first dataset contained only simple attacks, while the second one comprised the advanced attacks. The compiled and anonymized datasets were uploaded to BigML framework, where K-means, Isolation Forest and Logistic Regression algorithms were used in order to validate the proposed novel method. Our results showed that the proposed method is viable in cases where the attack volume is high and the time spacing between the actions is similar, which was verified on both tested datasets. It reached the detection rate of 93.57% in the case of simple attacks dataset, and 95.37% in the case of advanced attacks dataset. It reached similar detection rates as other algorithms used in the commercial environment. Based on this project, the proposed method can be implemented into the university information system in order to prevent these types of attacks in the future.
Keywords: Anomaly detection, Machine learning, Automated attacks, University environment.
Received: March 11, 2021; Revised: April 29, 2021; Accepted: May 3, 2021; Prepublished online: May 3, 2021; Published: June 30, 2021 Show citation
References
- Chandrashekhar, A.M. & Raghuveer K. (2012). Performance evaluation of data clustering techniques using KDD Cup-99 Intrusion detection data set. International Journal of Information & Network Security, 1(4), 294-305.
Go to original source...
- Chung, C., Yip, M. G. & Levitt, K. (2000). DEMIDS: A Misuse Detection System for Database Systems. In Integrity and Internal Control in Information Systems: Strategic Views on the Need for Control (pp. 159-178). Springer. https://doi.org/10.1007/978-0-387-35501-6_12
Go to original source...
- Gu, T., Allaukik A., Hao F., Huanle Z., Debraj B. & Prasant M. (2020). Towards Learning-Automation IoT Attack Detection through Reinforcement Learning. ArXiv:2006.15826 [Cs], June 29, 2020. http://arxiv.org/abs/2006.15826.
Go to original source...
- Guha, S., Mishra, N., Roy, G., & Schrijvers, O. (2016). Robust Random Cut Forest Based Anomaly Detection on Streams. In Proceedings of the 33rd International Conference on MachineLearning. JMLR.
- Joshi, S. S., & Phoha V. V. (2005). Investigating Hidden Markov Models Capabilities in Anomaly Detection. In Proceedings of the 43rd Annual Southeast Regional Conference (pp. 98-103). ACM. https://doi.org/10.1145/1167350.1167387
Go to original source...
- Lansley, M., Mouton F., Kapetanakis S., & Polatidis N. (2020). SEADer++: Social Engineering Attack Detection in Online Environments Using Machine Learning. Journal of Information and Telecommunication, 4(3), 346-362. https://doi.org/10.1080/24751839.2020.1747001
Go to original source...
- Lin, W.-C., Ke, S.-W., & Tsai, C.-F. (2015). CANN: An intrusion detection system based on combining cluster centers and nearest neighbors. Knowledge-Based Systems, 78, 13-21. https://doi.org/10.1016/j.knosys.2015.01.009
Go to original source...
- Liu, F. T., Ting, K. M., & Zhou, Z. (2008). Isolation Forest. In Proceedings of the Eighth IEEE International Conference on Data Mining, (pp. 413-422). IEEE. https://doi.org/10.1109/ICDM.2008.17
Go to original source...
- Seong, K. D., Nguyen, H., Ohn S., & Park J. S. (2005). Fusions of GA and SVM for Anomaly Detection in Intrusion Detection System. In: Advances in Neural Networks (pp. 415-420). Springer. https://doi.org/10.1007/11427469_67
Go to original source...
- Sperandei, S. (2014). Understanding Logistic Regression Analysis. Biochemia Medica, 24(1), 12-18. https://doi.org/10.11613/BM.2014.003
Go to original source...
- Stamp, M. (2018). Introduction to machine learning with applications in information security. CRC Press.
Go to original source...
- Tavallaee, M., Bagheri, E., Lu, W., & Ghorbani, A. A. (2009). A Detailed Analysis of the KDD CUP 99 Data Set. In Proceedings of the IEEE Symposium on Computational Intelligence for Security and Defense Applications. IEEE. https://doi.org/10.1109/CISDA.2009.5356528
Go to original source...
- Tsigkritis, T., Groumas, G., & Schneider, M. (2018). On the Use of k-NN in Anomaly Detection. Journal of Information Security, 9(1), 70-84. https://doi.org/10.4236/jis.2018.91006
Go to original source...
- Udhani, S., Alexander W., & Masooda B. (2019). Human vs Bots: Detecting Human Attacks in a Honeypot Environment. In Proceedings of the 7th International Symposium on Digital Forensics and Security. IEEE. https://doi.org/10.1109/ISDFS.2019.8757534
Go to original source...
- Wu, W., Alvarez, J., Liu, C., & Sun, H.-M. (2016). Bot detection using unsupervised machine learning. Microsystem Technologies, 24(1), 209-217. https://doi.org/10.1007/s00542-016-3237-0
Go to original source...
- Zhengxim, C. (2001). Data Mining and Uncertain Reasoning: An integrated approach. Willey.
This is an open access article distributed under the terms of the Creative Commons Attribution 4.0 International License (CC BY 4.0), which permits use, distribution, and reproduction in any medium, provided the original publication is properly cited. No use, distribution or reproduction is permitted which does not comply with these terms.