research-article

Exploratory and Explanation-Aware Network Intrusion Profiling using Subgroup Discovery and Complex Network Analysis

Authors:

Martin Atzmueller,

Sophia Sylvester,

Rushed KanawatiAuthors Info & Claims

EICC '23: Proceedings of the 2023 European Interdisciplinary Cybersecurity Conference

Pages 153 - 158

https://doi.org/10.1145/3590777.3590803

Published: 14 June 2023 Publication History

Abstract

In this paper, we target the problem of mining descriptive profiles of computer network intrusion attacks. We present an exploratory and explanation-aware approach using subgroup discovery – facilitating human-in-the-loop interaction for guiding the exploration process – since the results of subgroup discovery are inherently interpretable patterns. Furthermore, we explore enriching the feature set describing the network traffic (i. e., exchanged packets) with a new type of features computed on complex networks depicting the interactions among the different involved sites. Complex networks based metrics provide explainable features on the global network level, compared to local features targeted at the local network traffic/packet level. We exemplify the proposed approach using the standard UNSW-NB15 dataset for network intrusion detection.

References

[1]

Leman Akoglu, Hanghang Tong, and Danai Koutra. 2015. Graph Based Anomaly Detection and Description: A Survey. DMKD 29 (2015), 626–688.

Digital Library

[2]

Giovanni Apruzzese, Michele Colajanni, Luca Ferretti, Alessandro Guido, and Mirco Marchetti. 2018. On the Effectiveness of Machine and Deep Learning for Cyber Security. In Proc. International Conference on Cyber Conflict. 371–390.

[3]

Martin Atzmueller. 2015. Subgroup Discovery. WIREs DMKD 5, 1 (2015), 35–49.

[4]

Martin Atzmueller. 2019. Onto Model-based Anomalous Link Pattern Mining on Feature-Rich Social Interaction Networks. In Proc. WWW 2019 (Companion).

Digital Library

[5]

Martin Atzmueller and Rushed Kanawati. 2022. Explainability in Cyber Security Using Complex Network Analysis: A Brief Methodological Overview. In Proc. European Interdisciplinary Cybersecurity Conference(EICC ’22). ACM, 49–52.

Digital Library

[6]

Martin Atzmueller and Florian Lemmerich. 2009. Fast Subgroup Discovery for Continuous Target Concepts. In Proc. ISMIS(LNCS), Vol. 5722. Springer, 1–15.

Digital Library

[7]

Martin Atzmueller and Florian Lemmerich. 2012. VIKAMINE - Open-Source Subgroup Discovery, Pattern Mining, and Analytics. In Proc. ECML/PKDD(LNCS), Vol. 7524. Springer, 842–845.

[8]

Martin Atzmueller and Florian Lemmerich. 2013. Exploratory Pattern Mining on Social Media using Geo-References and Social Tagging Information. International Journal of Web Science 2, 1/2 (2013), 80–112.

[9]

Martin Atzmueller, Florian Lemmerich, Beate Krause, and Andreas Hotho. 2009. Who are the Spammers? Understandable Local Patterns for Concept Description. In Proc. 7th Conference on Computer Methods and Systems. Krakow, Poland.

[10]

Martin Atzmueller and Frank Puppe. 2008. A Case-Based Approach for Characterization and Analysis of Subgroup Patterns. Appl. Intell. 28, 3 (2008), 210–221.

Digital Library

[11]

Martin Atzmueller, Frank Puppe, and Hans-Peter Buscher. 2005. Profiling Examiners using Intelligent Subgroup Mining. In Proc. IDAMAP Workshop. 46–51.

[12]

Roberto Bayardo, Rakesh Agrawal, and Dimitrios Gunopulos. 2000. Constraint-Based Rule Mining in Large, Dense Databases. DMKD 4 (2000), 217–240.

Digital Library

[13]

Carlos Cotrini, Thilo Weghorn, and David Basin. 2018. Mining ABAC Rules from Sparse Logs. In Proc. IEEE European Symp. on Security and Privacy. IEEE, 31–46.

[14]

Reinhard Diestel. 2017. Graph Theory (5 ed.). Springer, Berlin/Heidelberg.

[15]

Abhishek Divekar, Meet Parekh, Vaibhav Savla, Rudra Mishra, and Mahesh Shirole. 2018. Benchmarking Datasets for Anomaly-based Network Intrusion Detection: KDD CUP 99 Alternatives. In Proc. IEEE ICCCS. 1–8.

[16]

Wouter Duivesteijn, Ad J. Feelders, and Arno Knobbe. 2016. Exceptional Model Mining. Data Min. Knowl. Disc. 30, 1 (2016), 47–98.

Digital Library

[17]

Mengtian Gu, Biyu Zhou, Fengyang Du, Xuehai Tang, Wang Wang, Liangjun Zang, Jizhong Han, and Songlin Hu. 2021. Grasp the Key: Towards Fast and Accurate Host-Based Intrusion Detection in Data Centers. In Proc. ICCS. 181–194.

Digital Library

[18]

Swetha Hariharan, Anusha Velicheti, A.S. Anagha, Ciza Thomas, and N. Balakrishnan. 2021. Explainable Artificial Intelligence in Cybersecurity: A Brief Review. In Proc. International Conference on Security and Privacy. 1–12.

[19]

Boryau Hsupeng, Kun-Wei Lee, Te-En Wei, and Shih-Hao Wang. 2022. Explainable Malware Detection Using Predefined Network Flow. In Proc. ICACT. IEEE, 27–33.

[20]

Mouloud Iferroudjene, Corentin Lonjarret, Celine Robardet, Marc Plantevit, and Martin Atzmueller. 2022. Methods for Explaining Top-N Recommendations Through Subgroup Discovery. Data Mining and Knowledge Discovery (2022).

[21]

Mark Kibanov, Martin Atzmueller, Jens Illig, Christoph Scholz, Alain Barrat, Ciro Cattuto, and Gerd Stumme. 2015. Is Web Content a Good Proxy for Real-Life Interaction? A Case Study Considering Online and Offline Interactions of Computer Scientists. In Proc. ASONAM. IEEE, Boston, MA, USA.

Digital Library

[22]

Lyudmyla Kirichenko, Tamara Radivilova, and Anders Carlsson. 2017. Detecting Cyber Threats Through Social Network Analysis: Short Survey. SocioEconomic 1, 1 (2017), 30–34. arXiv:1805.06680

[23]

Willi Klösgen. 2002. Handbook of Data Mining and Knowledge Discovery. Oxford University Press, New York, Chapter 16.3: Subgroup Discovery.

[24]

Arno Knobbe, Bruno Crémilleux, Johannes Fürnkranz, and Martin Scholz. 2008. From Local Patterns to Global Models: the LeGo Approach to Data Mining. From Local Patterns to Global Models: Proc ECML/PKDD LeGo Workshop 8 (2008), 1–16.

[25]

Vito Latoria, Vincenzo Nicosia, and Giovanni Russo. 2017. Complex Networks, Principles, Methods and Applications. Cambridge University press.

[26]

Thi-Thu-Huong Le, Haeyoung Kim, Hyoeun Kang, and Howon Kim. 2022. Classification and Explanation for Intrusion Detection System Based on Ensemble Trees and SHAP Method. Sensors 22, 3 (2022).

[27]

Florian Lemmerich, Martin Becker, and Martin Atzmueller. 2012. Generic Pattern Trees for Exhaustive Exceptional Model Mining. In Proc. ECML/PKDD(LNCS), Vol. 7524. Springer, 277–292.

[28]

Wai Weng Lo, Siamak Layeghy, Mohanad Sarhan, Marcus Gallagher, and Marius Portmann. 2022. E-GraphSAGE: A Graph Neural Network based Intrusion Detection System for IoT. In Proc. IEEE/IFIP Network Operations and Management Symposium. IEEE, 1–9.

Digital Library

[29]

Basim Mahbooba, Mohan Timilsina, Radhya Sahal, and Martin Serrano. 2021. Explainable Artificial Intelligence (XAI) to Enhance Trust Management in Intrusion Detection Systems Using Decision Tree Model. Complexity 2021 (2021).

[30]

Dennis Mollenhauer and Martin Atzmueller. 2020. Sequential Exceptional Pattern Discovery Using Pattern-Growth: An Extensible Framework for Interpretable Machine Learning on Sequential Data. In Proc. International Workshop on Explainable and Interpretable Machine Learning (XI-ML), Vol. 2796. CEUR-WS.org.

[31]

Christoph Molnar, Giuseppe Casalicchio, and Bernd Bischl. 2021. Interpretable Machine Learning–A Brief History, State-of-the-Art and Challenges. In Proc. Workshops ECML/PKDD. Springer, 417–431.

[32]

Nour Moustafa and Jill Slay. 2015. The Significant Features of the UNSW-NB15 and the KDD99 Data Sets for Network Intrusion Detection Systems. In Proc. 4th International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security. 25–31.

[33]

Nour Moustafa and Jill Slay. 2015. UNSW-NB15: A Comprehensive Data Set for Network Intrusion Detection Systems (UNSW-NB15 Network Data Set). In 2015 Military Communications and Information Systems Conference (MilCIS). 1–6.

[34]

John Musgrave, Carla Purdy, Anca L Ralescu, David Kapp, and Temesgen Kebede. 2020. Semantic Feature Discovery of Trojan Malware Using Vector Space Kernels. In Proc. IEEE MWSCAS. IEEE, 494–499.

[35]

Mark Newman. 2010. Networks. Oxford university press.

[36]

Lawrence Page, Sergey Brin, Rajeev Motwani, and Terry Winograd. 1999. The PageRank citation ranking: Bringing order to the web.Technical Report. Stanford.

[37]

Anthony Palladino and Christopher J. Thissen. 2018. Cyber Anomaly Detection Using Graph-node Role-dynamics. Proc. DYnamic and Novel Advances in Machine Learning and Intelligent Cyber Security Workshop (2018). arxiv:cs.CR/1812.02848

[38]

David Pujol-Perich, Jose Suarez-Varela, Albert Cabellos-Aparicio, and Pere Barlet-Ros. 2022. Unveiling the Potential of Graph Neural Networks for Robust Intrusion Detection. SIGMETRICS Perform. Eval. Rev. 49, 4 (jun 2022), 111–117.

Digital Library

[39]

Abel A. Reyes, Francisco D. Vaca, Gabriel A. Castro Aguayo, Quamar Niyaz, and Vijay Devabhaktuni. 2020. A Machine Learning Based Two-Stage Wi-Fi Network Intrusion Detection System. Electronics 9, 10 (2020).

[40]

Markus Ring, Sarah Wunderlich, Deniz Scheuring, Dieter Landes, and Andreas Hotho. 2019. A Survey of Network-based Intrusion Detection Data Sets. Computers & Security 86 (2019), 147–167.

Digital Library

[41]

Francisco Aparecido Rodrigues. 2019. Network Centrality: An Introduction. A Mathematical Modeling Approach from Nonlinear Dynamics to Complex Systems (2019), 177–196.

[42]

Mohanad Sarhan, Siamak Layeghy, and Marius Portmann. 2021. An Explainable Machine Learning-based Network Intrusion Detection System for Enabling Generalisability in Securing IoT Networks. CoRR abs/2104.07183 (2021).

[43]

Jonas Herskind Sejr, Arthur Zimek, and Peter Schneider-Kamp. 2020. Explainable Detection of Zero Day Web Attacks. In Proc. International Conference on Data Intelligence and Security (ICDIS). 71–78.

[44]

Ben Shneiderman. 1996. The Eyes Have It: A Task by Data Type Taxonomy for Information Visualizations. In Proc. IEEE Symposium VL’96. 336–343.

[45]

Simon Vollert, Martin Atzmueller, and Andreas Theissler. 2021. Interpretable Machine Learning: A Brief Survey From the Predictive Maintenance Perspective. In Proc. IEEE ETFA. IEEE, 1–8.

Digital Library

[46]

Maonan Wang, Kangfeng Zheng, Yanqing Yang, and Xiujuan Wang. 2020. An Explainable Machine Learning Framework for Intrusion Detection Systems. IEEE Access 8 (2020), 73127–73141.

[47]

Zhen Yang, Xiaodong Liu, Tong Li, Di Wu, Jinjiang Wang, Yunwei Zhao, and Han Han. 2022. A Systematic Literature Review of Methods and Datasets for Anomaly-based Network Intrusion Detection. Computers & Security 116 (2022).

[48]

Yichi Zhang, Chunhua Yang, Keke Huang, and Yonggang Li. 2022. Intrusion Detection of Industrial Internet-of-Things Based on Reconstructed Graph Neural Networks. IEEE Transactions on Network Science and Engineering (2022), 1–12.

Cited By

Hudson DAtzmueller M(2024)Subgroup Discovery with SD4PyArtificial Intelligence. ECAI 2023 International Workshops10.1007/978-3-031-50396-2_19(338-348)Online publication date: 21-Jan-2024
https://doi.org/10.1007/978-3-031-50396-2_19
Lanfer ESylvester SAschenbruck NAtzmueller M(2023)Leveraging Explainable AI Methods Towards Identifying Classification Issues on IDS Datasets2023 IEEE 48th Conference on Local Computer Networks (LCN)10.1109/LCN58197.2023.10223401(1-4)Online publication date: 2-Oct-2023
https://doi.org/10.1109/LCN58197.2023.10223401

Recommendations

Interactive three-dimensional visualization of network intrusion detection data for machine learning
Abstract
The threat of cyber-attacks is on the rise in the digital world today. As such, effective cybersecurity solutions are becoming increasingly important for detecting and combating cyber-attacks. The use of machine learning techniques for ...
Highlights
- Approach to visualizing network intrusion detection data in 3D for cybersecurity.
Agent-oriented network intrusion detection system using data mining approaches

Most of the existing commercial Network Intrusion Detection System (NIDS) products are signature-based but not adaptive. In this paper, an adaptive NIDS using data mining technology is developed. Data mining approaches are used to accurately capture the ...
An artificial intelligence membrane to detect network intrusion

We propose an artificial intelligence membrane to detect network intrusion, which is analogous to a biological membrane that prevents viruses from entering cells. This artificial membrane is designed to monitor incoming packets and to prevent a ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

EICC '23: Proceedings of the 2023 European Interdisciplinary Cybersecurity Conference

June 2023

205 pages

ISBN:9781450398299

DOI:10.1145/3590777

Copyright © 2023 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 14 June 2023

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

EICC 2023

EICC 2023: European Interdisciplinary Cybersecurity Conference

June 14 - 15, 2023

Stavanger, Norway

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
59
Total Downloads

Downloads (Last 12 months)23
Downloads (Last 6 weeks)2

Reflects downloads up to 28 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Hudson DAtzmueller M(2024)Subgroup Discovery with SD4PyArtificial Intelligence. ECAI 2023 International Workshops10.1007/978-3-031-50396-2_19(338-348)Online publication date: 21-Jan-2024
https://doi.org/10.1007/978-3-031-50396-2_19
Lanfer ESylvester SAschenbruck NAtzmueller M(2023)Leveraging Explainable AI Methods Towards Identifying Classification Issues on IDS Datasets2023 IEEE 48th Conference on Local Computer Networks (LCN)10.1109/LCN58197.2023.10223401(1-4)Online publication date: 2-Oct-2023
https://doi.org/10.1109/LCN58197.2023.10223401

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Figures

Tables

Media

View Table of Conten