Anomalies Detection and Proactive Defence of Routers Based on Multiple Information Learning
Routers are of great importance in the network that forward the data among the communication devices. If an attack attempts to intercept the information or make the network paralyzed, it can launch an attack towards the router and realize the suspicious goal. Therefore, protecting router security ha...
Main Authors: | , , , |
---|---|
Format: | Article |
Language: | English |
Published: |
MDPI AG
2019-07-01
|
Series: | Entropy |
Subjects: | |
Online Access: | https://www.mdpi.com/1099-4300/21/8/734 |
id |
doaj-cea87fe82d154f9e907985dd33790f93 |
---|---|
record_format |
Article |
spelling |
doaj-cea87fe82d154f9e907985dd33790f932020-11-24T21:34:18ZengMDPI AGEntropy1099-43002019-07-0121873410.3390/e21080734e21080734Anomalies Detection and Proactive Defence of Routers Based on Multiple Information LearningTeng Li0Jianfeng Ma1Yulong Shen2Qingqi Pei3School of Cyber Engineering, Xidian University, Xi’an 710071, ChinaSchool of Cyber Engineering, Xidian University, Xi’an 710071, ChinaSchool of Computer Science, Xidian University, Xi’an 710071, ChinaShaanxi Key Laboratory of BlockChain and Security Computing, Xidian University, Xi’an 710071, ChinaRouters are of great importance in the network that forward the data among the communication devices. If an attack attempts to intercept the information or make the network paralyzed, it can launch an attack towards the router and realize the suspicious goal. Therefore, protecting router security has great importance. However, router systems are notoriously difficult to understand or diagnose for their inaccessibility and heterogeneity. A common way of gaining access to the router system and detecting the anomaly behaviors is to inspect the router syslogs or monitor the packets of information flowing to the routers. These approaches just diagnose the routers from one aspect but do not correlate multiple logs. In this paper, we propose an approach to detect the anomalies and faults of the routers with multiple information learning. First, we do the offline learning to transform the benign or corrupted user actions into the syslogs. Then, we construct the log correlation among different events. During the detection phase, we calculate the distance between the event and the cluster to decide if it is an anomalous event and we use the attack chain to predict the potential threat. We applied our approach in a university network which contains Huawei, Cisco and Dlink routers for three months. We aligned our experiment with former work as a baseline for comparison. Our approach obtained 89.6% accuracy in detecting the attacks, which is 5.1% higher than the former work. The results show that our approach performs in limited time as well as memory usages and has high detection and low false positives.https://www.mdpi.com/1099-4300/21/8/734router securitydata correlationattack detection |
collection |
DOAJ |
language |
English |
format |
Article |
sources |
DOAJ |
author |
Teng Li Jianfeng Ma Yulong Shen Qingqi Pei |
spellingShingle |
Teng Li Jianfeng Ma Yulong Shen Qingqi Pei Anomalies Detection and Proactive Defence of Routers Based on Multiple Information Learning Entropy router security data correlation attack detection |
author_facet |
Teng Li Jianfeng Ma Yulong Shen Qingqi Pei |
author_sort |
Teng Li |
title |
Anomalies Detection and Proactive Defence of Routers Based on Multiple Information Learning |
title_short |
Anomalies Detection and Proactive Defence of Routers Based on Multiple Information Learning |
title_full |
Anomalies Detection and Proactive Defence of Routers Based on Multiple Information Learning |
title_fullStr |
Anomalies Detection and Proactive Defence of Routers Based on Multiple Information Learning |
title_full_unstemmed |
Anomalies Detection and Proactive Defence of Routers Based on Multiple Information Learning |
title_sort |
anomalies detection and proactive defence of routers based on multiple information learning |
publisher |
MDPI AG |
series |
Entropy |
issn |
1099-4300 |
publishDate |
2019-07-01 |
description |
Routers are of great importance in the network that forward the data among the communication devices. If an attack attempts to intercept the information or make the network paralyzed, it can launch an attack towards the router and realize the suspicious goal. Therefore, protecting router security has great importance. However, router systems are notoriously difficult to understand or diagnose for their inaccessibility and heterogeneity. A common way of gaining access to the router system and detecting the anomaly behaviors is to inspect the router syslogs or monitor the packets of information flowing to the routers. These approaches just diagnose the routers from one aspect but do not correlate multiple logs. In this paper, we propose an approach to detect the anomalies and faults of the routers with multiple information learning. First, we do the offline learning to transform the benign or corrupted user actions into the syslogs. Then, we construct the log correlation among different events. During the detection phase, we calculate the distance between the event and the cluster to decide if it is an anomalous event and we use the attack chain to predict the potential threat. We applied our approach in a university network which contains Huawei, Cisco and Dlink routers for three months. We aligned our experiment with former work as a baseline for comparison. Our approach obtained 89.6% accuracy in detecting the attacks, which is 5.1% higher than the former work. The results show that our approach performs in limited time as well as memory usages and has high detection and low false positives. |
topic |
router security data correlation attack detection |
url |
https://www.mdpi.com/1099-4300/21/8/734 |
work_keys_str_mv |
AT tengli anomaliesdetectionandproactivedefenceofroutersbasedonmultipleinformationlearning AT jianfengma anomaliesdetectionandproactivedefenceofroutersbasedonmultipleinformationlearning AT yulongshen anomaliesdetectionandproactivedefenceofroutersbasedonmultipleinformationlearning AT qingqipei anomaliesdetectionandproactivedefenceofroutersbasedonmultipleinformationlearning |
_version_ |
1725950050060730368 |