Application of Association Rule Mining in Preventing Cyberattacks

Mironeanu, Cătălin; Archip, Alexandru; Atomei, Georgiana

doi:10.2478/bipie-2021-0020

Abstract

Designing a security solution should rely on having a good knowledge of the protected assets and better develop active responses rather than focus on reactive ones. We argue and prove that malicious activities such as vulnerabilities exploitation and (D)DoS on Web applications can be detected during their respective initial phases. While they may seem distinct, both attack scenarios are observable through abnormal access patterns. Following on this remark, we first analyze Web access logs using association rule mining techniques and identify these malicious traces. This new description of the historical data is then correlated with Web site structure information and mapped over trie data structures. The resulted trie is then used for every new incoming request and we thus identify whether the access pattern is legitimate or not. The results we obtained using this proactive approach show that the potential attacker is denied the required information for orchestrating successful assaults.

References

Agrawal R., Srikant R., Fast Algorithms for Mining Association Rules in Large Databases, In Proceedings of the 20^th International Conference on Very Large Data Bases, VLDB ’94, Morgan Kaufmann Publishers Inc, San Francisco, CA, USA, 487-499.
Search in Google Scholar Back to article
Barrett M., Framework for Improving Critical Infrastructure Cybersecurity Version 1.1, NIST Cybersecurity Framework, 2018 (available online, https://doi.org/10.6028/NIST.CSWP.04162018, last accessed: October 2021).
Search in Google Scholar Back to article
Dasgupta D., Akhtar Z., Sen S., Machine Learning in Cybersecurity: A Comprehensive Survey, The Journal of Defense Modeling and Simulation: Applications, Methodology, Technology, 19, 1, 57-106 (2020).10.1177/1548512920951275
Search in Google Scholar Back to article
Dean J., Ghemawat S., MapReduce: Simplified Data Processing on Large Clusters, Commun. Association for Computing Machinery, New York, NY, USA, 51, 1, 107-113 (2008).10.1145/1327452.1327492
Search in Google Scholar Back to article
Fielding R.T., Reschke J., Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content, RFC 7231, ISSN: 2070-1721, June 2014.10.17487/rfc7231
Search in Google Scholar Back to article
Han J., Kamber M., Pei J., Data Mining: Concepts and Techniques, ITPro Collection, Morgan Kaufmann Series in Data Management Systems, Morgan Kaufmann Publishers, 3^rd Edition, 2012.
Search in Google Scholar Back to article
Hutchins E., Cloppert M., Amin R., Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains, Proceedings of the 6^th International Conference on I-Warfare and Security, Washington, DC, USA, 17–18 March 2011, 113-125.
Search in Google Scholar Back to article
Jin Z., Cui Y., Yan Z., Survey of Intrusion Detection Methods Based on Data Mining Algorithms, In Proceedings of the 2019 International Conference on Big Data Engineering (BDE 2019). Association for Computing Machinery, New York, NY, USA, 98-106.10.1145/3341620.3341632
Search in Google Scholar Back to article
Johannes U., Who Is Hunting for Your IPTV Set-Top Box?, SANS ISC InfoSec Forums, 2021 (available online: https://isc.sans.edu/forums/diary/Who+Is+Hunting+For+Your+IPTV+SetTop+Box/27912/, last accessed: October 2021)
Search in Google Scholar Back to article
Jost R., WordPress Plugin Secure Copy Content Protection and Content Locking 2.8.1 - SQL-Injection (Unauthenticated) - CVE 2021-24931, Exploit Database, 2021 (available online: https://www.exploit-db.com/exploits/50733, last accessed: December 2021).
Search in Google Scholar Back to article
Kabanda G., Performance of Machine Learning and other Artificial Intelligence Paradigms in Cybersecurity, Oriental Journal of Computer Science and Technology, 13, 1, 1–21 (2020).10.13005/ojcst13.01.01
Search in Google Scholar Back to article
La Rocca M., Advanced Algorithms and Data Structures, Manning Publications, 173-217, 2021.
Search in Google Scholar Back to article
Lee W., Stolfo S.J., Data-Mining Approaches for Intrusion Detection. In 7^th USENIX Security Symposium, SSYM’98, USENIX Association, Berkeley, CA, USA, 1998, volume 7, 6–21.
Search in Google Scholar Back to article
Lee W., Stolfo S.J., Mok K.W, Algorithms for Mining System Audit Data, In data-mining, Rough Sets and Granular Computing; Physica-Verlag GmbH: Heidelberg, Germany, 2002, 166-189 (2002).10.1007/978-3-7908-1791-1_8
Search in Google Scholar Back to article
Lee W., Applying Data-Mining to Intrusion Detection: The Quest for Automation, Efficiency, and Credibility, SIGKDD Explor. 2002, 4, 35–42.10.1145/772862.772868
Search in Google Scholar Back to article
Li N., Zeng L., He Q., Shi Z., Parallel Implementation of Apriori Algorithm Based on MapReduce, 2012 13^th ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing, 08-10 August 2012, Kyoto, Japan, 236–241.10.1109/SNPD.2012.31
Search in Google Scholar Back to article
Mao W., Guo W., An Improved Association Rules Mining Algorithm Based on Power Set and Hadoop, 2013 International Conference on Information Science and Cloud Computing Companion, 07-08 December 2013, Guangzhou, China, 236-241.10.1109/ISCC-C.2013.39
Search in Google Scholar Back to article
Mironeanu C., Archip A., Amarandei C.M., Craus M., Experimental Cyber Attack Detection Framework, Electronics, 10, 14:1682 (2021).10.3390/electronics10141682
Search in Google Scholar Back to article
Mironeanu C., Prevenirea atacurilor cibernetice cu tehnici de data mining, Teza de doctorat, Universitatea Tehnică “Gheorghe Asachi” din Iaşi, 2021.
Search in Google Scholar Back to article
Pols P., The Unified Kill Chain - Designing a Unified Kill Chain for Analyzing, Comparing and Defending Against Cyber Attacks, MSc. Degree Thesis, Delft University of Technology, 2017.
Search in Google Scholar Back to article
Schneier B., The Process of Security, 2000 (available online: https://www.schneier.com/essays/archives/2000/04/the_process_of_secur.html, last accessed: October 2021).
Search in Google Scholar Back to article
Sfakianakis A., Douligeris C., Marinos L., Lourenço M., Raghimi O., ENISA Threat Landscape Report 2018, Report O.1.2.1, European Union Agency for Network and Information Security, Heraklion, Greece, 47-53.
Search in Google Scholar Back to article
Shustin R., We Decide What You See: Remote Code Execution on a Major IPTV Platform, Check Point Research, 2019 (available online: https://research.checkpoint.com/2019/we-decide-what-you-see-remote-code-execution-on-a-major-iptv-platform/, last accessed: October 2021).
Search in Google Scholar Back to article
Widup S., Pinto A., Hylender C.D., Basset. G., Langlois P., Verizon Data Breach Investigations Report, Verizon USA, 2021 (available online: https://www.verizon.com/business/resources/reports/dbir/, last accessed: October 2021).10.1016/S1361-3723(21)00061-0
Search in Google Scholar Back to article
**_* Apache Hadoop, https://hadoop.apache.org/, last visit on October 2021.
Search in Google Scholar Back to article