A novel approach for graph-based real-time anomaly detection from dynamic network data listened by Wireshark

Muhammed Onur Kaya; Mehmet Ozdem; Resul Das

doi:10.4108/eetinis.v12i2.7616

Authors

Muhammed Onur Kaya Fırat University https://orcid.org/0009-0004-6313-2278
Mehmet Ozdem Türk Telekom (Turkey) https://orcid.org/0000-0002-2901-2342
Resul Das Fırat University https://orcid.org/0000-0002-6113-4649

DOI:

https://doi.org/10.4108/eetinis.v12i2.7616

Keywords:

Cyber Attacks, Information Security, Graph Visualization, Temporal Dynamic Networks, Wireshark

Abstract

This paper presents a novel approach for real-time anomaly detection and visualization of dynamic network data using Wireshark, globally's most widely utilized network analysis tool. As the complexity and volume of network data continue to grow, effective anomaly detection has become essential for maintaining network performance and enhancing security. Our method leverages Wireshark’s robust data collection and analysis capabilities to identify anomalies swiftly and accurately. In addition to detection, we introduce innovative visualization techniques that facilitate the intuitive representation of detected anomalies, allowing network administrators to comprehend network conditions and make informed decisions quickly. The results of our study demonstrate significant improvements in both the efficacy of anomaly detection and the practical applicability of visualization tools in real-time scenarios. This research contributes valuable insights into network security and management, highlighting the importance of integrating advanced analytical methods with effective visualization strategies to enhance the overall management of dynamic networks.

Downloads

Download data is not yet available.

References

[1] M. Lv, C. Dong, T. Chen, T. Zhu, Q. Song, and Y. Fan, “A heterogeneous graph learning model for cyber-attack detection,” 2021.

[2] X. Li, G. Xu, W. Lian, H. Xian, L. Jiao, and Y. Huang, “Multi-layer network local community detection based on influence relation,” IEEE Access, vol. 7, pp. 89 051–89 062, 2019, conference Name: IEEE Access. [Online]. Available: https://ieeexplore.ieee.org/ document/8733023?denied= DOI: https://doi.org/10.1109/ACCESS.2019.2921571

[3] M. T. Alam, D. Bhusal, Y. Park, and N. Rastogi, “Looking beyond iocs: automatically extracting attack patterns from external cti,” Jul. 2023, arXiv:2211.01753 [cs]. [Online]. Available: http://arxiv.org/abs/2211.01753 DOI: https://doi.org/10.1145/3607199.3607208

[4] T. Li, Y. Jiang, C. Lin, M. S. Obaidat, Y. Shen, and J. Ma, “DeepAG: Attack graph construction and threats prediction with bi-directional deep learning,” IEEE Trans. Dependable and Secure Comput., vol. 20, no. 1, pp. 740–757, Jan. 2023. [Online]. Available: https://ieeexplore.ieee.org/document/9684707/ DOI: https://doi.org/10.1109/TDSC.2022.3143551

[5] M. Baykara and R. Daş, “SoftSwitch: a centralized honeypot-based security approach usingsoftwaredefined switching for secure management of vlan networks,” Turk J Elec Eng & Comp Sci, vol. 27, no. 5, pp. 3309–3325, Sep. 2019. [Online]. Available: https://journals.tubitak.gov.tr/elektrik/vol27/iss5/4 [6] M. Husak, J. Komarkova, E. Bou-Harb, and P. Celeda, “Survey of attack projection, prediction, and forecasting in cyber security,” IEEE Commun. Surv. Tutorials, vol. 21, no. 1, pp. 640–660, 2019. [Online]. Available: https://ieeexplore.ieee.org/document/8470942/ DOI: https://doi.org/10.1109/COMST.2018.2871866

[7] J. Zhao, M. Shao, H. Wang, X. Yu, B. Li, and X. Liu, “Cyber threat prediction using dynamic heterogeneous graph learning,” Knowledge-Based Systems, vol. 240, p. 108086, 2022. [Online]. Available: https://sciencedirect. DOI: https://doi.org/10.1016/j.knosys.2021.108086

com/science/article/pii/S0950705121011564

[8] H. Chen, G. Chen, E. Blasch, M. Kruger, and I. Sityar, “Analysis and visualization of large complex attack graphs for networks security,” Proc SPIE, pp. 657 004–657 004, Apr. 2007. DOI: https://doi.org/10.1117/12.720035

[9] T. Long, Q. Gao, L. Xu, and Z. Zhou, “A survey on adversarial attacks in computer vision: Taxonomy, visualization and future directions,” Computers & Security, vol. 121, p. 102847, Oct. 2022. [Online]. Available: https://www.sciencedirect.com/science/article/pii/S0167404822002413 DOI: https://doi.org/10.1016/j.cose.2022.102847

[10] U. Banerjee, A. Vashishtha, and S. Mukul, “Evaluation of the capabilities of wireshark as a tool for intrusion detection,” International Journal of Computer Applications, vol. 6, Sep. 2010. DOI: https://doi.org/10.5120/1092-1427

[11] F. L. Aryeh, B. K. Alese, and O. Olasehinde, “Graphical analysis of captured network packets for detection of suspicious network nodes,” in 2020 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA). Dublin, Ireland: IEEE, Jun. 2020, pp. 1–5. [Online]. Available: https://ieeexplore.ieee.org/document/9139672/ DOI: https://doi.org/10.1109/CyberSA49311.2020.9139672

[12] S. Paakala, “Integrating open threat exchange data in a security operations center.”

[13] R. Das and M. Soylu, “A key review on graph data science: The power of graphs in scientific studies,” Chemometrics and Intelligent Laboratory Systems, vol. 240, no. 104896, Jun. DOI: https://doi.org/10.1016/j.chemolab.2023.104896

2023. [Online]. Available: https://www.sciencedirect.com/science/article/pii/S0169743923001466

[14] S.-Y. Ji, B.-K. Jeong, and D. H. Jeong, “Evaluating visualization approaches to detect abnormal activities in network traffic data,” Int. J. Inf. Secur., vol. 20, no. 3, pp. 331–345, Jun. 2021. [Online]. Available: https://doi.org/10.1007/s10207-020-00504-9 DOI: https://doi.org/10.1007/s10207-020-00504-9

[15] J.-C. Liu, C.-T. Yang, Y.-W. Chan, E. Kristiani, and W.-J. Jiang, “Cyberattack detection model using deep learning in a network log system with data visualization,” J Supercomput, vol. 77, no. 10, pp. 10 984–11 003, Oct. 2021. [Online]. Available: https://doi.org/10.1007/s11227-021-03715-6 DOI: https://doi.org/10.1007/s11227-021-03715-6

[16] J. Chen, D. Zhang, Z. Ming, K. Huang, W. Jiang, and C. Cui, “GraphAttacker: A general multi-task graph attack framework,” IEEE Trans. Netw. Sci. Eng., vol. 9, no. 2, pp. 577–595, Mar. 2022. [Online]. Available: https://ieeexplore.ieee.org/document/9613779/ DOI: https://doi.org/10.1109/TNSE.2021.3127557

[17] Y. A. Farrukh, I. Khan, S. Wali, D. Bierbrauer, J. A. Pavlik, and N. D. Bastian, “Payload-byte: A tool for extracting and labeling packet capture files of modern network intrusion detection datasets,” in 2022 IEEE/ACM International Conference on Big Data Computing, Applications and Technologies (BDCAT), Dec. 2022, pp. 58–67. [Online]. Available: https: //ieeexplore.ieee.org/abstract/document/10062281 [18] B. Dodiya and U. Singh, “Malicious traffic analysis using wireshark by collection of indicators of compromise,”International Journal of Computer Applications, vol. 183, pp. 975–8887, Feb. 2022. DOI: https://doi.org/10.1109/BDCAT56447.2022.00015

[19] Q. Zheng, S. Tang, B. Chen, and Z. Zhu, “Highlyefficient and adaptive network monitoring: When int meets segment routing,” IEEE Trans. Netw. Serv. Manage., vol. 18, no. 3, pp. 2587–2597, Sep. 2021. [Online]. Available: https://ieeexplore.ieee.org/document/9387410/ DOI: https://doi.org/10.1109/TNSM.2021.3069000

[20] I. Sembiring, Suharyadi, A. Iriani, J. V. B. Ginting, and J. A. Ginting, “A novel approach to network forensic analysis: Combining packet capture data and social network analysis,” International Journal of Advanced Computer Science and Applications, vol. 14, no. 3, 2023, place: West Yorkshire, United Kingdom Publisher: Science and Information (SAI) Organization Limited. [Online]. Available: DOI: https://doi.org/10.14569/IJACSA.2023.0140353

https://www.proquest.com/docview/2807223019/abstract/7CD772056BFE4A45PQ/1

[21] M. Z. Nicanor, “A comparison between text, parquet, and pcap formats for use in distributed network flow analysis on hadoop,”JACN, pp. 59–64, 2017. [Online]. Available: http://www.jacn.net/index.php?m=content&c=index&a=show&catid=51&id=299 DOI: https://doi.org/10.18178/JACN.2017.5.2.241

[22] P. Boniol and T. Palpanas, “Series2Graph: Graphbased subsequence anomaly detection for time series,” Proc. VLDB Endow., vol. 13, no. 12, pp. 1821–1834, Aug. 2020, arXiv:2207.12208 [cs]. [Online]. Available: http://arxiv.org/abs/2207.12208 DOI: https://doi.org/10.14778/3407790.3407792

[23] Y. Dong, R. Wang, and J. He, “Real-time network intrusion detection system based on deep learning,” in 2019 IEEE 10th International Conference on Software Engineering and Service Science (ICSESS). Beijing, China: IEEE, Oct. 2019, pp. 1–4. [Online]. Available:https://ieeexplore.ieee.org/document/9040718/ DOI: https://doi.org/10.1109/ICSESS47205.2019.9040718

[24] T. S. Rajput, K. Maheshwar, and T. Jain, “Research paper: Voip packet analyzer for detecting threats in sip network: International journal of advanced research in computer science,” International Journal of Advanced Research in Computer Science, vol. 8, no. 9, pp. 613–618, Dec. 2017, publisher: International Journal of Advanced Research in Computer Science. [Online]. Available: https://search.ebscohost.com/login.aspx?direct=true&db=obo&AN=128762614&lang=tr&site=ehost-live DOI: https://doi.org/10.26483/ijarcs.v8i9.5167

[25] H. Kim, B. S. Lee, W.-Y. Shin, and S. Lim, “Graph anomaly detection with graph neural networks: Current status and challenges,” IEEE Access, vol. 10, pp. 111 820–111 829, 2022, conference Name: IEEE Access. [Online]. Available: https://ieeexplore.ieee.org/document/9906987/?arnumber=9906987 DOI: https://doi.org/10.1109/ACCESS.2022.3211306

[26] X. Ma, J. Wu, S. Xue, J. Yang, C. Zhou, Q. Z. Sheng, H. Xiong, and L. Akoglu, “A comprehensive survey on graph anomaly detection with deep learning,”IEEE Transactions on Knowledge and Data Engineering, vol. 35, no. 12, pp. 12 012–12 038, Dec. 2023, conference DOI: https://doi.org/10.1109/TKDE.2021.3118815

Name: IEEE Transactions on Knowledge and Data Engineering. [Online]. Available: https://ieeexplore.ieee.org/document/9565320/?arnumber=9565320 [27] J. Scott-Brown and B. Bach, “Netpanorama: A declarative grammar for network construction, transformation, and visualization,” Oct. 2023, arXiv:2310.18902 [cs]. [Online]. Available: http://arxiv.org/abs/2310.18902

[28] Y. Wu, H.-N. Dai, and H. Tang, “Graph neural networks for anomaly detection in Industrial internet of things,”IEEE Internet of Things Journal, vol. 9, no. 12, pp. 9214–9231, Jun. 2022, conference Name: IEEE Internet of Things Journal. [Online]. Available: https://ieeexplore.ieee.org/document/9471816/?arnumber=9471816 DOI: https://doi.org/10.1109/JIOT.2021.3094295

[29] M. Sülü and R. Daş, “Graph visualization of cyber threat intelligence data for analysis of cyber attacks,” Balkan Journal of Electrical and Computer Engineering, vol. 10, no. 3, pp. 300–306, Jul. 2022. [Online]. Available: http://dergipark.org.tr/en/doi/10.17694/bajece.1090145 DOI: https://doi.org/10.17694/bajece.1090145

[30] M. Baykara and R. Das, “A novel honeypot based security approach for real-time intrusion detection and prevention systems,” Journal of Information Security and Applications, vol. 41, pp. 103–116, Aug. 2018. [Online]. Available: https://www.sciencedirect.com/science/article/pii/S2214212616303295 [31] L. Cai, Z. Chen, C. Luo, J. Gui, J. Ni, D. Li, and H. Chen, “Structural temporal graph neural networks for anomaly detection in dynamic graphs,” May 2020, arXiv:2005.07427 [cs, stat]. [Online]. Available: http://arxiv.org/abs/2005.07427 DOI: https://doi.org/10.1016/j.jisa.2018.06.004

[32] T. Pourhabibi, K.-L. Ong, B. H. Kam, and Y. L. Boo, “Fraud detection: A systematic literature review of graph-based anomaly detection approaches,” Decision Support Systems, vol. 133, p. 113303, Jun. 2020. [Online]. Available: https://www.sciencedirect.com/ DOI: https://doi.org/10.1016/j.dss.2020.113303

science/article/pii/S0167923620300580