An Incident Management System Design to Protect Critical Infrastructures from Cyber Attacks

Year 2024, Volume: 7 Issue: 2, 60 - 74

Uğur Gürtürk Zeynep Gürkaş Aydın

https://doi.org/10.33187/jmsm.1484997

Abstract

In recent years, there has been a noticeable trend toward targeted threats to information security, where companies are now leveraging vulnerabilities and risks associated with widely used services in order to generate financial gain. Additionally, they implement numerous precautions and consistently carry out their tasks. One item that requires precautionary measures is the network devices utilized. Network devices in computer networks possess the capability to log events. These logs enable the identification of security events on the network and facilitate the implementation of precautionary measures. Various security measures can be implemented to handle such data. One of these measures is Security Information and Event Management (SIEM). It is a system that gathers and analyzes data from networks and security devices. SIEM is a technique employed to consolidate critical information within a cohesive structure. It allows for the correlation of events from different security devices, thereby improving the monitoring capabilities of cybersecurity operations centers. This study extensively covers the critical infrastructure-SIEM relationship, current studies, critical infrastructure, cyber security policies, and SIEM. Our system design was developed using the UNSW_NB15 dataset, a widely recognized dataset in cybersecurity due to its comprehensive and realistic representation of cyber threats. This dataset consists of data obtained from network traffic, various attack activities, and real-life modern normal scenarios, making it particularly relevant to our study. With the studies, a total of 10 different categories were analyzed, with the category consisting of nine types of attacks, namely Analysis, Backdoor, DoS, Exploits, Fuzzers, Generic, Reconnaissance, Shellcode, and Worms and Normal activities. The study is divided into two as the basic structure. The first step was carried out on Google Collaboratory, and then some experimental studies were carried out in Weka. Classifications were made using several methods, including Logistic Regression (LR), Extra Trees (XT), Support Vector Machines (SVM), Random Forest (RF), and Decision Trees (DT). These methods were chosen for their proven effectiveness in similar studies. In the application developed with Google Colabratory, we achieved 98.62% in Random Forest, 99.10% in Decision Trees, 98.87% in Logistic Regression, 95.13% success in Extra Trees and 99.12% success in Support Vector Machines. As a result of the studies and experiments carried out in Weka, we achieved 92.05% in Random Forest, 100% in Decision Trees, 100% in k-Nearest Neighbours, 100% in J48, 99.19% in Naive-Bayes and 99.35% in BayesNet achievements.

Keywords

Critical infrastructures, Cyber security, Information security, Log analysis

References

• [1] Y. Alaca, Yapay ba˘gıs¸ıklık sistemleri ile bilgi g¨uvenli˘gi ve olay y¨onetimi gelis¸tirilmesi, M. Sc. Thesis, Karab¨uk University, 2018.
• [2] E. Yüksel, Experimenting, threat detection and SIEM integration with custom created honeypots, M.Sc. Thesis, Ankara Yıldırım Beyazıt University, 2019.
• [3] S. İşgüzar, Siber aylaklık davranışlarının bir kamu kurumu özelinde incelenmesi: log analizine dayalı bir çalışma, M. Sc. Thesis, Fırat University, 2020.
• [4] F. Akgiş, Anomali tespiti ic¸in log analizi, M. Sc. Thesis, ˙Istanbul University-Cerrahpas¸a, 2021.
• [5] R. Daş, M. Z. Gündüz, Analysis of cyber-attacks in IoT-based critical infrastructures, Int. J. Inf. Sec. Sci., 8(4) (2020), 122-133.
• [6] D. Gökçeoğlu, Güvenlik bilgileri ve olay yönetimi (SIEM)/Log korelasyon kurallarının yazılması, Ph. D. Thesis, Fırat University, 2021.
• [7] H. N. Yerlikaya, Log analysis of a large scale network by using Elastic Stack, M. Sc. Thesis, Bahc¸es¸ehir University, 2020.
• [8] S. Yenal, N. Akdemir, Uluslararası ilişkilerde yeni bir kuvvet çarpani: siber savaşlar üzerine bir vaka analizi, Cankiri Karatekin Univ. J. Inst. Soc. Sci., 11(1) (2020), 414-450.
• [9] S. Moualla, K. Khorzom, A. Jafar, Improving the performance of machine learning-based network intrusion detection systems on the UNSW-NB15 dataset, Comput. Intell. Neurosci. , 1 (2021), 5557577.
• [10] Z. Zoghi, G. Serpen, G., UNSW-NB15 computer security dataset: Analysis through visualization, Secur. Priv. , 7(1) (2024), e331.
• [11] A. M. Aleesa, Y. Mohammed, A. A. Mohammed, N. Sahar, Deep-intrusion detection system with enhanced UNSW-NB15 dataset based on deep learning techniques, J. Eng. Sci. Technol, 16(1) (2021), 711-727.
• [12] G. Kocher, G. Kumar, 2021, Analysis of machine learning algorithms with feature selection for intrusion detection using UNSWNB15 dataset, Int. J. Netw. Secur. Appl., 13(1) (2021).
• [13] G. Mahalakshmi, E. Uma, M. Aroosiya, M. Vinitha, Intrusion detection system using convolutional neural network on UNSW NB15 dataset, Advances in Parallel Computing Technologies and Applications, 2021.
• [14] Abdullah, F. B. Iqbal, S. Biswas, R. Urba, Performance analysis of intrusion detection systems using the PyCaret machine learning library on the UNSW-NB15 dataset, B. Sc. Thesis, Brac University, 2021.
• [15] N. Sharma, N. S. Yadav, S. Sharma, 2021, Classification of UNSW-NB15 dataset using exploratory data analysis using ensemble learning, EAI Endorsed Trans. Ind. Netw. Intell. Syst , 8(29) (2021), e4-e4.
• [16] M. Sarhan, S. Layeghy, M. Portmann, Towards a standard feature set for network intrusion detection system datasets, Mob. Netw. Appl , 27(1) (2022), 357-370.
• [17] Y. Pacheco, W. Sun, Adversarial machine learning: a comparative study on contemporary intrusion detection datasets, Proceedings of the 7th International Conference on Information Systems Security and Privacy (ICISSP 2021), (2021), 160-171.
• [18] I. F. Kilincer, F. Ertam, A. Sengur, Machine learning methods for cyber security intrusion detection: datasets and comparative study, Comput. Netw., 188 (2021), 107840.
• [19] G. S. Kushwah, V. Ranga, Optimized extreme learning machine for detecting DDoS attacks in cloud computing, Computers & Security, 105 (2021), 102260.
• [20] S. Roy, A. Mandal, D. Dey, Intelligent intrusion detection system using supervised learning, AIJR Proceedings, (2021), 25-34.
• [21] M. Ahsan, R. Gomes, M. Chowdhury, K. E. Nygard, Enhancing machine learning prediction in cybersecurity using dynamic feature selector, J. Cybersecur. Priv., 1(1) (2021), 199-218.
• [22] T. S. Pooja, P. Shrinivasacharya, Evaluating neural networks using bi-directional LSTM for network IDS (intrusion detection systems) in cyber security, Global Trans. Proc., 2(2) (2021), 448-454.
• [23] S. Thirimanne, L. Jayawardana, P. Liyanaarachchi, L. Yasakethu, Comparative algorithm analysis for machine learning based intrusion detection system, 10th International Conference on Information and Automation for Sustainability (ICIAFS), (2021), 191-196.
• [24] M. Rani, Effective network intrusion detection by addressing class imbalance with deep neural networks multimedia tools and applications, Multimed. Tools Appl., 81(6)(2022), 8499-8518.
• [25] M. Ozkan-Okay, Ö. Aslan, R. Eryigit, R. Samet, SABADT: hybrid intrusion detection approach for cyber attacks identification in WLAN, IEEE Access, 9 (2021), 157639-157653.
• [26] R. Sekhar, K. Sasirekha, P. S. Raja, K. Thangavel, A novel GPU based intrusion detection system using deep autoencoder with Fruitfly optimization, SN Appl. Sci. , 3(6)(2021), 1-16.
• [27] S. U. Yang, 2021, Research on network malicious behavior analysis based on deep learning, IEEE 5th Advanced Information Technology, Electronic and Automation Control Conference (IAEAC), (2021), 2609-2612.
• [28] H. Han, H. Kim, Y. Kim, 2022, An efficient hyperparameter control method for a network intrusion detection system based on proximal policy optimization, Symmetry, 14(1) (2022), 161.
• [29] K. M. Al-Gethami, M. T. Al-Akhras, M. Alawairdhi, 2021, Empirical evaluation of noise influence on supervised machine learning algorithms using intrusion detection datasets, Secur. Commun. , 2021(1)(2021), 8836057.
• [30] A. Meliboev, J. Alikhanov, W. Kim, Performance evaluation of deep learning based network intrusion detection system across multiple balanced and imbalanced datasets, Electronics, 11(4) (2022), 515.
• [31] O. A. El-Sayed, S. K. Fawzy, S. H. Tolba, R. S. Salem, Y. S. Hassan, A. M. Ahmed, A. Khattab, Deep learning framework for accurate network intrusion detection in ITSs, 2021 International Conference on Microelectronics (ICM), (2021), 212-215.
• [32] S. Kim, L. Chen, J. Kim, Intrusion prediction using long short-term memory deep learning with UNSW-NB15, 2021 IEEE/ACIS 6th International Conference on Big Data, Cloud Computing and Data Science (BCD), (2021), 53-59.
• [33] Z. Hossain, M. M. R. Sourov, M. Khan, P. Rahman, Network intrusion detection using machine learning approaches, Fifth International Conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud), (2021), 438-442.
• [34] I. Dutt, Pre-processing of KDD’99 & UNSW-NB network intrusion datasets, Turk. J. Comput. Math. Educ. , 12(11) (2021), 1762-1776.
• [35] S. Kim, L. Chen, J. Kim, Intrusion Prediction using LSTM and GRU with UNSW-NB15, 2021 Computing, Communications and IoT Applications (ComComAp), (2021), 101-106.
• [36] R. Singh, G. Srivastav, G., Novel framework for anomaly detection using machine learning technique on CIC-IDS2017 dataset, 2021 International Conference on Technological Advancements and Innovations (ICTAI), (2021), 632-636.
• [37] J. V. V. Silva, N. R. de Oliveira, D. S. Medeiros, M. A. Lopez, D. M. Mattos, A statistical analysis of intrinsic bias of network security datasets for training machine learning mechanisms, Ann. Telecommun., 77(7) (2022), 555-571.
• [38] S. Priya, 2021, Performance analysis comparison on various cyber-attack dataset by relatıng a deep belief network model on an intrusion detectıon system (IDS), Inf. Technol. Ind., 9(3) (2021), 608-613.
• [39] J. Man, G. Sun, A residual learning-based network intrusion detection system, Secur. Commun. Netw., 2021(1) (2021), 5593435.
• [40] L. Ashiku, C. Dagli, Network intrusion detection system using deep learning, Procedia Computer Science, 185 (2021), 239-247.
• [41] M. K. Hooshmand, D. Hosahalli, Network anomaly detection using deep learning techniques, CAAI Trans. Intell. Technol., 7(2) (2022), 228-243.
• [42] I. E. Kamarudin, M. F. Ab Razak, A. Firdaus, M. I. Jaya, Y. T. Dun, Performance Analysis on Denial of Service attack using UNSW-NB15 Dataset, 2021 International Conference on Software Engineering & Computer Systems and 4th International Conference on Computational Science and Information Management (ICSECS-ICOCSIM), (2021), 423-426.
• [43] R. Mag´an-Carri´on, D. Urda, I. D´ıaz-Cano, B. Dorronsoro, Improving the reliability of network intrusion detection systems through sataset integration, IEEE Trans. Emerg. Top. Comput., 10(4) (2022), 1717-1732.
• [44] N. Sharma, S. Yadav, Ensemble learning based classification of UNSW-NB15 dataset using exploratory data analysis, 9th International Conference on Reliability, Infocom Technologies and Optimization (Trends and Future Directions) (ICRITO), (2021), 1-7.
• [45] Y. J. Chew, N. Lee, S. Y. Ooi, K. S. Wong, Y. H. Pang, Benchmarking full version of GureKDDCup, UNSW-NB15, and CIDDS-001 NIDS datasets using rolling-origin resampling, Inf. Secur. J. Global Perspect., 31(5) (2022) , 544-565.
• [46] T. Acharya, I. Khatri, A. Annamalai, M. F. Chouikha, Efficacy of machine learning-based classifiers for binary and multi-class network intrusion detection, 2021 IEEE International Conference on Automatic Control & Intelligent Systems (I2CACIS), (2021), 402-407.
• [47] G. Dlamini, M. Fahim, DGM: a data generative model to improve minority class presence in anomaly detection domain, Neural Comput. Appl., 33(20) (2021), 13635-13646.
• [48] A. Pavlov, N. Voloshina, Dataset selection for attacker group identification methods, 30th Conference of Open Innovations Association FRUCT, (2021), 171-176.
• [49] H. Güler, Ö. Alpay, Intrusion detection and classification based on deep learning, 2021 International Conference on Information Security and Cryptology (ISCTURKIYE), (2021), 40-44.
• [50] U. Gürtürk, M. Baykara, M. Karabatak, Identifying the visitors with data mining methods from web log files, Int. J. Emerg. Technol. Eng. Res., 5(3) (2017), 243-249.
• [51] U. Gürtürk, Türkiye’nin siber güvenlik politikalarının yazılım mühendisliği açısından değerlendirilmesi ve kritik altyapıların siber saldırılardan korunmasına yönelik olay yönetim sistemi tasarımı, M.Sc. Thesis, İstanbul University-Cerrahpaşa, 2022.