İlişkilendirme Kuralı Madenciliği Algoritmasını Kullanarak BGP Anomali Tespiti

Öz

Anomali, ağ güvenliğini etkileyen olağan dışı durumun ortaya çıkmasıdır. Bir ağdaki olağandışı durumun algılanması gereksinimi, ağdan anormal akışı algılayan ve kaldıran Anomali tespitidir. Sınır Ağ Geçidi Protokolü (BGP), yönlendirme ve erişilebilirlik bilgilerini paylaşmak için otonom sistemlerle iletişim kurmak için kullanılan en yaygın harici Ağ Geçidi Protokolüdür. Bu protokolün anormal davranışı, yetersiz tedarik, kötü niyetli saldırılar, trafik veya ekipman sorunları ve ağ operatörü hataları gibi çeşitli faktörlerden kaynaklanabilir. BGP güven varsayımı üzerine inşa edilmiştir ve sonuç olarak yıllar içinde birçok kez saldırıya uğramıştır. Code Red I, BGP ağını hedef alan ve işleyişinde anormallikler üreten iyi bilinen bir saldırı tespitinde kullanılan verisetidir. Veriseti içindeki saldırılar türleri, ağ trafiği verilerini kullanarak modelin eğitimi için veri kümesi olarak kullanılmıştır. Bu çalışmanın amacı, bir süre boyunca BGP'de bir anormalliği tetikleyen olayları tespit etmek ve aynı zamanda eğitim veri seti modelini kullanarak bu zaman aralığı boyunca BGP'den bir anormalliği tespit etmektir. İzinsiz Giriş Tespit Sisteminde (IDS) BGP anomali tespiti için gerçek birliktelik kuralı madenciliği sunuyoruz.

Anahtar Kelimeler

• BGP Anormali Tespiti
• Veri madenciliği
• Birliktelik Kuralları
• Veri kümesi
• Code Red I
• Apriori Algoritması.

BGP Anomaly Detection Using Association Rule Mining Algorithm

Öz

An anomaly is the occurrence of an exception that affects network security. The requirement for abnormality detection in a network is Anomaly detection, which detects and removes anomalous flow from the network. The Border Gateway Protocol (BGP) is the most common external Gateway Protocol used to communicate with autonomous systems to share routing and reachability information. This protocol's abnormal behavior may be caused by a variety of factors, including inadequate provisioning, malicious attacks, traffic or equipment issues, and network operator mistakes. BGP was built on the assumption of trust, and as a result, it has been hacked numerous times over the years. Code Red I is one well-known assault that targets BGP networking and produce abnormalities in its operation. These attacks were utilized as the dataset for training the model using network traffic data. The goal of this study is to detect the events that triggered an anomaly in the BGP during a time, as well as to detect an anomaly from the BGP throughout that time interval using the training dataset model. We present real association rule mining for BGP anomaly detection in the Intrusion Detection System (IDS).

Anahtar Kelimeler

• BGP Anomalies Detection
• Datamining
• Association Rules
• Dataset
• Code Red I
• Apriori Algorithm

Kaynakça

1. Hoarau, K., Tournoux, P. U., & Razafindralambo, T. (2021, October). Suitability of graph representation for bgp anomaly detection. In 2021 IEEE 46th Conference on Local Computer Networks (LCN) (pp. 305-310). IEEE.
2. Zhao, X., Band, S. S., Elnaffar, S., Sookhak, M., Mosavi, A., & Salwana, E. (2021). The implementation of border gateway protocol using software-defined networks: A systematic literature review. IEEE Access.
3. Garcia-Luna-Aceves, J. J. (2022, August). Attaining stable and loop-free inter-domain routing without path vectors. In Proceedings of the ACM SIGCOMM Workshop on Future of Internet Routing & Addressing (pp. 58-65).
4. Griffin, T. G., & Wilfong, G. (2019). An analysis of BGP convergence properties. ACM SIGCOMM Computer Communication Review, 29(4), 277-288.
5. Alotaibi, H. S., Gregory, M. A., & Li, S. (2022). Multidomain SDN-Based Gateways and Border Gateway Protocol. Journal of Computer Networks and Communications, 2022.
6. Edwards, P., Cheng, L., & Kadam, G. (2019). Border gateway protocol anomaly detection using machine learning techniques. SMU Data Science Review, 2(1), 5.
7. Szymoniak, S., Siedlecka-Lamch, O., Zbrzezny, A. M., Zbrzezny, A., & Kurkowski, M. (2021). SAT and SMT-Based Verification of Security Protocols Including Time Aspects. Sensors, 21(9), 3055.
8. Deshpande, S., Thottan, M., Ho, T. K., & Sikdar, B. (2019). An online mechanism for BGP instability detection and analysis. IEEE transactions on Computers, 58(11), 1470-1484.

9. Kong, H., Jong, C., & Ryang, U. (2019). Rare association rule mining for network intrusion detection. arXiv preprint arXiv:1610.04306.
10. Safara, F., Souri, A., & Serrizadeh, M. (2020). Improved intrusion detection method for communication networks using association rule mining and artificial neural networks. IET Communications, 14(7), 1192-1197.
11. Badhon, B., Kabir, M. M. J., Xu, S., & Kabir, M. (2021). A survey on association rule mining based on evolutionary algorithms. International Journal of Computers and Applications, 43(8), 775-785.
12. Telikani, A., Gandomi, A. H., & Shahbahrami, A. (2020). A survey of evolutionary computation for association rule mining. Information Sciences, 524, 318-352.
13. Yulanda, R. D., Wahyuningsih, S., & Amijaya, F. D. T. (2019, July). Association rules with apriori algorithm and hash-based algorithm. In Journal of Physics: Conference Series (Vol. 1277, No. 1, p. 012048). IOP Publishing.
14. Khafaji, H. K. (2021, February). A New Algorithm for Extracting Textual Maximal Frequent Itemsets from Arabic Documents. In Journal of Physics: Conference Series (Vol. 1773, No. 1, p. 012012). IOP Publishing.
15. Sarno, R., Sinaga, F., & Sungkono, K. R. (2020). Anomaly detection in business processes using process mining and fuzzy association rule learning. Journal of Big Data, 7(1), 1-19.
16. Moore, D., Shannon, C., & Claffy, K. (2020, November). Code-Red: a case study on the spread and victims of an Internet worm. In Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment (pp. 273-284).
17. Luo, X., & Li, Y. (2019). Security enhancement mechanism of modbus TCP protocol. DEStech Transactions on Computer Science and Engineering, 10.
18. Chandola, V., Banerjee, A., & Kumar, V. (2021). Anomaly detection Algorithms every Data Scientist should know. ACM computing surveys (CSUR), 41(3), 1-58.
19. Awadlesh, I. (2019). Weka: IT For Business Intelligence: Classification and Clustering Analysis. Term Paper, April, 19.
20. Verma, N., Malhotra, D., & Singh, J. (2020). Big data analytics for retail industry using MapReduce-Apriori framework. Journal of Management Analytics, 7(3), 424-442.
21. Naresh, P., & Suguna, R. (2019, May). Association rule mining algorithms on large and small datasets: A comparative study. In 2019 International Conference on Intelligent Computing and Control Systems (ICCS) (pp. 587-592). IEEE.
22. Yi, F., Zhang, L., Yang, S., & Zhao, D. (2021, October). A Security-Enhanced Modbus TCP Protocol and Authorized Access Mechanism. In 2021 IEEE Sixth International Conference on Data Science in Cyberspace (DSC) (pp. 61-67). IEEE.
23. Özalp, A. N., & Albayrak, Z. (2022). Detecting Cyber Attacks with High-Frequency Features using Machine Learning Algorithms. Acta Polytechnica Hungarica, 19(7).
24. A. F. Uluer, Z. Albayrak, A. N. Özalp, M. Çakmak and H. C. Altunay, "BGP Anomali Tespitinde Hibrit Model Yaklaşımı," 2022 30th Signal Processing and Communications Applications Conference (SIU), 2022, pp. 1-4, doi: 10.1109/SIU55565.2022.9864921.
25. A. N. ÖZALP, Z. ALBAYRAK, M. ÇAKMAK and E. ÖZDOĞAN, "Layer-based examination of cyber-attacks in IoT," 2022 International Congress on Human-Computer Interaction, Optimization and Robotic Applications (HORA), 2022, pp. 1-10, doi: 10.1109/HORA55278.2022.9800047.
26. Alazizi, A., Habrard, A., Jacquenet, F., He-Guelton, L., Oblé, F., & Siblini, W. (2019, November). Anomaly detection, consider your dataset first an illustration on fraud detection. In 2019 IEEE 31st international conference on tools with artificial intelligence (ICTAI) (pp. 1351-1355). IEEE.