Detecting and Analyzing Network Attacks: A Time-Series Analysis Using the Kitsune Dataset

Abstract

Network security is a critical concern in today’s digital world, requiring efficient methods for the automatic detection and analysis of cyber attacks. This study uses the Kitsune Network Attack Dataset to explore network traffic behavior for IoT devices under various attack scenarios, including ARP MitM, SYN DoS, and Mirai Botnet. Utilizing Python-based data analysis tools, we preprocess and analyze millions of network packets to uncover patterns indicative of malicious activities. The study employs packet-level time-series analysis to visualize traffic patterns and detect anomalies specific to each attack type. Key findings include high packet volumes in attacks such as SSDP Flood and Mirai Botnet, with the Mirai Botnet attack involving multiple IP addresses and lasting over 2 hours. Notable attack-specific behaviors include high traffic on port -1 and targeted traffic on specific ports like 53195. The SYN DoS and Mirai Botnet attacks are characterized by their prolonged durations, suggesting significant disruption. Overall, the study highlights distinctive attack patterns and underscores the importance of understanding these characteristics to enhance detection and response mechanisms.

Keywords

• Cyber Attack Analysis
• Kitsune Dataset
• Time-Series Analysis
• Intrusion Detection
• Exploratory Data Analysis
• Packet-Level Analysis

References

1. Mohammadiounotikandi A., and Babaeitarkami S. (2024). Cybersecurity in the age of AI: protecting our data and privacy in a digital world. Aust. J. Eng. Innov. Technol., 6(4), 86-92. Doi:10.34104/ajeit.024.086092.
2. Bharati, R. K. (2024). Cyber Threats and the Erosion of Privacy: Examining the Delicate Equilibrium. Preprints 2024, 2024071577. Doi:10.20944/preprints202407.1577.v1
3. Balisane, H., Egho-Promise, E., Lyada, E., Aina, F., Sangodoyin, A., & Kure, H. (2024). The Effectiveness of a Comprehensive threat Mitigation Framework in NETWORKING: A Multi-Layered Approach to Cyber Security. International Research Journal of Computer Science, 11(06), 529-538., Doi: 10.26562/irjcs.2024.v1106.03.
4. Balisane, H., Egho-Promise, E. I., Lyada, E., & Aina, F. (2024). Towards Improved Threat Mitigation In Digital Environments: A Comprehensive Framework For Cybersecurity Enhancement. International Journal Of Research-Granthaalayah, 12(5). Doi: 10.29121/granthaalayah.v12.i5.2024.5655.
5. Sendjaja, T., Irwandi, E. P., Suryani, Y., & Fatmawati, E. (2024). Cybersecurity In The Digital Age: Developing Robust Strategies To Protect Against Evolving Global Digital Threats And Cyber Attacks. International Journal of Science and Society (IJSOC), 6(1), 1008-1019. Doi: 10.54783/ijsoc.v6i1.1098.
6. Aswathy, M. C., Rajkumar, T.(2024). Real Time Anomaly Detection in Network Traffic: A Comparative Analysis of Machine Learning Algorithms, International Research Journal on Advanced Engineering Hub (IRJAEH), 2(07), 1968-1977. Doi: 10.47392/irjaeh.2024.0269
7. Hassan, S. E. H., & Duong-Trung, N. (2024). Machine Learning in Cybersecurity: Advanced Detection and Classification Techniques for Network Traffic Environments. EAI Endorsed Transactions on Industrial Networks and Intelligent Systems, 11(3), 1-22. Doi:10.4108/eetinis.v11i3.5237.
8. Khan, A., Fouda, M. M., Do, D. T., Almaleh, A., & Rahman, A. U. (2023). Short-term traffic prediction using deep learning long short-term memory: Taxonomy, applications, challenges, and future trends. IEEE Access, 11, 94371-94391. Doi:10.1109/ACCESS.2023.3309601.

9. Zhang, W., & Lazaro, J. P. (2024). A Survey on Network Security Traffic Analysis and Anomaly Detection Techniques. International Journal of Emerging Technologies and Advanced Applications, 1(4), 8-16.. Doi:10.62677/IJETAA.2404117.
10. Thwaini, M. H. (2022). Anomaly Detection in Network Traffic using Machine Learning for Early Threat Detection. Data and Metadata, 1(34), 34-34, December 2022. Doi:10.56294/dm202272.
11. Pittman, J. M. (2023). Machine learning and port scans: A systematic review. arXiv preprint arXiv:2301.13581. Doi:10.48550/arXiv.2301.13581
12. Zhang, W., & Lazaro, J. P. (2024). A Survey on Network Security Traffic Analysis and Anomaly Detection Techniques. International Journal of Emerging Technologies and Advanced Applications, 1(4), 8-16. Doi:10.62677/IJETAA.2404117
13. Y. R. Gumma and S. Peram, "Review of cybercrime detection approaches using machine learning and deep learning techniques," in Proceedings of the IEEE International Conference on Artificial Intelligence and Computational Intelligence, 2024. [Online]. Available: Doi:10.1109/icaaic60222.2024.10575058
14. Khalaf, L. I., Alhamadani, B., Ismael, O. A., Radhi, A. A., Ahmed, S. R., & Algburi, S. (2024, May). Deep Learning-Based Anomaly Detection in Network Traffic for Cyber Threat Identification. In Proceedings of the Cognitive Models and Artificial Intelligence Conference (pp. 303-309). Doi:10.1145/3660853.3660932
15. Redhu, A., Choudhary, P., Srinivasan, K., & Das, T. K. (2024). Deep learning-powered malware detection in cyberspace: a contemporary review. Frontiers in Physics, 12, 1349463. Doi:10.3389/fphy.2024.1349463
16. Lu, K. (2024). Network Anomaly Traffic Analysis. Academic Journal of Science and Technology, 10(3), 65-68. Doi:10.54097/8as0rg31
17. Callegari, E., Nowenstein, I. E., Kristjánsdóttir, I. J., & Ingason, A. K. (2024, May). Automatic Extraction of Language-Specific Biomarkers of Healthy Aging In Icelandic. In Proceedings of the 2024 Joint International Conference on Computational Linguistics, Language Resources and Evaluation (LREC-COLING 2024) (pp. 1915-1924).
18. Ibrahim, J., & Gajin, S. (2022). Entropy-based network traffic anomaly classification method resilient to deception. Computer Science and Information Systems, 19(1), 87-116. Doi: 10.2298/CSIS201229045I
19. Liu, H., & Wang, H. (2023). Real-time anomaly detection of network traffic based on CNN. Symmetry, 15(6), 1205. Doi:10.3390/sym15061205
20. Abu Bakar, R., & Kijsirikul, B. (2023). Enhancing Network Visibility and Security with Advanced Port Scanning Techniques. Sensors, 23(17), 7541. Doi:10.3390/s23177541
21. Aziz, M. N. (2023). Finding Patterns of Cyber-Attacks and Creating A Detection Model to Detect Cyber-Attacks Using Machine Learning. Journal of Artificial Intelligence, Machine Learning and Neural Network, 3(01), 8-24. Doi: 10.55529/jaimlnn.31.8.24.
22. López-Vizcaíno, M. F., Novoa, F. J., Fernández, D., & Cacheda, F. (2022). Measuring Early Detection of Anomalies. IEEE Access, 10, 127695-127707. Doi: 10.1109/ACCESS.2022.3224467.
23. Mapoka, T. T., Zuva, K., Kukumara, G., Seipone, T., & Zuva, T. (2023). Exploring Social Engineering Attacks Using Spear Phishing in a Universtiy. The Eurasia Proceedings of Science Technology Engineering and Mathematics, 24, 21-28. Doi: 10.55549/epstem.1406262
24. Gajin, S. (2022). Network Traffic Anomaly Detection and Analysis-from Research to the Implementation. In BISEC, N. Zdravković, D. Domazet, S. López-Pernas, M. Á. Conde, and P. Vijayakumar, Eds. Belgrade Metropolitan University, 2022, pp. 9–19.
25. Liu, H., & Wang, H. (2023). Real-time anomaly detection of network traffic based on CNN. Symmetry, 15(6), 1205. Doi:10.3390/sym15061205
26. Zamanzadeh Darban, Z., Webb, G. I., Pan, S., Aggarwal, C., & Salehi, M. (2022). Deep learning for time series anomaly detection: A survey. ACM Computing Surveys. Doi: 10.1145/3691338