Real-Time Clustering Based on Deep Embeddings for Threat Detection in 6G Networks

Paolini, Emilio; Valcarenghi, Luca; Maggiani, Luca; Andriolli, Nicola

doi:10.1109/access.2023.3325721

Cited by 9 publications

(2 citation statements)

References 27 publications

(35 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This can overwhelm servers and leave legitimate requests unanswered when concurrent connection limits are reached. These tactics underscore the challenges in defending against such disruptive attacks [8,66,67]. Detecting these attacks allows organizations to protect their online services, maintain server availability, and ensure a consistent user experience.…”

Section: Data Preparationmentioning

confidence: 99%

Automated Network Incident Identification through Genetic Algorithm-Driven Feature Selection

Aksoy,

Valle,

Kar

2024

Electronics

View full text Add to dashboard Cite

The cybersecurity landscape presents daunting challenges, particularly in the face of Denial of Service (DoS) attacks such as DoS Http Unbearable Load King (HULK) attacks and DoS GoldenEye attacks. These malicious tactics are designed to disrupt critical services by overwhelming web servers with malicious requests. In contrast to DoS attacks, there exists nefarious Operating System (OS) scanning, which exploits vulnerabilities in target systems. To provide further context, it is essential to clarify that NMAP, a widely utilized tool for identifying host OSes and vulnerabilities, is not inherently malicious but a dual-use tool with legitimate applications, such as asset inventory services in company networks. Additionally, Domain Name System (DNS) botnets can be incredibly damaging as they harness numerous compromised devices to inundate a target with malicious DNS traffic. This can disrupt online services, leading to downtime, financial losses, and reputational damage. Furthermore, DNS botnets can be used for other malicious activities like data exfiltration, spreading malware, or launching other cyberattacks, making them a versatile tool for cybercriminals. As attackers continually adapt and modify specific attributes to evade detection, our paper introduces an automated detection method that requires no expert input. This innovative approach identifies the distinct characteristics of DNS botnet attacks, DoS HULK attacks, DoS GoldenEye attacks, and OS-Scanning, explicitly using the NMAP tool, even when attackers alter their tactics. By harnessing a representative dataset, our proposed method ensures robust detection of such attacks against varying attack parameters or behavioral shifts. This heightened resilience significantly raises the bar for attackers attempting to conceal their malicious activities. Significantly, our approach delivered outstanding outcomes, with a mid 95% accuracy in categorizing NMAP OS scanning and DNS botnet attacks, and 100% for DoS HULK attacks and DoS GoldenEye attacks, proficiently discerning between malevolent and harmless network packets. Our code and the dataset are made publicly available.

show abstract

Section: Data Preparationmentioning

confidence: 99%

Automated Network Incident Identification through Genetic Algorithm-Driven Feature Selection

Aksoy,

Valle,

Kar

2024

Electronics

View full text Add to dashboard Cite

show abstract

“…Another approach focuses on predictive modeling techniques to anticipate network anomalies and security breaches based on historical CDR data. By employing time-series analysis, clustering algorithms, and regression models, researchers predict potential security incidents such as network congestion, denial-of-service (DoS) attacks, and unauthorized access attempts [ 11 ]. These predictive models enable mobile network operators to implement preemptive measures to mitigate against risks and ensure uninterrupted service delivery to users.…”

Section: Literature Reviewmentioning

confidence: 99%

Insight into Anomaly Detection and Prediction and Mobile Network Security Enhancement Leveraging K-Means Clustering on Call Detail Records

Aziz,

Bestak

2024

Sensors

View full text Add to dashboard Cite

The dynamic and evolving nature of mobile networks necessitates a proactive approach to security, one that goes beyond traditional methods and embraces innovative strategies such as anomaly detection and prediction. This study delves into the realm of mobile network security and reliability enhancement through the lens of anomaly detection and prediction, leveraging K-means clustering on call detail records (CDRs). By analyzing CDRs, which encapsulate comprehensive information about call activities, messaging, and data usage, this research aimed to unveil hidden patterns indicative of anomalous behavior within mobile networks and security breaches. We utilized 14 million one-year CDR records. The mobile network used had deployed the latest network generation, 5G, with various sources of network elements. Through a systematic analysis of historical CDR data, this study offers insights into the underlying trends and anomalies prevalent in mobile network traffic. Furthermore, by harnessing the predictive capabilities of the K-means algorithm, the proposed framework facilitates the anticipation of future anomalies based on learned patterns, thereby enhancing proactive security measures. The findings of this research can contribute to the advancement of mobile network security by providing a deeper understanding of anomalous behavior and effective prediction mechanisms. The utilization of K-means clustering on CDR data offers a scalable and efficient approach to anomaly detection, with 96% accuracy, making it well suited for network reliability and security applications in large-scale mobile networks for 5G networks and beyond.

show abstract

Support Vector Machine (SVM) to Predict Risk Factors in the 6G Cyber Digital Transformation Process of Enterprises

Zhao,

Hu,

Wang

2024

Wireless Pers Commun

View full text Add to dashboard Cite

Real-Time Clustering Based on Deep Embeddings for Threat Detection in 6G Networks

Cited by 9 publications

References 27 publications

Automated Network Incident Identification through Genetic Algorithm-Driven Feature Selection

Automated Network Incident Identification through Genetic Algorithm-Driven Feature Selection

Insight into Anomaly Detection and Prediction and Mobile Network Security Enhancement Leveraging K-Means Clustering on Call Detail Records

Support Vector Machine (SVM) to Predict Risk Factors in the 6G Cyber Digital Transformation Process of Enterprises

Contact Info

Product

Resources

About