FNF: Flow-net based fingerprinting and its applications

Abstract Relationships among events in conventional system and network logs are not explicitly recorded and can only be determined from examining ancillary attributes of the events, such as, time stamps and event identifiers, or sometimes the semantics of the event attributes with some learning algorithms. The accuracy of the event relations is subject to the design of the algorithms, the experience of the users of the algorithms, and the completeness and accuracy of the attributes and the semantics. On the other hand, a flow-net based logging approach builds comprehensive system and network logs in the forms of direct acyclic graph. Specifically, it records both flows of events and intersections of the flows, and the flows capture relations among the events explicitly in real time and allow tracking the events and analyzing event relation efficiently. Taking advantage of flow-net based logs, we propose a flow-net based fingerprinting (FNF) scheme to capture system or network behaviors, and design a fingerprint lookup algorithm to solve the fingerprint matching problem, i.e., to determine whether a flow-net log contains the behavior characterized by some behavior fingerprints. To demonstrate the effectiveness of the flow-net based fingerprinting scheme, we conduct evaluation experiments where we apply the FNF to detecting a few known malicious behaviors in TCP/IP networks. The evaluation results demonstrate that FNF has superior computational efficiency to those based on conventional logging schemes.

[1]  Frank L. Lewis,et al.  Data-logging and supervisory control in wireless sensor networks , 2009, Int. J. Sens. Networks.

[2]  Bo Fu,et al.  A multi-resolution accountable logging and its applications , 2015, Comput. Networks.

[3]  Xingming Sun,et al.  Effective and Efficient Global Context Verification for Image Copy Detection , 2017, IEEE Transactions on Information Forensics and Security.

[4]  Vera Marinova-Boncheva,et al.  A Short Survey of Intrusion Detection Systems , 2007 .

[5]  Yi Wang,et al.  EasiSec: a SoC security coprocessor based on fingerprint-based key management for WSN , 2013, Int. J. Sens. Networks.

[6]  Jian Shen,et al.  $$\varvec{\textit{KDVEM}}$$KDVEM: a $$k$$k-degree anonymity with vertex and edge modification algorithm , 2015, Computing.

[7]  Chao Liu,et al.  An unsupervised anomaly detection approach using energy-based spatiotemporal graphical modeling , 2017 .

[8]  Tinghuai Ma,et al.  A novel subgraph K+\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$K^{+}$$\end{document}-isomorphism method in social , 2017, Soft Computing.

[9]  Anita K. Jones,et al.  Computer System Intrusion Detection: A Survey , 2000 .

[10]  Dennis Shasha,et al.  A subgraph isomorphism algorithm and its application to biochemical data , 2013, BMC Bioinformatics.

[11]  Wil M. P. van der Aalst,et al.  Workflow mining: discovering process models from event logs , 2004, IEEE Transactions on Knowledge and Data Engineering.

[12]  Julian R. Ullmann,et al.  An Algorithm for Subgraph Isomorphism , 1976, J. ACM.

[13]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[14]  Xingming Sun,et al.  Structural Minimax Probability Machine , 2017, IEEE Transactions on Neural Networks and Learning Systems.

[15]  Bo Fu,et al.  An Implementation Scheme of Flow-Net and Its Applications on Detecting Attacks in Wireless Networks , 2010, 2010 IEEE Global Telecommunications Conference GLOBECOM 2010.

[16]  Yang Xiao,et al.  Integration of mobility and intrusion detection for wireless ad hoc networks , 2007, Int. J. Commun. Syst..

[17]  Mario Vento,et al.  A (sub)graph isomorphism algorithm for matching large graphs , 2004, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[18]  Tansel Yucelen,et al.  Adaptive control architectures for mitigating sensor attacks in cyber-physical systems , 2016 .

[19]  Jian Shen,et al.  An Efficient Public Auditing Protocol With Novel Dynamic Structure for Cloud Data , 2017, IEEE Transactions on Information Forensics and Security.

[20]  Bo Fu,et al.  A multi-resolution flow-net methodology for accountable logging and its application in TCP/IP networks , 2014, 2014 IEEE International Conference on Communications (ICC).

[21]  Richard A. Kemmerer,et al.  State Transition Analysis: A Rule-Based Intrusion Detection Approach , 1995, IEEE Trans. Software Eng..

[22]  H. S. Teng,et al.  Security audit trail analysis using inductively generated predictive rules , 1990, Sixth Conference on Artificial Intelligence for Applications.

[23]  John Keeney,et al.  Multilevel pattern mining architecture for automatic network monitoring in heterogeneous wireless communication networks , 2016, China Communications.

[24]  Yang Xiao,et al.  Intrusion detection techniques in mobile ad hoc and wireless sensor networks , 2007, IEEE Wireless Communications.

[25]  Vahid Tabataba Vakili,et al.  Detection of clone node attack in mobile wireless sensor network with optimised cost function , 2017, Int. J. Sens. Networks.

[26]  Yao Wang,et al.  LED: A fast overlapping communities detection algorithm based on structural clustering , 2016, Neurocomputing.

[27]  Daisuke Takahashi,et al.  Accountability using flow-net: design, implementation, and performance evaluation , 2012, Secur. Commun. Networks.

[28]  Yang Xiao,et al.  A survey of intrusion detection systems in smart grid , 2017, Int. J. Sens. Networks.

[29]  Julian R. Ullmann,et al.  Bit-vector algorithms for binary constraint satisfaction and subgraph isomorphism , 2010, JEAL.

[30]  S.Y. Lim,et al.  Network Anomaly Detection System: The State of Art of Network Behaviour Analysis , 2008, 2008 International Conference on Convergence and Hybrid Information Technology.

[31]  Yang Xiao,et al.  Water quality monitoring using STORM 3 Data Loggers and a wireless sensor network , 2016, Int. J. Sens. Networks.

[32]  Elisa Bertino,et al.  The Design and Evaluation of Accountable Grid Computing System , 2009, 2009 29th IEEE International Conference on Distributed Computing Systems.

[33]  Yang Xiao Flow-net methodology for accountability in wireless networks , 2009, IEEE Network.

[34]  H. S. Teng,et al.  Adaptive real-time anomaly detection using inductively generated sequential patterns , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[35]  Stephen A. Cook,et al.  The complexity of theorem-proving procedures , 1971, STOC.

[36]  Bin Gu,et al.  A Robust Regularization Path Algorithm for $\nu $ -Support Vector Classification , 2017, IEEE Transactions on Neural Networks and Learning Systems.

[37]  Bin Gu,et al.  Incremental Support Vector Learning for Ordinal Regression , 2015, IEEE Transactions on Neural Networks and Learning Systems.

[38]  Yang Xiao,et al.  Detection of Fraudulent Usage in Wireless Networks , 2007, IEEE Transactions on Vehicular Technology.

[39]  Chengsheng Yuan,et al.  Fingerprint liveness detection based on multi-scale LPQ and PCA , 2016, China Communications.

[40]  Bo Fu,et al.  FNF: flow-net based fingerprinting , 2017, ACM TUR-C '17.

[41]  Daisuke Takahashi,et al.  IEEE 802.11 user fingerprinting and its applications for intrusion detection , 2010, Comput. Math. Appl..

[42]  Geethapriya Thamilarasu,et al.  iDetect: an intelligent intrusion detection system for wireless body area networks , 2016, Int. J. Secur. Networks.

[43]  Bo Fu,et al.  Accountability and Q-Accountable Logging in Wireless Networks , 2014, Wireless Personal Communications.

[44]  Anup Ghosh,et al.  Simple, state-based approaches to program-based anomaly detection , 2002, TSEC.

[45]  Karen A. Scarfone,et al.  Guide to Intrusion Detection and Prevention Systems (IDPS) , 2007 .

[46]  Hasan M. Jamil Computing subgraph isomorphic queries using structural unification and minimum graph structures , 2011, SAC '11.