Investigation of associative rule search method for detection of cyber incidents in information management systems and security events using CICIDS2018 test data set

Authors

  • Volodymyr Onishchenko Institute of special communications and information protection of National technical university of Ukraine “Igor Sikorsky Kyiv Polytechnic Institute”, Kyiv, Ukraine https://orcid.org/0009-0000-1355-9178
  • Oleksandr Puchkov Institute of special communication and information protection of National technical university of Ukraine “Igor Sikorsky Kyiv Polytechnic Institute”, Kyiv, Ukraine https://orcid.org/0000-0002-8585-1044
  • Ihor Subach Institute of special communications and information security of National technical university of Ukraine “Igor Sikorsky Kyiv Polytechnic Institute”, Kyiv, Ukraine https://orcid.org/0000-0002-9344-713X

DOI:

https://doi.org/10.20535/2411-1031.2024.12.1.306275

Keywords:

Intelligent Data Analysis, associative rules, SIEM, cyber incident, cyber threat, cyberspace, data classification, information infrastructure

Abstract

Automated rule generation for cyber incident identification in information management and security event systems (SIEM, SYSTEM, etc.) plays a crucial role in modern cyberspace defense, where data volumes are exponentially increasing, and the complexity and speed of cyber-attacks are constantly rising. This article explores approaches and methods for automating the process of cyber incident identification rule generation to reduce the need for manual work and ensure flexibility in adapting to changes in threat models. The research highlights the need for utilizing modern techniques of Intelligent Data Analysis (IDA) to process large volumes of data and formulate behavior rules for systems and activities in information systems. The conclusion emphasizes the necessity of integrating multiple research directions, including analyzing existing methods and applying IDA algorithms to search for associative rules from large datasets. Key challenges addressed include the complexity of data modeling, the need to adapt to changes in data from dynamic cyber attack landscapes, and the speed of rule generation algorithms for their identification. The issue of the "dimensionality curse" and the identification of cybersecurity event sequences over time, particularly relevant to SIEM, are discussed. The research objective is defined as the analysis and evaluation of various mathematical methods for automated associative rule generation to identify cyber incidents in SIEM. The most effective strategies for enhancing the efficiency of associative rule generation and their adaptation to the dynamic change of the cybersecurity system state are identified to strengthen the protection of information infrastructure.

Author Biographies

Volodymyr Onishchenko, Institute of special communications and information protection of National technical university of Ukraine “Igor Sikorsky Kyiv Polytechnic Institute”, Kyiv

junior researcher

Oleksandr Puchkov, Institute of special communication and information protection of National technical university of Ukraine “Igor Sikorsky Kyiv Polytechnic Institute”, Kyiv

PhD in philosophy, professor, head

Ihor Subach, Institute of special communications and information security of National technical university of Ukraine “Igor Sikorsky Kyiv Polytechnic Institute”, Kyiv

doctor of technical science, professor, head at the cybersecurity
and application of information systems and technologies academic department

References

Б.М. Герасимов, та І.Ю. Субач, “Показники якості інформаційного забезпечення та їх вплив на ефективність застосування систем підтримки прийняття рішень”, Вісник КНУ ім. Т. Г. Шевченка, Вип. 20, с. 27-29, 2008.

Б.М. Герасимов, І.Ю. Субач, П.В. Хусаінов, та В.О. Міщенко, “Аналіз задач моніторингу інформаційних мереж та методів підвищення ефективності їхнього функціонування”, Сучасні інформаційні технології у сфері безпеки та оборони, № 3 (3), с. 24-28, 2008.

C. Islam, M.A. Babar, R. Croft, and H. Janicke, “SmartValidator: A framework for automatic identification and classification of cyber threat data”, Journal of Network and Computer Applications, 202(9):103370, 2022, doi: https://doi.org/10.1016/j.jnca.2022.103370.

E. Ficke, and S. Xu, “Apin: Automatic attack path identification in computer networks”, in Proc. 2020 IEEE International Conference on Intelligence and Security Informatics (ISI), Arlington, pp. 1-6, 2020, doi: https://doi.org/10.1109/ISI49825.2020.9280547.

Z. Li, X. Li, R. Tang, and L. Zhang, “Apriori algorithm for the data mining of global cyberspace security issues for human participatory based on association rules”, Front. Psychol., 11:582480, 2021, doi: https://doi.org/10.3389/fpsyg.2020.582480.

K. Nalavade, and B.B. Meshram, “Finding frequent itemsets using apriori algorithm to detect intrusions in large dataset”, International Journal of Computer Applications & Information Technology, vol. 6, iss. 1, pp. 84-92, 2014. [Online]. Available: http://www.ijcait.com/IJCAIT/61/611.pdf. Accessed on: Mar. 19, 2024.

A.E. Ibor, F.A. Oladeji, and O.B. Okunoye, “A survey of cyber security approaches for attack detection prediction and prevention”, International Journal of Security and its Applications, 12(4), 15-28, 2018, doi: https://doi.org/10.14257/ijsia.2018.12.4.02.

N.A. Azeez, T.J. Ayemobola, S. Misra, R. Maskeliūnas, and R. Damaševičius, “Network intrusion detection with a hashing based apriori algorithm using Hadoop MapReduce”, Computers, 8(4):86, 2019, doi: https://doi.org/10.3390/computers8040086.

CSE-CIC-IDS2018 on AWS. [Online]. Available: https://www.unb.ca/cic/datasets/ids-2018.html. Accessed on: Mar. 11, 2024.

A. Alsanad, and S. Altuwaijri, “Advanced Persistent Threat Attack Detection using Clustering Algorithms”, International Journal of Advanced Computer Science and Applications, vol. 13, no. 9, pp. 640-649, 2022, doi: https://doi.org/10.14569/IJACSA.2022.0130976.

H.N. Mohsenabad, and M.A. Tut, “Optimizing Cybersecurity Attack Detection in Computer Networks: A Comparative Analysis of Bio-Inspired Optimization Algorithms Using the CSE-CIC-IDS 2018 Dataset”, Applied Sciences, 14 (3):1044, 2024, doi: https://doi.org/10.3390/app14031044.

Downloads

Published

2024-06-27

How to Cite

Onishchenko, V., Puchkov, O., & Subach, I. (2024). Investigation of associative rule search method for detection of cyber incidents in information management systems and security events using CICIDS2018 test data set. Collection "Information Technology and Security", 12(1), 91–101. https://doi.org/10.20535/2411-1031.2024.12.1.306275

Issue

Vol. 12 No. 1 (2024)

Section

ARTIFICIAL INTELLIGENCE IN THE CYBERSECURITY FIELD

License

Copyright (c) 2024 Collection "Information Technology and Security"

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

The authors that are published in this collection, agree to the following terms:

  1. The authors reserve the right to authorship of their work and pass the collection right of first publication this work is licensed under the Creative Commons Attribution License, which allows others to freely distribute the published work with the obligatory reference to the authors of the original work and the first publication of the work in this collection.
     
  2. The authors have the right to conclude an agreement on exclusive distribution of the work in the form in which it was published this anthology (for example, to place the work in a digital repository institution or to publish in the structure of the monograph), provided that references to the first publication of the work in this collection.
     
  3. Policy of the journal allows and encourages the placement of authors on the Internet (for example, in storage facilities or on personal web sites) the manuscript of the work, prior to the submission of the manuscript to the editor, and during its editorial processing, as it contributes to productive scientific discussion and positive effect on the efficiency and dynamics of citations of published work (see The Effect of Open Access).