Anomaly Detection Module for Network Traffic Monitoring in Public Institutions

Łukasz Wawrowski; Andrzej Białas; Adrian Kajzer; Artur Kozłowski; Rafał Kurianowicz; Marek Sikora; Agnieszka Szymańska-Kwiecień; Mariusz Uchroński; Miłosz Białczak; Maciej Olejnik; Marcin Michalak

doi:10.3390/s23062974

Sensors (Mar 2023)

Anomaly Detection Module for Network Traffic Monitoring in Public Institutions

Łukasz Wawrowski,
Andrzej Białas,
Adrian Kajzer,
Artur Kozłowski,
Rafał Kurianowicz,
Marek Sikora,
Agnieszka Szymańska-Kwiecień,
Mariusz Uchroński,
Miłosz Białczak,
Maciej Olejnik,
Marcin Michalak

Affiliations

Łukasz Wawrowski: Łukasiewicz Research Network—Institute of Innovative Technologies EMAG, ul. Leopolda 31, 40-189 Katowice, Poland
Andrzej Białas: Łukasiewicz Research Network—Institute of Innovative Technologies EMAG, ul. Leopolda 31, 40-189 Katowice, Poland
Adrian Kajzer: Wroclaw Centre for Networking and Supercomputing, Wroclaw University of Science and Technology, Wybrzeże Wyspiańskiego 27, 50-370 Wrocław, Poland
Artur Kozłowski: Łukasiewicz Research Network—Institute of Innovative Technologies EMAG, ul. Leopolda 31, 40-189 Katowice, Poland
Rafał Kurianowicz: Łukasiewicz Research Network—Institute of Innovative Technologies EMAG, ul. Leopolda 31, 40-189 Katowice, Poland
Marek Sikora: Łukasiewicz Research Network—Institute of Innovative Technologies EMAG, ul. Leopolda 31, 40-189 Katowice, Poland
Agnieszka Szymańska-Kwiecień: Wroclaw Centre for Networking and Supercomputing, Wroclaw University of Science and Technology, Wybrzeże Wyspiańskiego 27, 50-370 Wrocław, Poland
Mariusz Uchroński: Wroclaw Centre for Networking and Supercomputing, Wroclaw University of Science and Technology, Wybrzeże Wyspiańskiego 27, 50-370 Wrocław, Poland
Miłosz Białczak: Wroclaw Centre for Networking and Supercomputing, Wroclaw University of Science and Technology, Wybrzeże Wyspiańskiego 27, 50-370 Wrocław, Poland
Maciej Olejnik: Wroclaw Centre for Networking and Supercomputing, Wroclaw University of Science and Technology, Wybrzeże Wyspiańskiego 27, 50-370 Wrocław, Poland
Marcin Michalak: Łukasiewicz Research Network—Institute of Innovative Technologies EMAG, ul. Leopolda 31, 40-189 Katowice, Poland

DOI: https://doi.org/10.3390/s23062974
Journal volume & issue: Vol. 23, no. 6
p. 2974

Abstract

Read online

It seems to be a truism to say that we should pay more and more attention to network traffic safety. Such a goal may be achieved with many different approaches. In this paper, we put our attention on the increase in network traffic safety based on the continuous monitoring of network traffic statistics and detecting possible anomalies in the network traffic description. The developed solution, called the anomaly detection module, is mostly dedicated to public institutions as the additional component of the network security services. Despite the use of well-known anomaly detection methods, the novelty of the module is based on providing an exhaustive strategy of selecting the best combination of models as well as tuning the models in a much faster offline mode. It is worth emphasizing that combined models were able to achieve 100% balanced accuracy level of specific attack detection.

Published in Sensors

ISSN: 1424-8220 (Online)
Publisher: MDPI AG
Country of publisher: Switzerland
LCC subjects: Technology: Chemical technology
Website: http://www.mdpi.com/journal/sensors

About the journal

Abstract

Keywords