An Approach for Semi-Supervised Machine Learning-Based Mobile Network Anomaly Detection With Tagging

Introduction

In emerging of the 5G mobile network, the connectivity of Internet of Things (IoT) devices has increased progressively and online activities in the organization has risen with the increased online users. The transmission of information across the networks is increasing with the number of active online users. The fraudster users attempt to possess the credentials data and confidential information of the organization or users may misuse the corporation’s network. The detection of such activities are essential for the organization which may become a potential threat to the network. The detection of fraud activities is a fierce battle in network security as the mobile network is utilized with the number of mobile devices. The protection of these mobile networks is far-reaching for the organization as well as individuals.

In network security, the traditional Intrusion Detection System (IDS) is mainly used for signature based detection that cannot defend malicious events extensively at present. In recent years, the IDS using machine learning succeeds in the detection of cyber-attack with the extraction of unseen features from the transmission network packets over the network. Machine learning methods are highly adaptive to learn the labelled and unlabelled dataset that predict and classify the desired output. With the help of advanced supervised machine learning algorithms, there is a possibility to classify the various attacks in the network (Miao et al. 2019). The authors of Cui et al. (2019) and Nediyanchath et al. (2020) trained machine learning algorithms with the network packet dataset that enable them to detect well known attacks in the network. The potential of IDS based machine learning is arising to expand the enhancement of Software-Defined Networking.

An anomaly detection approach is essential to detect rare events which may misuse the corporation's network. The machine learning based anomaly detection is capable of clustering normal and fraud activities in the mobile network. In our approach, the ADS using FW-KSOM as a semi-supervised machine learning method is proposed to categorize the routine activities of the corporation and subsequently detect the unusual practice that is treated as an anomaly in the network. The proposed algorithm is trained with the tagging network applications dataset and provides a large amount of network packets continuously to form into clusters. The network packets are captured by the high computing server that is configured for capturing and analysing the live network packets in the data center. The captured network packets are stored into two datasets where one dataset holds the basic information of packets and other dataset has temporal and size features of the packet. The datasets are used by machine learning methods to classify and cluster the network activities. The supervised machine learning, namely k-nearest neighbour is trained with the help of tagging network applications dataset that helps to understand the behaviour of each application over the network. The unsupervised machine learning, namely the KSOM neural network is used to cluster the tagging dataset into different activities. The KSOM algorithm is implemented using python programming language and the python script performs the creation of datasets into comma separated value (csv) files from live packet traffic then executed along with the KSOM algorithm.