NW Chanaka Lasantha; Ruvan Abeysekara; M.W.P Maduranga

A Novel Framework for Real-Time IP Reputation Validation Using Artificial Intelligence

PDF (760KB), PP.1-16

Views: 0 Downloads: 0

Author(s)

NW Chanaka Lasantha ¹ Ruvan Abeysekara ¹ M.W.P Maduranga ^2,*

1. IIC University of Technology, Faculty of Graduate Studies, Phnom Penh 121206, Cambodia

2. Department of Computer Engineering, General Sir John Kotelawala Defence University, Ratmalana, Sri Lanka

* Corresponding author.

DOI: https://doi.org/10.5815/ijwmt.2024.02.01

Received: 13 Nov. 2023 / Revised: 15 Dec. 2023 / Accepted: 13 Mar. 2024 / Published: 8 Apr. 2024

Index Terms

Real-time IP Reputation, AWS WAF Security, AI-powered IP Validation, OpenAI Language Models, Cybersecurity Automation

Abstract

This research paper introduces and discusses deeply an approach to the real-time IP reputation (IPR) concept and its validation process for an Amazon Web Services Web Application Firewall (AWS WAF) backend application safeguarding using intelligence (AI) technologies. Also, the study examines existing IP reputation solutions over AWS WAF which Evaluates methodologies highlighting the difficulties faced and real-world challenges in validating IPR while utilizing OpenAI’s generative AI language models the framework aims to automate the extraction and interpretation of IP-related information from AWS S3 real-time log storage sources such as logs, and natural language reports based on JSON structure. These dedicated algorithms developed, and AI model concepts are powered by processing language enabling them to identify incidents and detect patterns of IP behavior that should indicate security risks. Also, models do not directly access databases, as they can analyze data from APIs featured and with local maintenance database such that AbuseIPDB to evaluate the reputation of IP addresses Integrating AI into the process of validating IPs can greatly improve cybersecurity operations by summarizing findings and providing insights ultimately saving time and resources.

Cite This Paper

NW Chanaka Lasantha, Ruvan Abeysekara, MWP Maduranga, "A Novel Framework for Real-Time IP Reputation Validation Using Artificial Intelligence", International Journal of Wireless and Microwave Technologies(IJWMT), Vol.14, No.2, pp. 1-16, 2024. DOI:10.5815/ijwmt.2024.02.01

Reference

[1]J. Porenta and M. Ciglarič, “Empirical comparison of IP reputation databases,” ACM Int. Conf. Proceeding Ser., no. December, pp. 220–226, 2011, doi: 10.1145/2030376.2030402.
[2]Safitra, M.F.; Lubis, M.; Fakhrurroja, H. Counterattacking Cyber Threats: A Framework for the Future of Cybersecurity. Sustainability 2023, 15, 13369. https://doi.org/10.3390/su151813369
[3]M. Lyu, H. H. Gharakheili, C. Russell, and V. Sivaraman, “Hierarchical Anomaly-Based Detection of Distributed DNS Attacks on Enterprise Networks,” IEEE Trans. Netw. Serv. Manag., vol. 18, no. 1, pp. 1031–1048, 2021, doi: 10.1109/TNSM.2021.3050091.
[4]P. Vitliemov and K. Markov, "An Approach to Design a Haptic and Autonomous Multi-mission Incident Response Robot," 2022 8th International Conference on Energy Efficiency and Agricultural Engineering (EE&AE), Ruse, Bulgaria, 2022, pp. 1-4, doi: 10.1109/EEAE53789.2022.9831391.
[5]S. H. Ahn, N. U. Kim, and T. M. Chung, “Big data analysis system concept for detecting unknown attacks,” Int. Conf. Adv. Commun. Technol. ICACT, pp. 269–272, 2014, doi: 10.1109/ICACT.2014.6778962.
[6]E. D’Andréa, J. Francois, O. Festor, and M. Zakroum, “Multi-label Classification of Hosts Observed through a Darknet,” Proc. IEEE/IFIP Netw. Oper. Manag. Symp. 2023, NOMS 2023, 2023, doi: 10.1109/NOMS56928.2023.10154356.
[7]K. Gaur, M. Diwakar, K. Gaur, P. Singh, T. Sachdeva and N. K. Pandey, "SQL Injection Attacks and Prevention," 2023 6th International Conference on Information Systems and Computer Networks (ISCON), Mathura, India, 2023, pp. 1-4, doi: 10.1109/ISCON57294.2023.10112156.
[8]H. Alejos, “DDOS Mitigation Analysis of AWS Cloud Network,” Univ. Nusant. PGRI Kediri, vol. 01, pp. 1–7, 2017.
[9]N. Novaes Neto, S. E. Madnick, A. Moraes G. de Paula, and N. Malara Borges, “A Case Study of the Capital One Data Breach,” SSRN Electron. J., no. January, pp. 0–24, 2020, doi: 10.2139/ssrn.3542567.
[10]Naila Samad Shaikh, Affan Yasin, Rubia Fatima, "Ontologies as Building Blocks of Cloud Security", International Journal of Information Technology and Computer Science(IJITCS), Vol.14, No.3, pp.52-61, 2022.
[11]S. Achar, “Compliance Challenges for cloud firewall,” World Acad. Sci. Eng. Technol. Int. J. Comput. Syst. Eng., vol. 16, no. 9, pp. 379–384, 2022, doi: 10.5281/zenodo.7084251.
[12]Y. Mehmood, M. A. Shibli, U. Habiba, and R. Masood, “Intrusion detection system in cloud computing: Challenges and opportunities,” Conf. Proc. - 2013 2nd Natl. Conf. Inf. Assur. NCIA 2013, no. December, pp. 59–66, 2013, doi: 10.1109/NCIA.2013.6725325.
[13]A. Rath, B. Spasic, N. Boucart, and P. Thiran, “Security Pattern for Cloud SaaS : From System and Data Security to Privacy Case Study in AWS and Azure,” 2019, doi: 10.3390/computers8020034.
[14]S. Yasser hashemi and P. Sheykhi Hesarlo, “Security, Privacy and Trust Challenges in Cloud Computing and Solutions,” Int. J. Comput. Netw. Inf. Secur., vol. 6, no. 8, pp. 34–40, 2014.
[15]P. Kumar Sharma, P. Singla, V. Gupta, Paras and P. Garg, "An Era of ChatGPT: Systematic Analysis of Utility and Challenges," 2023 2nd International Conference on Edge Computing and Applications (ICECAA), Namakkal, India, 2023, pp. 897-902, doi: 10.1109/ICECAA58104.2023.10212359.
[16]V. Le and H. Zhang, “Log Parsing : How Far Can ChatGPT Go ?”.
[17]V. Le and H. Zhang, “Log Parsing with Prompt-based Few-shot Learning”.
[18]E. Pyyny, “Mikko Lempinen CHATBOT FOR ASSESSING SYSTEM SECURITY,” no. June, 2023.
[19]J. L. Lewis, G. F. Tambaliuc, H. S. Narman, and W. S. Yoo, “IP Reputation Analysis of Public Databases and Machine Learning Techniques,” 2020 Int. Conf. Comput. Netw. Commun. ICNC 2020, pp. 181–186, 2020, doi: 10.1109/ICNC47757.2020.9049760.
[20]S. Shaw and P. Choudhury, “A new local area network attack through IP and MAC address spoofing,” Conf. Proceeding - 2015 Int. Conf. Adv. Comput. Eng. Appl. ICACEA 2015, pp. 347–350, 2015, doi: 10.1109/ICACEA.2015.7164728.
[21]E. Chiapponi, M. Dacier, O. Thonnard, M. Fangar, and V. Rigal, “BADPASS: Bots Taking ADvantage of Proxy as a Service,” Lect. Notes Comput. Sci. (including Subser. Lect. Notes Artif. Intell. Lect. Notes Bioinformatics), vol. 13620 LNCS, pp. 327–344, 2022, doi: 10.1007/978-3-031-21280-2_18.
[22]Y. Huang et al., “Detect Malicious IP Addresses using Cross-Protocol Analysis,” 2019 IEEE Symp. Ser. Comput. Intell. SSCI 2019, pp. 664–672, 2019, doi: 10.1109/SSCI44817.2019.9003003.
[23]A. Aldweesh, A. Derhab, and A. Z. Emam, “Deep learning approaches for anomaly-based intrusion detection systems: A survey, taxonomy, and open issues,” Knowledge-Based Syst., vol. 189, p. 105124, 2020, doi: 10.1016/j.knosys.2019.105124.
[24]M. Zolanvari, M. A. Teixeira, L. Gupta, K. M. Khan, and R. Jain, “Machine Learning-Based Network Vulnerability Analysis of Industrial Internet of Things,” IEEE Internet Things J., vol. 6, no. 4, pp. 6822–6834, 2019, doi: 10.1109/JIOT.2019.2912022.
[25]R. Ganeshan, C. S. Kolli, C. M. Kumar, and T. Daniya, “A Systematic Review on Anomaly Based Intrusion Detection System,” IOP Conf. Ser. Mater. Sci. Eng., vol. 981, no. 2, 2020, doi: 10.1088/1757-899X/981/2/022010.
[26]Z. K. Maseer, R. Yusof, N. Bahaman, S. A. Mostafa, and C. F. M. Foozy, “Benchmarking of Machine Learning for Anomaly Based Intrusion Detection Systems in the CICIDS2017 Dataset,” IEEE Access, vol. 9, pp. 22351–22370, 2021, doi: 10.1109/ACCESS.2021.3056614.
[27]D. Chiba, K. Tobe, T. Mori, and S. Goto, “Detecting malicious websites by learning IP address features,” Proc. - 2012 IEEE/IPSJ 12th Int. Symp. Appl. Internet, SAINT 2012, pp. 29–39, 2012, doi: 10.1109/SAINT.2012.14.
[28]D. Jeon and B. Tak, “BlackEye: automatic IP blacklisting using machine learning from security logs,” Wirel. Networks, vol. 28, no. 2, pp. 937–948, 2022, doi: 10.1007/s11276-019-02201-5.
[29]D. Jeon and B. Tak, “automatic IP blacklisting using machine learning,” Wirel. Networks, vol. 28, no. 2, pp. 937–948, 2022, doi: 10.1007/s11276-019-02201-5.
[30]N. Usman et al., “IP Reputation for Forensics Data Analytics,” Futur. Gener. Comput. Syst., vol. 118, no. January, pp. 124–141, 2021, doi: 10.1016/j.future.2021.01.004.
[31]S. Shaw and P. Choudhury, “MAC address spoofing,” Conf. Proceeding - 2015 Int. Conf. Adv. Comput. Eng. Appl. ICACEA 2015, pp. 347–350, 2015, doi: 10.1109/ICACEA.2015.7164728.
[32]Y. Huang et al., “Graph neural networks and cross-protocol analysis for detecting malicious IP addresses,” Complex Intell. Syst., vol. 9, no. 4, pp. 3857–3869, 2023, doi: 10.1007/s40747-022-00838-y.
[33]D. Ocampo, F. B. C, D. Castillo, T. M. L, and M. A. N, “A New Local Area Network Attack through IP and M,” pp. 198–205, 2013.
[34]F. Livingston, “Implementation of Breiman’s Random Forest Machine Learning Algorithm,” Mach. Learn. J. Pap., pp. 1–13, 2005.
[35]D. D. Anton, “Anomaly-based Intrusion Detection in Industrial Data with SVM and Random Forests”.
[36]J. Alonso, L. Belanche, and D. R. Avresky, “Predicting software anomalies using machine learning techniques,” Proc. - 2011 IEEE Int. Symp. Netw. Comput. Appl. NCA 2011, pp. 163–170, 2011, doi: 10.1109/NCA.2011.29.

International Journal of Wireless and Microwave Technologies (IJWMT)