A new approach to combine multiplex networks and time series attributes: Building intrusion detection systems (IDS) in cybersecurity

Intrusion Detection Systems (IDS) are fundamental tools in cybersecurity environments. In this paper, we present a new methodology for the creation of intrusion detection systems (IDS) based on a strategy that combines the use of multiplex networks and time series analysis to provide a probability that an IP address be an attacker in a certain time. This approach reduces the number of alerts to a small number of IP addresses as well as the computation effort by not having to analyze each event independently. The evaluation of all traffic happens only at pre-defined times. The methodology relies on both the original utilization of some unsupervised machine learning techniques and on the use of certain time series attributes and their representation as a complex multiplex network, achieving a very significant reduction in the dimensionality of the resulting data representation. The result is a very effective intrusion detection system in large corporate environments and a new approach in the representation of the analyzed data as shown in the real case presented. © 2021 Elsevier Ltd