Metrics
4 Record Views
Conference proceeding
Selecting Feature Subsets in Continuous Flow Network Attack Traffic Big Data Using Incremental Frequent Pattern Mining
Algorithms, Vol.18(12), p.795
12/16/2025
Web of Science ID: WOS:001648079200001
Abstract
This work focuses on finding frequent patterns in continuous flow network traffic Big Data using incremental frequent pattern mining. A newly created Zeek Conn Log MITRE ATT&CK framework labeled dataset, UWF-ZeekData24, generated using the Cyber Range at The University of West Florida, was used for this study. While FP-Growth is effective for static datasets, its standard implementation does not support incremental mining, which poses challenges for applications involving continuously growing data streams, such as network traffic logs. To overcome this limitation, a staged incremental FP-Growth approach is adopted for this work. The novelty of this work is in showing how incremental FP-Growth can be used efficiently on continuous flow network traffic, or streaming network traffic data, where no rebuild is necessary when new transactions are scanned and integrated. Incremental frequent pattern mining also generates feature subsets that are useful for understanding the nature of the individual attack tactics. Hence, a detailed understanding of the features or feature subsets of the seven different MITRE ATT&CK tactics is also presented. For example, the results indicate that core behavioral rules, such as those involving TCP protocols and service associations, emerge early and remain stable throughout later increments. The incremental FP-Growth framework provides a structured lens through which network behaviors can be observed and compared over time, supporting not only classification but also investigative use cases such as anomaly tracking and technique attribution. And finally, the results of this work, the frequent itemsets, will be useful for intrusion detection machine learning/artificial intelligence algorithms.
Details
- Title
- Selecting Feature Subsets in Continuous Flow Network Attack Traffic Big Data Using Incremental Frequent Pattern Mining
- Publication Details
- Algorithms, Vol.18(12), p.795
- Resource Type
- Conference proceeding
- Publisher
- MDPI AG
- Number of pages
- 34
- Grant note
- Askew Institute at the University of West Florida2021 NCAE-C-002: Cyber Research Innovation Grant Program: H98230-21-1-0170
This research was supported by 2021 NCAE-C-002: Cyber Research Innovation Grant Program, grant number: H98230-21-1-0170. This research was also partially supported by the Askew Institute at the University of West Florida.
- Copyright
- © 2025 by the authors.
- Identifiers
- WOS:001648079200001; 99381568315006600
- Academic Unit
- Mathematics and Statistics; Computer Science; Hal Marcus College of Science and Engineering
- Language
- English