Frequent Pattern Mining for Cyberattack Detection Using FP-Growth on Network Traffic Logs

Authors

  • Ali Hamsar Institut Teknologi Dan Bisnis Master
  • Fajar Maulana Universitas Adzkia Padang
  • Yomei Hendra Universitas Adzkia Padang
  • Asyahri Hadi Nasyuha Universitas Teknologi Digital Indonesia
  • Moustafa H Aly Arab Academy for Science Technology and Maritime Transport

DOI:

10.33395/sinkron.v9i4.15221

Keywords:

Cybersecurity, Data Mining, FP-Growth Algorithm, Network Traffic Analysis, CIC-IDS2017 Dataset

Abstract

Cybersecurity threats have become increasingly complex, coordinated, and adaptive, creating significant challenges for traditional intrusion detection systems (IDS) that rely on static, signature-based mechanisms. These systems often fail to recognize novel, evolving, or multi-vector attacks that do not match predefined patterns. To overcome these limitations, this study proposes a data-driven framework that applies the Frequent Pattern Growth (FP-Growth) algorithm to analyze co-occurring events within network traffic logs. Using the CIC-IDS2017 benchmark dataset, which includes a wide range of real-world attack scenarios, network events were preprocessed and transformed into transactional data. This transformation enabled the efficient extraction of frequent itemsets and association rules without the computational burden of candidate generation. The experimental results show that the proposed method effectively uncovers meaningful attack correlations, such as brute force attempts preceding privilege escalation or malware infections leading to large-scale DDoS attacks. The model achieved a precision of 77.27%, recall of 70.83%, and F1-score of 73.91%, confirming its reliability in detecting sophisticated attack chains. A heatmap visualization was also generated to improve interpretability, allowing security analysts to quickly identify critical attack relationships. In conclusion, this research demonstrates that FP-Growth provides a scalable, interpretable, and computationally efficient approach to cyberattack detection, with potential integration into real-time IDS environments. Future work will focus on temporal sequence mining and hybrid models combining FP-Growth with machine learning to enhance adaptive, context-aware threat detection.

GS Cited Analysis

Downloads

Download data is not yet available.

References

Bakro, M., Bisoy, S. K., Patel, A. K., & Naal, M. A. (2021). Performance Analysis of Cloud Computing Encryption Algorithms (Vol. 2, Issue 1, pp. 357–367). https://doi.org/10.1007/978-981-16-0695-3_35

Churcher, A., Ullah, R., Ahmad, J., Ur Rehman, S., Masood, F., Gogate, M., Alqahtani, F., Nour, B., & Buchanan, W. J. (2021). An experimental analysis of attack classification using machine learning in IoT networks. Sensors (Switzerland), 21(2), 1–32. https://doi.org/10.3390/s21020446

Farhat, S., Abdelkader, M., Meddeb-Makhlouf, A., & Zarai, F. (2023). Evaluation of DoS/DDoS Attack Detection with ML Techniques on CIC-IDS2017 Dataset. International Conference on Information Systems Security and Privacy, Icissp, 287–295. https://doi.org/10.5220/0011605700003405

Franchina, L., Sergiani, F., Brutti, G., & Donati, F. (2022). FP Growth Application for the Prediction of Terrorist Attacks (Vol. 2012, Issue Sistem Pakar, pp. 807–819). https://doi.org/10.1007/978-3-030-89906-6_51

Gao, H., Shi, Z., Wu, F., Yu, J., Xu, Q., He, H., & Huang, Z. (2022). Network attacks identification method of relay protection devices communication system based on Fp-Growth algorithm. 2022 IEEE Sustainable Power and Energy Conference (ISPEC), 1–6. https://doi.org/10.1109/iSPEC54162.2022.10033041

Guibene, K., Messai, N., Ayaida, M., & Khoukhi, L. (2024). A Pattern Mining-Based False Data Injection Attack Detector for Industrial Cyber-Physical Systems. IEEE Transactions on Industrial Informatics, 20(2), 2969–2978. https://doi.org/10.1109/TII.2023.3297139

Homayoun, S., Dehghantanha, A., Ahmadzadeh, M., Hashemi, S., & Khayami, R. (2020). Know Abnormal, Find Evil: Frequent Pattern Mining for Ransomware Threat Hunting and Intelligence. IEEE Transactions on Emerging Topics in Computing, 8(2), 341–351. https://doi.org/10.1109/TETC.2017.2756908

Jang, H. J., Yang, Y., Park, J. S., & Kim, B. (2021). Fp-growth algorithm for discovering region-based association rule in the iot environment. Electronics (Switzerland), 10(24). https://doi.org/10.3390/electronics10243091

Kim, T., & Pak, W. (2022). Robust Network Intrusion Detection System Based on Machine-Learning With Early Classification. IEEE Access, 10(February), 10754–10767. https://doi.org/10.1109/ACCESS.2022.3145002

Lakshmi, N., & Krishnamurthy, M. (2022). Frequent Itemset Generation Using Association Rule Mining Based on Hybrid Neural Network Based Billiard Inspired Optimization. Journal of Circuits, Systems and Computers, 31(08), 119–129. https://doi.org/10.1142/S0218126622501389

Lee, M., Choi, J., Choi, C., & Kim, P. (2017). APT attack behavior pattern mining using the FP-growth algorithm. 2017 14th IEEE Annual Consumer Communications & Networking Conference (CCNC), 1–4. https://doi.org/10.1109/CCNC.2017.8013435

Li, Z., Chen, Q. A., Yang, R., Chen, Y., & Ruan, W. (2021). Threat detection and investigation with system-level provenance graphs: A survey. Computers and Security, 106. https://doi.org/10.1016/j.cose.2021.102282

Liu, M., Liu, L., Xu, D., & Zhang, L. (2025). Cognitive IoT Collusion SSDF Attack Detection Based on FP-Growth Algorithm. Journal of Network and Systems Management, 33(2), 25. https://doi.org/10.1007/s10922-025-09900-9

Loco, P., Alonso, S., Hartmann, G., Whitmore, J., & Mclaughlin, E. (2024). The authors declare no competing interests . Adaptive Behavior-Based Ransomware Detection via Dynamic Flow Signatures.

Lou, P., Lu, G., Jiang, X., Xiao, Z., Hu, J., & Yan, J. (2021). Cyber intrusion detection through association rule mining on multi-source logs. Applied Intelligence, 51(6), 4043–4057. https://doi.org/10.1007/s10489-020-02007-5

Mallick, A. I., & Nath, R. (2024). Navigating the Cyber security Landscape: A Comprehensive Review of Cyber-Attacks, Emerging Trends, and Recent Developments. World Scientific News: An International Scientific Journal, 190(1), 1–69. www.worldscientificnews.com

Moustafa, N., Koroniotis, N., Keshk, M., Zomaya, A. Y., & Tari, Z. (2023). Explainable Intrusion Detection for Cyber Defences in the Internet of Things: Opportunities and Solutions. IEEE Communications Surveys & Tutorials, 25(3), 1775–1807. https://doi.org/10.1109/COMST.2023.3280465

Nasyuha, A. H., Jama, J., Abdullah, R., Syahra, Y., Azhar, Z., Hutagalung, J., & Hasugian, B. S. (2021). Frequent pattern growth algorithm for maximizing display items. Telkomnika (Telecommunication Computing Electronics and Control), 19(2), 390–396. https://doi.org/10.12928/TELKOMNIKA.v19i2.16192

Ozkan-okay, M., Yilmaz, A. A., Akin, E., Aslan, A., & Aktug, S. S. (2023). A Comprehensive Review of Cyber Security Vulnerabilities ,. Electronics, 12(1333).

Salem, A. H., Azzam, S. M., Emam, O. E., & Abohany, A. A. (2024). Advancing cybersecurity: a comprehensive review of AI-driven detection techniques. In Journal of Big Data (Vol. 11, Issue 1). Springer International Publishing. https://doi.org/10.1186/s40537-024-00957-y

Shawkat, M., Badawi, M., El-ghamrawy, S., Arnous, R., & El-desoky, A. (2022). An optimized FP-growth algorithm for discovery of association rules. The Journal of Supercomputing, 78(4), 5479–5506. https://doi.org/10.1007/s11227-021-04066-y

Sinthuja, M., Evangeline, D., Raja, S. P., & Shanmugarathinam, G. (2022). Frequent Itemset Mining Algorithms—A Literature Survey. In World Applied Sciences Journal (Vol. 28, Issue 11, pp. 159–166). https://doi.org/10.1007/978-981-16-2422-3_13

Sivanantham, S., Mohanraj, V., Suresh, Y., & Senthilkumar, J. (2023). Association Rule Mining Frequent-Pattern-Based Intrusion Detection in Network. Computer Systems Science and Engineering, 44(2), 1617–1631. https://doi.org/10.32604/csse.2023.025893

Su, L., Cheng, H., Li, L., Zhang, C., Wang, Y., & Zhao, J. (2024). A Novel Approach of Ransomware Detection with Dynamic Obfuscation Signature Analysis. In Jurnal Ilmiah SAINTIKOM (Vol. 12, Issue 1, pp. 1–10). https://doi.org/10.21203/rs.3.rs-5375812/v1

Wan, X., & Han, X. (2024). Efficient Top-k Frequent Itemset Mining on Massive Data. Data Science and Engineering, 9(2), 177–203. https://doi.org/10.1007/s41019-024-00241-2

Yang, T., Zhang, K., Cong, C., Kong, L., & Xi, D. (2024). Network Attack Detection Method of Power Equipment Communication System based on FP-Growth Algorithm. 2024 International Conference on Artificial Intelligence and Power Systems (AIPS), 10(2), 484–490. https://doi.org/10.1109/AIPS64124.2024.00106

Zafar Iqbal Khan, Mohammad Mazhar Afzal, & Khurram Naim Shamsi. (2024). A Comprehensive Study on CIC-IDS2017 Dataset for Intrusion Detection Systems. International Research Journal on Advanced Engineering Hub (IRJAEH), 2(02), 254–260. https://doi.org/10.47392/irjaeh.2024.0041

Zhang, B. (2021). Optimization of FP-Growth algorithm based on cloud computing and computer big data. International Journal of System Assurance Engineering and Management, 12(4), 853–863. https://doi.org/10.1007/s13198-021-01139-2

Downloads


Crossmark Updates

How to Cite

Hamsar, A., Maulana, F. ., Hendra, Y. ., Nasyuha, A. H., & Aly, M. H. (2025). Frequent Pattern Mining for Cyberattack Detection Using FP-Growth on Network Traffic Logs. Sinkron : Jurnal Dan Penelitian Teknik Informatika, 9(4), 2015-2025. https://doi.org/10.33395/sinkron.v9i4.15221

Issue

Vol. 9 No. 4 (2025): Articles Research October 2025

Section

Articles

License

Copyright (c) 2025 Ali Hamsar, Fajar Maulana, Yomei Hendra, Asyahri Hadi Nasyuha, Moustafa H Aly

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.

Crossref
Scopus
Google Scholar
Europe PMC