Publication:
CLASSIFYING TCP NETWORK TRAFFIC FLOWS VIA TRAFFIC INTERACTION GRAPHS AND MACHINE LEARNING

Loading...
Thumbnail Image
Authors
Straughn, Matthew N.
Subjects
TCP
network traffic
flows
streams
graph neural network
graph convolutional network
GCN
convolutional neural network
CNN
random forest classifier
RFC
traffic interaction graph
TIG
Advisors
Barton, Armon C.
Date of Issue
2023-09
Date
Publisher
Monterey, CA; Naval Postgraduate School
Language
Abstract
Detecting malicious traffic on networks is a critical problem facing the Department of Defense. In this thesis we utilize cutting edge machine learning techniques to detect malicious network traffic. We begin with two real-world datasets. First, real internet traffic collected on the NPS Enterprise Research Network, and second, the IoT23 dataset consisting of internet of things (IoT) devices that have been infected with malware. We convert raw packet captures into TCP streams using the 5-tuple definition from RFC6146. We then apply the traffic interaction graph (TIG) framework to these flows to capture burst patterns among signed packet lengths. Finally, we train these flows on a random forest classifier (RFC), a simple convolutional neural network (CNN), and a graph convolutional network (GCN). Additionally, we simulate various attack levels by combining the two datasets at various levels (99% NPS to 1% IoT, 99-5, 90-10, and IoT23 only). In each of these models we get exceptional results in accuracy, precision, and recall. This work specifically provides a proof of concept for using the TIG framework and graph neural networks to classify TCP flows. Future work should explore model enhancement, data enrichment, or stream-lining the entire process into a real-time software package.
Type
Thesis
Description
Department
Computer Science (CS)
Other Units
Identifiers
NPS Report Number
Sponsors
Funder
Format
Citation
Distribution Statement
Approved for public release. Distribution is unlimited.
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.
Collections