NETWORK TRAFFIC ANOMALY DETECTION ON A NAVY NETWORK

Loading...
Thumbnail Image
Authors
Laws, Michael J.
Bunder, Greg T.
Subjects
big data
unsupervised machine learning
random cut forest
feature extraction
feature generation
INOSS framework
Amazon Web Services
GovCloud
AWS SageMaker
network architecture
network anomaly detection
unclassified Navy network
Hadoop
elastic map reduce
Advisors
Monaco, John
Date of Issue
2020-06
Date
Publisher
Monterey, CA; Naval Postgraduate School
Language
Abstract
Navy watchstanders are ill-equipped to monitor network status in real-time, to include an inability to identify network anomalies and potential risks on the fly. This leads to a lack of situational awareness and ultimately an inability to determine the current network risk level. An existing unsupervised machine learning technique is identified and leveraged to enable the detection of anomalous DNS network traffic on a shore-based unclassified Navy network. The research conducted by the team outlines an architecture that could be extended to produce a capability to provide the watchstander a near real-time metric of a subset of the risk that the network is experiencing by classifying DNS traffic anomalies.
Type
Thesis
Description
Department
Computer Science (CS)
Computer Science (CS)
Organization
Identifiers
NPS Report Number
Sponsors
Fleet Cyber / 10th Fleet
Funder
Format
Citation
Distribution Statement
Approved for public release. distribution is unlimited
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.
Collections