LEVERAGING MACHINE-LEARNING TO ENHANCE NETWORK SECURITY
Xie, Geoffrey G.
Fulp, John D.
MetadataShow full item record
This research examines the use of machine-learning techniques to identify malicious traffic in an emulated tactical computer network. The intent is to identify low-cost solutions based on open-source software capable of employment on computer hardware of currently fielded tactical data networks. These machine-learning techniques are investigated for application where it is prohibitive to employ bulky alternate network security measures such as security information and event management products. These methods are evaluated as a complementary solution to existing security measures, rather than as a replacement. A test network is established with sixteen hosts emulating generation of normal baseline traffic for periods of 48 hours. One machine is infected with a botnet simulator and sends malicious traffic at four levels of intensity. The traffic flows are captured, labeled, and used as training and testing sets for four commonly used machine-learning algorithms to generate models for identifying the botnet traffic. The trained models are then tested against other flow datasets to evaluate their ability to classify malicious traffic without prior signatures. We identify the J48 Decision Tree as the strongest single algorithm across six of our seven metrics. Our work also produces a report for network administrators that is clear, easy to understand, and most importantly, provides actionable information that can drive decisions to best defend the network.
RightsThis publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.
Showing items related by title, author, creator and subject.
Watkins, John R. (Monterey, CA; Naval Postgraduate School, 2021-09);All computer network traffic can be associated with a specific signature based on a feature set within its metadata. There has been a significant effort in preprocessing data for machine learning for the purposes of ...
Garza, Victor R.; Wood, Brian P.; Monaco, John V.; Blockmon, Ray; Males, Nathaniel; Niemann, Natasha; Ross, John (Monterey, California. Naval Postgraduate School, 2020-10-14); NRP-20-N033ACyber investigations often involve analysis of large volumes of log files, including network flow data. Machine learning (ML) techniques allow analysts and examiners to more quickly identify traffic flows relevant to the ...
Duhe', Paul H., III (Monterey, CA; Naval Postgraduate School, 2023-03);The Onion Router (Tor) is used by adversaries and warfighters alike to encrypt session information and gain anonymity on the internet. Since its creation in 2002, Tor has gained popularity by terrorist organizations, human ...