LEVERAGING MACHINE-LEARNING TO ENHANCE NETWORK SECURITY
Xie, Geoffrey G.
Fulp, John D.
MetadataShow full item record
This research examines the use of machine-learning techniques to identify malicious traffic in an emulated tactical computer network. The intent is to identify low-cost solutions based on open-source software capable of employment on computer hardware of currently fielded tactical data networks. These machine-learning techniques are investigated for application where it is prohibitive to employ bulky alternate network security measures such as security information and event management products. These methods are evaluated as a complementary solution to existing security measures, rather than as a replacement. A test network is established with sixteen hosts emulating generation of normal baseline traffic for periods of 48 hours. One machine is infected with a botnet simulator and sends malicious traffic at four levels of intensity. The traffic flows are captured, labeled, and used as training and testing sets for four commonly used machine-learning algorithms to generate models for identifying the botnet traffic. The trained models are then tested against other flow datasets to evaluate their ability to classify malicious traffic without prior signatures. We identify the J48 Decision Tree as the strongest single algorithm across six of our seven metrics. Our work also produces a report for network administrators that is clear, easy to understand, and most importantly, provides actionable information that can drive decisions to best defend the network.
RightsThis publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.
Showing items related by title, author, creator and subject.
Garza, Victor R.; Wood, Brian P.; Monaco, John V.; Blockmon, Ray; Males, Nathaniel; Niemann, Natasha; Ross, John (Monterey, California. Naval Postgraduate School, 2020-10-14); NRP-20-N033ACyber investigations often involve analysis of large volumes of log files, including network flow data. Machine learning (ML) techniques allow analysts and examiners to more quickly identify traffic flows relevant to the ...
Laws, Michael J.; Bunder, Greg T. (Monterey, CA; Naval Postgraduate School, 2020-06);Navy watchstanders are ill-equipped to monitor network status in real-time, to include an inability to identify network anomalies and potential risks on the fly. This leads to a lack of situational awareness and ultimately ...
Ellison, Bart D. (Monterey, CA; Naval Postgraduate School, 2021-03);Research has shown that machine learning holds promise as a technique to improve the identification and classification of signals of interest. This study proposes the use of machine learning, specifically generative ...