LEVERAGING MACHINE-LEARNING TO ENHANCE NETWORK SECURITY
Xie, Geoffrey G.
Fulp, John D.
MetadataShow full item record
This research examines the use of machine-learning techniques to identify malicious traffic in an emulated tactical computer network. The intent is to identify low-cost solutions based on open-source software capable of employment on computer hardware of currently fielded tactical data networks. These machine-learning techniques are investigated for application where it is prohibitive to employ bulky alternate network security measures such as security information and event management products. These methods are evaluated as a complementary solution to existing security measures, rather than as a replacement. A test network is established with sixteen hosts emulating generation of normal baseline traffic for periods of 48 hours. One machine is infected with a botnet simulator and sends malicious traffic at four levels of intensity. The traffic flows are captured, labeled, and used as training and testing sets for four commonly used machine-learning algorithms to generate models for identifying the botnet traffic. The trained models are then tested against other flow datasets to evaluate their ability to classify malicious traffic without prior signatures. We identify the J48 Decision Tree as the strongest single algorithm across six of our seven metrics. Our work also produces a report for network administrators that is clear, easy to understand, and most importantly, provides actionable information that can drive decisions to best defend the network.
Approved for public release. distribution is unlimited
Showing items related by title, author, creator and subject.
Fansler, Aaron A.D. (Naval Postgraduate School, Monterey, California, 2018-07-20);Mr. Fansler presentation will discuss the use of machine learning in cyber security. Some significant steps have been made in the I.T. world but not in the O.T. world. The only advances come from the attacker’s side where ...
Sample entropy and random forests a methodology for anomaly-based intrusion detection and classification of low-bandwidth malware attacks Hyla, Bret M. (Monterey, California. Naval Postgraduate School, 2006-09);Sample Entropy examines changes in the normal distribution of network traffic to identify anomalies. Normalized Information examines the overall probability distribution in a data set. Random Forests is a supervised ...
Wang, Beng Wei (Monterey, California. Naval Postgraduate School, 2007-03);Wireless sensor networks have been widely researched for use in both military and commercial applications. They are especially of interest to the military planners as they can be deployed in hostile environments to collect ...