Show simple item record

dc.contributor.advisorXie, Geoffrey G.
dc.contributor.authorSalazar, Daniel
dc.date.accessioned2018-08-24T22:34:17Z
dc.date.available2018-08-24T22:34:17Z
dc.date.issued2018-06
dc.identifier.urihttp://hdl.handle.net/10945/59578
dc.description.abstractThis research examines the use of machine-learning techniques to identify malicious traffic in an emulated tactical computer network. The intent is to identify low-cost solutions based on open-source software capable of employment on computer hardware of currently fielded tactical data networks. These machine-learning techniques are investigated for application where it is prohibitive to employ bulky alternate network security measures such as security information and event management products. These methods are evaluated as a complementary solution to existing security measures, rather than as a replacement. A test network is established with sixteen hosts emulating generation of normal baseline traffic for periods of 48 hours. One machine is infected with a botnet simulator and sends malicious traffic at four levels of intensity. The traffic flows are captured, labeled, and used as training and testing sets for four commonly used machine-learning algorithms to generate models for identifying the botnet traffic. The trained models are then tested against other flow datasets to evaluate their ability to classify malicious traffic without prior signatures. We identify the J48 Decision Tree as the strongest single algorithm across six of our seven metrics. Our work also produces a report for network administrators that is clear, easy to understand, and most importantly, provides actionable information that can drive decisions to best defend the network.en_US
dc.description.urihttp://archive.org/details/leveragingmachin1094559578
dc.publisherMonterey, CA; Naval Postgraduate Schoolen_US
dc.rightsThis publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.en_US
dc.titleLEVERAGING MACHINE-LEARNING TO ENHANCE NETWORK SECURITYen_US
dc.typeThesisen_US
dc.contributor.secondreaderFulp, John D.
dc.contributor.departmentComputer Science (CS)
dc.subject.authormachine-learningen_US
dc.subject.authorbotnetsen_US
dc.subject.authornetwork securityen_US
dc.description.recognitionOutstanding Thesisen_US
dc.description.serviceCaptain, United States Marine Corpsen_US
etd.thesisdegree.nameMaster of Science in Computer Scienceen_US
etd.thesisdegree.levelMastersen_US
etd.thesisdegree.disciplineComputer Scienceen_US
etd.thesisdegree.grantorNaval Postgraduate Schoolen_US
dc.identifier.thesisid29457
dc.description.distributionstatementApproved for public release; distribution is unlimited.


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record