A MACHINE LEARNING APPROACH TO NETWORK SECURITY CLASSIFICATION USING NETFLOW DATA

Abstract

All computer network traffic can be associated with a specific signature based on a feature set within its metadata. There has been a significant effort in preprocessing data for machine learning for the purposes of transforming raw data into features that represent a large dataset and improve the accuracy of predictive models. This thesis develops a machine learning approach that can analyze and classify network traffic to determine the level and degree of secure practices within specific network identifiers. We propose a novel continuous learning methodology in which a clustering technique was utilized to identify labels to a previously unlabeled dataset. A neural network algorithm was then trained on the labeled flows and tested on an unknown dataset to determine the network security classification. This previously unknown dataset was then used to retrain the neural network, thus continuously expanding the database of feature sets for training in order to increase the security classification accuracy. By implementing the proposed methodology on a widely known dataset, we achieved an increase in security classification performance as compared to traditional classification techniques.