A MACHINE LEARNING APPROACH TO NETWORK SECURITY CLASSIFICATION USING NETFLOW DATA

Loading...
Thumbnail Image
Authors
Watkins, John R.
Subjects
machine learning
deep learning
concept drift
intrusion detection
computer network security
Advisors
McEachen, John C.
Tummala, Murali
Date of Issue
2021-09
Date
Publisher
Monterey, CA; Naval Postgraduate School
Language
Abstract
All computer network traffic can be associated with a specific signature based on a feature set within its metadata. There has been a significant effort in preprocessing data for machine learning for the purposes of transforming raw data into features that represent a large dataset and improve the accuracy of predictive models. This thesis develops a machine learning approach that can analyze and classify network traffic to determine the level and degree of secure practices within specific network identifiers. We propose a novel continuous learning methodology in which a clustering technique was utilized to identify labels to a previously unlabeled dataset. A neural network algorithm was then trained on the labeled flows and tested on an unknown dataset to determine the network security classification. This previously unknown dataset was then used to retrain the neural network, thus continuously expanding the database of feature sets for training in order to increase the security classification accuracy. By implementing the proposed methodology on a widely known dataset, we achieved an increase in security classification performance as compared to traditional classification techniques.
Type
Thesis
Description
Series/Report No
Department
Electrical and Computer Engineering (ECE)
Organization
Identifiers
NPS Report Number
Sponsors
Funder
Format
Citation
Distribution Statement
Approved for public release. Distribution is unlimited.
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.
Collections