A MACHINE LEARNING APPROACH TO NETWORK SECURITY CLASSIFICATION USING NETFLOW DATA
Watkins, John R.
McEachen, John C.
MetadataShow full item record
All computer network traffic can be associated with a specific signature based on a feature set within its metadata. There has been a significant effort in preprocessing data for machine learning for the purposes of transforming raw data into features that represent a large dataset and improve the accuracy of predictive models. This thesis develops a machine learning approach that can analyze and classify network traffic to determine the level and degree of secure practices within specific network identifiers. We propose a novel continuous learning methodology in which a clustering technique was utilized to identify labels to a previously unlabeled dataset. A neural network algorithm was then trained on the labeled flows and tested on an unknown dataset to determine the network security classification. This previously unknown dataset was then used to retrain the neural network, thus continuously expanding the database of feature sets for training in order to increase the security classification accuracy. By implementing the proposed methodology on a widely known dataset, we achieved an increase in security classification performance as compared to traditional classification techniques.
RightsThis publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.
Showing items related by title, author, creator and subject.
Ellison, Bart D. (Monterey, CA; Naval Postgraduate School, 2021-03);Research has shown that machine learning holds promise as a technique to improve the identification and classification of signals of interest. This study proposes the use of machine learning, specifically generative ...
Major, William F. Jr. (Monterey, California. Naval Postgraduate School, 2012-09);This thesis considers the best use of network traffic data to increase cyber security. This operational problem is one of great concern to network administrators and users generally. Our specific task was performed for the ...
Nearest neighbor classification using a density sensitive distance measurement [electronic resource] Burkholder, Joshua Jeremy (Monterey, California. Naval Postgraduate School, 2009-09);This work proposes a density sensitive distance measurement that takes into account the density of an underlying dataset to better represent the shape of the data when measuring distance. Kernel density estimation, using ...