MULTI-DIMENSIONAL PROFILING OF CYBER THREATS FOR LARGE-SCALE NETWORKS

Download
Author
Calnan, Michael C.
Date
2022-09Advisor
Singh, Gurminder
Barton, Armon C.
Metadata
Show full item recordAbstract
Current multi-domain command and control computer networks require significant oversight to ensure acceptable levels of security. Firewalls are the proactive security management tool at the network’s edge to determine malicious and benign traffic classes. This work aims to develop machine learning algorithms through deep learning and semi-supervised clustering, to enable the profiling of potential threats through network traffic analysis within large-scale networks. This research accomplishes these objectives by analyzing enterprise network data at the packet level using deep learning to classify traffic patterns. In addition, this work examines the efficacy of several machine learning model types and multiple imbalanced data handling techniques. This work also incorporates packet streams for identifying and classifying user behaviors. Tests of the packet classification models demonstrated that deep learning is sensitive to malicious traffic but underperforms in identifying allowed traffic compared to traditional algorithms. However, imbalanced data handling techniques provide performance benefits to some deep learning models. Conversely, semi-supervised clustering accurately identified and classified multiple user behaviors. These models provide an automated tool to learn and predict future traffic patterns. Applying these techniques within large-scale networks detect abnormalities faster and gives network operators greater awareness of user traffic.
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.Related items
Showing items related by title, author, creator and subject.
-
LEVERAGING MACHINE-LEARNING TO ENHANCE NETWORK SECURITY
Salazar, Daniel (Monterey, CA; Naval Postgraduate School, 2018-06);This research examines the use of machine-learning techniques to identify malicious traffic in an emulated tactical computer network. The intent is to identify low-cost solutions based on open-source software capable of ... -
Machine Learning Techniques for Identifying Anomalous Network Traffic
Garza, Victor R.; Wood, Brian P.; Monaco, John V.; Blockmon, Ray; Males, Nathaniel; Niemann, Natasha; Ross, John (Monterey, California. Naval Postgraduate School, 2020-10-14); NRP-20-N033ACyber investigations often involve analysis of large volumes of log files, including network flow data. Machine learning (ML) techniques allow analysts and examiners to more quickly identify traffic flows relevant to the ... -
Auto-learning of SMTP TCP Transport-Layer Features for Spam and Abusive Message Detection
Kakavelakis, Georgios; Beverly, Robert; Young, Joel (2011);Botnets are a significant source of abusive messaging (spam, phishing, etc) and other types of malicious traffic. A promising approach to help mitigate botnet-generated traffic is signal analysis of transport-layer (\ie ...