Multi-level Gaussian mixture modeling for detection of malicious network traffic
- PDF / 2,450,078 Bytes
- 21 Pages / 439.37 x 666.142 pts Page_size
- 15 Downloads / 178 Views
Multi‑level Gaussian mixture modeling for detection of malicious network traffic Radhika Chapaneri1 · Seema Shah1 Accepted: 1 October 2020 © Springer Science+Business Media, LLC, part of Springer Nature 2020
Abstract Along with the growing network connectivity across the world, there is a substantial increase in malicious network traffic to exploit the vulnerabilities, thus hampering several organizations and end-users. Though signature-based and classificationbased machine learning approaches can detect malicious network traffic, they cannot reliably detect unknown attacks. Several issues are yet unsolved using the existing approaches such as imbalanced training data, high false alarm rate, and lack of detection of unknown attacks. To address these issues, in this work, we propose a novel multi-level classification method that can accurately classify the network traffic into several classes and identify the novel attacks. The unsupervised Gaussian mixture modeling approach is used to learn the statistical characteristics of each traffic category, and an adaptive thresholding technique based on the interquartile range is used to identify any outlier. The proposed work is evaluated on the benchmark CICIDS2017 dataset that includes modern network traffic patterns. The results show a significant improvement relative to the state-of-the-art techniques for detecting unknown attacks and classifying multiple network traffic attacks. Keywords Anomaly detection · Gaussian mixture model · Malicious network traffic · Multi-level classification
1 Introduction The Internet’s growth has increased drastically for performing various professional and personal tasks such as online shopping and banking. Moreover, the growth of modern devices is also an essential factor in the rise of Internet usage. However, along with this, there is also a significant surge of malicious users, and various * Radhika Chapaneri [email protected] Seema Shah [email protected] 1
Department of Computer Engineering, MPSTME, NMIMS University, Mumbai, India
13
Vol.:(0123456789)
R. Chapaneri, S. Shah
malicious attempts are made by exploiting vulnerabilities against individuals or organizations for stealing personal data, valuable information, or disrupting computational resources. The cyberattacks are increasing in complexity as well as the volume of attacks due to evolving technologies. As per the McAfee threat report [1], the top attack vectors in 2018–19 were malware, account hijacking, denial of service, and the most targeted sectors were individuals, healthcare, and finance. The traditional job of security administrator monitoring the network data is becoming obsolete due to the use of automated tools via machine learning in determining malicious threat patterns in terabytes of data. Signature and anomaly-based approaches are the two most widely used approaches for malicious network traffic activity detection. The signature-based approach uses file hashes and custom written rules known as signatures to detect attacks; however,
Data Loading...
