Categorizing Network Attacks Using Pattern Classification Algorithms

The United States Air Force relies heavily on computer networks for many day-to-day activities. Many of these networks are affected by various types of attacks that can be launched from anywhere on the globe. The rising prominence of organizations such as the AFCERT and the MAJCOM NOSCs is evidence of an increasing realization among the Air Force leadership that protecting our computer networks is vitally important. A critical requirement for protecting our networks is the ability to detect attacks and intrusion attempts. This research is an effort to refine a portion of an AFIT-developed intrusion detection system known as the COmputer Defense Immune System (CDIS). CDIS is based on the human immune system and uses antibodies to attempt to detect network intrusion attempts. The antibodies have various attributes of which a subset is randomly activated at generation time. This research attempts to determine which of the antibody attributes are most useful in helping to build successful antibodies

Darknet Traffic Analysis A Systematic Literature Review

The primary objective of an anonymity tool is to protect the anonymity of its users through the implementation of strong encryption and obfuscation techniques. As a result, it becomes very difficult to monitor and identify users activities on these networks. Moreover, such systems have strong defensive mechanisms to protect users against potential risks, including the extraction of traffic characteristics and website fingerprinting. However, the strong anonymity feature also functions as a refuge for those involved in illicit activities who aim to avoid being traced on the network. As a result, a substantial body of research has been undertaken to examine and classify encrypted traffic using machine learning techniques. This paper presents a comprehensive examination of the existing approaches utilized for the categorization of anonymous traffic as well as encrypted network traffic inside the darknet. Also, this paper presents a comprehensive analysis of methods of darknet traffic using machine learning techniques to monitor and identify the traffic attacks inside the darknet.Comment: 35 Pages, 13 Figure

APIC: A method for automated pattern identification and classification

Machine Learning (ML) is a transformative technology at the forefront of many modern research endeavours. The technology is generating a tremendous amount of attention from researchers and practitioners, providing new approaches to solving complex classification and regression tasks. While concepts such as Deep Learning have existed for many years, the computational power for realising the utility of these algorithms in real-world applications has only recently become available. This dissertation investigated the efficacy of a novel, general method for deploying ML in a variety of complex tasks, where best feature selection, data-set labelling, model definition and training processes were determined automatically. Models were developed in an iterative fashion, evaluated using both training and validation data sets. The proposed method was evaluated using three distinct case studies, describing complex classification tasks often requiring significant input from human experts. The results achieved demonstrate that the proposed method compares with, and often outperforms, less general, comparable methods designed specifically for each task. Feature selection, data-set annotation, model design and training processes were optimised by the method, where less complex, comparatively accurate classifiers with lower dependency on computational power and human expert intervention were produced. In chapter 4, the proposed method demonstrated improved efficacy over comparable systems, automatically identifying and classifying complex application protocols traversing IP networks. In chapter 5, the proposed method was able to discriminate between normal and anomalous traffic, maintaining accuracy in excess of 99%, while reducing false alarms to a mere 0.08%. Finally, in chapter 6, the proposed method discovered more optimal classifiers than those implemented by comparable methods, with classification scores rivalling those achieved by state-of-the-art systems. The findings of this research concluded that developing a fully automated, general method, exhibiting efficacy in a wide variety of complex classification tasks with minimal expert intervention, was possible. The method and various artefacts produced in each case study of this dissertation are thus significant contributions to the field of ML

Flow-oriented anomaly-based detection of denial of service attacks with flow-control-assisted mitigation

Flooding-based distributed denial-of-service (DDoS) attacks present a serious and major threat to the targeted enterprises and hosts. Current protection technologies are still largely inadequate in mitigating such attacks, especially if they are large-scale. In this doctoral dissertation, the Computer Network Management and Control System (CNMCS) is proposed and investigated; it consists of the Flow-based Network Intrusion Detection System (FNIDS), the Flow-based Congestion Control (FCC) System, and the Server Bandwidth Management System (SBMS). These components form a composite defense system intended to protect against DDoS flooding attacks. The system as a whole adopts a flow-oriented and anomaly-based approach to the detection of these attacks, as well as a control-theoretic approach to adjust the flow rate of every link to sustain the high priority flow-rates at their desired level. The results showed that the misclassification rates of FNIDS are low, less than 0.1%, for the investigated DDOS attacks, while the fine-grained service differentiation and resource isolation provided within the FCC comprise a novel and powerful built-in protection mechanism that helps mitigate DDoS attacks

Using deep learning to classify community network traffic

Traffic classification is an important aspect of network management. This aspect improves the quality of service, traffic engineering, bandwidth management and internet security. Traffic classification methods continue to evolve due to the ever-changing dynamics of modern computer networks and the traffic they generate. Numerous studies on traffic classification make use of the Machine Learning (ML) and single Deep Learning (DL) models. ML classification models are effective to a certain degree. However, studies have shown they record low prediction and accuracy scores. In contrast, the proliferation of various deep learning techniques has recorded higher accuracy in traffic classification. The Deep Learning models have been successful in identifying encrypted network traffic. Furthermore, DL learns new features without the need to do much feature engineering compared to ML or Traditional methods. Traditional methods are inefficient in meeting the demands of ever-changing requirements of networks and network applications. Traditional methods are unfeasible and costly to maintain as they need constant updates to maintain their accuracy. In this study, we carry out a comparative analysis by adopting an ML model (Support Vector Machine) against the DL Models (Convolutional Neural Networks (CNN), Gated Recurrent Unit (GRU) and a hybrid model: CNNGRU to classify encrypted internet traffic collected from a community network. In this study, we performed a comparative analysis by adopting an ML model (Support vector machine). Machine against DL models (Convolutional Neural networks (CNN), Gated Recurrent Unit (GRU) and a hybrid model: CNNGRU) and to classify encrypted internet traffic that was collected from a community network. The results show that DL models tend to generalise better with the dataset in comparison to ML. Among the deep Learning models, the hybrid model outperformed all the other models in terms of accuracy score. However, the model that had the best accuracy rate was not necessarily the one that took the shortest time when it came to prediction speed considering that it was more complex. Support vector machines outperformed the deep learning models in terms of prediction speed