Comparison of Supervised and Unsupervised Learning for Detecting Anomalies in Network Traffic

Adversaries are always probing for vulnerable spots on the Internet so they can attack their target. By examining traffic at the firewall, we can look for anomalies that may represent these probes. To help select the right techniques we conduct comparisons of supervised and unsupervised machine learning on network flows to find sets of outliers flagged as potential threats. We apply Functional PCA and K-Means together versus Multilayer Perceptron on a real-world dataset of traffic prior to an NTP DDoS attack in January 2014; scanning activity was heightened during this pre-attack period. We partition data to evaluate detection powers of each technique and show that FPCA+Kmeans outperforms MLP. We also present a new variation of the circle plot for visualization of resulting outliers which we suggest excels at displaying multidimensional attributes of an individual IP\u27s behavior over time. In small multiples, circle plots show a gestalt overview of traffic

Detection of anomalies in network traffic using compression methods

Cílem bakalářské práce je návrh a praktická ukázka funkčnosti vybraných kompresních metod. V následujících kapitolách budou probrány útoky na koncová zařízení a zmíněna některá opatření. Na ukázku budou zpracovány dvě metody pomocí vývojového prostředí. Při útocích se bude zjišťovat anomálie v síti a následně se provede na jedné z metod ukázka komprese dat. Data budou zachytávaná v běžném provozu na koncové stanici a následně při útoku.The objective of the thesis is to design a practical demonstration of the functionality of selected compression methods. The following chapters will discuss the attacks on terminals and mentioned some measures. The show will be processed using two methods development environment. The attacks will detect anomalies in the network and subsequently carried out at one of the sample data compression methods. Data will be collected as normal operation at the terminal station, and then in the attack.

Detecting Advanced Network Threats Using a Similarity Search

In this paper, we propose a novel approach for the detection of advanced network threats. We combine knowledge-based detections with similarity search techniques commonly utilized for automated image annotation. This unique combination could provide effective detection of common network anomalies together with their unknown variants. In addition, it offers a similar approach to network data analysis as a security analyst does. Our research is focused on understanding the similarity of anomalies in network traffic and their representation within complex behaviour patterns. This will lead to a proposal of a system for the realtime analysis of network data based on similarity. This goal should be achieved within a period of three years as a part of a PhD thesis

Intelligent Intrusion Detection System Using Genetic Algorithm

Intrusion detection is an essential and important technique in research field. One of the main challengesin the security system of large-scale high-speed networks is the detection of suspicious anomalies in network traffic patterns due to different kinds of network attack. We give attacks normally identified by intrusion detection systems. Differentiation can be done in existing intrusion detection methods and systems based on the underlying computational methods used. Intrusion detection methods started appearing in the last few years. In this paper we propose an Intrusion detection method using Genetic Algorithm (GA). In this research contribution of each of above mentioned techniques will be systematically summarized and compared that will allows us to clearly define existing research challenges, and to highlight promising new research directions

Malware Detection Techniques based on Machine Learning

Artificial intelligence and machine learning have become crucial tools in the fight against cyber attacks. With the constant evolution of technology, traditional methods of protecting networks are no longer enough. This is where AI and machine learning come into play, by analyzing vast amounts of data and detecting patterns or anomalies that might indicate a potential threat. This paper aims at understanding and analyzing the implementation of Artificial Intelligence (AI) and Machine Learning (ML) systems in enhancing cyber security. By detecting patterns and anomalies in network traffic, AI algorithms can quickly identify potential threats and reduce response time, far surpassing human capabilities. This not only saves valuable time and resources for organizations but also improves overall protection against cyber-attacks. As technology continues to advance, it is crucial that we leverage AI for cybersecurity to stay ahead in the fight against malicious actors. With proper utilization of AI and ML technologies, we can ensure a safer digital future for all users.