Network traffic analysis and intrusion defense mechanisms based on machine learning

Abstract

Network security has been receiving considerable attention in recent years. The rapid emergence of network technology has spawned various activities, such as online banking, online shopping, and financial businesses, which rely on important transactions over the Internet. This trend has been accelerated by the advent of ubiquitous computing and cloud computing. However, network intrusions are also increasing with the growth in Internet applications because the Internet was originally designed for openness. Accordingly, intruders can steal confidential information, disrupt online services and destroy systems. Such intrusions cause a loss of trust and productivity as well as extensive financial damages to a wide cross section of organizations, such as governments, universities, and commercial firms. Furthermore, attacking network resources has become a weapon of terrorism and cyberwarfare. Network security is therefore an urgent problem today.

The first line of defense for network security involves several conventional techniques, such as encryption, authentication, and firewalls. Encryption and authentication techniques make network resources more secure by limiting the granting of keys to authorized uses. Firewalls mitigate malicious behavior by filtering all packets except those of authorized services. However, the limitations of these techniques render them inadequate against network intrusions that exploit simple countermeasures. Moreover, today`s network intruders are becoming more devious and sophisticated: they generate variants and continually search for new vulnerabilities. Current network systems therefore need more effective network defense methods that can analyze malicious behavior, issue warnings before an attack, and make appropriate counter-responses.

This study focuses on network traffic analysis as a means of developing network defense methods. The task is challenging because network traffic generates bulk data and the data pa...