Generalized Insider Attack Detection Implementation using NetFlow Data

by   Yash Samtani, et al.

Insider Attack Detection in commercial networks is a critical problem that does not have any good solutions at this current time. The problem is challenging due to the lack of visibility into live networks and a lack of a standard feature set to distinguish between different attacks. In this paper, we study an approach centered on using network data to identify attacks. Our work builds on unsupervised machine learning techniques such as One-Class SVM and bi-clustering as weak indicators of insider network attacks. We combine these techniques to limit the number of false positives to an acceptable level required for real-world deployments by using One-Class SVM to check for anomalies detected by the proposed Bi-clustering algorithm. We present a prototype implementation in Python and associated results for two different real-world representative data sets. We show that our approach is a promising tool for insider attack detection in realistic settings.


page 1

page 2

page 3

page 4


Exploiting SNMP-MIB Data to Detect Network Anomalies using Machine Learning Techniques

The exponential increase in the number of malicious threats on computer ...

Bidirectional RNN-based Few-shot Training for Detecting Multi-stage Attack

"Feint Attack", as a new type of APT attack, has become the focus of att...

Dissemination Control in Dynamic Data Clustering For Dense IIoT Against False Data Injection Attack

The IoT has made possible the development of increasingly driven service...

SynGAN: Towards Generating Synthetic Network Attacks using GANs

The rapid digital transformation without security considerations has res...

Fusion of ANN and SVM Classifiers for Network Attack Detection

With the progressive increase of network application and electronic devi...

Towards Reconstructing Multi-Step Cyber Attacks in Modern Cloud Environments with Tripwires

Rapidly-changing cloud environments that consist of heavily interconnect...

Towards Secrecy-Aware Attacks Against Trust Prediction in Signed Graphs

Signed graphs are widely used to model the trust relationships among use...