On Designing Machine Learning Models for Malicious Network Traffic Classification

07/10/2019
by   Talha Ongun, et al.
0

Machine learning (ML) started to become widely deployed in cyber security settings for shortening the detection cycle of cyber attacks. To date, most ML-based systems are either proprietary or make specific choices of feature representations and machine learning models. The success of these techniques is difficult to assess as public benchmark datasets are currently unavailable. In this paper, we provide concrete guidelines and recommendations for using supervised ML in cyber security. As a case study, we consider the problem of botnet detection from network traffic data. Among our findings we highlight that: (1) feature representations should take into consideration attack characteristics; (2) ensemble models are well-suited to handle class imbalance; (3) the granularity of ground truth plays an important role in the success of these methods.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
02/18/2023

OMINACS: Online ML-Based IoT Network Attack Detection and Classification System

Several Machine Learning (ML) methodologies have been proposed to improv...
research
09/03/2021

Predicting Process Name from Network Data

The ability to identify applications based on the network data they gene...
research
07/21/2021

Audit, Don't Explain – Recommendations Based on a Socio-Technical Understanding of ML-Based Systems

In this position paper, I provide a socio-technical perspective on machi...
research
11/05/2018

Security for Machine Learning-based Systems: Attacks and Challenges during Training and Inference

The exponential increase in dependencies between the cyber and physical ...
research
02/21/2022

Improving Radioactive Material Localization by Leveraging Cyber-Security Model Optimizations

One of the principal uses of physical-space sensors in public safety app...
research
03/06/2021

Utilising Flow Aggregation to Classify Benign Imitating Attacks

Cyber-attacks continue to grow, both in terms of volume and sophisticati...
research
08/29/2022

Lateral Movement Detection Using User Behavioral Analysis

Lateral Movement refers to methods by which threat actors gain initial a...

Please sign up or login with your details

Forgot password? Click here to reset