Utilising Flow Aggregation to Classify Benign Imitating Attacks

03/06/2021
by   Hanan Hindy, et al.
20

Cyber-attacks continue to grow, both in terms of volume and sophistication. This is aided by an increase in available computational power, expanding attack surfaces, and advancements in the human understanding of how to make attacks undetectable. Unsurprisingly, machine learning is utilised to defend against these attacks. In many applications, the choice of features is more important than the choice of model. A range of studies have, with varying degrees of success, attempted to discriminate between benign traffic and well-known cyber-attacks. The features used in these studies are broadly similar and have demonstrated their effectiveness in situations where cyber-attacks do not imitate benign behaviour. To overcome this barrier, in this manuscript, we introduce new features based on a higher level of abstraction of network traffic. Specifically, we perform flow aggregation by grouping flows with similarities. This additional level of feature abstraction benefits from cumulative information, thus qualifying the models to classify cyber-attacks that mimic benign traffic. The performance of the new features is evaluated using the benchmark CICIDS2017 dataset, and the results demonstrate their validity and effectiveness. This novel proposal will improve the detection accuracy of cyber-attacks and also build towards a new direction of feature extraction for complex ones.

READ FULL TEXT
POST COMMENT

Comments

There are no comments yet.

Authors

page 18

08/15/2018

Anomaly Detection in Cyber Network Data Using a Cyber Language Approach

As the amount of cyber data continues to grow, cyber network defenders a...
04/01/2020

Phishing Attacks: Detection And Prevention

This paper aims to provide an understanding of what a phishing attack is...
01/05/2021

Analyzing Cyber-Attack Intention for Digital Forensics Using Case-Based Reasoning

Cyber-attacks are increasing and varying dramatically day by day. It has...
02/20/2020

NAttack! Adversarial Attacks to bypass a GAN based classifier trained to detect Network intrusion

With the recent developments in artificial intelligence and machine lear...
11/09/2018

Audio Spectrogram Factorization for Classification of Telephony Signals below the Auditory Threshold

Traffic Pumping attacks are a form of high-volume SPAM that target telep...
07/10/2019

On Designing Machine Learning Models for Malicious Network Traffic Classification

Machine learning (ML) started to become widely deployed in cyber securit...
01/20/2020

On the Feasibility of Acoustic Attacks Using Commodity Smart Devices

Sound at frequencies above (ultrasonic) or below (infrasonic) the range ...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.