Cybersecurity attacks are growing both in frequency and sophistication over the years. This increasing sophistication and complexity call for more advancement and continuous innovation in defensive strategies. Traditional methods of intrusion detection and deep packet inspection, while still largely used and recommended, are no longer sufficient to meet the demands of growing security threats. As computing power increases and cost drops, Machine Learning is seen as an alternative method or an additional mechanism to defend against malwares, botnets, and other attacks. This paper explores Machine Learning as a viable solution by examining its capabilities to classify malicious traffic in a network.
First, a strong data analysis is performed resulting in 22 extracted features from the initial Netflow datasets. All these features are then compared with one another through a feature selection process. Then, our approach analyzes five different machine learning algorithms against NetFlow dataset containing common botnets. The Random Forest Classifier succeeds in detecting more than 95% of the botnets in 8 out of 13 scenarios and more than 55% in the most difficult datasets. Finally, insight is given to improve and generalize the results, especially through a bootstrapping technique.
“The possible improvement of the work presented here would be to try to modify the extracted features with different widths and strides for the time window and explore more hyperparameters for the difficult scenarios. Another idea would be to try to train and test several scenarios at the same time. Finally, unsupervised learning can be tested to detect the behaviour of botnets without using the labels of the data. [heading=bibintoc]”. Source; https://arxiv.org/pdf/2001.06309v1.pdf
The experiments show that Random Forest can detect more than 95% of botnets for 8 out of 13 scenarios. Moreover, the accuracy on the 5 most difficult scenarios can be increased thanks to a bootstrap method. For more details, see the report.
To read the full report:
- arXiv: https://arxiv.org/abs/2001.06309
- PDF: https://arxiv.org/pdf/2001.06309v1.pdf
- Github: https://github.com/antoinedelplace/Cyberattack-Detection
To cite (reference): A. Delplace, S. Hermoso and K. Anandita. “Cyber Attack Detection thanks to Machine Learning Algorithms”, Advanced Security Report at the University of Queensland, May 2019. arXiv:2001.06309