Suggestions in Courses

See all course results

Suggestions in News

  • No suggestions found.

Suggestions in Events

See all events results
London Met Website

Threat intelligence using machine learning packet dissection

Lists
Tools

Sowinski-Mydlarz, Viktor, Li, Jun, Ouazzane, Karim and Vassilev, Vassil (2021) Threat intelligence using machine learning packet dissection. In: 20th International Conference on Security & Management (SAM'21), 26 - 29 July 2021, Las Vegas, USA. (In Press)

Abstract

In this research we compare different methods to examine network packets using supervised learning to predict possible intrusions. Although there have been many attempts to use Machine Learning for automated packet analysis, our application simplifies the process by taking any packet data source for analysis in a container ready for deploying on a private or public cloud without the need to pre-process the packet data. The packet is dissected extracting numerical data, describing the packet numbers, the time and length of the packets. Categorical variables are the source and destination IP addresses, protocol used and packet info/flag. The use of filters allows to recognize any type of packet.

Four machine learning models, i.e., Neural Networks, Support Vector Machines, Logistic Regression and Linear Regression, are applied respectively to calculate the probability of suspicious packets. Subsequently, the outcomes are compared. In default mode, the suspicious packets and their context of source, destination, length, and protocol are discovered. During the testing against trojan malware, the models can detect the suspicious packets sent to a bogus website and attempts at downloading malware by means of packet payload analysis. The initial Neural Network model shows an accuracy of 85% on testing data, which is further enhanced with the incremental learning cycles to 88% after 20 updates with class weighting. The Support Vector Machine model performs slightly better than the initial Neural Network with an accuracy of 92%, while the Logistic Regression and Linear Regression models perform faster but with a lower accuracy at 70%..

Documents
6653:35104
[img]
Threat Intelligence Using Machine Learning Packet Dissection.docx - Accepted Version

Download (466kB)
Details
Title:
Threat intelligence using machine learning packet dissection
Creators:
Sowinski-Mydlarz, Viktor, Li, Jun, Ouazzane, Karim and Vassilev, Vassil
Date:
13 May 2021
Subjects:
000 Computer science, information & general works
Department:
School of Computing and Digital Media
Uncontrolled Keywords:
threat intelligence; intrusion detection; packet dissection; machine learning; containerization
Record
URI:
https://repository.londonmet.ac.uk/id/eprint/6653
Item Type:
Conference or Workshop Item
Presentation Type:
Paper
Depositing User:
Vassil Vassilev
Date Deposited:
14 May 2021 14:45
Revision:
14
Last Modified:
11 Nov 2022 09:32
Statistics

Downloads

Downloads per month over past year



Downloads each year

View Item View Item
CORE (COnnecting REpositories)