Threat intelligence using machine learning packet dissection

Sowinski-Mydlarz, Viktor, Li, Jun, Ouazzane, Karim and Vassilev, Vassil (2021) Threat intelligence using machine learning packet dissection. Transactions on Computational Science and Computational Intelligence. ISSN 2569-7072 (In Press)


In this research we compare different methods to examine network packets using supervised learning to predict possible intrusions. Although there have been many attempts to use Machine Learning for automated packet analysis, our application simplifies the process by taking any packet data source for analysis in a container ready for deploying on a private or public cloud without the need to pre-process the packet data. The packet is dissected extracting numerical data, describing the packet numbers, the time and length of the packets. Categorical variables are the source and destination IP addresses, protocol used and packet info/flag. The use of filters allows ability to recognize any type of packet (e.g., SYN, ACK, FIN, RST). Four machine learning models, i.e., Neural Networks, Support Vector Machines, Logistic Regression and Linear Regression, are applied respectively to calculate the probability of suspicious packets. Subsequently, the outcomes are compared. During the testing against trojan malware, the models can detect the suspicious packets sent to a bogus website and attempts at downloading malware by means of packet payload analysis.

Threat Intelligence Using Machine Learning Packet Dissection v.8.pdf - Accepted Version
Available under License Creative Commons Attribution Non-commercial No Derivatives 4.0.

Download (633kB) | Preview


Downloads per month over past year

Downloads each year

View Item View Item