Model
Digital Document
Publisher
Florida Atlantic University
Description
The Internet and computer networks have become an important part of our
organizations and everyday life. With the increase in our dependence on computers
and communication networks, malicious activities have become increasingly prevalent.
Network attacks are an important problem in today’s communication environments.
The network traffic must be monitored and analyzed to detect malicious activities
and attacks to ensure reliable functionality of the networks and security of users’
information. Recently, machine learning techniques have been applied toward the
detection of network attacks. Machine learning models are able to extract similarities
and patterns in the network traffic. Unlike signature based methods, there is no need
for manual analyses to extract attack patterns. Applying machine learning algorithms
can automatically build predictive models for the detection of network attacks.
This dissertation reports an empirical analysis of the usage of machine learning
methods for the detection of network attacks. For this purpose, we study the detection
of three common attacks in computer networks: SSH brute force, Man In The Middle
(MITM) and application layer Distributed Denial of Service (DDoS) attacks. Using
outdated and non-representative benchmark data, such as the DARPA dataset, in the intrusion detection domain, has caused a practical gap between building detection
models and their actual deployment in a real computer network. To alleviate this
limitation, we collect representative network data from a real production network for
each attack type. Our analysis of each attack includes a detailed study of the usage
of machine learning methods for its detection. This includes the motivation behind
the proposed machine learning based detection approach, the data collection process,
feature engineering, building predictive models and evaluating their performance.
We also investigate the application of feature selection in building detection models
for network attacks. Overall, this dissertation presents a thorough analysis on how
machine learning techniques can be used to detect network attacks. We not only study
a broad range of network attacks, but also study the application of different machine
learning methods including classification, anomaly detection and feature selection for
their detection at the host level and the network level.
organizations and everyday life. With the increase in our dependence on computers
and communication networks, malicious activities have become increasingly prevalent.
Network attacks are an important problem in today’s communication environments.
The network traffic must be monitored and analyzed to detect malicious activities
and attacks to ensure reliable functionality of the networks and security of users’
information. Recently, machine learning techniques have been applied toward the
detection of network attacks. Machine learning models are able to extract similarities
and patterns in the network traffic. Unlike signature based methods, there is no need
for manual analyses to extract attack patterns. Applying machine learning algorithms
can automatically build predictive models for the detection of network attacks.
This dissertation reports an empirical analysis of the usage of machine learning
methods for the detection of network attacks. For this purpose, we study the detection
of three common attacks in computer networks: SSH brute force, Man In The Middle
(MITM) and application layer Distributed Denial of Service (DDoS) attacks. Using
outdated and non-representative benchmark data, such as the DARPA dataset, in the intrusion detection domain, has caused a practical gap between building detection
models and their actual deployment in a real computer network. To alleviate this
limitation, we collect representative network data from a real production network for
each attack type. Our analysis of each attack includes a detailed study of the usage
of machine learning methods for its detection. This includes the motivation behind
the proposed machine learning based detection approach, the data collection process,
feature engineering, building predictive models and evaluating their performance.
We also investigate the application of feature selection in building detection models
for network attacks. Overall, this dissertation presents a thorough analysis on how
machine learning techniques can be used to detect network attacks. We not only study
a broad range of network attacks, but also study the application of different machine
learning methods including classification, anomaly detection and feature selection for
their detection at the host level and the network level.
Member of