Data Driven Network Monitoring and Intrusion Detection using Machine Learning

With the widespread use of the Internet, cybersecurity is a significant challenge faced by the world. Because of the tremendous amount of internet traffic and increased network complexity, it becomes overwhelming for network analysts to manually monitor the traffic flows and to identify intrusions in large networks. In order to adequately and effectively analyze network traffic for intrusions, multiple machine learning based intrusion detection models were proposed to detect intruders using packet traces captured in the network. It was shown that with proper training, the machine learning models could identify malicious packets accurately. In addition, data pre-processing has been performed to mitigate the problem of unbalanced datasets. Experiments show improved performance as expected. Furthermore, a multi-class classifier was built to classify not only malicious or benign traffic but also to extend labels upon the malicious data. This insures the multiclass classifiers could classify each malicious packet as a specific type of attack such as DDOS, BOTNET, and more.