A Learning System for Discriminating Variants of Malicious Network Traffic

Beaver, Justin M; Symons, Christopher T; Gillen, Rob

Title: A Learning System for Discriminating Variants of Malicious Network Traffic

Conference · Tue Jan 01 00:00:00 EST 2013

OSTI ID:1063145

Beaver, Justin M ^[1]; Symons, Christopher T ^[1]; Gillen, Rob ^[1]

ORNL

Modern computer network defense systems rely primarily on signature-based intrusion detection tools, which generate alerts when patterns that are pre-determined to be malicious are encountered in network data streams. Signatures are created reactively, and only after in-depth manual analysis of a network intrusion. There is little ability for signature-based detectors to identify intrusions that are new or even variants of an existing attack, and little ability to adapt the detectors to the patterns unique to a network environment. Due to these limitations, the need exists for network intrusion detection techniques that can more comprehensively address both known unknown networkbased attacks and can be optimized for the target environment. This work describes a system that leverages machine learning to provide a network intrusion detection capability that analyzes behaviors in channels of communication between individual computers. Using examples of malicious and non-malicious traffic in the target environment, the system can be trained to discriminate between traffic types. The machine learning provides insight that would be difficult for a human to explicitly code as a signature because it evaluates many interdependent metrics simultaneously. With this approach, zero day detection is possible by focusing on similarity to known traffic types rather than mining for specific bit patterns or conditions. This also reduces the burden on organizations to account for all possible attack variant combinations through signatures. The approach is presented along with results from a third-party evaluation of its performance.

OSTI does not have a digital full text copy available. For more information, please see document availability, search WorldCat, or search Google Scholar.

Cite

Export

Save

Research Organization:: Oak Ridge National Lab. (ORNL), Oak Ridge, TN (United States)

Sponsoring Organization:: Work for Others (WFO)

DOE Contract Number:: DE-AC05-00OR22725

OSTI ID:: 1063145

Resource Relation:: Conference: 8th Annual Cyber Security and Information Intelligence Research Workshop, Oak Ridge, TN, USA, 20121030, 20121101

Country of Publication:: United States

Language:: English

Similar Records

An Evaluation of Machine Learning Methods to Detect Malicious SCADA Communications

Conference · Tue Jan 01 00:00:00 EST 2013 · OSTI ID:1063145

Beaver, Justin M; Borges, Raymond Charles; Buckner, Mark A

Profile-based adaptive anomaly detection for network security.

Technical Report · Tue Nov 01 00:00:00 EST 2005 · OSTI ID:1063145

Zhang, Pengchu C; Durgin, Nancy Ann

Data Ingestion, Analysis, and Situational Awareness Tool

Technical Report · Mon Apr 15 00:00:00 EDT 2019 · OSTI ID:1063145

Milovanov, Alexander

Related Subjects

Intrusion Detection
Machine Learning
Computer Network Defense

Title: A Learning System for Discriminating Variants of Malicious Network Traffic

Citation Formats

Similar Records

Related Subjects