Network threat detection using machine learning — Part 1
Intro
Network security is one of the major concerns for protecting networks from unwanted activities. With the growth of the internet, security threats also developed. Nowadays network intrusions are very common and traditional network security practices were not enough to protect networks from these new threats efficiently. Machine learning and Data Science also developed to a great extent in the meantime. Machine learning is an emerging technology and it’s becoming so popular among people. Machine learning took over most of the industries automation applications. Various research has been done on this topic and there are multiple models which they have suggested.
What to consider?
First, we must consider the performance of machine learning which we are building for attack detections because attacks could be very fast, and we need to identify threats very quickly. Then the accuracy of the model also must be high to detect threats. There is other various thing to consider when building a model. Those things will be applied to this one as well.
Approach
How to detect security threats using machine learning? This is the first question we are getting when we think about this topic. Attacks could be recognized as attempts to bypass the security policies of the system. The most common attacks for cyber systems are flooding, distributed denial of service (DDoS), abnormal packet attacks and spoofing.
Simply we can use classification to solve this problem.
Machine learning has two parts,
- Supervised Learning
- Classification
- Regression
2. Unsupervised Learning
- Clustering
In this method, we can use the network traffic as the input. And we have to extract the features from the data. We can use famous data set like KDDcup 99 to train our machine learning model. Using this method, we can identify the anomalies of the network traffic and classify whether it’s a network threat or not.
Deep Learning Methods
Current deep learning methods for attack detection are,
Unsupervised Methods
- autoencoder (AE)
- deep belief network (DBN)
- generative adversarial network (GAN)
Supervised Methods
- deep neural network (DNN)
- convolutional neural network (CNN)
- recurrent neural network (RNN)
Adopting different kinds of deep learning algorithms could bring variant advantages for attack detection methods. Supervised learning-based methods often result in high accuracy, due to the quantity of information provided by manually labelled samples.
Without sufficient knowledge from labelled data, unsupervised learning-based methods are generally low in performance.
These methods are way more complex and efficient than the method I proposed earlier. Part 2 is about Deep learning methods which we can use for network threat detection.
