Network Intrusion Detection in the Wild - the Orange use case in the SIMARGL project

Autor: Mikołaj Komisarek, Marek Pawlicki, Mikołaj Kowalski, Adrian Marzecki, Michał Choraś, Rafał Kozik
Jazyk: angličtina
Předmět:
Zdroj: The 16th International Conference on Availability, Reliability and Security
ARES
DOI: 10.1145/3465481.3470091
Popis: There is a profuse abundance of network security incidents around the world every day. Increasingly, services and data stored on servers fall victim to sophisticated techniques that cause all sorts of damage. Hackers invent new ways to bypass security measures and modify the existing viruses in order to deceive defense systems. Therefore, in response to these illegal procedures, new ways to defend against them are being developed. In this paper, a method for anomaly detection based on machine learning technique is presented and a near real-time processing system architecture is proposed. The main contribution is a test-run of ML algorithms on real-world data coming from a world-class telecom operator. This work investigates the effectiveness of detecting malicious behaviour in network packets using several machine learning techniques. The results achieved are expressed with a set of metrics. For better clarity on the classifier performance, 10-fold cross-validation was used.
Databáze: OpenAIRE