| Autor: |
Putman, Zachary W. |
| Přispěvatelé: |
Bollmann, Chad A., Dinolt, George W., Electrical and Computer Engineering (ECE) |
| Rok vydání: |
2022 |
| Předmět: |
|
| Popis: |
NetFlow is a network protocol system that is used to represent an overall summary of computer network conversations. A NetFlow record can convert previously captured packet captures or obtain NetFlow session data in real time. This research examines the use of machine-learning techniques to identify anomalies in NetFlow records and classify malware behavior for further investigation. The intent is to identify low-cost solutions leveraging open-source software capable of deployment on computer hardware of currently in-use data networks. This work seeks to determine whether expert selection of features can improve machine-learning detection algorithm performance and evaluate the trade-offs associated with eliminating redundant or excessive numbers of features. We identify the Random Forest algorithm as the strongest single algorithm across three of four metrics, with our chosen NetFlow features cutting the testing and training times in half while incurring minor reductions in two metrics. The experiment demonstrates that the chosen NetFlow features are sufficiently discriminative to detect attacks with a success rate higher than 94%. NCWDG Lieutenant, United States Navy Approved for public release. Distribution is unlimited. |
| Databáze: |
OpenAIRE |
| Externí odkaz: |
|
