Machine Learning Based Detection and Categorization of Anomalous Behavior in Enterprise Network Traffic

摘要

Network anomaly detection is a dynamic research area and numerous methods have been proposed in literatures. In this study, we investigate both detecting and categorizing anomalies on top of detecting network events. Recent advances in machine learning techniques have demonstrated their efficiency in different areas including intrusion detection. In this paper, we first generate a new dataset which covers a good variety of attacks which are up to date such as DOS, Bruteforce, Backdoor & Infiltration, Injection, Cross Site scripting, Phishing and Probe. The dataset is labelled and contains a comprehensive set of around 80 features generated using a publicly available tool called “Flowmeter” which extracts and calculates features from the net-work captured files. Next, we analyze the generated dataset to select the best feature set to detect different attacks as well as evaluate our dataset through the execution of 4 common machine learning algorithms, namely decision tree, Naive Bayesian, Support Vector Machine and Multi-Layer Perceptron. Lastly, we investigate the feasibility of distinguishing between different attacks rather than just detecting anomalous traffic.