Unsupervised Monitoring of Networkand Service Behaviour Using SelfOrganizing Maps

Duc C. Le, A. Nur Zincir-Heywood, Malcolm I. Heywood, Faculty of Computer Science, Dalhousie University, Halifax, NS, Canada, Faculty of Computer Science, Dalhousie University, Halifax, NS, Canada, Faculty of Computer Science, Dalhousie University, Halifax, NS, Canada
2018 Journal of Cyber Security and Mobility  
Botnets represent one of the most destructive cybersecurity threats. Given the evolution of the structures and protocols botnets use, many machine learning approaches have been proposed for botnet analysis and detection. In the literature, intrusion and anomaly detection systems based on unsupervised learning techniques showed promising performances. This paper investigates the capability of the Self Organizing Map (SOM), an unsupervised learning technique as a data analytics system. In doing
more » ... system. In doing so, the aim is to understand how far such an approach could be pushed to analyze the network traffic, and to detect malicious behaviours in the wild. To this end, three different unsupervised SOM training scenarios for different data acquisition conditions are designed, implemented and evaluated. The approach is evaluated on publicly available network traffic (flows) and web server access (web requests) datasets. The results show that the approach has a high potential as a data analytics tool on unknown traffic/web service requests, and unseen attack behaviours. Malicious behaviours both on network and service datasets used
doi:10.13052/jcsm2245-1439.812 fatcat:jvutnccf75fb5ls6osvsmn7jb4