Early detection of network intrusion attempts is one of the main pillars of cybersecurity. An effective approach in this regard consists in analyzing network traffic with the help of artificial intelligence algorithms, with the aim of detecting the possible presence of an attacker by distinguishing it from a legitimate user. This is commonly done by collecting the traffic exchanged between terminals in a network and analyzing it on a per-packet or per-connection basis. In this paper, we propose instead to perform pre-processing of network traffic under analysis with the aim of extracting some new metrics, on which we can perform detection more efficiently and overcome some limitations of classical approaches. These new metrics are based on graph theory, and consider the network as a whole, rather than focusing on individual packets or connections. Our approach is validated through experiments performed on publicly available data sets, from which it turns out not only to overcome some of the limitations of classical approaches, but also achieve an improved detection capability of intrusion attempts.
Using Graph Theory for Improving Machine Learning-based Detection of Cyber Attacks / Zonneveld, Giacomo; Principi, Lorenzo; Baldi, Marco. - (2024), pp. 191-196. (Intervento presentato al convegno 25th IEEE International Conference on High Performance Switching and Routing (HPSR 2024) tenutosi a Pisa, Italy nel 22-24 July 2024) [10.1109/hpsr62440.2024.10635996].
Using Graph Theory for Improving Machine Learning-based Detection of Cyber Attacks
Zonneveld, Giacomo
;Principi, Lorenzo
;Baldi, Marco
2024-01-01
Abstract
Early detection of network intrusion attempts is one of the main pillars of cybersecurity. An effective approach in this regard consists in analyzing network traffic with the help of artificial intelligence algorithms, with the aim of detecting the possible presence of an attacker by distinguishing it from a legitimate user. This is commonly done by collecting the traffic exchanged between terminals in a network and analyzing it on a per-packet or per-connection basis. In this paper, we propose instead to perform pre-processing of network traffic under analysis with the aim of extracting some new metrics, on which we can perform detection more efficiently and overcome some limitations of classical approaches. These new metrics are based on graph theory, and consider the network as a whole, rather than focusing on individual packets or connections. Our approach is validated through experiments performed on publicly available data sets, from which it turns out not only to overcome some of the limitations of classical approaches, but also achieve an improved detection capability of intrusion attempts.| File | Dimensione | Formato | |
|---|---|---|---|
|
Zonneveld_Using-Graph-Theory-for-Improving_Machine_2024.pdf
Solo gestori archivio
Tipologia:
Versione editoriale (versione pubblicata con il layout dell'editore)
Licenza d'uso:
Tutti i diritti riservati
Dimensione
470.04 kB
Formato
Adobe PDF
|
470.04 kB | Adobe PDF | Visualizza/Apri Richiedi una copia |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
