Login | Register

Scalable and Efficient Network Anomaly Detection on Connection Data Streams

Title:

Scalable and Efficient Network Anomaly Detection on Connection Data Streams

Chohra, Aniss (2019) Scalable and Efficient Network Anomaly Detection on Connection Data Streams. Masters thesis, Concordia University.

[thumbnail of Chohra_MASc_F2019.pdf]
Preview
Text (application/pdf)
Chohra_MASc_F2019.pdf - Accepted Version
Available under License Spectrum Terms of Access.
1MB

Abstract

Everyday, security experts and analysts must deal with and face the huge increase of cyber security threats that are propagating very fast on the Internet and threatening the security of hundreds of millions of users worldwide. The detection of such threats and attacks is of paramount importance to these experts in order to prevent these threats and mitigate their effects in the future. Thus, the need for security solutions that can prevent, detect, and mitigate such threats is imminent and must be addressed with scalable and efficient solutions. To this end, we propose a scalable framework, called Daedalus, to analyze streams of NIDS (network-based intrusion detection system) logs in near real-time and to extract useful threat security intelligence. The proposed system pre-processes massive amounts of connections stream logs received from different participating organizations and applies an elaborated anomaly detection technique in order to distinguish between normal and abnormal or anomalous network behaviors. As such, Daedalus detects network traffic anomalies by extracting a set of significant pre-defined features from the connection logs and then applying a time series-based technique in order to detect abnormal behavior in near real-time. Moreover, we correlate IP blocks extracted from the logs with some external security signature-based feeds that detect factual malicious activities (e.g., malware families and hashes, ransomware distribution, and command and control centers) in order to validate the proposed approach. Performed experiments demonstrate that Daedalus accurately identifies the malicious activities with an average F_1 score of 92.88\%. We further compare our proposed approach with existing K-Means and deep learning (LSTMs) approaches and demonstrate the accuracy and efficiency of our system.

Divisions:Concordia University > Gina Cody School of Engineering and Computer Science > Concordia Institute for Information Systems Engineering
Item Type:Thesis (Masters)
Authors:Chohra, Aniss
Institution:Concordia University
Degree Name:M.A. Sc.
Program:Information Systems Security
Date:23 May 2019
Thesis Supervisor(s):Debbabi, Mourad
ID Code:985445
Deposited By: Aniss Chohra
Deposited On:08 Jul 2019 12:45
Last Modified:08 Jul 2019 12:45
All items in Spectrum are protected by copyright, with all rights reserved. The use of items is governed by Spectrum's terms of access.

Repository Staff Only: item control page

Downloads per month over past year

Research related to the current document (at the CORE website)
- Research related to the current document (at the CORE website)
Back to top Back to top