Share Email Print

Proceedings Paper

Application of graph-based semi-supervised learning for development of cyber COP and network intrusion detection
Author(s): Georgiy Levchuk; John Colonna-Romano; Mohammed Eslami
Format Member Price Non-Member Price
PDF $14.40 $18.00
cover GOOD NEWS! Your organization subscribes to the SPIE Digital Library. You may be able to download this paper for free. Check Access

Paper Abstract

The United States increasingly relies on cyber-physical systems to conduct military and commercial operations. Attacks on these systems have increased dramatically around the globe. The attackers constantly change their methods, making state-of-the-art commercial and military intrusion detection systems ineffective. In this paper, we present a model to identify functional behavior of network devices from netflow traces. Our model includes two innovations. First, we define novel features for a host IP using detection of application graph patterns in IP’s host graph constructed from 5-min aggregated packet flows. Second, we present the first application, to the best of our knowledge, of Graph Semi-Supervised Learning (GSSL) to the space of IP behavior classification. Using a cyber-attack dataset collected from NetFlow packet traces, we show that GSSL trained with only 20% of the data achieves higher attack detection rates than Support Vector Machines (SVM) and Naïve Bayes (NB) classifiers trained with 80% of data points. We also show how to improve detection quality by filtering out web browsing data, and conclude with discussion of future research directions.

Paper Details

Date Published: 19 May 2017
PDF: 16 pages
Proc. SPIE 10206, Disruptive Technologies in Sensors and Sensor Systems, 102060D (19 May 2017); doi: 10.1117/12.2263543
Show Author Affiliations
Georgiy Levchuk, Aptima, Inc. (United States)
John Colonna-Romano, Aptima, Inc. (United States)
Mohammed Eslami, Netrias, LLC (United States)

Published in SPIE Proceedings Vol. 10206:
Disruptive Technologies in Sensors and Sensor Systems
Russell D. Hall; Misty Blowers; Jonathan Williams, Editor(s)

© SPIE. Terms of Use
Back to Top