Share Email Print

Proceedings Paper

Application of graph-based semi-supervised learning for development of cyber COP and network intrusion detection
Author(s): Georgiy Levchuk; John Colonna-Romano; Mohammed Eslami
Format Member Price Non-Member Price
PDF $17.00 $21.00

Paper Abstract

The United States increasingly relies on cyber-physical systems to conduct military and commercial operations. Attacks on these systems have increased dramatically around the globe. The attackers constantly change their methods, making state-of-the-art commercial and military intrusion detection systems ineffective. In this paper, we present a model to identify functional behavior of network devices from netflow traces. Our model includes two innovations. First, we define novel features for a host IP using detection of application graph patterns in IP’s host graph constructed from 5-min aggregated packet flows. Second, we present the first application, to the best of our knowledge, of Graph Semi-Supervised Learning (GSSL) to the space of IP behavior classification. Using a cyber-attack dataset collected from NetFlow packet traces, we show that GSSL trained with only 20% of the data achieves higher attack detection rates than Support Vector Machines (SVM) and Naïve Bayes (NB) classifiers trained with 80% of data points. We also show how to improve detection quality by filtering out web browsing data, and conclude with discussion of future research directions.

Paper Details

Date Published: 19 May 2017
PDF: 16 pages
Proc. SPIE 10206, Disruptive Technologies in Sensors and Sensor Systems, 102060D (19 May 2017); doi: 10.1117/12.2263543
Show Author Affiliations
Georgiy Levchuk, Aptima, Inc. (United States)
John Colonna-Romano, Aptima, Inc. (United States)
Mohammed Eslami, Netrias, LLC (United States)

Published in SPIE Proceedings Vol. 10206:
Disruptive Technologies in Sensors and Sensor Systems
Russell D. Hall; Misty Blowers; Jonathan Williams, Editor(s)

© SPIE. Terms of Use
Back to Top
Sign in to read the full article
Create a free SPIE account to get access to
premium articles and original research
Forgot your username?