There is increasing interest in the internet among people all over the world. Besides all the benefits of the internet, this creates a vulnerability surface for security. The increasing variety and speed of cyber-attacks have demonstrated that network systems cannot be secured solely by encryption or a firewall, and it has become necessary to monitor network traffic and detect attack attempts in real time. For this reason, a popular defense mechanism is intrusion detection systems. An intrusion detection system is a device or software program that monitors for malicious activity or policy breaches on a network. There are a variety of intrusion detection approaches, such as signature-based and anomaly-based detection, however, as new attacks develop faster, these methods are often inadequate, and most organizations today are increasingly focusing on machine learning-based detection. The most valuable part of those machine learning-based detection systems is the dataset used in those systems. Inaccurate labeling will have an impact on the performance of machine learning algorithms. Having a reliable labeled dataset for NIDS is always the biggest issue of machine learning-based systems. Our work is motivated by this constraint. This thesis aims to investigate a novel approach to labeling. Our goal is to propose a method which is called “Delta Labeling”. The delta method involves the usage of pairs of cloned machines. Using these machines, we aim to label only the flows that are truly malicious which we call "delta".

There is increasing interest in the internet among people all over the world. Besides all the benefits of the internet, this creates a vulnerability surface for security. The increasing variety and speed of cyber-attacks have demonstrated that network systems cannot be secured solely by encryption or a firewall, and it has become necessary to monitor network traffic and detect attack attempts in real time. For this reason, a popular defense mechanism is intrusion detection systems. An intrusion detection system is a device or software program that monitors for malicious activity or policy breaches on a network. There are a variety of intrusion detection approaches, such as signature-based and anomaly-based detection, however, as new attacks develop faster, these methods are often inadequate, and most organizations today are increasingly focusing on machine learning-based detection. The most valuable part of those machine learning-based detection systems is the dataset used in those systems. Inaccurate labeling will have an impact on the performance of machine learning algorithms. Having a reliable labeled dataset for NIDS is always the biggest issue of machine learning-based systems. Our work is motivated by this constraint. This thesis aims to investigate a novel approach to labeling. Our goal is to propose a method which is called “Delta Labeling”. The delta method involves the usage of pairs of cloned machines. Using these machines, we aim to label only the flows that are truly malicious which we call "delta".

Network Intrusion Control System Solutions Leveraging Machine Learning

BALIBEY, RECEP
2021/2022

Abstract

There is increasing interest in the internet among people all over the world. Besides all the benefits of the internet, this creates a vulnerability surface for security. The increasing variety and speed of cyber-attacks have demonstrated that network systems cannot be secured solely by encryption or a firewall, and it has become necessary to monitor network traffic and detect attack attempts in real time. For this reason, a popular defense mechanism is intrusion detection systems. An intrusion detection system is a device or software program that monitors for malicious activity or policy breaches on a network. There are a variety of intrusion detection approaches, such as signature-based and anomaly-based detection, however, as new attacks develop faster, these methods are often inadequate, and most organizations today are increasingly focusing on machine learning-based detection. The most valuable part of those machine learning-based detection systems is the dataset used in those systems. Inaccurate labeling will have an impact on the performance of machine learning algorithms. Having a reliable labeled dataset for NIDS is always the biggest issue of machine learning-based systems. Our work is motivated by this constraint. This thesis aims to investigate a novel approach to labeling. Our goal is to propose a method which is called “Delta Labeling”. The delta method involves the usage of pairs of cloned machines. Using these machines, we aim to label only the flows that are truly malicious which we call "delta".
2021
Network Intrusion Control System Solutions Leveraging Machine Learning
There is increasing interest in the internet among people all over the world. Besides all the benefits of the internet, this creates a vulnerability surface for security. The increasing variety and speed of cyber-attacks have demonstrated that network systems cannot be secured solely by encryption or a firewall, and it has become necessary to monitor network traffic and detect attack attempts in real time. For this reason, a popular defense mechanism is intrusion detection systems. An intrusion detection system is a device or software program that monitors for malicious activity or policy breaches on a network. There are a variety of intrusion detection approaches, such as signature-based and anomaly-based detection, however, as new attacks develop faster, these methods are often inadequate, and most organizations today are increasingly focusing on machine learning-based detection. The most valuable part of those machine learning-based detection systems is the dataset used in those systems. Inaccurate labeling will have an impact on the performance of machine learning algorithms. Having a reliable labeled dataset for NIDS is always the biggest issue of machine learning-based systems. Our work is motivated by this constraint. This thesis aims to investigate a novel approach to labeling. Our goal is to propose a method which is called “Delta Labeling”. The delta method involves the usage of pairs of cloned machines. Using these machines, we aim to label only the flows that are truly malicious which we call "delta".
NetworkIntrusion
MachineLearning
MalwareDetection
File in questo prodotto:
File Dimensione Formato  
Balibey_Recep.pdf

accesso riservato

Dimensione 2.01 MB
Formato Adobe PDF
2.01 MB Adobe PDF

The text of this website © Università degli studi di Padova. Full Text are published under a non-exclusive license. Metadata are under a CC0 License

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/20.500.12608/35243