Machine learning enhanced network security
Date
2020
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
University of Delaware
Abstract
The coupling of machine learning with subject matter expertise is increasingly essential to enable the rapid detection of sophisticated attacks occurring at machine speed. Moreover, these sophisticated attacks are increasingly using encryption of their network traffic to hide malicious activities. Consequently, the increased reliance on machine learning techniques for the early detection of attacks results in a new attack surface. When used in security applications, this increases the attack surface of the protected system. Therefore, mitigation of this new attack surface requires an understanding of the vulnerabilities introduced when used in network security classifiers. As an example of these vulnerabilities, machine learning systems are susceptible to attacks known as Adversarial Machine Learning (AML), which perturb the inputs. Thus, a defender must also consider incorporating defenses for AML. ☐ We propose a new network security classifier using machine learning to detect malicious communications within encrypted network traffic. This innovative network security classifier is the coupling of traffic analysis methods and machine learning methods such as multinomial naïve bayes (MNB), support vector machine (SVM), and convolutional neural network (CNN). We evaluate all three machine learning algorithms for effectiveness in detecting malware communications within encrypted network communications. Subsequently, we observed the SVM network security classifier achieved an F1-score (geometric mean of recall and precision) of 0.9993 and surpassed the performance of the CNN. ☐ Additionally, we offer a model and a practical, novel AML attack against a network security classifier. We also present the attack types, constraints, and adversarial knowledge within a network security context. Consequently, we introduce a model and architecture to defend against an AML attack. We also evaluate a novel defense for AML in network security. Lastly, we discuss future work in machine learning enhanced network security.
Description
Keywords
Adversarial machine learning, Cyber security, Machine learning, Network security