Temporal based Network Packet Anomaly Detection using Machine Learning

Abstract

In the present computer networking scenario, due to increase in the amount of ubiquitous network usage with computers, mobile computing, sensing systems and IoT applications, there is a tendency for large-scale cyber-attacks to occur. With the enormous rise in cyber-attacks in today's world, it becomes imperative to monitor the network packet flow in order to identify attacks by intruders, which otherwise can lead to disruptions and losses in computing resources. These large dimensional and voluminous network packets have to be carefully examined and investigated for network anomalies, and will be a tedious and complicated task. Hence, to make this process simpler, a network anomaly detection model that considers the temporal variations in packet transmissions to identify the threats and to protect these networks against malicious activities is proposed. In this model, we propose a machine learning based anomaly detection system (ADS) that is capable of classifying malicious and benign traffic. At the same time, identifies the time varying patterns by using unsupervised learning that provides the patterns and hidden features in the captured packets. Kohonen's self-organizing map neural network (KSOM-NN) is used as an unsupervised learning method to classify the pre-processed packet features into clusters and thereafter the classification methods are used and verified with the labelled dataset. Similarly, a statistical analysis and a threshold value of packet loss, jitter, and other parameters for normal and anomalous packets are observed for further investigations. Above models were trained and tested with the UNSW-NB15 dataset. Totally the patterns are thoroughly analyzed for anomalies with the help of supervised and unsupervised machine learning algorithms. Improved performance with respect to anomaly detection rate and accuracy is observed.