Cybersecurity is essential, and attacks are rapidly growing and getting more challenging to detect. The traditional Firewall and Intrusion Detection system, even though it is widely used and recommended but it fails to detect new attacks, zero-day attacks, and traffic patterns that do not match with any configured rules. Therefore, Machine Learning (ML) can be an efficient and cost-reduced solution in cybersecurity. We used Netflow datasets to extract features after applying data analysis. Then, a selection process has been applied to compare these features with one another. Our experiments focus on how efficient machine learning algorithms can detect Bot traffic, Malware traffic, and background traffic. We managed to get 0.903 precision value from a dataset that has 6.5% Bot flows, 1.57% Normal flows, 0.18% Command&Control (C&C) flows, and 91.7% background flows, from 2,753,884 total flows. The results show low false-negative with few false-positive detections.
翻译:网络安全至关重要,而且攻击正在迅速增长,而且越来越难以探测。传统的防火墙和入侵探测系统尽管得到广泛使用和建议,但未能发现与任何配置规则不匹配的新攻击、零天攻击和交通模式。因此,机器学习(ML)可以成为网络安全的一个高效且成本降低的解决方案。我们在应用数据分析后,利用网络流数据集提取特征。然后,应用了一个选择程序来比较这些特征。我们的实验重点是高效的机器学习算法如何探测博特流量、马拉瓦尔流量和背景流量。我们设法从一个数据集中获得了0.903的精确值,该数据集的流量为6.5%的博特流量、1.57%的正常流量、0.18%的指挥和控制(C&C)流量和91.7%的背景流量,分别来自2 753 884个总流量。结果显示,低的虚假负值与少的虚假检测结果。