Anomaly Detection on Flows and Incoming Packets with Gaussian Mixtures

Abstract

Firewalls are key for maintaining a secure network, but it cannot be assumed that network traffic that manages to get through one is completely safe. Anomaly detection refers to methods that can be used to discover unique or uncommon occurrences within a particular dataset. Unsupervised machine learning techniques involve machine learning with unlabeled data, and can be utilized in order to perform anomaly detection by ingesting a given set of data and finding instances that diverge from the rest in meaningful ways that may not be obvious to the human eye. In this study we aim to analyze anomalies that are detected in incoming packet and flow network traffic data that successfully passed through a firewall and determine what significance there may be within such anomalies. Considering the vast amount of malicious traffic that exists and gets generated regularly, this study shows that Gaussian Mixtures can be used for discovery of anomalies within network traffic that passed through a firewall to discover potential undesirable or malicious traffic.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Mar 01, 2023
Accession Number
AD1212944

Entities

People

  • Tarun Menon

Organizations

  • Naval Postgraduate School

Tags

DTIC Thesaurus Topics

  • Anomaly Detection
  • Artificial Intelligence Software
  • Change Detection
  • Computer Languages
  • Computer Network Security
  • Detection
  • Information Operations
  • Information Science
  • Information Systems
  • Intrusion Detection
  • Intrusion Detection Systems
  • Intrusion Detectors
  • Machine Learning
  • Middle East
  • Network Science
  • Supervised Machine Learning
  • Unsupervised Machine Learning

Fields of Study

  • Computer science

Readers

  • Computer Networking
  • Computer Vision.
  • Theoretical Analysis.

Technology Areas

  • AI & ML
  • AI & ML - Neural Networks