Anomaly Detection for Cybersecurity Network Traffic Data

Anomaly Detection for Cybersecurity Network Traffic Data

Objective

The client wanted to design a network intrusion detection system for monitoring the network traffic flow to identify attacks. The intrusion system was designed to detect out the anomaly-based patterns. The solution provided was well equipped to availability, authority, confidentiality and integrity rules in the form of minimum viable product.

Approach

  • Exploration of the related dataset with million records and studying network data features comprehensiveness.
  • Conducting traffic analysis based on statistical transformations and designing out the architectural framework required for the system.
  • Simulating the system to extract useful features based on the bytes, time and content with additional matched features.
  • Labelling out the different types of attacks to configure the matched transaction records.
  • Designing appropriate decision engine approaches and evaluating the competencies to figure out the best one.

Benefits

  • It helped to figure out the appropriate benchmark datasets required for identifying the synthetic attack types that are anomalous to the network.
  • The exploration helped for designing forensic mechanism for botnets activities in devices connected to networks.
  • It helped to detect the fake domain requests received by the network by exploring the classification of the attack types.

Results

  • The analysis helped to identify anomalous attack groups by 5% more than the previous traditional way of attack classifiers.
  • It paved way to surpass the bottlenecks of signature-based systems with fixed attacks which created problem for the client to understand other possibilities.
  • The analysis was given a shape of a minimum viable product that could serve the purpose of analyzing the network data as a generalized framework.