Citation

Moore KL, Bihl TJ, Bauer KW, Dube TE. J. Def. Model. Simul. Appl. Methodol. Technol. 2017; 14(3): 217-231.

Copyright

(Copyright © 2017, Society for Modeling and Simulation International, Publisher SAGE Publishing)

DOI

10.1177/1548512916664032

PMID

unavailable

Abstract

Cyber networks frequently encounter amounts of network traffic too large to process real-time threat detection efficiently. This research examines combined classification and feature selection using the artificial neural network (ANN) for cyber network threat detection. Examined network traffic data was from the 2003-2007 and 2009 Department of Defense Cyber Defense Exercises (CDXs). Firstly, a feature extraction process is developed using Fullstats to extract 248 features from the CDX dataset. Security Onion is used to determine class labels (cyber attack and severity of attack). Various threat detection scenarios are considered in analyzing the data: threats versus no-threats, severity of threats (low, medium, and high) for known threats, and complete (no-threat, low, medium, and high). ANN signal-to-noise ratio feature selection was used to remove non-salient features and determine an appropriate level of dimensionality for classifying cyber attack and normal operating conditions. Considering the set of 248 features from the CDX data, consistent classification accuracy of 83-97% (testing/training sets) and 63-88% (validation sets) is seen until 18 features. Thus, a 90% data reduction is shown to be possible with negligible reduction in performance with additional insight into the source (Transmission Control Protocol/Internet Protocol or Open Systems Interconnection layer) of salient features.

Language: en