Thesis Details

Improvement of Adversarial Classification in Behavioral Analysis of Network Traffic Intended for Targeted Attack Detection

Master's Thesis Student: Sedlo Ondřej Academic Year: 2019/2020 Supervisor: Homoliak Ivan, Ing., Ph.D.
Czech title
Vylepšení Adversariální Klasifikace v Behaviorální Analýze Síťové Komunikace Určené pro Detekci Cílených Útoků
Language
English
Abstract

In this work, we study ways to improve the performance of network intrusion detectors. In detail, we focus on behavioral analysis, which uses data extracted from individual network connections. Such data is used by the described framework for obfuscation of targeted network attacks that exploit a set of contemporary vulnerable services. We select vulnerable services by scraping the National Vulnerability Database of NIST while limiting the search for years 2018 and 2019. As a result, we create a novel dataset that consists of direct and obfuscated attacks executed on selected vulnerable services as well as their legitimate traffic counterparts. We evaluate the dataset using a few classification techniques, and we demonstrate the importance of training these classifiers using obfuscated attacks in order to prevent evasion of the classifiers (i.e., false negatives). Finally, we perform the cross dataset evaluation using the state-of-the-art ASNM-NPBO dataset and our dataset. The results indicate the importance of retraining the classifiers with the novel vulnerabilities while still preserving a high detection performance of attacks on older vulnerabilities.

Keywords

IDS, adversarial classification, behavioral network traffic analysis, classification intrusion detection system, NPBO, ASNM

Department
Department of Intelligent Systems FIT BUT
Degree Programme
Information Technology, Field of Study Information Technology Security
Files
Status
defended, grade A
Date
14 July 2020
Reviewer
Malinka Kamil, Mgr., Ph.D.
Committee
Drahanský Martin, prof. Ing., Dipl.-Ing., Ph.D. (DITS FIT BUT), předseda
Grégr Matěj, Ing., Ph.D. (DIFS FIT BUT), člen
Holík Lukáš, doc. Mgr., Ph.D. (DITS FIT BUT), člen
Kořenek Jan, doc. Ing., Ph.D. (DCSY FIT BUT), člen
Malinka Kamil, Mgr., Ph.D. (DITS FIT BUT), člen
Polčák Libor, Ing., Ph.D. (DIFS FIT BUT), člen
Citation
SEDLO, Ondřej. Improvement of Adversarial Classification in Behavioral Analysis of Network Traffic Intended for Targeted Attack Detection. Brno, 2020. Master's Thesis. Brno University of Technology, Faculty of Information Technology. 2020-07-14. Supervised by Homoliak Ivan. Available from: https://www.fit.vut.cz/study/thesis/22643/
BibTeX 
@mastersthesis{FITMT22643,
    author = "Ond\v{r}ej Sedlo",
    type = "Master's thesis",
    title = "Improvement of Adversarial Classification in Behavioral Analysis of Network Traffic Intended for Targeted Attack Detection",
    school = "Brno University of Technology, Faculty of Information Technology",
    year = 2020,
    location = "Brno, CZ",
    language = "english",
    url = "https://www.fit.vut.cz/study/thesis/22643/"
}

Theses

Back to top