IEEE Access (Jan 2024)
SSOLV: Real-Time AI/ML-Based Cybersecurity via Statistical Analysis
Abstract
The next generation architectures of computer networks and systems and commercial technologies such as Big Data, Decentralized Storage, and 6G require novel approaches to prevent cybersecurity breaches which can negatively affect organizations, operations, and individual customers and stakeholders. In this proposal, we present an approach for identifying transformed features via statistical analysis which can be used in Artificial Intelligence (AI) and machine learning (ML) based systems. We also present a deep learning framework, Small Set of Linearized Variables (SSOLV), for training neural networks based on labeled Zeek datasets containing both malicious and benign activity in real or near-real time. In addition, we present a mechanism for transfer learning using domain adaptation techniques to adapt neural networks trained on one labeled Zeek dataset to another neural network trained on a different labeled Zeek dataset. This research uses a combination of 3 techniques commonly used in network traffic flow analysis: deep neural networks, linear regression, and ANOVA. Our results show that we can classify malicious activity with up to 97-99% accuracy in select cases and high precision (>95%) and recall (>90%) rate. This framework demonstrates a mechanism that stand-alone systems disconnected from larger networks can use to recognize adversarial activity in real time and is transferrable to other stand-alone systems. This work is patent pending under U.S. Patent App. Ser. No. 18/121,716 “Linearized Real-Time Network Intrusion Detection System” and U.S. Patent App. Ser. No. 17/900,982 “Real-Time Network Intrusion Detection System.”
Keywords